I hope this hasn't been asked before, but I'm trying to write an interface to a mysql database. I have a .htaccess file, so I'm not terribly concerned with malicious users, but I figure it's still good to protect against oblivious and dangerous users. My problem is that I don't want to force people to re-enter all their data if they make a mistake the first go round.
For example:
fields are:
Name (text field)
Type (drop down list)
Month (drop down list)
Day (drop down list)
Year (drop down list)
etc.
All of these fields are required, and when I sanitize the data, I want to also go through and make sure that all values are present, then print a message saying which ones are missing. Ideally I want to return to the form, and leave all the good values in place. Does anyone have any tips to do this? Also I'm not sure I'm doing the sanitization very well. The parsing for all fields looks like this:
$parsed //n by 2 array, where index = 0 holds an error message (or null if everything is okay), and index = 2 is the sanitized input (or null if there is an error)
$n = 0 //used to iterate through $parsed
for each variable in $_POST {
if variable === "" {
$parsed[n][0] = "some error message"
$parsed[n][1] = NULL;
} else {
$parsed[n][o] = NULL;
$parsed[n][1] = filter_var(variable, APPROPRIATE_PHP_FLITER);
}
}
if all $parsed[][0] == NULL {
insert values in $parsed[][1] into db;
} else {
print all errors to screen.
}
// end algorithm
thanks a ton.
Newbie Sanitization and Insert
Moderator: General Moderators
- superdezign
- DevNet Master
- Posts: 4135
- Joined: Sat Jan 20, 2007 11:06 pm
Re: Newbie Sanitization and Insert
You are referring to "sticky values" in forms. Basically, common practice is to submit a form to the same page so that if there are errors, you can print them out. Otherwise, you can handle success however you plan to. For sticky values, you'll need to get the posted data and place it into the form. You could use a function to assist you with that, as not to look for invalid values, since the $_POST array is empty before the form has been submitted.
Functions:
Controller:
View:
This is a simplified version of controllers and views, but it should make it easier for you to follow what is going on. This is the basic concept of form validation and submission.
Enjoy.
Functions:
Code: Select all
// functions.php
// Get post data
function getPost($name) {
if (!empty($_POST) && isset($_POST[$name])) {
return $_POST[$name];
}
return '';
}Code: Select all
// controller.php
include_once 'functions.php';
// Sticky values
$title= getPost('title');
$description = getPost('description');
// Form handling
$errors = array();
$success = false;
if (!empty($_POST)) {
// Validate title
if (empty($title)) {
$errors[] = 'Must fill "title" field.';
}
// Validate description
if (empty($description)) {
$errors[] = 'Must fill "description" field.';
}
// Submit form
if (empty($errors)) {
/* Perform business logic here */
$success = true;
}
}
include 'view.php';Code: Select all
// view.php
if ($success) {
echo '<p>Success!</p>';
} else {
echo <<<HTML
<form method="post" action="#">
<input type="text" name="title" value="<?php echo $title; ?>" />
<input type="text" name="description" value="<?php echo $description; ?>" />
<button type="submit">Submit</button>
</form>
HTML;
}Enjoy.
Re: Newbie Sanitization and Insert
Wow! I get it - thanks!