Results 1 to 2 of 2
  1. #1
    Join Date
    Mar 2003
    Posts
    225

    Unanswered: insert into mysql via php form

    i have the following table structure:

    PlayerID integer not null primary key auto_increment
    Forename varchar(50)
    Surname varchar(50) not null
    DOB date
    RegNo tinyint
    Photo varchar(255)
    Nickname varchar(50)
    Comments varchar(255)
    Position varchar(50)
    GamesPlayed tinyint
    GoalsScored tinyint

    and want to be able to enter/Edit/Delete ammend data in my mysql database via a php form,

    Need some serious help please, i have looked for hours on the net but am really struggling to get my head around this one!!!

    Thanks in adavnce

    Andy

  2. #2
    Join Date
    Nov 2004
    Location
    out on a limb
    Posts
    13,692
    Provided Answers: 59
    so where have you got to

    in a traditional web applciation you have several PHP scripts targeting different operations

    1 displays the the data / data entry
    2 called from 1 validates the data, and decide where to pass control (back to 1 if there are errors, or onto 3 to perform the update
    3 perform updates (could be rolled up into script 2)

    there may be additional scripts which do some searching or record selection

    script 1 usually targets HTML code which runs on the client PC, scripts 2 & 3 target PHP code which runs ont he server and does "soemthing" which the client doens't necessarily see

    all this can be flung up in the air if your applciation and userbase can support AJAX


    first off I'd suggest you write the display script (using a form, might involve tables (even though they are frowned upon by HTML purists), still a heck of a lot easier to layout than CSS in my view). then the action in the form calls the validation script. then decide how you will handle errors (ie how willl you provide feedback to the user that their data is invalid (and perhaps more important WHY its invalid))

    then and only then consider writing data to your tables, bear in mind that user data shouldn't be trusted so you need to explciitly check that any response formt he users is appropriate to your application, and postiviely exclude invalid data.

    so what do you validate.
    say you have an address, your business rules may say it must have at least 2 lines (each line of at least 10 characters) and a postcode.
    so the validation rules are:-
    check for valid characters, or if your prefer invlaid characters (a standard address usually can contain the following characters A-Z,a-z,0-9 spaces, commas, full stops and possibly a hyphen. I don't know of any address that uses a semicolon so check if that is present
    check the number of characters
    you will find the regular expressions (REGEXP usefull if incomprehensible at first) a nifty trick if you are concerned about minimum string length is to remove any invalid characters and then compare the remaining string length against your target.
    why check for semi colons, well a classical means of cracking a site is an SQL injection attack where the crackers attempts to break your system by submitting false data.

    if its a date you are requesting then check its a valid date (bear in mind to the user what they think of as a valid date format may be differnet to what you expect (eg they could use dd/mm/yyyy (as god intended), OR mm/dd/yyy, yyyy/mm/dd, dd mmm yyyy you cant cotmnrol that unkless you expressly use say 3 text boxes)

    look at the PHP documentation
    look at simple examples of how to write scripts
    consider buying a simple book on PHP (and possibly a complex book whilst you are at it), the simple books will get you going with some noddy examples which will give you a flavour of what PHP can do, and then the complex book can be more of a reference.
    look at websites which can offer classes (eg phpclasses, PEAR etc) which can save you some time in doing repetitive tasks (eg data validation). if you are experienced enough, consider writing your own calsses to handle soemthing that you need to use in more than one script.

    be carefull to target the right version(s) of PHP and MySQL, ie the versions that the ISP you are using for the site supports. There is little point in writing code that works on PHP5, or MySQL 5, if your ISP supports PHP 4 & MySQL 3.23.xx. You may have a development system that works finje, but unusable in the production environment. Its pointeless unsing the PHP5 object syntax if your ISP limits you to V4 syntax (and there is abig differnece between the two

    if you are OOP minded then make use of classes, if you aren't then it may not be worth the hassle of learning PHP objects. its up to you
    I'd rather be riding on the Tiger 800 or the Norton

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •