PHP/MYSQL Insert code

Report · Mar 07, 2007

I am new to php/MYSQL but I am trying to learn. I built an insert page using DW8. I was looking back over the code trying to figure it out. Is it just me or does dreamweaver an a bunch of junk to there code to do a simple insert from 4 form fields.

Can anyone explain what DW is doing since I am now dumber for having looked at it.

------------------------------

<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO reviews (review_date, review_name, review_address1, review_city, review_state) VALUES (%s, %s, %s, %s, %s)",
GetSQLValueString($_POST['date'], "date"),
GetSQLValueString($_POST['textfield'], "text"),
GetSQLValueString($_POST['textfield2'], "text"),
GetSQLValueString($_POST['textfield3'], "text"),
GetSQLValueString($_POST['textfield4'], "text"));

mysql_select_db($database_siteData, $siteData);
$Result1 = mysql_query($insertSQL, $siteData) or die(mysql_error());

$insertGoTo = " http://www.yahoo.com/";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}

mysql_select_db($database_siteData, $siteData);
$query_Recordset1 = "SELECT * FROM reviews";
$Recordset1 = mysql_query($query_Recordset1, $siteData) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>

Report · Mar 08, 2007

Yes, its bloated, but that what you get for using the server behaviors. The
code has to handle a huge number of different situations thrown at it by
users who have no knowledge of PHP / MySQL, and they just want it to work.

As a result, its longer than if you hand coded it yourself to only deal with
the situation you want to use it for.

--
Gareth
http://www.phploginsuite.co.uk/
PHP Login Suite V2 - 34 Server Behaviors to build a complete Login system.

Report · Mar 08, 2007

newhorizonhosting.com wrote:
> I am new to php/MYSQL but I am trying to learn. I built an insert page using
> DW8. I was looking back over the code trying to figure it out. Is it just me or
> does dreamweaver an a bunch of junk to there code to do a simple insert from 4
> form fields.

No, it's not a bunch of junk. It's filtering the input to make sure that
things are inserted correctly into your database.

> Can anyone explain what DW is doing since I am now dumber for having looked at
> it.

This function filters the form content to prepare it for insertion in
the database.

> function GetSQLValueString($theValue, $theType, $theDefinedValue = "",
> $theNotDefinedValue = "")

This sets the action value of the form tag, including any query string.

> $editFormAction = $_SERVER['PHP_SELF'];
> if (isset($_SERVER['QUERY_STRING'])) {
> $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
> }

This builds the SQL query and inserts the form content into the database.

> if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
> $insertSQL = sprintf("INSERT INTO reviews (review_date, review_name,
> review_address1, review_city, review_state) VALUES (%s, %s, %s, %s, %s)",
> GetSQLValueString($_POST['date'], "date"),
> GetSQLValueString($_POST['textfield'], "text"),
> GetSQLValueString($_POST['textfield2'], "text"),
> GetSQLValueString($_POST['textfield3'], "text"),
> GetSQLValueString($_POST['textfield4'], "text"));
>
> mysql_select_db($database_siteData, $siteData);
> $Result1 = mysql_query($insertSQL, $siteData) or die(mysql_error());

This redirects the page after the database query has finished.

> $insertGoTo = " http://www.yahoo.com/";
> if (isset($_SERVER['QUERY_STRING'])) {
> $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
> $insertGoTo .= $_SERVER['QUERY_STRING'];
> }
> header(sprintf("Location: %s", $insertGoTo));
> }

This is unrelated to the insert. It's a recordset that retrieves
everything from the reviews table of your database.

> mysql_select_db($database_siteData, $siteData);
> $query_Recordset1 = "SELECT * FROM reviews";
> $Recordset1 = mysql_query($query_Recordset1, $siteData) or die(mysql_error());
> $row_Recordset1 = mysql_fetch_assoc($Recordset1);
> $totalRows_Recordset1 = mysql_num_rows($Recordset1);

--
David Powers, Adobe Community Expert
Author, "Foundation PHP for Dreamweaver 8" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/