nice!
but to avoid confusion it should read (assuming that $checked is a boolean
variable):
<input type="hidden" name="foo" value="0"/>
<input type="checkbox" name="foo" value="1"<?php if($checked) echo '
checked'; ?>/>
IMHO
Larry Garfield wrote:
>
> First of all, using "y" and "n" for boolean values (such as a checkbox) is
> very sloppy. "n" is boolean True. A boolean value should evaluate
> correctly
> in a boolean context. For that, you should use 1 and 0 for your values.
>
> What I usually do is this:
>
> <input type="hidden" name="foo" value="0" />
> <input type="checkbox" name="foo" value="1" <?php echo $checked; ?> />
>
> Then when it gets submitted, foo will get the value of the form element
> that
> was submitted last that has a value. That is, if the checkbox is checked
> then foo will be 1, otherwise it will be 0. That gives you a nice, clean
> boolean value you can rely on being present (mostly <g>).
>
> On Sunday 02 December 2007, Ronald Wiplinger wrote:
>> I have now tried to add many of the security hints on a web page and
>> come to a problem.
>> I am checking if the allowed fields match the sent fields.
>> From the database I get the information if a checkbox is checked or not:
>>
>> <?php if($DB_a =="y") {
>> $checked="checked";
>> } else {
>> $checked="";
>> }
>> ?>
>> <input type="checkbox" name="R_a" value="y" <?php echo $checked ?>
>>
>>
>> If the user takes out the checkmark the value will become "" and the
>> field will not submitted which results in a missing field.
>>
>> $allowed = array();
>> $allowed[]='form';
>> $allowed[]='R_a';
>> $allowed[]='R_b';
>> ....
>> $sent = $array_keys($_POST);
>> if($allowed == $sent) {
>> ... do some checking ...
>> } else {
>> echo "Expected input fields do not match!";
>> }
>> break;
>>
>>
>> How can I force a "n" for not checked in the input field? or how can I
>> solve that?
>>
>> bye
>>
>> Ronald
>
>
> --
> Larry Garfield AIM: LOLG42
> larry@xxxxxxxxxxxxxxxx ICQ: 6817012
>
> "If nature has made any one thing less susceptible than all others of
> exclusive property, it is the action of the thinking power called an idea,
> which an individual may exclusively possess as long as he keeps it to
> himself; but the moment it is divulged, it forces itself into the
> possession
> of every one, and the receiver cannot dispossess himself of it." --
> Thomas
> Jefferson
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>
--
View this message in context: http://www.nabble.com/checkbox-unchecked-tf4932527.html#a14119395
Sent from the PHP - General mailing list archive at Nabble.com.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
