Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- PHP form field oddness!
February 1, 2008, 7:42 am
rate this thread
I have an internal website that is PHP based. One of the form submit
has tons of fields, so to simplify the updating/inserting of records
(and long term management of the page) I go through the request (HTTP
POST/GET) variables and create an sql statement based on the data.
This means if I add a new database field I can just add the form field
on the page and I do not have to alter the database code.
However now and again a random form field will turn up that is not on
the original page. The latest is "sageamp". I have had "s_vnum" and
"SITESERVER". They look to be related to cookies - eg sageamp seems
to be related to web analysis. These form fields are unrelated to the
actual PHP code that generates the HTML form - the form fields just
appear on the page.
If the problem occurs I clear the cache (including cookies) and the
problem goes away for a while. This only occurs in Firefox, however
if I replicated the browsing that firefox has been up to in IE it may
The code for doing the DB update, if you are interested (nothing to
do with the problem I am sure) is:
(note - you can see where I have put exceptions in for the phantom
form fields to allow the code to work - I have since found out that
clearing the cache stops the fields from appearing).
while(list($key,$val) = each ($_REQUEST))
if ($key<> "B1" && $key <> "SITESERVER" && $key <> "mkt1" && $key <>
"PHPSESSID" && $key <> "Submit" && $key <> "edit" && $key <> "s_vnum")
$sql .= " `$key` = '".addslashes($val)."', ";
Any help appreciated!
Re: PHP form field oddness!
Don't use $_REQUEST, use $_POST (or $_GET).
An even more secure approach is to use array notation in this form:
<input type="text" name="form[name]" />
Then You will get an easy to read $_POST-Array with:
and Your iteration will be much easier:
while(list($key,$val) = each ($_POST['form'])) ...
without any exceptions
$key<> "B1" && $key <> "SITESERVER" && $key <> "mkt1" && $key <>
always indicates a wrong approach!
- C. (http://symcbean.blogspot.c
February 1, 2008, 12:41 pm