Posted by Steve on 11/09/06 19:47
"kenoli" <kenoli@igc.org> wrote in message
news:1163100323.673616.196580@f16g2000cwb.googlegroups.com...
|I was planning on having some kind of form validation before sending
| through the post.
|
| It makes sense to me to de-couple the html from the php. Can you show
| me how to create the query I want where this is de-coupled?
even if it is this simple, it still provides some layer of security...
<?
$columns[] = 'dbField1';
$columns[] = 'dbField2';
$fields = isset($_POST[fields] ? $_POST[fields] : array();
$processData = isset($_POST['processData'] ? true : false;
if (!processData)
{
?>
<form method="post">
<?
foreach ($columns as $name)
{
?>
<input name="fields[]" type="text" value="">
<?
}
?>
<input name="processData" type="submit" value="Try It Out...">
</form>
<?
exit;
}
if (!is_array($fields)){ $fields = array($fields); }
$sql = "
SELECT dbField1 ,
dbField2
FROM someTable
WHERE 1 = 1
";
foreach ($fields as $index => $value)
{
$sql .= ' AND ' . $columns[$index] . " = '" . $value . "'";
}
// do what you like here...maybe just list the records
// in a table from the resulting query...for now:
echo '<pre>' . $sql . '</pre>';
?>
[Back to original message]
|