가변 변수
In addition to anonymous' list of characters that are replaced with an underscore.
If you use arrays in your variable names, the second and subsequent levels are not replaced. For example:
<input name="a field name" />
<input name="data[first data]" />
<input name="data[second data]" />
will produce $_POST as follows:
array(
"a_field_name" => ...
data => array(
"first data" => ...
"second data" => ...
)
);
I expect this is the same with other characters, not just space, but haven't tested this.
Ideally if register globals is off, this replacement wouldn't occur as it isn't necessary - but we have to deal with it.
외부에서 오는 변수들
HTML 폼 (GET과 POST)
폼이 PHP 스크립트로 전달될때, 그 폼안의 정보가 스크립트내에서 자동적으로 유효해진다. 이 정보에 접근할 수 있는 많은 방법이 제공된다. 예를 들면:
Example #1 단순한 HTML 폼
<form action="foo.php" method="post">
이름: <input type="text" name="username" /><br />
메일: <input type="text" name="email" /><br />
<input type="submit" name="submit" value="전송합니다!" />
</form>
특별한 설정과 개인적인 선호에 의해, HTML 폼으로부터 데이터를 접근할수 있는 많은 방법이 존재한다. 몇가지르 예를 들면:
Example #2 단순한 POST HTML 폼으로 부터 데이터에 접근하기
<?php
// PHP 4.1.0부터 사용 가능
echo $_POST['username'];
echo $_REQUEST['username'];
import_request_variables('p', 'p_');
echo $p_username;
// PHP 6부터 사용 불가. PHP 5.0.0부터, 이러한 긴 예약 변수는
// register_long_arrays 지시어로 비활성화 할 수 있습니다.
echo $HTTP_POST_VARS['username'];
// PHP 지시어 register_globals = on 일 경우에 사용할 수 있습니다.
// PHP 4.2.0부터 기본값은 register_globals = off 입니다.
// 이 방법을 사용하는 것은 권장되지 않습니다.
echo $username;
?>
GET 폼을 사용하는 것은 적절한 GET 기선언 변수를 대신 사용할때를 제외하면 동일하다. GET은 QUERY_STRING (URL에서 '?'이후의 값)에도 적용이 된다. 따라서, 예를 들면 http://www.example.com/test.php?id=3는 $_GET['id']으로 접근할수 있는 GET 데이터를 포함한다. 또한 $_REQUEST와 import_request_variables()를 참고.
Note: $_POST 와 $_GET 같은 슈퍼전역 배열은 PHP 4.1.0 이후버전부터 사용되기 시작했다.
전에 설명한대로, PHP 4.2.0 이전에는 register_globals의 기본값이 on이였다. PHP 커뮤니티는 그 디렉티브 값이 off가 되어있다고 가정하고 적절하게 코딩하는 것을 추천하기 때문에 이 디렉티브값에 연연할 필요가 없다.
Note: magic_quotes_gpc 설정 디렉티브는 Get, Post, Cookie 값에 영향을 준다. 이 값이 켜져있으면, 그 값(It's "PHP!")은 자동적으로 (It\'s \"PHP!\")이 될것이다. 이 회피는 DB 입력을 위해 필요하다. 또한 addslashes(), stripslashes()과 magic_quotes_sybase를 참고한다.
PHP는 폼 변수가 쓰이는 환경안의 배열도 이해한다. (관련 faq를 참고) 예를 들면, 관련 변수를 함께 그룹화하거나, 다중 select 입력으로부터 값을 끄집어내기위해 이 기능을 사용할수 있다. 예로써, 자신에게 폼을 post하고 그 데이터를 출력해보자:
Example #3 좀더 복잡해진 폼 변수들
<?php
if ($_POST) {
echo '<pre>';
echo htmlspecialchars(print_r($_POST, true));
echo '</pre>';
}
?>
<form action="" method="post">
이름: <input type="text" name="personal[name]" /><br />
메일: <input type="text" name="personal[email]" /><br />
맥주: <br />
<select multiple name="beer[]">
<option value="warthog">Warthog</option>
<option value="guinness">Guinness</option>
<option value="stuttgarter">Stuttgarter Schwabenbräu</option>
</select><br />
<input type="hidden" name="action" value="submitted" />
<input type="submit" value="전송합니다!" />
</form>
변수명으로 IMAGE SUBMIT
form을 전달할때, 표준적인 submit 버튼 태그 대신 다음과 같이 image 태그를 사용할수 있다.
<input type="image" src="image.gif" name="sub" />
유저가 image의 어느곳에서 클릭하더라도 수행 폼은 두가지 추가적인 변수를 서버로 전송할것이다. sub_x와 sub_y. 이 변수는 image안에서 유저가 클릭하는 좌표를 갖는다. 실제로 브라우저에 의해 보내지는 변수명은 밑줄(_)이 아니라 마침표(.)를 포함한다. 그러나 PHP는 자동으로 마침표를 밑줄로 변환한다.
유입되는 변수명에 존재하는 점(dot)
표준적으로, PHP는 스크립트내로 변수를 전달할때 변수명을 변경하지 않는다. 하지만, 점(마침표, full stop)은 PHP 변수명안에서 유효한 문자가 될수 없다는것에 주의해야 할것이다. 이에 유의하여 다음 코드를 보자:
<?php
$varname.ext; /* invalid variable name */
?>
현재, 해석기가 보게되는 것은 $varname이라는 변수와 그 뒤에 문자열 결합 연산자, 그 뒤에 벌거벗은 문자열(barestring) 'ext'이다. (즉, 따옴표로 둘러싸지 않은 문자열은 key나 예약된 단어와 일치하지 않음) 확실하게 이 결과는 원치 않은것이다.
이러한 이유로, PHP는 유입되는 변수명안의 점(.)을 밑줄(_)로 변경한다는것을 명심해야 한다.
변수 타입 결정하기
PHP는 변수 타입을 결정하고 변수를(보통) 필요한 타입으로 변환하기 때문에, 어느 시간에 변수가 무슨 타입인지 알수가 없다. PHP는 변수가 무슨 타입인지 확인할수 있는 몇가지 함수를 제공한다. 그 함수들은 다음과 같다: gettype(), is_array(), is_float(), is_int(), is_object(), is_string(). 타입 챕터를 참고.
add a note
User Contributed Notes외부에서 오는 변수들
chris at chriswere dot com
20-Jan-2009 12:55
20-Jan-2009 12:55
wayne
11-Apr-2008 11:52
11-Apr-2008 11:52
I liked what Jonas Lindel�v suggested (below) and added a bit more to it:
Removes the $_POST data and puts it in the session to avoid the F5 <refresh> msg that browsers give
If $_POST data is received it is serialized to session and the page is redirected to itself without POST data.
If $_GET data is received it converts arrays (from checkbox or select with multiple selections) to comma separated string and redirects the page to itself with the nicer GET string
- instead of index.php?col%5B%5D=1&col%5B%5D=2&col%5B%5D=3&col%5B%5D=4
- we get index.php?col=1,2,3,4
<?php
if($_POST or ($_GET and (!isset($_SESSION['skipnextget'])))) { //is there POST or GET data we should look at
if($_GET) { //is there GET data?
$newgetarr = array();
foreach($_GET as $key => $value) {
if(is_array($value)) {
$newvalue = implode(',',$value); //if it's an array, convert it to comma separated
} else {
$newvalue = $value;
}
$newgetarr[] = $key.'='.$newvalue;
}
$newget = implode('&',$newgetarr);
$_SESSION['skipnextget'] = 1;
}
foreach($_POST as $key => $value) {
$this[$key] = $value;
}
$_SESSION['postvars'] = serialize($this); //put POST in the session
header("Location: http://" .$_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?' . $newget); //reload page without POST data and shorter GET data
exit();
} else { //after reloading we'll come right to this spot
session_unregister('skipnextget');
if(isset($_SESSION['postvars'])) {
$this = unserialize($_SESSION['postvars']); //load the POST variables from the session
session_unregister('postvars'); //delete the session stuff
return $this;
}
}
?>
Anonymous
13-Feb-2008 02:46
13-Feb-2008 02:46
The full list of field-name characters that PHP converts to _ (underscore) is the following (not just dot):
chr(32) ( ) (space)
chr(46) (.) (dot)
chr(91) ([) (open square bracket)
chr(128) - chr(159) (various)
PHP irreversibly modifies field names containing these characters in an attempt to maintain compatibility with the deprecated register_globals feature.
pepesantillan at gmail dot com
21-Dec-2007 11:17
21-Dec-2007 11:17
[someone] on 04-Mar-2003 07:21 wrote:
"...the dot (period, full stop) is not a valid character in a PHP variable name."
That's not completely correct, consider this example:
$GLOBALS['foo.bar'] = 'baz';
echo ${'foo.bar'};
This will output baz as expected.
_____________________________________________
Its a really old post but I just wanted to point out...
thats a key he is talking about - 'foo.bar' - not a variable, and a key can be a string or a number.
vierubino dot r3m0oFdisB1T at gmail dot com
25-Aug-2007 04:12
25-Aug-2007 04:12
When you are using checkboxes to submit multiple choices, there is no need to use the complex method further down the page where you assign a unique name to each checkbox.
Instead, just name each checkbox as the same array, e.g.:
<input type="checkbox" name="items[]" value="foo" />
<input type="checkbox" name="items[]" value="bar" />
<input type="checkbox" name="items[]" value="baz" />
This way your $_POST["items"] variable will return as an array containing all and only the checkboxes that were clicked on.
t.montg AT gmail DOT com
27-Apr-2007 12:05
27-Apr-2007 12:05
For anyone else having trouble figuring out how to access values in a SELECT element from a POST or GET form, you can't set the "id" attribute to the same thing as your "name" attribute. i.e. don't do this:
<?php
//Not so good
<select multiple="multiple" id="selectElem" name="selectElem[]">
<option value="ham">Ham</option>
<option value="cheese">Cheese</option>
<option value="hamcheese">Ham and Cheese</option>
</select>
?>
If you do the above, the variable $_POST['selectElem'] will not be set. Instead, either change the id or name attribute so that they are dissimilar. i.e. do this:
<?php
//So good (notice the new "id" value)
<select multiple="multiple" id="selectElemId" name="selectElem[]">
<option value="ham">Ham</option>
<option value="cheese">Cheese</option>
<option value="hamcheese">Ham and Cheese</option>
</select>
?>
Then you can access the value(s) of the SELECT element through the array $_POST['selectElem'][] or $_GET['selectElem'][]. It took me quite some time to figure out the problem.
Hyan Christian
25-May-2006 07:51
25-May-2006 07:51
Just to complete Murat TASARSU's post in this page.
I hope this will help anyone who is going to add it with fsockopen
<html>
<body>
<form method="post" action="">
<input name="fruit" value="banana" /><br />
<input name="color" value="yellow" /><br />
<input type="submit" value="Click It">
</form>
<br />
<b>POST</b> :
<?php
$be_var = $_POST;
foreach ( $be_var as $key => $value ) {
$be_var = $be_var."&".$key."=".$value;
}
echo str_replace( "Array&", "", $be_var ); // fruit=banana&color=yellow
?>
</body>
</html>
ch1902uk at hotmail dot com
18-Mar-2006 07:47
18-Mar-2006 07:47
Regarding image input buttons, above where it says:
"When the user clicks somewhere on the image, the accompanying form will be transmitted to the server with two *additional* variables, sub_x and sub_y. These contain the coordinates of the user click within the image."
