Well, this is just an issue of code structure that I really don’t want to change.
I normally use this style of coding…
<?php
// Initialization stuff here...
// *********************************************************
// HANDLE *
// *********************************************************
if ($_SERVER['REQUEST_METHOD']=='POST'){
// Form was Submitted (Post).
// Initialize Errors Array.
$errors = array();
// Trim all form data.
$trimmed = array_map('trim', $_POST);
// *********************
// Validate Form Data. *
// *********************
// Validate Form Here...
}else{
// Form was not Submitted (Get).
// ****************
// Populate Form. *
// ****************
// Build query.
}//End of POPULATE FORM
}//End of HANDLE FORM
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
Normally, this works just fine, because when the Form is submitted, if there are any Form Issues, I can grab everything out of $_POST.
The problem here - which I haven’t encountered before - is that I need to access information on the Form that wasn’t stored in the $_POST array because it wasn’t technically Form data.
Now I could have made “Article Title” and “First Name” Form Fields, but then they would be editable and I’d have to validate them.
I could have also used the $_SESSION, but as I am finding out, that can cause lots of issues for psycho Tabbed-Browsing Users?!
I also could have put my “Populate Form” query above the “Handle Form” block, but like I said, I like to follow the template I have above…
In the end, I made these changes which appear to be working and safe, but I wasn’t sure so I posted here?!
// *********************************************************
// HANDLE FORM. *
// *********************************************************
if ($_SERVER['REQUEST_METHOD']=='POST'){
// Form was Submitted (Post).
// Initialize Errors Array.
$errors = array();
// Trim all form data.
$trimmed = array_map('trim', $_POST);
// *********************
// Validate Form Data. *
// *********************
$articleTitle = $trimmed['articleTitle'];
$firstName = $trimmed['firstName'];
$comments = $trimmed['comments'];
<!-- Article Title -->
<li>
<p class="fauxLabel">Article Title:</p>
<p class="fauxInput"><?php echo '"' . str2htmlentities($articleTitle) . '"'; ?></p>
<input name="articleTitle" type="hidden" value="<?php echo (isset($articleTitle) ? $articleTitle : ''); ?>" />
</li>
<!-- First Name -->
<li>
<p class="fauxLabel">First Name:</p>
<p class="fauxInput"><?php echo str2htmlentities($firstName); ?></p>
<input name="firstName" type="hidden" value="<?php echo (isset($firstName) ? $firstName : ''); ?>" />
</li>
<!-- Comment -->
<li>
<label for="comments">Comments:</label>
<textarea id="comments" name="comments" cols="50" rows="15"><?php echo (isset($comments) ? $comments : ''); ?></textarea>
<?php
if (!empty($errors['comments'])){
echo '<br /><span class="error">' . $errors['comments'] . '</span>';
}
?>
</li>
What do you think about all of that?! :-/
Thanks,
Debbie