There is another way, potentially, if you’ll pardon my limited (but now growing) understanding of PHP: why not set, perhaps, 7 checkboxes, each with a designated color. Only 4 would have the proper colors. Have the user select only the green and the blue. Set the array with PHP — then implode the array using the implode() command to a single string and send that string to the handling script. Let PHP then parse the string. Right string: post; wrong string: send them to another site (maybe even their own IP).

Just a thought…

You iterate through the $_POST variables:

foreach ($_POST as $foo => $bar)
{
if (count($bar) > 1) {
//it's an array
} else {
//it's not an array
}
}


Here’s an example I just whipped up to make sure I was right. I ran it as a script from the command line, but the ideas are the same:


$monkies[0] = 'Bobo';
$monkies[1] = 'George';

echo 'I have the following pets:'."n";
foreach ($animals as $theKey => $theValue) {
if (count($theValue) > 1) {
for ($i=0;$i<count ($theValue);$i++) {
echo 'A ' . $theKey . ' named ' . $theValue[$i] . "n";
}
} else {
echo 'A ' . $theKey . ' named ' . $theValue . "n";
}
}


But yes, it would be easier if PHP just put the checkboxes as delimited text.

First, as you say, personal annoyance; HTML forms have long passed multiple-value results, and every other scripting language I’ve ever used has been able to deal with that or at least make it possible to deal with it. In fact, they would, absent any special handling, generally return a value something like ‘cb02:cb04:cb05′ (using some kind of separator). PHP appears to be either too dumb to understand that, or too “smart” to let it pass through untouched. The latter approach, that of trying to be smarter than the user, being what Microsoft does all the time.

Second, if I’m going to hack, I want to know exactly why the hack is necessary. I don’t use CSS hacks I don’t understand, and I avoid using CSS hacks whenever possible. The same goes for any other hack in any other language. I will avoid hacks whenever I can, and only use them when I understand them.

Via IM, I got a pointer from JH: http://us4.php.net/manual/en/faq.html.php#faq.html.arrays . That lead me to http://us4.php.net/manual/en/language.variables.external.php . In the comments on the latter page, carl_steinhilber said (back in 2002):

A group of identically-named checkbox form elements returning an array is a pretty standard feature of HTML forms. It would seem that, if the only way to get it to work is a non-HTML-standard-compliant workaround, it’s a problem with PHP. Since the array is passed in the header in a post, or the URL in a get, it’s the PHP interpretation of those values that’s failing.

He was wrong about the square-bracket workaround being non-compliant; it’s acceptable to throw brackets into name values. Other than that, I agree with him 110%.

Regardless, that closes that case: if I want to use checkboxes or have the same name applied to multiple text boxes, I’m going to have to use the square brackets. Now—for anyone who is using WP-Gatekeeper or has looked at the code, and has feedback on the coding or the way it works for the administrator of a WP blog, I’d like to hear from you.

checker=cb02
checker=cb04
checker=cb05

checker2[]=cb02
checker2[]=cb04
checker2[]=cb05

This is what PHP gets. Now php has to decide how to take this post data and convert it into php variables. It does this in a pretty straightforward manner, and will execute PHP code something like this:

$_POST['checker'] = ‘cb02′
$_POST['checker'] = ‘cb04′
$_POST['checker'] = ‘cb05′

$_POST['checker2'][] = ‘cb02′
$_POST['checker2'][] = ‘cb04′
$_POST['checker2'][] = ‘cb05′

Now do you see why you need those []? Without them PHP assigns each checked value from ‘checker’ to $checker, each value overwriting the previous. When you add the [], php assumes you want an array that stores them all.

I hope this explains more clearly what’s going on. The details may not be exactly correct, but I hope you get the gist of it.

Just posting this here having passed it to Eric by IM, for the sake of anyone who’s looking here for the answer.

Plus, it’s just plain silly to go to the effort of installing a biometric ID system on your server, and even sillier to expect your readers to purchase a thumb scanner (priced anywhere from $57.00 to $460.00 depending on the quality) and hook it up just to comment.

However, for little or no money per person, the problem could be solved immediately and forever. Here’s what you need:

• Ziploc baggy (preferably one of those with the little square zip thingy on top – I hear they close with less effort)
• Pre-printed, liquid resistant ID sticker with a name and number 1-10, i.e.: Keith Burgin – 1
• Padded mailing envelope (you know, the puffy ones)
• Propane torch
• Kitchen knife (sharp – believe me, you’re gonna want it sharp)

Okay. Eric makes his comment area with one extra text input field for the name and ID number (the aformentioned “Keith Burgin – 1″ corresponding to your comment.

You look at the ID number on your current label, type that in, and send your comment. Don’t look for it to be up for a couple of days, this takes a bit of time to sort out.

Once you’ve sent your comment, take the ID sticker and wrap it around the finger of your choice. Hack that baby off with the kitchen knife, seal the stub with the propane torch, seal the finger in the Ziploc bag, slide that in the padded envelope and mail it off to Eric.

Once Eric gets the finger, he simply matches the ID tag to your comment and approves the comment. Simple, no?

Spammers are not dedicated enough to use this system – I can guarantee that. Of course it will cut down on the number of legitimate comments, since an individual will only be able to do this ten times. Of course, you could always use toes, but let’s be a little sympathetic to Eric, people. Who wants to get a toe in the mail? I mean, really…

Any takers?

Here’s a test case: http://meyerweb.com/eric/php/formtest.html

You’ll note that it contains form elements that have defined values, some of which share names, and others of which do not. When the form is submitted, the result is that the last value in each name-group that doesn’t have brackets is read; anything before it in that group is dropped. Now, if I add the square brackets to the names in the XHTML, PHP suddenly wakes up and handles things correctly. Without them, it doesn’t.

So does anyone know how to make PHP handle HTTP form data correctly without the square-bracket hack, which should not be needed? No guesses; I said does anyone know either how to fix PHP sans hacks, or else exactly why it’s acting this way.

You need to either give each of them a unique value or explicitly say their location in the array within the name field like so:
<input type="checkbox" name="inputname[0]" />
<input type="checkbox" name="inputname[1]" />
<input type="checkbox" name="inputname[2]" />
<input type="checkbox" name="inputname[3]" />


<input type="checkbox" name="checkbox[]" value="checkbo1x">
<input type="checkbox" name="checkbox[]" value="checkbox2">
<input type="submit" name="Submit" value="Submit">


produced this


Array ( [checkbox] => Array ( [0] => checkbo1x [1] => checkbox2 ) [Submit] => Submit )