The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 16, 2019, 11:35:23 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: PHp Form Variables and MYSQL Statements  (Read 4102 times)
jammaster82
Lifer
*****
Offline Offline

Posts: 666


Thats craigs list for ya


View Profile
« on: January 11, 2008, 09:36:32 AM »

 Huh?

$companyname = trim($_REQUEST['companyname']);
$contactfirstname= trim($_REQUEST['contactfirstname']);
$contactlastname=trim($_REQUEST['contactlastname']);
$streetaddress=trim($_REQUEST['streetaddress']);
$suitenumber=trim($_REQUEST['suitenumber']);
$city=trim($_REQUEST['city']);

 Vomit how come they arent automatically variables?
so i can just be like

Code:
print $suitenumber;
print ' was the suitenumber posted to this form.';



Also: Am i allowed to do this:

Code:
$sql = "insert into testtable
                (fieldone, fieldtwo)
             values(
                         '$companyname',
                         '$contactfirstname'
              )";

cause its easier to work with?


« Last Edit: January 11, 2008, 09:39:02 AM by jammaster82 » Logged

The watched pot, never boils... But if you walk away from it , the soup burns.  What gives?
DangerMouse
Expert
****
Offline Offline

Posts: 244



View Profile
« Reply #1 on: January 11, 2008, 10:44:27 AM »

Yeah i believe you can put the SQL statement on multiple lines, thats what I do anyway - had exactly the same issue as you when I started doing it - hate that scruffy way it looks!

As for your first point, I guess you could create a little function that would take the contents of the associated array $_REQUEST and create variables of the results based on the array key, although it would be quite crude. I'd also suggest a tad more error checking and validation before inserting into a database.

DM
Logged
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #2 on: January 11, 2008, 10:56:51 AM »

Scruffy?

There are two forms of string that will dereference, and 2 ways to tell PHP what to do.

Static strings, of course are surrounded by single quotes ie., 'Hello World' and as such as the quickest type of string because there's no processing executed against them and they are "static" in the way they are compiled into the PHP PCode.

Dereferenced strings are surrounded by double quotes, and take just a smidgeon more time because a copy of the string os produced while dereferencing any variables inside of it. Consider:

Code:
<?php
$name 
'Perkiset';
$string "The name of the person is '$name'";
?>

This also outlines quite clearly why you must have the $ in front of a var JM - how would PHP understand my intention in that expression without it?

The last form, which I use for HTML dereferencing, SQL statements etc is the TEXTHERE operator like in PERL.
Code:
<?php

$theDate 
date('Y-m-d H:i:s'time());
$names[0] = 'Perkiset';
$names[1] = 'Jammaster';
$names[2] = 'NutBalls';

$sql = <<<SOMETEXT
select *
from contacts
where 
visitdate <= '
$theDate' and
( lastname = 
{$names[0]} or
  lastname = 
{$names[1]} or
  lastname = 
{$names[2]} )
SOMETEXT;

mysql_query($sql);
?>


The way to reference complex variables or object properties or, *most significantly* object METHODS, is to wrap them in curly braces. Note that you can derefence OBJECT METHODS as if they were variables in strings... this is a huge tool if you give it  a moment of thought.

Scruffy? Pretty elegant to me actually... unless I'm misreading entirely.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #3 on: January 11, 2008, 12:53:52 PM »

on the subject of quotes. I use doubles for SQL statements because of single quotes in the queries. And single quotes for almost everyhing else. Just a covention to make things simpler to keep track of.
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
DangerMouse
Expert
****
Offline Offline

Posts: 244



View Profile
« Reply #4 on: January 11, 2008, 04:16:16 PM »

Scruffy? Pretty elegant to me actually... unless I'm misreading entirely.

Was just referring to long SQL statements on a single line, not instances where they're split - didnt really explain what I meant sorry. Like the use of the textarea thing there, can see me using that in future  Smiley

DM
Logged
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #5 on: January 13, 2008, 06:43:35 PM »

Yeah I decided a long time ago that I would make liberal use of single quotes (ticks) whenever possible, and it's sped up my processing time noticably on large apps.
Logged

hai
thedarkness
Lifer
*****
Offline Offline

Posts: 585



View Profile
« Reply #6 on: January 13, 2008, 07:03:56 PM »

Yeah, I was about to say that if you have magic quotes turned on then " can add to you processing time. For most apps this isn't an issue but you still should be mindful of it.

Cheers,
td
Logged

"I want to be the guy my dog thinks I am."
 - Unknown
jammaster82
Lifer
*****
Offline Offline

Posts: 666


Thats craigs list for ya


View Profile
« Reply #7 on: January 15, 2008, 08:02:45 PM »

Code:
<?php

$theDate 
date('Y-m-d H:i:s'time());
$names[0] = 'Perkiset';
$names[1] = 'Jammaster';
$names[2] = 'NutBalls';

$sql = <<<SOMETEXT
select *
from contacts
where 
visitdate <= '
$theDate' and
( lastname = 
{$names[0]} or
  lastname = 
{$names[1]} or
  lastname = 
{$names[2]} )
SOMETEXT;

mysql_query($sql);
?>


why does this now say SOMETEXT instead of HTML
« Last Edit: January 15, 2008, 08:04:32 PM by jammaster82 » Logged

The watched pot, never boils... But if you walk away from it , the soup burns.  What gives?
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #8 on: January 15, 2008, 09:12:53 PM »

SOMETEXT is just an identifier to mark the beginning and end of the "preformatted" text area.

It could be anything. Just needs to match beginning and end.
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #9 on: January 16, 2008, 08:50:59 AM »

I like to make mine say filthy things about NB's mom.
Logged

hai
nutballs
Administrator
Lifer
*****
Offline Offline

Posts: 5627


Back in my day we had 9 planets


View Profile
« Reply #10 on: January 16, 2008, 11:26:06 AM »

well my mom bakes alot and often have flour and such on her.
Logged

I could eat a bowl of Alphabet Soup and shit a better argument than that.
thedarkness
Lifer
*****
Offline Offline

Posts: 585



View Profile
« Reply #11 on: January 17, 2008, 07:13:24 PM »

Sat "Hi" to your Mum for me.

Cheers,
td
Logged

"I want to be the guy my dog thinks I am."
 - Unknown
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!