TomTees
-
Posts
187 -
Joined
-
Last visited
Never
Posts posted by TomTees
-
-
It would be in the page that receives the information from your form, so the page the form submits to.
The page where your form is wouldn't have any of the posted data, unless it was also posted to from another page.
So there is no data in the $_POST array until after you click "submit" and that data is sent over in the HTML header to the other page and so it can't be accessed from the originating page, right?
TomTees
-
echo '<pre>'; print_r($_POST); echo '</pre>';
Do I put that in the page with my HTML form, or can it be in the "action" page that appears after the form is submitted?
TomTees
-
Is there an easy way to dump out the contents of a $_POST array and display them on my screen?
(I'm trying to get more comfortable with what is stored in the $_POST array and how it is structured.)
Thanks,
TomTees
-
What is the purpose of using an Interface in OOP?
I understand the textbook definition, but am not getting the extra value that they provide...
TomTees
-
have a look at this PDF;
http://php.net/manual/en/function.mysql-real-escape-string.php...
mysql_real_escape_string() is a good function to start with
Problem is that A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned.
I just want a way to clean data in general.
No one said I was going to use GET or POST data in a database or specifically in a MySQL database.
TomTees
-
Not a complete list, but I would start with the following.
Stop directory traversal.Stop MySQL comments.Stop B64 encoded.Remove null characters (to stop sandwiching between ascii characters).Validate standard ascii/UTF 16 characters (make sure there is a semi colon).Decode URLs.Make sure there are no tabs and/or spaces between words like j a v a s c r i p t, vb script, etc.Make xml/php tags safe, by converting to html entities.Remove any disallowed javascript (esp. if they are in links), as well as javascript event handlers.Remove naughty HTML elements (or change to html entities).Remove naughty PHP function calls (like eval).
Got any code to go along with that long list?!
Or maybe some links or tutorials of how to code for those things?
Of course you could put some checks in there for the proper data.Such as strlen, numeric only, alpha numeric, or alpha only.
Maybe I missed this before, but I was under the impression that data-types were stripped off by HTTP?
So, how effective is magic quotes at handling the things you mentioned above?
TomTees
-
It depends how that data will be used, really.
Well, that's sorta my question...
Are there some common "best practices" that you would always want to do regardless of the data, data-types, or how the data is used and put into a "utility class"?
I'm just not very well versed in the kinds of nefarious things people can do with the GET and POST arrays...
TomTees
-
I'm new to OOP and trying to write tiny classes to get practice.
The next class I want to create will be used to clean HTTP data from when a form gets submitted.
I'm embarrassed to say, but I'm scratching my head trying to figure out what types of things I should do as far as "sterilizing" POST and GET data?!
Can someone get me started here?
Thanks,
TomTees
-
Okay, so I want to take a stab at my first PHP class.
Here is what I want it to do, but I'm not sure where to begin?!
I have an HTML form in my index.php file, and when the user clicks "Register", I'd like to have registration.php which will contain the class Registration take what was entered in the form and print it out on the user's screen.
This is an academic example, but it will get my feet wet!
So, some questions...
1.) If registration.php is basically my Registration class, then where do I "instantiate" the class to create a "registration object"?
2.) How do I pass what was entered into the form to my registration class?
Can you pass arguments to a class while you are instantiating it?
Or do I instantiate the class, and then pass values to the object?
Or do I let the object somehow get the values?
3.) I assume if I make it this far, then I can display the values by just having echo statements in the class/object, maybe as a method?
Thanks,
TomTees
-
P.S. I think where I am getting hung up is that examples people posted online and from my dusty PHP book, because they just echo what you submitted in the form on the same page?!
The context of my original question is to get understand how you pass data entered into an HTML form on the user's computer to a PHP page (i.e. class) on a webserver and then pass that data to another PHP pgae (i.e. another class) on the webserver...
This whole Internet thing and how data is passed from user to server is still kinda foreign to me.
TomTees
-
Hey TomTees, I see you are still on this
Yep, I'm still in "dumb" mode this weekend!!
Checkout here, it may help you understand a little more.Link: http://bytes.com/topic/php/insights/664241-using-html-forms-pass-data-php
Regards, Paul.
Thanks, but I have some questions...
(Sorry for being so obtuse, I'm so damn tired of spending weeks reading books only to forget what I read because I never have enough time to implement what I just learned. I need to take a more "ask then do" approach until I get some momentum going...)
1.) So when you submit data from an HTML form, it is stored in an array called GET or POST depending on what you specified in form?
2.) And the GET or POST array is a "global" variable? (Sounds scary and insecure upfront?!)
3.) And what pages can see these global arrays?
4.) When you submit the HTML form, the data is sent in the URL with GET, right?
