FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Value in a grid
Show: Today's Messages :: Polls :: Message Navigator
Switch to threaded view of this topic Create a new topic Submit Reply
Value in a grid [message #171321] Thu, 30 December 2010 10:48 Go to next message
Sarah is currently offline  Sarah
Messages: 30
Registered: December 2010
Karma: 0
Member
Hi! I've a grid with a button that allow to pass value to another
page.... My problem is that I don't like to pass these value on the
page because users could change/modify them... can you help me to find
a solution?



foreach ($wscalls as $key=>$wscall)
{
$iddocumento = $wscall['iddocumento'] ;

$actions = "<a href = \' \' onclick= \' return
sendemail(\"" . (string)$iddocumento . "\"); \' > <img src= \'" .
$this->view->baseUrl() . "/css/images/sendemail.png \' /> </a> ";

if ((isset($iddocumento) && !empty($iddocumento))
&& ((int)$value>0 )){
$actions .= "<a href = \'pay?value=" .
$value . "&iddocumento=". $iddocumento . "\' $onclick > <img src=
\'" . $this->view->baseUrl() . "/css/images/". $img_pay ." \' /> </a>
";
}

...



How can I pass value to send page without show user the values??


Thanks
Re: Value in a grid [message #171323 is a reply to message #171321] Thu, 30 December 2010 10:56 Go to previous messageGo to next message
alvaro.NOSPAMTHANX is currently offline  alvaro.NOSPAMTHANX
Messages: 277
Registered: September 2010
Karma: 0
Senior Member
El 30/12/2010 11:48, Sarah escribió/wrote:
> Hi! I've a grid with a button that allow to pass value to another
> page.... My problem is that I don't like to pass these value on the
> page because users could change/modify them... can you help me to find
> a solution?
>
>
>
> foreach ($wscalls as $key=>$wscall)
> {
> $iddocumento = $wscall['iddocumento'] ;
>
> $actions = "<a href = \' \' onclick= \' return
> sendemail(\"" . (string)$iddocumento . "\"); \'> <img src= \'" .
> $this->view->baseUrl() . "/css/images/sendemail.png \' /> </a> ";
>
> if ((isset($iddocumento)&& !empty($iddocumento))
> && ((int)$value>0 )){
> $actions .= "<a href = \'pay?value=" .
> $value . "&iddocumento=". $iddocumento . "\' $onclick> <img src=
> \'" . $this->view->baseUrl() . "/css/images/". $img_pay ." \' /> </a>
> ";
> }
>
> ..
>
>
>
> How can I pass value to send page without show user the values??

I don't think there's a PHP solution to that because PHP runs on the
server. You should improve your client-side JavaScript to pick the value
and send it to the server (as a GET parameter, in a POST form, with an
AJAX request... whatever you prefer). One you manage to do so, you can
fetch the value from $_GET or $_POST (depending on the method you chose).



--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--
Re: Value in a grid [message #171329 is a reply to message #171323] Thu, 30 December 2010 12:25 Go to previous messageGo to next message
Denis McMahon is currently offline  Denis McMahon
Messages: 634
Registered: September 2010
Karma: 0
Senior Member
On 30/12/10 10:56, "Álvaro G. Vicario" wrote:
> El 30/12/2010 11:48, Sarah escribió/wrote:
>> Hi! I've a grid with a button that allow to pass value to another
>> page.... My problem is that I don't like to pass these value on the
>> page because users could change/modify them... can you help me to find
>> a solution?
>>
>>
>>
>> foreach ($wscalls as $key=>$wscall)
>> {
>> $iddocumento = $wscall['iddocumento'] ;
>>
>> $actions = "<a href = \' \' onclick= \' return
>> sendemail(\"" . (string)$iddocumento . "\"); \'> <img src= \'" .
>> $this->view->baseUrl() . "/css/images/sendemail.png \' /> </a> ";
>>
>> if ((isset($iddocumento)&& !empty($iddocumento))
>> && ((int)$value>0 )){
>> $actions .= "<a href = \'pay?value=" .
>> $value . "&iddocumento=". $iddocumento . "\' $onclick> <img src=
>> \'" . $this->view->baseUrl() . "/css/images/". $img_pay ." \' /> </a>
>> ";
>> }

>> How can I pass value to send page without show user the values??
>
> I don't think there's a PHP solution to that because PHP runs on the
> server. You should improve your client-side JavaScript to pick the value
> and send it to the server (as a GET parameter, in a POST form, with an
> AJAX request... whatever you prefer). One you manage to do so, you can
> fetch the value from $_GET or $_POST (depending on the method you chose).

Perhaps the answer is to use php sessions rather than passing values
using hidden values in forms.

Rgds

Denis McMahon
Re: Value in a grid [message #171335 is a reply to message #171321] Thu, 30 December 2010 13:15 Go to previous messageGo to next message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
Senior Member
Sarah wrote:

> Hi! I've a grid with a button that allow to pass value to another
> page.... My problem is that I don't like to pass these value on the
> page because users could change/modify them... can you help me to find
> a solution?

Yes.

(Never ask yes-or-no questions unless you expect the answer to be "Yes" or
"No." But see below.)

> foreach ($wscalls as $key=>$wscall)
> {
> $iddocumento = $wscall['iddocumento'] ;
>
> $actions = "<a href = \' \' onclick= \' return
> sendemail(\"" . (string)$iddocumento . "\"); \' > <img src= \'" .
> $this->view->baseUrl() . "/css/images/sendemail.png \' /> </a> ";

What about users without client-side script support?

