1.
What encoding/decoding do I need when I pass a value through a form/URL?
There are several stages for which encoding is important. Assuming that
you have a string$data, which contains
the string you want to pass on in a non-encoded way, these are the
relevant stages:
HTML interpretation. In order to specify a random string, you
must include it in double quotes, and
htmlspecialchars the whole value.
URL: A URL consists of several parts. If you want your data to be
interpreted as one item, you must encode it with
urlencode().
Note :
It is wrong to urlencode()$data, because it's the browsers responsibility to
urlencode() the data. All popular browsers do that
correctly. Note that this will happen regardless of the method (i.e.,
GET or POST). You'll only notice this in case of GET request though,
because POST requests are usually hidden.
Note :
The data is shown in the browser as intended, because the browser will
interpret the HTML escaped symbols.
Upon submitting, either via GET or POST, the data will be urlencoded
by the browser for transferring, and directly urldecoded by PHP. So in
the end, you don't need to do any urlencoding/urldecoding yourself,
everything is handled automagically.
Note :
In fact you are faking a HTML GET request, therefore it's necessary to
manually urlencode() the data.
Note :
You need to htmlspecialchars() the whole URL, because the
URL occurs as value of an HTML-attribute. In this case, the browser
will first un-htmlspecialchars() the value, and then pass
the URL on. PHP will understand the URL correctly, because you
urlencoded() the data.
You'll notice that the & in the URL is replaced
by &. Although most browsers will recover
if you forget this, this isn't always possible. So even if your URL is
not dynamic, you need to
htmlspecialchars() the URL.
2.
I'm trying to use an <input type="image"> tag, but
the $foo.x and $foo.y variables aren't available.
Where are they?
When submitting a form, it is possible to use an image instead of
the standard submit button with a tag like:
<input type="image" src="image.gif" name="foo">
When the user clicks somewhere on the image, the accompanying form
will be transmitted to the server with two additional variables:
foo.x and foo.y.
Because $foo.x and $foo.y are invalid variable names in PHP, they are
automagically converted to $foo_x and $foo_y. That is, the periods
are replaced with underscores.
3. How do I create arrays in a HTML <form>?
To get your <form> result sent as an
array to your PHP script
you name the <input>, <select> or <textarea>
elements like this:
Notice the square brackets after the variable name, that's what
makes it an array. You can group the elements into different arrays
by assigning the same name to different elements:
The AnotherArray array will now contain the keys 0, 1, email and phone.
Note :
Specifying an arrays key is optional in HTML. If you do not specify
the keys, the array gets filled in the order the elements appear in
the form. Our first example will contain keys 0, 1, 2 and 3.
4.
How do I get all the results from a select multiple HTML tag?
The select multiple tag in an HTML construct allows users to
select multiple items from a list. These items are then passed
to the action handler for the form. The problem is that they
are all passed with the same widget name. ie.
<select name="var" multiple>
Each selected option will arrive at the action handler as:
var=option1
var=option2
var=option3
Each option will overwrite the contents of the previous
$var variable. The solution is to use
PHP's "array from form element" feature. The following
should be used:
<select name="var[]" multiple>
This tells PHP to treat $var as an array and
each assignment of a value to var[] adds an item to the array.
The first item becomes $var[0], the next
$var[1], etc. The count()
function can be used to determine how many options were selected,
and the sort() function can be used to sort
the option array if necessary.
Note that if you are using JavaScript the []
on the element name might cause you problems when you try to
refer to the element by name. Use it's numerical form element
ID instead, or enclose the variable name in single quotes and
use that as the index to the elements array, for example: