Filtering results via user input

--001636d34bfe1b13b3047a3c09e8
Content-Type: text/plain; charset=ISO-8859-1

I wrote a function (inferior no doubt) that takes the values of a form with
a get method to filter results from the database.

It is a list of orders, and I need to be able to filter by the user, the
user's school, or specific items (find all orders that have *this* item).

I thought I figured out how to do it all, but it's just not returning a
'valid resource'.


How do most people go about this? POST or GET? POST is obviously the most
secure, but since this is on an employee only page, security (to my niave
way of thinking) is not much of an issue.

All the filter parameters are from drop downs; I have three forms set up (to
filter by user, school, or item) and I did this because I don't know the
first thing about AJAX (dynamically updating form drop-downs).

If anyone is interested, I would like to send you the PHP file with the
filter function (as it is too long to paste here).

PLEASE HELP! Thanks :)

--001636d34bfe1b13b3047a3c09e8--

Re: Filtering results via user input

--=-j62Iwjx88lrTdtzzIXW5
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Tue, 2009-12-08 at 10:49 -0800, Allen McCabe wrote:

> I wrote a function (inferior no doubt) that takes the values of a form with
> a get method to filter results from the database.
>
> It is a list of orders, and I need to be able to filter by the user, the
> user's school, or specific items (find all orders that have *this* item).
>
> I thought I figured out how to do it all, but it's just not returning a
> 'valid resource'.
>
>
> How do most people go about this? POST or GET? POST is obviously the most
> secure, but since this is on an employee only page, security (to my niave
> way of thinking) is not much of an issue.
>
> All the filter parameters are from drop downs; I have three forms set up (to
> filter by user, school, or item) and I did this because I don't know the
> first thing about AJAX (dynamically updating form drop-downs).
>
> If anyone is interested, I would like to send you the PHP file with the
> filter function (as it is too long to paste here).
>
> PLEASE HELP! Thanks :)


Just to let you know, POST is no more secure than GET, all are easy to
spoof.

I'd use the form to build the query. Use an if to see if certain
parameters have been requested in the form, and add a clause to the
query string as you build it. If the query doesn't run, then print it
out, that will show obvious problems and let you put it in a query
executor that can give you more info.

Thanks,
Ash
http://www.ashleysheridan.co.uk



--=-j62Iwjx88lrTdtzzIXW5--

Re: Filtering results via user input

On Tue, Dec 8, 2009 at 1:49 PM, Allen McCabe wrote:
> I wrote a function (inferior no doubt) that takes the values of a form wi=
th
> a get method to filter results from the database.
>
> It is a list of orders, and I need to be able to filter by the user, the
> user's school, or specific items (find all orders that have *this* item).
>
> I thought I figured out how to do it all, but it's just not returning a
> 'valid resource'.
>
>
> How do most people go about this? POST or GET? POST is obviously the most
> secure, but since this is on an employee only page, security (to my niave
> way of thinking) is not much of an issue.
>
> All the filter parameters are from drop downs; I have three forms set up =
(to
> filter by user, school, or item) and I did this because I don't know the
> first thing about AJAX (dynamically updating form drop-downs).
>
> If anyone is interested, I would like to send you the PHP file with the
> filter function (as it is too long to paste here).
>
> PLEASE HELP! =A0Thanks :)
>

POST is no more or less secure than GET. Its all the same to the
server, excepting that the length of the data on GET is limited to
about 4K.

The valid resource error means that your query is failiing somewhere.
Log the query or echo it out and test it thru PhpMyAdmin or some other
DB tool to see where your statement is failing, then correct it.
Perhaps you are messing up on the AND portion of the statement when
adding additional filters into the query, but that is just a guess.

--=20

Bastien

Cat, the other other white meat

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php