Re: [PHP-DB] Re: Program Dies
On Tue, Oct 16, 2012 at 9:53 PM, Ethan Rosenberg, PhD wrote: > > > > with an empty action= attribute simply calls the same URL as given. I > use this all the time for testing and for localhost one-page apps, but is a > Very Bad Idea ™ for a real on-the-internet application. > > > Thank you for your input. > > Please, teach me, why is it a "Very Bad Idea ™" > > Ethan Generally speaking, you want to be very sure of the routes, parameters, and data that is going to be coming into your application from a form (and really, anywhere, but form in this case). If you leave action empty or omit it, it calls the URL back that is shown to the browser. This isn't always a problem, but if the URL happens to have additional information such as an info path and/or a query string, the possibility of it being abused is increased, and it's a potential vector for hacking your application. In addition, the existence of things like path info and query strings is a potential source of defects if you don't know it's happening and you don't code around it. Finally, although many many applications do this, it is generally considered a poorer user experience to press the "back" button and get a message saying that the page has expired and the browser needs to resend data, as well as a possible application headache if you end up processing the same information twice. Thus better to specifically set the action to the script that will process the information, and give a 302 redirect in that script to whatever the response is via a location redirect: form.html: process.php: http://www.example.com/response.html'); /* process the form data */ ?> response.html: Thank you Thank you for submitting your information. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP-DB] Re: Program Dies
On Mon, Oct 15, 2012 at 11:14 AM, Jim Giner wrote: > On 10/14/2012 5:57 PM, Ethan Rosenberg, PhD wrote: >> >> Dear List - >> >> Thank you ever so much for all your help. >> >> I apologize in advance for dumping all this code on you. I cannot >> get any debugger to work for me [see my separate email on debuggers]. >> I placed numerous echo and print_r statements in the code, and could >> not find the error. >> >> The program worked perfectly previously, and now it dies. >> >> It mimic a doctor's office where a study is being performed on >> obesity. The parameter is a calculated value called BMI. >> >> In the initial part of the program, a search is performed to obtain >> the medical record . This works perfectly. The second step is to >> obtain data at the patient visit, which is triggered by a button "Do >> you wish to enter visit data?" If that button is clicked, the >> program returns to the original welcome screen. >> >> Advice and help, please. >> >> Here is the code: >> > Ethan - If this is the code you are referring to, then I have some questions > about it - some of them pertinent, some of them impertinent. > 1 - do you plan on putting all of your input tags in their own div tags? > Kinda needless imho. > 2 - if this is the form holding the button that you referred to in your > post, why is there no action specified? I've never tried code like that so > I don't even know where one would end up in such a case. > > Lastly - Why the coding? If you are going to show us what > you are doing - at least have the sense to clean up the this kind of silly > stuff to show us that you know what you are doing. > > > Do you Wish to Enter Visit Data? > > checked/>YesNo /> > > < > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > with an empty action= attribute simply calls the same URL as given. I use this all the time for testing and for localhost one-page apps, but is a Very Bad Idea ™ for a real on-the-internet application. -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
