PreAssigning Posted Variables... any issues?


#1

Hey guys, just wondering if this would cause a problem in anyway. Basically we have lets say 3 inputfields name, phone_number, email.

Assume The form is already created.

Alright now the user does his thing enters the data its posted so we have

The four variables set,

$_POST[name], $_POST[phone_number], $_POST[email], $_POST[submit].

Thats fine and dandy… now the actual question.

Lets say that information is entered into a database, and the user wants to edit his information.

Now out of my laziness (and one incredibly long verification string on my actual page, this is a very very condensed version obviously).

Lets take the exact page that was made, and into the topof the page add…

[php]
if ($_GET[EditUser])
$DBQuery = “yadayada”;
if ($row = mysql_fetch_array($DBQuery)) {
// now lets reassign the array of Post variables
$_POST[name] = $row[name];
$_POST[phone_number] = $row[phone_number];
$_POST[email] = $row[email];
}
}
[/php]

This way, as th epage loads if in the query sting the EditUser ID is already set, it already loads the data in from the database.

And of course change the submit button to a value of edit rather then submit, or something similar to that effect so that it does not add another entry rather then updating.

Is their, or should their be any problems, or security issues regarding this? I dont really see any security issues, but hey you never know.

Just to clear things up this is an example of what the input textbox would be…

Thanks :-)


#2

Ok, what’s the question?


#3

Basically, is this something I should be doing, or not?


#4

Sure, just make sure you don’t do it with passwords or sensitive data. Always make sure you validate inputs and you will have no problems.

By the way, use quotes for your array keys when they are not numeric (ex: $_POST[‘email’]), it will avoid constant conflicts.


#5

Bane, what exactly does using the quotes do? Well I guess I shouldn’t ask that question, but rather, how do you get them to work inside of, lets say a query. If I remember correctly the last time I tried using the quotes on the inside of everything i also used them inside of a query…

[php]
$Query = mysql_query(“SELECT * FROM bob WHERE fred = ‘$_POST[‘cat’]’”);
[/php]

and if I remember correctly, that errored it out until i removed the single quotes from the inside of the variable. Ideas?


#6

[php]
$Query = mysql_query(“SELECT * FROM bob WHERE fred = ‘{$_POST[‘cat’]}’”);
[/php]

Curly brackets.


#7

Very neat, thanks :)