Page 1 of 1

Form script Fiasco!

Posted: Mon Apr 25, 2011 11:16 am
by cap2cap10
Greetings PHP Technorati. Ok another perplexing problem has arisen. My form processing script refuses to work. again, I ask that you enlighten me on the error of my ways! Here is the script:

Code: Select all

<?php
if (isset($_POST['submit_1']))
{
$candidateID = $_GET['candidateID'];
require 'open_db.php';

$resp_1 = filter_input(INPUT_POST, 'resp_1', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
If ($resp_1){
mysql_query("UPDATE prelim_db SET resp_1 = '$resp_1' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}
$resp_2 = filter_input(INPUT_POST, 'resp_2', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_2)){
mysql_query("UPDATE prelim_db SET resp_2 = '$resp_2' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_3 = filter_input(INPUT_POST, 'resp_3', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_3)){
mysql_query("UPDATE prelim_db SET resp_3 = '$resp_3' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_4 = filter_input(INPUT_POST, 'resp_4', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_4)){
mysql_query("UPDATE prelim_db SET resp_4 = '$resp_4' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_5 = filter_input(INPUT_POST, 'resp_5', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_5)){
mysql_query("UPDATE prelim_db SET resp_5 = '$resp_5' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_6 = filter_input(INPUT_POST, 'resp_6', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_6)){
mysql_query("UPDATE prelim_db SET resp_6 = '$resp_6' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_7 = filter_input(INPUT_POST, 'resp_7', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_7)){
mysql_query("UPDATE prelim_db SET resp_7 = '$resp_7' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_8 = filter_input(INPUT_POST, 'resp_8', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_8)){
mysql_query("UPDATE prelim_db SET resp_8 = '$resp_8' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_9 = filter_input(INPUT_POST, 'resp_9', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_9)){
mysql_query("UPDATE prelim_db SET resp_9 = '$resp_9' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_10 = filter_input(INPUT_POST, 'resp_10', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_10)){
mysql_query("UPDATE prelim_db SET resp_10 = '$resp_10' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_11 = filter_input(INPUT_POST, 'resp_11', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_11)){
mysql_query("UPDATE prelim_db SET resp_11 = '$resp_11' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_12 = filter_input(INPUT_POST, 'resp_12', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_12)){
mysql_query("UPDATE prelim_db SET resp_12 = '$resp_12' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_13 = filter_input(INPUT_POST, 'resp_13', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_13)){
mysql_query("UPDATE prelim_db SET resp_13 = '$resp_13' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_14 = filter_input(INPUT_POST, 'resp_14', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_14)){
mysql_query("UPDATE prelim_db SET resp_14 = '$resp_14' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}

$resp_15 = filter_input(INPUT_POST, 'resp_15', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
if ($resp_15){
mysql_query("UPDATE prelim_db SET resp_15 = '$resp_15' WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());
}
mysql_query("UPDATE prelim_db SET q_count = q_count + 1 WHERE candidateID = '$candidateID'")or die('Query failed: ' . mysql_error());

$prelim_db = mysql_query("SELECT * FROM prelim_db WHERE candidateID = '$candidateID'")
or die(mysql_error());
$row4 = mysql_fetch_array( $prelim_db );
}
mysql_close();
header("Location: ".$row4['interv'].".php?candidateID=$candidateID");
?>
All variables are correct. All requires files are correct but It will not add anything to the database. :banghead:
Any takers?


Thanks in advance,

Batoe

Re: Form script Fiasco!

Posted: Mon Apr 25, 2011 11:28 am
by superdezign
I find it quite odd that you make use of filter_input, yet you trust the GET variable. You should probably make sure it's an integer. Also, instead of assuming the button will be sent with the post (because in some browsers, it is not), use if (!empty($_POST)).

Anyway, a lot of your if-statements have extra closing parentheses on them, so you should be getting syntax errors.

On another note, you can greatly reduce the size of this code with a loop:

Code: Select all

for ($i = 1; $i <= 15; $i++) {
    $response = filter_input(INPUT_POST, 'resp_' . $i, FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);

    if (!empty($response)) {
        mysql_query("UPDATE prelim_db SET resp_$i = '$response' WHERE candidateID = '$candidateID'") or die('Query failed: ' . mysql_error());
    }
}

Re: Form script Fiasco!

Posted: Mon Apr 25, 2011 12:33 pm
by cap2cap10
Thanks! :drunk: It works great! I removed the Get method; just testing to see if information was being passed. For some reason , I have this aversion to "for each" statements. I will kick the habit though!

Thanks again~


Batoe

Re: Form script Fiasco!

Posted: Mon Apr 25, 2011 12:38 pm
by superdezign
If you used a loop, you wouldn't have run into this problem. Your first if-statement was fine. It was the copying and pasting that messed you up and made it harder to notice that you messed up.