PDA

View Full Version : Database insert critique please!!


kona72
07-16-2007, 08:40 PM
Hey All,

Been a while but really working at getting away from the lousy DW wizard crap... Having said that...
Looking for a bit of critique for the insert in this page I just completed....


<?php include("../Connections/idas.php");

if($_REQUEST[flag]==1)

{

$sql="INSERT INTO `members` ( `rec_id` ,
`fname` ,
`lname` ,
`company` ,
`addr` ,
`city` ,
`prov` ,
`phone` ,
`fax` ,
`email` ,
`website` ,
`type` ,
`notes` )
VALUES ('',
'$_REQUEST[fname]',
'$_REQUEST[lname]',
'$_REQUEST[company]',
'$_REQUEST[addr]',
'$_REQUEST[city]',
'$_REQUEST[prov]',
'$_REQUEST[phone]',
'$_REQUEST[fax]',
'$_REQUEST[email]',
'$_REQUEST[website]',
'$_REQUEST[type]',
'$_REQUEST[notes]');";

$result=mysql_query($sql) or die(mysql_error());

header("location:member_list.php.php");
exit;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IDAS - CSS </title>
<link href="css/idas.css" rel="stylesheet" type="text/css" />
<link href="../css/idas.css" rel="stylesheet" type="text/css" />
</head>

<body>

<h3 align="center" class="style1"><img src="../images/idas_03.jpg" width="794" height="179" /></h3>
<table width="775" border="0" align="center" cellpadding="10" cellspacing="0">
<tr>
<td align="left" valign="top"><p>Add A Member </p>
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td><form action="<?php echo $_SERVER['PHP_SELF']; ?>" name="member_add" method="post" onSubmit="return chk()">
<table width="100%" border="0" cellspacing="0" cellpadding="5">
<tr>
<td width="24%" align="left" valign="top">First Name</td>
<td width="76%" align="left" valign="top"><label>
<input type="text" name="fname" id="fname" />
</label>
<input name="rec_id" type="hidden" id="rec_id" /><input name="flag" type="hidden" value="1"/></td>
</tr>
<tr>
<td align="left" valign="top">Last Name</td>
<td width="76%" align="left" valign="top"><label>
<input type="text" name="lname" id="lname" />
</label></td>
</tr>
<tr>
<td align="left" valign="top">Company Name </td>
<td width="76%" align="left" valign="top"><input name="company" type="text" id="company" /></td>
</tr>

<tr>
<td align="left" valign="top">Street Address </td>
<td align="left" valign="top"><input name="addr" type="text" id="addr" /></td>
</tr>
<tr>
<td align="left" valign="top">City</td>
<td align="left" valign="top"><input name="city" type="text" id="city" /></td>
</tr>
<tr>
<td align="left" valign="top">Province</td>
<td align="left" valign="top"><input name="prov" type="text" id="prov" /></td>
</tr>

<tr>
<td align="left" valign="top">Phone</td>
<td align="left" valign="top"><input name="phone" type="text" id="phone" /></td>
</tr>
<tr>
<td align="left" valign="top">Fax</td>
<td align="left" valign="top"><input name="fax" type="text" id="fax" /></td>
</tr>

<tr>
<td align="left" valign="top">Email</td>
<td align="left" valign="top"><input name="email" type="text" id="email" /></td>
</tr>
<tr>
<td align="left" valign="top">Membership Type</td>
<td align="left" valign="top"><label>
<select name="type" id="type">
<option>Select a Member Type</option>
<option value="Registered">Registered Member</option>
<option value="Provisional">Provisional Member</option>
<option value="Student">Student Member</option>
<option value="Retired">Retired Member</option>
</select>
</label></td>
</tr>
<tr>
<td align="left" valign="top">Website</td>
<td align="left" valign="top"><input name="website" type="text" id="website" /></td>
</tr>
<tr>
<td align="left" valign="top">Extra Information </td>
<td align="left" valign="top"><textarea name="notes" cols="65" rows="8" id="notes"></textarea></td>
</tr>
<tr>
<td align="left" valign="top">&nbsp;</td>
<td align="left" valign="top"><input type="submit" name="Submit" value="Submit" />
<input type="reset" name="Submit2" value="Reset" /></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="affiliates" />
</form></td>
</tr>
</table>
</td>
</tr>
</table>
<h3 align="center" class="style1">&nbsp;</h3>
<p align="center" class="bold_text"></p>

</body>
</html>


First attempt using a couple of different sites and books for help....

Thanks in advance for your critique!!!!!

davidj
07-16-2007, 08:55 PM
best to use $_POST's rather than $_REQUEST


$sql="INSERT INTO `members` ( `rec_id` , `fname` , `lname` , `company` , `addr` , `city` , `prov` , `phone` , `fax` , `email` , `website` , `type` , `notes` ) VALUES ('$_POST[fname]', '$_POST[lname]', '$_POST[company]', '$_POST[addr]', '$_POST[city]', '$_POST[prov]', '$_POST[phone]', '$_POST[fax]', '$_POST[email]', '$_POST[website]', '$_POST[type]', '$_POST[notes]')";
$result=mysql_query($sql) or die(mysql_error());

kona72
07-16-2007, 09:08 PM
I read about both but could not find any real reason one is better than the other... Obviously if you are saying POST is better then I will use it...

Just wondering why??

davidj
07-16-2007, 09:22 PM
you have 2 methods to pass data from a form for processing. GET and POST

Using GET your passing the form data through the URL as a querystring

example...

www.domain.com/page.php?field1=value1&field2=value2 (http://www.domain.com/page.php?field1=value1&field2=value2)

This is limited on how much data can be passed this way. Cant remeber the length

when you POST data you are passing it through the headers of the document and therefore you can pass unlimited data this way and you would be better using this method when passing passwords. You dont want them visible in the URL string.

GET is good for passing record ID's so you can query the db in the next process or using buttons to pass an id in order to delete the record

REQUEST is a mid ground that will catch any method but using it is bad practice and leaves it open to abuse. if you know which method your using catch the data using the correct method