Form script Fiasco!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

Form script Fiasco!

Post by cap2cap10 »

Greetings PHP Technorati. Ok another perplexing problem has arisen. My form processing script refuses to work. again, I ask that you enlighten me on the error of my ways! Here is the script:

Code: Select all

<?php
if (isset($_POST['submit_1']))
{
$candidateID = $_GET['candidateID'];
require 'open_db.php';

$resp_1 = filter_input(INPUT_POST, 'resp_1', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
If ($resp_1){
mysql_query("UPDATE prelim_db SET resp_1 = '$resp_1' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}
$resp_2 = filter_input(INPUT_POST, 'resp_2', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_2)){
mysql_query("UPDATE prelim_db SET resp_2 = '$resp_2' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_3 = filter_input(INPUT_POST, 'resp_3', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_3)){
mysql_query("UPDATE prelim_db SET resp_3 = '$resp_3' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_4 = filter_input(INPUT_POST, 'resp_4', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_4)){
mysql_query("UPDATE prelim_db SET resp_4 = '$resp_4' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_5 = filter_input(INPUT_POST, 'resp_5', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_5)){
mysql_query("UPDATE prelim_db SET resp_5 = '$resp_5' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_6 = filter_input(INPUT_POST, 'resp_6', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_6)){
mysql_query("UPDATE prelim_db SET resp_6 = '$resp_6' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_7 = filter_input(INPUT_POST, 'resp_7', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_7)){
mysql_query("UPDATE prelim_db SET resp_7 = '$resp_7' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_8 = filter_input(INPUT_POST, 'resp_8', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_8)){
mysql_query("UPDATE prelim_db SET resp_8 = '$resp_8' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_9 = filter_input(INPUT_POST, 'resp_9', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_9)){
mysql_query("UPDATE prelim_db SET resp_9 = '$resp_9' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_10 = filter_input(INPUT_POST, 'resp_10', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_10)){
mysql_query("UPDATE prelim_db SET resp_10 = '$resp_10' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_11 = filter_input(INPUT_POST, 'resp_11', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_11)){
mysql_query("UPDATE prelim_db SET resp_11 = '$resp_11' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_12 = filter_input(INPUT_POST, 'resp_12', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_12)){
mysql_query("UPDATE prelim_db SET resp_12 = '$resp_12' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_13 = filter_input(INPUT_POST, 'resp_13', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_13)){
mysql_query("UPDATE prelim_db SET resp_13 = '$resp_13' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_14 = filter_input(INPUT_POST, 'resp_14', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_14)){
mysql_query("UPDATE prelim_db SET resp_14 = '$resp_14' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_15 = filter_input(INPUT_POST, 'resp_15', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_15){
mysql_query("UPDATE prelim_db SET resp_15 = '$resp_15' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}
mysql_query("UPDATE prelim_db SET q_count = q_count + 1 WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());

$prelim_db = mysql_query("SELECT * FROM prelim_db WHERE candidateID = '$candidateID'")
or die(mysql_error());
$row4 = mysql_fetch_array( $prelim_db );
}
mysql_close();
header("Location: ".$row4['interv'].".php?candidateID=$candidateID");
?>
All variables are correct. All requires files are correct but It will not add anything to the database. :banghead:
Any takers?


Thanks in advance,

Batoe
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: Form script Fiasco!

Post by superdezign »

I find it quite odd that you make use of filter_input, yet you trust the GET variable. You should probably make sure it's an integer. Also, instead of assuming the button will be sent with the post (because in some browsers, it is not), use if (!empty($_POST)).

Anyway, a lot of your if-statements have extra closing parentheses on them, so you should be getting syntax errors.

On another note, you can greatly reduce the size of this code with a loop:

Code: Select all

for ($i = 1; $i <= 15; $i++) {
    $response = filter_input(INPUT_POST, 'resp_' . $i, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);

    if (!empty($response)) {
        mysql_query("UPDATE prelim_db SET resp_$i = '$response' WHERE candidateID = '$candidateID'") or die('Query failed: ' . mysql_error());
    }
}
User avatar
cap2cap10
Forum Contributor
Posts: 158
Joined: Mon Apr 14, 2008 11:06 pm

Re: Form script Fiasco!

Post by cap2cap10 »

Thanks! :drunk: It works great! I removed the Get method; just testing to see if information was being passed. For some reason , I have this aversion to "for each" statements. I will kick the habit though!

Thanks again~


Batoe
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Re: Form script Fiasco!

Post by superdezign »

If you used a loop, you wouldn't have run into this problem. Your first if-statement was fine. It was the copying and pasting that messed you up and made it harder to notice that you messed up.
Post Reply