Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Senior Coder doubledee's Avatar
    Join Date
    Mar 2011
    Location
    Arizona
    Posts
    1,098
    Thanks
    27
    Thanked 0 Times in 0 Posts

    What Values get submitted with this Form?

    When the following Form gets submitted...

    PHP Code:
    <fieldset id='requestChoices'>
        <
    input name='friendRequestDecision[38]' type='hidden' value='0' />

        <
    input id='Requestor1_1' name='friendRequestDecision[38]' type='radio' value='0' checked='checked' />
        <
    label for='Requestor1_1'>Decide Later</label>

        <
    input id='Requestor1_2' name='friendRequestDecision[38]' type='radio' value='1'  />
        <
    label for='Requestor1_2'>Accept</label>

        <
    input id='Requestor1_3' name='friendRequestDecision[38]' type='radio' value='2'  />
        <
    label for='Requestor1_3'>Decline</label>
    </
    fieldset

    1.) What values get returned to my script?

    2.) Is the first "hidden" field part of $_POST ?

    3.) And is there a conflict between name='friendRequestDecision[38]' in my Hidden Input and in my Regular Inputs?


    I put var_dump in my code and got this...
    Code:
    array
      'friendRequestDecision' => 
        array
          38 => string '1' (length=1)
          1 => string '1' (length=1)
      'submit' => string 'Update Requests' (length=15)
    ...but it still seems like the Hidden Input might be lingering out there?!


    All of these questions are centered around SECURITY and making sure I check for the right values in the right places so that a hacker can't sneak in something bad?!

    Sincerely,


    Debbie

    P.S. When I test the above code, it appears to be working okay as far of what is echoed on the screen and what gets updated in my database, but I figured I better check with the gurus here!!

  • #2
    New to the CF scene
    Join Date
    Jan 2013
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts
    When you set your input's name to anything containing [] in it, php picks it up as a mufti dimensional array, causing your output issue, use another delimiter such as varname_23 or you could do this...

    PHP Code:
    <?php
    print_r
    ($_POST);
    print_r(MultiArrayToSingle($_POST));
    function 
    MultiArrayToSingle ($array)
    {
        
    $my_post_vars = array();
        foreach (
    $array as $key => $value)
        {
            if(
    is_array($value))
            {
                foreach(
    $value as $k => $v)
                {
                    
    $my_post_vars[$key."_".$k] = $v;    
                }
            }
            else
            {
                
    $my_post_vars[$key] = $value;    
            }
        }
        return 
    $my_post_vars;
    }
    ?>
    here was my result

    From the $_POST variable
    Array
    (
    [friendRequestDecision] => Array
    (
    [38] => 1
    )

    [button] => Submit
    )

    After $_POST was ran though my function
    Array
    (
    [friendRequestDecision_38] => 1
    [button] => Submit
    )
    Last edited by jalex718; 01-29-2013 at 04:40 AM.

  • #3
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    You cannot share the same name with non-toggleable inputs. Radio and checkbox are fine as they require the same name in order to determine successful field groups. The hidden will be overwritten by the radio group following it. See your var dump results, you have selected accept for friendRequestDecision[38] and friendRequestDecision[1].
    So to answer your question, yes both get submitted. But only the latter one is successful. I'm not sure why you want that hidden field though; even if no option is selected, it would be presumable that you cannot pass a non-existent id into a query to update. If you cannot do that, than it is implicitly ignored.
    So in other words, the hidden input is useless.
    PHP Code:
    header('HTTP/1.1 420 Enhance Your Calm'); 


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •