I have a page that has 39 check boxes. The check boxes in my example resemble form names. My problem is that with 39 check boxes I need a way to store what forms were given to a student. Currently what I have set up is that each form is separated with a comma and a quote so that when a report is run the Administrator can use a CSV download option and group which forms a student has received. This works but is very rudimentary and also gives a bad side affect that before each form name a / is present because mysql escapes quotes.
This is what I currently have :
if ($this->input->post('action') == 'additional') {
$givenforms = "";
foreach ($this->input->post('form') as $forms) {
$givenforms .= ', "' . $forms . '"';
}
$comments = 'This student was given' . $givenforms . '';
if (($this->input->post('action') == 'additional') && ($this->input->post('other') == 'OTHER')) {
$comments .= ', '.$this->input->post('counselorcomments');
}
}
Again in the database the results will look like : This student was given "xyz", "eoe", "wwo",
Pretty much I just need ideas on how to store which forms a student was given, and if needed if all 39 forms are given to a student I need to store all forms the student was given for later reporting. (even though 39 forms wont be given)
Sounds like you need a one:many relationship between students and forms. Might want to do a little research on that topic.
I consider it generally to be pretty poor form to store comma separated values in a single field in a database, if you're doing that, it's almost always a sign that you need (at least) another table.
An hour or two of refactoring what I had with the CSV paid off quite well. I am very very pleased with the reporting/analytical possibilities of the knew information and the way I got it stored now.
Couple snippets of code for any one else looking into doing something like this! :
if ($this->form_validation->run() == FALSE) { // This stuff is self explanatory RT(F)M if you will :)
$this->cont();
} else {
$this->load->model('queue_model'); // Load model
$session = $this->uri->segment(3); // Gets the session id
$counselor = $this->session->userdata('username'); // I get counsellor names from the username they log in by joining between the two tables
if ($this->input->post('action') == 'Additional') { // If additional forms is checked do the following
foreach ($this->input->post('form') as $form_id) { // for each form submitted take the session Id from above and insert it into the table forms with the foreach $form_id variable
$this->queue_model->forms($session, $form_id);
}
if (($this->input->post('action') == 'Additional') && ($this->input->post('addother') == 'addotherinfo')) { // If forms were submitted and a addotherinfo was [checked] add comments
$comments = ''.$this->input->post('action'). ' - '.$this->input->post('counselorcomments').'';
} else {
$comments = $this->input->post('action');
}
}
Also adding in a forms table (with the ID's and form names) allowed me to dynamically make the check boxes like so :
<?php
foreach ($elevennine as $form) { ?>
<label id="form"><input type="checkbox" name="form[]" value="<?php echo $form['form_id'] ?>" <?php echo set_checkbox('form', $form['form_id']) ?>><?php echo $form['forms'] ?></label>
<?php }
?>
Thanks for all the great ideas!
Related
Sorry if the title is not clear enough, here is the explaination :
I got a MYSQL Database named "perso", with "perso_name in it". The perso_name are the same as the values in my select form. Here is the HTML code :
<form method="post">
<select name="selectperso" onchange="showUser(this.value)">
<option value="op1">Option1</option>
<option value="op2">Option2</option>
</select>
<input type="submit" name="validperso" value="Confirm">
</form>
Here is the PHP code :
<?php
$error = 0;
if (isset($_POST['validperso'])) {
if ($error !== 0) {
echo"<script>alert(\"Error\")</script>"; }
else {
echo "<script>alert(\"Working\")</script>";
}
}
?>
Now, what i want to do is kinda tricky.
Let's say i have "op3" in my database, but the user can't have it. The problem is that the user can modify the value "op1" to "op3" and then he will have the op3. I want to make a condition which says "if the user select one of the "op" value available in the select, then it's ok. Else, error++."
Thanks for the help !
Okay, I write more info about your problem.
Usually what you need is called whitelisting - you create a list of some things, that are allowed for user.
It can be simple array like:
$allowed_options = ['op1','op2','op3'];
if (!in_array($userInput, $allowed_options)) {
// input not allowed, do something
}
Or more complicated logic like a query to mysql:
select * from table where option = "USER_INPUT" and user_role = 'SOME_ROLE'
Anyway, only you as a developer know how to limit user's activity.
If, for example, you create your select from array of values:
foreach ($values as $v) {
echo '<option value="' . $v . '">VALUE</option>";
}
Then use same array $values to check if user input is allowed.
Same to mysql queries or other ways of getting required content.
To achieve your target better way you bind user with options in DB (i.e. Like username and Password) and then every time you validate user and options.
Another way you can put a hidden field with correct option and user mapped. And every time you can matched user selected option with hidden field value. This is not secure method.
I realize this is a question that has been asked before ("Cannot use [] for reading"), but I'm having trouble wrapping my head around the answer and how to fix my particular function.
function check_required_checkbox($checkbox_name, $error, $is_multiple_checkboxes)
{
global $error_msgs;
if ($is_multiple_checkboxes == true)
{
if (!isset($_POST[$checkbox_name][]))
{
$error_msgs[] = $error;
}
else if ($is_multiple_checkboxes == false)
{
if (!isset($_POST[$checkbox_name]))
{
$error_msgs[] = $error;
}
}
}
The problem line is 6, !isset($_POST[$checkbox_name][]), and I'm not understanding how the correct way I should write it. I saw instances of using brackets but !isset($_POST[{$checkbox_name}][]) isn't correct either.