5.) When you submit the HTML form, the data is secretly with POST, right? Where is it again exactly?
6.) Data is sent to the "action" page you designated?
7.) So data is sent to the "action" page, or you are just routed there or what?
8.) If I was on some other non-action page, could I see what is in GET or POST? (If so, what stops people from hi-jacking your data off the Internet?!)
9.) Can I assigned data to variables first in my HTML form, or must they be in the GET/POST arrays before they are submitted?
10.) Can my php code in the "action" page just echo what is in the GET/POST arrays?
11.) Can I assign values in the GET/POST arrays to a variable in my local "action" page?
12.) How do I avoid that ugly "undefined variable error" that I didn't understand last night?
Hope I don't get yelled at for all of these questions, but I am trying to *learn* how all this jazz works again, and it is related all to my original post. Also, this is uch quicker than reading 3-4 chapters in my dusty PHP books!)
What I wouldn't give to be 20 again with a more elastic brain that learns quicker and retains better?!
Thanks,
TomTees
-
Would someone please help me understand how data is sent from an HTML form to the server?
If I have a simple HTML form that appears on someone's computer, how is the data sent to the server that PHP is on?
TomTees
-
Why does it cause an error?
It causes an error because the $_POST['firstname'] does not exist unless a form is actually POST-ed.
So if the $_POST['firstname'] then the variable $FName is not set, so it will throw an error.
I thought you didn't have to define variables in PHP before you used them?
And how is data passed from index.php to registration.php??
In your case the data is passed using the form you have created in index.php
When a visitor or member or whatever posts that form, the data from the form will be passed to the registration.php file for you to use how you wish.
But I mean is it how is the data in an HTML form physically transferred to another php page?
TomTees
-
In the file index.php you have...
<?php $FName = $_POST["firstname"]; ?>
This is never set as the form is posting to the registration.php, so you will always get an error.
Why does it cause an error?
And how is data passed from index.php to registration.php??
Try adding the following to registration.php after the <body> tag...<?PHP if($_POST['btnSubmit']) { $FName = $_POST["firstname"]; } ?>Why can't you just print $_POST["firstname"] straight up?
TomTees
-
If you post the code where you get this error then we can assist you easier
Regards, Paul.
Oh, okay.
Here you go...
index.php
<?php $FName = $_POST["firstname"]; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>User Registration Form</title> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <link rel="stylesheet" type="text/css" href="registration.css"> </head> <body> <h1>User Registration Form</h1> <form method="post" action="registration.php"> <!-- Registration Fields --> <div> <label for="email">E-mail:</label> <input type="text" name="email" class="txt" id="email" /> </div> <div> <label for="email2">Re-enter E-mail:</label> <input type="text" name="email2" class="txt" id="email2" /> </div> <div> <label for="password1">Password:</label> <input type="password" name="password1" class="txt" id="password1" /> </div> <div> <label for="password2">Re-enter Password:</label> <input type="password" name="password2" class="txt" id="password2" /> </div> <div> <label for="firstname">First Name:</label> <input type="text" name="firstname" class="txt" id="firstname" /> </div> <div> <label for="lastname">Last Name:</label> <input type="text" name="lastname" class="txt" id="lastname" /> </div> <!-- Submit button --> <div> <input type="submit" name="btnSubmit" value="Register" class="btn" id="btnSubmit" /> </div> </form> </body> </html>
registration.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>TITLE</title> <link type="text/css" rel="stylesheet" href="PathToStyleSheet.css"> </head> <body> <p> <?php echo "First Name: " . $FName; ?> </p> </body> </html>
TomTees
-
What causes this error??
Notice: Undefined index: firstname in /Users/user1/Documents/DEV/htdocs/index.php on line 2TomTees
-
$user = new User(); $data = array('first_name'=>$_POST['first_name'], 'last_name'=>$_POST['last_name'], 'email'=>$_POST['email'], 'password'=>md5($_POST['password'])); $user->data = $data; //set the 'data' property $user->save(); //save the new user to the databaseCan you store the data in separate variables or must it be an array?
As User being part of the domain, and models being free of storing and presenting themselves, the correct approach would be:$user = new User($data); $userRepo->save($user);
What are "models"?
What is a "$userRepo"?
$isLoggedIn = $user->login($_POST['email'], $_POST['password']); if(!$isLoggedIn) { /*do something*/ } else { /*do something*/}The same applies here, a User is not responsible for authentication:
$authService = new AuthService(); if($authService->logon($user)) {If I understand you, I too wanted to make "Registration" and "Authentication" as behaviors/services/processes that were separate classes, but that interact with the User class.
TomTees
-
*Sorry, been out-of-state for the past week and just trying to get caught up on my OP.*
This, right here. Zandstra's book is a great introduction to the subject.
