[thelist] Send hidden data from a form
Benjamin Hawkes-Lewis
bhawkeslewis at googlemail.com
Tue Dec 30 17:27:56 CST 2008
On 30/12/08 20:49, Santilal Parbhu wrote:
> //Print out drop-down list of all teams. Identify the team chosen. It will
> //be contained in HTTP_POST_VARS['team_name'].
> print '<p>Select Team:<select name="team"></p>';
Hmm. "team" will be the name submitted to the script; so I'd expect the
team chosen to be in HTTP_POST_VARS['team'] not HTTP_POST_VARS['team_name'].
By the by, user agents cannot reliably associate labels with their
fields if you do not explicitly associate them with the LABEL element
and the FOR and ID attributes:
http://www.w3.org/TR/WCAG20-TECHS/H44.html
Using an explicitly associated LABEL element would allow (for example)
users to select the field by clicking the label in a visual browser or
speaking the label to speech recognition software, and would allow voice
browsers and screen readers to read the right text when the field
receives keyboard focus.
> $query = "SELECT DISTINCT teams_id, team_name FROM
> $compteams ORDER BY team_name
> if (@mysql_query($query)) {
> $r= mysql_query($query);
> while ($row = mysql_fetch_row($r)) {
> $team_id=$row[0];
> $team_name=$row[1];
> print "<option value=$team_name>";
As Anthony points out, unquoted HTML attributes are separated by whitespace:
http://www.w3.org/TR/html401/intro/sgmltut.html#h-3.2.2
So …
<element foo=bar baz>
has two attributes (foo and baz), but
<element foo="bar baz">
has one attribute (foo).
In addition to putting quotation marks round the attribute value, I'd
recommend HTML escaping values as a matter of course:
print '<option value="'.htmlentities( $team_name, ENT_QUOTES ).'">';
That way, you cannot end up with the wrong characters due to unescaped
ampersands be parsed into unintended entities, and cannot end up
accidentally breaking the attribute due to an unescaped quotation mark.
http://www.w3.org/TR/html401/charset.html#h-5.3.2
http://uk2.php.net/manual/en/function.htmlentities.php
--
Benjamin Hawkes-Lewis
More information about the thelist
mailing list