On Tue, 2009-12-08 at 10:49 -0800, Allen McCabe wrote: > I wrote a function (inferior no doubt) that takes the values of a form with > a get method to filter results from the database. > > It is a list of orders, and I need to be able to filter by the user, the > user's school, or specific items (find all orders that have *this* item). > > I thought I figured out how to do it all, but it's just not returning a > 'valid resource'. > > > How do most people go about this? POST or GET? POST is obviously the most > secure, but since this is on an employee only page, security (to my niave > way of thinking) is not much of an issue. > > All the filter parameters are from drop downs; I have three forms set up (to > filter by user, school, or item) and I did this because I don't know the > first thing about AJAX (dynamically updating form drop-downs). > > If anyone is interested, I would like to send you the PHP file with the > filter function (as it is too long to paste here). > > PLEASE HELP! Thanks :) Just to let you know, POST is no more secure than GET, all are easy to spoof. I'd use the form to build the query. Use an if to see if certain parameters have been requested in the form, and add a clause to the query string as you build it. If the query doesn't run, then print it out, that will show obvious problems and let you put it in a query executor that can give you more info. Thanks, Ash http://www.ashleysheridan.co.uk
