1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Best practices re form handling

Discussion in 'PHP' started by HenryCan, Dec 11, 2018.

  1. #1
    I am revisiting some PHP code I wrote a few years back to make some enhancements to the code. I find myself wondering if I'm doing things the best way.

    Basically, I am displaying an HTML form to a user on my website and asking them several questions; they press Submit and I have PHP code examining the form and determining if the information is sufficiently complete. The form I'm working on now contains text fields, several checkboxes, and buttons for Submit and Reset. Some of the text fields and checkboxes can be left blank and some are mandatory.

    In my PHP code, I am first checking to see the values of every text field and every checkbox using the coalesce operator. For example:
               $meeting2 = trim($_POST['meeting2']) ?? ""; //This is the Meeting2 checkbox.
    
    PHP:
    As I understand it, this line of code says "Populate the $meeting2 variable with the trimmed value of the meeting2 value from the form, if it has a value, otherwise assign it the empty value.

    Unfortunately, when I execute this code, it throws an error like this for each checkbox that is unchecked, even though it is absolutely legitimate for that checkbox to be unchecked:
    Notice: Undefined index: meeting2 in /storage/ssd3/424/1819424/public_html/topicProposalTheme.php on line 47
    PHP:
    I know that the coalesce operator is relatively new to PHP but I am using PHP 7.1.18 so it should be working as designed, right?
    SEMrush
    If so, what is wrong with my approach? I used to use array_key_exists but I saw something that persuaded me that the coalesce operator was "better" or at least more concise. Do I need to go back to doing this:
    (array_key_exists('meeting2', $_POST)) ? $meeting2 = trim($_POST['meeting2']) : $meeting2 = ""; //This is the Meeting2 text field.
    PHP:
    I had a look at the isset() and array_key_exists() articles in the PHP manual but I found them more confusing than enlightening with respect to which one I should be using.

    Can someone enlighten me on the best approach to use?
     
    Solved! View solution.
    HenryCan, Dec 11, 2018 IP
    SEMrush
  2. #2
    Lets start with how you are accessing the $_POST variable. You can get away with what you are doing if you are just echo-ing out but I'd use this simple example to get to grips with filter_input. Once you've done that the rest of the thread is dealt with.

    as for coalesce operator, isset(), and array_key_exists() I'd always use array_key_exists because there are some funny instances with isset where you get false negatives.


    ref
     
    sarahk, Dec 11, 2018 IP
  3. SpacePhoenix

    SpacePhoenix Well-Known Member

    Messages:
    91
    Likes Received:
    9
    Best Answers:
    1
    Trophy Points:
    110
    #3
    If the checkbox isn't checked then there'll be nothing (no entry or value) for it in the $_POST array
     
    SpacePhoenix, Dec 11, 2018 IP
  4. HenryCan

    HenryCan Member

    Messages:
    36
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    41
    #4
    So my belief that it will set the value to "" (in this case) if the checkbox isn't checked is just plain wrong? That's what I was suspecting but it makes the coalesce operator a lot less useful. Oh well....

    Thanks for explaining that.

    I've never heard of filter-input before. I had a feeling I wasn't doing things the best possible way and now I see I'm right :) So filter-input or filter-input-array should be the basis of my approach to handle values on forms; that's very useful to know. Thank you!
     
    Last edited by a moderator: Dec 12, 2018
    HenryCan, Dec 12, 2018 IP
  5. sarahk

    sarahk iTamer Staff

    Messages:
    24,619
    Likes Received:
    3,321
    Best Answers:
    95
    Trophy Points:
    615
    #5
    Checkboxes are flighty little things.

    If you look at forms that others create you'll often see something like this
    <input type='hidden' name='abc' value='0'>
    <input type='checkbox' name='abc'>
    Code (markup):
    The inputs are processed in order so when it's submitted $_POST['abc'] = 0, then the second one is unchecked so the value doesn't get changed. If it was checked then $_POST['abc'] would be replaced with the value of 1
     
    sarahk, Dec 12, 2018 IP
  6. HenryCan

    HenryCan Member

    Messages:
    36
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    41
    #6
    I may have to imitate that on occasion but so far my form seems to be working as intended by using filter_input as you suggested:
                $meeting2 = filter_input(INPUT_POST, trim('meeting2'));
    
    PHP:
    Thanks for helping me improve my code!
     
    HenryCan, Dec 14, 2018 IP
    sarahk likes this.