Techniques for "retaining" already entered data?

Forum Moderators: coopster

Message Too Old, No Replies

Techniques for "retaining" already entered data?

form validation

cssatsc

3:19 pm on May 24, 2010 (gmt 0)

Are you familiar with those websites in which you need to fill a form with lots of input fields, then when you hit "submit", you receive an error message, telling you that you missed a "required field" (so far so good) but then presents you with an EMPTY form to re-type everything all over again?

From the end-user perspective it's very annoying.

That's why the better websites know how to automatically post the values that have already been entered, letting the end-user type only what needs to be corrected.

From the web programmer view, how is this being accomplished?

Is there only one technique to accomplish that? Or are there numerous good ways to do that?

When searching the web for tutorials on the subject, what should I be looking for?

Thanks.

Matthew1980

3:31 pm on May 24, 2010 (gmt 0)

Hi there cssatsc,

Here is some simple code you can extrapolate from this:-

<input type="text" text="name" value="<?php echo (isset($_POST['name']) ? $_POST['name'] :'');?>" />

That's basically it. Name is the 'name' of the $_POST element, if it's set, echo the value in the box, if not, leave the box empty.

Cheers,
MRb

Readie

3:55 pm on May 24, 2010 (gmt 0)

<?php echo (isset($_POST['name']) ? $_POST['name'] :'');?>

Syntax error there: your right parenthesis is a bit messed up :) It's also wise to use htmlentities() to stop your HTML getting all messed up here if someone uses quotations or whatever:

<?php echo (isset($_POST['name']))? htmlentities($_POST['name'], ENT_QUOTES) : ''; ?>

Matthew1980

6:55 pm on May 24, 2010 (gmt 0)

Hi all,

Readie: That code is fine, admittedly there is no sanitising, but that is really only needed when the form is processed, also that was only a guideline, I am only echoing the evaluation, blank otherwise - which is what was asked for ;)

<?php echo (isset($_POST['name']) ? strip_tags($_POST['name']) :'');?> is another form of that too, again though down to preference and context methinks..

Cheers,
MRb

Readie

7:45 pm on May 24, 2010 (gmt 0)

strip_tags($_POST['name'])

Well, not really - if someone enters the the following:

foo"bar

Then after re-insertion your input will look like this:

<input type="text" name="foo" value="foo"bar">

Which could cause problems.

strip_tags() doesn't remove quotations.

By the way, I shall take this opportunity to let you know that I got the job :)

rocknbil

9:48 pm on May 24, 2010 (gmt 0)

The most common method is sessions. But often sessions can be more trouble than they are worth if you don't unset them. $_SESSION['email'] in the context of your form will be fine, until you move to another portion of the site where $_SESSION['email'] is to be used in a different context. The inpersistent state of Internet forms sometimes saves you a lot of work. :-)


<?php 
// 
// For the sake of demonstration (and in all best possible worlds) 
// let's say all your form fields are the same. Yeah right! 
$formvars = Array ( 
 'first_name' => (isset($_POST['first_name']))?$_POST['first_name']:null, 
 'last_name' => (isset($_POST['last_name']))?$_POST['last_name']:null, 
 'email' => (isset($_POST['email']))?$_POST['email']:null 
); 
// 
/ Most PHP coders would rather use PHP functions, but using regexps  
// helps you to iterate through the array for cleansing,  
// keeping only what you WANT. 
$allowed = Array ( 
 'first_name' => '\w\s\d\-\'\"\&\;', 
 'last_name' => '\w\s\d\-\'\"\&\;', 
 'email' => '\w\s\d\-\_\@\.' 
); 
// 
// Now in our perfect world, associate some labels. 
$labels = Array ( 
 'first_name' => 'First Name', 
 'last_name' => 'Last Name', 
 'email' => 'Email Address', 
); 
// 
// Cleanse and set the data 
foreach ($formvars as $key=>$value) { 
 if ($formvars[$key]) { // might be null  
 $formvars[$key] = htmlspecialchars(preg_replace("/[^$allowed[$key]]+/i",'',$formvars[$key])); 
 } 
} 
// 
// Do the form. I am not a fan of mixing and  
// matching HTML/progamming, starting/stopping parsing. 
$out = ' 
 <form action="formvars.php" method="post"> 
'; 
foreach ($formvars as $key=>$value) { 
 $out .= ' 
 <p><label for="' . $key . '">' . $labels[$key] .  
 '</label> <input type="text" name="' . $key . '" id="' . $key . '" value="' . $value . '"></p>'; 
} 
$out .= '<input type="submit" value="Submit">'; 
// 
// Output once 
header("content-type:text/html"); 
echo $out; 
?>

As said, you can create an array of session variables but these hang around for 25 minutes or so, so you need to unset them when you're done with them. Regular form values need no unset, they die when they are done being used.

Which could cause problems.

Not could, will. in 'William "Bill" ' the entire word "Bill" will disappear. It will still be in the source code but causes the browser to think the field value has ended early, leaving a fat validation error in the bolded: "Bill" ">. Same is true of ampersands, but not in forms, in query strings.

[edited by: rocknbil at 10:16 pm (utc) on May 24, 2010]

Matthew1980

10:13 pm on May 24, 2010 (gmt 0)

Hi there Rocknbil,

Yes $_SESSIONs are great for multipage data, but just in the context of a contact form, which I assume is this threads context, just doing an isset with ternary (with some degree of sanitising [as per readie]) does the job.

If I do something like your suggesting, I put unset($_SESSION) directly before a redirect, so that on the execution of the redirect (in theory) is sent 'clean'. Always open to suggestions though ;-p

Readie: I have a function that takes care of the sanitising so I just leave it as 1 ternary as opposed to a nested one...

Cheers,
MRb