Skip to main content
Code Review

Return to Question

clarified 'fewer verbose' to 'more efficient'
Source Link
k_smd
k_smd
  • 147
  • 6

It just starts to seem a little flabby around the binding and creation of the $mail_params. I imagine there's no real performance cost here but are there fewer verbosemore efficient ways of setting multiple variables?

It just starts to seem a little flabby around the binding and creation of the $mail_params. I imagine there's no real performance cost here but are there fewer verbose ways of setting multiple variables?

It just starts to seem a little flabby around the binding and creation of the $mail_params. I imagine there's no real performance cost here but are there more efficient ways of setting multiple variables?

deleted 77 characters in body; edited title
Source Link
Jamal
Jamal
  • 35.2k
  • 13
  • 134
  • 238

php PHP form to database fit for purpose

This code is intended to take input from a form and append it to a database table. The same data is sent to a separate function for subsequentsubsequent mailing to the respondent. I'm self taught-taught and it works so overall I'm quite happy.

It just starts to seem a little flabby around the binding and creation of the $mail_params$mail_params. I imagine there's no real perfomanceperformance cost here but are there lessfewer verbose ways of setting multiple variables?

As my first outing into mysqliMySQLi functions I would be grateful for a weather eye on the prepared statement and its suitability in preventing sqlSQL injection.

I'm grateful for you wisdom on anything else you pick up on.

Cheers,

k

php form to database fit for purpose

This code is intended to take input from a form and append it to a database table. The same data is sent to a separate function for subsequent mailing to the respondent. I'm self taught and it works so overall I'm quite happy.

It just starts to seem a little flabby around the binding and creation of the $mail_params. I imagine there's no real perfomance cost here but are there less verbose ways of setting multiple variables?

As my first outing into mysqli functions I would be grateful for a weather eye on the prepared statement and its suitability in preventing sql injection.

I'm grateful for you wisdom on anything else you pick up on.

Cheers,

k

PHP form to database fit for purpose

This code is intended to take input from a form and append it to a database table. The same data is sent to a separate function for subsequent mailing to the respondent. I'm self-taught and it works so overall I'm quite happy.

It just starts to seem a little flabby around the binding and creation of the $mail_params. I imagine there's no real performance cost here but are there fewer verbose ways of setting multiple variables?

As my first outing into MySQLi functions I would be grateful for a weather eye on the prepared statement and its suitability in preventing SQL injection.

Source Link
k_smd
k_smd
  • 147
  • 6

php form to database fit for purpose

This code is intended to take input from a form and append it to a database table. The same data is sent to a separate function for subsequent mailing to the respondent. I'm self taught and it works so overall I'm quite happy.

It just starts to seem a little flabby around the binding and creation of the $mail_params. I imagine there's no real perfomance cost here but are there less verbose ways of setting multiple variables?

As my first outing into mysqli functions I would be grateful for a weather eye on the prepared statement and its suitability in preventing sql injection.

I'm grateful for you wisdom on anything else you pick up on.

Cheers,

k

function submit_form ($db_params) {

// connect
$mysqli = new mysqli($db_params['host'], $db_params['username'],
                     $db_params['password'], $db_params['dbname']);

// check
if ($mysqli->connect_errno) {
    echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
    return false;
}

// prepare 
if (!($stmt = $mysqli->prepare("INSERT INTO interface_response(issue,
                                                               comment,
                                                               email,
                                                               reporting_organisation,
                                                               reporting_dept_prac,
                                                               causing_organisation,
                                                               causing_dept_prac)
                                VALUES (?, ?, ?, ?, ?, ?, ?)"))) {
    echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
    return false;
}

// bind
if (!$stmt->bind_param("sssssss", $issue, $comment, $email,
                                  $reporting_organisation, $reporting_dept_prac,
                                  $causing_organisation, $causing_dept_prac)) {
    echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
    return false;
}

$email = $_POST['email'];
$mail_params['email'] = $email;

$issue = $_POST['issue'];
$mail_params['issue'] = $issue;

$comment = $_POST['comment'];
$mail_params['comment'] = $comment;

$reporting_organisation = $_POST['reporting_organisation'];
$mail_params['reporting_organisation'] = $reporting_organisation;

$reporting_dept_prac = department_or_practice($_POST['reporting_department'],
                                              $_POST['reporting_practice']);
$mail_params['reporting_dept_prac'] = $reporting_dept_prac;

$causing_organisation = $_POST['causing_organisation'];
$mail_params['causing_organisation'] = $causing_organisation;

$causing_dept_prac = department_or_practice($_POST['causing_department'],
                                            $_POST['causing_practice']);
$mail_params['causing_dept_prac'] = $causing_dept_prac;

// execute
if (!$stmt->execute()) {
    echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
    return false;
} else {
    return send_mail($mail_params);
}

// close
$stmt->close();

$mysqli->close();

}