|
Joined: Nov 2001
Posts: 745
Admin Emeritus
|
Admin Emeritus
Joined: Nov 2001
Posts: 745 |
I'm trying to write a reusable function to add/update/delete records from a dataset.
I've got about 7 functions that are all copied from the first one I wrote, and they all pretty much contain the same code with the exception of the form fields, db fields, and database tables.
I'm trying to make it so that I can detect what type of transaction is needed, get the correct fields declared, build a SQL and process.
Here's the problem...
I'm calling a routine called fm_lib::do_add which is my add routine processor. Inside there, it needs to be intelligent enough to detect that I'm working with the contact_us function, get the form data, build a query, and process the form properly.
I have 4 parts to the routine - form validation, SQL assembly, SQL execution, do_confirm (a confirmation message)
I'm having problems with the getting the proper form variables from the post to build the SQL.
Any ideas?
|
|
|
|
Joined: May 1999
Posts: 3,039
Guru
|
Guru
Joined: May 1999
Posts: 3,039 |
Are your form variables just not showing up? How exactly are you trying to reference them? If I can get a better idea of the exact problem you're having, I might be able to lend a hand.
UBB.threads Developer
|
|
|
|
Joined: Nov 2001
Posts: 745
Admin Emeritus
|
Admin Emeritus
Joined: Nov 2001
Posts: 745 |
That would the the problem. I'm not able to get the form vars properly addressed.
Right now, I'm guessing its a scope problem with the vars. I'm trying to set globals from an included file. I'm guessing there is a better way to do this.
|
|
|
|
Joined: May 1999
Posts: 3,039
Guru
|
Guru
Joined: May 1999
Posts: 3,039 |
Are you trying to reference these form vars from within a function? If so then, from that point it depends on how you're trying to reference them. Shooting in the dark here, but there could be a variety of scenarios. Scenario 1You program with register_globals on. Which means if you have a form variabled named "bar" then you just directly reference it with $bar in your script. If you try to do this inside a function it won't work due to scope. So you'd need to globalize it, like below. <br />function foo() {<br /> global $bar;<br /> echo $bar;<br />}<br /> Scenario 2You program with register globals off. Which means you might reference your form variables by using the $HTTP_POST_VARS and $HTTP_GET_VARS arrays. For this to work, you need to globalize those arrays as well to get access to your form vars in your functions. <br />function foo() {<br /> global $HTTP_POST_VARS,$HTTP_GET_VARS;<br /> echo $HTTP_POST_VARS['bar'];<br />}<br /> If it turns out to be a scenario 2 issue, then if your running at least version 4.1 of PHP then you can make it easier on yourself by using the $_POST and $_GET arrays. These are superglobals so you don't need to globalize them to get access to the keys within. So the following would work, just like scenario 2. <br />function foo() {<br /> echo $_POST['bar'];<br />}<br /> Of course, there could be a scenario 3 in where I totally missed the mark
UBB.threads Developer
|
|
|
|
Joined: Nov 2001
Posts: 745
Admin Emeritus
|
Admin Emeritus
Joined: Nov 2001
Posts: 745 |
I appreciate the nudge in the right direction.
I do have Register globals off. Most of my references to form fields are through the post variables. I'm going to play with it more today and see how insane I really im.
|
|
|
|
Joined: Oct 2003
Posts: 2,305
Old Hand
|
Old Hand
Joined: Oct 2003
Posts: 2,305 |
So do I I always appreciate Scream's tidbits pushes me further into my projects also
|
|
|
|
Joined: Nov 2001
Posts: 745
Admin Emeritus
|
Admin Emeritus
Joined: Nov 2001
Posts: 745 |
Yeah, I got it figured out.
I just need to preassemble my SQL statements with the $_POST vars, and just pass the statement to my SQL processor, and display confirmation.
Now I can have a generic processor for my add statements.
|
|
|
|
Joined: Dec 2000
Posts: 1,471
Addict
|
Addict
Joined: Dec 2000
Posts: 1,471 |
Make sure that you validate the SQL statements before executing them. It's a security risc if you use the $_POST vars without any validation.
|
|
|
|
Joined: Nov 2001
Posts: 745
Admin Emeritus
|
Admin Emeritus
Joined: Nov 2001
Posts: 745 |
I have a validation routine before the SQL is retrieved and executed. I just have the statement preassembled and ready to be called. That is in addition to some brute force Permission checking that is done before it even tries to read the post vars.
|
|
|
Donate to UBBDev today to help aid in Operational, Server and Script Maintenance, and Development costs.
Please also see our parent organization VNC Web Services if you're in the need of a new UBB.threads Install or Upgrade, Site/Server Migrations, or Security and Coding Services.
|
|
Posts: 5,833
Joined: January 2000
|
|
Forums63
Topics37,573
Posts293,925
Members13,849
|
Most Online5,166 Sep 15th, 2019
|
|
Currently Online
Topics Created
Posts Made
Users Online
Birthdays
|
|
|
|