Jump to content

What is index?name=name called

randydg

By randydg
in PHP Coding Help

 Share

Recommended Posts

randydg Member

randydg

Posted
Posted

What function is www.blabla.com/index?name=name called?

I'm trying to create a script that does the following:

 

Address bar:

www.blabla.com/index?name=Randy

 

Website:

Name: (text box fills in name i put above (index?name=Randy)

but while it puts the name in it also searches the mysql database on table soandso for that name and also fills in

Address,city,state,zip

Like so:

$query="SELECT *  FROM `soandso` WHERE `name` = $name";
$result=mysql_query($query);
$num=mysql_numrows($result);

$n=0;
while ($n < $num) {
$name=mysql_result($result,$i,"name");
                $address=mysql_result($result,$i,"address");
                $city=mysql_result($result,$i,"city");
               $state=mysql_result($result,$i,"state");
               $zip=mysql_result($result,$i,"zip");
              $phone=mysql_result($result,$i,"phone");
$n++;
};

Link to comment
Share on other sites
Christian F. Member

Christian F.

Posted
Posted

That is called a GET key-value pair, and it's not a function it's a "method". It describes the manner of which the client (web browser) is communicating with the server.

 

You'll also want to look into the mysql_fetch_array () function, instead of using so many calls to mysql_result (). Plus validating input and escaping output (mysql_real_escape_string () and htmlspecialchars (), in this case).

 

Seeing as a lot of this post probably confused you, I recommend you to just visit the PHP manual and read it. Especially the getting started chapters, as well as the pages for the functions I listed above.

 

PS: You'll also want to change from the mysql_* () functions to the MySQLi functions, as the former one is deprecated and will be removed soon.

Link to comment
Share on other sites
Zane Prolific Member

Zane

Posted
Posted

To answer the actual question, it's called a Query string.

$name = $_GET['name'];

 

You need to read about sanitizing user input if you're going to use it.

It also wouldn't hurt to read up on superglobals before that.  I wouldn't recommend someone researching santization of input before they even know what a superglobal is and does.

Make sure you get a grasp on the following vocabulary as well:

- a query string

- a query string parameter

 

You can learn an awful lot about these things from a simple phpinfo file.

Link to comment
Share on other sites
randydg Member

randydg

Posted
  • Author
Posted

Alright... I will read up on it but for now i need to get this code working for my office.

The following code will display the name in the name field but not pulling up any of the other data for it like address..

www.blabla.com/index?name=Randy Does put Randy in the Name field and the rest of the code will submit and save Randy in the name field.. this is a step closer. I just need it to push the name into the mysql and result info like address...

<table width="800"  border="1">
  <tr>
    <td colspan="5"><img src="image001.JPG" width="661" height="215"> 
    </td>
  </tr>
  <tr>
    <td width="38%" rowspan="2" valign="top"><p><strong>Name or Company:</strong> 
   
    <p>Name: 
          <input name="name" type="text" id="name" value="
<?php
$name = $_GET['name']; 
include 'connect.php';
$query="SELECT * FROM `sheets` WHERE `name` = '$name'";;
$result=mysql_query($query);
$num=mysql_numrows($result);
$n=0;
while ($n < $num) {
$name=mysql_result($result,$i,"name");
$address=mysql_result($result,$i,"address");
$n++;
};
echo "$name";
echo "$address";

?>

" size="20">

Link to comment
Share on other sites
Christian F. Member

Christian F.

Posted
Posted

You can send multiple values in a form, and they'll all end up in the $_POST superglobal array. The inserting into the database is done with the MySQL query INSERT INTO, and is pretty forward once you've picked up on working with SQL queries.

The first is explained in more detail in the PHP manual, and he "I recommend reading the "Getting Started" chapters, if you haven't done so already. How to use SQL is also explained in multiple tutorials on different sites, of very varying quality unfortunately. So I recommend looking for one that uses mysqli, as it's quite recent and thus should be of better quality than most.

