Hello,
I'm new to arrays and am trying to use in_array() and array_search() to validate user input and convert the user input into a piece of SQL. The user submits a string, it's validated, and the SQL version is set. Below is the code I've assembled to do this. It appears to work when testing, but I just wanted a second opinion in case these array functions work differently than what I understand....
So when a user submits "StartsD", I want to make sure it's in the safe list of options, and then convert it to "event_starts DESC" which will be used later in a MySQL query.... Does the code below look okay....?
Thanks!
<?php
// Value submitted by user via drop-menu
$sortvalue = "StartsD";
// Array of safe options for validation and conversion to SQL "ORDER BY..."
$sortoptions = array("event_starts ASC" => "StartsA", "event_starts DESC" => "StartsD");
// Make sure the user submitted value is in the list of safe options
if(in_array("$sortvalue", $sortoptions)){
// If value is found in the array, get it's SQL equivalent for use in query
$sortby = array_search("$sortvalue", $sortoptions);
} else {
// A safe default in case nothing is found above
$sortby = "event_id ASC";
}
?>
