Page 1 of 1

[Solved] HTML form to XML via PHP

Posted: Tue May 01, 2007 4:04 pm
by a.heresey
So I'm updating/remaking a website for work which involves collecting information through an html form that submits to a mailing script, and I think to myself, "Hey, why should that poor admin spend half her morning copy-pasting 20 form fields into excell, when excell can just import xml?"

And so I tried tweaking the mail code.
And found that 80% of the script wasn't needed.

So I was like, "Dude, this code is from 2002, we can do better, we can do PHP."

And thus I wrote the following code. And it works. However, being as this is the first time I've made a purposeful PHP script/code/page I was hoping someone would look at it and help me avoid a catastropic mistake. You know, I kinda like the job and everything. Like say, "You fool! As soon as two people use your form at the same time you will corrupt the file and loose alll data!" (Although I think that by setting fopen() to a+ I should be okay with that one).

Please to be reviewing:

Code: Select all

<?php
$myFile;

$stringData;

$formName;

foreach($_POST as $key=>$value){
	if($key=="formName"){
		$formName = $value;
	}elseif($key!="submit"){
		$stringData = $stringData."<".$key.">\n\t\t".$value."</".$key.">\n";
	}
}
$myFile = "../data/$formName"."File.xml";

$stringData= "<$formName>".$stringData."</$formName>\n</$formName"."Register>";

$fh = fopen($myFile, "a+") or die("can't open file");

$chop= filesize($myFile);

$chop= $chop-(strlen($formName)+11);

ftruncate($fh, $chop);

fwrite($fh, $stringData);

fclose($fh);


?>
How it's supposed to work:

Open the .xml file already on the server, named "$formnameFile.xml". Then get rid of the closing tag for the root element of the file. Then write all of the values from "_POST", wrapped in xml opening and closing tags to $formnameFile.xml. Close the file.

Thanks for your help![/i]

Posted: Tue May 01, 2007 4:13 pm
by arturm
It look fine expect for some cosmetic things like:

Code: Select all

$stringData = $stringData."\t\t<".$key.">".$value."</".$key.">\n";
and

Code: Select all

$stringData= "<".$formName.">".$stringData."</".$formName.">\n</".$formName."Register>";
And if you want more security you should parse $_POST values before using them
you can use htmlentities() function

Posted: Tue May 01, 2007 4:53 pm
by RobertGonzalez
These do nothing:

Code: Select all

<?php

$myFile;

$stringData;

$formName; 
?>
What is the purpose of putting this into your code?

Posted: Tue May 01, 2007 4:58 pm
by RobertGonzalez
Ok, what about something like this?

Code: Select all

<?php
$stringData = '';
$formName = '';

foreach ($_POST as $key=>$value) {
    if ($key == 'formName') {
        $formName = $value;
    } elseif ($key != 'submit') {
        $stringData .= "<$key>\n\t\t$value</$key>\n";
    }
}

if (!empty($stringData) && !empty($formName)) {
    $myFile = "../data/$formName.File.xml";
    $stringData = "<$formName>$stringData</$formName>\n</{$formName}Register>";
    $fh = fopen($myFile, "a+") or die("can't open file");
    $chop = filesize($myFile);
    $chop = $chop - (strlen($formName)+11);
    ftruncate($fh, $chop);
    fwrite($fh, $stringData);
    fclose($fh);
} else {
    die('There was something missing from the form data.');
}
?>

Posted: Tue May 01, 2007 5:20 pm
by superdezign
It's true, code should look good. :-p

Otherwise, you'll look at it later, think "eww, it's ugly," and neglect to update it. It's true!!

Everah

Posted: Wed May 02, 2007 8:08 am
by a.heresey
Beautiful.

Thanks.

I did not know about the curly-brackets-separates-the-variable-from-the-string-without-concantation-character rule.

About the extra lines with variables: I come from the land of Actionscript, I was making sure these variables would have global-like scope. I take it this is not the effective way to this?

Thanks again to all who responded. Yay, first script! :D

Re: Everah

Posted: Wed May 02, 2007 8:14 am
by jayshields
a.heresey wrote:I did not know about the curly-brackets-separates-the-variable-from-the-string-without-concantation-character rule.
Remember that it only works when used inside double quotes, not single quotes.

Code: Select all

$var = 'blah';
echo '{$var}'; //prints {$var}
echo "{$var}"; //prints blah

Re: Everah

Posted: Wed May 02, 2007 10:53 am
by RobertGonzalez
a.heresey wrote:I was making sure these variables would have global-like scope.
Global scope is not as difficult as it could seem to be, but you really need to ask yourself if you really need globally accessible variables. There are ways to achieve lots of stuff without the need for global vars.