RES: Newbie question, Which way is best?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



De: George J [mailto:georgejamieson@xxxxxxxxxxxxx] 

> So calling the script via the form works i.e it passes the 
> neccessary variables to constrct the sql query for the next 
> call. 

As Shawn said, if you really need the query again add it to session, never,
NEVER give the user the ability to see/execute queries by himself (remember
POST data could be easily manipulated). Remember what Daniel said, adding a
DELETE FROM is not hard and veeery bad.

> If the user clicks one of the pagination links, that 
> calls itself, all that is passed is the page=$i variable. I 
> need to include the 'SELECT * FROM...' query either as a string 
> or an array of seperate values for the changed query.

Ok, let me ask you something. Why post to itself? You could have a script
only to do form actions, that way you can:
1 Separate huge php validations with your html form.
2 Use functions to handle the incoming data and writing the new query (or
the old one again).

As it's built at server side, the user is never going to see your query or
[1]manipulate it as you're writing it all over again, just using your old
parameters (they could be added as hidden fields in the form if strictly
necessary).


> So, as I see it, the pagination links won't POST the form 
> variables. How do I pass the 'SELECT * FROM mytable WHERE 
> selection=option LIMIT start, range' 
> query to the called script?

You should try building a default query where you only add the parameters
given by the user. If you can't seem to recover that, add them to $_SESSION
and you'll be fine next time you want them (if you don't overwrite it =] ).

> George
Welcome and keep asking :)


[1] As long as you treat the user input properly, as other said.
 



--
PHP General Mailing List (http://www.php.net/) To unsubscribe, 
visit: http://www.php.net/unsub.php



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux