$ques2=$_POST['Question_2'];
$ques3=$_POST['Question_3'];
$ques3a=$_POST['Question_3a'];
if (eregi("'", $ques2)){
$ques2=htmlspecialchars(str_replace('\\', '', $ques2), ENT_QUOTES);
}
if (eregi("'", $ques3)){
$ques3=htmlspecialchars(str_replace('\\', '', $ques3), ENT_QUOTES);
}
if (eregi("'", $ques3a)){
$ques3a=htmlspecialchars(str_replace('\\', '', $ques3a), ENT_QUOTES);
}
where Question_2 is the name of your textbox in the originating form, and eregi is a search command for any single quote
in the textbox, then the htmlspecialchars command will work...by itself probably not.
The next tip is a little more complicated, PHP urls, I suggest you look at a ColdFusion example of passing an URL through
a template,-- it needs two pages, one page has the actual link, the other the result that grabs the primarykey or
id of the link and sets it equal to the id in the table and then pulls the records for that particular id.
First of all, you have to set up your MySQL table with the proper PrimaryKey, you can call it anything you want,
id, key, doesn't matter, but it has to be unique, autonumber, not null etc. So I set up two php pages, listing.php
the one that pulls the actual names of the program names from the table and associates them with an id and makes them
into a link, and url.php, the page that pulls the records from the table that are equal to the primarykey. In ColdFusion,
this is easily done, by a SQL statement that involves an #URL.primarykey# -- the one in PHP, is a little more.
complicated.
listing.php
<?php $con=mysql_connect("hostname", "login", "password")or die("Connect Error: ".mysql_error());
$db="databasename";
mysql_select_db($db, $con)or die("Connect Error: ".mysql_error());
$sql="select primarykey, program from tablename ORDER BY program ASC";
$result= mysql_query("$sql")or die("Connect Error: ".mysql_error());
while ($row = mysql_fetch_object($result)) { ?>
<a href="url.php?<?php echo primarykey ?>=<?php echo $row->primarykey;?>"><?php echo $row->program; ?></a><br />
<?php
}
mysql_free_result($result);
mysql_close($con);
?>
Note that the a href statement is set equal to the second page, the url.php, and that it is very important that
the word primarykey is set equal to row->primarykey(the recordset), the coding is intense, but this does work,
it pulls the program names but gives each of them a URL reference of a number, a primary key, so when you click
on it, your resulting web page is this:
http://www.veteranrecovery.org/phpforms/url.php?primarykey=55
where 55 is the primary key assigned to that program name.
Still obvious right, but what about the url.php, a little harder to make the resulting table records match the
primarykey...
<?php $con=mysql_connect("hostname", "login", "password")or die("Connect Error: ".mysql_error());
$db="databasename";
mysql_select_db($db, $con)or die("Connect Error: ".mysql_error());
$primarykey=$_GET['primarykey'];
$entry=mysql_query("SELECT * FROM tablename WHERE primarykey=".$_GET[ 'primarykey' ]) or die ("SQL Query Failed!");
$row = mysql_fetch_object($entry);?>
<?php if ($row->program !== ""){?><br><hr><font color="black" size="2">Facility or Program Name:<font color="purple"><?php echo $row->program; ?><br /><?php }; ?>
<?php if ($row->email3 !== ""){?><br><hr><font color="black" size="2">Your Email:<font color="purple"><?php echo $row->email3; ?><br /><?php }; ?>
<?php if ($row->contacts !== ""){?><br><hr><font color="black" size="2">Contacts:<font color="purple"><?php echo $row->contacts; ?><br /><?php }; ?>
<?php if ($row->photo !== ""){?><br><hr><font color="black" size="2">Click here to see your photos:<a href="<?php echo $row->photo; ?>"><?php echo $row->photo; ?></a><br /><?php }; ?>
<?php if ($row->location !== ""){?><br><hr><font color="black" size="2">Location:<font color="purple"><?php echo $row->location; ?><br /><?php }; ?>
<?php if ($row->ques2 !== ""){?><br><hr><font color="black" size="2">What is the history of the program?: <font color="purple"><?php echo $row->ques2; ?><br /><?php }; ?>
<?php if ($row->ques3 !== ""){?><br><hr><font color="black" size="2">Rationale/Program Goals: Why should VA add peer services?: <font color="purple"><?php echo $row->ques3; ?><br /><?php }; ?>
<?php if ($row->ques3a !== ""){?><br><hr><font color="black" size="2">What are current goals of the program?: <font color="purple"><?php echo $row->ques3a; ?><br /><?php }; ?>
<?php
mysql_free_result($entry);
mysql_close($con);
?>
The SQL statement is believe it or not hard to find on the web, but copy it and that's it, the primarykey in the
database is equal to the one 'gotten' from the url you have just submitted. It's hard to get the code to work with
a while statement, but if it's just single answers for a single link in a list, it works!
If you have any comments or suggestions on this web page, please do not hesitate to email
julia@juliacomputers.com