[thelist] passing a non-form value into an array in php

.jeff jeff at members.evolt.org
Wed Oct 30 03:32:00 CST 2002


> From: 1976 design
> > > [...] form fields, by ending their names with [].
> >
> > you do know that will cause problems for you later on
> > if you want to add any scripting into the mix, right?
> nope, I know nothing about arrays and this kind of thing
> at all - I've been trying for weeks to sort this out and
> haven't understood a word anyone's has said. I finally
> thought I'd figured it out.
> so, why might this cause problems? :o)

well, for client-side scripting to behave, form field names should be follow
the rules for creating a valid variable name -- begin with a letter, _, or $
and contain only letters, numbers, _, and $.  i hesitantly added $ into the
list above, but would feel better if it wasn't included.

there are also some minor issues caused by the "auto-array" feature of php.
all the fields have the same name -- foo[].  consequently when the user
submits the form the browser goes through all the elements and decides,
based on some pre-defined and fairly universal rules, which form elements
are successful.  if it finds elements by the same name then it creates a
comma-delimited list of values, assigns them all to the shared name and
submits that value as a string value to that shared name.  the problem comes
in when you have like-named text fields that could have a comma somewhere in
the value.  suddenly that comma will cause the list to be one element longer
for that particular form field.  if you're relying on the form fields to
match up server-side you're going to be quite perplexed why they don't.

rather than rely on php's built-in "feature" of converting form fields that
end with [] into arrays, i'd find a way to reliably name each of the fields
individually to prevent this list creation upon submission.


jeff at members.evolt.org

More information about the thelist mailing list