how to make form input value a dataset value?

Report · Sep 20, 2010

Have a form and one hidden field, i want the value to come from

a dataset.

    <input name="buyerbid" type="hidden" id="buyerbid" value="<?php  { ?> echo '<div spry:region="ds3" class="StackedContainers">
<div spry:repeat="ds3" class="RowContainer">
<div class="RowColumn">{column0}</div>
</div>
</div>' ; 
<?php } ?>" />

The Spry is the

<div spry:region="ds3" class="StackedContainers">
<div spry:repeat="ds3" class="RowContainer">
<div class="RowColumn">{column0}</div>
</div>
</div>

Spry dataset renders correctly in a div on the page, but can't get the same value in the form input value?

thanks for your help,

Jim Balthrop

Report · Sep 20, 2010

dataset is in repeat region, form input isn't therefore form data isn't repeated in syc with spry region. Also there's imporper syntax in your hidden field value. You start with php, close it, then use a php echo. Php echo will not work unless it's inside php code.

Report · Sep 20, 2010

thanks for your help.

The php i knew was the wrong code.

the spry region not surrounding the form was the answer.

so i did it this way and it worked.

<div spry:region="ds4"><form method="POST" name="client_bid" id="client_bid">
    <input name="vehicle_ID" type="hidden" id="vehicle_ID" value="<?php echo $row_rs_vehicle['vehicle_ID']; ?>" />
    <input name="buyer_ID" type="hidden" id="buyer_ID" value="<?php echo $row_rs_login['client_ID']; ?>" />  
    <input name="auction_ID" type="hidden" id="auction_ID" value="<?php echo $row_rs_auction['auction_ID']; ?>" /> 
    <input name="buyerbid" type="hidden" id="buyerbid" value="{ds4::column0}" />
    <input name="submitbuyer" type="submit" id="submitbuyer" value="Submit Bid">
  </form></div>

thanks again.

-Jim Balthrop

Report · Sep 20, 2010

Glad that worked out for you. For security reasons it's always better to process form values that you can through the script vs. sending them via hidden values. For instance a user could create their own form with action pointing to your script (your form example doesn't have an action BTW) and enter any values they wish into the form. Then they can maliciously place a bid for another user which you don't want!

If you use dynamic values like session user id, auction id, and vehicle id directly in the form processing script vs. sending them to the script via hidden fields your form will be more secure. Why process a script w/ POST values when you could just use the direct SESSION and recordset values?