 

However, that's unfortunately not the only thing that you'll need to read up on. Input validation and output escaping are also two subjects which you need to study, and they can be quite a bit heavier to understand than the simple basics. Especially if you don't have a good enough grasp of the finer details of the different languages and tools you're working with.

I believe there might be some articles on this very site that can help you with that, as well as many a thread. So a search around this place, once you're done with basic PHP and MySQL syntax, should net you some very valuable information.

 

That said, I've been nice enough to clean up your script, secured it, and put some comments in there to explain why I've done things the way I have:

<?php

// I'm assuming we're using MysQLi, object notification, to set up a database connection.
include 'connect.php';

/**
* Checks if the form has been submitted, validates the input, and returns the resuling form.
* 
*  @param object[mysqli] $db
*  return string
*/
function process_form ($db) {
// First, check if the form has been submitted.
if (!isset ($_POST['submit'])) {
	// If not, generate a blank one.
	return generate_reg_form ();
}

// Initialize variables for validation and error message.
$validated = true;
$error = '';

// Validate the name field; Checks that it is a string that consists of letters only.
if (!ctype_alpha ($_POST['name'])) {
	// Mark this check as failed, and add to error message.
	$validated = false;
	$error = 'name, ';
}

// Check to see if all input variables validated correcrtly.
if (!$validated) {
	// Something didn't validate. Remove the training space and comma from the error list.
	$error = substr ($error, 0, -2);

	// Finish the error message.
	$error = '<p class="error">Following fields failed validation: '.$error.'</p>';

	// Repopulate the form, with error message and submitted name.
	return generate_reg_form ($error, $_POST['name']);
}

// Always define the fields you want to retrieve from the database.
// Also using sprintf () to make the code more readable when adding output escaping.
$query = "SELECT `name`, `address` FROM `sheets` WHERE `name` = '%s'";

// Escape the username, and add it to the query instead of the %s placeholder.
$query = sprintf ($query, $db->real_escape_string ($_POST['name']));

// Run the result to fetch the data from the database.
$result = $db->exec ($query);

// Check that we got exactly one row from the database.
if ($result->num_rows () != 1) {
	// We didn't, so something must be wrong. Show the form anew, this time with an error and the username pre-filled.
	$error = '<p class="error">User/company could not be found, please check name</p>';

	// return exits the function, and stops the rest of the code inside of it from being parsed.
	// Thus no else-blcok below.
	return generate_reg_form ($error, $name);
}

// Fetch the details from the return database result
$row = $result->fetch_array ();

// Show the form again, this time with the new values.
return generate_reg_form ('', $row['name'], $row['address']);
}


/**
* Generates the form to register new user/client.
* 
* Set $message to give status report about failed validation and so forth.
* Prefills it with the name and address, if given.
* 
* @param string[optional] $message = ''
* @param string[optional] $name = ''
* @param string[optional] $address = ''
* return string
*/
function generate_reg_form ($message = '', $name = '', $address = '') {
// Escape output, to prevent XSS attacks.
$name = htmlspecialchars ($name);
$address = htmlspecialchars ($address);

// Generate completed form, and return it.
return <<<OutForm
<header><img src="image001.JPG" width="661" height="215"></header>

{$message}
<form action="" method="post">
<fieldset>
	<legend>Name or Company:</legend> 

	<label for="inp_name">Name:</label>
	<input name="name" type="text" id="inp_name" value="{$name}">

	<label for="inp_address">Address:</label>
	<input name="address" type="text" id="inp_address" value="{$address}">
</fieldset>

<fieldset id="button_row">
	<input type="submit" name="submit" value="Submit form">
</fieldset>
</form>
OutForm;
}

// Now we call the functions, and save the result for printing in the HTML output.
$registerForm = process_form ($db);

?>
<!doctype html>
<html>
<head>

<title>Testcase</title>

</head>
<body>

<!-- CF: Print out the form, or success message -->
<?php echo $registerForm; ?>

</body>
</html>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.