On 26 May 2016 08:37:02 BST, Narcis Garcia <informatica@xxxxxxxxx> wrote:
>As I remember, the value is submitted only if the checkbox is checked.
>
>Are you sure your <form> tag has method="post" ??
>
>
>El 25/05/16 a les 19:15, Jason Pruim ha escrit:
>> Hey Everyone,
>>
>> I have a form that I'm working on, and I'm adding some check boxes to
>it,
>> the check boxes display properly, and work as expected except... When
>I
>> submit the form, it shows that it's in $_POST['chkCom'] for instance,
>but
>> if i try and do a simple:
>>
>> $chkCom = $_POST['chkCom'];
>>
>> so I can work on some validation it won't work... Nothing is ever
>assigned
>> to it... Even though
>>
>> <?PHP var_dump($_POST['chkCom']); ?>
>>
>> shows the proper value... All I'm looking at doing is running like
>> HTMLentities on the check box and verifying if it was checked...
>>
>> I guess the biggest question comes down to do I need to worry about
>> sanitizing checkbox input? On this form it's just getting emailed
>into
>> another web based system that I'm not in control of (Online helpdesk
>> system).
>>
>> Any info you can give would be greatly appreciated!
>>
>> For anyone interested here are some basic snippets of code:
>>
>> <?PHP
>>
>> if (!empty($_POST['chkCom'])) {
>>
>> $chkCom = $_POST['chkCom'];
>>
>> echo "chkCom assigned";
>>
>> }else{
>>
>> $chkCom = "Not assigned";
>>
>> }
>>
>> ?>
>>
>>
>> <ul>
>>
>> <li>Hardware</li>
>>
>> <ul>
>>
>> <li><input type="checkbox" name="chkCom" value="Mac"
>checked />
>> Mac Based</li>
>>
>> <li><input type="checkbox" name="chkiPad"
>value="iPad"
>> checked> iPad</li>
>>
>> <li><input type="checkbox" name="chkMonitor"
>> value="Monitor"> External Monitor</li>
>>
>> <li>Wireless Mouse</li>
>>
>> <li>iPhone 6</li>
>>
>> <li>Verizon Wireless MIFI</li>
>>
>> <li>Color Multifunction laser printer</li>
>>
>> </ul>
>>
>> <li>Software</li>
>>
>> <ul>
>>
>> <li>Microsoft Office</li>
>>
>> <li>Dropbox</li>
>>
>> <li>Antivirus</li>
>>
>> </ul>
>> </ul>
>> <?PHP
>>
>> $emailFrom = <<<EMAIL
>>
>> -f ${manager}
>>
>> EMAIL;
>>
>> $headers = "X-Mailer: php/" . phpversion();
>>
>>
>> $message ="Employee Name: " .$name. "\r\n";
>>
>> $message .= "Department: " .$position. "\r\n";
>>
>> $message .= "Manager: " .$manager. "\r\n";
>>
>> $message .= "Where will they be working: " .$whereWorking.
>"\r\n";
>>
>> $message .= "When will they start: " . $startDate. "\r\n";
>>
>> $message .= $startDateErrorMessage;
>>
>> $message .= "Will they be in the office for training on their
>first
>> day? " .$training . "\r\n";
>>
>> $message .= "Computer: " .$chkCom . "\r\n";
>>
>> $message .= "iPad: " . $_POST['chkiPad'] . "\r\n";
>>
>> $message .= "Shipping Address: " .$shippingAdd. "\r\n";
>>
>> $message .= "Shipping City: " .$shippingCity. "\r\n";
>>
>> $message .= "Shipping State: " .$shippingState. "\r\n";
>>
>> $message .= "Shipping Zip: " .$shippingZip. "\r\n";
>>
>> $message .= "Current Phone Number: " .$currentPhone . "\r\n";
>>
>> $message .= "Notes: " .$notes . "\r\n";
>>
>> $message .= $step;
>>
>> $message .= $transerFrom;
>>
>>
>>
>> mail($email, $subject, $message, $headers, $emailFrom);
>>
>>
>> ?>
>>
>>
>> Actual email output that I'm getting:
>>
>> Employee Name: Jason
>> Department: LES
>> Manager: My Email
>> Where will they be working: FromHome
>> When will they start: 6/31/16
>> Will they be in the office for training on their first day? No
>> Computer:
>> iPad: iPad
>> Shipping Address: Address
>> Shipping City: City
>> Shipping State: State
>> Shipping Zip: Zip
>> Current Phone Number: Phone
>> Notes: NOTE NOTES NOTE
>> <ul>
>> <li>Hardware</li>
>> <ul>
>> <li><input type="checkbox" name="chkCom" value="Mac"
>checked
>> /> Mac Based</li>
>> <li><input type="checkbox" name="chkiPad"
>value="iPad"
>> checked> iPad</li>
>> <li><input type="checkbox" name="chkMonitor"
>> value="Monitor"> External Monitor</li>
>> <li>Wireless Mouse</li>
>> <li>iPhone 6</li>
>> <li>Verizon Wireless MIFI</li>
>> <li>Color Multifunction laser printer</li>
>> </ul>
>> <li>Software</li>
>> <ul>
>> <li>Microsoft Office</li>
>> <li>Dropbox</li>
>> <li>Antivirus</li>
>> </ul>
>> <li>Permissions</li>
>> <ul>
>> <li>Add to Appropriate sales list based on region</li>
>> <li>Add CRM access with "Sales" as the primary
>group</li>
>> <li>Add to ERM on salesman dashboard</li>
>> <li>Setup MyContrax Credentials</li>
>> </ul>
>> <li>Create User record in Active directory on domain controller</li>
>> <li>Create email account</li>
>> </ul>
>>
>>
>>
>> I did a lot of copy/paste so I may have missed a few things with
>it... all
>> the HTML is served in HEREDOC's inside the PHP files, I've broken
>those up
>> into the name form, validation, positions, style, etc and include
>them all
>> at the top. Other than this 1 issue with the check box it works
>perfectly!
>>
>> Thanks Everyone!
>>
To answer the bigger question, yes checkboxes do need to be validated on the server.
Any and all user-generated input needs validation (and sometimes sanitisation). This includes form inputs (checkboxes & selects too), file uploads, cookie data, even the requested URL!
Also, it's worth remembering that it's not a good idea to run functions like htmlentities() on data before inserting iit into a database, for example. That function is intended for HTML output, it won't do anything in a DB query except alter the original data (which is not always what you want)
I've written about this before in a coding standards document I put together for the company i work for currently: https://github.com/tmwagency/TMW-PHP-coding-standards
Ash
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
