Hi All,
I am “very newbie” so I apologize for my code not being up to standards. I am sure that there are better ways to do what I am trying to do. However I would appreciate it if, before proposing a better way, you could look at my code and correct it first, so that I can understand my current mistakes before learning something else. I have a form where the user can choose a single value and then submit it:
<form action="index.php" method="post">
<p>Choose a category: <select name="formCat">
<option value="">Select...</option>
<option value="All in one">All in one</option>
<option value="Art">Art</option>
<option value="Books">Books</option>
<option value="GiftCards">Gift Cards</option>
<option value="Jewelry, Accessories & Apparel">Jewelry, Accessories & Apparel</option>
<option value="Food">Food</option>
<option value="Music">Music</option>
</select>
<input type="submit" name="formSubmit" value="Submit" />
</p>
</form>
Depending on the user input, the corresponding query is run against the database and results printed to screen. I am doing my best to use PDO:
[php]
include_once “dbconn.php”;
if (@$_POST['formCat'] == 'All in one'){
$query = $db->query("SELECT * FROM titems WHERE titems.item_Cat_Id = 1");
while ($row = $query->fetch(PDO::FETCH_ASSOC)){
echo 'Name: ' . $row['item_Name'] . "<br />";
echo 'Description: ' . $row['item_Desc'] . "<br />";
echo 'Link: ' . $row['item_Url'] . "<br /><br />";
}
}elseif (@$_POST['formCat'] == 'Art'){
$query = $db->query("SELECT * FROM titems WHERE titems.item_Cat_Id = 2");
while ($row = $query->fetch(PDO::FETCH_ASSOC)){
echo 'Name: ' . $row['item_Name'] . "<br />";
echo 'Description: ' . $row['item_Desc'] . "<br />";
echo 'Link: ' . $row['item_Url'] . "<br /><br />";
}
}
[/php]
My questions:
- Do I still need to sanitize $_POST, even though in this case the value is not inserted into the database and the choices are limited to premade selections from the form?
- If so, how would I do that?
- How do I display the 3rd item (item_Url) in a URL format that users can click on? I tried:
[php]
echo 'Link: ’ . ‘<a href = "’ . $record[‘item_Url’] . ‘">’ . $record[‘item_Url’] . ‘
’;
[/php]
But when I click it, it wants to go to “http://localhost%22http://thewebsiteaddress.com%22”. I need it to go to “http://thewebsiteaddress.com” instead.
Thank you!