This is the case with Firefox (and probably other standards browsers), however my experience with Internet Explorer is that when image inputs are clicked, they only submit the location of the click on the button and *not* the name of the input.
So if you have a form to move/delete entries like this
entry[] [delete_0] [up_0] [down_0]
entry[] [delete_1] [up_1] [down_1]
entry[] [delete_2] [up_2] [down_2]
Then submitting the form in firefox will give you post variables such as
<?php
$_POST['delete_2']; // "Delete" - button value
$_POST['delete_2_x']; // 23 - x coord
$_POST['delete_2_y']; // 3 - y coord
?>
In IE you only get
<?php
$_POST['delete_2_x']; // 23 - x coord
$_POST['delete_2_y']; // 3 - y coord
?>
So if you are checking for what button was clicked do something like this
<?php
for ($i = 0; $i < count($_POST['entry']); $i++)
{
if (isset($_POST['delete_' . $i . '_x']))
{
// do delete
}
}
?>
IMarvinTPA at bigfoot dot com
21-Nov-2005 05:52
21-Nov-2005 05:52
I saw a note from
jan.gacioch at motorola dot com
posted on
19-Feb-2004 11:52
"Just a correction regarding 'cscotti@ifrance' contribution: code '$first = $item_value;' should be place just BEFORE the 'else if' condition and NOT AFTER."
This is not true, if the form has things posted in an unusual order, the $first value will be from a completely different variable.
Also, nobody mentioned this, but in the PHP.ini file there is an option called "always_populate_raw_post_data". It'll fill in that variable. It took me a while to find it.
I think it is bad to consider form name fields to be case sensitive, so my version uses all uppercase form values.
I also use a Request function to pull the data out of the global variables so I don't get warnings or errors when I try to access an undefined variable. I usually just want an empty string for them. (I have the same for Session and Server.)
UCase is shorter than strtoupper and I have a lot of converted ASP code and it was easier to create alias functions than to replace them.
<?
$_ATBREQUEST = multi_post_item();
function multi_post_item() {
$rawpost = Globals('HTTP_RAW_POST_DATA');
$array_output = array();
$raw_input_items = split("&", addbit3(Server("QUERY_STRING"), $rawpost, "&"));
foreach ($raw_input_items as $input_item) {
// split this item into name/value pair
//Print $input_item . BR;
if ($input_item != "") {
$item = split("=", $input_item);
// form item name
$item_name = ucase(urldecode($item[0]));
// form item value
if (empty($item[1]))
$item_value = "";
else
$item_value = urldecode($item[1]);
if ( !isset($array_output[$item_name]) ) {
$array_output[$item_name] = $item_value;
} elseif ( !is_array($array_output[$item_name]) ) {
$first = $array_output[$item_name];
$array_output[$item_name] = array();
$array_output[$item_name][]= $first;
$array_output[$item_name][]= $item_value;
} else {
$array_output[$item_name][]= $item_value;
}
}
}
return $array_output;
}
function Request2($param){
if (empty($_REQUEST[$param])) {
return "";
}
else
return $_REQUEST[$param];
}
function Request($param){
global $_ATBREQUEST;
$uparam = ucase($param);
if (empty($_ATBREQUEST[$uparam])) {
return Request2($param);
}
else{
if (is_array($_ATBREQUEST[$uparam])){
return implode(", ", $_ATBREQUEST[$uparam]);
}
else
return $_ATBREQUEST[$uparam];
}
}
//We want the array
function RequestArray($param){
global $_ATBREQUEST;
$uparam = ucase($param);
if (empty($_ATBREQUEST[$uparam])) {
return array(Request2($param));
}
else{
return $_ATBREQUEST[$uparam];
}
}
//AddBit 1 and 2 are commas and semicolons respectively.
function AddBit3($mystr, $mynew, $mysep) {
if ($mystr . "" == "")
$mystr = $mynew;
else
$mystr .= $mysep . $mynew;
return $mystr;
}
function Server($param){
if (empty($_SERVER[$param]))
return "";
else
return $_SERVER[$param];
}
function UCase($str){
return strtoupper($str);
}
?>
aescomputer AT yahoo DOT com
28-Oct-2005 06:01
28-Oct-2005 06:01
Here are two usefull functions for forms:
<?php
// clean html tags out of url attributes
if(!empty($_REQUEST)){
foreach($_REQUEST as $x => $y){
$_REQUEST[$x] = str_replace('<', '<', str_replace('>', '>', $y));
}
}
// replace carrage returns in url attributes with <br>
if(!empty($_REQUEST)){
foreach($_REQUEST as $x => $y){
$_REQUEST[$x] = str_replace("\n", '<br>', $y);
}
}
?>
mordae at mordae dot net
17-Jul-2005 12:47
17-Jul-2005 12:47
Small note to previous post; $this can not be redeclared in PHP 5.
Jonas Lindelv
10-Jul-2005 10:49
10-Jul-2005 10:49
Here is my solution to the following annoying problems:
- When POSTing data and updating/going back one page, an annoying message appears from the browser since the POST data has been preserved.
- External user-inputs (POST and GET) are devided into two arrays (POST and GET).
Problems often solved with rather exotic solutions, dependent on the specific context. This is my exotic solution, independent of context. A little code-block to be copy-pasted to the top of the desired PHP document. Performing in about 0.1 ms, session_start() not included + around 0.01 ms pr. input variable.
Filestreams and URL modifications must be executed before this class is executed.
Overview: collects POST and GET data in a class. When data is POSTed, the data is serialized into a session variable, page is reloaded (without POST data) and the data is unserialized into the class again for use through the rest of the document.
