SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Enthusiast
    Join Date
    May 2007
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Make these codes simpler? (Newb question)

    Code:
    if (!empty ($_POST['name'] {
    	$name = escape_data($_POST['name']);
    	} 
    	else {
    	$name = FALSE;
    	echo '<p>Please enter a meeting name</p>';
    	}
    	
    if (!empty ($_POST['subname'] {
    	$subname = escape_data($_POST['subname']);
    	} 
    	else {
    	$subname = FALSE;
    	echo '<p>Please enter a meeting subtitle</p>';
    	}
    
    if (!empty ($_POST['venue'] {
    	$venue = escape_data($_POST['venue']);
    	} 
    	else {
    	$venue = FALSE;
    	echo '<p>Please enter a venue name</p>';
    	}
    	
    if (!empty ($_POST['city'] {
    	$city = escape_data($_POST['city']);
    	} 
    	else {
    	$city = FALSE;
    	echo '<p>Please enter a state name</p>';
    	}
    	
    if (!empty ($_POST['state'] {
    	$state = strtoupper(escape_data($_POST['state']));
    	} 
    	else {
    	$state = FALSE;
    	echo '<p>Please enter a state name</p>';
    	}
    
    if (!empty ($_POST['country'] {
    	$country = escape_data($_POST['country']);
    	} 
    	else {
    	$country = FALSE;
    	echo '<p>Please enter a country name</p>';
    	}
    Ello, what i m doing here is preparing datas entered into a form to be ready for database entry. Just simple verification

    I have about 20 fields, so after a while the code gets repetitive.

    Since i m new to PHP, i never tried anything unusual. But I remember when i went through a PHP book, you could do something with OOP? Class and stuff

    I dont know if it's possible.

    --

    Another small question. When i m deliverying contents dynamically. I can do the

    Code:
    SELECT * FROM blah LIMIT 0,10
    This only applies for the first 10. I know after that it's LIMIT 10,10 and so on

    I know typing it out is very wrong becaues if you are google, you probly have to generate the 300th search result page (something like that)

    I m curious to learn how to do this like everyone else does. Thanks.

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    PHP Code:
    <?php

    if (empty($_POST['name'])) {
        echo 
    'empty message';
    } else if (empty(
    $_POST['subname'])) {
        echo 
    'empty message';
    } else if (empty(
    $_POST['venue'])) {
        echo 
    'empty message';
    } else if (empty(
    $_POST['city'])) {
        echo 
    'empty message';
    } else {

        
    $_POST array_map('escape_data'$_POST);

        
    $name    $_POST['name'];
        
    $subname $_POST['subname'];
        
    $venue   $_POST['venue'];
        
    $city    $_POST['city'];

        
    ## Rest of the code here...

    }
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Back! With a more user friendly model! ^.^
    PHP Code:
    <?php

    function checkRequired(&$reg) {

        
    $r true;

        foreach (
    $reg as $i) {
            if (!isset(
    $_POST[$i]) || empty($_POST[$i]) {
                echo 
    'Please fill in the field ' ucwords($i) . '.';
                
    $r false;
            }
        }

        return 
    $r;

    }

    $reg = array('name''subname''venue''city');

    if (
    checkRequired($reg)) {

        
    $_POST array_map('escape_data'$_POST);

        
    $name    $_POST['name'];
        
    $subname $_POST['subname'];
        
    $venue   $_POST['venue'];
        
    $city    $_POST['city'];

        
    ## Rest of the code here...

    }
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  4. #4
    SitePoint Enthusiast
    Join Date
    May 2007
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    Back! With a more user friendly model! ^.^
    PHP Code:
    <?php

    function checkRequired(&$reg) {

        
    $r true;

        foreach (
    $reg as $i) {
            if (!isset(
    $_POST[$i]) || empty($_POST[$i]) {
                echo 
    'Please fill in the field ' ucwords($i) . '.';
                
    $r false;
            }
        }

        return 
    $r;

    }

    $reg = array('name''subname''venue''city');

    if (
    checkRequired($reg)) {

        
    $_POST array_map('escape_data'$_POST);

        
    $name    $_POST['name'];
        
    $subname $_POST['subname'];
        
    $venue   $_POST['venue'];
        
    $city    $_POST['city'];

        
    ## Rest of the code here...

    }
    neato! very pretty

    small question. What does the ampersand in
    PHP Code:
    function checkRequired(&$reg
    do?

