Re: PHP form-to-email drop down options
by Kevin Waterson <kevin(at)oceania.net>
|
Date: |
Wed, 5 Nov 2003 03:52:33 +1100 |
To: |
hwg-techniques(at)hwg.org |
References: |
DGK telus |
|
todo: View
Thread,
Original
|
|
This one time, at band camp, "Susan Friesen" <susanfriesen(at)telus.net> wrote:
> I need to have this date field be in a consistent format in our database.
> The way it is right now with the drop down menu's, the database is not
> picking up on all three options, just the year, and I'm sure it has to do
> with the fact I've given all three the same name. I want to converge all
> three options into one date that ends up in the database. How can I do this?
Hi Susan,
Some simple validation is all that is required here and a quick tip
<tip>NEVER TRUST USER INPUT</tip>
First we need to know what format you are storing your dates as.
If your database date field is timestamp(14) it will be in the
format of 20030623233043
Ok, lets break it down...
yyyyMMddhhmmss
yyyy = year
MM = month
dd = day
hh = hour
mm = minutes
ss = seconds
The trick is to get your input to match the 'mask' yyyyMMddhhmmss
So, lets start with your from....
You're month would look something like this
<select name="kindActMonth" >
<option value="01">January</option>
<option value="02">February</option>
..........
</select>
<select name="kindActDay">
<option value="01">01</option>
<option value="02">02</option>
.....
</select>
<select name="kindActYear">
<option value="2000">2000</option>
<option value="2001">2002</option>
.....
</select>
in your php you will have the variarables..
$_POST['kindActMonth']
$_POST['kindActDay']
$_POST['kindActYear']
stick them together and you could have something like
$kindActDate=$_POST['kindActYear'].$_POST['kindActMonth'].$_POST['kindActDay'];
it will look something like
20031105
now you simply need to pad it with some time information, lets use zeros...
$kindActDate=str_pad($kindActDate, 14 , "0");
this will look like
20031105000000
now it is in the format of timestamp(14)
but, we need to be sure some miscreant does not try to send something
like a year with the value of 2003; DELETE FROM table or a year value
of -2003 or anything stupid. Always assume the worst from users.
There are many checks you can do on the date information from the form
function checkNum($num, $start, $end){
// make a return value
$retVal = 'FALSE';
// check the input is a number
if(is_numeric($num){
// check the number is within the range
if($num >= $start && $num <= $end){
// and assingn a return value
$retVal='TRUE';
}
}
return $retVal
}
with this example you can check that each of your $_POST variables is within
a range you specify eg:
// make sure the year is between 2000 and 2010
if(checkNum($_POST['kindActYear'], $start=2000, $end=2001) == TRUE){
echo 'its ok';
} else {
echo 'Someone did something silly';
}
same with the month...
// make sure the month is between 1 and 12
if(checkNum($_POST['kindActMonth'], $start=1, $end=12) == TRUE){
echo 'its ok';
} else {
echo 'Someone did something silly';
}
These are just some things to get you started, hope I have not been
condescending if some it looks a bit obvious.
Should you require anything else, just holla,
Kind regards
Kevin
--
______
(_____ \
_____) ) ____ ____ ____ ____
| ____/ / _ ) / _ | / ___) / _ )
| | ( (/ / ( ( | |( (___ ( (/ /
|_| \____) \_||_| \____) \____)
Kevin Waterson
Port Macquarie, Australia
HWG hwg-techniques mailing list archives,
maintained by Webmasters @ IWA