I have heard this and would like to read this book, but for right now want to focus on my specific issue.
Regarding your registration class, you have some questions to answer:1. Do you need an instance of this class, or can it be static (no constructor, with all functionality handled by static methods)?
Good question.
2. What will the registration class return when someone is registered, if anything? IMO, it makes sense to return a User object whose 'loggedIn' field is set to true so you can pass it around via sessions, thereby turning your registration class into a factory. Just a thought.Well, the process would go like this...
- User completes registration form
- System verifies required fields are completed
- System verifies emails match
- System verifies passwords match
- System verifies email is valid
- System verifies password is valid
- System verifies email is unique
- System creates User record
- System notifies User account was created
- System requires User to log in
I was thinking "Authentication" could be a separate class...
3. What else needs to happen during the registration process? Extra logging? Error handling? You may be well served by utilizing the Observer pattern here.I don't follow you?
Another reason I wanted to make "Registration" a class is that it then be extended. For an e-commerce site, I've been advised by others to "make it quick and simple before people leave", but for something like "Forum Registration", I would like to add extra things like...
- System creates User record
- System notifies User account was created
- System requires User to activate account
- System sends "Activation email" to User
- User clicks on "activation link"
- System receives incoming "activation email"
- System activates account
- System instructs User to log in
TomTees
-
Eh, a Registration class could be useful if you need to do things above and beyond simply obtaining form info and stuffing it in a database. Things like logging, counting registrations, and creating end user objects that interact with the site.
To the OP: you should really sit down and plan your site. Adding a class 'just because' isn't beneficial, and isn't really a good way to learn as you'll simply wind up writing procedural code wrapped in a class. The power of OOP comes from objects interacting with one another.
I'm not sure I follow...
I have done A LOT of planning. However I'm new to OOA/OOD/OOP and need help with the OO part.
I sketched out how the main parts of the website should look and I have written Use-Cases for the main parts as well. I also have created an ERD for the backend.
The whole thing I'm stuck on is figuring out what are good Classes so I can do OOP.
And I do NOT want to write procedural code wrapped in Classes.
So if you can help I'd appreciate it!
TomTees
-
php oop is worthless for this type of thing, php classes for this type of precedure is basically to make this code includeable into multiple files..
php oop is GOOD for creating multiple instances and have them independant of the other instances..
for this purpose classes aren't going to give you an "oop" feel, it will give you a function feel with a nifty wrapper..
So how would you recommend I approach things so I do get a real "OOP feel"??
TomTees
-
This is related to my post http://www.phpfreaks.com/forums/index.php/topic,307907.msg1455208.html#msg1455208
I have never programmed using OOP, and I am unsure where to start.
All of the tutorials and books I have read use stupid examples that don't seem to help you "in the real world"?!
So I want to write my first bit of PHP OOP to register Customers for my website.
I think having a "Registration" class makes sense, but I'm not sure how to tie that to my website.
If I write an HTML webpage and on it I have a Form where users can enter registration info, then how do I tie that "static" and/or "procedural" code to my OOP?
I was thinking of having it so that when a user clicks the "Register" button that I call a PHP file that has my Registration class and I first instantiate it so that the user has his/her own "Registration object".
From there, maybe I could call a method in Registration that actually registers the user. (Or maybe I can just do that during instantiation?!)
Can someone help me out here?
TomTees
-
Thanks Nightslyr and mjdamato for your responses.
I think I'm going to unfortunatelt go break down and re-buy the book I have on HTML and CSS in storage. (I'm a book guy and it looks like I need to sit down and re-read all of this stuff again to start sounding intelligent. UGH!)
So maybe after I get these super basic questions down better, I can pick up with getting help on tying my web pages to back-end classes that do processing.
To be continued...
TomTees
-
So I don't need a "PHP Header" like you need to define an HTML block?
And for my simple registration form, I guess most if not all of my file will be HTML?
Is it a sin if you had 100% HTML in a file called MyFile.php?
(I was just taught in the past to make all your files ".php" for consistency...)
TomTees
-
To be honest, I'm not sure what you're asking.
Sorry.
Okay, I know that you can put PHP inside of HTML.
I am wondering if you can completely wrap HTML inside of you PHP?
It just seems weird to me to have a ".php" file and yet it is PHP inside of HTML.
I dunno.
Am I making any more sense?
TomTees
How to see what is in $_POST array?
in PHP Coding Help
Posted
When I put in the code you suggested, I got this...
Array
(
[firstname] =>
[btnSubmit] => Register
)
Is it that simple?
Does the $_POST array simply how the name of each form control (i.e. Key) and the value that you type in (i.e. value)?
Could it ever contain something else?
TomTees