Im making a form in order to let the user update some of his personal info , but I would like to keep some placeholder values (actual and verified values - or already submitted values) if no new value is specified when submitting the form.
I don't want the user to have to re fill all fields just to update one specific field...
Is that possible, and safe by proceeding like that (xss?)
I tried something for purpose but doubt it would work. (beside this, the server just went down for maintenance I guess so I can't test it right now)
Thats my php code for the request :
//get params
$postdata = file_get_contents("php://input");
$request = json_decode($postdata);
if (isset($request->email)) {
$email = $request->email;
}
else $email = vm.email; // app side value... of course it won't work, only for you to see what I wish to do !
$telephone = $request->telephone;
echo 'telephone<br/>'.$telephone;
$adresse = $request->adresse;
echo 'adresse<br/>'.$adresse;
$email = $request->email;
echo 'email<br/>'.$email;
// Vérification des identifiants
try {
$req = $pdo->prepare('INSERT INTO users (telephone, adresse, email) VALUES (:telephone, :adresse, :email) ON DUPLICATE KEY UPDATE email= :email, telephone = :telephone, adresse = :adresse');
$req->execute(array(
'telephone' => $telephone,
'adresse' =>$adresse,
'email' => $email
));
echo '<br>';
print_r($req->errorInfo());
echo '<br>updated!';
}
catch(PDOException $e)
{
echo 'Erreur : ' . $e->getMessage();
}
?>
Angular Controller code :
// Controller profil
.controller('profilCtrl', function (user, $http, $state) {
var vm = this;
vm.user = user.getUserConnected();
vm.update = update;
function update(){
var data = {telephone: this.telephone, adresse: this.adresse, email: this.email}
$http({
method: 'POST',
url: 'http://mytpm.reaco.work/update.php',
data: data,
headers: {'Content-Type': 'application/json'}
})
.then(function(response){
vm.data = response.data;
vm.status = response.statusText;
console.log('STATUS ' + vm.status);
console.log('data ' + vm.data);
$state.go('profil');
}, function(error) {
vm.data = response.data;
vm.status = response.statusText;
vm.errorMessage = 'ERROR';
})
};
console.log(vm.user.prenom);
})
My form :
<form name="form" ng-submit="vm.update()" novalidate>
<label class="item item-input noborder">
<span class="input-label"><strong>Email:</strong></span>
<input type="email" name="email" ng-model="vm.email" placeholder="{{vm.user.email}}">
</label>
<label class="item item-input noborder">
<span class="input-label"><strong>Téléphone:</strong></span>
<input type="number" name="telephone" ng-model="vm.telephone" placeholder="{{vm.user.telephone}}">
</label>
<label class="item item-input noborder">
<span class="input-label"><strong>Adresse:</strong></span>
<input type="text" name="adresse" ng-model="vm.adresse" placeholder="{{vm.user.adresse}}">
</label>
<div class="item noborder">
<button class="button button-block button-positive" type="submit">Mettre à jour mes informations</button>
</div>
</div>
</form>
Any help is welcome ! Im not sure if Im going in the right direction...