I am writing a basic CRUD application to get my head around PHP
. I am a little confused as to what exactly the following code is doing. I understand the general concept of it but I am not 100% sure of the logic going on.
I am hoping someone might be able to help me understand it a bit better?
This is my script
<?php
//Establish connection to db
require_once 'includes/db.php';
//Array for validation
$errors = array();
//Sanitize the fields to ensure db integrity.
$title = filter_input(INPUT_POST, 'title', FILTER_SANITIZE_STRING);
$release_date = filter_input(INPUT_POST, 'release_date', FILTER_SANITIZE_NUMBER_INT);
$publisher = filter_input(INPUT_POST, 'publisher', FILTER_SANITIZE_STRING);
$system = filter_input(INPUT_POST, 'system', FILTER_SANITIZE_STRING);
$rating = filter_input(INPUT_POST, 'rating', FILTER_SANITIZE_NUMBER_INT);
$num_players = filter_input(INPUT_POST, 'num_players', FILTER_SANITIZE_NUMBER_INT);
if($_SERVER['REQUEST_METHOD']=='POST'){
//Validate the form
if(empty($title)){
$errors['title'] = true;
}
if(empty($release_date)){
$errors['release_date'] = true;
}
if(empty($publisher)){
$errors['publisher'] = true;
}
if(empty($system)){
$errors['system'] = true;
}
if(empty($rating)){
$errors['rating'] = true;
}
if(empty($num_players)){
$errors['num_players'] = true;
}
//If no errors
if(empty($errors)){
//Build SQL Statement
$sql = $db->prepare("INSERT INTO videogames SET title = :title, release_date = :release_date, publisher = :publisher, system = :system, rating = :rating, num_players = :num_players");
//Bind values
$sql -> bindValue(':title', $title, PDO::PARAM_STR);
$sql -> bindValue(':release_date', $release_date, PDO::PARAM_STR);
$sql -> bindValue(':publisher', $publisher, PDO::PARAM_STR);
$sql -> bindValue(':system', $system, PDO::PARAM_STR);
$sql -> bindValue(':rating', $rating, PDO::PARAM_INT);
$sql -> bindValue(':num_players', $num_players, PDO::PARAM_INT);
//Execute SQL
$sql -> execute();
//Redirect back to homepage
header('Location: index.php');
exit();
}
}
?>
I am a little confused as to what this line of code is doing:
$title = filter_input(INPUT_POST, 'title', FILTER_SANITIZE_STRING);
Is it assigning the value in the input field of the form to the $title
variable?
Also this line:
$sql -> bindValue(':title', $title, PDO::PARAM_STR);
I read in the documentation that this
Binds a value to a corresponding named or question mark placeholder in the SQL statement that was used to prepare the statement.
If I am storing the data already in the $title
variable then is there another way to prepare my SQL
statement?
I'd appreciate any help, as I am trying to expand my knowledge of PHP. Many thanks!
I am a little confused as to what this line of code is doing:
$title = filter_input(INPUT_POST, 'title', FILTER_SANITIZE_STRING);
Is it assigning the value in the input field of the form to the $title variable?
Yes.
filter_input
was introduced in PHP 5 . What this line of code is doing is grabbing the input variable ( $_POST['title']
), and then applying a SANITIZE
method on it, that is; " Strip tags, optionally strip or encode special characters ."
Also this line:
$sql -> bindValue(':title', $title, PDO::PARAM_STR);
If I am storing the data already in the $title variable then is there another way to prepare my SQL statement?
I don't actually understand this question, however I'll try my best.
This is a PDO
method to bind a value to a prepared query. Effectively, it does this:
You can read more about preparing and binding here: http://use-the-index-luke.com/sql/where-clause/bind-parameters
Another way in which you could prepare
the query is the use of mysqli
, but the logic is the same.
This question was asked a year ago. I didn't revive it, OP edited his question and it was bumped. I see nothing wrong answering a question if OP still shows interest in an answer (by bumping) no matter the age of the question
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.