Creating an Advanced Form

[jonny7d]

Solved

[seandisanti]

First, '1' may not work on its own as a boolean expression, 1=1 does though. But you don't even need to do that, here's a quick dynamic search you could easily modify to work with your situation and cut out a LOT of code.
First, you don't have to do the the html blocks outside of the php like i am, that part is bad practice and am only displaying because it is code i had already written for myself. Ok, what i'm doing is giving the user a select box to choose his criteria from, and an input box to set the value. I don't clean the user's input beyond real escape string, but you definitely should. anyway; i check the post value against an array of valid values, so that any other post value offered will result in an error. All that's left to do is display your results.

Code: Select all

<?php if (! isset($_POST['submit'])){ //show form?>
                     <form name="user_search" action="search_user.php" method="post" style="margin:20px;">
                        <SELECT name="search_criteria">
                           <option value="last_name">Last Name</option>
                           <option value="email">Email</option>
                           <option value="id">User ID</option>
                        </select>
                        <input type="text" name="needle" />
                        <input type="submit" name="submit" value="Search" />
                     </form>
                  <?php } else { //process form
                     $valid_array=array('email','id','last_name');
                     if (! in_array($_POST['search_criteria'],$valid_array)){
                     die('<h1>Injection fail.  Sucks to be you</h1><br /><br />');
                     } else {
                        $sql = "SELECT id,email,first_name,last_name FROM user WHERE LOWER(".mysql_real_escape_string($_POST['search_criteria']).")='".strtolower(mysql_real_escape_string($_POST['needle']))."'";
                        $results = User::find_many_by_sql($sql);
                     ?>


[jinijames]

<div id="contactform">
<h1>Contact <span>Form</span></h1>
<form name="contactform" id="form">
<div id="result">< ?php if($result) echo "<div class="message">".$result."</div>"; ?></div>
<label>Department</label><br>
<select name="dept" class="text">
<option value="sales">Sales</option>
<option value="support">Support</option>
<option value="billing">Billing</option>
</select><br>
<label class="name">Name<br>
<input class="text" name="name" value="" type="text"><br></label>
<label class="email">Email<br>
<input class="text" name="email" value="" type="text"><br></label>
<label class="phno">Telephone no<br>
<input class="text" name="phno" value="" type="text"><br></label>
<label class="subject">Subject<br>
<input class="text" name="subject" value="" type="text"><br></label>
<label class="msg">Message<br>
<textarea class="text" name="msg"></textarea><br></label>
<input name="selfcopy" value="yes" type="checkbox">
<label>Send a copy to yourself?</label>
<?php MathGuard::insertQuestion(); ?>
<br><br>
<input name="browser_check" value="true" type="hidden">
<input name="submit" value="Submit" id="submit" type="button">

</form>
</div>



hire php developer | hire magento developer