On Thu, Jun 22, 2017 at 9:58 PM, AshleySheridan <ash@xxxxxxxxxxxxxxxxxxxx> wrote: > On Thu, 2017-06-22 at 19:07 -0400, Aziz Saleh wrote: > > On Thu, Jun 22, 2017 at 2:15 PM, leam hall <leamhall@xxxxxxxxx> > > wrote: > > > > > > > > Using PHP 5 and not OOP savvy. > > > > > > I have a form that gives the user options. On submit it calls > > > itself > > > and if the $_POST variable is set produces the result of the form > > > choices. However, it currently resets all the form options to > > > default > > > values. > > > > > > Is there a tutorial somewhere on how to keep the existing form > > > choices > > > in place, unless the user changes the selection and resubmits? > > > > > > Thanks! > > > > > > Leam > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > > > > > > > > You just want the ability to have the inputs pre-selected based on > > user > > input? Shouldn't be hard by doing the same thing you did for the > > actual > > form submit for each input. > > > > Ex: > > <input type="text" id="username" name="username" value="<?php echo > > (isset($_POST['username']) ? $_POST['username'] : '';?>" /> > > > > You would do the same with radio/check/select, but in a different > > manner of > > course. > > > > Ps: Your email went to spam, thus the late reply. > > And now you've just introduced an XSS vulnerability into your > application. Never, ever, ever trust user input; that includes all form > data, cookies, uploads, and even the URL they request. All it takes is > one user out of a million to be a dick, and you've got a day of > headache and problems to fix, if you're lucky. If you want to use user > input in your output, then escape it before outputting it. > > This goes for all your form fields, select lists are not immune from > tampered values. > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > Thanks! My bad for missing that.
