10.2 Passing and Validating Data

In the previous lesson, we read all of the records within our posts table and displayed them within a web page. This is the index page which is typically where you do something like that. It doesn't matter if it's a blog, or a news site, or even a storefront. The index pages where you display all of or at least subset of whatever it is your website is there for. And then you have individual pages for viewing the individual posts, or the individual articles, or products, or whatever. So in this lesson, that's what we are going to do. We have our index page, but we want to turn our titles into links. So that whenever we click on them, it will take us to a second page where we just see that single post. So, let's first of all create a new file and let's just call this page.php, or no post.php. That is a little bit more descriptive. And let's add a link inside of our for each loop, for each one of our posts, so this is going to look a little muddied. So I'm going to format this just a little bit. And we're going to have an a element with an href that points to post.php, but we need to pass the id of the post that we want to view. And we do that with what's called the query string. Whenever you have a URL, you have a host. So that could be localhost in our case or it could be whatever site dot com, and then you have the path. The path could be one or multiple what look like directories or it could be no directories. And it could also include a file name. So in this case, we have the host, localhost, we have the path, which is post.php. And then after the path, you can have the query string. It begins with a question mark. And then after the question mark, you have a series of query parameters. And in this case, we're going to have a query parameter called id. So we will just say id =, and then as we are generating this content, we are going to put the post id there. And then inside of our post.php file, we will retrieve that value and use that to display the post. So here we want to also output the id of the post. So we will do that by just taking what we've already done for displaying the title. And then just changing that to id. And this is going to give us a link. So whenever we view this in the browser, we're going to see links, and if we look in the lower left-hand corner, we can see that the URL is being built correctly. Both of these URLs have an ID query parameter then they have the appropriate value. So if we click on either one of these, it's going to take us to post.php. But of course we haven't implemented that file, so we don't see anything there. So let's go to post.php. And let's actually take the code from index and paste it into post, because we're going to reuse some of this. Now we are not going to retrieve all of our posts. Instead, we're going to write another function for retrieving an individual post, but we can also get rid of this foreach loop because we are going to display a single post. We aren't going to have to loop over multiple ones so we can get rid of that. And we can also really get rid of the link, because we are already on that page, we don't need a link to that page. Although that might be useful in a real world scenario. So, this is what our page is going to look like. And the first thing that we need to do is retrieve the value of that id query parameter. Well, we do that with the GET array. We specify the query parameter that we want to retrieve, that is the id, and so let's say that our id =, and we are using the GET array to retrieve the id. And then let's just go ahead and echo out id so that we can see that we are indeed getting the appropriate value. So if we refresh, we see the value of 1 in this case. If we change the value passed for id, we're going to see the value in the page. But also look at this, we can come in here and specify text as well. And in our case, that's not going to be very useful because the id for a post is a numeric value. So, we need to verify that the data being passed to our id parameter is what we expect it to be. Never, ever, ever trust the information given to us by the user, because that is essentially what is being done here. The user is inputting data in the form of query parameters. Now, they may not physically type in that data, but it is still considered user input. So, what we want to do is ensure that whatever is assigned to the id query parameter is a numeric value, and it also needs to be a positive value, because we don't have any negative numbers for our id's. In order to validate our data, we're going to use a function called filter var. This is a very useful function because it allows us to validate a variety of different types of data. We can ensure that our data is a numeric value, either an integer or a floating point number. Floating point numbers are basically decimal numbers. You could also validate if the data is a valid email address, or an IP address, or a MAC address, or a URL. There's a variety of options that we can use with the filter var function. So, we're going to say that id = filter var, and then we're going to pass in id. So we're going to take the information from our id query parameter, we're going to pass that to filter var. And we are going to say that we want to ensure that this is a valid integer value. And if it is, then it's going to assign that integer value to id. However, if it is an invalid value, so it could be something other than an integer value, it's going to assign the value of false. So we can do something like this. If id = false, then we have invalid data. So we're going to use something called die. This is basically just exit, and we'll say Invalid input. Ideally, we would do something a bit more but this is going to be fun in this case. But we also want to ensure that id is also a positive number, because id's start with a value of 1. So we could use or, so if id = false or if id is less than 1 then it's invalid input. And we can test that, we can go to the browser, we can refresh this page. And we don't see anything but that's exactly what we want, because we aren't outputting anything like we did before. So the only time we output something is when the id value is not valid. So if we say -1, we see that that is invalid input. If we pass in a string that is invalid input. If we try a floating point number that is invalid as well. So it has to be an integer value. So there we go, we have our data validated, which is what we want. And now we can write our function for retrieving an individual post. But before we do that, in order to retrieve an individual post, we have to do some of the same stuff that we are already doing, such as connecting to our database. So, we can write a helper function that we can call then to create our database objects. So, we'll just call this, getDb. And, we will paste in that code. We will return our Db. And so inside of getPosts, we can say this, db = getDb. And then our code is going to work. That's go into also make it so that our code for retrieving an individual post is going to be a little cleaner as well. Let's call this getPost. We are expecting an id, so we're going to have that as a parameter. And we don't have an array in this case. If there is a post with a given id, then we're just going to have a single record, so we don't need our records array. We don't really need this while loop either. Instead, all we really want to do is say row =, and we will fetch that object. So let's go ahead and do that and then we will simply return our row. But we do need to address our query here, because we are no longer just selecting all of our posts. We want to retrieve a post with a given id. So, we have select all from posts. Then we say, WHERE and then our condition. In this case we want to say that our column id = the value that we are passing to this function id. So let's go to post.php. After this if statement, we are going to retrieve our post. So let's uncomment this code, we will say post = getPost, we will pass in id, and then we will display that post in the browser. So if we go back and refresh the page, we see that this is the post for our first post, and I did that way too many times. So let's go back to index and we will click on This is the Second Post, and here we see the page for the second post. But what if somebody tries to retrieve a post with an id of 45? Well, we don't have a post with an id of 45. And all they see is a blank page. We need to say that, hey, this is not here. So, what we could do is after we try to get our post, we can see if we have an actual post, if post = null, well then we don't have a post with that id. So we can once again say die. We can say that, Not Found. We could be a little bit more descriptive and say that that blog post is not found or, well, there's a few other things that we could do, but this is going to be just fine. So if we go back, we can refresh the page and, vwala, see that that is not found. So our little web application is becoming a bit more dynamic. We are now taking input from the user and doing something with that input. But we can take it even a step further and start editing our posts through our web application, and we will start implementing that in the next lesson.