Jump to content

Recommended Posts

Hi,

In a form I am adding "1278|Toyname" as a value in a drop down. This way if they select a certain toy, I can have the ID and the toy name they are referring too.

 

I would like to post this info in my contact form and I would like to separate via the | (Pipe) and store the id "1278" in a field called id and "Toyname" in a field named toy when the form is posted. I know I have to use the explode function to seperate but I dont even know where to begin.

 

Thank you in advance,

Bill

Well, you should begin by not doing this. You should only pass the ID. Doing it the way you propose can cause data consistency issues. You can always determine the meta data (e.g. the name) by using the ID. Not knowing the specifics of how your contact form is used, I can't give you a qualified solution.

 

If your contact form is sending an email and you want the toy name in the content of that email, then the page that receives the value from the form should do a query to look up the toy name. However, if the contact form is used to create a record/message in your database where there will be an associated "toy" then you should store the toy ID as a value associated with that record. Then when a user views that record you could dynamically retrieve the toy name.

 

 

To expand on why you should not do this, here is just one example:

 

Let's say the contact for is for a user to send an email to a support rep about a particular toy. Plus, let's further assume that toy names will not change often (if at all). Then the only way the ID and Name could be incorrectly passed would be:

 

1) If there is a code error that incorrectly sets the value for the select options (which could easily happen if the names have certain characters and aren't correctly handled).

2. The user "hacks" the form to send different data than what you intended. Never trust data that a user submits (POST, GET, COOKIE, etc.). Don't assume that because you created a select list that the user necessarily submitted a value from that list. It is very easy to submit any values you wish, regardless of what is in the form,.

Thank you for the reply and concerns.

However, it is not generating an email and I have server side validation installed.

 

If you are familiar with Form Tools API (formtools.org) that is what I am using.

 

Doing a search, I have seen that this is how it should be handled. Exploding the two values based on the separator.

 

 

Well, you should begin by not doing this. You should only pass the ID. Doing it the way you propose can cause data consistency issues. You can always determine the meta data (e.g. the name) by using the ID. Not knowing the specifics of how your contact form is used, I can't give you a qualified solution.

 

If your contact form is sending an email and you want the toy name in the content of that email, then the page that receives the value from the form should do a query to look up the toy name. However, if the contact form is used to create a record/message in your database where there will be an associated "toy" then you should store the toy ID as a value associated with that record. Then when a user views that record you could dynamically retrieve the toy name.

 

 

To expand on why you should not do this, here is just one example:

 

Let's say the contact for is for a user to send an email to a support rep about a particular toy. Plus, let's further assume that toy names will not change often (if at all). Then the only way the ID and Name could be incorrectly passed would be:

 

1) If there is a code error that incorrectly sets the value for the select options (which could easily happen if the names have certain characters and aren't correctly handled).

2. The user "hacks" the form to send different data than what you intended. Never trust data that a user submits (POST, GET, COOKIE, etc.). Don't assume that because you created a select list that the user necessarily submitted a value from that list. It is very easy to submit any values you wish, regardless of what is in the form,.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.