[Chugalug] Newbie question

Randy Yates lpcustom at gmail.com
Sat Aug 17 16:08:36 UTC 2013


If you are checking the button, you can just check if the button id isset
in post, I believe. Like:

if(isset($_POST['buttonId'])) {
....
}


On Sat, Aug 17, 2013 at 12:03 PM, Tyler Mittan <
flashbatmanquestion at gmail.com> wrote:

> Thanks, I am trying out what you sent because it looks cleaner and easier
> to read. The first if statement being made with the $_POST, instead of
> 'action' and 'create', should it be the name of the submit button? I just
> want to clarify before trying it.
> On Aug 17, 2013 11:58 AM, "Randy Yates" <lpcustom at gmail.com> wrote:
>
>> If you are seeing code, it could be from the multiple includes of the
>> same file in your code.
>>
>>
>> On Sat, Aug 17, 2013 at 11:50 AM, Randy Yates <lpcustom at gmail.com> wrote:
>>
>>> Tyler, here is a slightly better version of your pastebin code. I
>>> haven't tested it to see how it looks, so I may have a mistake here and
>>> there. However, notice the use of PDO. Check out the :year, :make, :model,
>>> etc in the SQL statement. Then when the $pdo->execute() is executed an
>>> array is passed as an argument to tell PDO how to bind the values.
>>>
>>> http://pastebin.com/W5tas7J9
>>>
>>>
>>> On Sat, Aug 17, 2013 at 11:29 AM, Randy Yates <lpcustom at gmail.com>wrote:
>>>
>>>> When I said that, I was just trying to find the quick fix for his
>>>> problem. I later warned him that he would have SQL injection issues with a
>>>> statement like that. I just didn't want anyone to get the idea that I wrote
>>>> that SQL statement. I was merely pointing out that he was missing the
>>>> keyword "VALUES" in his pastebin code.
>>>>
>>>>
>>>> On Sat, Aug 17, 2013 at 11:24 AM, Dan Lyke <danlyke at flutterby.com>wrote:
>>>>
>>>>> On Fri, 16 Aug 2013 20:18:04 -0400
>>>>> Randy Yates <lpcustom at gmail.com> wrote:
>>>>> > Tyler, your SQL statement may be failing. Have you tried that
>>>>> > statement manually in mysql? You may need to add VALUES like so:
>>>>> >
>>>>> >    1. INSERT INTO sedan ( year, make, model, color, price)
>>>>> >    values('{$_POST['year']}','{$_POST['make']}', '{$_POST['model']}',
>>>>> >    '{$_POST['color']}', '{$_POST['price']}')";
>>>>>
>>>>> I know nothing about PDO, and am not generally a fan of ORMs, but never
>>>>> ever ever do this.
>>>>>
>>>>> Use bound variables, or make sure that values put into SQl statements
>>>>> get properly quoted.
>>>>>
>>>>> Here's why: http://xkcd.com/327/
>>>>>
>>>>> Dan
>>>>> _______________________________________________
>>>>> Chugalug mailing list
>>>>> Chugalug at chugalug.org
>>>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Google reads my email!
>>>>
>>>
>>>
>>>
>>> --
>>> Google reads my email!
>>>
>>
>>
>>
>> --
>> Google reads my email!
>>
>> _______________________________________________
>> Chugalug mailing list
>> Chugalug at chugalug.org
>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>
>>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
>


-- 
Google reads my email!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130817/cc203087/attachment.html>


More information about the Chugalug mailing list