Jump to content

Explode on buttons, is it safe?

NoobLaPHP

By NoobLaPHP
in PHP Coding Help

Recommended Posts

NoobLaPHP Newbie

NoobLaPHP

Posted
Posted 
$liked = explode(":", $_POST[submit]);

if($liked[0] == "like"){

//Select from database where id is $liked[1]

}

<input type="image" src="images/arrowup.gif" name="submit" value="like:<? echo $right->id; ?>"/>

 

Ok, so i have made a forum and i have a like function running on the comments of a post. I needed to find a way when the image was clicked it updated the database. So i experimented and came up with the solution above having it explode the value of the button to read if it was press and get the id. It works perfectly but i just want to be convinced it is safe.

Link to comment
https://forums.phpfreaks.com/topic/287827-explode-on-buttons-is-it-safe/
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

I don't understand. Why is there a ':' in the submitted value? I am assuming that the image is sending the data via an AJAX request rather than the image being a submit button. So, why not have the data sent as a single name/value pair with the name being something more obvious such as 'like'?

 

 

if(isset($_POST['like']))
{
    $likedID = intval($_POST['like']);
}
NoobLaPHP Newbie

NoobLaPHP

Posted
  • Author
Posted

it is a trivial thing to change the value of an input field, regardless of what type it is. You need to make sure that $liked[1] contains an expected value, same as any other value coming from a request.

It requires both items to be filled. If either is empty it shows nothing

 

if($liked[0] == "like"){

if(!$liked[1]){

//Do nothing

}else{

 

//Select from database where id is $liked[1]

}

}

NoobLaPHP Newbie

NoobLaPHP

Posted
  • Author
Posted

 

I don't understand. Why is there a ':' in the submitted value? I am assuming that the image is sending the data via an AJAX request rather than the image being a submit button. So, why not have the data sent as a single name/value pair with the name being something more obvious such as 'like'?

if(isset($_POST['like']))
{
    $likedID = intval($_POST['like']);
}

I don't fully understand ajax, i'm still learning all this. I have done it using php. The value gets the like part and also the id for the post to like so it will be like like:387

 

if the php reads the like, it then reads the id where it updates the database

 

 

 

$replyid = mysql_real_escape_string(addslashes(strip_tags($liked[1])));

 

mysql_query("UPDATE replies SET likes='...' WHERE id='$replyid'");

 

etc, any help is good. It helps learn

Psycho Prolific Member

Psycho

Posted
Posted

OK, I see you are submitting the page. But, again, why not make the name something more representative of what it actually is? If you need multiple 'likes' on the same page, make the name an array:

 

 

<input type="image" src="images/arrowup.gif" name="like[]" value="<? echo $right->id; ?>"/>

 

 

if(isset($_POST['like']))
{
    //User submitted one or more likes
    foreach($_POST['like'] as $likeID)
    {
        //Perform whatever operations you want based upon the ids passes
        $likeID = intval($likeID);
    }
}

 

Based upon how you would use it, the code should only ever receive a single value. But, since you would need an array to set it up, it's best to allow the code to process multiple if needed.

NoobLaPHP Newbie

NoobLaPHP

Posted
  • Author
Posted

OK, I see you are submitting the page. But, again, why not make the name something more representative of what it actually is? If you need multiple 'likes' on the same page, make the name an array:

<input type="image" src="images/arrowup.gif" name="like[]" value="<? echo $right->id; ?>"/>
if(isset($_POST['like']))
{
    //User submitted one or more likes
    foreach($_POST['like'] as $likeID)
    {
        //Perform whatever operations you want based upon the ids passes
        $likeID = intval($likeID);
    }
}

Based upon how you would use it, the code should only ever receive a single value. But, since you would need an array to set it up, it's best to allow the code to process multiple if needed.

It's sending the id through as 32. 71. 10 Not sure what i've done or haven't done. All i did was fill in the blanks

NoobLaPHP Newbie

NoobLaPHP

Posted
  • Author
Posted

OK, I see you are submitting the page. But, again, why not make the name something more representative of what it actually is? If you need multiple 'likes' on the same page, make the name an array:

<input type="image" src="images/arrowup.gif" name="like[]" value="<? echo $right->id; ?>"/>
if(isset($_POST['like']))
{
    //User submitted one or more likes
    foreach($_POST['like'] as $likeID)
    {
        //Perform whatever operations you want based upon the ids passes
        $likeID = intval($likeID);
    }
}

Based upon how you would use it, the code should only ever receive a single value. But, since you would need an array to set it up, it's best to allow the code to process multiple if needed.

You sir, are awesome! after a few tweaks, i managed to fix it and get it working as it should. Thank you.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.