phpHoo, Part I | 9 | WebReference

phpHoo, Part I | 9

phpHoo, Part I

Form Data in PHP

Unlike Perl and ASP, PHP was written for the web. (Yes, beating a dead horse is one of my favorite recreational activities). The perl version of this program requires the module to handle the query string and form elements. Yahasp is closer with it's "Request" objects, but PHP makes it even easier. PHP automatically parses POST and GET form methods and assigns variables with the forms "NAME" attribute. here's an example:

      echo "<FORM METHOD=POST ACTION=\"$PHP_SELF\">\n";
      echo "<INPUT TYPE=TEXT NAME=HiThere VALUE=\"\">\n";
      echo "<INPUT TYPE=SUBMIT NAME=SUBMIT VALUE=\"Submit\">\n";
          echo "Results of your form submission<BR>\n";
          echo "You entered [$HiThere] in the form<BR>\n";

This simple program outputs an HTML form. When you enter something in the text box and hit submit, it will print the form and also tell you what you entered in the HiThere box. When the form is submitted, PHP goes through the entered form elements and assigns variables using the form element's NAME. The value of the variable will be whatever the user entered into the form. As an example, if you entered 'PHP Rules' in the text box and hit submit, you would see the form printed as well as:

Results of your form submission
You entered [PHP Rules] in the form

Now back to phpHoo. On line 101 , we check to see if there's a query string available. On line 103 , we check for two conditions: There is a '$viewCat' variable, or, there is no query string or form POST entry. If either of these conditions are true, we call start_page($viewCat) and start_browse($viewCat). If there is no $viewCat, the two functions will print out the very beginning of phpHoo. If there is a $viewCat, (which would be a category ID number) we'll see that specific category.

On line 109 , we check for $add. $add is created automatically by PHP if the user has clicked on the "Suggest new link" link, which as you can see from the start_browse function looks like this:


If we're at the top, then $currentID will equal "Top", so we check for that and if this is the case we set the Category for this suggestion to zero on line 111. We could have let the link say 'add=0' and saved ourselves a check here but I though add=Top would be more intuitive for the user of the form. We then grab the category name for this category ID. We then print out the HTML form to the visitor and ask for all the usual stuff. The Url, LinkName etc.

Line 133 looks for the '$suggest' variable. $suggest is set if the user clicks on the submit button of the 'Suggest new link' form. Line 136 calls the MySQL class method with something we haven't seen yet:


$HTTP_POST_VARS is an array that is created automatically by PHP as the result of a POST action on a form. If we had set our 'suggest new link' form ACTION to GET, then we would use the $HTTP_GET_VARS array. $HTTP_POST_VARS is an associative array of Key = Value pairs created by the form NAME= and VALUE= pairs. Now it's time to take a look at the MySQL class Suggest method.

Inserting data in MySQL

The 'suggest' method on lines 244 through 277 of the MySQL class will handle the entry of data in our database. The method accepts one argument - an array of key=value pairs. (Our $HTTP_POST_VARS array). The first thing we need to do is validate all of the data. Line 251 first makes sure we have an array to work with. If there's no data or it's not an array, it immediately bails out. Lines 253 through 259 gets the data from the array by associative name and sets the SubmitDate to the current time(). Lines 261 through 265 makes sure that the data is complete. If any of these elements are missing, the method will abort the entry.

Lines 267 and 268 are special cases. At the beginning of the MySQL class, we assigned the AUTOAPPROVE global to be "true". If you want your visitors to be able to enter new links in the database automatically, leave it set to "true". If you want to manually approve each entry, set AUTOAPPROVE to "false". If AUTOAPPROVE is true, suggested links will automatically and instantly be available to your visitors with no work at all on your part. If set to false, you'll need to approve new links before they are made available to your visitors.

Remember I mentioned that trying to determine what your table needs would be from the outset is usually futile? Currently the Links table has no idea which links have been approved, and which links have not been. To tell the difference, we're going to need a new column in the Links table. Connect to your MySQL database and alter the Links table as follows:

mysql> ALTER TABLE Links ADD COLUMN Approved tinyint(8) DEFAULT '0';

Since we're accepting submissions, it would be nice to be able to track who is submitting what to our database, so let's add a few more columns:

    ALTER TABLE Links ADD COLUMN SubmitName varchar(64) NOT NULL;
    ALTER TABLE Links ADD COLUMN SubmitEmail varchar(64) NOT NULL;
    ALTER TABLE Links ADD COLUMN SubmitDate bigint(21) NOT NULL;

If you do a 'show columns from Links' command, you should see the following:

mysql> show columns from Links;
| Field       | Type         | Null | Key | Default | Extra          |
| LinkID      | bigint(21)   |      | PRI | 0       | auto_increment |
| CatID       | bigint(21)   |      |     | 0       |                |
| Url         | varchar(255) |      | UNI |         |                |
| LinkName    | varchar(64)  |      |     |         |                |
| Description | text         |      |     |         |                |
| Approved    | tinyint(8)   | YES  |     | 0       |                |
| SubmitName  | varchar(64)  |      |     |         |                |
| SubmitEmail | varchar(64)  |      |     |         |                |
| SubmitDate  | bigint(21)   |      |     | 0       |                |
9 rows in set (0.00 sec)

Our Links table can now track whether a link has been approved, and gives us the added information about who submitted the link, and when.

On line 271 of the MySQL class, we start our SQL query string and continue it over the next 3 lines. (271 through 274). Notice that all string values in our SQL query are surrounded by 'single quotes'. Line 275 calls the insert() method using this query and immediately returns the results (As either false to indicate failure, or a positive integer value for success).

Back to the phpHoo source code. Lines 136 through 143 calls the suggest() method and then, based on the results, output a "Success" or "Failure notice. Since we want the visitor to go back to the Top of the phpHoo hierarchy after a submission, we send an empty "junk" variable to the start_page() function, and no arguments at all are given to the start_browse() function.

Savvy PHP programmers are now howling about MySQL data needing to be "escaped" before being entered in the database, so let's address this issue now.

Produced by Jonathan Eisenzopf and
Created: July 20, 1999
Revised: July 20, 1999