3

I'm building a single page application for finding a film based on genre. At the moment it uses the POST method on both the main form and the comments form.

The commments form currently gets the film ID using a GET method (this was chosen to avoid refreshing the page which resets the film suggestion process).

At the moment if I hit submit on the main form, the url changes to index.php? and the film successfully loads based on the criteria.

My question is: Why isn't my filmID echoing out in the main form? How can I stick the film ID into the current URL without using the GET method? So for instance if I typed in index.php?filmID=6 it would load up info about "The Dark Knight".

index.php (Trimmed by request)

        //If submit comment pressed, get data and input 
        if(trim($_POST['submit']) == "Submit comment"){ 

            $userID = $_SESSION['userID']; 
            $likeit = $_POST['yesornoList'];
            $filmID = $_GET['filmID']; 

            $comment = clean_string($db_server, $_POST['commentBox']); 
            if ($comment != '') { 
                $query = "INSERT INTO comments (userID, filmID, comment, likeit) 
                          VALUES ('$userID', '$filmID', '$comment', '$likeit')"; 
                mysqli_select_db($db_server, $db_database); 
                mysqli_query($db_server, $query) or 
                        die("Insert failed: " . mysqli_error($db_server)) . $query; 
                echo $commentMessage = "<section>Thanks for your comment!</section>"; 
            }

        }else{ 

            if (isset($_POST['genreList']) && ($_POST['genreList'] != "")){
                $genre = clean_string($db_server, $_POST['genreList']);
                //create the SQL query
                $query = "SELECT * FROM films WHERE genreID=$genre ";

                //$endquery = " AND (";
                $endquery = "";
                $orFlag = false;

                if (isset($_POST['streamingCheckbox1']) && ($_POST['streamingCheckbox1'] != '')){                   
                    $endquery .= " netflix IS NOT NULL";
                    $orFlag = true;
                }
                if (isset($_POST['streamingCheckbox2']) && ($_POST['streamingCheckbox2'] != '')){
                    if($orFlag){
                        $endquery .= " OR ";
                    }
                    $endquery .= " lovefilmInstant IS NOT NULL";
                    $orFlag = true;
                }
                if (isset($_POST['streamingCheckbox3']) && ($_POST['streamingCheckbox3'] != '')){
                    if($orFlag){
                        $endquery .= " OR ";
                    }
                    $endquery .= " blinkbox IS NOT NULL";
                }               
                if($endquery != "") $query .= " AND (" . $endquery . ")";
                $query .= " ORDER BY (SELECT FLOOR(MAX(filmID) * RAND()) FROM films) LIMIT 0,1;"; 

                //query the database
                mysqli_select_db($db_server, $db_database);
                $result = mysqli_query($db_server, $query);
                if (!$result) die("Database access failed: " . mysqli_error($db_server) . $query);

                //if there are any rows, print out the contents
                if ($row = mysqli_fetch_array($result)) {

                    //Whether to display links or not for purchase and streaming
                    $filmID = $row['filmID'];

                    //Body content for film             
                    $str_result = 
                    "<section> This is where the film details are
                       </section>"
                       . $commentMessage . "
                       <section>
                        <form id='frmFilmComments' action='index.php?filmID=" . $filmID . "#comments' method='post'>
                            <a id='comments' class='anchor'></a>
                            <h3>Comments</h3>
                            <p><span class='bold'>Did you like " . $row['filmName'] ."?</span></p>
                            <select class='selectbox' name='yesornoList'>
                                <option value='Yes'>Yes</option>
                                <option value='No'>No</option>
                            </select>
                            <p><span class='bold'>Provide your feedback here:</span></p>
                            <textarea id='commentBox' class='insertComment' rows='2' cols='30' name='commentBox'></textarea><br>
                            <input class='formButton' type='submit' id='submit' name='submit' value='Submit comment'/>
                        </form>
                        ";

                    mysqli_free_result($result);

