[thelist] Multiple form entries in PHP...

.jeff jeff at members.evolt.org
Fri Nov 30 13:33:24 CST 2001


allie,

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Allie Micka
>
> One of php's coolest features is its ability to handle
> form fields as arrays.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

nothing new there.  php is getting a comma-delimited list of values, looks
at the name of the form field and sees that it ends in "[]" so it converts
the comma-delimited list of values to an array.  this can be done in any
language.  here's how it'd be done in coldfusion.

<cfloop collection="#form#" item="element">
  <cfif Right(element, 2) EQ "[]">
    <cfset form[element] = ListToArray(form[element])>
  </cfif>
</cfloop>

the logic is slightly more complicated if you want to allow the ability to
create numeric and named indexes in the same collection.  but, if all you
want to do is create numeric indexes and expect to only work with fields
whose names end in "[]", this should be sufficient.  doing this causes
another nasty problem for you though, you can't cfparam your form field on
the processing page because coldfusion doesn't like the use of [] in the
name without any contents between the brackets.

<cfparam name="form.users[]" default="1,2,34,5,6,7,8,125,897,135">

  "An error has occurred while processing the expression:


form.users[]=CFTempOnlyForSetVariableNeverUseThisNameInYourCFMLCode122333444
455555654321

   Invalid parser construct found on line 1 at position 12.
   ColdFusion was looking at the following text:

   ]
   Invalid expression format. The usual cause is an error in
   the expression structure."

this is basically saying, "ouch, quit it".

there's another issue with this technique though.  there's no guarantee that
the data you're receiving and parsing into an array is really separate
items.  for example, suppose i had three form fields all named the same.

<input type="text" name="field[]" value="">
<input type="text" name="field[]" value="">
<input type="text" name="field[]" value="">

suppose the user enters "mike", "john", "henry" into each of the fields.
the browser will combine all the values into one string "mike,john,henry"
and send that to the server.  what if i entered "james,jane" into the 2nd
field instead of "john"?  then the server would receive
"mike,james,jane,henry".  how do i know which values came from the same form
field?  i can't know.  now, suppose i only enter values into the first two
fields "mike" and "john".  now the server is going to get "mike,john".
there's no way of knowing which two fields these values came from.

now, whether you parse the values into arrays or not, this problem still
exists.

the best advice i can give regarding this is to name your form fields with
unique names *except* in those instances where the data you're expecting
back can't be tainted with commas or in those cases where the data
containing commas won't affect your application negatively.

the most common is to use like-named checkboxes with numeric values
representing id's from database records.  for example, i might have two
tables "user", "tool", and "user_tool_assoc".  i might have an application
that allows me to edit a user and the tools they are associated with. i'd
have a form with elements for each of the columns in the "user" table that i
want to edit and a bunch of checkboxes representing each of the tools in the
"tool" table.  the processing page for this form data would update the
"user" table with all the data from the elements matching columns in the
"user" table.  it would then loop over the list of tool id's performing an
insert into the "user_tool_assoc" table for each tool id passed to the
processing page.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> name your fields with a [], such as field1[], and it
> will return an array with one or more elements.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

i would caution against the use of this "neat" feature as it won't validate
by w3c standards and could very well break in many user agents.

  "ID and NAME tokens must begin with a
   letter ([A-Za-z]) and may be followed
   by any number of letters, digits ([0-9]),
   hyphens ("-"), underscores ("_"),
   colons (":"), and periods (".")."

http://www.w3.org/TR/html4/types.html#type-name

better to stick with the standard in this case than use a "neat" feature
that isn't really needed, me thinks.

thanks,

.jeff

http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/






More information about the thelist mailing list