PDA

View Full Version : [SOLVED] How can you explain PHP's behavior...



raxz
June 30th, 2008, 01:39 AM
I was recently asked by a co-worker why the following code produces the same result when the "refresh" button is hit but when typing/just hitting the the address bar again clears all output...(ie the "names" are no longer visible)



<?php


if(isset($_POST['submit'])){

echo "<br />Hello ".$_POST['fname']." ".$_POST['mname']." ".$_POST['lname']." <br />";
echo "your e-mail address is ".$_POST['email']."<br />";
echo "your gender is ".$_POST['gender'."<br />";

if($_POST['age'] >= 18){
echo "<b>you are of legal age</b>";
}else{
echo "<b>you are not yet of legal age</b>";
}


I cannot for the life of me just say "that's really how PHP works"..can someone explain the difference between the refresh button and manually typing the URL in PHP.

does it have something to do with cache/headers?

Also is there a way to clear the output when a page is refreshed..I tried unset() still nothing.

Jordanwb
June 30th, 2008, 01:49 AM
When a form is submitted using the post method $_POST['submit'] is set so it will be true. When you hit refresh you resend the form data, causing it to be true again. Simply typing in the url does not send post data so it is false.

As for clearing output, use something like



$_SESSION['form_submitted'] = true;


also for that you'd need either start_session () or session_start (). I can't remember which.

Thirtysixway
June 30th, 2008, 01:52 AM
Don't forget to sanitize those inputs!

Jordanwb
June 30th, 2008, 01:53 AM
Don't forget to sanitize those inputs!

That's some good advice there. Never trust user input.

raxz
June 30th, 2008, 02:09 AM
When a form is submitted using the post method $_POST['submit'] is set so it will be true. When you hit refresh you resend the form data, causing it to be true again. Simply typing in the url does not send post data so it is false.

As for clearing output, use something like



$_SESSION['form_submitted'] = true;


also for that you'd need either start_session () or session_start (). I can't remember which.

hmm...ok so the keyword to remember is post data. the code was just a sample to better demonstrate what behavior I was talking about.

erm could you elaborate on that "$_SESSION['form_submitted']"?

:lolflag:

Thirtysixway
June 30th, 2008, 02:13 AM
hmm...ok so the keyword to remember is post data. the code was just a sample to better demonstrate what behavior I was talking about.

erm could you elaborate on that "$_SESSION['form_submitted']"?

:lolflag:

You would set
$_SESSION['form_submitted'] = true; on the page with the form. Then on the page that handles the input (the code posted here) it would check to see if it was set to true, then set it
$_SESSION['form_submitted'] = false; so if it was refreshed, the session would be false and it would display the form again or show an error. This works because the session is not set based on submitting data.

raxz
June 30th, 2008, 02:16 AM
You would set
$_SESSION['form_submitted'] = true; on the page with the form. Then on the page that handles the input (the code posted here) it would check to see if it was set to true, then set it
$_SESSION['form_submitted'] = false; so if it was refreshed, the session would be false and it would display the form again or show an error. This works because the session is not set based on submitting data.


but what if I want to just have one page where both the form and the PHP are in?

Jordanwb
June 30th, 2008, 02:20 AM
For that I do something like this:



$form_submitted = isset ($_POST['submit']);
$show_form = true;

if ($form_submitted)
{

}
if ($show_form)
{

}


Also for the bit about the $_SESSION variable you could generate a random number, make it a hidden field in the form. When the form is submitted save the number in a $_SESSION variable. When the form is resubmitted check the value. If it is the same ignore the post data. If you want an example I'll make one.

Thirtysixway
June 30th, 2008, 02:23 AM
but what if I want to just have one page where both the form and the PHP are in?

You could have like


<?php
if(!$_POST['myform']){
//We haven't submitted the form yet!

echo("<form method=post name=myform>
First Name:<br><input type=text name=fname><br><br>
Middle Name:<br><input type=text name=mname><br><br>
Last name:<br><input type=text name=lname><br><br>
Email Address:<br><input type=text name=email><br><br>
Gender:<br><input type=text name=gender><br><br>
<input type=submit name=submit value=Submit!></form>
");

$_SESSION['form_submitted'] = true;
}else{
//The form HAS been submitted!

if($_SESSION['form_submitted'] == true){
//the user came from our form!

echo "<br />Hello ".$_POST['fname']." ".$_POST['mname']." ".$_POST['lname']." <br />";
echo "your e-mail address is ".$_POST['email']."<br />";
echo "your gender is ".$_POST['gender'."<br />";

if($_POST['age'] >= 18){
echo "<b>you are of legal age</b>";
}else{
echo "<b>you are not yet of legal age</b>";
}

$_SESSION['form_submitted'] = false;

}else{
//the user didn't come from our form!

echo("Please hit back and re enter your data.");
$_SESSION['form_submitted'] = false;
}
}
?>


I haven't tested it but it should work.

Jordanwb
June 30th, 2008, 02:28 AM
One look and I saw right away that there would be a bug:


if($_SESSION['form_submitted'] = true){

should be


if($_SESSION['form_submitted'] == true){

or


if($_SESSION['form_submitted']){

but that would work. Albeit a bit messy (at least for me).

