Jump to content
ajoo

correct way to detect a POST submit for multiple submits on a page

Recommended Posts

Hi,

I have been detecting POST submits as below

if(isset($_POST['someindex']) && $_POST['someindex']==="somevalue"){ .. }

which I know should be replaced by

if($_SERVER['REQUEST_METHOD']=== "POST"){ ... }

So I changed it in entirety in my project and on testing found that there are conflicts.  Now  my main file has a slider with a login and logoff button. and then when the user is logged in it includes the user page, which in turn keeps including other pages . So if there are many buttons on those pages, it can result in a conflict as I found out.

I wish to confirm that to avoid the conflicts is the following the right way to go about it. I would like to say that while the index may be the same, the values for each are unique.

if($_SERVER['REQUEST_METHOD']=== "POST" && if(isset($_POST['someindex']) && $_POST['someindex']==="somevalue")){ ... }

Thanks all !

 

Edited by ajoo

Share this post


Link to post
Share on other sites

The first method is better, even required, if you need to test whether a button was pressed. The second method only tells you if a form was submitted.

But you should have the login/logoff form pointing to a dedicated page to handle the action.

Share this post


Link to post
Share on other sites

Hi requinix, ?

Thanks for the reply though I am none the wiser ! ?

Most of the time I click a button, a form is also being submitted. So what do i do in that case ?

Another thing that you mentioned is that the login and logoff form pointing to a dedicated page. In my case, it's handled on the same page. The logoff simply brings the user back to the login page and login includes the restricted page into the main page. Any issues with that especially concerning security.

So now there are these 2 questions !!? ?

Thank you !

Edited by ajoo
Incomplete reply

Share this post


Link to post
Share on other sites

This is very simple. Here is how to handle multiple forms on the same page.

 

<?php

if ($_SERVER['REQUEST_METHOD'] === "POST") {

    if (isset($_POST['form1'])) {
        echo 'Form 1 Submitted';
    }

    if (isset($_POST['form2'])) {
        echo 'Form 2 Submitted';
    }

}
?>
<form method="post">
<input type="hidden" name="form1">
<input type="submit" value="Form 1">
</form>

<form method="post">
<input type="hidden" name="form2">
<input type="submit" value="Form 2">
</form>

 

  • Great Answer 1

Share this post


Link to post
Share on other sites

Hi Benanamen,

Thanks for the reply. Ya that does seem easy. Yet the problem remains in my case. I'll try my best to explain it.

The main page handles the login and logoff. So there is a  block of code

if ($_SERVER['REQUEST_METHOD'] === "POST") { ... }

which handles these two cases. If the user logs in he accesses the restricted page which is included in the main page. This page also has a few buttons and also it's own block

if ($_SERVER['REQUEST_METHOD'] === "POST") {...}

to handle the submits of this included page. Now because there are two similar blocks in scope, the first block intercepts the request which is meant for the 2nd block and gives an unknown index error.

Hence I thought that maybe I needed to use the "AND" to filter it down to the second block.

This, thus is the dilemma !! I hope you can tell me a way out.

Thanks loads !

 

Edited by ajoo

Share this post


Link to post
Share on other sites

And my and benanamen's posts should give you the answer to that.

Share this post


Link to post
Share on other sites

OR if you use the same named hidden field for all the forms, 'action' for example, each with a unique value, you can eliminate any isset() tests for that field since it will be set if the request method is post.

Edited by mac_gyver
  • Like 2

Share this post


Link to post
Share on other sites

Not sure what the others are telling you but to give you and idea of how it COULD be done....

In the case where you might be using a SINGLE form you can have multiple 'submit' input tags all having the same name= attribute.  I personally use 'btn' all the time.  Then your script would check for the REQUEST_METHOD of POST and if found, you can then check what the value of $_POST['btn'] is which would tell you what the user wants the form/script to do for him this time.

I think this should give you enough to think on

  • Thanks 1

Share this post


Link to post
Share on other sites

If we're still going at this,

<button> has a handy property where its value is separate from what it displays to the user. Consider

<button type="submit" name="action" value="login">Login</button>
<button type="submit" name="action" value="logout">Logout</button>

 

Share this post


Link to post
Share on other sites

Hi to all my respected fellow coders and gurus who have taken time to respond,

My code echos an error because there are two exactly same blocks as below in it "included" from different pages. one is the from the home page which has the login / logoff slider bar, header.  This itself is quite wrong unless I am highly mistaken.

Main Page :

if ($_SERVER['REQUEST_METHOD'] === "POST"){

    if(isset($_POST['submit']) && $_POST['submit'] ="login"){ ... }
    
    if(isset($_POST['submit']) && $_POST['submit'] ="logoff"){ ... }

}

 

and menu the 2nd comes from the page "included" in the display area.

