Home | Products | Consulting | Forums | Support | Order | 1-800-752-0455
  Main
Index 		Search
Posts 		Who's
Online 		Log
In

Home: Products: CMS Builder:
Field Type list (select) in pageView.php

 
 


Djulia
User

Feb 18, 2008, 6:05 AM

Post #1 of 8 (543 views)
Shortcut
Field Type list (select) in pageView.php Can't Post
Hi,

I encounter a problem for create a Menu Select.

In the editor, I created a field of the list type.
Now, I would like to obtain in productsList.php, not a value of the list, but the list with the select format.

Code
 <select name="option"> 
<option value="White" selected>White</option> 
<option value="Grey">Grey</option> 
<option value="Black">Black</option> 
<option value="Green">Green</option> 
<option value="Red">Red</option> 
<option value="Blue">Blue</option> 
</select>


Does somebody have an idea ?

Thank you for your assistance.

Djulia


Dave
Staff / Moderator


Feb 18, 2008, 11:54 AM

Post #2 of 8 (532 views)
Shortcut
Re: [Djulia] Field Type list (select) in pageView.php [In reply to] Can't Post
This isn't directly supported by the program. But here's some custom code that might do what you want:

Code
<?php 
  $tablename    = $options['tableName']; 
  $fieldname    = 'yourFieldName'; 
  $schema       = loadSchema($tablename); 
  $fieldSchema  = $schema[$fieldname]; 
  $fieldOptions = getListOptionsFromSchema($fieldSchema); 
 
  foreach ($fieldOptions as $valueAndLabel) { 
    list($value, $label) = $valueAndLabel; 
    $encodedValue = htmlspecialchars($value); 
    $encodedLabel = htmlspecialchars($label); 
    print "<option value='$encodedValue'>$encodedLabel</option>\n"; 
  } 
?>

Let me know if that works for you.

Dave Edis - Senior Developer
interactivetools.com


Djulia
User

Feb 18, 2008, 12:51 PM

Post #3 of 8 (530 views)
Shortcut
Re: [Dave] Field Type list (select) in pageView.php [In reply to] Can't Post
Great ! Thank you Dave. Smile

You think that it is possible to obtain a condition for insert Selected ?

For example, on my page of search, I would like to preserve the value entered by the user.

if myFieldName eq value == selected="selected"

Code
   
  
<form method="get" action="search.php">  
<input type="text" name="..." value="..." size="15">   
  
<select name="<?php echo $record['myFieldName'] ?>">  
<option value='White'>White</option>  
<option value='Grey'>Grey</option>  
<option value='Black'>Black</option>  
<option value='Green'>Green</option>  
<option value='Red' selected="selected">Red</option>  
<option value='Blue'>Blue</option>  
</select>    
  
<input type="submit" name="Search" value="Search">  
</form>


That seems difficult to obtain.

Thank you for your assistance.

Djulia


(This post was edited by Djulia on Feb 18, 2008, 12:53 PM)


Dave
Staff / Moderator


Feb 18, 2008, 7:53 PM

Post #4 of 8 (524 views)
Shortcut
Re: [Djulia] Field Type list (select) in pageView.php [In reply to] Can't Post
Sure, you need to have the 'value' of the previously selected option. I know you know a little PHP so I'll just pretend you have that in $selectedValue (let me know if you need more help with that part). Add this code to set it to be selected.

Code
<?php  
  $selectedValue = "set this yourself"; 
  $tablename    = $options['tableName'];  
  $fieldname    = 'yourFieldName';  
  $schema       = loadSchema($tablename);  
  $fieldSchema  = $schema[$fieldname];  
  $fieldOptions = getListOptionsFromSchema($fieldSchema);  
  
  foreach ($fieldOptions as $valueAndLabel) {  
    list($value, $label) = $valueAndLabel;  
    $isSelected   = $value == $selectedValue; 
    $selectedAttr = $isSelected ? "selected='selected'" : ''; 
    $encodedValue = htmlspecialchars($value);  
    $encodedLabel = htmlspecialchars($label);  
    print "<option value='$encodedValue' $selectedAttr>$encodedLabel</option>\n";  
  }  
?>

The $isSelected line just checks to see if the current value is the same as the previously selected value. And the next line sets $selectedAttr to be blank or selected='selected' based on whether the value is selected or not.

