Putting Html Content Into Multiple Categories - Bonus Pages Chapter 5

[margaux]

I've tried several of the suggestions from the bonus pages which are great ways to confirm my understanding and ensure my mysqli statements are constructed accurately, so thanks for including them. A couple of questions...

1. why are the fields in the pages_categories table auto_increment - wouldn't these be taken from the addPage script?
   
2. are you allowed to have more than one field in a table that is auto_increment - I seem to remember reading somewhere that only one field per table could be auto_increment and it has to be unique?
   

Below is the code I used which works - please tell me where it can be improved.

 

I changed the category validation check to

if (isset($_POST['category'])) {
 $cat = ($_POST['category']);// create array variable to use for inserting into pages_categories
 } else {
  $addPage_errors['category'] = 'Please select a category/categories for the page you would like to add.';
 }

I added this code to the addPage.php script just after the check for validation errors i.e. if (!empty(addPage_errors)) {

$q = "INSERT INTO pages (title, description, content) VALUES ('$title', '$des', '$con')"; // query to insert page to pages table
 $r = mysqli_query($dbc, $q);
 if (mysqli_affected_rows($dbc) == 1) { // if page inserted ok
  foreach ($cat as $value) { // foreach loop using the $cat array created when validating the category field
  $q2 = "INSERT INTO pages_categories (page_id, category_id) VALUES (LAST_INSERT_ID(),'$value')"; // use mysqli function last_insert_id to get page_id created by the  pages table insertion which is then inserted into the pages_categories table
  $r2 = mysqli_query($dbc, $q2);
}
if (mysqli_affected_rows($dbc) > 0) {
 echo '<h4 class="success">The page has been added.</h4>';
 $_POST = array(); //clear the $_post array
 }
} else {
trigger_error('The page could not be added due to a system error.'); // insert didnt work, force an error
 }

[Larry]

They shouldn't all be auto increment. Only one column per table can be, and that should be the primary key table. Where did you get the idea that they were all auto increment (so I can correct any mistake I made)?

 

As for improving the code, you code do a lot better with the category validation. Right now you only validate that it's set, not that it's even an integer, let alone a positive one. I would do that for each category.

[margaux]

Its on the the last page of the bonus pages that I downloaded.

 

Re validation - I thought it was weak as well, which was partly(ok mostly) out of laziness but also I was wondering... since it's a select field, there are only valid options open for the user to input so do I need to validate it? anyway I added this bit of validation.

foreach ($cat as $value) {
  $cat['$value'] = (filter_var($value, FILTER_VALIDATE_INT,array('min_range' => 1))) ? $value : false;
  if (!$cat['$value']){
   $addPage_errors['category'] = 'The category/ies you selected are not valid options. Please try again.';

[Larry]

You can't make that assumption, because it's very easy for someone to fake a form and transmit whatever data they want.

 

As for the new code, that's certainly better, although I don't know why you're using $cat['$value']. That won't work on a couple of levels.

[margaux]

1. point taken.

 

2. I'm not not sure I follow you - $cat is a variable created from $_POST, on what levels would it not work?

[Larry]

Well, as for $cat['$value'], first of all, as soon as you put a variable within single quotes, you're no longer using the value of the variable. Hence, $cat['$value'] is looking for the element in $cat indexed at $value (literally), which won't exist. Second, since you've got a foreach loop, $value already represents the value of a given element, so there's no need to use $cat within the loop.

[margaux]

yea, I should have got that first time round. Thanks for explaining.