At 2:22 AM -0800 12/24/09, Allen McCabe wrote:

If you are using a post method using $_SERVER['PHP_SELF'], then values are present in the POST array, hence, you would write your html with interspersed php like so:

<input type="text" name="username" value="<?php if (isset($_POST['username'])) echo $_POST['username'] ?>" id="username" />

No, I wouldn't do it that way.

First, a "post method using $_SERVER['PHP_SELF']" is the same as action="". A form by default, defaults to itself and thus no need for $_SERVER['PHP_SELF'].

Second, I seldom use any POST variable without sanitizing it first. As such, my <input> statements always look like --

   <input type="text" name="user_name" value="<?php echo($user_name); ?>" >

-- where the variable $user_name has been"sanitized" in some fashion (i.e., trim, limit length, etc.).

I think that is easier to read and debug. Also, if I am using a javascript routine (as mentioned in the OP), then I add ' id="user_name" '

Cheers and Merry Christmas.



PHP General Mailing List (
To unsubscribe, visit:

Reply via email to