Our first module, part 6: processing the form results

We’ve built the form to allow users to place a bid for an auction and set up an action method in our module to send the submitted data to. Let’s read that submitted data and add it to our database of bids.

In the previous article, we set up the place_bid() function to receive the form submission. To check place_bids() is actually getting the form data, we’ll add a line to display any POST-ed data:

public function place_bid() {
$_POST );

If we submit a bid for one our auctions we should now see:

[XID] => 781a30d69d42b2e054bae0fe4a29db4767757caa
=> 1390
=> 25032029
=> 1
=> 10.00
=> Place bid

We can see that the inputs entry_id and bid_amount that we defined in the form are there, along with a few others. The ACT value denotes the id of the action that we set up previously (ie, the place_bids function) and ExpressionEngine has added the XID and site_id values. The site_id is used to determine which site is being used when Multiple Site Manager is installed (by default it uses the value ‘1’). We’ll explain the XID value in another part.

Fetching the data

While we can use the $_POST array to get the submitted values, EE provides a better alternative using the Input class.

The class is loaded by EE and automatically cleans up any input data (eg, POST/GET/COOKIE) provided. It also provides a handful of helper functions.

The $this->EE->input->post() function is a function to access data POSTed to the system by a form, eg:

$entry_id $this->EE->input->post("entry_id"TRUE); 

will look for entry_id element of the $_POST array and return it, or FALSE it is does not exist. The optional second parameter (TRUE) tells the function to also apply the built-in xss_clean() function to the data to remove any potential cross-site scripting (XSS) attempts.

Adding the bid to the database

If we recall in part 3 we created a database to store the details of all the bids. The database had 5 fields:

  • id
  • entry_id
  • member_id
  • bid_amount
  • bid_date

We have the entry_id and bid_amount from the form, and the id field will be automatically generated as a primary key for the row, which leaves just member_id and bid_date to find.

The form to place a bid was only available to registered and logged-in users, so we can be confident that the bid was placed by a valid member. The Session class stores information about the current member and the userdata function can be used to retrieve the visitor’s member_id:

$member_id $this->EE->session->userdata('member_id'); 

The Localization class allows you to fetch the current time:

$bid_date $this->EE->localize->now

CodeIgniter’s Active Record Database class makes inserting this bid as simple as adding the data to an array and passing it (with the table name) to the insert function:

$data = array(
"entry_id" => $entry_id,
"member_id" => $member_id,
"bid_amount" => $bid_amount,
"bid_date" => $bid_date

(Note: we’d normally want to do some validation of the data before adding it to the database - we’ll come back to that in a future article).

What next?

After submitting the form, it’s likely we’d want to display a success message and return the user back to the site.

For the time being, we’ll keep this simple, again using some of EE’s built-in functions:

$ret $this->EE->functions->fetch_site_index();

$data = array(
'title' => 'Thanks for your bid',
'heading' => 'Thanks for your bid',
'content' => "Your bid has been successfully placed",
'link' => array($ret"Back to site")

The Function class’s fetch_site_index() method will return the URL of the site’s homepage. This is where we’ll send users (for now) once the have placed their bid.

The Output class has a show_message() function that will display a ‘standard’ EE message box.

ExpressionEngine output message

It takes 4 parameters:

  • title sets the browser window’s title
  • heading sets the message box’s heading
  • content provides the message to display
  • link is an array containing the URL to return to, and the return link’s text


There’s still some work to do on the form processing before we can be happy with it (eg, validation), but we now have a form that accepts the visitor’s bid and stores it in the database.



Add a comment

Commenting is not available in this channel entry.