Class for saving form results

corblimey

I've got a PHP class that does all my db writing, reading, etc. It appears to work ok, but as I was going through it, I realised that as I've gone along, I've used 1 of 2 major methods of passing form data to this class. The first one is to pass in from the calling page the entire $_REQUEST parameter, then break it down within the class. The second is to do the break down first, assigning the values to public vars within the class, then have the class use those vars.

Is there any major problem with either method? I suspect passing in the $_REQUEST is dodgy enough, but with it, I can use more generic functions (for example, I have 3 screens which update different fields in the same table - I use 1 function for all 3 screens and determine which fields to update in the function). Is it worth my time changing all functions in the class to one or the other method?

Webmonkey

Well if the person passed in another form variable, in the $_GET for example, would your method try and insert into a database field by that name? How are you validating field names in the method if you want it to be generic?

You'll have to show more code.

But what I'd do is pass in a keyed array with the key being the field name and the value it's value. This way you can validate what goes in before you call the method.

I'm not entirely sure if I read your post correctly though.

corblimey

Webmonkey wrote: »

Well if the person passed in another form variable, in the $_GET for example, would your method try and insert into a database field by that name? How are you validating field names in the method if you want it to be generic?

For example, the generic function I have for 3 different forms takes in the $_REQUEST parameter and breaks it out:

function save() {
  global $_REQUEST;

  if (isset($_REQUEST['field1']) {
    // save form 1 field
  }

  if (isset($_REQUEST['field2']) {
    // save form 2 field
  }

etc

}

(This is PHP)