    I really need to learn php systematically.

  5. #5
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    The "&" sends $reg by refrence meaning any change to $reg inside the function will change the $reg outside of the function. If you remove the & it will copy the variable and not affect the original one.

    The reason I passed it as reference is to lower memory consumption in a case where you have a large array (tho a small one would show no difference). Since the array isn't really being changed i figured just best to pass via reference and leave it at that.

    Take this simple example:
    PHP Code:
    <?php

    function change (&$s) {
        
    $s 'newval';
    }

    $var 'value<br>';

    print 
    $var;

    change($var);

    print 
    $var;
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  6. #6
    SitePoint Enthusiast
    Join Date
    May 2007
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    The "&" sends $reg by refrence meaning any change to $reg inside the function will change the $reg outside of the function. If you remove the & it will copy the variable and not affect the original one.

    The reason I passed it as reference is to lower memory consumption in a case where you have a large array (tho a small one would show no difference). Since the array isn't really being changed i figured just best to pass via reference and leave it at that.
    good thinking

    Anyway since these data are going to be entered in a database.

    redefining each $_POST['foo'] element into $foo seems a bit redundant

    is it possible to just insert the $_POST array into database?

    assuming the variable name is identical to the database column name.

    because what i will do is
    Code PHP:
    $query = INSERT INTO tablename (foo, bat, bar) VALUES ($foo, $bat, $bar);
     
    $result = @mysql_query($query);

  7. #7
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Yes can do that after you made sure all data within the post is clean and escaped properly.

    Could forgot setting each and just use the $_POST directly.

    PHP Code:
    <?php

    function escape_data ($d) {

        
    $d stripslashes($d);

        if (
    function_exists('mysql_real_escape_string')) {
            return 
    mysql_real_escape_string($d);
        } else if (
    function_exists('mysql_escape_string')) {
            return 
    mysql_escape_string($d);
        }

        return 
    addslashes($d);

    }

    $_POST array_map('escape_data'$_POST);

    $sql 'INSERT INTO tablename (foo, bat, bar) VALUES ("' $_POST['foo'] . '", "' $_POST['bat'] . '", "' $_POST['bar'] . '")';
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  8. #8
    SitePoint Enthusiast
    Join Date
    May 2007
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    Yes can do that after you made sure all data within the post is clean and escaped properly.

    Could forgot setting each and just use the $_POST directly.

    PHP Code:
    <?php

    function escape_data ($d) {

        
    $d stripslashes($d);

        if (
    function_exists('mysql_real_escape_string')) {
            return 
    mysql_real_escape_string($d);
        } else if (
    function_exists('mysql_escape_string')) {
            return 
    mysql_escape_string($d);
        }

        return 
    addslashes($d);

    }

    $_POST array_map('escape_data'$_POST);

    $sql 'INSERT INTO tablename (foo, bat, bar) VALUES ("' $_POST['foo'] . '", "' $_POST['bat'] . '", "' $_POST['bar'] . '")';
    aye. my escapedata function covered everything you just added

    i already thought of what you are proposing here.

    However what i was thinking. If i have tons of data to input (in my case, more than 20 fields), i was wondering if theres a function that iterates through all the array values.

    some kinda foreach or while i assume?

  9. #9
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Hmmm yes.

    Or could just use a join if there is no extra fields in the post.

    PHP Code:
    $sql 'INSERT INTO tablename (foo, bat, bar) VALUES ("' join('","'$_POST) . '")'
    If there are extra fields like submit buttons or hidden then you will have to delete those more make a whitelist and loop through keeping those in the whitelist.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  10. #10
    SitePoint Wizard silver trophybronze trophy Cups's Avatar
    Join Date
    Oct 2006
    Location
    France, deep rural.
    Posts
    6,869
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)
    If not you could make a form element naming system instead of "username" call it "req_username".

    As you loop through the form output vars, check for "req_" then put them into your database as logic_earth suggests.

    Then again, if youre gonna be that smart, and you are using PHP5, look at using PDO for your dbase interaction - prepared statements and placeholders.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •