0

Started learning PHP today so forgive me for being a noob. I have a simple HTML form where the user inputs 4 strings and then submits.

HTML form 

<html>
<head>
<title>EMS</title>
</head>

<body>
<h1>EMS - Add New Employees</h1>

<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="post">
<table>
<tr><td>Enter a NAME:</td><td> <input type="text" name="name"></td></tr>
<tr><td>Enter a PPSN:</td><td>  <input type="text" name="ppsn"></td></tr>
<tr><td>Enter a PIN :</td><td>  <input type="text" name="pin"></td></tr>
<tr><td>Enter a DOB:</td><td>  <input type="text" name="dob"></td></tr>
<tr><td></td><td><input type="submit" value="Add New Employee" name="data_submitted"></td></tr>
</table>
</form>
</html>

I want to implode the 4 elements in the $_POST["data submitted"] array to a string.

PHP

<?php


    if (isset($_POST['data_submitted'])){ 



       $employee = implode(",",$_POST['data_submitted']);



        echo "employee = ".$employee;
    }


?>

Why is it that when I run the project, Input the 4 strings into the form and submit that there is nothing contained within the employee string when its outputed? There is however a value in the employee string when I just implode the $_POST array like so without 'data_submitted'.

$employee = implode(",",$_POST);

The output of the $employee string is now - employee = will,03044,0303,27/5/6,Add New Employee

It contains the name,pps,pin,dob and this ADD New Employee value? How do I just get the $employee string to contain just the name,pps,pin and dob from the $POST_[data_submitted] array?

Improve this question
3
  • $_POST['data_submitted'] is a string, not an array. Commented Feb 14, 2018 at 19:48
  • 2
    $_POST['anything'] is just the value of the input with name="anything". Why do you expect $_POST['data_submitted'] to be an array containing all the other inputs? Commented Feb 14, 2018 at 19:49
  • try using var_dump($_POST);die(); before your if statement just see contents of the POST arrray. Commented Feb 14, 2018 at 19:56

2 Answers 2

Reset to default
4

If you wish to implode the submitted data, then you need to refer to the specific items, as follows:

<?php
$clean = [];

if (isset($_POST['data_submitted'])){ 

 // one way to deal with possibly tainted data
 $clean['name'] =  htmlentities($_POST['name']);
 $clean['ppsn'] =  htmlentities($_POST['ppsn']);
 $clean['pin']  =  htmlentities($_POST['pin']);
 $clean['dob']  =  htmlentites($_POST['dob']);


 $employee = implode(",",$clean);
 echo "employee = $employee";
}

Never use submitted data without first checking to make sure that it is safe to do so. You need to validate it. Since the OP doesn't specify what kind of data the named inputs "ppsn", "pin", "dob" pertain to, this example does a minimum of validation. Each input might require more or something different.

Whether you're new or familiar with PHP, it is a good idea to frequently read the online Manual.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

The use of htmlentities is great but only really needed in the echo not at all points. It would wreak havoc on trying to do any logic operations. Verifying the data types and trimming is always good sanitizing off the bat and using prepared statements saves the DB. Great for the security concerns though!
@nerdlyist good pt in re verifying and trimming data. The main benefit of htmlentities() is a as a measure to prevent cross site scripting attacks. If we knew for certain that the posted fields named ppsn, and dob were intended to only contain numeric values, then I would have tested using ctype_digit.
0

First, you need to know that php will treat value in the format: value="value here" as string.

So, calling implode(",",$_POST['data_submitted']); will return Add New Employee as declared here: 

<input type="submit" value="Add New Employee" name="data_submitted">
.

From your question:

How do I just get the $employee string to contain just the name, pps, pin and dob from the $_POST[data_submitted] array?

Solution

1. Unset the <code>$_POST['data_submitted']</code> index in the $_POST super global variable
2. Implode it



// Unset the $_POST['data_submitted'] index
$post_data = unset( $_POST['data_submitted'] );

// Format the post data now
$format_post_data = implode( ",", $post_data );

// Escape and display the formatted data 
echo htmlentities( $format_post_data, ENT_QUOTES  );
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.