<?PHP
session_start();
class _xvar {
function _xvar() {
if(!$_SESSION['xvars_serialized']) {
// If data has just been recieved, it is saved in $this and the current URL is builded.
foreach ($_GET as $key => $value) $this->{$key} = $value;
foreach($_POST as $key => $value) $this->{$key} = $value;
$this->doc_url = 'http://' .$_SERVER['HTTP_HOST'] .$_SERVER['PHP_SELF'] .'?' .$_SERVER['argv'][0];
// If no POST data is recieved, nothing more is to be done. If POST data is recieved it is serialized to session and the page is redirected to itself with GET data but without POST data.
if($_POST) {
$_SESSION['xvars_serialized'] = serialize($this);
header('Location: ' .$this->doc_url);
exit();
}
}
// Just after the above redirecting, GET and POST data is unserialized into the object.
else {
$this = unserialize($_SESSION['xvars_serialized']);
$_SESSION['xvars_serialized'] = 0;
}
}
}
$_XVAR = new _xvar;
// Calling the data throughout the document.
echo $_XVAR->foo;
?>
I find it very useful in my project-management systems with lots of forms and links as user-inputs. The code is completly $_GET and $_POST free! :-)
krydprz at iit dot edu
03-May-2005 08:14
03-May-2005 08:14
This post is with regards to handling forms that have more than one submit button.
Suppose we have an HTML form with a submit button specified like this:
<input type="submit" value="Delete" name="action_button">
Normally the 'value' attribute of the HTML 'input' tag (in this case "Delete") that creates the submit button can be accessed in PHP after post like this:
<?
$_POST['action_button'];
?>
We of course use the 'name' of the button as an index into the $_POST array.
This works fine, except when we want to pass more information with the click of this particular button.
Imagine a scenario where you're dealing with user management in some administrative interface. You are presented with a list of user names queried from a database and wish to add a "Delete" and "Modify" button next to each of the names in the list. Naturally the 'value' of our buttons in the HTML form that we want to display will be "Delete" and "Modify" since that's what we want to appear on the buttons' faceplates.
Both buttons (Modify and Delete) will be named "action_button" since that's what we want to index the $_POST array with. In other words, the 'name' of the buttons along cannot carry any uniquely identifying information if we want to process them systematically after submit. Since these buttons will exist for every user in the list, we need some further way to distinguish them, so that we know for which user one of the buttons has been pressed.
Using arrays is the way to go. Assuming that we know the unique numerical identifier of each user, such as their primary key from the database, and we DON'T wish to protect that number from the public, we can make the 'action_button' into an array and use the user's unique numerical identifier as a key in this array.
Our HTML code to display the buttons will become:
<input type="submit" value="Delete" name="action_button[0000000002]">
<input type="submit" value="Modify" name="action_button[0000000002]">
The 0000000002 is of course the unique numerical identifier for this particular user.
Then when we handle this form in PHP we need to do the following to extract both the 'value' of the button ("Delete" or "Modify") and the unique numerical identifier of the user we wish to affect (0000000002 in this case). The following will print either "Modify" or "Delete", as well as the unique number of the user:
<?
$submitted_array = array_keys($_POST['action_button']);
echo ($_POST['action_button'][$submitted_array[0]] . " " . $submitted_array[0]);
?>
$submitted_array[0] carries the 0000000002.
When we index that into the $_POST['action_button'], like we did above, we will extract the string that was used as 'value' in the HTML code 'input' tag that created this button.
If we wish to protect the unique numerical identifier, we must use some other uniquely identifying attribute of each user. Possibly that attribute should be encrypted when output into the form for greater security.
Enjoy!
user: "someuser" at mai1server "ua.fm"
02-May-2005 07:17
02-May-2005 07:17
Numerous string like:
if (isset($_POST["var1"]))
$var1=$_POST["var1"];
else $var1='';
...
if (isset($_POST["varN"]))
$varN=$_POST["varN"];
else $varN='';
Can be replaced with:
get_superglobal_vars_from_POST('var1',...,'varN');
function get_superglobal_vars_from_POST()
{
$numargs = func_num_args();
$setargs = 0; // for counting set variables
for ($i=0; $i<$numargs; $i++)
{
$varname=func_get_arg($i);
if (!isset($_POST[$varname]))
$result='';
else
{
$result=$_POST[$varname];
$setargs++;
}
$GLOBALS["$varname"]=$result;
}
return $setargs; // who cares?
}
tim at timpauly dot com
30-Apr-2005 01:57
30-Apr-2005 01:57
This code module can be added to every form using require_once().
It will process any and all form data, prepending each variable with
a unique identifier (so you know which method was used to get the data).
My coding could be neater, but this sure makes processing forms much easier!
<?php
// -----------------------------------------------------------------
// Basic Data PHP module. This module captures all GET, POST
// and COOKIE data and processes it into variables.
// Coded April, 2005 by Timothy J. Pauly
// www.timpauly.com
// -----------------------------------------------------------------
//
// coo_ is prepended to each cookie variable
// get_ is prepended to each GET variable
// pos_ is prepended to each POST variable
// ses_ is prepended to each SESSION variable
// ser_ is prepended to each SERVER variable
session_start(); // initialize session data
$ArrayList = array("_POST", "_GET", "_SESSION", "_COOKIE", "_SERVER"); // create an array of the autoglobal arrays
// we want to process
foreach($ArrayList as $gblArray) // process each array in the array list
{
$prefx = strtolower(substr($gblArray,1,3))."_"; // derive the prepend string
// from the autoglobal type name
$tmpArray = $$gblArray;
$keys = array_keys($tmpArray); // extract the keys from the array being processed
foreach($keys as $key) // process each key
{
$arcnt = count($tmpArray[$key]);
if ($arcnt > 1) // Break down passed arrays and
// process each element seperately
{
$lcount = 0;
foreach ($tmpArray[$key] as $dval)
{
$prkey = $prefx.$key; // create a new key string
// with the prepend string added
$prdata['$prkey'] = $dval; // this step could be eliminated
${$prkey}[$lcount] = $prdata['$prkey']; //create new key and insert the data
$lcount++;
}
} else { // process passed single variables
$prkey = $prefx.$key; // create a new key string
// with the prepend string added
$prdata['$prkey'] = $tmpArray[$key]; // insert the data from
// the old array into the new one
$$prkey = $prdata['$prkey']; // create the newly named
// (prepended) key pair using variable variables :-)
}
}
}
// -------------------------------------------------------------
?>
tmk-php at infeline dot org
08-Apr-2005 04:38
08-Apr-2005 04:38
To handle forms with or without [] you can do something like this:
function repairPost($data) {
// combine rawpost and $_POST ($data) to rebuild broken arrays in $_POST
$rawpost = "&".file_get_contents("php://input");
while(list($key,$value)= each($data)) {
$pos = preg_match_all("/&".$key."=([^&]*)/i",$rawpost, $regs, PREG_PATTERN_ORDER);
if((!is_array($value)) && ($pos > 1)) {
$qform[$key] = array();
for($i = 0; $i < $pos; $i++) {
$qform[$key][$i] = urldecode($regs[1][$i]);
}
} else {
$qform[$key] = $value;
}
}
return $qform;
}
// --- MAIN
$_POST = repairPost($_POST);
The function will check every field in the $_POST with the raw post data and rebuild the arrays that got lost.
