Re: Do I need to worry about check boxes?

[Jeffry Killen <jekillen@xxxxxxxxxxx>]

On May 25, 2016, at 10:15 AM, Jason Pruim wrote:

> Hey Everyone,
>
> I have a form that I'm working on, and I'm adding some check boxes  
> to it,
> the check boxes display properly, and work as expected except...  
> When I
> submit the form, it shows that it's in $_POST['chkCom'] for  
> instance, but
> if i try and do a simple:
>
> $chkCom = $_POST['chkCom'];
>
> so I can work on some validation it won't work... Nothing is ever  
> assigned
> to it... Even though
>
> <?PHP var_dump($_POST['chkCom']); ?>
>
> shows the proper value... All I'm looking at doing is running like
> HTMLentities on the check box and verifying if it was checked...
>
> I guess the biggest question comes down to do I need to worry about
> sanitizing checkbox input? On this form it's just getting emailed into
> another web based system that I'm not in control of (Online helpdesk
> system).

Is chkCom the name of a checkbox set? Or, is it of a single checkbox
in a set? If it is a single checkbox in a set then the set name will  
have
the selected value. Other wise, from my experience with my own  
stumblings
you have a syntax error or a variable miss spelling somewhere.

Forms can be forged: Values can be altered. Checkboxes can be altered.
Yes, I would sanitize everything comming from a form.

JK

> Any info you can give would be greatly appreciated!
>
> For anyone interested here are some basic snippets of code:
>
> <?PHP
>
> if (!empty($_POST['chkCom'])) {
>
>                        $chkCom = $_POST['chkCom'];
>
>                        echo "chkCom assigned";
>
>                }else{
>
>                      $chkCom = "Not assigned";
>
>                }
>
> ?>
>
>
> <ul>
>
> <li>Hardware</li>
>
>        <ul>
>
>            <li><input type="checkbox" name="chkCom" value="Mac"  
> checked />
> Mac Based</li>
>
>                <li><input type="checkbox" name="chkiPad" value="iPad"
> checked> iPad</li>
>
>                <li><input type="checkbox" name="chkMonitor"
> value="Monitor"> External Monitor</li>
>
>                <li>Wireless Mouse</li>
>
>                <li>iPhone 6</li>
>
>                <li>Verizon Wireless MIFI</li>
>
>                <li>Color Multifunction laser printer</li>
>
>        </ul>
>
> <li>Software</li>
>
>        <ul>
>
>            <li>Microsoft Office</li>
>
>                <li>Dropbox</li>
>
>                <li>Antivirus</li>
>
>        </ul>
> </ul>
> <?PHP
>
> $emailFrom = <<<EMAIL
>
>        -f ${manager}
>
> EMAIL;
>
>        $headers = "X-Mailer: php/" . phpversion();
>
>
>        $message ="Employee Name: " .$name. "\r\n";
>
>        $message .= "Department: " .$position. "\r\n";
>
>        $message .= "Manager: " .$manager. "\r\n";
>
>        $message .= "Where will they be working: " .$whereWorking. "\r 
> \n";
>
>        $message .= "When will they start: " . $startDate. "\r\n";
>
>        $message .= $startDateErrorMessage;
>
>        $message .= "Will they be in the office for training on their  
> first
> day? " .$training . "\r\n";
>
>        $message .= "Computer: " .$chkCom . "\r\n";
>
>        $message .= "iPad: " . $_POST['chkiPad'] . "\r\n";
>
>        $message .= "Shipping Address: " .$shippingAdd. "\r\n";
>
>        $message .= "Shipping City:  " .$shippingCity. "\r\n";
>
>        $message .= "Shipping State: " .$shippingState. "\r\n";
>
>        $message .= "Shipping Zip: " .$shippingZip. "\r\n";
>
>        $message .= "Current Phone Number: " .$currentPhone . "\r\n";
>
>        $message .= "Notes: " .$notes . "\r\n";
>
>        $message .= $step;
>
>        $message .= $transerFrom;
>
>
>
>        mail($email, $subject, $message, $headers, $emailFrom);
>
>
> ?>
>
>
> Actual email output that I'm getting:
>
> Employee Name: Jason
> Department: LES
> Manager: My Email
> Where will they be working: FromHome
> When will they start: 6/31/16
> Will they be in the office for training on their first day? No
> Computer:
> iPad: iPad
> Shipping Address: Address
> Shipping City:  City
> Shipping State: State
> Shipping Zip: Zip
> Current Phone Number: Phone
> Notes: NOTE NOTES NOTE
> <ul>
> <li>Hardware</li>
>        <ul>
>             <li><input type="checkbox" name="chkCom" value="Mac"  
> checked
> /> Mac Based</li>
>                <li><input type="checkbox" name="chkiPad" value="iPad"
> checked> iPad</li>
>                <li><input type="checkbox" name="chkMonitor"
> value="Monitor"> External Monitor</li>
>                <li>Wireless Mouse</li>
>                <li>iPhone 6</li>
>                <li>Verizon Wireless MIFI</li>
>                <li>Color Multifunction laser printer</li>
>        </ul>
> <li>Software</li>
>        <ul>
>             <li>Microsoft Office</li>
>                <li>Dropbox</li>
>                <li>Antivirus</li>
>        </ul>
> <li>Permissions</li>
>        <ul>
>             <li>Add to Appropriate sales list based on region</li>
>                <li>Add CRM access with "Sales" as the primary group</ 
> li>
>                <li>Add to ERM on salesman dashboard</li>
>                <li>Setup MyContrax Credentials</li>
>        </ul>
> <li>Create User record in Active directory on domain controller</li>
> <li>Create email account</li>
> </ul>
>
>
>
> I did a lot of copy/paste so I may have missed a few things with  
> it... all
> the HTML is served in HEREDOC's inside the PHP files, I've broken  
> those up
> into the name form, validation, positions, style, etc and include  
> them all
> at the top. Other than this 1 issue with the check box it works  
> perfectly!
>
> Thanks Everyone!


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php