Beginning Ajax with PHP From Novice to Professional phần 5 docx

$yourname = mysql_real_escape_string (strip_tags ($_POST['yourname']));

$yourtask = mysql_real_escape_string (strip_tags ($_POST['yourtask']));

$thedate = mysql_real_escape_string (strip_tags ($_POST['thedate']));

//Build a dynamic query.

$myquery = "INSERT INTO task (taskid, yourname, thedate, description) VALUES➥

('0','$yourname','$thedate','$yourtask')";

//Execute the query (and send an error message if there is a problem).

if (!mysql_query ($myquery)){

header ("Location: theform.php?message=There was a problem with the entry.");

exit;

}

//If all goes well, return.

header ("Location: theform.php?message=success");

?>

When adding information to a database through a PHP processing script, there are

several important aspects to consider. Of particular importance is the question of what

sort of information you want allowed into your database. In this case, I have decided that

I do not want any excess blank space or HTML code inserted into my database. I there￾fore prepare the data for entry by using the trim, addslashes, and htmlspecialchars

functions to create a set of data that I will like within my database.

The next step is to create a dynamic INSERT query to add a new record to my data￾base. In this case, I have altered the table very slightly from the previous chapter by

changing the userid field to a TINYTEXT (data type) field called yourname. This makes it easy

for anyone to add a task into the task database. Once the query has been built, I simply

attempt to execute the query using the mysql_query function. If it fails, it will pass back

the error message. If it succeeds, however, it will return to the form, and the new task will

have been added.

Due to the change of the table structure, the autocomp.php file has changed slightly to

read the names in the database from the task table, rather than from the user table. The

new code is shown in Listing 5-4.

78 CHAPTER 5 ■ FORMS

6676CH05.qxd 9/27/06 12:12 PM Page 78

Listing 5-4. The Code That Will Pop Up As an Auto-Complete Listing (autocomp.php)

<?php

//autocomp.php

//Add in our database connector.

require_once ("dbconnector.php");

//And open a database connection.

$db = opendatabase();

$myquery = "SELECT DISTINCT(yourname) AS yourname FROM task WHERE➥

yourname LIKE LOWER('%" . mysql_real_escape_string($_GET['sstring']) . "%')➥

ORDER BY yourname ASC";

if ($userquery = mysql_query ($myquery)){

if (mysql_num_rows ($userquery) > 0){

?>

<div style="background: #CCCCCC; border-style: solid; border-width: 1px;➥

border-color: #000000;">

<?php

while ($userdata = mysql_fetch_array ($userquery)){

?><div style="padding: 4px; height: 14px;" onmouseover="➥

this.style.background

= '#EEEEEE'" onmouseout="this.style.background = '#CCCCCC'" ➥

onclick="setvalue ('<?php echo $userdata['yourname']; ?>')">➥

<?php echo $userdata['yourname']; ?></div><?php

}

?>

</div>

<?php

}

} else {

echo mysql_error();

}

?>

CHAPTER 5 ■ FORMS 79

6676CH05.qxd 9/27/06 12:12 PM Page 79