agup at cpr dot org
16-Mar-2005 01:43
16-Mar-2005 01:43
If you have multiple checkboxes that you want to submit from an html form to process elsewhere, you might try using this methodology:
1) create a unique id number for each row in the table
2) assign that unique row id to each checkbox input name
3) pass the total number of rows as a hidden value in the form
4) recover all the checkbox booleans by iterating through all the unique settings.
5) on the downstream page you can assign any value you want to the variable before writing it to the database or whatever you need to do. For example; you can assign the value 0 if the boolean for the checkbox is FALSE.
row=0;
do{
<form name="some_name" action="some_action.php" method="post">
<td><input type="checkbox" name="unique_item[<?echo$row?>]">
<INPUT TYPE="hidden" name="row_count" value="<?echo$row?>"></INPUT>
<INPUT TYPE="submit" name="....">
.
.
row++;
}
while (something);
</table>
</form>
Upon submit, all the unique checkbox booleans can then be recovered on another PHP page using:
$some_data = $_POST['some_data'];
$row_count = $_POST['row_count'];
$row=0;
do {
if($some_data[$row]){
...do something...e.g. assign a variable, write to db, etc.
}
if(!$some_data[$row]){
...do something...e.g. assign a variable, write to db, etc.
}
$row++;
}
while ($row<$row_count);
I left out alot of syntax since this example is simply illustrative to cover multiple scenarios. Don't forget to always validate form data before entering it into a database. I hope this helps.
Murat TASARSU
03-Mar-2005 12:29
03-Mar-2005 12:29
if you want your multiple select returned variable in comma seperated form you can use this. hope that helps. regards...
$myvariable
Array ( [0] => one [1] => two [2] => three )
turns into
one,two,three
<?php
$myvariable="";
$myseperator="";
foreach ( $_POST["myvariable"] as $v) {
if (!isset($nofirstcomma)) $nofirstcomma=0; else $myseperator=",";
$myvariable = $myvariable.$myseperator.$v;
}
echo $myvariable;
?>
jlratwil at yahoo dot com
02-Feb-2005 01:35
02-Feb-2005 01:35
To get multiple selected (with "multiple" ) lists in <select> tag, make sure that the "name" attribute is added to braces, like this:
<select multiple="multiple" name="users[]">
<option value="foo">Foo</option>
<option value="bar">Bar</option>
</select>
When submitted to PHP file (assume that you have a complete form) it will return an array of strings. Otherwise, it will just return the last element of the <select> tag you selected.
__kbanks at (__ignoreunderscores) dot gmail dot com
17-Jan-2005 11:05
17-Jan-2005 11:05
Hi all:
I'm presently building a solution to programmatically build, view, and validate HTML forms when I came across the ol' PHP non-scalar form variable handling problem. Because my form validator class would really have no way of knowing if a given form variable was meant to be scalar or not, I decided to TREAT ALL PHP FORM VARIABLES AS ARRAYS, i.e., to use the '[]' syntax for all variables, scalar or not. This way, the form designer need not remember to specify the '[]' syntax, and the Form->HTML transformer need not scan for every input within the form, looking for duplicate names. This also eliminates the risk of losing data you meant to keep in an array but to which you forgot to apply the '[]' syntax.
You may then either treat all form variables as arrays in your form handling code, or you may, as I intend to do, filter each HTML request through a Front Controller (desc. in Fowler, PoEAA). The Front Controller would convert all arrays of length 1 to a scalar variable and leave multi-element arrays as they are. This should essentially convert PHP's handling of non-scalar form variables to that of ASP's (or slightly better, since multiple form values of the same name will actually be arrays, not just comma-seperated values).
This way my Form Validator class can just check if the input to validate is an array, and then apply some constraint across each element in the array.
dreptack at op dot pl
02-Jan-2005 08:33
02-Jan-2005 08:33
I needed to post html form through image input element. But my problem was I had to use multiple image-buttons, each one for a single row of form table. Pressing the button was mention to tell script to delete this row from table and also (in the same request) save other data from the form table.
I wrote simple test-script to see what variable I should check for in a script:
I have a html document:
<form action="test.php" method="post">
<input type="image" name="varscalar" src="/images/no.gif" />
<input type="image" name="vararray[12]" src="/images/no.gif" />
</form>
And a php script:
<?php
if ($_POST) {
echo "post: <pre>"; print_r($_POST); echo '</pre>';
}
?>
What I've discovered suprised me a lot.
After hitting on varscalar:
post:
Array
(
[varscalar_x] => 6
[varscalar_y] => 7
)
After hitting on upper right corner of vararray:
post:
Array
(
[vararray] => Array
(
[12] => 2
)
)
This mean when clicking on image-type input element, which name is an array, only y-part of a value is remembered.
