foreach($query as $dish){
$dishes[] = $dish['dish_name'];
}
That created a global array named $dishes where the keys will be numbers and teh values will be dish_names from the database.
global $dishes;
$errors = array();
$input = array();
if(isset($_POST['dish_name'])){
$input['dish_name'] = $dishes[$_POST['dish_name']];
}
That uses the same $dishes array. Then tries to add entries to the $input array by getting a specific entry from within $dishes. But it is using the value of $_POST[dish_name] to search for a key within the $dishes array. They keys of $dishes are all numbers starting at zero and increasing by one. The value of $_POST['dish_name'] is probably a string, or might an id number from database. Either way, it's unlikely to match the key name of any of the items within $dishes.
It seems your validate function is supposed to #1 make sure than the dish_name field in the form was filled in and #2 make sure the value of dish_name matches one of the official/allowed values that already exist in the global $dishes array. Am I right?
I would do it like this:
Code: Select all
function validate_form(){
global $dishes;
$errors = array();
$input = array();
// Dish name must be submitted.
if( empty($_POST['dish_name']) ){
$errors[] = "Please select a dish from the menu.";
}
// Dish name must match one of list of dishes from database.
if( ! empty($_POST['dish_name']) ){
// Swap array keys and values around so I can look
// for an entry in $dishes that matches the value
// submitted for the dish_name form field.
$allowed_dishes = array_flip($dishes);
if( !isset($dishes[$_POST['dish_name']]) )
{
$errors[] = "The selected dish does not exist in our database! GO AWAY HACKER!";
}
}
return $errors;
}