- Oct 4, 2002
- Predefined Variables
- A Script to Acquire User Input
- Accessing Form Input with User Defined Arrays
- Accessing Form Input with Built-In Arrays
- Distinguishing Between GET and POST Transactions
- Combining HTML and PHP Code on a Single Page
- Using Hidden Fields to Save State
- Redirecting the User
- File Upload Forms and Scripts
Using Hidden Fields to Save State
The script in Listing 9.9 has no way of knowing how many guesses a user has made. We can use a hidden field to keep track of this. A hidden field behaves exactly the same as a text field, except that the user cannot see it, unless he views the HTML source of the document that contains it. Listing 9.10 adds a hidden field to the number guessing script and some PHP to work with it.
Listing 9.10 Saving State with a Hidden Field
1: <?php 2: $num_to_guess = 42; 3: $num_tries = ( isset( $num_tries ) ) ? ++$num_tries : 0; 4: $message = ""; 5: if ( ! isset( $guess ) ) 6: $message = "Welcome to the guessing machine!"; 7: elseif ( $guess > $num_to_guess ) 8: $message = "$guess is too big! Try a smaller number"; 9: elseif ( $guess < $num_to_guess ) 10: $message = "$guess is too small! Try a larger number"; 11: else // must be equivalent 12: $message = "Well done!"; 13: 14: $guess = (int) $guess; 15: ?> 16: <html> 17: <head> 18: <title>Listing 9.10 Saving state with a hidden field</title> 19: </head> 20: <body> 21: <h1> 22: <?php print $message ?> 23: </h1> 24: Guess number: <?php print $num_tries?> 25: <form method="POST"> 26: Type your guess here: 27: <input type="text" name="guess" value="<?php print $guess?>"> 28: <input type="hidden" name="num_tries" value="<?php print $num_tries?>"> 29: </form> 30: </body> 31: </html>
The hidden field on line 28 is given the name "num_tries". We also use PHP to write its value. While we're at it, we do the same for the "guess" field on line 27, so that the user can always see his last guess. This technique is useful for scripts that parse user input. If we were to reject a form submission for some reason we can at least allow our user to edit his previous query.
When you need to output the value of an expression to the browser, you can of course use print() or echo(). When you are entering PHP mode explicitly to output such a value you can also take advantage of a special extension to PHP's short opening tags. If you add an equals (=) sign to the short PHP opening tag, the value contained will be printed to the browser. So
<? print $test;?>
is equivalent to
Within the main PHP code, we use a ternary operator to increment the $num_tries variable. If the $num_tries variable is set, we add one to it and reassign this incremented value; otherwise, we initialize $num_tries to 0. Within the body of the HTML, we can now report to the user how many guesses he has made.
Don't entirely trust hidden fields. You don't know where their values have been! This isn't to say that you shouldn't use them, just be aware that your users are capable of viewing and amending source code should they want to cheat your scripts.