Page 4 of 10
Posted: Mon Jun 04, 2007 1:47 pm
by RobertGonzalez
Ok, so if the form is posted to your PHP page your PHP would see a $_POST superglobal array that looks something like this:
Code: Select all
<?php
$_POST = array(
'rlsdate' => 'last30',
'avgrating' => '4ormore',
'genre' => 'action'
);
?>
That means that you need to use the data from that array when the form is posted and only when the form is posted.
Are you hard coding the form values into the form, or are they coming from a database?
Posted: Mon Jun 04, 2007 2:00 pm
by phpflixnewbie
They are hard coded, for example I have no 4ormore field in my database but I DO have avg ratings that are 4 or more in my database.
Posted: Mon Jun 04, 2007 2:20 pm
by RobertGonzalez
Ok, so hard coded in the html means hardcoded in the PHP. That is OK (for now, you'll probably want to loosed that up later on).
So when the form is posted, you need to grab each member of the POST array and validate it (make sure it belongs and that it contains the type of data you expect and that is not malicious), then you present that to your database as a query.
Posted: Mon Jun 04, 2007 2:41 pm
by phpflixnewbie
I know im supposed to use mysql_real_escape_string, but how else do I prepare the form data?
Posted: Mon Jun 04, 2007 2:56 pm
by RobertGonzalez
Well, you need to make sure that the passed data is what you expect it to be. What if someone saved the source of your form and changed values, then passed it back to your server? How would you catch that? What happens if the rlsdate was passed as 'gobbledygook'?
Posted: Mon Jun 04, 2007 2:57 pm
by phpflixnewbie
So would it be better for me to populate the form fields from my database? how would I do that?
Posted: Mon Jun 04, 2007 3:08 pm
by RobertGonzalez
I try to keep anything that gives users a choice in my database. For me, it makes it easier to check and validate because you control the source outside of the hard coded HTML.
Basically you would do it the same way as any other content in the site. SELECTS get the form field information and validation takes place using the same result array.
Posted: Mon Jun 04, 2007 3:16 pm
by phpflixnewbie
So if my genre values were in my genre_ids table under the genre field how would I populate the form field?
Posted: Mon Jun 04, 2007 4:15 pm
by RobertGonzalez
Basically like the sample code I posted. Select it, then iterate it into an array. Then loop the array to populate the select lists (and use that same array as your validation source).
Posted: Mon Jun 04, 2007 4:25 pm
by phpflixnewbie
I'll have a go at writing a bit of code and post it back tomorow m8, again really appreciate the help.
Posted: Mon Jun 04, 2007 4:31 pm
by RobertGonzalez
You got it.
Posted: Tue Jun 05, 2007 2:06 pm
by phpflixnewbie
Sorry but I dont know how to populate using my database table, I started some code, could you please ammend it so it might work:
Code: Select all
<?php
$_POST = array(
'rlsdate' => 'last30', 'last60', 'last90', 'last6mth', 'lastyr', 'overayr'
'avgrating' => '4ormore', '3ormore', '2ormore', '1ormore'
'genre' => 'action', 'animation', 'kids', 'comedy', 'docu', 'drama', 'horror', 'musical', 'scifi', 'thriller'
)
;
//Determin if user has selected a form value
if (isset($_POST['rlsdate' or 'avgrating' or 'genre'])) {
//Perform SQL Query using Field value selected
}
;
else
{
//Perform SQL Query to display all results
}
;
?>
Posted: Tue Jun 05, 2007 2:17 pm
by RobertGonzalez
Remember, $_POST comes from the data in forms. You don't really want to mess with it the way you are in your code. Make arrays of the items that you are wanting to fill the select lists with. Then loop them to show them.
Posted: Tue Jun 05, 2007 2:40 pm
by phpflixnewbie
Like this?:
Code: Select all
<?php
$_POST
$rlsdate = array('last30', 'last60', 'last90', 'last6mth', 'lastyr', 'overayr')
$avgrating = array('4ormore', '3ormore', '2ormore', '1ormore')
$genre = array('action', 'animation', 'kids', 'comedy', 'docu', 'drama', 'horror', 'musical', 'scifi', 'thriller')
)
;
?>
Posted: Tue Jun 05, 2007 2:51 pm
by RobertGonzalez
Close:
Code: Select all
<?php
$rlsdate = array('last30', 'last60', 'last90', 'last6mth', 'lastyr', 'overayr');
$avgrating = array('4ormore', '3ormore', '2ormore', '1ormore');
$genre = array('action', 'animation', 'kids', 'comedy', 'docu', 'drama', 'horror', 'musical', 'scifi', 'thriller');
?>
Now you can loop them to display and use
in_array() for validation.