When I have multiple checkboxes that use name="radda[]", I want my function to check that all of the checkboxes with a specific name are checked, and if not, add $error to the $error_msgs[] array.
EDIT:
I discussed with the department that was requesting a rewrite of the old form. Instead of using checkboxes, I switched it to a list of all of the borrower's rights and responsibilities, and then used a radio button below the list to ask the user to select "yes" or "no" on whether they read the list. Then I made it required to select "yes" or "no" and added validation that if "no" was selected, they wouldn't be able to submit the application. This was far easier than trying to make a bunch of checkboxes required. I do appreciate the help that everyone offered though.
If I understood what you need.
Try to define the $checkbox_name variable and then access the POST.
$checkbox_name = 'radda';
if (isset($_POST[$checkbox_name]) && !is_array($_POST[$checkbox_name]))
{
$error_msgs[] = $error;
}
Something like that should work.
Here is a similar thread: Retrieve an associative array value with a variable as key
I have a couple of fields in the <form>... $fieldset is array of the fields name, it loop them with isset() checking.
I want to apply validation (eg: required input, email) to a few fields, how to apply this from my code logic?
public function actionProfile($id = null) {
$profileModel = new ProfileModel;
// <input> fields name
$fieldset['name'] = array('FirstName', 'LastName');
$fieldset['address'] = array('HouseNumber', 'StreetName', 'Town', 'Location');
$formError = array();
if (isset($_POST['profile'])) {
// Process input event
foreach ($fieldset as $legend => $fields) {
foreach ($fields as $field) {
if (!isset($_POST['profile'][$field])) {
$formError[$legend] = $field;
} else {
$form[$legend][$field] = $_POST['profile'][$field];
}
}
}
if (count($formError) == 0) {
if ($profileModel->saveAddress($form['address'])) {
//Saved to the database.
}
}
}
// Get data from the database
$data['profile'] = $profileModel->find($id);
$view = new View($this->layout, $data)->render();
}
In the view file, it would look something like this:
<input type='text' value=<?php echo $profile['first_name'] name='profile[FirstName]' ?>
<input type='text' value=<?php echo $profile['last_name'] name='profile[LastName]' ?>
Edit: When editing the record via form.. If there is an error (validation) - I want to put user input value back into <input> value instead of value from the database. How can it be done from my code?
You are currently putting validation logic inside the controller. That should go in the Domain Business Object (read more: here and here).
Also, "model" is not a class. Model is a layer in MVC architecture. This layers mostly consists of two types of instances: Domain Objects and Data Mappers. Each with quite different responsibilities.
I think it would be wise to split the verification code from the actual update function.
Have it run through a validator first, checking for length and required inputs. When that passes, you can send all that (formatted) data to the action. If it doesn't pass the validation, return it to the view with additional error information so you can guide the user to fix the problem.
I hope you understand what I'm trying to explain to you. :-).
Use the PHP Filter functions:
http://www.php.net/manual/en/ref.filter.php
Use the Variable Handlers
http://us2.php.net/manual/en/ref.var.php
This post relates to WordPress and CIMY User Extra Fields. I do not think you need a knowledge of the latter to help with this problem, as it seems to be a WordPress issue more than anything.
CIMY User Extra Fields is a plugin that allows registered users to have much more information in their profiles. You can add as many fields as you want. You then have to edit "author.php" to pull in the new information.
I am currently using the following code to pull in the new user profile fields:
<?php if (have_posts()) { $flag = true; while (have_posts()) { the_post();
if ($flag) { $value = get_cimyFieldValue(get_the_author_ID(), 'dj-name');
if ($value != NULL) echo "<p><strong>Staff Bio: </strong>" . cimy_uef_sanitize_content($value);
echo "</p>";
$flag = false; }}}?>
The issue is this. Some of my users have 0 posts and this code will only pull the extra field content for the user if that have 1 post or more. This is due to the "if (have_posts())" function I suspect. Is there someway to modify the code to display the information even if the user has 0 posts?
Thanks
Zach
If it's not a need that a user must have a post to have CIMY values stored (which I assume), you just don't need to check for post-count > 0. You probably have copied that chunk of code over from a post template.
The following example just takes the value, and if it is set, will do the output via echo:
<?php
$authorID = get_the_author_meta('ID');
$value = get_cimyFieldValue($authorID, 'dj-name');
if (!empty($value))
echo '<p><strong>Staff Bio: </strong>'
, cimy_uef_sanitize_content($value)
, '</p>'
;
?>
To practice PHP and MySQL development, I am attempting to create the user registration system for an online chess game.
What are the best practices for:
How I should handle the (likely) possibility that when a user tries to register, the username he has chosen is already in use, particularly when it comes to function return values? Should I make a separate SELECT query before the INSERT query?
