Creating an Advanced Form

Ask about general coding issues or problems here.

Moderators: egami, macek, gesf

Post Reply
php-forum Fan User
php-forum Fan User
Posts: 974
Joined: Mon Oct 01, 2012 12:32 pm

Fri Nov 02, 2012 2:45 pm

First, '1' may not work on its own as a boolean expression, 1=1 does though. But you don't even need to do that, here's a quick dynamic search you could easily modify to work with your situation and cut out a LOT of code.
First, you don't have to do the the html blocks outside of the php like i am, that part is bad practice and am only displaying because it is code i had already written for myself. Ok, what i'm doing is giving the user a select box to choose his criteria from, and an input box to set the value. I don't clean the user's input beyond real escape string, but you definitely should. anyway; i check the post value against an array of valid values, so that any other post value offered will result in an error. All that's left to do is display your results.

Code: Select all

<?php if (! isset($_POST['submit'])){ //show form?> 
							<form name="user_search" action="search_user.php" method="post" style="margin:20px;">
								<SELECT name="search_criteria">
									<option value="last_name">Last Name</option>
									<option value="email">Email</option>
									<option value="id">User ID</option>
								<input type="text" name="needle" />
								<input type="submit" name="submit" value="Search" />
						<?php } else { //process form
							if (! in_array($_POST['search_criteria'],$valid_array)){
							die('<h1>Injection fail.  Sucks to be you</h1><br /><br />');
							} else {
								$sql = "SELECT id,email,first_name,last_name FROM user WHERE LOWER(".mysql_real_escape_string($_POST['search_criteria']).")='".strtolower(mysql_real_escape_string($_POST['needle']))."'";
								$results = User::find_many_by_sql($sql);

New php-forum User
New php-forum User
Posts: 20
Joined: Fri Oct 19, 2012 4:32 am
Location: India

Tue Nov 06, 2012 4:06 am

<div id="contactform">
<h1>Contact <span>Form</span></h1>
<form name="contactform" id="form">
<div id="result">< ?php if($result) echo "<div class="message">".$result."</div>"; ?></div>
<select name="dept" class="text">
<option value="sales">Sales</option>
<option value="support">Support</option>
<option value="billing">Billing</option>
<label class="name">Name<br>
<input class="text" name="name" value="" type="text"><br></label>
<label class="email">Email<br>
<input class="text" name="email" value="" type="text"><br></label>
<label class="phno">Telephone no<br>
<input class="text" name="phno" value="" type="text"><br></label>
<label class="subject">Subject<br>
<input class="text" name="subject" value="" type="text"><br></label>
<label class="msg">Message<br>
<textarea class="text" name="msg"></textarea><br></label>
<input name="selfcopy" value="yes" type="checkbox">
<label>Send a copy to yourself?</label>
<?php MathGuard::insertQuestion(); ?>
<input name="browser_check" value="true" type="hidden">
<input name="submit" value="Submit" id="submit" type="button">


hire php developer | hire magento developer

Post Reply