Display Page:

if ($_SERVER['REQUEST_METHOD'] === "POST"){

    if(isset($_POST['submit']) && $_POST['submit'] ="activate"){ ... }

}

 

As i could see from the error and by invoking var_dumps on the results, the $_POST[''submit'],  submit from the "included" code in the page display area is intercepted by the code in the first block that deals with login and logoff.

Because it does not find the type "activate" of the button associated with type = "submit" in that block , it throws an error. If the code could just fell through the first code block and reached the 2nd block (fictional of course  since it cannot happen like that) the error would not occur. But of-course that is wrong in the first place.  

I am still missing out something from the discussion above, as i probably am, i am really sorry and request you to please explain just once again.

Thanks all !

 

Share this post


Link to post
Share on other sites

OP, how about telling us what the real problem is instead of asking about your attempted solution to the real problem. What is the problem you are trying to solve with all these submits in the same page?

Share this post


Link to post
Share on other sites

Your inner if statements are incorrect.  You're using = (assignment) when you should be using == (compare).  As a result, all of your if branches should be getting followed.

 

Share this post


Link to post
Share on other sites

Hi !

@Benanaman  The problem that I wish to solve is to get the submits to find the correct block and avoid interception by the wrong block.

@ Kicken. Correct. I made that mistake here. It's perfect in the actual code though.

Thanks.

 

Share this post


Link to post
Share on other sites

Hi all !

Thanks for all the responses. I think that which was suggested by you all is correct and the problem lies in a bit of complication in my code and the manner in which $_POST and $_SESSION have been used in the if else blocks to get the current and session values. I will fix that, hopefully soon, and then check / test the code again and revert if the problem still remains.

Thanks loads !

Share this post


Link to post
Share on other sites
9 hours ago, ajoo said:

Because it does not find the type "activate" of the button associated with type = "submit" in that block , it throws an error.

What is the exact error message you are seeing?

 

5 hours ago, ajoo said:

@ Kicken. Correct. I made that mistake here. It's perfect in the actual code though.

It might help if you post the actual code block you're working with.

Share this post


Link to post
Share on other sites
3 hours ago, cyberRobot said:

It might help if you post the actual code block you're working with.

I was just going to say the same thing. By the way, you still described your attempted solution to the real problem. Think on a higher level, meaning, what is the overall task at hand. We know you have multiple forms on one page. Why? Tell us about that.

Share this post


Link to post
Share on other sites

Hi all,

Grateful for all the responses. I have managed to solve the issue as far as I could test.

Quote

It might help if you post the actual code block you're working with.

 Find attached the code below that I had to jiggle with to get the correct order for the logic to work. The complexity arose because of the session values that need to come in a certain order for the logic to work.

<?php

	if(isset($_POST['cn_no'])) 
	{
			if(($cn_no = fcheckNumber($_POST['cn_no'])) !== false){
				$_SESSION['f_error'] = "Center No = ".$cn_no;
			}	
			else $_SESSION['f_error'] = "Center Error";
	} else $cn_no = $_SESSION['cn_no'];

	
////////////// Stream DropDown ///////////////	
	if(isset($_POST['ddStream'])) 
	{
		if(($dd_Stream = fcheckStream($_POST['ddStream']))===false)
		{
			$dd_Stream = false;
			$_SESSION['f_error'] = "invalid Stream1";
		}
		elseif($dd_Stream ==='All') 
		{
			$_SESSION['ddStream'] = $dd_Stream;
			$pp = "(userstatus.Stream = ? || userstatus.Stream = ?)";
			$strTypes = 'issi';
			$mm = 'Regular';
			$nn = 'Beginners';	
			$values = array($cn_no,$mm,$nn);
		} 
		else		// $dd_Stream === 'Regular' || $dd_Stream === 'Beginners'
		{
				$_SESSION['ddStream'] = $dd_Stream;
			$pp = "userstatus.Stream = ?";
			$strTypes = 'isi';
			$mm = $dd_Stream;
			$values = array($cn_no,$mm);
			// echo $pp;
		}
	} 
	elseif(isset($_SESSION['ddStream'])) 
	{
		if(($_SESSION['ddStream'])==='All') 
		{
			$pp = "(userstatus.Stream = ? || userstatus.Stream = ?)";
			$strTypes = 'issi';
			$mm = 'Regular';
			$nn = 'Beginners';	
			$values = array($cn_no,$mm,$nn);
		}
		elseif($_SESSION['ddStream'] === 'Regular' || $_SESSION['ddStream'] === 'Beginners')
		{
			// echo"A1";
			$dd_Stream = $_SESSION['ddStream'];
			$pp = "userstatus.Stream = ?";
			$strTypes = 'isi';
			$mm = $dd_Stream;
			$values = array($cn_no,$mm);
		}	
		else
		{
			$dd_Stream = false;
			$_SESSION['f_error'] = "Invalid Stream2";		
		}
	}
	else 
	{
		$pp = "(userstatus.Stream = ? || userstatus.Stream = ?)";		
		$strTypes = 'issi';
		$mm = 'Regular';
		$nn = 'Beginners';	
		$values = array($cn_no,$mm,$nn);
	}

