Processing Web Input with MySQL - MySQL

Database Reference

In-Depth Information

the corresponding parameter value. If the parameter is not available, the function re‐

turns an unset value. ( get_param_val() uses a helper function, strip_slash_help

er() , which is discussed shortly.)

function get_param_val ( $name )

{

$val = NULL ;

if ( isset ( $_GET [ $name ]))

$val = $_GET [ $name ];

else if ( isset ( $_POST [ $name ]))

$val = $_POST [ $name ];

if ( isset ( $val ) && get_magic_quotes_gpc ())

$val = strip_slash_helper ( $val );

return ( $val );

}

To use this function to obtain the value of a single-valued parameter named id , call it

like this:

$id = get_param_val ( "id" );

Test $id to determine whether the id parameter was present in the input:

if ( isset ( $id ))

... id parameter is present ...

else

... id parameter is not present ...

For a form field that might have multiple values (such as a checkbox group or a multiple-

pick scrolling list), represent it in the form using a name that ends in [] . For example,

a list element constructed from the SET column accessories in the cow_order table

has one item for each permitted set value. To make sure PHP treats the element value

as an array, name the field accessories[] , not accessories . (See Recipe 20.3 for an

example.) When the form is submitted, PHP places the array of values in a parameter

named without the [] . To access it, do this:

$accessories = get_param_val ( "accessories" );

The value of the $accessories variable is an array, whether the parameter has multiple

values, a single value, or even no values. The determining factor is not whether the

parameter actually has multiple values, but whether you named the corresponding field

in the form using [] notation.

The get_param_val() function checks the $_GET and $_POST arrays for parameter val‐

ues. Thus, it works correctly regardless of whether the request was made by get or

post , or whether register_globals is enabled. It assumes only that track_vars is

enabled.

get_param_val() also works correctly regardless of whether magic quoting is enabled.

It uses a helper function strip_slash_helper() that performs backslash stripping from

parameter values if necessary:

MySQL

Search WWH ::

Custom Search

Home