PHP Tips and Tricks --
How to code forms going into tables so punctuation marks don't fry the output, and
How to click on a link and have table output as a result in PHP and MySQL



I was working on my first web design job for the U.S. Government called veteranrecovery.org when I came across two challenges -- one how to code the given ISP so single quotes etc. in my form's text boxes didn't fry the form output and show up in the table, and how to construct a web page that passed URL parameters so that table output was specific to each link...easy enough to do in a form, a little harder to do in PHP...Copy and paste the code into Notepad to avoid html marks

First of all, many of you will find the htmlcharacters code on the web, but if you use this alone or as usually suggested in a php originating form (instead of an originating htm form as I did), you will be lost, -- what if your form is just a straightforward html form with a post action, and your resulting form is a php form, what code do you use to be sure your textboxes go into a database with clean code and don't crash with single quotes or percent signs.
Use this format:

$ques2=$_POST['Question_2'];
$ques3=$_POST['Question_3'];
$ques3a=$_POST['Question_3a'];

if (eregi("'", $ques2)){
$ques2=htmlspecialchars(str_replace('\\', '', $ques2), ENT_QUOTES);
}
if (eregi("'", $ques3)){
$ques3=htmlspecialchars(str_replace('\\', '', $ques3), ENT_QUOTES);
}
if (eregi("'", $ques3a)){
$ques3a=htmlspecialchars(str_replace('\\', '', $ques3a), ENT_QUOTES);
}

where Question_2 is the name of your textbox in the originating form, and eregi is a search command for any single quote in the textbox, then the htmlspecialchars command will work...by itself probably not.
The next tip is a little more complicated, PHP urls, I suggest you look at a ColdFusion example of passing an URL through a template,-- it needs two pages, one page has the actual link, the other the result that grabs the primarykey or id of the link and sets it equal to the id in the table and then pulls the records for that particular id. First of all, you have to set up your MySQL table with the proper PrimaryKey, you can call it anything you want, id, key, doesn't matter, but it has to be unique, autonumber, not null etc. So I set up two php pages, listing.php the one that pulls the actual names of the program names from the table and associates them with an id and makes them into a link, and url.php, the page that pulls the records from the table that are equal to the primarykey. In ColdFusion, this is easily done, by a SQL statement that involves an #URL.primarykey# -- the one in PHP, is a little more. complicated.

listing.php

<?php $con=mysql_connect("hostname", "login", "password")or die("Connect Error: ".mysql_error());

$db="databasename";

mysql_select_db($db, $con)or die("Connect Error: ".mysql_error());

$sql="select primarykey, program from tablename ORDER BY program ASC";

$result= mysql_query("$sql")or die("Connect Error: ".mysql_error());

 

while ($row = mysql_fetch_object($result)) { ?>
<a href="url.php?<?php echo primarykey ?>=<?php echo $row->primarykey;?>"><?php echo $row->program; ?></a><br />

<?php
}

mysql_free_result($result);

mysql_close($con);
?>


Note that the a href statement is set equal to the second page, the url.php, and that it is very important that the word primarykey is set equal to row->primarykey(the recordset), the coding is intense, but this does work, it pulls the program names but gives each of them a URL reference of a number, a primary key, so when you click on it, your resulting web page is this:

http://www.veteranrecovery.org/phpforms/url.php?primarykey=55

where 55 is the primary key assigned to that program name.

Still obvious right, but what about the url.php, a little harder to make the resulting table records match the primarykey...

 

<?php $con=mysql_connect("hostname", "login", "password")or die("Connect Error: ".mysql_error());

$db="databasename";

mysql_select_db($db, $con)or die("Connect Error: ".mysql_error());
$primarykey=$_GET['primarykey'];


$entry=mysql_query("SELECT * FROM tablename WHERE primarykey=".$_GET[ 'primarykey' ]) or die ("SQL Query Failed!");

$row = mysql_fetch_object($entry);?>

<?php if ($row->program !== ""){?><br><hr><font color="black" size="2">Facility or Program Name:<font color="purple"><?php echo $row->program; ?><br /><?php }; ?>

<?php if ($row->email3 !== ""){?><br><hr><font color="black" size="2">Your Email:<font color="purple"><?php echo $row->email3; ?><br /><?php }; ?>

<?php if ($row->contacts !== ""){?><br><hr><font color="black" size="2">Contacts:<font color="purple"><?php echo $row->contacts; ?><br /><?php }; ?>

<?php if ($row->photo !== ""){?><br><hr><font color="black" size="2">Click here to see your photos:<a href="<?php echo $row->photo; ?>"><?php echo $row->photo; ?></a><br /><?php }; ?>

<?php if ($row->location !== ""){?><br><hr><font color="black" size="2">Location:<font color="purple"><?php echo $row->location; ?><br /><?php }; ?>

<?php if ($row->ques2 !== ""){?><br><hr><font color="black" size="2">What is the history of the program?: <font color="purple"><?php echo $row->ques2; ?><br /><?php }; ?>

<?php if ($row->ques3 !== ""){?><br><hr><font color="black" size="2">Rationale/Program Goals: Why should VA add peer services?: <font color="purple"><?php echo $row->ques3; ?><br /><?php }; ?>

<?php if ($row->ques3a !== ""){?><br><hr><font color="black" size="2">What are current goals of the program?: <font color="purple"><?php echo $row->ques3a; ?><br /><?php }; ?>

<?php

mysql_free_result($entry);

mysql_close($con);

?>

 

 


The SQL statement is believe it or not hard to find on the web, but copy it and that's it, the primarykey in the database is equal to the one 'gotten' from the url you have just submitted. It's hard to get the code to work with a while statement, but if it's just single answers for a single link in a list, it works!
If you have any comments or suggestions on this web page, please do not hesitate to email julia@juliacomputers.com