Creating an Advanced Form

Ask about general coding issues or problems here.

Moderators: macek, egami, gesf

jonny7d
New php-forum User
New php-forum User
Posts: 1
Joined: Fri Nov 02, 2012 6:23 am

Creating an Advanced Form

Postby jonny7d » Fri Nov 02, 2012 6:29 am

Solved
Last edited by jonny7d on Mon Nov 05, 2012 9:14 am, edited 1 time in total.

seandisanti
php-forum Fan User
php-forum Fan User
Posts: 838
Joined: Mon Oct 01, 2012 12:32 pm

Re: Creating an Advanced Form

Postby seandisanti » Fri Nov 02, 2012 2:45 pm

First, '1' may not work on its own as a boolean expression, 1=1 does though. But you don't even need to do that, here's a quick dynamic search you could easily modify to work with your situation and cut out a LOT of code.
First, you don't have to do the the html blocks outside of the php like i am, that part is bad practice and am only displaying because it is code i had already written for myself. Ok, what i'm doing is giving the user a select box to choose his criteria from, and an input box to set the value. I don't clean the user's input beyond real escape string, but you definitely should. anyway; i check the post value against an array of valid values, so that any other post value offered will result in an error. All that's left to do is display your results.


Code: Select all

<?php if (! isset($_POST['submit'])){ //show form?>
                     <form name="user_search" action="search_user.php" method="post" style="margin:20px;">
                        <SELECT name="search_criteria">
                           <option value="last_name">Last Name</option>
                           <option value="email">Email</option>
                           <option value="id">User ID</option>
                        </select>
                        <input type="text" name="needle" />
                        <input type="submit" name="submit" value="Search" />
                     </form>
                  <?php } else { //process form
                     $valid_array=array('email','id','last_name');
                     if (! in_array($_POST['search_criteria'],$valid_array)){
                     die('<h1>Injection fail.  Sucks to be you</h1><br /><br />');
                     } else {
                        $sql = "SELECT id,email,first_name,last_name FROM user WHERE LOWER(".mysql_real_escape_string($_POST['search_criteria']).")='".strtolower(mysql_real_escape_string($_POST['needle']))."'";
                        $results = User::find_many_by_sql($sql);
                     ?>

jinijames
New php-forum User
New php-forum User
Posts: 20
Joined: Fri Oct 19, 2012 4:32 am
Location: India
Contact:

Re: Creating an Advanced Form

Postby jinijames » Tue Nov 06, 2012 4:06 am

<div id="contactform">
<h1>Contact <span>Form</span></h1>
<form name="contactform" id="form">
<div id="result">< ?php if($result) echo "<div class="message">".$result."</div>"; ?></div>
<label>Department</label><br>
<select name="dept" class="text">
<option value="sales">Sales</option>
<option value="support">Support</option>
<option value="billing">Billing</option>
</select><br>
<label class="name">Name<br>
<input class="text" name="name" value="" type="text"><br></label>
<label class="email">Email<br>
<input class="text" name="email" value="" type="text"><br></label>
<label class="phno">Telephone no<br>
<input class="text" name="phno" value="" type="text"><br></label>
<label class="subject">Subject<br>
<input class="text" name="subject" value="" type="text"><br></label>
<label class="msg">Message<br>
<textarea class="text" name="msg"></textarea><br></label>
<input name="selfcopy" value="yes" type="checkbox">
<label>Send a copy to yourself?</label>
<?php MathGuard::insertQuestion(); ?>
<br><br>
<input name="browser_check" value="true" type="hidden">
<input name="submit" value="Submit" id="submit" type="button">

</form>
</div>



hire php developer | hire magento developer


Return to “PHP coding => General”

Who is online

Users browsing this forum: No registered users and 1 guest