Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,381
    Thanks
    264
    Thanked 32 Times in 31 Posts

    registration 4 part file escape question

    Hi my registration has three parts which means that it passes input from page 1 to page 2 then to page three. The 4th part is the process.

    I ask because im having an issue with my text var value and i want to make sure this is not the problem.

    lets say i have text1 that is input on page one of the registration.

    i escape the post value.

    then that value is passed as hidden inputs (no display) to the other pages until it gets to the process page where it is processed.

    along the way i escape the post values as the data grows.

    in other words

    page one text1 i escape
    i pass that to page2 and escape the post.
    i pass that to page3 and escape the post.
    i pass that to page 4 and escape the post.

    by the time i get to page 4 i have about 30 or so dif var ready to be processed.

    my question is if there is only one input on page 1 for text one and it is only being passed not displayed not edited along the way, do i need to escape the post with every pass? As long as its not touched it should be ok just escaping the first time right.

    im having an issue with the final text being funky and i think it might have something to do with multiple escapes when i dont need to.

    thanks.

  • #2
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    You only need to escape the data when its going into the database.

    Secondly you should never pass information back to the page as a hidden value - it can be changed by the user. Use sessions instead. If you prefer, save the data into the database and pass back the insert id as a hidden value instead so that you can reference the data in the DB.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #3
    Senior Coder
    Join Date
    Nov 2010
    Posts
    1,381
    Thanks
    264
    Thanked 32 Times in 31 Posts
    thanks tango, yeah i knew i had to do it before the insert but I was just trying to do it as i go lol, i will only do it once and see how it goes. ill just add all the escape to the last page before right before the actual insert.

    just fyi it never gets passed back to the previous page it just gets passed hidden to the next page. and i got ya on the session deal.

    thanks.

  • #4
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Quote Originally Posted by durangod View Post
    it just gets passed hidden to the next page.
    I must recommend against this as those values can be altered by the user. You really must consider using sessions for short term storage or the DB for long term (EG where the user may close the window and come back later).
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • Users who have thanked tangoforce for this post:

    durangod (09-10-2011)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •