Thanks for posting your suggestion.
When looking it over I found that there are some problems with the code you posted:
- It needs a bit of rewriting to be more secure.
- It currently requires manual entry of the site URL in the custom code
- Has an empty "else" clause, which can be removed
Here's an improved way:
Code:
// check for duplicates
$products_model = $_POST['products_model'];
$dups_query_raw = "SELECT products_model FROM " . TABLE_PRODUCTS . " WHERE products_model = :model ";
$dups_query_raw = $db->bindVars($dups_query_raw, ':model', $products_model, 'string');
$dups = $db->Execute($dups_query_raw);
if ($dups->RecordCount() > 0) {
$trigger_error = '<span style="color: red; font-size: 14pt; background-color: #FFFF00">
Product Model number ' . zen_output_string_protected($products_model) . ' already exists ' . $dups->RecordCount() . ' times!
<a href ="' . zen_href_link(FILENAME_CATEGORIES, 'search=' . zen_output_string_protected($products_model)) . '" target="_blank">Click Here</a> to view the duplicates.</span>';
echo $trigger_error;
}
It's still not multi-language friendly, so could use adjustments to handle that also.
Bookmarks