Login/Register
PHP Shorthand for isset form POST value
Asked Answered
Solved phpformsvariablesisset
J

8

13

I am creating a form and am just looking for more efficient ways to do things. What I have so far is:

<p><input type="text" name="transmission" value="" /></p>
<p><input type="text" name="model" value="<?=$model;?>" /></p>

So some of them will have a value already set, and some will be blank. What I want to do is see if the form has been set, and if it has then use $_POST['name'] as the value, if not then use either blank or use the previous variable I have.

<p><input type="text" name="name" value="<?php if isset($_POST['submit'])) { echo $_POST['name']; } else { echo ""; } ?>" /></p>

But there has to be a shorter way to do that.

IF anyone could point me in the direction I would really appreciate it.

Thank you!

Jointed answered 19/9, 2011 at 22:17 Comment(1)
There's nothing better than empty($_POST['foo']) ? '' : $_POST['foo'] -- but you can put it into a function for convenience (including specifying a default value other than '' and any other niceties you may require).Inwrought
S
18

You can define variables in beginning of your script before HTML output, for example:

$name = isset($_POST['submit']) ? $_POST['name'] : null;

in your html section you can print $name without worrying it was not defined

<p><input type="text" name="name" value="<?php echo $name ?>" /></p>

Also if $_POST['submit'] does not contain any value you are more likely to receive FALSE statement. To avoid such issues use array_key_exists

Sclater answered 19/9, 2011 at 22:24 Comment(2)
I agree with you, building own form generator it is path that every developer should come through, for those who don't want to invent his own wheel, I would recommend to use something from Zend Framework arsenal.Sclater
but that short open tag deprecation nonsense.Yl
Y
4

Like Nazariy said, you should avoid as much PHP in the template as possible.
In fact, you should have in your template already prepared variables only.

So, in your code have something like this

$FORM = array();
$form_fields = array('name','sex');
foreach($form_fields as $fname) {
  if (isset($_POST[$fname])) {
    $FORM[$fname] = htmlspecialchars($_POST[$fname]);
  } else {
    $FORM[$fname] ='';
  }
}

and then you have smooth and neat template:

<p><input type="text" name="name" value="<?=$FORM['name']?>" /></p>
Yl answered 19/9, 2011 at 22:31 Comment(2)
+1 for answer in general and using htmlspecialchars() as well.Aphelion
Whats the point in this? Seems longer to me. You don't even specify charset, so protecting against XSS can't be the reason.Concussion
D
2

Without going into the reasons not to use <p> to structure your forms, there's not much that can be done besides removing the else.

<p><input type="text" name="name" value="<?php if isset($_POST['name'])) echo $_POST['name']; ?>" /></p>
Drying answered 19/9, 2011 at 22:21 Comment(0)
S
1

Shorthand <?=$_POST['name'] ?: ''?>

Shortstop answered 8/9, 2014 at 22:17 Comment(4)
This will still throw a notice, because it's not the same as isset. It checks whether $_POST['name'] is empty or not, but if the key isn't there, it will throw a notice.Stickweed
Not if you set error_reporting(E_ALL & ~E_NOTICE) Otherwise, as you say, you will get something like [8] Undefined variable: name. But I always report all errors and deal with them accordingly :)Shortstop
Setting error_reporting to hide your notices under the rug is never the solution. Like a saying goes: "Always code as if the person that will code after you is a serial killer who knows where you live". Ie. don't hide errors, just prevent them.Stickweed
If you don't want to see the notice you can pretty safely ignore it in this way: $id = @$_POST['id'] ?: '';Murial
C
1

Use the php error control operator: @.

<?php

   $posted_text = @$_POST['posted_text'];
   echo $posted_text

?>

If the POST variable is set, it will be echo-ed out. If not, nothing will show up.

Cabinet answered 25/4, 2015 at 14:42 Comment(0)
A
0

You could try this...

$_POST['submit'] ? echo $_POST['name'] : echo '';

I'm using a boolean compare instead of the isset function (see link for table)

http://www.php.net/manual/en/types.comparisons.php

or an other option is...

echo ($_POST['submit'] ? $_POST['name'] : '');
Archbishopric answered 19/9, 2011 at 22:21 Comment(1)
If the form hasn't been submitted yet, that will throw a notice.Enthuse
C
0
<?= isset($_POST['submit'])? $_POST['name'] : ""; ?>

Is the shortest you'll get it, apart from say <?= $_POST['name']; ?> (if submit is not set name should be empty anyway) - you probably need to turn warnings off.

All that being said, this is very very poor practice and opens you up to cross site scripting (XSS). You should NOT be doing this. Even on an intranet, if an attacker ever owns a computer that has access to it they can use XSS to perform any actions the user can.

From your question and how much distaste you have for this type of echoing on screen I'd suggest you use some form of templating library such as Smarty. This allows your html code to look like this: 

<p><input type="text" name="name" value="{name}" /></p>
Concussion answered 19/9, 2011 at 22:40 Comment(2)
I checked out HTML Purifier but it doesn't support the HTML 5 doctype yet :(Jointed
I would take the whitelist approach for the time being. If you're taking a name, it should really only have a few characters present anything else should be discarded completely. a-z, A-Z, -, and ' should be the only things a name needs in 99.99% of cases.Concussion
B
0

I just saw this from wordpress coding standard. although they not encourage for the readability..

isset( $var ) || $var = some_function();

reference here

Bobker answered 22/10, 2013 at 4:24 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.