The result is the same on: php 4.1.2 on Win98se, php 4.3.9-1 on linux
mattij at nitro fi no at no dot no
05-Nov-2004 03:39
05-Nov-2004 03:39
If you try to refer or pass HTML-form data which has arrays with javascript remember that you should point to that array like this
<script type="text/javascript">
window.opener.document.forms[0]["to[where][we][point]"];
</script>
pascal dot poncet at netconsult dot com
28-Oct-2004 03:33
28-Oct-2004 03:33
Concerning the use of both javascript and php in working with forms :
In a php code, it's quiet easy and practical to use names like "fieldname[]" in checkbox input type html elements. You will then retrieve the value(s) transmitted in the "fieldname" array type variable.
But a difficulty appears in coding some javascript function able to manipulate those fields values to verify them, as "fieldname[]" must not be recognize directly as an array in the script.
Here is a nice way to solve this question :
(html code)
<form method="post" action="..." onsubmit="return verifyForm(this)">
<input type="checkbox" name="colors[]" value="black"> black<br>
<input type="checkbox" name="colors[]" value="white"> white<br>
<input type="checkbox" name="colors[]" value="other"> other color<br>
</form>
(javascript code)
function verifyForm(form) {
var selColors=new String();
for(i=0;i<form["colors[]"].length;i++)
if(form["colors[]"][i].checked) selColors+=form["colors[]"][i].value;
if(selColors=="") msgErr="You have to check at least one choice of color";
...
}
Of course, you may also verify anything else about the checked values, like the value itself, only by using 'form["colors[]"][i].value' instead of '...checked'.
Happy to help you,
Pascal
PS : apologying for my bad english.
任侠(hsh_crack at tom dot com)
03-Aug-2004 07:12
03-Aug-2004 07:12
a simple example:
<?
if(!isset($_POST["username"]))
{
?>
<form action=<? echo $_SERVER['PHP_SELF'] ?> method="post">
姓名:<input type="text" name="username"><br>
电子邮件:<input type="text" name="email"><br>
<input type="submit" name="submit" value="提交">
</form>
<?
}
else{echo $_POST["username"];} ?>
lennynyktyk at yahoo dot com
09-Jul-2004 09:42
09-Jul-2004 09:42
When dealing with multiple select boxes and the name=some_name[] so that PHP will understand that is needs to interpet the input as an array an not as a single value. If you want to access this in Javascript you should assign an id attribute to the select box as well as the name attribute. Then proceed to use the id attribute in Javascript to reference the select box and the name attribute to reference the select box in PHP.
Example
<select multiple id="select_id" name="select_name[]">
....
</select>
<?PHP
echo $select_name[0];
?>
<script language="javascript">
document.forms[0].select_id.options[0].selected = true;
</script>
I hope you get the idea
arjini at mac dot com
27-Mar-2004 07:48
27-Mar-2004 07:48
When dealing with form inputs named_like_this[5] and javascript, instead of trying to get PHP to do something fancy as mentioned below, just try this on the javascript side of things:
<form name="myForm">
<script>
my_fancy_input_name = 'array_of_things[1]';
/* now just refer to it like this in the dom tree
document[myForm][my_fancy_input_name].value
etc*/
</script>
<input type="text" name="array_of_things[1]" value="1"/>
</form>
No fancy PHP, in fact, you shouldn't need to change your PHP at all.
jan.gacioch at motorola dot com
19-Feb-2004 07:52
19-Feb-2004 07:52
Just a correction regarding 'cscotti@ifrance' contribution: code '$first = $item_value;' should be place just BEFORE the 'else if' condition and NOT AFTER.
So correct code would be:
function multi_post_item() {
$array_output = array();
$raw_input_items = split("&", $_SERVER["QUERY_STRING"]);
foreach ($raw_input_items as $input_item) {
// split this item into name/value pair
$item = split("=", $input_item);
// form item name
$item_name = urldecode($item[0]);
// form item value
$item_value = urldecode($item[1]);
if ( !isset($array_output[$item_name]) ) {
$array_output[$item_name] = $item_value;
$first = $item_value;
} elseif ( !is_array($array_output[$item_name]) ) {
$array_output[$item_name] = array();
$array_output[$item_name][]= $first;
$array_output[$item_name][]= $item_value;
} else {
$array_output[$item_name][]= $item_value;
}
}
return $array_output;
}
epr3
11-Feb-2004 09:40
11-Feb-2004 09:40
there is more simple to generate the checkbox and recognize
which box is clicked
<?php
echo '<script language="JavaScript" type="text/JavaScript">
var t = 0;
</script>';
for($i = 0 ;$i <5 ;$i++){
echo '
<script language="JavaScript" type="text/JavaScript">
t++;
document.writeln(t);
document.writeln("<input type=\"checkbox\" name=\"cbx_foo[]\" value=\"" + t + "\">");
</script>
';
}
foreach($_POST['cbx_foo'] as $value) {
echo "<BR>You clicked checkbox number " . $value . "\n";
}
?>
jim at jamesdavis dot it
22-Jan-2004 07:59
22-Jan-2004 07:59
How to pass a numerically indexed array.
This is the part inside the form. Notice that the name is not 'english[$r]' which you would normally write, but 'english[]'. PHP adds the index when it receives the post and it starts at 0.
<?php
for ($r=0; $r <= count($english)-1; $r++){
echo "<TEXTAREA NAME='english[]'>".$english[$r]."</TEXTAREA>";
}
?>
<?php
And this will get it out at the other end
function retrieve_english(){
for ($r=0; $r <= count($_POST['english'])-1; $r++){
echo $_POST['english'][$r]."<BR>";
}
}
?>
Keys are useful but so are numerical indices!
Cheers everyone
darren at sullivan dot net
01-Dec-2003 04:37
01-Dec-2003 04:37
This function is a simple solution for getting the array of selectes from a checkbox list or a dropdown list out of the Querry String. I took an example posted earlier and simplified it.
function multi_post_item($repeatedString) {
// Gets the specified array of multiple selects and/or
// checkboxes from the Query String
$ArrayOfItems = array();
$raw_input_items = split("&", $_SERVER["QUERY_STRING"]);
foreach ($raw_input_items as $input_item) {
$itemPair = split("=", $input_item);
if ($itemPair[0] == $repeatedString) {
$ArrayOfItems[] = $itemPair[1];
}
}
return $ArrayOfItems;
}
Use the name of the field as the agrument. Example:
$Order = $_GET['Order'];
$Name = $_GET['Name'];
$States = multi_post_item('States');
$Products = multi_post_item('Products');
Be sure to check for NULL if there are no selections or boxes checked.
07-Nov-2003 05:07
It's been driving me mad, but I've finally worked out the only way to reliably allow form data to be fed back into a form (for editing a record, for instance) is like this:
echo "<input type='text' name='varname' ";
if(isset($existingvalue))
echo "value=\"".htmlspecialchars(stripslashes($existingvalue))."\" ";
echo "/>";
This assumes that variables have been escaped (such as addslashes) after being retrieved from the database or after being received from a (probably this) form.
Note the type of quotes used in the code above: the value attribute must use escaped double-quotes, and the echo command must use double-quotes, or errors occur when single quotes appear in the data. htmlspecialchars will protect the form from errors caused by data that contains double quote marks, and it stops errors occurring when triangle brackets < > are present in the data.
Alas, to make your site display properly, you must also use htmlspecialchars every time string data is displayed to the user.
There might be an easier way of allowing data to safely be put back into a form, but if there is, I've spent a lot of time not finding it.
soeren at hattel dot dk
06-Nov-2003 12:07
06-Nov-2003 12:07
The decision in PHP to translate a query string like:
a=2&a=3&a=4
into one single variable a=4 is simply strupid!
The "wonderful" hack allowing multiple values to be read only if one uses:
a[]=2&a[]=3&a[]=4
is - at first sight - a nice feature but soon become a pain in the a..!
In ASP and ASPX the first situation is handled as:
a=2,3,4
which is better than the PHP behaviour but still bad (what if your variable values contain commas?).
It seems to me that the proper behaviour would be:
a=2&a=3&a=4
automatically generates an array with all the variables inside. I know this would require proper error handling but evevy things does anyway!
kevinrlat nospam dot ccs dot neu dot edu
07-Aug-2003 05:47
07-Aug-2003 05:47
if you use an array of checkboxes to submit info to a database or what have you, be careful of the case when no boxes are checked. for example:
<form method="post">
<input type="checkbox" name="checkstuff[]" value="0">
<input type="checkbox" name="checkstuff[]" value="1">
<input type="checkbox" name="checkstuff[]" value="2">
. . .
</form>
if these are submitted and none are checked, the $_POST['checkstuff'] variable will not contain an empty array, but a NULL value. this bothered me when trying to implode() the values of my checkboxes to insert into a database, i got a warning saying the 2nd argument was the wrong type.
hope this helps!
-kevin
nospam at thenerdshow dot calm
12-Jul-2003 10:04
12-Jul-2003 10:04
I've combined the method of converting old code suggested by solar at heliacal dot net into the improved script below. This one works whether the submit is get or post and, as in my previous contribution, sets any unsubmitted variables to null, preventing errors. This supercedes my previous post below (if it hasn't been deleted yet).
$expected=array(
'name', // Only accept these variables from a submit!
'email',
'favorite_color'
); foreach ($expected as $formvar)
$$formvar = (isset(${"_$_SERVER[REQUEST_METHOD]"}[$formvar]))?
${"_$_SERVER[REQUEST_METHOD]"}[$formvar]:NULL;
nospam at thenerdshow dot calm
09-Jul-2003 12:57
09-Jul-2003 12:57
you can convert old code to work with register_globals=off without sacrificing security. Or maybe you like working with variables the old way better. I know I do!
I looked all over for something like this so here it is:
$expected=array(
'name', // Only accept these variables from a submit!
'email',
'favorite_color'
); for ($i=0;$i < count($expected);$i++)
$$expected[$i] = (isset($_GET[$expected[$i]]))?$_GET[$expected[$i]]:NULL;
// This is a test.
echo "Name: $name<br>";
echo "Email: $email<br>";
echo "Fav. Color: $favorite_color<br>";
cscotti@ifrance
09-Jul-2003 11:53
09-Jul-2003 11:53
In reply to the second post:
This function construct an HTTP vars array
It is useful for javascript/dom incompatibility with form_input_item[] names for checkboxes, multiple selects, etc.
function multi_post_item() {
$array_output = array();
$raw_input_items = split("&", $_SERVER["QUERY_STRING"]);
foreach ($raw_input_items as $input_item) {
// split this item into name/value pair
$item = split("=", $input_item);
// form item name
$item_name = urldecode($item[0]);
// form item value
$item_value = urldecode($item[1]);
if (!isset($array_output[$item_name]) ) {
$array_output[$item_name] = $item_value;
}else if (!is_array($array_output[$item_name])){
$first = $item_value;
$array_output[$item_name] = array();
$array_output[$item_name][]= $first;
$array_output[$item_name][]= $item_value;
}else{
$array_output[$item_name][]= $item_value;
}
}
return $array_output;
}
mraymer at universal-solutions dot net
28-May-2003 12:37
28-May-2003 12:37
A further thought about the checkbox without check mentioned above. Rather than writing in a HIDDEN element. Why not have your validation code check for the variable of the checkbox like so:
Assume HTML form has the following unchecked checkbox:
<INPUT TYPE='CHECKBOX' NAME="CATEGORY[]">Category Name</INPUT>
then your ACTION script in the form points to a script which has:
if (!isset($checkbox))
{
CATEGORY[] = "off";
}
If you were dynamically creating the checkboxs, then, most likely, you would have your hands on the keys for each CATEGORY and you could create something like:
while (list($cat_id,$cat_title) = each($categories))
{
if (isset($category))
{
if (!$category[$cat_id])
{
$category[$cat_id] = "off";
}
else
{
$category[$cat_id] = "on";
}
}
else
{
$category[$cat_id] = "off";
}
}
Assuming that you have an array named $categories constructed with unique keys and category titles.
