Page 1 of 1

[While] Generate a button with a name that i can use later.

Posted: Thu Jan 28, 2010 12:40 pm
by Goofan
can someone tell me what is wrong with my code:

It is supposed to generate a button with a users name as value and a specific number "saved_id" as name. I should be able to take the name of the button so that I can use it later. Exampel: if button 1 is generated to have the name 1, button 2 is generated to have the name 2. I should be able press the button and put the number into my database. With my current code that dont work as it generates the numbers then it savs the last number given out "this case 5". then only that i can use "still i get a parse error:
Notice: Undefined index: Num_5 in C:\Program Files\wamp\www\mine\Projektarbete\sidor\Attack.php on line 49

Code: Select all

 
<?php
include "../login/database.php";
  $id =(isset($_GET['saved_id'])) ? (int)$_GET['saved_id'] : false;
    if($id !== false)
 {
    $sql="SELECT * FROM konto WHERE saved_id=$id";      //selecting all from DB "Konto" where saved_id is the same as in the array $id
 }
    else
 {
    echo "NO saved_id!";
 }
$result = mysql_query($sql) or die("Kunde inte lägga till ny text:<br />" . mysql_error());//Skicka info till tabell.
                 
while($row = mysql_fetch_array( $result ))      //fetching info from file and putting it in $row
{
    
}
?>
<?php
include "../login/database.php";
 
  $id =(isset($_GET['saved_id'])) ? (int)$_GET['saved_id'] : false;
    if($id !== false)
 {
    $sql="SELECT * FROM konto";      //selecting all from DB "Konto" where saved_id is the same as in the array $id
 }
    else
 {
    echo "NO saved_id!";
 }
$result = mysql_query($sql) or die("Kunde inte lägga till ny text:<br />" . mysql_error());//Skicka info till tabell.
        
while($row = mysql_fetch_array( $result ))      //fetching info from file and putting it in $row
{
        $user=$row['user'];
        $enemy_id=$row['saved_id'];
        echo '<form action="" method="post" ENCTYPE="multipart/form-data">';
        echo '<input style="width:75;height:25;font-weight:bold" name=Num_'.$enemy_id .' type="submit" value='.$user.'>';
        echo '</form>';
        
 
}
if (($_POST["Num_".$enemy_id]))
{
    $sql="UPDATE konto SET enemy_id=$enemy_id WHERE saved_id=$id";//Sätt upp SQL fråga.
    $result = mysql_query($sql) or die(mysql_error());//Välj all info i tabell.
}
 
?> 
 

If i press the button it should update the database and SET the $enemy_id (specified number) into the database so that i can use the number "of the database" later.

Re: [While] Generate a button with a name that i can use later.

Posted: Thu Jan 28, 2010 4:51 pm
by dgreenhouse
I haven't fully reviewed your code yet, but I'd change the assignment and conditional to this:

Code: Select all

 
$id = (int) (isset($_GET['saved_id']) ? $_GET['saved_id'] : 0);
if (!$id) {
...
...
}
 
Also, your button creation statement should be this:
(note the added double parentheses encapsulating: Num_'.$enemy_id & $user and the terminating ; after the styling attributes.
the terminating ; is a good habit to form in case you add additional styling attributes in the future.)

Code: Select all

 
...
echo '<input style="width:75;height:25;font-weight:bold;" name=[i]"[/i]Num_'.$enemy_id .'[i]"[/i] type="submit" value=[i]"[/i]'.$user.'[i]"[/i]>';
...
 
And depending on your DOCTYPE; which doesn't appear to be set, you should end the input element with a space before the close:

Code: Select all

 
echo '<input style="width:75;height:25;font-weight:bold;" name="Num_'.$enemy_id .'" type="submit" value="'.$user.'" [b]/>[/b]';
 
Finally, in: if (($_POST["Num_".$enemy_id])), $_POST["Num_".$enemy_id]] should be validated for type and length and cleansed of any extraneous characters before used in a query to guard against SQL injection attacks. The coercion; using (int), of the $id assignment shown, automatically protects against injection attacks.

Re: [While] Generate a button with a name that i can use later.

Posted: Fri Jan 29, 2010 7:38 am
by Goofan
ok i dont really see if uve solved the "problem" or if you have only made a few improvments. Anyway thanks both ways.. :D