Jump to content


Photo

Simple Question about HTML PHP_SELF and Forms


  • Please log in to reply
2 replies to this topic

#1 PHPNovice99

PHPNovice99
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 27 June 2006 - 09:21 AM

Real beginners question here, I have spent some time and produced my first working PHP ecommerce trial site.

Looking for some confimation/advice.

My main problem has been lacking in understanding in the way the server side and client / html interact.

After some hours I now appreciate that I can only get data between the client and server using HTML forms and with a submit button (correct?)

My design did not take this into account and I designed my pages with links out to PHP scripts to perform specific server side functions required - add to basket... review basket... checkout (generate order file on flat file structure) these all handle sessions corectly and functionally everything "works". but to work arround the fact that the server side scripts do not reload the page I have used a veriety of javascript to force page reloading after executing the php ..... its all got a bit messy .........

Now I have a slightly better idea of how PHP works I need to re-write this

I would like to avoid complex solutions using say AJAX - as a novice just one new coding stucture is enough for now....

What areas of PHP should I use..... PHP_SELF looks like a mechanism that I should be using to cause page reload.

Are there any other general pointers you would give to an absolutue novice?

Any help greatly apprcieated - and thanks in advance....






#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 27 June 2006 - 10:18 AM

You dont have to use forms to send data to the server/PHP. You can use hyperlinks and/or forms to send GET data, but only a form for POST data, for example when you want to send GET data you can use hyperlinks:
<?php

if(isset($_GET['say']))
{
    echo "You have sent the following: <i>" . $_GET['say'] . "</i><br />";
}

?>
Say: <a href="?say=how are you">How are you</a> | <a href="?say=I'm fine!">I'm fine!</a> | <a href="?say=No need for forms!">No need for forms</a>
Click each link and you'll get a message. Notice how the url changes evey time you click a link. The text after the ? is called a query string.

You should only send data over the url for non-sensitive data, such as sending an id of a product to a PHP script which retrieves all the info for that product. Never send say a persons password over the url use sessions or POST method on the form etc.

PHP_SELF is a predifined variable which gets the full path to the current working file/directory. You can use PHP_SELF as a shortcut for not having to type in the path of the file manually, you'll probably see this used on forms.

The number one fundermental rule you should follow when dealing with user input is validate user input! Never trust what a user inputs into a form field. If you dont validate user input and you using raw POST'd data into an sql query then a malicous user can perform SQL Injection attacks, whcih could be used to currupt your database, get user/customer details etc.

Theres a few for now, I would expect others will add their two cents in too.

#3 PHPNovice99

PHPNovice99
  • New Members
  • Pip
  • Newbie
  • 2 posts

Posted 27 June 2006 - 01:26 PM

Thanks so much for that, the sample code was excellent (simple) to understand I translated it into code that , it is so much more straight forward for what I need to do. I had written one page for each of 5 products that I had to add to a shopping basket, this turned into a single php section, which includes all the file i/o which is much easier to maintain in the one place.

Thanks very much again.

[!--quoteo(post=388436:date=Jun 27 2006, 11:18 AM:name=wildteen88)--][div class=\'quotetop\']QUOTE(wildteen88 @ Jun 27 2006, 11:18 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
You dont have to use forms to send data to the server/PHP. You can use hyperlinks and/or forms to send GET data, but only a form for POST data, for example when you want to send GET data you can use hyperlinks:
<?php

if(isset($_GET['say']))
{
    echo "You have sent the following: <i>" . $_GET['say'] . "</i><br />";
}

?>
Say: <a href="?say=how are you">How are you</a> | <a href="?say=I'm fine!">I'm fine!</a> | <a href="?say=No need for forms!">No need for forms</a>
Click each link and you'll get a message. Notice how the url changes evey time you click a link. The text after the ? is called a query string.

You should only send data over the url for non-sensitive data, such as sending an id of a product to a PHP script which retrieves all the info for that product. Never send say a persons password over the url use sessions or POST method on the form etc.

PHP_SELF is a predifined variable which gets the full path to the current working file/directory. You can use PHP_SELF as a shortcut for not having to type in the path of the file manually, you'll probably see this used on forms.

The number one fundermental rule you should follow when dealing with user input is validate user input! Never trust what a user inputs into a form field. If you dont validate user input and you using raw POST'd data into an sql query then a malicous user can perform SQL Injection attacks, whcih could be used to currupt your database, get user/customer details etc.

Theres a few for now, I would expect others will add their two cents in too.
[/quote]





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users