PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
I'm writing blog software and was working on a way to change the status of an article to determine where it is filed. My code works and works well but it seems like there might have been an easier way to achieve the second part. Any ideas?
if (isset($_POST['update_incomplete'])){
$query = "UPDATE article SET status='$_POST[status]'";
mysql_query($query) or die (mysql_error());
header ("location: $_SERVER[PHP_SELF]");
}
$_POST data should not be used in queries unless it's passed escapement, validation and verification.
$_SERVER['PHP_SELF'] should almost never be used anywhere.
As for your <select> box creation... it's largely the same shifting the selected status. That means it can be automated. .. say with some variables and a single echo.
One more quick question in terms of posting data. I am using "mysql_real_escape_string" for escapement, I can use regex for some things to make sure it's the right types of data but what else should be done with forms in terms of secuirty?
Validation and escaping pretty much cover it all. From there, you get to advanced topics like CSRF protection or using database binding to ensure all data is always escaped.