Drop-down filter menu

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Ok, so if the form is posted to your PHP page your PHP would see a $_POST superglobal array that looks something like this:

Code: Select all

<?php
$_POST = array(
  'rlsdate' => 'last30',
  'avgrating' => '4ormore',
  'genre' => 'action'
);
?>
That means that you need to use the data from that array when the form is posted and only when the form is posted.

Are you hard coding the form values into the form, or are they coming from a database?
phpflixnewbie
Forum Contributor
Posts: 132
Joined: Fri Nov 17, 2006 11:46 am

Post by phpflixnewbie »

They are hard coded, for example I have no 4ormore field in my database but I DO have avg ratings that are 4 or more in my database.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Ok, so hard coded in the html means hardcoded in the PHP. That is OK (for now, you'll probably want to loosed that up later on).

So when the form is posted, you need to grab each member of the POST array and validate it (make sure it belongs and that it contains the type of data you expect and that is not malicious), then you present that to your database as a query.
phpflixnewbie
Forum Contributor
Posts: 132
Joined: Fri Nov 17, 2006 11:46 am

Post by phpflixnewbie »

I know im supposed to use mysql_real_escape_string, but how else do I prepare the form data?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Well, you need to make sure that the passed data is what you expect it to be. What if someone saved the source of your form and changed values, then passed it back to your server? How would you catch that? What happens if the rlsdate was passed as 'gobbledygook'?
phpflixnewbie
Forum Contributor
Posts: 132
Joined: Fri Nov 17, 2006 11:46 am

Post by phpflixnewbie »

So would it be better for me to populate the form fields from my database? how would I do that?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

I try to keep anything that gives users a choice in my database. For me, it makes it easier to check and validate because you control the source outside of the hard coded HTML.

Basically you would do it the same way as any other content in the site. SELECTS get the form field information and validation takes place using the same result array.
phpflixnewbie
Forum Contributor
Posts: 132
Joined: Fri Nov 17, 2006 11:46 am

Post by phpflixnewbie »

So if my genre values were in my genre_ids table under the genre field how would I populate the form field?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Basically like the sample code I posted. Select it, then iterate it into an array. Then loop the array to populate the select lists (and use that same array as your validation source).
phpflixnewbie
Forum Contributor
Posts: 132
Joined: Fri Nov 17, 2006 11:46 am

Post by phpflixnewbie »

I'll have a go at writing a bit of code and post it back tomorow m8, again really appreciate the help.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

You got it.
phpflixnewbie
Forum Contributor
Posts: 132
Joined: Fri Nov 17, 2006 11:46 am

Post by phpflixnewbie »

Sorry but I dont know how to populate using my database table, I started some code, could you please ammend it so it might work:

Code: Select all

<?php
$_POST = array(
  'rlsdate' => 'last30', 'last60', 'last90', 'last6mth', 'lastyr', 'overayr' 
  'avgrating' => '4ormore', '3ormore', '2ormore', '1ormore'
  'genre' => 'action', 'animation', 'kids', 'comedy', 'docu', 'drama', 'horror', 'musical', 'scifi', 'thriller'
)
;

//Determin if user has selected a form value

if (isset($_POST['rlsdate' or 'avgrating' or 'genre'])) {

//Perform SQL Query using Field value selected
    
    }
;

else

{

//Perform SQL Query to display all results

}
;

?>
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Remember, $_POST comes from the data in forms. You don't really want to mess with it the way you are in your code. Make arrays of the items that you are wanting to fill the select lists with. Then loop them to show them.
phpflixnewbie
Forum Contributor
Posts: 132
Joined: Fri Nov 17, 2006 11:46 am

Post by phpflixnewbie »

Like this?:

Code: Select all

<?php 
$_POST  
  $rlsdate = array('last30', 'last60', 'last90', 'last6mth', 'lastyr', 'overayr')
  $avgrating = array('4ormore', '3ormore', '2ormore', '1ormore')
  $genre =  array('action', 'animation', 'kids', 'comedy', 'docu', 'drama', 'horror', 'musical', 'scifi', 'thriller')
)
; 
?>
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Close:

Code: Select all

<?php 
$rlsdate = array('last30', 'last60', 'last90', 'last6mth', 'lastyr', 'overayr'); 
$avgrating = array('4ormore', '3ormore', '2ormore', '1ormore'); 
$genre =  array('action', 'animation', 'kids', 'comedy', 'docu', 'drama', 'horror', 'musical', 'scifi', 'thriller'); 
?>
Now you can loop them to display and use in_array() for validation.
Post Reply