Thirtysixway
June 30th, 2008, 02:33 AM
Whoops, sorry about that! I've updated my post with that fix, thanks Jordanwb.

Jordanwb
June 30th, 2008, 02:36 AM
No prob. We're all here to help each other. Besides everyone has made that mistake before.):P

raxz
June 30th, 2008, 02:38 AM
@ Thirtysixway - tried(*read copy pasted) your code...no output was generated.

@ Jordanwb - hmm the code you gave should it look something like this:



$form_submitted = isset ($_POST['submit']);
$show_form = true;

if ($form_submitted){
echo "<br />Hello ".$_POST['fname']." ".$_POST['mname']." ".$_POST['lname']." <br />";

echo "your e-mail address is ".$_POST['email']."<br />";
echo "your gender is ".$_POST['gender']."<br />";

if($_POST['age'] >= 18){
echo "<b>you are of legal age</b>";
}else{
echo "<b>you are not yet of legal age</b>";
}

$show_form=false;//







interesting idea about the random numbers never thought about it like that. will try it out.

Jordanwb
June 30th, 2008, 02:42 AM
Yeah that's how I write forms and stuff like that. Makes it easier for me to display error messages about input and stuff like that.


@ Thirtysixway - tried(*read copy pasted) your code...no output was generated.

It should. Change the form output part to:




echo('<form method="post" name="myform">
First Name:<br><input type="text" name="fname"><br><br>
Middle Name:<br><input type="text" name="mname"><br><br>
Last name:<br><input type="text" name="lname"><br><br>
Email Address:<br><input type="text" name="email"><br><br>
Gender:<br><input type="text" name="gender"><br><br>
<input type=submit name="submit" value="Submit!"></form>
');



because the other dude didn't put any quotes around property values the browser may be confused.

raxz
June 30th, 2008, 02:54 AM
I mean when you hit the "submit" button nothing is displayed

Jordanwb
June 30th, 2008, 02:58 AM
That's weird. It should. I'll try it on my server.

[edit]

Right after "<?php" put "session_start ();" (minus the quotes)

but it works for me.

raxz
June 30th, 2008, 03:10 AM
<?php session_start();

if(!$_POST['myform']){
//We haven't submitted the form yet!

echo("<form method=post name=myform>
First Name:<br><input type=text name=fname><br><br>
Middle Name:<br><input type=text name=mname><br><br>
Last name:<br><input type=text name=lname><br><br>
Email Address:<br><input type=text name=email><br><br>
Gender:<br><input type=text name=gender><br><br>
<input type=submit name=submit value=Submit!></form>");

$_SESSION['form_submitted'] = true;

}else{

echo "this should work here";//this should show after submit

//The form HAS been submitted!
if($_SESSION['form_submitted'] == true){
//the user came from our form!

echo "<br />Hello ".$_POST['fname']." ".$_POST['mname']." ".$_POST['lname']." <br />";
echo "your e-mail address is ".$_POST['email']."<br />";
echo "your gender is ".$_POST['gender']."<br />";

if($_POST['age'] >= 18){
echo "<b>you are of legal age</b>";
}else{
echo "<b>you are not yet of legal age</b>";
}
$_SESSION['form_submitted'] = false;
}else{
//the user didn't come from our form!
echo("Please hit back and re enter your data.");
$_SESSION['form_submitted'] = false;
}
}





I have no idea why this does not work...:(

Jordanwb
June 30th, 2008, 03:13 AM
Oh I forgot that I changed something else. Change


if(!$_POST['myform']){

to


if(!isset($_POST['submit'])){

raxz
June 30th, 2008, 03:26 AM
worked!

I thought fixed it when I changed it to this:


<?php session_start();

if(!$_POST['myform']){
//We haven't submitted the form yet!

echo("<form method=post name=myform>
First Name:<br><input type=text name=fname><br><br>
Middle Name:<br><input type=text name=mname><br><br>
Last name:<br><input type=text name=lname><br><br>
Email Address:<br><input type=text name=email><br><br>
Gender:<br><input type=text name=gender><br><br>
<input type=submit name=submit value=Submit!></form>");

$_SESSION['form_submitted'] = true;

//var_export($_SESSION['form_submitted']);

}

if($_SESSION['form_submitted']){

echo "this should work here";

//The form HAS been submitted!
if($_SESSION['form_submitted'] == true){
//the user came from our form!

echo "<br />Hello ".$_POST['fname']." ".$_POST['mname']." ".$_POST['lname']." <br />";
echo "your e-mail address is ".$_POST['email']."<br />";
echo "your gender is ".$_POST['gender']."<br />";

if($_POST['age'] >= 18){
echo "<b>you are of legal age</b>";
}else{
echo "<b>you are not yet of legal age</b>";
}
$_SESSION['form_submitted'] = false;
}else{
//the user didn't come from our form!
echo("Please hit back and re enter your data.");
$_SESSION['form_submitted'] = false;
}
}





but yeah that is another way of doing it. anyway thanks and I will have to remember the key word again is "post data" :lolflag: