Re: Interesting Discussion with my PHP Teacher

From: Pedro Graca (hexkid_at_hotpop.com)
Date: 05/31/04 

Date: 31 May 2004 10:34:59 GMT

Robert Smith wrote:
> The Teacher's code:

I'm not going to comment on the teacher's code :-)
(snip teacher's code)

> My code:

My comments are preceded with ##

> <?php
>
> $product_no = $_POST['product_no']; // This is the part of the
> // code the teacher didnt like
> $product_name = $_POST['product_name'];
> $unit = $_POST['unit'];
> $unit_price = $_POST['unit_price'];
> $enquiry = $_POST['enquiry'];

    ## You already have the variables available,
    ## no need to create another set just to make it easier
    ## to write the code.
    ## For a small script like this one, it isn't that much different
    ## using $product_name or $_POST['product_name'];
    ## but as your scripts grow larger, I think it helps to keep the
    ## variables separate

> //return to input page if not all fields have been entered
> //header redirection must appear at the top of the page before any screen
> //output
> if (!$product_no || !$product_name || !$unit || !$unit_price || !$enquiry)
> {
> header('Location: add_record.htm');
> exit;

        ## some browsers may not follow the redirect;
        ## allow them to continue anyway (I usually output a
        ## complete HTML page: html, head, title, body)
        exit('Redirected here.');

        ## Oh! and the URL should be a complete one, at least in the
        ## header() call
        ## header('Location: http://www.yourserver.com/add_record.htm');

> }
>
> //get connection info from include file on hostname, username, password,
> //and database name
> include('connect_info.php');

    ## if, for some reason, connect_info.php cannot be read, instead of
    ## continuing running the script (with a warning) halt with
    ## a fatal error.
    require 'connect_info.php';

    ## or
    ## require_once 'connect_info.php';

> //connect to MySQL server and store connection info in the variable
> //$connection
> $connection = @mysql_connect($hostname, $username, $password) or
> die('Cannot connect to MySQL server.');
>
> //select database and store connection info in the variable $db_selected
> $db_selected = @mysql_select_db($db_name, $connection) or die('Cannot
> connect to database.');
>
> //construct SQL statement
> $sql_statement = "INSERT INTO product_table(product_no, product_name,
> unit, unit_price, enquiry) VALUES ('$product_no', '$product_name', '$unit',
> '$unit_price', '$enquiry')";
>
> //execute SQL statement to insert record
> @mysql_query($sql_statement, $connection) or die('Cannot query table.');

## ... or die('whatever ' . mysql_error());

## unless you want to hide the errors from your users (which is a good
## idea!), but then it's better to log the error somewhere instead of
## just dying with a constant message

## $resource = mysql_*(...);
## if (!$resource) {
## some_logging_function(mysql_error());
## die('Error message');
## }

> ?>
> ----------------------------------------------------------------------------
> -------
>
> So is my code really that bad? How can I get the code to work if my way
> really is that bad? I think the reason why the teacher's code is giving me
> errors in php 4.3.6 is because the code does not quote in the posted form
> values. For example $_POST[product_no] instead of $_POST['product_no'].
> This can be easily fixed on line 5 where the error occurs, but I can't fix
> it wher the sql statement is constructed because there are too many quotes.
> For example:
>
> $sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
> unit_price, enquiry) VALUES ('$_POST[product_no]', '$_POST[product_name]',
> '$_POST[unit]', '$_POST[unit_price]', '$_POST[enquiry]')";
>
> needs to be:
>
> $sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
> unit_price, enquiry) VALUES ('$_POST['product_no']',
> '$_POST['product_name']', '$_POST['unit']', '$_POST['unit_price']',
> '$_POST['enquiry']')";
>
> which of course will give you a parse error.

## Use { } to delimit array variables inside double quotes

$sql_statement = "INSERT INTO product_table(product_no, product_name, unit,
unit_price, enquiry) VALUES ('{$_POST['product_no']}',
'{$_POST['product_name']}', '{$_POST['unit']}', '{$_POST['unit_price']}',
'{$_POST['enquiry']}')"; 

-- 
USENET would be a better place if everybody read:       : mail address :
http://www.catb.org/~esr/faqs/smart-questions.html      : is valid for :
http://www.netmeister.org/news/learn2quote2.html        : "text/plain" :
http://www.expita.com/nomime.html                       : to 10K bytes :

Relevant Pages

  • Applescript and Autoformat (search and replace), Word 2004
    ... script that will take care of a recurring editing issue with nested ... quotes to double quotes, ... set oldauto2 to auto format as you type replace quotes ... set auto format as you type replace quotes to false ...
    (microsoft.public.mac.office.word)
  • Re: Database/Email Script
    ... Both double and single quotes work for quoting array indexes. ... the relevant code. ... What I would like first would be to get the script working. ... task as a learning experience.) ...
    (comp.lang.php)
  • Re: basic help to run an application from WSH
    ... string values must be enclosed in quotes. ... The Run method will execute on c:\notepad.exe. ... I'm just learning vbscript for wsh and here is my first script, ... Also if I cut and paste the exact file path from the script into the ...
    (microsoft.public.scripting.vbscript)
  • Re: How to pass string in command line argument.
    ... > I want to pass a command argument to perl script with double quotes (" ... > just a straight string is geeting passed ...
    (perl.beginners)