| Value in a grid [message #171321] |
Thu, 30 December 2010 10:48  |
Sarah
Messages: 30
Registered: December 2010
Karma: 0
|
Member |
|
|
Hi! I've a grid with a button that allow to pass value to another
page.... My problem is that I don't like to pass these value on the
page because users could change/modify them... can you help me to find
a solution?
foreach ($wscalls as $key=>$wscall)
{
$iddocumento = $wscall['iddocumento'] ;
$actions = "<a href = \' \' onclick= \' return
sendemail(\"" . (string)$iddocumento . "\"); \' > <img src= \'" .
$this->view->baseUrl() . "/css/images/sendemail.png \' /> </a> ";
if ((isset($iddocumento) && !empty($iddocumento))
&& ((int)$value>0 )){
$actions .= "<a href = \'pay?value=" .
$value . "&iddocumento=". $iddocumento . "\' $onclick > <img src=
\'" . $this->view->baseUrl() . "/css/images/". $img_pay ." \' /> </a>
";
}
...
How can I pass value to send page without show user the values??
Thanks
|
|
|
|
| Re: Value in a grid [message #171323 is a reply to message #171321] |
Thu, 30 December 2010 10:56  |
alvaro.NOSPAMTHANX
Messages: 277
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
El 30/12/2010 11:48, Sarah escribió/wrote:
> Hi! I've a grid with a button that allow to pass value to another
> page.... My problem is that I don't like to pass these value on the
> page because users could change/modify them... can you help me to find
> a solution?
>
>
>
> foreach ($wscalls as $key=>$wscall)
> {
> $iddocumento = $wscall['iddocumento'] ;
>
> $actions = "<a href = \' \' onclick= \' return
> sendemail(\"" . (string)$iddocumento . "\"); \'> <img src= \'" .
> $this->view->baseUrl() . "/css/images/sendemail.png \' /> </a> ";
>
> if ((isset($iddocumento)&& !empty($iddocumento))
> && ((int)$value>0 )){
> $actions .= "<a href = \'pay?value=" .
> $value . "&iddocumento=". $iddocumento . "\' $onclick> <img src=
> \'" . $this->view->baseUrl() . "/css/images/". $img_pay ." \' /> </a>
> ";
> }
>
> ..
>
>
>
> How can I pass value to send page without show user the values??
I don't think there's a PHP solution to that because PHP runs on the
server. You should improve your client-side JavaScript to pick the value
and send it to the server (as a GET parameter, in a POST form, with an
AJAX request... whatever you prefer). One you manage to do so, you can
fetch the value from $_GET or $_POST (depending on the method you chose).
--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--
|
|
|
|
| Re: Value in a grid [message #171329 is a reply to message #171323] |
Thu, 30 December 2010 12:25 |
Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 30/12/10 10:56, "Álvaro G. Vicario" wrote:
> El 30/12/2010 11:48, Sarah escribió/wrote:
>> Hi! I've a grid with a button that allow to pass value to another
>> page.... My problem is that I don't like to pass these value on the
>> page because users could change/modify them... can you help me to find
>> a solution?
>>
>>
>>
>> foreach ($wscalls as $key=>$wscall)
>> {
>> $iddocumento = $wscall['iddocumento'] ;
>>
>> $actions = "<a href = \' \' onclick= \' return
>> sendemail(\"" . (string)$iddocumento . "\"); \'> <img src= \'" .
>> $this->view->baseUrl() . "/css/images/sendemail.png \' /> </a> ";
>>
>> if ((isset($iddocumento)&& !empty($iddocumento))
>> && ((int)$value>0 )){
>> $actions .= "<a href = \'pay?value=" .
>> $value . "&iddocumento=". $iddocumento . "\' $onclick> <img src=
>> \'" . $this->view->baseUrl() . "/css/images/". $img_pay ." \' /> </a>
>> ";
>> }
>> How can I pass value to send page without show user the values??
>
> I don't think there's a PHP solution to that because PHP runs on the
> server. You should improve your client-side JavaScript to pick the value
> and send it to the server (as a GET parameter, in a POST form, with an
> AJAX request... whatever you prefer). One you manage to do so, you can
> fetch the value from $_GET or $_POST (depending on the method you chose).
Perhaps the answer is to use php sessions rather than passing values
using hidden values in forms.
Rgds
Denis McMahon
|
|
|
|
| Re: Value in a grid [message #171335 is a reply to message #171321] |
Thu, 30 December 2010 13:15 |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
Sarah wrote:
> Hi! I've a grid with a button that allow to pass value to another
> page.... My problem is that I don't like to pass these value on the
> page because users could change/modify them... can you help me to find
> a solution?
Yes.
(Never ask yes-or-no questions unless you expect the answer to be "Yes" or
"No." But see below.)
> foreach ($wscalls as $key=>$wscall)
> {
> $iddocumento = $wscall['iddocumento'] ;
>
> $actions = "<a href = \' \' onclick= \' return
> sendemail(\"" . (string)$iddocumento . "\"); \' > <img src= \'" .
