Page 1 of 1

Some PHP+MySql Questions

Posted: Mon Dec 18, 2006 2:47 pm
by JustinMs66
i am making a website. it will have all my work. photoshop, modeling...etc.
now to make it easier, i will make a place where you can easily add a work.
now 1st of all, here is my html code for adding a photoshop work:

Code: Select all

Add Photoshop Work
<form method="post" name="addphotoshopwork" encType="multipart/form-data" src="">

Name:
<input size="35" maxlength="50" type="text" name="title1" value="" class="textbox">

Category:
<select name="catagory1">
<option value="1">Creations
<option value="2">Posters
<option value="3">Banners
</select>


Main Pic Upload:
<input type="file" name="render" value="" size="20" class="textbox">


Other Notes:
<textarea name="text" rows="10" cols="85"></textarea>
<input type="submit" name="sub_add" value="Add" class="button">
</form>
and when you press "Add", it has to do alot of things:
1) get the name in the name box, and put it in the name field in the mysql database
2) get the catagory ID, put that in
3) upload the picture, save the URL that the pic is at in the mysql database
4) save the "other notes" in the mysql database

now so far i am guessing i can use this kind of code:

Code: Select all

$name = $_POST['title1'];
$notes = $_POST['notes'];
$query = "INSERT INTO web1 (title, notes) VALUES ('$name', '$notes')";
but in terms of which catagory is selected, how would i say that?

Code: Select all

$_POST['catagory1(option)'];
something like that?

and for later viewing purposes i am going to have to store the uploaded image URL into another table in the database, how would i get that URL?

Posted: Tue Dec 19, 2006 8:01 am
by m3mn0n
Make sure to add if statements to verify the data and that all the required data specifically has been sent.

Then you should make sure to parse the input to scan for malicious things, such as XSS attacks or SQL injection. Otherwise, your site is very likely to get hacked (which includes sensitive data being compromised) and your users are very likely to leave. But for starters, don't worry about security. Just get all the functionality done and the steps required to achieve it mastered, since you're still learning. Then once you have a firm grasp of everything, I'd then suggest looking up PHP security tutorials and articles that show you just what I mean about the hack methods I mentioned.

The variable $_POST['catagory1'] will have a value of either 1, 2, or 3.

I'd recommend Googling around for a good tutorial that walks you through this data insertion process step by step, and it's a bonus if it includes information on how to properly format your columns in the database table. :)

Posted: Tue Dec 19, 2006 11:21 am
by RobertGonzalez
You know, you may want to create a really simple HTML form with one of each form field in it. Then post it to itself and use var_dump($_POST) to see how PHP is seeing the post array in different browsers. it would save you a lot of these 'How would I check for this form variable' type of questions because you would know by having tried it.

Posted: Tue Dec 19, 2006 1:43 pm
by m3mn0n
Yeah, that's another good thing for simple testing.

For small stuff like this (and when dealing with large/complex) I used to run this:

Code: Select all

<?php
echo '<pre>';
    print_r ($_REQUEST); // or the name of the array
echo '</pre>';

Posted: Tue Dec 19, 2006 1:54 pm
by RobertGonzalez
Yup, that is something that I do frequently. At the moment the project I am working on is split between me and the DBA, so I am var_dump()'ing a lot of database calls to make sure I have field names right and such. It is a handy little tool.