Hi,
only use double quotes (") if you want to have variables interpolated e.g.
$myVal = 'its amazing'; $x = "wow $myVal";
think out about the way you layout your code - it helps when you come back to it 12 months later ;-)
sanitize all incoming variables (POST/GET/COOKIE) by changing their type or performing some other function on them to make them safe. writing:
(int) $someVar;
means make $someVar an integer; which has the nice side affect of turn ALL strings into 0 (apart from those beginning with a number in which case it keeps the numbers but that is quite sane I think)
limit your use of temporary variables e.g: don't create $action if you are only going to use it on the next line - its a performance hit and looks unelegant - a good place for temp vars is to increase readability in your code, more often than not, I feel, readability is king.
DO:
if ($_POST['action'] == 'update') {
NOT:
$action = $_POST['action'];
if ($action == 'update') {
DO:
$action = perform_check_on_var( $_POST['action'],
array($arg1, $arg3),
$arg2 );
if ($action == 'update') {speaking of readability -
comment you code; especially the bit the make your eyes water! google around for stuff like phpDoc or phpDocumentor; that will at the very least give you good tips on what to stuff put in your comments and how to define them (getting into this habit pays dividends later when documentation generation come into play - for which tools like phpDocumentor are written ;-) ... all kinda based on javaDoc (something to google ;-) as far as I can see.
if you are just starting out and its feasable why not give php5 a go - its feature complete and quite stable (RC1 currently); alot of the new features are really quite cool! besides as you learn you will not have to step over to a new version (which in itself can be a learning experience!).
BTW: there is nothing wrong with having one page handle all updates/deletes etc - although becareful of filesize, longfile are a pain to edit/maintain - in such case you maybe want to create functions of the update and delete code and call them from your main script.
At the end of the day its a matter of preference and application design choices which lead to one or the other scenario. try googling for 'Model View Controller PHP' - hopefully you'll get some useful code/examples of
request processing control which uses single entry points (i.e. a single page) to perform all actions.
lastly I made a few slight alterations to your example script:
<?
include ('./db.php');
if ($_POST['action'] == 'update') {
//Enter info into the database
mysql_query("begin"); if (isset($_POST['delete']) && @count($_POST['delete'])) {
foreach ($_POST['delete'] as $k => $val) {
(int) $_POST['delete'][ $k ];
if (! $_POST['delete'][ $k ]) {
unset($_POST['delete']);
}
} if ($deleteList = join(', ', $_POST['delete'])) {
mysql_query("DELETE FROM imp_fleet
WHERE fleet_id IN($deleteList)")
or die (mysql_error());
}
} else {
foreach ($_POST['fleet_id'] as $k => $val) {
$fleetCode = (int) $_POST['fleet_code'][ $k ];
if (! $fleetcode) { continue; }
$historyUrl = str_replace("'", "''",
$_POST['history_url'][ $k ]);
$downloadUrl = str_replace("'", "''",
$_POST['download_url'][ $k ]);mysql_query("UPDATE imp_fleet SET
fleet_code = '$fleetCode', history_url = '$historyUrl',
download_url = '$downloadUrl'
WHERE fleet_id = $val")
or die (mysql_error());
}
if (mysql_error()) {
echo ("There has been an error with your edit / delete request. Please contact the webmaster");
mysql_query('rollback');
} else {
mysql_query('commit');
}
}
?>
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