	
	if(isset($_POST['ddrank'])) 
	{
		if($_POST['ddrank']==='All') $dd_rank = 'All';
		else $dd_rank = fcheckNumber($_POST['ddrank']); 	

		if($dd_rank===false){$dd_rank=false; $f_error = "rank Error";}

		if($dd_rank && $dd_rank==='All') 
		{
			$_SESSION['ddrank']=$dd_rank;
			$qq = 'userstatus.rank <= ?';
			$ll = 14;
			array_push($values,$ll);
		}
		else
		{
			$_SESSION['ddrank']=$dd_rank;
			$qq = "userstatus.rank = ?";
			$ll = $dd_rank;
			array_push($values,$ll);
		}	
	}
	elseif(isset($_SESSION['ddrank']))
	{
		if(($_SESSION['ddrank'])==='All')
		{
			$qq = 'userstatus.rank <= ?';
			$ll = 14;
			array_push($values,$ll);
		}	
		else
		{
			$dd_rank = $_SESSION['ddrank'];
			$qq = "userstatus.rank = ?";
			$ll = $dd_rank;
			array_push($values,$ll);
		}										
	}
	else
	{
		$qq = 'userstatus.rank <= ?';
		$ll = 14;
		array_push($values,$ll);
	}
	
	.
	.
	.
?>

By the way I do have CSRF token checking in place in case someone should point that out. I removed that since with a common post block it would be much simpler.  Thank you all very much. Much obliged.

@ Benanamen: The overall task is to take values of two drop downs. One is sent via post and the other is from a session, the previous value, and using these 2, execute a query and display the results. For ex. in my program, it allows a choice of a stream ( like a subject) and the grade or rank of the user and based on these 2 it creates a query and displays the results.

The block structure you gave was absolutely correct. The sessions and their placement in the overall code was the problem.

Thanks again !

 

Edited by ajoo
incomplete

Share this post


Link to post
Share on other sites

Better explanation of the task.

Do you actually have two separate forms or do you have one form with two dropdowns? It sounds like it is the latter. Have you been calling each dropdown a form? It looks like your logic is all over the place. Its going to take a few good minds here to sort through it.

Share this post


Link to post
Share on other sites

Hi Benanamen !!

Thanks again for the reply.  Right so I call the drop downs a form because their selection causes a submit and both are actually enclosed in <form> tags. So yes they are the forms. Of-course I can choose only one at a time and so only one would be submitted.

I put the code for all of you to see. I have managed to sort it out though. It's working great now.  I did club the posts together under $_SERVER['method_request'] like you suggested. Yes the logic needed a little twisting though because it needs values from previous session as well.

Thanks a ton for pursuing this with me.

Regards to all !

 

Edited by ajoo

Share this post


Link to post
Share on other sites

Your latest posted code seems to have several flaws in it.  It can't possibly be running - is it?

Where is $cn_no defined/assigned/created?

Where is $dd_stream defined/assigned/created?

Where is $_SESSION['cn_no'] etc, etc, etc?

Where is $_SESSION['dd_stream'] etc, etc, etc?

 

Share this post


Link to post
Share on other sites

hi Ginerjim,

Thanks for your interest in this. Sorry for the delay in reply since I saw it just now.

OK so these are as follows:

The cn__no represents a center is a session variable defined on user login.

dd_Stream is the value of the dropdown box that is sent as a post variable when it is selected.   once selected, it is also assigned to the Session variable $_SESSION['dd_Stream']. If next time around, if rank dropdown is chosen and submitted, the last value of dd_Stream will be held in the session variable and will be used as such, the rank value is now sent as a post variable.  Together these two variable are needed and are fed to a query to generate the results to be displayed.

The first time around, on the home page, there are default values for these two variables that are used to invoke the query and display the results.

Yes the code now works just fine.  I hope that clears it. In case you want any further clarification, i'll be glad to provide.

Thanks loads !

 

 

 

 

 

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.