[PHP] Filtering results via user input
I wrote a function (inferior no doubt) that takes the values of a form with a get method to filter results from the database. It is a list of orders, and I need to be able to filter by the user, the user's school, or specific items (find all orders that have *this* item). I thought I figured out how to do it all, but it's just not returning a 'valid resource'. How do most people go about this? POST or GET? POST is obviously the most secure, but since this is on an employee only page, security (to my niave way of thinking) is not much of an issue. All the filter parameters are from drop downs; I have three forms set up (to filter by user, school, or item) and I did this because I don't know the first thing about AJAX (dynamically updating form drop-downs). If anyone is interested, I would like to send you the PHP file with the filter function (as it is too long to paste here). PLEASE HELP! Thanks :)
Re: [PHP] Filtering results via user input
On Tue, Dec 8, 2009 at 1:49 PM, Allen McCabe allenmcc...@gmail.com wrote: I wrote a function (inferior no doubt) that takes the values of a form with a get method to filter results from the database. It is a list of orders, and I need to be able to filter by the user, the user's school, or specific items (find all orders that have *this* item). I thought I figured out how to do it all, but it's just not returning a 'valid resource'. How do most people go about this? POST or GET? POST is obviously the most secure, but since this is on an employee only page, security (to my niave way of thinking) is not much of an issue. All the filter parameters are from drop downs; I have three forms set up (to filter by user, school, or item) and I did this because I don't know the first thing about AJAX (dynamically updating form drop-downs). If anyone is interested, I would like to send you the PHP file with the filter function (as it is too long to paste here). PLEASE HELP! Thanks :) POST is no more or less secure than GET. Its all the same to the server, excepting that the length of the data on GET is limited to about 4K. The valid resource error means that your query is failiing somewhere. Log the query or echo it out and test it thru PhpMyAdmin or some other DB tool to see where your statement is failing, then correct it. Perhaps you are messing up on the AND portion of the statement when adding additional filters into the query, but that is just a guess. -- Bastien Cat, the other other white meat -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Filtering results via user input
On Tue, 2009-12-08 at 10:49 -0800, Allen McCabe wrote: I wrote a function (inferior no doubt) that takes the values of a form with a get method to filter results from the database. It is a list of orders, and I need to be able to filter by the user, the user's school, or specific items (find all orders that have *this* item). I thought I figured out how to do it all, but it's just not returning a 'valid resource'. How do most people go about this? POST or GET? POST is obviously the most secure, but since this is on an employee only page, security (to my niave way of thinking) is not much of an issue. All the filter parameters are from drop downs; I have three forms set up (to filter by user, school, or item) and I did this because I don't know the first thing about AJAX (dynamically updating form drop-downs). If anyone is interested, I would like to send you the PHP file with the filter function (as it is too long to paste here). PLEASE HELP! Thanks :) Just to let you know, POST is no more secure than GET, all are easy to spoof. I'd use the form to build the query. Use an if to see if certain parameters have been requested in the form, and add a clause to the query string as you build it. If the query doesn't run, then print it out, that will show obvious problems and let you put it in a query executor that can give you more info. Thanks, Ash http://www.ashleysheridan.co.uk
