Web Analytics Made Easy - StatCounter registration 4 part file escape question - CodingForum

Announcement

Collapse
No announcement yet.

registration 4 part file escape question

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    registration 4 part file escape question

    Hi my registration has three parts which means that it passes input from page 1 to page 2 then to page three. The 4th part is the process.

    I ask because im having an issue with my text var value and i want to make sure this is not the problem.

    lets say i have text1 that is input on page one of the registration.

    i escape the post value.

    then that value is passed as hidden inputs (no display) to the other pages until it gets to the process page where it is processed.

    along the way i escape the post values as the data grows.

    in other words

    page one text1 i escape
    i pass that to page2 and escape the post.
    i pass that to page3 and escape the post.
    i pass that to page 4 and escape the post.

    by the time i get to page 4 i have about 30 or so dif var ready to be processed.

    my question is if there is only one input on page 1 for text one and it is only being passed not displayed not edited along the way, do i need to escape the post with every pass? As long as its not touched it should be ok just escaping the first time right.

    im having an issue with the final text being funky and i think it might have something to do with multiple escapes when i dont need to.

    thanks.
    I am not crazy, my computer had me checked but its on dialup and im still waiting for results :)
    A good way to remember objects from arrays is you shoot objects with arrows Example: $name->id; then Arrays are $name['id'];
    durangod is short for durango dave
    Tags: None
  • #2
    You only need to escape the data when its going into the database.

    Secondly you should never pass information back to the page as a hidden value - it can be changed by the user. Use sessions instead. If you prefer, save the data into the database and pass back the insert id as a hidden value instead so that you can reference the data in the DB.
    "Tango says double quotes with a single ( ' ) quote in the middle"
    '$Name says single quotes with a double ( " ) quote in the middle'
    "Tango says double quotes ( \" ) must escape a double quote"
    '$Name single quotes ( \' ) must escape a single quote'

    Comment

    • #3
      thanks tango, yeah i knew i had to do it before the insert but I was just trying to do it as i go lol, i will only do it once and see how it goes. ill just add all the escape to the last page before right before the actual insert.

      just fyi it never gets passed back to the previous page it just gets passed hidden to the next page. and i got ya on the session deal.

      thanks.
      I am not crazy, my computer had me checked but its on dialup and im still waiting for results :)
      A good way to remember objects from arrays is you shoot objects with arrows Example: $name->id; then Arrays are $name['id'];
      durangod is short for durango dave

      Comment

      • #4
        Originally posted by durangod View Post
        it just gets passed hidden to the next page.
        I must recommend against this as those values can be altered by the user. You really must consider using sessions for short term storage or the DB for long term (EG where the user may close the window and come back later).
        "Tango says double quotes with a single ( ' ) quote in the middle"
        '$Name says single quotes with a double ( " ) quote in the middle'
        "Tango says double quotes ( \" ) must escape a double quote"
        '$Name single quotes ( \' ) must escape a single quote'

        Comment

        Previous template Next
        Working...
        X
        😀
        🥰
        🤢
        😎
        😡
        👍
        👎