在提交後保留搜索表單中的值

Question

在PHP中提交表單後，如何將搜索表單中的字段值保存（安全）？

此方法是否安全？

<input type="checkbox" ... ="<?php if(isset($_POST['ThisRadioIsChecked'])) echo 'checked="checked"'; ?>" ... /> 

Answer 1

如果你有這樣的：

<form action="this_page.php" method="post"> 
    <input type="text" name="search" placeholder="Search..." value=""> 
    <input type="submit" value="Go"> 
</form> 

您可以用$_POST陣列設置的搜索輸入值（或$_GET如果使用GET方法）。

<?php 

// if data 'search' posted in POST method, make it safe in HTML then store it in $search. If 'search' data was not posted, fill it with an empty string ('') 
$search = (isset($_POST['search'])) ? htmlentities($_POST['search']) : ''; 

?> 

<form action="this_page.php" method="post"> 
    <input type="text" name="search" placeholder="Search..." value="<?= $search ?>"> 
    <input type="submit" value="Go"> 
</form> 

我要解釋你這短短的標籤將可能不會被PHP如果你的php.ini文件中包含解析：short_open_tag = Off

然後，你將不得不使用標準的方法來做到這一點：<?php echo $search; ?>而比短之一：<?= $search ?>

順便說一句，這條線是也許有點不高級用戶困惑：

$search = (isset($_POST['search'])) ? htmlentities($_POST['search']) : ''; 

您可以通過替換它：

if(isset($_POST['search'])) 
{ 
    $search = htmlentities($_POST['search']); 
} 
else 
{ 
    $search = ''; 
} 

甚至：

$search = ''; 

if(isset($_POST['search'])) 
{ 
    $search = htmlentities($_POST['search']); 
} 

順便說一句，如果你希望能跟不上值：

<?php 

// if data 'search' posted in POST method, make it safe in HTML then store it in $search. If 'search' data was not posted, fill it with an empty string ('') 
$search = (isset($_POST['search'])) ? htmlentities($_POST['search']) : ''; 
// if reset asked, then empty $search 
$search = (isset($_POST['reset'])) ? '' : $search; 

?> 

<form action="" method="post"> 
    <input type="text" name="search" placeholder="Search..." value="<?= $search ?>"> 
    <input type="submit" value="Go"><?php if($search != '') echo '<input type="submit" name="reset" value="Reset">'; ?> 
</form> 

你也可以使用複選框或其他東西... :)