turpentyne Posted March 12, 2012 Share Posted March 12, 2012 Simple one, I think. I just want to know if this is how I would do this code. on page one a javascript toggles between two divs depending on the option made in a select box. Div one is a radio button valued "dc resident" and the other is a text box where they enter some text. Then on page two, whichever one is entered becomes the variable to insert to my database. if (isset($_POST['how1']){$how1 = mysql_escape_string($_POST['how1']);} elseif (isset($_POST['resident']){$how1 = mysql_escape_string($_POST['resident']); }; I think it's right, but something in my gut tells me its not, or that maybe there's a simpler way to do this? Quote Link to comment https://forums.phpfreaks.com/topic/258745-ifelse-statement-syntax/ Share on other sites More sharing options...
xyph Posted March 12, 2012 Share Posted March 12, 2012 That seems okay. You may want to check that the values aren't empty either. Keep in mind, a tricky user may submit both. In your case, it will just default to $_POST['how1']. This may be something you want to check for though, as a user may accidentally submit both values as well, and if they were expecting the second one to go through, things wouldn't process as they expect. Quote Link to comment https://forums.phpfreaks.com/topic/258745-ifelse-statement-syntax/#findComment-1326438 Share on other sites More sharing options...
Muddy_Funster Posted March 12, 2012 Share Posted March 12, 2012 no semicolon after your last curly brace, but other than that syntax looks ok. Normaly I'd say you don't need a mysql_real_escape_string on a radiobutton input, but as your using JS you're as well keeping it in. Quote Link to comment https://forums.phpfreaks.com/topic/258745-ifelse-statement-syntax/#findComment-1326441 Share on other sites More sharing options...
RussellReal Posted March 12, 2012 Share Posted March 12, 2012 If you are just hiding and displaying these inputs, then they both will come through the request... So basically to be safe, you'd want a hidden input that is javascript toggled named residentTrue, if you are to do it this way.. there could be other ways to do this, however, if you don't have a certain value telling you which was used, technically speaking there could be an instance where both fields are filled out, and then, you can't use this to dependably rely on.. so I mean, with alot more thinking I'm sure you could figure it out, but I'd advise on a simple hidden flag which is true or false, that you can use that to compare Quote Link to comment https://forums.phpfreaks.com/topic/258745-ifelse-statement-syntax/#findComment-1326442 Share on other sites More sharing options...
xyph Posted March 12, 2012 Share Posted March 12, 2012 Normaly I'd say you don't need a mysql_real_escape_string on a radiobutton input, but as your using JS you're as well keeping it in. Bad advice. PHP has no idea which type of element submits any given value. A malicious user could easily rig their own form containing a text field with the same name as the radio button. ALWAYS SANITIZE DATA COMING FROM OUTSIDE OF YOUR SCRIPT Quote Link to comment https://forums.phpfreaks.com/topic/258745-ifelse-statement-syntax/#findComment-1326445 Share on other sites More sharing options...
turpentyne Posted March 12, 2012 Author Share Posted March 12, 2012 I've gotten to this, if I did it right. (changed to session instead of regular variable) I'm confused on one thing though. I was worried about what Russelreal said, but not sure how to take only one in the php code below? Or does it essentially take just one? if ((isset($_POST['how1'])) && (!empty($_POST['how1'])) ){$_SESSION['s_how1'] = mysql_escape_string($_POST['how1']);} elseif ((isset($_POST['resident']) && (!empty($_POST['resident'])) ){$_SESSION['s_how1'] = mysql_escape_string($_POST['resident']); } else {$_SESSION['s_how1'] = "0"} EDIT: correction, I wasn't reading what Russelreal said right. But don't want to edit the above, since people have probably read it by now. Quote Link to comment https://forums.phpfreaks.com/topic/258745-ifelse-statement-syntax/#findComment-1326454 Share on other sites More sharing options...
turpentyne Posted March 12, 2012 Author Share Posted March 12, 2012 Wait.. could I do it like this, on the server side? Doing what Russelreal said, but using the original select field, $_POST['hear'] , value to make sure I only take one, in case both options were actually picked? Maybe I'm just getting myself confused or overkilling the script? if ((isset($_POST['how1'])) && (!empty($_POST['how1'])) && (($_POST['hear']) == "dcranch") ){$_SESSION['s_how1'] = mysql_escape_string($_POST['how1']);} elseif ((isset($_POST['resident']) && (!empty($_POST['resident'])) && (($_POST['hear']) !== "dcranch") ){$_SESSION['s_how1'] = mysql_escape_string($_POST['resident']); } else {$_SESSION['s_how1'] = "0"}; Quote Link to comment https://forums.phpfreaks.com/topic/258745-ifelse-statement-syntax/#findComment-1326456 Share on other sites More sharing options...
xyph Posted March 12, 2012 Share Posted March 12, 2012 Here's a working example of why what you're doing is wrong, and a possible solution to your problem. There are many alternate ways to do that same thing though, I picked one of the more simple ones <script type="text/javascript"> function toggleElements() { var div1 = document.getElementById('div1'); var div2 = document.getElementById('div2'); if( div1.style.display == 'none' ) { div1.style.display = 'block'; div2.style.display = 'none'; } else { div1.style.display = 'none'; div2.style.display = 'block'; } } function toggleForms() { var form1 = document.getElementById('form1'); var form2 = document.getElementById('form2'); if( form1.style.display == 'none' ) { form1.style.display = 'block'; form2.style.display = 'none'; } else { form1.style.display = 'none'; form2.style.display = 'block'; } } </script> <?php echo '<pre>'; print_r( $_POST ); echo '</pre>'; ?> <div id="badForm"> <h2>What you're doing</h2> <p><a href="#" onclick="toggleElements();">Toggle Elements</a></p> <form method="post" action=""> <div id="div1"><input type="text" name="textElement" value="default"></div> <div id="div2" style="display:none;"><input type="radio" name="radioElement" value="one" checked="checked"> One<br> <input type="radio" name="radioElement" value="two"> Two </div> <input type="submit"> </form> </div> <div id="goodForm"> <h2>What you could do to fix</h2> <p><a href="#" onclick="toggleForms();">Toggle Forms</a></p> <form id="form1" method="post" action=""> <input type="text" name="textElement" value="default"><br> <input type="submit"> </form> <form id="form2" method="post" action="" style="display:none;"> <input type="radio" name="radioElement" value="one" checked="checked"> One<br> <input type="radio" name="radioElement" value="two"> Two<br> <input type="submit"> </form> </div> Quote Link to comment https://forums.phpfreaks.com/topic/258745-ifelse-statement-syntax/#findComment-1326466 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.