Server behavior documentation

Question

I have all David Powers books and they are very good. However, they have one downfall for the amateur webmaster - they all get so far along the line before forgetting all about Dreamweaver and branching off into Drupal, the Zend system and Wordpress or some other exotic and / or expensive bit of kit.

.

Learning any of these is much harder than learning Dreamweaver, so before Dreamweaver gets thrown on the scrapheap could someone with lots of knowledge just supply a fully commented set of Dreamweaver server behaviours, so that folks like me can work out where to put the server side form validation code?

I can use javascript, but it is not the most secure way to do things.

For instance, where would you put code to check that the field "incometype" has a value and has no destructive code in it in this behavior, for inserting a single record with just one field field into a MySQL table:

:

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

if (PHP_VERSION < 6) {

$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {

case "text":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "long":

case "int":

$theValue = ($theValue != "") ? intval($theValue) : "NULL";

break;

case "double":

$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

break;

case "date":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "defined":

$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

break;

}

return $theValue;

}

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "codes_in")) {

$insertSQL = sprintf("INSERT INTO incometype (incometype) VALUES (%s)",

GetSQLValueString($_POST['incometype'], "text"));

mysql_select_db($database_dummywrite, $dummywrite);

$Result1 = mysql_query($insertSQL, $dummywrite) or die(mysql_error());

$insertGoTo = "cash_in_codes.php";

if (isset($_SERVER['QUERY_STRING'])) {

$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";

$insertGoTo .= $_SERVER['QUERY_STRING'];

}

header(sprintf("Location: %s", $insertGoTo));

}

No prize for the one who does so, except my undying thanks!

David_Powers · Accepted Answer

Don't know which of my books you've got, but the Dreamweaver 8, CS3, and CS4 spend a lot of time dissecting the server behaviors. My CS5 book devotes only one chapter (of 13) to server behaviors, basically because they're out of date and unsuitable for production sites. Since that book was published by Adobe Press, it's a fairly strong hint that Adobe would also like users to move away from server behaviors and either start writing their own code or use a third-party solution, such as WordPress or Zend Framework.

However, to answer your question, the place to insert your server-side validation is here:

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "codes_in")) {

// check the value of $_POST['incometype'] here

// if it's invalid wrap the rest of the code in a conditional statement

// to prevent the INSERT query from being executed

$insertSQL = sprintf("INSERT INTO incometype (incometype) VALUES (%s)",

GetSQLValueString($_POST['incometype'], "text"));

By the way, if you're interested in learning how to understand PHP better outside the Dreamweaver environment, you might want to check out my PHP Solutions, 2nd Edition.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded