Newbie Sanitization and Insert
Posted: Wed Nov 18, 2009 11:49 am
I hope this hasn't been asked before, but I'm trying to write an interface to a mysql database. I have a .htaccess file, so I'm not terribly concerned with malicious users, but I figure it's still good to protect against oblivious and dangerous users. My problem is that I don't want to force people to re-enter all their data if they make a mistake the first go round.
For example:
fields are:
Name (text field)
Type (drop down list)
Month (drop down list)
Day (drop down list)
Year (drop down list)
etc.
All of these fields are required, and when I sanitize the data, I want to also go through and make sure that all values are present, then print a message saying which ones are missing. Ideally I want to return to the form, and leave all the good values in place. Does anyone have any tips to do this? Also I'm not sure I'm doing the sanitization very well. The parsing for all fields looks like this:
$parsed //n by 2 array, where index = 0 holds an error message (or null if everything is okay), and index = 2 is the sanitized input (or null if there is an error)
$n = 0 //used to iterate through $parsed
for each variable in $_POST {
if variable === "" {
$parsed[n][0] = "some error message"
$parsed[n][1] = NULL;
} else {
$parsed[n][o] = NULL;
$parsed[n][1] = filter_var(variable, APPROPRIATE_PHP_FLITER);
}
}
if all $parsed[][0] == NULL {
insert values in $parsed[][1] into db;
} else {
print all errors to screen.
}
// end algorithm
thanks a ton.
For example:
fields are:
Name (text field)
Type (drop down list)
Month (drop down list)
Day (drop down list)
Year (drop down list)
etc.
All of these fields are required, and when I sanitize the data, I want to also go through and make sure that all values are present, then print a message saying which ones are missing. Ideally I want to return to the form, and leave all the good values in place. Does anyone have any tips to do this? Also I'm not sure I'm doing the sanitization very well. The parsing for all fields looks like this:
$parsed //n by 2 array, where index = 0 holds an error message (or null if everything is okay), and index = 2 is the sanitized input (or null if there is an error)
$n = 0 //used to iterate through $parsed
for each variable in $_POST {
if variable === "" {
$parsed[n][0] = "some error message"
$parsed[n][1] = NULL;
} else {
$parsed[n][o] = NULL;
$parsed[n][1] = filter_var(variable, APPROPRIATE_PHP_FLITER);
}
}
if all $parsed[][0] == NULL {
insert values in $parsed[][1] into db;
} else {
print all errors to screen.
}
// end algorithm
thanks a ton.