Monday, July 29, 2013

HTML INPUT Tag and PHP

Nothing really to do with the Embarcadero HTML5Builder but this blog is also a convenient place to put my notes.

Basic <INPUT> tags                                                                      (Note no </input> closing tag)
<INPUT type=hidden name='xyz' value='123'>
<INPUT type=text      name='xyz' value='123'>

Array Example 1
The name can look like an array and when the $_POST array is examined, all the variables that are related are grouped together.
So in this example, we have an array called 'a' and it in turn is broken into arrays called 8904 and 8905.  Incidentally 8904 and 8905 are the id field values where the data can be inserted into the destination database table.   Obviously some obfuscating can be used to make it hard to inject dodgy data.


<INPUT TYPE=CHECKBOX NAME='Check_Edit[]' Value='8904'>
<INPUT type=text size=5 name='a[8904][invoice_line]' value='1'>
<INPUT type=text size=20 name='a[8904][our_pn]' value='0147'>
<INPUT type=text size=4 name='a[8904][invoice_quantity]' value='1'>
<INPUT type=text size=4 name='a[8904][invoice_unit_price]' value='1900.00'>

<INPUT TYPE=CHECKBOX NAME='Check_Edit[]' Value='8905'>
<INPUT type=text size=5 name='a[8905][invoice_line]' value='2'>
<INPUT type=text size=20 name='a[8905][our_pn]' value='54-NBB400'>
<INPUT type=text size=4 name='a[8905][invoice_quantity]' value='2'>
<INPUT type=text size=4 name='a[8905][invoice_unit_price]' value='14.50'>


And $_POST looks like:
a Array
8904 Array
invoice_line 1
our_pn 0147
invoice_quantity 1
invoice_unit_price 1900.00
8905 Array
invoice_line 2
our_pn 54-NBB400
invoice_quantity 2
invoice_unit_price 14.50

Array Example 2
In PHP
 // print the data
 echo "\n";
 echo "\n<INPUT type=hidden name='$urn"."[quantity]'    value='$quantity'  >";
 echo "\n<INPUT type=hidden name='$urn"."[description]' value='$description' >";
 echo "\n<INPUT type=hidden name='$urn"."[sell_price]'  value='$sell_price' >";

Note in the echo statement, we have $urn then a double quote and a dot and then another double quote "."    - This is to separate the open quare bracket from the $urn variable otherwise PHP interprets $urn as an array which of course it isn't.

The HTML looks like:


<INPUT TYPE=CHECKBOX NAME='UnplannedCheckBox[]' Value='137138'>

<INPUT type=hidden name='137138[quantity]'    value='-2'  >
<INPUT type=hidden name='137138[description]' value='Connector' >
<INPUT type=hidden name='137138[sell_price]'  value='0' >

 <INPUT TYPE=CHECKBOX NAME='UnplannedCheckBox[]' Value='137307'></TD>

<INPUT type=hidden name='137307[quantity]'    value='-3'  >
<INPUT type=hidden name='137307[description]' value='Banana Plug' >
<INPUT type=hidden name='137307[sell_price]'  value='0' >



And $_POST looks like:





137138 Array





quantity -2



description Connector



sell_price 0








137307 Array





quantity -3



description Banana Plug 



sell_price 0













PHP to injest the data

// Obviously some filtering for security has to occur ....elsewhere.

$table_name = "invoice_lines";



if (isset($req_data['UnplannedCheckBox'])) 
    {
    foreach($req_data['UnplannedCheckBox'] as $value)
        {
        echo "\n<BR> Unplanned Issue = $value";
        $temp = $req_data[$value];
        echo "\n  temp $temp";
        print_array_recursive($req_data[$value]);
       
        $vars['invoice_number'] = $invoice_number;
        $vars['invoice_quantity'] = $req_data[$value]['quantity'];
        $vars['invoice_line_text'] = $req_data[$value]['description'];

        print_array_recursive($vars);
        add_record_to_table($table_name,$vars);   
        };
           
    };


























Posted by



at







































No comments:















Post a Comment


















        

      









Subscribe to:
Post Comments (Atom)