> if ((isset($iddocumento) && !empty($iddocumento))
> && ((int)$value>0 )){
> $actions .= "<a href = \'pay?value=" .
> $value . "&iddocumento=". $iddocumento . "\' $onclick > <img src=
> \'" . $this->view->baseUrl() . "/css/images/". $img_pay ." \' /> </a>
> ";
> }
>
> ..

This should be rewritten at least as

foreach ($wscalls as $key => $wscall)
{
$iddocumento = $wscall['iddocumento'];
$baseURL = $this->view->baseUrl();

$actions = '<a href=""'
. ' onclick="return sendemail(\'' . $iddocumento . '\')">'
. '<img src="' . $baseURL . '/css/images/sendemail.png" />'
. '</a> ';

if (isset($iddocumento) && !empty($iddocumento) && ($value > 0))
{
$actions .= '<a href="pay?value=' . rawurlencode($value)
. '&amp;iddocumento=' . $iddocumento . "\" $onclick>"
. '<img src="' . $baseURL . '/css/images/'
. rawurlencode($img_pay) . "\" /></a>\n";
}

// …
}

Here's why:

1. Use proper indentation, keep your code style consistent and easily
readable. Best is to adopt one of the prevalent code styles (such as
the PEAR Code Style), and adapt it to your needs (unless you want to
write a PEAR module).
2. Remove unnecessary whitespace.
3. Avoid escaping by using different string delimiters, making the code
easier readable.
4. Make markup code easily movable from static to dynamic generation;
i.e. prefer apostrophes to delimit strings of generated markup, so that
you can continue using the customary quotes for attribute delimiters.
5. Do not put spaces around the `=' in markup, this dissolves visually the
connection between attribute name and value and can easily lead to
parse errors.
6. Explicit typecast to string is unnecessary in (*string*) concatenation.
7. Do not put spaces after the start tag or before the end tag of an
(inline) element, see
<http://www.w3.org/TR/html401/struct/text.html#h-9.1>.
8. For generating markup, encode all values that are not already encoded
(here: rawurlencode()).
9. For interoperability, there should not be more than 80 characters in
a line of code; use concatenation as necessary.
10. Explicit typecast to int is unnecessary with the `>' operator.
11. Remove unnecessary parentheses to improve readability.
12. If a method always returns the same value, do not call it more than
once. Store the return value in a variable once and use the variable
value instead.

You might also want to consider using less concatenation and a more
template-based approach (inline references, HereDoc) instead.

> How can I pass value to send page without show user the values??

Store sensitive data in a session, or use a POST form to hide the values
from the more casual (and less programming-savvy) observer.


HTH

PointedEars
--
Danny Goodman's books are out of date and teach practices that are
positively harmful for cross-browser scripting.
-- Richard Cornford, cljs, <cife6q$253$1$8300dec7(at)news(dot)demon(dot)co(dot)uk> (2004)
Re: Value in a grid [message #171337 is a reply to message #171335] Thu, 30 December 2010 13:20 Go to previous messageGo to next message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
Senior Member
Thomas 'PointedEars' Lahn wrote:

> This should be rewritten at least as
>
> foreach ($wscalls as $key => $wscall)
> {
> $iddocumento = $wscall['iddocumento'];
> $baseURL = $this->view->baseUrl();

Sorry, I meant

$baseURL = $this->view->baseUrl();

foreach ($wscalls as $key => $wscall)
{
$iddocumento = $wscall['iddocumento'];

// …
}

> […]
> 12. If a method always returns the same value, do not call it more than
> once. Store the return value in a variable once and use the variable
> value instead.

PointedEars
--
Anyone who slaps a 'this page is best viewed with Browser X' label on
a Web page appears to be yearning for the bad old days, before the Web,
when you had very little chance of reading a document written on another
computer, another word processor, or another network. -- Tim Berners-Lee
Re: Value in a grid [message #171339 is a reply to message #171337] Thu, 30 December 2010 13:50 Go to previous messageGo to next message
Sarah is currently offline  Sarah
Messages: 30
Registered: December 2010
Karma: 0
Member
Excuse me but I don't know what exactly I've to do....

another thig: using

rawurlencode(...)

I can't view my var encryped ... but has the same values
Re: Value in a grid [message #171342 is a reply to message #171339] Thu, 30 December 2010 14:29 Go to previous message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma: 0
Senior Member
Sarah wrote:

> Excuse me but I don't know what exactly I've to do....

Read my posting from top to bottom, and try to follow the advice given
therein. Ask *specific* and *coherent* *questions* in case something is
still unclear: <http://www.catb.org/~esr/faqs/smart-questions.html>

And <http://learn.to/quote>.

> another thig: using
>
> rawurlencode(...)
>
> I can't view my var encryped ... but has the same values

You are not making any sense.


PointedEars
--
var bugRiddenCrashPronePieceOfJunk = (
navigator.userAgent.indexOf('MSIE 5') != -1
&& navigator.userAgent.indexOf('Mac') != -1
) // Plone, register_function.js:16
  Switch to threaded view of this topic Create a new topic Submit Reply
Previous Topic: php mail( )
Next Topic: Ignoring Case on directories
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Sun Nov 10 13:36:29 GMT 2024

Total time taken to generate the page: 0.02624 seconds