I had a revelation today.
Moderator: General Moderators
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Re: I had a revelation today.
This is the part of the entire thread I don't understand. Why don't you just post the form to a named page? And not $PHP_SELF (reliance on PHP setting that global var is bad) or $_SERVER['PHP_SELF'] (because not all server vars are accessible on all servers or secure on all servers - a thread talked about muchly within this community). And if you are taking the time to add the query string vars to the post url, why not just add them as hidden fields to the form so they can post?Daedalus- wrote:Forever and ever, whenever I would be writing admin pages, I would POST the form. Now, you can't post to something sexy like a querystring.
I am confused by this whole thing.
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
I suppose I went about this all wrong. I will keep this simple.
First, I always wanted a user to see nothing but query strings throughout my whole website. This may seem stupid but I just like it. It's how I learned to code through various tutorials and the help of someone whom I consider my mentor.
Let's say I have a weblog, and I am writing the code for a page to add a new entry..
You have to POST forms to a real page, you can't use querystrings that call includes.
That is how I structure my pages simply because I think that since it is all related, it should all go in the same place, right?
I do not want people to see those blah.php urls. I hate them. I don't want the page my form is being processed on to be completely obvious to the user.
Now, sure, I could just have a page like this:
I would have to write the same code twice and then they would be able to see the physical address of the page relative to my domain AND I would have to reinclude all the stuff that has the html and css for the page layout.
I used to think, "ugh why not just redirect them". So I did.
After spending alot of time reading, and a bit of time on this forum, I realised that it would be equally stupid IMO.
So. I finally figured out what I think is a good way to do it, yesterday.
Post everything to one page, index.php, have the classes do everything else.
After reading through this thread, I realise that this probably either seems stupid to everyone else, or I am not explaining myself correctly.
If this thread isn't going to be of any use to anyone because of my inability to explain this, then I will simply delete it.
edit: I also just thought that maybe I am just an idiot and I have bad technique. Trying to find out if how I design things is a 'good' way of doing it is part of what I wanted to accomplish with this thread. I like the way I figured out yesterday, it's easy for me. I wrote four 'pages' in the same amount of time it used to take me to write one. Even though making something work best for myself is the point of learning new ways to implement stuff, I still want to know how other people do it, and what the accepted standard is. I'm also starting to think I should just post a .zip with code so everyone can better understand what I mean.
First, I always wanted a user to see nothing but query strings throughout my whole website. This may seem stupid but I just like it. It's how I learned to code through various tutorials and the help of someone whom I consider my mentor.
Let's say I have a weblog, and I am writing the code for a page to add a new entry..
Code: Select all
// add a new entry
if ($_POST)
{
// grab the post variables and do the databse stuff
}
else
{
<form action="addweblog.php" method="post">
<input type="text" name="title" />
<input type="text" name="body" />
</form>
}That is how I structure my pages simply because I think that since it is all related, it should all go in the same place, right?
I do not want people to see those blah.php urls. I hate them. I don't want the page my form is being processed on to be completely obvious to the user.
Now, sure, I could just have a page like this:
Code: Select all
// add a new entry
if ($_POST)
{
// grab the post variables and do the databse stuff
print '
<h4>Add another entry</h4>
<form action="addweblog.php" method="post">
title: <input type="text" name="title" />
body: <input type="text" name="body" />
</form>';
}
else
{
print '
<h4>Add an entry</h4>
<form action="addweblog.php" method="post">
title: <input type="text" name="title" />
body: <input type="text" name="body" />
</form>';
}I used to think, "ugh why not just redirect them". So I did.
After spending alot of time reading, and a bit of time on this forum, I realised that it would be equally stupid IMO.
So. I finally figured out what I think is a good way to do it, yesterday.
Post everything to one page, index.php, have the classes do everything else.
After reading through this thread, I realise that this probably either seems stupid to everyone else, or I am not explaining myself correctly.
If this thread isn't going to be of any use to anyone because of my inability to explain this, then I will simply delete it.
edit: I also just thought that maybe I am just an idiot and I have bad technique. Trying to find out if how I design things is a 'good' way of doing it is part of what I wanted to accomplish with this thread. I like the way I figured out yesterday, it's easy for me. I wrote four 'pages' in the same amount of time it used to take me to write one. Even though making something work best for myself is the point of learning new ways to implement stuff, I still want to know how other people do it, and what the accepted standard is. I'm also starting to think I should just post a .zip with code so everyone can better understand what I mean.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
Why not? What stops query string vars from implementing includes?Daedalus- wrote:You have to POST forms to a real page, you can't use querystrings that call includes.
Why wouldn't you...Daedalus- wrote:Now, sure, I could just have a page like this:
I would have to write the same code twice and then they would be able to see the physical address of the page relative to my domain AND I would have to reinclude all the stuff that has the html and css for the page layout.Code: Select all
// add a new entry if ($_POST) { // grab the post variables and do the databse stuff print ' <h4>Add another entry</h4> <form action="addweblog.php" method="post"> title: <input type="text" name="title" /> body: <input type="text" name="body" /> </form>'; } else { print ' <h4>Add an entry</h4> <form action="addweblog.php" method="post"> title: <input type="text" name="title" /> body: <input type="text" name="body" /> </form>'; }
Code: Select all
<?php
if ($_POST)
{
// grab the post variables and do the databse stuff
}
?>
<h4>Add an entry</h4>
<form action="addweblog.php" method="post">
title: <input type="text" name="title" />
body: <input type="text" name="body" />
</form>This makes perfect sense. I am doing this with my own website right now. I am just wondering how you were taught before.Daedalus- wrote:So. I finally figured out what I think is a good way to do it, yesterday.
Post everything to one page, index.php, have the classes do everything else.
