Jump to content

Archived

This topic is now archived and is closed to further replies.

PHPNovice99

Simple Question about HTML PHP_SELF and Forms

Recommended Posts

Real beginners question here, I have spent some time and produced my first working PHP ecommerce trial site.

Looking for some confimation/advice.

My main problem has been lacking in understanding in the way the server side and client / html interact.

After some hours I now appreciate that I can only get data between the client and server using HTML forms and with a submit button (correct?)

My design did not take this into account and I designed my pages with links out to PHP scripts to perform specific server side functions required - add to basket... review basket... checkout (generate order file on flat file structure) these all handle sessions corectly and functionally everything "works". but to work arround the fact that the server side scripts do not reload the page I have used a veriety of javascript to force page reloading after executing the php ..... its all got a bit messy .........

Now I have a slightly better idea of how PHP works I need to re-write this

I would like to avoid complex solutions using say AJAX - as a novice just one new coding stucture is enough for now....

What areas of PHP should I use..... PHP_SELF looks like a mechanism that I should be using to cause page reload.

Are there any other general pointers you would give to an absolutue novice?

Any help greatly apprcieated - and thanks in advance....




Share this post


Link to post
Share on other sites
You dont have to use forms to send data to the server/PHP. You can use hyperlinks and/or forms to send GET data, but only a form for POST data, for example when you want to send GET data you can use hyperlinks:
[code]<?php

if(isset($_GET['say']))
{
    echo "You have sent the following: <i>" . $_GET['say'] . "</i><br />";
}

?>
Say: <a href="?say=how are you">How are you</a> | <a href="?say=I'm fine!">I'm fine!</a> | <a href="?say=No need for forms!">No need for forms</a>[/code]
Click each link and you'll get a message. Notice how the url changes evey time you click a link. The text after the ? is called a [b]query string[/b].

You should only send data over the url for non-sensitive data, such as sending an id of a product to a PHP script which retrieves all the info for that product. Never send say a persons password over the url use sessions or POST method on the form etc.

PHP_SELF is a predifined variable which gets the full path to the current working file/directory. You can use PHP_SELF as a shortcut for not having to type in the path of the file manually, you'll probably see this used on forms.

The number one fundermental rule you should follow when dealing with user input is validate user input! Never trust what a user inputs into a form field. If you dont validate user input and you using raw POST'd data into an sql query then a malicous user can perform SQL Injection attacks, whcih could be used to currupt your database, get user/customer details etc.

Theres a few for now, I would expect others will add their two cents in too.

Share this post


Link to post
Share on other sites
Thanks so much for that, the sample code was excellent (simple) to understand I translated it into code that , it is so much more straight forward for what I need to do. I had written one page for each of 5 products that I had to add to a shopping basket, this turned into a single php section, which includes all the file i/o which is much easier to maintain in the one place.

Thanks very much again.

[!--quoteo(post=388436:date=Jun 27 2006, 11:18 AM:name=wildteen88)--][div class=\'quotetop\']QUOTE(wildteen88 @ Jun 27 2006, 11:18 AM) [snapback]388436[/snapback][/div][div class=\'quotemain\'][!--quotec--]
You dont have to use forms to send data to the server/PHP. You can use hyperlinks and/or forms to send GET data, but only a form for POST data, for example when you want to send GET data you can use hyperlinks:
[code]<?php

if(isset($_GET['say']))
{
    echo "You have sent the following: <i>" . $_GET['say'] . "</i><br />";
}

?>
Say: <a href="?say=how are you">How are you</a> | <a href="?say=I'm fine!">I'm fine!</a> | <a href="?say=No need for forms!">No need for forms</a>[/code]
Click each link and you'll get a message. Notice how the url changes evey time you click a link. The text after the ? is called a [b]query string[/b].

You should only send data over the url for non-sensitive data, such as sending an id of a product to a PHP script which retrieves all the info for that product. Never send say a persons password over the url use sessions or POST method on the form etc.

PHP_SELF is a predifined variable which gets the full path to the current working file/directory. You can use PHP_SELF as a shortcut for not having to type in the path of the file manually, you'll probably see this used on forms.

The number one fundermental rule you should follow when dealing with user input is validate user input! Never trust what a user inputs into a form field. If you dont validate user input and you using raw POST'd data into an sql query then a malicous user can perform SQL Injection attacks, whcih could be used to currupt your database, get user/customer details etc.

Theres a few for now, I would expect others will add their two cents in too.
[/quote]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.