> $this->view->baseUrl() . "/css/images/sendemail.png \' /> </a> ";
What about users without client-side script support?
> if ((isset($iddocumento) && !empty($iddocumento))
> && ((int)$value>0 )){
> $actions .= "<a href = \'pay?value=" .
> $value . "&iddocumento=". $iddocumento . "\' $onclick > <img src=
> \'" . $this->view->baseUrl() . "/css/images/". $img_pay ." \' /> </a>
> ";
> }
>
> ..
This should be rewritten at least as
foreach ($wscalls as $key => $wscall)
{
$iddocumento = $wscall['iddocumento'];
$baseURL = $this->view->baseUrl();
$actions = '<a href=""'
. ' onclick="return sendemail(\'' . $iddocumento . '\')">'
. '<img src="' . $baseURL . '/css/images/sendemail.png" />'
. '</a> ';
if (isset($iddocumento) && !empty($iddocumento) && ($value > 0))
{
$actions .= '<a href="pay?value=' . rawurlencode($value)
. '&iddocumento=' . $iddocumento . "\" $onclick>"
. '<img src="' . $baseURL . '/css/images/'
. rawurlencode($img_pay) . "\" /></a>\n";
}
// …
}
Here's why:
1. Use proper indentation, keep your code style consistent and easily
readable. Best is to adopt one of the prevalent code styles (such as
the PEAR Code Style), and adapt it to your needs (unless you want to
write a PEAR module).
2. Remove unnecessary whitespace.
3. Avoid escaping by using different string delimiters, making the code
easier readable.
4. Make markup code easily movable from static to dynamic generation;
i.e. prefer apostrophes to delimit strings of generated markup, so that
you can continue using the customary quotes for attribute delimiters.
5. Do not put spaces around the `=' in markup, this dissolves visually the
connection between attribute name and value and can easily lead to
parse errors.
6. Explicit typecast to string is unnecessary in (*string*) concatenation.
7. Do not put spaces after the start tag or before the end tag of an
(inline) element, see
<http://www.w3.org/TR/html401/struct/text.html#h-9.1>.
8. For generating markup, encode all values that are not already encoded
(here: rawurlencode()).
9. For interoperability, there should not be more than 80 characters in
a line of code; use concatenation as necessary.
10. Explicit typecast to int is unnecessary with the `>' operator.
11. Remove unnecessary parentheses to improve readability.
12. If a method always returns the same value, do not call it more than
once. Store the return value in a variable once and use the variable
value instead.
You might also want to consider using less concatenation and a more
template-based approach (inline references, HereDoc) instead.
> How can I pass value to send page without show user the values??
Store sensitive data in a session, or use a POST form to hide the values
from the more casual (and less programming-savvy) observer.
HTH
PointedEars
--
Danny Goodman's books are out of date and teach practices that are
positively harmful for cross-browser scripting.
-- Richard Cornford, cljs, <cife6q$253$1$8300dec7(at)news(dot)demon(dot)co(dot)uk> (2004)
|
|
|
|
| Re: Value in a grid [message #171337 is a reply to message #171335] |
Thu, 30 December 2010 13:20 |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
Thomas 'PointedEars' Lahn wrote:
> This should be rewritten at least as
>
> foreach ($wscalls as $key => $wscall)
> {
> $iddocumento = $wscall['iddocumento'];
> $baseURL = $this->view->baseUrl();
Sorry, I meant
$baseURL = $this->view->baseUrl();
foreach ($wscalls as $key => $wscall)
{
$iddocumento = $wscall['iddocumento'];
// …
}
> […]
> 12. If a method always returns the same value, do not call it more than
> once. Store the return value in a variable once and use the variable
> value instead.
PointedEars
--
Anyone who slaps a 'this page is best viewed with Browser X' label on
a Web page appears to be yearning for the bad old days, before the Web,
when you had very little chance of reading a document written on another
computer, another word processor, or another network. -- Tim Berners-Lee
|
|
|
|
| Re: Value in a grid [message #171339 is a reply to message #171337] |
Thu, 30 December 2010 13:50 |
Sarah
Messages: 30
Registered: December 2010
Karma: 0
|
Member |
|
|
Excuse me but I don't know what exactly I've to do....
another thig: using
rawurlencode(...)
I can't view my var encryped ... but has the same values
|
|
|
|
| Re: Value in a grid [message #171342 is a reply to message #171339] |
Thu, 30 December 2010 14:29 |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
|
Senior Member |
|
|
Sarah wrote:
> Excuse me but I don't know what exactly I've to do....
Read my posting from top to bottom, and try to follow the advice given
therein. Ask *specific* and *coherent* *questions* in case something is
still unclear: <http://www.catb.org/~esr/faqs/smart-questions.html>
And <http://learn.to/quote>.
> another thig: using
>
> rawurlencode(...)
>
> I can't view my var encryped ... but has the same values
You are not making any sense.
PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]