Re: sending array with POST from a hidden input form field?
From: ccjx (ccjx_REMOVE_NO_SPAM__at_newagezone.com)
Date: 05/28/04
- Next message: ccjx: "Re: Background colour not showing"
- Previous message: Geoff: "Background colour not showing"
- In reply to: Pedro Graca: "Re: sending array with POST from a hidden input form field?"
- Next in thread: pablo: "Re: sending array with POST from a hidden input form field?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 28 May 2004 23:48:42 +0800
Pedro's method is quite a good way. But if you would really want it to
be safe (like if you are transferring secret US government data :P), you
could try this,
1. Generate a random string (e.g. 19235jdsnld3235).
2. Serialize the array you are transferring and store it in a file with
the filename generated using the random string.
OR
2. Serialize the array you are transferring and store it in a record in
a database with another field storing the random string (as an index).
3. <input type="hidden" name="arraydata" value="19235jdsnld3235">
4. On the new page, just use the string to read the correct datafile or
record and Tada! you did it. ;).
This method is relatively safe as well as it will be difficult to guess
another random number. However, take good care when you store the file,
make sure you keep it in another directory or in one which is not within
the webserver root therefore increasing security.
I hope it helps :D.
ccjx
Pedro Graca wrote:
> pablo wrote:
>
>>I'am trying to send a php array with a hidden input field from a form to
>>another script.
>>The array is NOT made directly by way of <input name="arrayname[]" />.
>>
>>The array is made by normal php code and then
>>submitted between form-tags as
>>echo "<input type='hidden' name=\"arrayname\" value=\"$arrayname\" />" ;
>
>
> Maybe this works (not tested)
>
> echo "<input type='hidden' name=\"arrayname\" value=\"",
> urlencode(serialize($arrayname)), "\" />" ;
>
>
>
>>I can see that the receiving script receives the array but it counts only 1
>>item and not the presumed amount.
>
>
> and the receiving script does
>
> $array = unserialize($_POST['arrayname']);
>
>
>
>>Can this be done?
>>And how should it be done then?
>
>
> Remember that the user can change the hidden input field.
> Perhaps it would be better to pass the array in a session variable.
>
>
- Next message: ccjx: "Re: Background colour not showing"
- Previous message: Geoff: "Background colour not showing"
- In reply to: Pedro Graca: "Re: sending array with POST from a hidden input form field?"
- Next in thread: pablo: "Re: sending array with POST from a hidden input form field?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