How to handle varying page titles?($gPageTitle = '...'; require_once 'bgsheader.php'; is rather ugly)
(An excerpt of the code I have written so far is in the history.)
Do a separate SELECT to check whether the username is already in use before attempting to INSERT.
More importantly, I would suggest something like the following structure for the script you're writing. It has a strong separation of presentation logic (e.g. HTML) from your other processing (e.g. validation, database, business logic.) This is one important aspect of the model-view-controller paradigm and is generally considered a best-practice.
<?php
// The default state of the form is incomplete with no errors.
$title = "Registration";
$form_completed = false;
$errors = array();
// If the user is submitting the form ..
if ($_POST) {
// Validate the input.
// This includes checking if the username is taken.
$errors = validate_registration_form($_POST);
// If there are no errors.
if (!count($errors)) {
// Add the user.
add_user($_POST['username'], $_POST['password']);
// The user has completed.
$form_completed = true;
// Optionally you could redirect to another page here.
} else {
// Update the page title.
$title = "Registration, again!"
}
}
?>
<html>
<head>
<title>Great Site: <?= $title ?></title>
<body>
<?php if ($form_complete): ?>
<p>Thanks for registering!</p>
<?php else: ?>
<?php if (count($errors)): ?>
<ul>
<?php foreach ($errors as $error): ?>
<li><?= $error ?></li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
<form method="post">
Username: <input type="text" name="username">
Password: <input type="password" name="password">
<input type="submit">
</form>
<?php endif; ?>
</body>
</html>
Well, one thing you can do instead of repeating code down near the bottom is this:
if( $result === true ) {
$gPageTitle = 'Registration successful';
$response = <p>You have successfully registered as ' . htmlspecialchars( $username ) . ' on this site.</p>';
} elseif( $result == 'exists' ) {
$gPageTitle = 'Username already taken';
$response = '<p>Someone is already using the username you have chosen. Please try using another one instead.</p>';
} else {
trigger_error('This should never happen');
}
require_once 'bgsheader.php';
echo $response;
require_once 'bgsfooter.php';
Also, you can return false rather than the string 'exists' in the function, not that it makes much difference.
Checking the error number isn't bad, I'm sure that's why it's an included feature. If you really wanted to do something different, you could check if there already is a user by that name by selecting the username. If no result exists, then insert the user, otherwise, give the error.
One thing I like to do with error handling on forms is save all the error strings into an array like $error['username'], $error['email'], etc., and then have it run through the error checking on each input individually to set all the error strings, and then have a function that does something like this:
function error($field)
{
global $error;
if(isset($error[$field]))
{
echo $error[$field];
}
}
and then call that after each field in the form to give error reporting on the form. Of course, the form page must submit to itself, but you could have all the error checking logic in a separate file and do an include if $_POST['whatever'] is set. If your form is formatted in a table or whatever, you could even do something like echo '<tr><td class="error">' . $error[$field] . '</td></tr>, and automatically insert another row directly below the field to hold the error if there is one.
Also, always remember to filter your inputs, even if it should be filtered automatically. Never pass post info directly into a DB without checking it out. I'd also suggest using the specific superglobal variable for the action, like $_POST rather than $_REQUEST, because $_REQUEST contains $_GET, $_POST, and $_COOKIE variables, and someone could feasibly do something strange like submit to the page with ?username=whatever after the page, and then you have both $_POST['username'] and $_GET['username'], and I'm not sure how $_REQUEST would handle that. Probably would make there be a $_REQUEST['username'][0] and $_REQUEST['username'][1].
Also, a bit about the page titles. Don't know if you have it set up like this but you can do something like this in your header:
$pageTitle = "My Website";
if(isset($gPageTitle))
{
$pageTitle .= "- $gPageTitle";
}
echo "<title>$pageTitle</title>";
Which would make the page load normally with "My Website" as the title, and append "- Username already exists" or whatever for "My Website - Username already exists" as the title when $gPageTitle is set.
I think the answer from Mr. Neigyl would require a separate trip to the database, which is not a good idea because it would only add performance overhead to yuor app.
I am not a PHP guru, but I know my way around it, although I don't recall the === operator. == I remember.
You could pass the function call directly into the IF statement.
if (addUser($username, $passwd));
I don't see anything wrong with using the $gPageTitle variable, but you will probably have to declare it "global" first and then use namespaces so you can actually access it within the "header.php" because "header.php" will not know how to address this page's variables.
Although I personally don't like messing with namespaces and I would rather call a function from the "header.php" and pass the page title into it
display_title($pgTitle);
or
display_title("Registration Successfull");
or
$header->display_title("Registration Successfull")
if you like OO style better
Let me know if that helps. :)
You should get into forms and allow your page to redirect to another page where you have there the 'insert username to database'.
Suppose the username entered is in a post variable such as $_POST['username'].
Have your database check where that username exist:
$res = mysql_query("SELECT * FROM table WHERE username='$_POST['username']'") or die(mysql_error());
if(mysql_num_rows($res) > 0) {
echo "Username exists.";
// more code to handle username exist
} else {
// ok here.
}
What is basically done is we check if your table already contains an existing username. mysql_num_rows($res) will return 0 if no username exist.