Re: PHP/Mysql Script help.

heilo <grillen@abendstille.at> · Thu, 05 Jun 2003 02:08:06 +0200

hi!

wow - cool code! it is very well structured i think (i like it ;-)! i just
would change 2 little details (thats only what i'd do):

if($id) is not enough for me - first of all i want that it can only be
transportet by GET. secondly i do not want people trying to hack my
mysql-server with some ugly url-hacking. so i test if it is a numeric input.
third it is possible that people may bookmark some ids to access them
directly so i would include a test if the requested id exists or not:

if(isset($_GET['id']) && is_numeric($_GET['id'])
{
    $qry = 'SELECT `id` FROM `nuke_race` WHERE `id`='.$id;
    $res = mysql_query($qry, $con);
    if(mysql_num_rows($res)==0)
        echo 'Sorry, this entry has been deleted or was never
created!'."\n";
    else
        // show entry
}

next - but this is really a small thing - i'd not make a long list of
options i'd create a for-loop like this:

echo '<select name="select" size="1">'."\n";
for($i = 65; $i <= 90; $i++)
    echo '<option 
value="'.strtolower(chr($i)).'">'.chr($i).'</option>'."\n";
echo '</select>'."\n";

oh! i just saw that you use POST anyways. ;) also a possibility (but this
avoids the entries from being bookmarked).

keep phping!

.ma

Fulco of Scarborough <fulco@fulco.net> wrote@05.06.2003 0:04 Uhr:

> Greeting everyone, my name is Jason and I am sorry for bugging you since you
> probably get a ton of these emails, but I was hoping you all might be able
> to help me.  I am attempting to design a script that presents the user with
> a form with 26 letters to choose from.  When they pick a letter I want it to
> take them to a list of all the entries in my database that begin with the
> letter they selected in link form.  When they click on the term, I want it
> to pull up the info for that entry.
> 
> I am only wanting to get some tips or a sample somewhere you may know of to
> get me going in the right direction.
> 
> 
> 
> Here is my current code so far:
> 
> 
> 
> <?php
> 
> require("racesetup.php");
> 
> $con = mysql_connect($host, $user, $pass);
> 
> 
> 
> mysql_select_db($db, $con);
> 
> 
> 
> // display individual record
> 
> 
> 
> if ($id) {
> 
> 
> 
>  $result = mysql_query("SELECT * FROM nuke_race WHERE id=$id",$con);
> 
> 
> 
>  $myrow = mysql_fetch_array($result);
> 
> 
> 
>  printf("<b>Race:</b> %s\n<br>", $myrow["race"]);
> 
>     echo "<br>"; 
> 
>  printf("<b>Description:</b> %s\n<br>", $myrow["racetxt"]);
> 
>     echo "<br>";
> 
>     echo "<br><h3><a href=\"javascript:history.go(-1)\">Back</a></h3>";
> 
> 
> 
> 
> } else {
> 
>     echo "<form name=letter method=\"post\"
> action=\"http://st.fulco.net/races.php\";>
> 
> <p>Pick a letter to begin your search</p>
> 
> <p> 
> 
>   <select name=\"select\">
> 
>     <option value=\"a\">A</option>
> 
>     <option value=\"b\">B</option>
> 
>     <option value=\"c\">C</option>
> 
>     <option value=\"d\">D</option>
> 
>     <option value=\"e\">E</option>
> 
>     <option value=\"f\">F</option>
> 
>     <option value=\"g\">G</option>
> 
>     <option value=\"h\">H</option>
> 
>     <option value=\"i\">I</option>
> 
>     <option value=\"j\">J</option>
> 
>     <option value=\"k\">K</option>
> 
>     <option value=\"L\">L</option>
> 
>     <option value=\"m\">M</option>
> 
>     <option value=\"n\">N</option>
> 
>     <option value=\"o\">O</option>
> 
>     <option value=\"p\">P</option>
> 
>     <option value=\"q\">Q</option>
> 
>     <option value=\"r\">R</option>
> 
>     <option value=\"s\">S</option>
> 
>     <option value=\"t\">T</option>
> 
>     <option value=\"u\">U</option>
> 
>     <option value=\"v\">V</option>
> 
>     <option value=\"w\">W</option>
> 
>     <option value=\"x\">X</option>
> 
>     <option value=\"y\">Y</option>
> 
>     <option value=\"z\">Z</option>
> 
>   </select>
> 
> </p>
> 
> <p>
> 
>   <input type=\"Submit\" name=\"letter\" value=\"Enter information\">
> 
> </p>
> 
> </form>
> 
> ";          
> 
> } else {
> 
> 
> 
> $result = mysql_query("SELECT * FROM nuke_race WHERE race LIKE
> '$letter%'",$con);
> 
>   if ($myrow = mysql_fetch_array($result)) {
> 
> 
> 
>     // display list if there are records to display
> 
> 
> 
>     do {
> 
> 
> 
>       printf("<a href=\"%s?id=%s\">%s</a><br>\n", $PHP_SELF, $myrow["id"],
> $myrow["race"]);
> 
> 
> 
>     } while ($myrow = mysql_fetch_array($result));
> 
> 
> 
>   } else {
> 
> 
> 
>     // no records to display
> 
> 
> 
>     echo "Sorry, no records were found!";
> 
>   }
> 
> 
> 
> }
> 
> ?>
> 
> 
> 
> Thanks for your help in advance.
> 
> 
> 
> Yours in Service,
> 
> Jason Britton
> 
> Scar's <http://st.fulco.net/>  Legion
> 
> http://st.fulco.net <http://st.fulco.net/>
> 
> scar@st.fulco.net
> 
> 
> 
> Vincit imitationem veritas.
> 
> 
> 
>

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php