Form Data Handling

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
JRMannerz
Forum Newbie
Posts: 5
Joined: Thu Dec 22, 2011 2:53 pm

Form Data Handling

Post by JRMannerz »

Hello im new to this forum and also PHP. I started playing around with Dreamweaver, so i decided to make something small just to get to grips with website building. So I made a dice game where you need to choose how many sides the dice will have and what number you think it will be and when I submit the form data it resets everything so that you have to input all the data again. How can I stop it from doing this? Thanks for any help in advance, here is my code...

Code: Select all

<html>
<head>
<title>Test</title>
<style type="text/css">
.Verdana {
	font-family: Verdana;
	color: #CCC;
	font-size: 9px;
	font-weight: normal;
	font-variant: normal;
}
.TextBox {
	font-family: Verdana;
	font-size: 9px;
	color: #CCC;
	background-color: #333;
	border: 1px solid #666;
}
.BetBox {
	font-family: Verdana;
	font-size: 9px;
	color: #CCC;
	background-color: #333;
	border: 1px solid #666;
	width: 67px;
	height: 14px;
}
.Header {
	font-family: Verdana;
	font-size: 12px;
	font-style: normal;
	line-height: normal;
	font-weight: normal;
	font-variant: normal;
	text-transform: none;
	color: #FFF;
	background-color: #191919;
	border: thin none #000;
	background-image: none;
}
.MinorHeader {
	font-family: Verdana;
	font-size: 10px;
	font-style: normal;
	line-height: normal;
	font-weight: bold;
	font-variant: normal;
	text-transform: none;
	color: #FFF;
	background-color: #333;
	border-top-style: solid;
	border-right-style: none;
	border-bottom-style: none;
	border-left-style: solid;
	border-top-width: thin;
	border-left-width: thin;
	border-top-color: #000;
	border-left-color: #000;
	border-right-width: thin;
	border-bottom-width: thin;
	border-right-color: #000;
	border-bottom-color: #000;
}
.tdBorder {
	border: thin solid #000;
	background-color: #333;
	font-size: 15px;
}
.ButtonStyle {
	font-family: Verdana;
	font-size: 10px;
	background-color: #999;
	border: thin solid #666;
	color: #000;
	height: 18px;
}
</style>
</head>

<body bgcolor="#000000" text="#FFFFFF">
<?php
	Function Random($Max)
	{
		$A=Rand(1, $Max);
		Return $A;
	}
?>
<div align="center">
<form action="Index.PHP" method="post">
<font color="#CCCCCC" size="-1">
<?php
	If ($_POST["amount"] > 0)
		If ($_POST["sides"] > 1)
			Echo Random($_POST["sides"]);
		Else
			Echo "*You cannot roll a dice with less than 2 sides!";
?>
</font>
  <table border="0" cellpadding="0" cellspacing="1" bgcolor="#990000">
    <tr><td colspan="2" class="tdBorder"><div align="center" class="Header">Dice Game</div></td></tr>
<tr><td class="tdBorder"><div align="right"><font size="1" class="Verdana">Sides:</font></div></td>
<td class="tdBorder">
<input type="number" name="sides" class="TextBox" value="0"/>
</td></tr>
<tr><td class="tdBorder"><div align="right"><font size="1" class="Verdana">Number:</font></div></td>
<td class="tdBorder"><input type="number" name="num" class="TextBox" value="0"/></td></tr>
<tr><td colspan="2" bgcolor="#FFFFFF" class="tdBorder">
<div align="center">$
<input type="number" name="amount" class="BetBox"/> <input type="submit" name="Bet" value="Bet!" class="ButtonStyle"/>
</div>
</td></tr>
</table>
</form>

</div>
</body>

</html>
Last edited by Benjamin on Fri Dec 23, 2011 2:15 am, edited 1 time in total.
Reason: Added [syntax=php||htm||css||javascript||sql||etc] - Please use [syntax] tags when posting code in the forums! Thanks.
User avatar
twinedev
Forum Regular
Posts: 984
Joined: Tue Sep 28, 2010 11:41 am
Location: Columbus, Ohio

Re: Form Data Handling

Post by twinedev »

I'm not sure I got what you are trying to do with the game, but to pass back information already submitted, you can do the following (I'm assuming here that you are wanting it to always remember the number of sides from the first time you submit):

Code: Select all

<tr>
	<td class="tdBorder"><div align="right"><font size="1" class="Verdana">Sides:</font></div></td>
	<td class="tdBorder">
		<?php if (!isset($_POST['sides']) && (int)$_POST['sides']>1): ?>
			<input type="number" name="sides" class="TextBox" value="0"/>
		<?php else: ?>
			<input type="hidden" name="sides" value="<?php echo (int)$_POST['sides']; ?>" />
			<?php echo (int)$_POST['sides']; ?>
		<?php endif; ?>
	</td>
</tr>
Just a few notes to help clarify since you are new:

if (condition):
// Block of code
else:
// Block of code
endif;


is the same as

if (condition) {
// Block of code
} else {
// Block of code
}


(I just prefer the method I used withing chunks of HTML code, mainly because by the time I get to outputting HTML, all variables are set and all you are doing is simple IF ELSE conditions, FOREACH loops and ECHO of vars)

Also, you should never directly output (or use in SQL statements) data that can be manipulated by the visitor ($_POST, $_GET, $_COOKIE, $_SERVER['PHP_SELF'], $_SERVER['HTTP_USER_AGENT'], and $_SERVER['HTTP_REFERRER'] are examples of what not to trust), you want to protect it.

When you are working with just integers, like the number of sides, the easiest way is to cast the variable as an integer, using (int)$variable this will prevent any malicious characters as it will evaluate as a number up to the first non number character (ie. 356fg = 356) if there are no numbers, you get 0. Note, this does this on the current use of the variable, it does not change the value of the variable. For that you would need to do $variable = (int)$variable, and so I know how it is set, I will usually do something like $intSides = (isset($_POST['sides'])) ? (int)$_POST['sides'] : 0; Which says, if $_POST[sides'] exists assign the integer value to $intSides, otherwise assign 0. This way later in the code, using $intSides, I know I am safe (knowing my own coding practices) that it will only be an integer in that variable.

If you are not doing integers, for displaying in the page (even in value="" for forms), use htmlspecialchars($variable,ENT_QUOTES). This will convert characters over to their proper entities, such a " to " (so if there is a quote in it, you would get value="my "stuff"" instead of value="my "stuff"" (which would not be right)

For putting the value into SQL statements, using basic mysql_query() type functions, do mysql_real_escape_string($variable) which will escape (with a backslash) quotes which would otherwise allow malicious activity. (other method would be to use something that auto handles values for you like PDO)

Lastly, for a game, it probably won't be such a big deal, but one day you may get to more advanced coding, so be aware that "Hidden" values from a form can be changed by the user, so just because you set <input type="hidden" name="sides" value="4" /> they can change it before submitting the form, so again, always good to double validate those!

Good luck!

-Greg
JRMannerz
Forum Newbie
Posts: 5
Joined: Thu Dec 22, 2011 2:53 pm

Re: Form Data Handling

Post by JRMannerz »

Thank you very much for your help and first class response
Post Reply