Jump to content

Recommended Posts

I have a form that allows a user to populate the fields and add the data to the database.

I am wanting to use the same code to edit the same information later.

Imagine this code:

...
$formName = $data['name'];
$resp="
<div class='col-12'>
  <label for='formName'>Form Name</label>
  <input id='formName' type='text' class='form-control' name='formName' value='$formName'>
</div>
";
...

if i remove the $formName from the value the form is created perfectly but in order to populate it when there is already data and i am looking to edit, i need to have the variable in there.

I understand that the variable is not set, as in this case there is no data for it to be set to but i have tried things like:

$formName = $data['formName'] ?? "";

but i am still getting the undefined message.

Is there a proper way to deal with this?

Link to comment
https://forums.phpfreaks.com/topic/318515-preventing-undefined-variable-notice/
Share on other sites

you also need to repopulate the value (selected options, checked checkbox/radio fields) in the case of adding/creating/inserting new data when there are user/validation errors, so that the user doesn't need to keep reentering data over and over. you also need to apply htmlentities() to the value to help prevent cross site scripting.

if you switch from echoing mostly static html to just echoing the dynamic value, you would end up with something that looks like this -

<div class='col-12'>
  <label>Form Name
  <input type='text' class='form-control' name='formName' value='<?=htmlentities($data['formName']??'',ENT_QUOTES)?>'></label>
</div>

also, stop copying variables to other variables (just use the original variable that data is in) and you can eliminate the for='' and corresponding id='' attributes if you put the closing </label> tag after the field it corresponds with.

17 hours ago, mac_gyver said:

you also need to repopulate the value (selected options, checked checkbox/radio fields) in the case of adding/creating/inserting new data when there are user/validation errors, so that the user doesn't need to keep reentering data over and over. you also need to apply htmlentities() to the value to help prevent cross site scripting.

if you switch from echoing mostly static html to just echoing the dynamic value, you would end up with something that looks like this -

<div class='col-12'>
  <label>Form Name
  <input type='text' class='form-control' name='formName' value='<?=htmlentities($data['formName']??'',ENT_QUOTES)?>'></label>
</div>

also, stop copying variables to other variables (just use the original variable that data is in) and you can eliminate the for='' and corresponding id='' attributes if you put the closing </label> tag after the field it corresponds with.

htmlentities() - should i have done this everytime i set a value with php?  I have never done this - lots to change if this is the case.

18 hours ago, mac_gyver said:

you also need to repopulate the value (selected options, checked checkbox/radio fields) in the case of adding/creating/inserting new data when there are user/validation errors, so that the user doesn't need to keep reentering data over and over. you also need to apply htmlentities() to the value to help prevent cross site scripting.

if you switch from echoing mostly static html to just echoing the dynamic value, you would end up with something that looks like this -

<div class='col-12'>
  <label>Form Name
  <input type='text' class='form-control' name='formName' value='<?=htmlentities($data['formName']??'',ENT_QUOTES)?>'></label>
</div>

also, stop copying variables to other variables (just use the original variable that data is in) and you can eliminate the for='' and corresponding id='' attributes if you put the closing </label> tag after the field it corresponds with.

If i go this way - do i not need a function for each value that just pulls that specific value that is being called.  Will that not become a bit overkill if i have a massive form that ends up needing many individual queries to pull each value one by one?

2 hours ago, Adamhumbug said:

htmlentities() - should i have done this everytime i set a value with php?

yes, for any dynamic value that is output in a html context (web page, email), if it could contain html entities (html, css, javascript.)

here's a story about SMF (Simple Machines Forum) software. their programmers didn't apply htmlentities() to some user profile data when it was output on a web page. when administrators viewed the profiles of user's who had their posts reported in the 'administrator' area on the site, javascript in the data was executed, performing any action that the administrator is capable of, and was promoting the bad users to be administrators. SMF sent out an emergency email to everyone who had ever registered on their site to immediately update the SMF software to close this security hole.

 

2 hours ago, Adamhumbug said:

If i go this way - do i not need a function for each value that just pulls that specific value that is being called.

no. didn't you just ask that in a thread? where is your $data array coming from?

arrays are for sets of data, where you will operate on every member in the set in the same/similar way. by keeping data as an array, you can operate on the data using php array functions - https://www.php.net/manual/en/ref.array.php

the submitted form data is a set, originally in the $_POST array. you should trim the data in it, mainly so that you can detect if any value is all white-space characters, before validating it. since the trimmed data has a different meaning from the original and since you should leave the original data as is, in case you need it, you should put the trimmed data in a different array variable, such as $data. because it is a set, you can operate on it using php array functions. to trim all the data at once: $data = array_map('trim',$_POST).

the existing data you are going to edit is also a set. when you fetch it, keep it in an array variable, such as $data, which is what everyone reading this thread assumed you are doing with the $data array you have shown in this code.

user/validation errors are also a set of data. your validation logic should add user/validation errors to an array using the form field name as the array index. you can then test if there are or are not any errors, simply by testing if the array holding the errors is !empty(...) or is empty(...). you can output the error messages all at once, either by imploding the array or looping over it. you can output the error messages individually, such as placing them next to the correspond form field, by referencing the array index, which is the form field name.

keeping these sets of data as arrays will allow you to use a data-driven design to dynamically validate and process the data, and dynamically produce the form.

the example i showed is functionally what template engines do. you have an array of data and a template with tags in it corresponding to the array indexes. when you tell the template engine to render the template, it replaces the tags with the same name elements from the array of data, applying htmlentities() to each value (there's a special tag syntax to override this if you must use the raw data.)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.