| home / programming / php_forms / 1 |    [previous][next] |
|
|
|
magic_quotes is set to ”On”,
all data coming in from external sources, including
form data and cookies, gets special treatment. All quote
characters, ” and ‘, are escaped using the backslash
character (\).Therefore, if the user enters It‘s my life into a text field, the value found in $_GET or $_POST is
It\‘s my life.This was originally implemented to
avoid Structured Query Language (SQL) injection (see
Chapter 8,“Using XML,” for more details on that), but
is—especially for experienced programmers—very
annoying.The only thing that is even more annoying is
to remove these quotes manually for every form field.
The PHP function stripslashes() removes escape
backslashes from strings. However, this function can
only be called if “magic quotes” have been applied;
otherwise, it destroys backslashes that were added on
purpose.You can determine whether “magic quotes”
are active by calling the Boolean function get_magic_
quotes_gpc(). If this returns true, all slashes can be
removed. To make this as convenient as possible,
you can put this in a universal function called stripFormSlashes(). Using array_map(), all elements of an array are unslashed.
This file can then be included into all files that are processing form data and takes care of all “magic quotes” automatically.
When both the HTML form and the processing PHP
code are on the same page (something that is recommended
when it comes to prefilling forms), it is
important to find out whether a form is just called in
the browser (using GET) or if the form is submitted
(and the data must be processed).
You can take several different approaches to this task;
something that always works is assigning the Submit
button a name and then testing whether this name is
present when the form is submitted.
After the form has been submitted, the data must go somewhere, possibly in a database (see Chapter 8), in a file, or sent via email.When a website contains several similar forms (for example, forms that all require the user to provide his name and contact information), it is a good idea to save the data after the user fills it in. Because HTTP is a stateless protocol, you have to use cookies (see Chapter 6, “Using Files on the Server File System”)—sessions are useless because they expire when the user closes the browser.
Because user agents only have to save 20 cookies per domain, it’s a good idea to store the form information in one cookie, in the form of an array. However, only string values are allowed in cookies; this is why you have to serialize the array.The function shown in the listing at the beginning of this phrase writes the contents of the array provided as a parameter into the cookie.
The function getCookieData() returns the existing data
from the cookie (if available) and unserializes it into an
array.You will see the code in a later phrase.
The only thing left to do is to write the required form
data into this array.You can specifically submit only
certain values, or the complete array $_GET or $_POST, as
shown in the following code.
Figure 4.2 shows the resulting cookie.
| home / programming / php_forms / 1 | [previous][next] |
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | Shopping | E-mail Offers | Freelance Jobs 
Created: March 27, 2003
Revised: January 16, 2006
URL: http://webreference.com/programming/php_forms/1
