Newbie Sanitization and Insert

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Shura
Forum Newbie
Posts: 2
Joined: Wed Nov 18, 2009 11:37 am
Location: Albuquerque, New Mexico

Newbie Sanitization and Insert

Post by Shura »

I hope this hasn't been asked before, but I'm trying to write an interface to a mysql database. I have a .htaccess file, so I'm not terribly concerned with malicious users, but I figure it's still good to protect against oblivious and dangerous users. My problem is that I don't want to force people to re-enter all their data if they make a mistake the first go round.

For example:
fields are:
Name (text field)
Type (drop down list)
Month (drop down list)
Day (drop down list)
Year (drop down list)
etc.

All of these fields are required, and when I sanitize the data, I want to also go through and make sure that all values are present, then print a message saying which ones are missing. Ideally I want to return to the form, and leave all the good values in place. Does anyone have any tips to do this? Also I'm not sure I'm doing the sanitization very well. The parsing for all fields looks like this:

$parsed //n by 2 array, where index = 0 holds an error message (or null if everything is okay), and index = 2 is the sanitized input (or null if there is an error)
$n = 0 //used to iterate through $parsed

for each variable in $_POST {
if variable === "" {
$parsed[n][0] = "some error message"
$parsed[n][1] = NULL;
} else {
$parsed[n][o] = NULL;
$parsed[n][1] = filter_var(variable, APPROPRIATE_PHP_FLITER);
}
}

if all $parsed[][0] == NULL {
insert values in $parsed[][1] into db;
} else {
print all errors to screen.
}

// end algorithm
thanks a ton.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: Newbie Sanitization and Insert

Post by superdezign »

You are referring to "sticky values" in forms. Basically, common practice is to submit a form to the same page so that if there are errors, you can print them out. Otherwise, you can handle success however you plan to. For sticky values, you'll need to get the posted data and place it into the form. You could use a function to assist you with that, as not to look for invalid values, since the $_POST array is empty before the form has been submitted.

Functions:

Code: Select all

// functions.php
// Get post data
function getPost($name) {
    if (!empty($_POST) && isset($_POST[$name])) {
        return $_POST[$name];
    }
    
    return '';
}
Controller:

Code: Select all

// controller.php
include_once 'functions.php';
 
// Sticky values
$title= getPost('title');
$description = getPost('description');
 
// Form handling
$errors = array();
$success = false;
 
if (!empty($_POST)) {
    // Validate title
    if (empty($title)) {
        $errors[] = 'Must fill "title" field.';
    }
 
    // Validate description
    if (empty($description)) {
        $errors[] = 'Must fill "description" field.';
    }
 
    // Submit form
    if (empty($errors)) {
        /* Perform business logic here */
        $success = true;
    }
}
 
include 'view.php';
View:

Code: Select all

// view.php
if ($success) {
    echo '<p>Success!</p>';
} else {
    echo <<<HTML
<form method="post" action="#">
    <input type="text" name="title" value="<?php echo $title; ?>" />
    <input type="text" name="description" value="<?php echo $description; ?>" />
    <button type="submit">Submit</button>
</form>
HTML;
}
This is a simplified version of controllers and views, but it should make it easier for you to follow what is going on. This is the basic concept of form validation and submission.

Enjoy. :P
Shura
Forum Newbie
Posts: 2
Joined: Wed Nov 18, 2009 11:37 am
Location: Albuquerque, New Mexico

Re: Newbie Sanitization and Insert

Post by Shura »

Wow! I get it - thanks!
Post Reply