Hope that makes sense. Let me know how it works out.

Dave Edis - Senior Developer
interactivetools.com


Djulia
User

Feb 19, 2008, 11:33 AM

Post #5 of 8 (512 views)
Shortcut
Re: [Dave] Field Type list (select) in pageView.php [In reply to] Can't Post
Thank you Dave, Smile

>> I know you know a little PHP
You overestimate me ! Your CMS is easy to use and I am helped by Google !

Your code gives the possibility of obtaining the value entered by defect by the administrator.

I would like to also preserve the value on the page of result of research.

I obtain a result with the variable _Post.
But, I believe that it has a risk for the security with this variable.

There is another possibility ?

Code
   
 
<select name="<?php echo $record['on1'] ?>"> 
<?php  
 
 $selectedValue = $_POST['Color']; 
 $tablename    = $options['tableName']; 
    $fieldname    = 'os1'; 
    $schema       = loadSchema($tablename); 
    $fieldSchema  = $schema[$fieldname]; 
    $fieldOptions = getListOptionsFromSchema($fieldSchema); 
  
 foreach ($fieldOptions as $valueAndLabel) { 
  list($value, $label) = $valueAndLabel; 
  $isSelected   = $value == htmlspecialchars($selectedValue); 
  $selectedAttr = $isSelected ? "selected=\"selected\"" : ''; 
  $encodedValue = htmlspecialchars($value); 
  $encodedLabel = htmlspecialchars($label); 
  print "<option value=\"$encodedValue\" $selectedAttr>$encodedLabel</option>\n"; 
    } 
?>


Thank you for your assistance.

Djulia


Dave
Staff / Moderator


Feb 19, 2008, 1:09 PM

Post #6 of 8 (504 views)
Shortcut
Re: [Djulia] Field Type list (select) in pageView.php [In reply to] Can't Post
What you have looks good. So is it working now except for the security concern?

It's only a security risk if you're passing the data directly to a database or something like that. And in that case you need to escape it. I think you're ok here since you're just doing a search.

Let me know if you want more details about that.

Hope that helps!

Dave Edis - Senior Developer
interactivetools.com


Djulia
User

Feb 19, 2008, 1:20 PM

Post #7 of 8 (502 views)
Shortcut
Re: [Dave] Field Type list (select) in pageView.php [In reply to] Can't Post
Yes, your code functions perfectly, even with _POST. Smile

That makes it possible to have a advanced form of search.

I also found :

Code
  $selectedValue = htmlentities($_POST['Color'], ENT_QUOTES);

ENT_QUOTES seems interesting ?


>> And in that case you need to escape it.
You can explain ?

Thanks,


Djulia


(This post was edited by Djulia on Feb 19, 2008, 1:27 PM)


Dave
Staff / Moderator


Feb 19, 2008, 2:30 PM

Post #8 of 8 (494 views)
Shortcut
Re: [Djulia] Field Type list (select) in pageView.php [In reply to] Can't Post
>> And in that case you need to escape it.
>You can explain ?

Sure, it's mostly just for MySQL queries. Basically passing user input to mysql you want to pass it through a function that will "escape" quotes. This makes ' into \'. That way MySQL knows that it's all part of the same text and not other SQL commands that should be interpreted. You don't want random website visitors being able to run SQL commands.

We have a command for this called escapeMysqlString(). So you could say:

$keyword = escapeMysqlString( $_GET['keyword'] );
$where = "myfield = '$keyword'";

And you would be fine. It only applies when passing things to MySQL such as when you define the WHERE or ORDER BY parts.

For more reading google for "SQL injection attack".
http://www.google.com/search?q=sql+injection+attack

Hope that makes sense.

Dave Edis - Senior Developer
interactivetools.com

 
 
 


Search for (options)
Products
CMS Builder
Article Manager
Realty Manager
Listings Manager
Order Now
 Services
Priority Consulting
 Support
Online Documentation
Support Forums
Support Homepage
 Company Info
12 reasons to choose us!
Meet the team
Monthly newsletter
 Contact Us
Toll Free: 1-800-752-0455
Phone: (604) 689-3347
Sales | Support
Conditions of Use | Privacy Policy | Copyright © interactivetools.com 2008
#201 - 2730 Commercial Drive, Vancouver BC Canada V5N 5P4