Adamhumbug Posted February 28 Share Posted February 28 I have a form that allows a user to populate the fields and add the data to the database. I am wanting to use the same code to edit the same information later. Imagine this code: ... $formName = $data['name']; $resp=" <div class='col-12'> <label for='formName'>Form Name</label> <input id='formName' type='text' class='form-control' name='formName' value='$formName'> </div> "; ... if i remove the $formName from the value the form is created perfectly but in order to populate it when there is already data and i am looking to edit, i need to have the variable in there. I understand that the variable is not set, as in this case there is no data for it to be set to but i have tried things like: $formName = $data['formName'] ?? ""; but i am still getting the undefined message. Is there a proper way to deal with this? Quote Link to comment https://forums.phpfreaks.com/topic/318515-preventing-undefined-variable-notice/ Share on other sites More sharing options...
Barand Posted February 28 Share Posted February 28 Do you have php v8? Quote Link to comment https://forums.phpfreaks.com/topic/318515-preventing-undefined-variable-notice/#findComment-1616665 Share on other sites More sharing options...
mac_gyver Posted February 28 Share Posted February 28 you also need to repopulate the value (selected options, checked checkbox/radio fields) in the case of adding/creating/inserting new data when there are user/validation errors, so that the user doesn't need to keep reentering data over and over. you also need to apply htmlentities() to the value to help prevent cross site scripting. if you switch from echoing mostly static html to just echoing the dynamic value, you would end up with something that looks like this - <div class='col-12'> <label>Form Name <input type='text' class='form-control' name='formName' value='<?=htmlentities($data['formName']??'',ENT_QUOTES)?>'></label> </div> also, stop copying variables to other variables (just use the original variable that data is in) and you can eliminate the for='' and corresponding id='' attributes if you put the closing </label> tag after the field it corresponds with. Quote Link to comment https://forums.phpfreaks.com/topic/318515-preventing-undefined-variable-notice/#findComment-1616667 Share on other sites More sharing options...
Adamhumbug Posted February 28 Author Share Posted February 28 18 hours ago, Barand said: Do you have php v8? Yes 8.2 Quote Link to comment https://forums.phpfreaks.com/topic/318515-preventing-undefined-variable-notice/#findComment-1616710 Share on other sites More sharing options...
Adamhumbug Posted February 28 Author Share Posted February 28 17 hours ago, mac_gyver said: you also need to repopulate the value (selected options, checked checkbox/radio fields) in the case of adding/creating/inserting new data when there are user/validation errors, so that the user doesn't need to keep reentering data over and over. you also need to apply htmlentities() to the value to help prevent cross site scripting. if you switch from echoing mostly static html to just echoing the dynamic value, you would end up with something that looks like this - <div class='col-12'> <label>Form Name <input type='text' class='form-control' name='formName' value='<?=htmlentities($data['formName']??'',ENT_QUOTES)?>'></label> </div> also, stop copying variables to other variables (just use the original variable that data is in) and you can eliminate the for='' and corresponding id='' attributes if you put the closing </label> tag after the field it corresponds with. htmlentities() - should i have done this everytime i set a value with php? I have never done this - lots to change if this is the case. Quote Link to comment https://forums.phpfreaks.com/topic/318515-preventing-undefined-variable-notice/#findComment-1616711 Share on other sites More sharing options...
Adamhumbug Posted February 28 Author Share Posted February 28 18 hours ago, mac_gyver said: you also need to repopulate the value (selected options, checked checkbox/radio fields) in the case of adding/creating/inserting new data when there are user/validation errors, so that the user doesn't need to keep reentering data over and over. you also need to apply htmlentities() to the value to help prevent cross site scripting. if you switch from echoing mostly static html to just echoing the dynamic value, you would end up with something that looks like this - <div class='col-12'> <label>Form Name <input type='text' class='form-control' name='formName' value='<?=htmlentities($data['formName']??'',ENT_QUOTES)?>'></label> </div> also, stop copying variables to other variables (just use the original variable that data is in) and you can eliminate the for='' and corresponding id='' attributes if you put the closing </label> tag after the field it corresponds with. If i go this way - do i not need a function for each value that just pulls that specific value that is being called. Will that not become a bit overkill if i have a massive form that ends up needing many individual queries to pull each value one by one? Quote Link to comment https://forums.phpfreaks.com/topic/318515-preventing-undefined-variable-notice/#findComment-1616713 Share on other sites More sharing options...
mac_gyver Posted February 28 Share Posted February 28 2 hours ago, Adamhumbug said: htmlentities() - should i have done this everytime i set a value with php? yes, for any dynamic value that is output in a html context (web page, email), if it could contain html entities (html, css, javascript.) here's a story about SMF (Simple Machines Forum) software. their programmers didn't apply htmlentities() to some user profile data when it was output on a web page. when administrators viewed the profiles of user's who had their posts reported in the 'administrator' area on the site, javascript in the data was executed, performing any action that the administrator is capable of, and was promoting the bad users to be administrators. SMF sent out an emergency email to everyone who had ever registered on their site to immediately update the SMF software to close this security hole. 2 hours ago, Adamhumbug said: If i go this way - do i not need a function for each value that just pulls that specific value that is being called. no. didn't you just ask that in a thread? where is your $data array coming from? arrays are for sets of data, where you will operate on every member in the set in the same/similar way. by keeping data as an array, you can operate on the data using php array functions - https://www.php.net/manual/en/ref.array.php the submitted form data is a set, originally in the $_POST array. you should trim the data in it, mainly so that you can detect if any value is all white-space characters, before validating it. since the trimmed data has a different meaning from the original and since you should leave the original data as is, in case you need it, you should put the trimmed data in a different array variable, such as $data. because it is a set, you can operate on it using php array functions. to trim all the data at once: $data = array_map('trim',$_POST). the existing data you are going to edit is also a set. when you fetch it, keep it in an array variable, such as $data, which is what everyone reading this thread assumed you are doing with the $data array you have shown in this code. user/validation errors are also a set of data. your validation logic should add user/validation errors to an array using the form field name as the array index. you can then test if there are or are not any errors, simply by testing if the array holding the errors is !empty(...) or is empty(...). you can output the error messages all at once, either by imploding the array or looping over it. you can output the error messages individually, such as placing them next to the correspond form field, by referencing the array index, which is the form field name. keeping these sets of data as arrays will allow you to use a data-driven design to dynamically validate and process the data, and dynamically produce the form. the example i showed is functionally what template engines do. you have an array of data and a template with tags in it corresponding to the array indexes. when you tell the template engine to render the template, it replaces the tags with the same name elements from the array of data, applying htmlentities() to each value (there's a special tag syntax to override this if you must use the raw data.) Quote Link to comment https://forums.phpfreaks.com/topic/318515-preventing-undefined-variable-notice/#findComment-1616718 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.