un shift at yahoo dot com
01-Apr-2003 06:07
01-Apr-2003 06:07
This function takes a recurring form item from php://input and loads it into an array - useful for javascript/dom incompatibility with form_input_item[] names for checkboxes, multiple selects, etc. The fread maxes out at 100k on this one. I guess a more portable option would be pulling in ini_get('post_max_size') and converting it to an integer.
function multi_post_item($input_item_name) {
$array_output = array();
$in_handle = fopen("php://input", "r");
$raw_input_items = split("&", urldecode(fread($in_handle, 100000)));
foreach ($raw_input_items as $input_item) {
// split this item into name/value pair
$item = split("=", $input_item);
// form item name
$item_name = $item[0];
// form item value
$item_value = $item[1];
if ($item_name == $input_item_name) {
$array_output[] = $item_value;
}
}
return $array_output;
}
vb at bertola dot eu dot org
19-Mar-2003 05:38
19-Mar-2003 05:38
For what I understand, since PHP 4.3 it is possible to access the content of a POST request (or other methods as well) as an input stream named php://input, example:
readfile("php://input");
[to display it]
or
$fp = fopen("php://input", "r");
[to open it and then do whatever you want]
This is very useful to access the content of POST requests which actually have a content (and not just variable-value couples, which appear in $_POST).
This substitutes the old $HTTP_RAW_POST_DATA variable available in some of the previous 4.x versions. It is available for other upload methods different from POST too, but it is not available for POSTs with multipart/form-data content type, since the file upload handler has already taken care of the content in that case.
mail at paulodeon dot com
12-Mar-2003 01:42
12-Mar-2003 01:42
If you have form data that could be coming in via either GET or POST and register_globals is off (as it should be) use the empty() function to find out where the data is coming from, as in the following example
if(empty($_GET)) {
$clientfilter = $_POST['clientfilter'];
$branchfilter = $_POST['branchfilter'];
}
if(empty($_POST)) {
$clientfilter = $_GET['clientfilter'];
$branchfilter = $_GET['branchfilter'];
}
Big thank you to all the people posting helpful comments on these boards, I dont know what i'd do without you. <a href="www.paulodeon.com">www.paulodeon.com</a>
04-Mar-2003 03:21
"...the dot (period, full stop) is not a valid character in a PHP variable name."
That's not completely correct, consider this example:
$GLOBALS['foo.bar'] = 'baz';
echo ${'foo.bar'};
This will output baz as expected.
keli at kmdsz dot ro
03-Feb-2003 03:37
03-Feb-2003 03:37
image type inputs apparently return their "value" argument from Mozilla, but not from IEXplorer... :(
example:
<input type="image" name="sb" value="first" src="first.jpg">
using a mozilla will give you
$sb="first" AND $sb_x, $sb_y ... whereas from IE there's just no $sb. :(
[this in short form, as I'm still using trackvars :) ]
steiner277 at charter dot net
10-Jul-2002 12:55
10-Jul-2002 12:55
When accessing variables from a post, do NOT put $_POST['fieldname'] in double quotes or you will get an error message.
e.g. the following works fine:
$msg = "The message is:\t" . $_POST['message'] . "\n";
but the following will cause errors:
$msg = "The message is:\t$_POST['message']\n";
hjncom at hjncom dot net
25-May-2002 10:34
25-May-2002 10:34
I think '[' and ']' are valid characters for name attributes.
http://www.w3.org/TR/html401/interact/forms.html#h-17.4
-> InputType of 'name' attribute is 'CDATA'(not 'NAME' type)
http://www.w3.org/TR/html401/types.html#h-6.2
-> about CDATA('name' attribute is not 'NAME' type!)
...CDATA is a sequence of characters from the document character set and may include character entities...
http://www.w3.org/TR/html401/sgml/entities.html
--> about Character entity references in HTML 4
([ - [, ] - ])
jesper at codecrew dot dk
11-May-2002 02:12
11-May-2002 02:12
Just to help others with the same stupid problem i have:
I you use a checkbox in your form, it will only return the value specified in value if it is checked.
ex. <input type="checkbox" value="yes">
in php code you then write
$checkboxchecked = ($checkbox == "yes");
I guess :)
a at b dot c dot de
03-Feb-2002 12:49
03-Feb-2002 12:49
As far as whether or not "[]" in name attributes goes, The HTML4.01 specification only requires that it be a case-insensitive CDATA token, which can quite happily include "[]". Leading and trailing whitespace may be trimmed and shouldn't be used.
It is the id= attribute which is restricted, to a case-sensitive NAME token (not to be confused with a name= attribute).
carl_steinhilber at NOSPAMmentor dot com
30-Jan-2002 10:19
30-Jan-2002 10:19
A group of identically-named checkbox form elements returning an array is a pretty standard feature of HTML forms. It would seem that, if the only way to get it to work is a non-HTML-standard-compliant workaround, it's a problem with PHP.
Since the array is passed in the header in a post, or the URL in a get, it's the PHP interpretation of those values that's failing.
yasuo_ohgaki at hotmail dot com
11-Mar-2001 12:02
11-Mar-2001 12:02
Important: Pay attention to the following security concerns when handling user submitted data :
http://www.php.net/manual/en/security.registerglobals.php
http://www.php.net/manual/en/security.variables.php