Re: missing code in change form tutorial?

[SNelson]

Thanks again for your help and interest. I’m not a PHP whiz but I can generally grasp what’s going on if I stare at it long enough and dissect it methodically.

"apostrophe" wrote:

Well I haven’t seen the video or downloaded the demo but the point of if isset is to stop the script throwing an error by calling a variable that hasn’t yet been set.

I think that sort of almost makes sense.
:-)
This is one of those combined scripts that has both the PHP form processing and the HTML form itself in the same file. (And the sort of code that tends to baffle me.)
I presume that any PHP in such a file executes as soon as the file loads. Right?

One of the security measures this script does is create a session, store a generated token in both a session variable and a hidden input field and compare them when the form is submitted, to thwart cross site scripting hacks.

Since the token isn’t created until after the HTML part part of the script begins, I gather the initial PHP must execute before the parser gets to the point at which the token is created.

So there *would* have to be some mechanism to handle the unset variable at the very beginning, before the parser reaches the point at which the token is generated.
It’s just that I’ve never encountered syntax like this script has:

Code:

if (!isset($_SESSION[$form.’_token’])) {

} else {
echo “Unable to send message.”;
}

Are you saying that this by itself is enough to suppress errors if there’s no token yet?

Code:

if (!isset($_SESSION[$form.’_token’])) {

}

Hmm. It just seems to me that an "if" conditional statement needs *some* sort of action.
Anyway – thanks. I’ll continue to be puzzled. Maybe my inability to grasp this is just my inexperience with PHP.

Steve