                    //Code to print comments goes here

                }else{
                    $str_result = "<section><h3>Sorry</h3><p>We couldn't find any films that match your terms. </br> <a href='#findafilm'>Please try again.</a></p></section>";
                }

            }else{
                    //$str_result = "<section><h3>Sorry</h3><p>No genre was chosen.</br><a href='home.php'>Please try again.</a></p></section>";        
            }

            $message = $str_result . $likedcomments . $dislikedcomments . "<section/>";
        }

    }

    //Exisiting code to handle options list

?>

            <div id="top" class="content container headerMargin">
                <div class="content wrapper">          

                   <form id="frmFilmFinder" action="index.php?filmID=<?php echo $filmID; ?>" method="post">
                       <section>
                         <h2>Welcome <?php echo $_SESSION['username'] ?>!</h2>
                         <p class="underHeader">You are now logged in and ready to use the Film Finder.</p>
                       </section>
                       <section>
                           <a class="anchor" id="findafilm"></a>
                           <h3>Find a film</h3>
                           <h4>Choose a genre:</h4>
                           <select class="selectbox" name="genreList">
                               <?php echo $str_options; ?>
                           </select>
                           <h4>Choose a streaming service:</h3>
                            <input type="checkbox" class="checkbox" id="streamingCheckbox1" name="streamingCheckbox1" value="Netflix"><span class="checkboxText">Netflix</span><br>
                            <input type="checkbox" class="checkbox" id="streamingCheckbox2" name="streamingCheckbox2" value="LoveFilm"><span class="checkboxText">LoveFilm Instant</span><br>
                            <input type="checkbox" class="checkbox" id="streamingCheckbox3" name="streamingCheckbox3" value="blinkbox"><span class="checkboxText">blinkbox</span><br>
                            <input type="submit" class="formButton filmSearch" id="submit" name="submit" value="Submit"/>
                            <p><span class="italic">Leave all unticked if you wish to buy the film</span></p>
                        </section>
                        </form> 
                        <?php echo $message; ?>
                </div>
            </div>
Improve this question
15
  • @MichaelBerkowski Sure sorry, hang on a sec Commented Jan 4, 2014 at 19:55
  • @MichaelBerkowski there we go Commented Jan 4, 2014 at 19:59
  • Well $_GET['filmID'] is for when the comment submit button is pressed. I assumed that I needed to echo this row out in the main form process to use it for the GET process when a comment is pressed? Commented Jan 4, 2014 at 20:05
  • Well I echoed the errors you suggested and got ` 24567 ` Not too sure what that means? Well on page load it's simply index.php. Is there no way to get this filmID in the URL on submission? Commented Jan 4, 2014 at 20:10
  • I tried var_dump($row) and it came back with NULL. What does this mean? I don't have any mod_rewrites, I'm not quite sure what they even are to be honest Commented Jan 4, 2014 at 20:19

1 Answer 1

Reset to default
1

Principally, you need to be sure that $filmID is set when you write out your forms. It is valid to pass it in the query string (accessible via $_GET['filmID'] even though you are posting the form. It will work and serve its purpose, but be sure to comment what you're doing and why so you remember next time.

You populate it as $filmID = $_GET['filmID'] but only inside the form processing for your comments form. That means it won't be set unless you're receiving a comment. You ought to move that higher in the logic, checking always if it is set.

// near the top, outside if() conditions:
$filmID = isset($_GET['filmID']) ? $_GET['filmID'] : null;

Consider storing it into $_SESSION['filmID'] the first time you set it and any time it changes, so you have it on any script that needs it.

Finally, a side issue mentioned in the comments thread, working with MySQLi is a start, begin familiarizing yourself with how prepared statements work with bound parameters via mysqli::prepare(). All your query input variables should be handled via bound parameters, eliminating the need for escaping. This is a general best practice.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks again for your time Michael, massively appreciated

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.