After reading through this thread, I realise that this probably either seems stupid to everyone else, or I am not explaining myself correctly.
Don't do that. Threads around here are useful in two different respects. Some teach us what we should do. Others teach us what we should not do. Either way, we are being taught. Thanks for posting.Daedalus- wrote:If this thread isn't going to be of any use to anyone because of my inability to explain this, then I will simply delete it.
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Hey Daedalus, what you have discovered is called a Front Controller. Best thing since sliced bread. There is a lot of information about them around the web and almost every PHP framework uses one. You sound very particular about your code, but here is a simple Front Controller here[url] that I posted a while back.
(#10850)
Anchors are not submitted.. Which makes it expected behaviour that you don't get to see it at the server-side...shoebappa wrote:S
Just ? no anchor:
POST /getpost.php?testget1=1&testget2=2 HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 23
With anchor:
POST /getpost.php HTTP/1.1
Content-Length: 23
That was in firefox, I knew I didn't like that idea when I first saw it. Hell it doesn't even work in IE either!
I agree. As i already said imply use '#' to make the browser post to the url it's currently displaying.shoebappa wrote: I repeat, don't use action="#?getdata"!!!
Do not use $_SERVER['PHP_SELF'] like this, it makes your form vulnerable for XSS attacks.shoebappa wrote: action="<?php echo $PHP_SELF; ?>?getdata"
I just don't understand what you're trying to say with: 'you can't use querystrings that call includes'???Daedalus- wrote: You have to POST forms to a real page, you can't use querystrings that call includes.
Since the only difference is the text between h4 i'd write a function for it. And call it with 'add new entry' and with 'add other entry'.Daedalus- wrote: I would have to write the same code twice and then they would be able to see the physical address of the page relative to my domain AND I would have to reinclude all the stuff that has the html and css for the page layout.
I'd probably have another parameter that accepts an action for the form... As already mentionned, if you want the users to post to the page they're currently on, you'd have to use the empty string (Or '#' which is the same)
Gripe time..
Is an improper challenge.is the correct challenge for checking if the $_POST array has any indices.
You will also need to specifically check for the values you wish to use, else someone sending dummy POST data will bork your site.
Code: Select all
if ($_POST) {Code: Select all
if (!empty($_POST)) {You will also need to specifically check for the values you wish to use, else someone sending dummy POST data will bork your site.
- daedalus__
- DevNet Resident
- Posts: 1925
- Joined: Thu Feb 09, 2006 4:52 pm
Jenk, it was pseudo code.
Everyone else, you lost me last page.
arborint, thank you thank you thank you.
I would have never figured out what the hell this is called without your post.
I always, always write my own code. I honestly don't care if God himself wrote the script. I still write my own code. It is something I am very, very particular about. I don't know why but I have to. It just so happens that while I love writing everything myself, I also haven't the slightest clue what I am doing. I started on absolute scratch without instruction. I am not someone who even attended a high school level class on programming and when most people talk to me, I have no idea what they are talking about but I know how to make things work.
The problem with that is that whenever I find myself doing something new, it isn't new. Someone else has done it and there are all these really shiny words that describe it. I don't know about any of it. I just know it is very, very satisfying when I learn something without someone else having to show or tell me.
I am very, very particular about the way I write my code and the way my programs operate. Sometimes I really hate the way I do things but it's the only way I know how. This Front Controller thing saves me. It keeps me from having to do several things that drive me nuts.
I'm glad I know what the hell to call it now lol.
timvw, I don't know what the hell I was talking about either.
but then i remembered
and then i tested something
I am an idiot. I just made two pages, index.php and form.php. form.php posts to ?q=form. It worked. :- /
I think that I was probably working on one or more other problems and for some reason there was some interference.
Everyone else, you lost me last page.
arborint, thank you thank you thank you.
I would have never figured out what the hell this is called without your post.
I always, always write my own code. I honestly don't care if God himself wrote the script. I still write my own code. It is something I am very, very particular about. I don't know why but I have to. It just so happens that while I love writing everything myself, I also haven't the slightest clue what I am doing. I started on absolute scratch without instruction. I am not someone who even attended a high school level class on programming and when most people talk to me, I have no idea what they are talking about but I know how to make things work.
The problem with that is that whenever I find myself doing something new, it isn't new. Someone else has done it and there are all these really shiny words that describe it. I don't know about any of it. I just know it is very, very satisfying when I learn something without someone else having to show or tell me.
I am very, very particular about the way I write my code and the way my programs operate. Sometimes I really hate the way I do things but it's the only way I know how. This Front Controller thing saves me. It keeps me from having to do several things that drive me nuts.
I'm glad I know what the hell to call it now lol.
timvw, I don't know what the hell I was talking about either.
but then i remembered
and then i tested something
I am an idiot. I just made two pages, index.php and form.php. form.php posts to ?q=form. It worked. :- /
I think that I was probably working on one or more other problems and for some reason there was some interference.
Last edited by daedalus__ on Wed Jun 28, 2006 5:34 pm, edited 3 times in total.
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
- jayshields
- DevNet Resident
- Posts: 1912
- Joined: Mon Aug 22, 2005 12:11 pm
- Location: Leeds/Manchester, England
Well I can't make alot of sense of this thread, but for reference, if I've got a form on a page, I use this method:
Code: Select all
if(isset($_POST['submit'])) {
//handle the form
}
echo '<form action="index.php"'./*self*/' method="post">
<input type="text" name="whatever" />
<input type="submit" name="submit" />
</form>';Why? $_POST is always set whatever the request type and if($_POST ) returns false if it is an empty array.Jenk wrote:Gripe time..Is an improper challenge.Code: Select all
if ($_POST) {