create
create.php – makes new todos
//Again, we are using Prosper
namespace Prosper;
//Configure Propser
require_once 'config.php';
if($_SERVER['REQUEST_METHOD'] == 'POST') {
//We have post data to process
Query::insert() //Perform an insert
->into('todo') //Into the 'todo' table
->values('title', $_POST) //Pull title from $_POST
->execute(); //Execute and return
//Redirect to the main page
header("Location: index.php");
} else {
//Pretty header
include_once 'header.php';
//Simple mark-up form action="create.php" method="POST"
create_form();
//Pretty footer
include_once 'footer.php';
}
Simple enough, but haven’t we left ourselves open for a sql injection attack? Prosper takes care of all that for you, so no need to worry about addslashes, mysql_real_escape_string, etc. Prosper chooses the correct escaping function for your backend. The values function can be called in one of two ways, we see above the convenient array pull method. We can pass any number of keys and a final array argument, we should read this as key, key, …, key from array. The more standard way to call the function is with an associative array. The convenience calling is meant to be used in the way it is above, pulling particular keys out of a larger array, like $_POST, $_GET or other superglobals.