Code behaviour

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
vik87
Forum Newbie
Posts: 1
Joined: Wed Feb 14, 2018 11:00 pm

Code behaviour

Post by vik87 »

Hi guys i am learning php by following the book "Learning PHP". I building a simple form for an excercise in the book and need some clarification on this line of code $input['dish_name'] = $dishes[$_POST['dish_name']], why do i need $dishes in there?? Why cant i simply go $input['dish_name'] = $_POST['dish_name'] When i tried this line i wouldnt get any output just a blank page. Any help would be appreciated. Thanks
p.s I am using php 7.3 and here is the code of the form

Code: Select all

<?php
require 'formHelper.php';
try{
    $db = new PDO('sqlite:c:\xampp\htdocs\tmp\restaurant2.db');
}
catch(PDOException $e){
    print "Couldnt connect to the database, " . $e->getMessage();
}
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
$dishes = array();
$query = $db->query("SELECT dish_name FROM dishes");
foreach($query as $dish){
    $dishes[] = $dish['dish_name'];
    
}
function validate_form(){
    global $dishes;
    $errors = array();
    $input = array();
    if(isset($_POST['dish_name'])){
       $input['dish_name'] = $dishes[$_POST['dish_name']];
    }
    
    else{
        $errors[] = "Please select a dish from the menu.";
    }
    return array($errors,$input);
}
thinsoldier
Forum Contributor
Posts: 367
Joined: Fri Jul 20, 2007 11:29 am
Contact:

Re: Code behaviour

Post by thinsoldier »

foreach($query as $dish){
$dishes[] = $dish['dish_name'];
}

That created a global array named $dishes where the keys will be numbers and teh values will be dish_names from the database.

global $dishes;
$errors = array();
$input = array();
if(isset($_POST['dish_name'])){
$input['dish_name'] = $dishes[$_POST['dish_name']];
}

That uses the same $dishes array. Then tries to add entries to the $input array by getting a specific entry from within $dishes. But it is using the value of $_POST[dish_name] to search for a key within the $dishes array. They keys of $dishes are all numbers starting at zero and increasing by one. The value of $_POST['dish_name'] is probably a string, or might an id number from database. Either way, it's unlikely to match the key name of any of the items within $dishes.

It seems your validate function is supposed to #1 make sure than the dish_name field in the form was filled in and #2 make sure the value of dish_name matches one of the official/allowed values that already exist in the global $dishes array. Am I right?

I would do it like this:

Code: Select all

function validate_form(){
    global $dishes;
    $errors = array();
    $input = array();
    
    // Dish name must be submitted.
    if( empty($_POST['dish_name']) ){
        $errors[] = "Please select a dish from the menu.";
    }
    
    // Dish name must match one of list of dishes from database.
    if( ! empty($_POST['dish_name']) ){
       // Swap array keys and values around so I can look
       // for an entry in $dishes that matches the value
       // submitted for the dish_name form field.
       $allowed_dishes = array_flip($dishes);
       
       if( !isset($dishes[$_POST['dish_name']]) )
       {
           $errors[] = "The selected dish does not exist in our database! GO AWAY HACKER!";
       }
       

    }
   
       return $errors;
}
Last edited by thinsoldier on Thu Feb 15, 2018 8:05 pm, edited 1 time in total.
Warning: I have no idea what I'm talking about.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Code behaviour

Post by Christopher »

Instead of this:

Code: Select all

function validate_form(){
    global $dishes;
Do this:

Code: Select all

function validate_form( $dishes){
(#10850)
Post Reply