Search using data passed from form

4 posts by 2 authors in: Forums > CMS Builder
Last Post: October 30, 2008   (RSS)

By sykomac - October 30, 2008

I have only had CMSB for 3 days now and have made a lot of progress.

However, one this is stopping me right now.

I have the following in my html page:

list($progRecords, $progMetaData) = getRecords(array(
'tableName' => 'prog',
'orderBy' => 'day, start_ampm, start_time',
'where' => 'day=$sday',
));

I want it to search the prog table WHERE day is equal to $sday. $sday is a variable passed to this page.

I could do it if I was building my own MySQL query in php but want to use CMSB code as much as possible.

Thanks in advance for any help,
Paul

Re: [Dave] Search using data passed from form

By sykomac - October 30, 2008

Thanks.

It actually worked when I put double quotes around the variable $sday

so I ended up with " 'where' => 'day="$sday"'

Re: [sykomac] Search using data passed from form

By Dave - October 30, 2008

Great, also note that you should escape values you pass to mysql from the form to avoid Mysql Injection Attacks (google that for more details).

'where' => "day='" .mysql_real_escape_string($sday). "'"

Or higher up in your code:

$sday = mysql_real_escape_string($sday);
Dave Edis - Senior Developer
interactivetools.com