Some PHP+MySql Questions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
JustinMs66
Forum Contributor
Posts: 127
Joined: Sun Sep 03, 2006 4:18 pm

Some PHP+MySql Questions

Post by JustinMs66 »

i am making a website. it will have all my work. photoshop, modeling...etc.
now to make it easier, i will make a place where you can easily add a work.
now 1st of all, here is my html code for adding a photoshop work:

Code: Select all

Add Photoshop Work
<form method="post" name="addphotoshopwork" encType="multipart/form-data" src="">

Name:
<input size="35" maxlength="50" type="text" name="title1" value="" class="textbox">

Category:
<select name="catagory1">
<option value="1">Creations
<option value="2">Posters
<option value="3">Banners
</select>


Main Pic Upload:
<input type="file" name="render" value="" size="20" class="textbox">


Other Notes:
<textarea name="text" rows="10" cols="85"></textarea>
<input type="submit" name="sub_add" value="Add" class="button">
</form>
and when you press "Add", it has to do alot of things:
1) get the name in the name box, and put it in the name field in the mysql database
2) get the catagory ID, put that in
3) upload the picture, save the URL that the pic is at in the mysql database
4) save the "other notes" in the mysql database

now so far i am guessing i can use this kind of code:

Code: Select all

$name = $_POST['title1'];
$notes = $_POST['notes'];
$query = "INSERT INTO web1 (title, notes) VALUES ('$name', '$notes')";
but in terms of which catagory is selected, how would i say that?

Code: Select all

$_POST['catagory1(option)'];
something like that?

and for later viewing purposes i am going to have to store the uploaded image URL into another table in the database, how would i get that URL?
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Make sure to add if statements to verify the data and that all the required data specifically has been sent.

Then you should make sure to parse the input to scan for malicious things, such as XSS attacks or SQL injection. Otherwise, your site is very likely to get hacked (which includes sensitive data being compromised) and your users are very likely to leave. But for starters, don't worry about security. Just get all the functionality done and the steps required to achieve it mastered, since you're still learning. Then once you have a firm grasp of everything, I'd then suggest looking up PHP security tutorials and articles that show you just what I mean about the hack methods I mentioned.

The variable $_POST['catagory1'] will have a value of either 1, 2, or 3.

I'd recommend Googling around for a good tutorial that walks you through this data insertion process step by step, and it's a bonus if it includes information on how to properly format your columns in the database table. :)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You know, you may want to create a really simple HTML form with one of each form field in it. Then post it to itself and use var_dump($_POST) to see how PHP is seeing the post array in different browsers. it would save you a lot of these 'How would I check for this form variable' type of questions because you would know by having tried it.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

Yeah, that's another good thing for simple testing.

For small stuff like this (and when dealing with large/complex) I used to run this:

Code: Select all

<?php
echo '<pre>';
    print_r ($_REQUEST); // or the name of the array
echo '</pre>';
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Yup, that is something that I do frequently. At the moment the project I am working on is split between me and the DBA, so I am var_dump()'ing a lot of database calls to make sure I have field names right and such. It is a handy little tool.
Post Reply