Did a program create a bad script?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
KeithO
Forum Newbie
Posts: 4
Joined: Sun Feb 08, 2004 4:25 pm

Did a program create a bad script?

Post by KeithO »

I used a program called PHP Database Wizard to create the PHP for a project I'm working on. I then started pulling the info into notepad then editing the html so that it was in the look I wanted to pull off what I need. However the update function does not work properly. Instead of updating the information, it only repulls the data from the MySQL db. Seeing as how I've only worked with PHP for a couple of weeks, can any of the experts here help me figure this out and get it running?

I am running the latest stable edtions of PHP, Apache (as a local host), and MySql.

I think it has something to do with those periods but I'm too inexperienced with this to figure out whats really going on.

Code: Select all

<?php
        require_once('Db\db_connection.php');
        global $MyDb;
	
        $actPage = $HTTP_SERVER_VARS&#1111;"PHP_SELF"];
        $maxRows = 24;
        $pageNr  = 0;
        $rowbg = 'true';

        $pageNr   = $_POST&#1111;'pageNr'];
        $orderSql = $_POST&#1111;'orderSql'];


        $selectAllSql  = "SELECT * FROM txtprices ".$filterSql;
        $ResultAll     = $MyDb->f_ExecuteSql($selectAllSql);
        $ResultAllRows = $MyDb->f_GetSelectedRows($ResultAll);

        $startRow = $pageNr * $maxRows;
 
        $selectSql = "SELECT * FROM txtprices";
        $limitSql  = " LIMIT ".$startRow." , ".$maxRows;
        $selectSql = $selectSql.$filterSql.$orderSql.$limitSql;

        $Result        = $MyDb->f_ExecuteSql($selectSql);
        $Resultset     = $MyDb->f_GetRecord($Result);
        $ResultRowNr   = $MyDb->f_GetSelectedRows($Result);
        $actRow=0;
?>

<html>
<head>
 <title>Ticket Prices</title>
 <link href="Style/style.css" rel="stylesheet" type="text/css">
 <script languange="javascript" src="Scripts/script.js"></script>
</head>
<body>

<form name="UpdateForm" method="post" action="<?php echo $PHP_SELF ?>">
<table width="330" border="0" align="center" cellpadding="0" cellspacing="0" class="tableborder">
 <tr>
  <td>
   <table border="0" cellspacing="0" cellpadding="0" width="100%">
    <tr>
     <th class="th1" width="70">Ticket ID</th>
     <th class="th1" width="130">Ticket Type</th>
     <th class="th1">Regular Prices</th>
     <th class="th1">Group Prices</th>
    </tr>
     	<?php do &#123; ?>
    <tr <?php if ($rowbg =='true') &#123; $rowbg='false'; echo 'class="tr1"';&#125; else &#123; $rowbg='true'; echo 'class="tr2"';&#125;  echo "onMouseOver="this.className='tract'""; if ($rowbg == 'true') echo ' onMouseOut="this.className=''tr2''"'; else echo 'onMouseOut="this.className=''tr1''"';?> >
     <td class="td1"><font face="verdana" color="#000000"><?php if ($Resultset&#1111;'txtid'] != "") echo $Resultset&#1111;'txtid']; else echo "&nbsp;";?> </font></td>
     <td class="td1"><font face="verdana" color="#000000"><?php if ($Resultset&#1111;'type'] != "") echo $Resultset&#1111;'type']; else echo "&nbsp;";?> </font></td>
      <td class="td1" align="center">
       <input class="input_normal"
               type="text"
               name="rprices"
               id="rprices"
               value="<?php echo $Resultset&#1111;'rprices']; ?>"
               size="10"
               maxlength="7"
               onFocus="this.className='inputact'"
               onBlur="this.className='inputOk'">
      </td>      
      <td class="td1" align="center">
       <input class="input_normal"
               type="text"
               name="gprices"
               id="gprices"
               value="<?php echo $Resultset&#1111;'gprices']; ?>"
               size="10"
               maxlength="7"
               onFocus="this.className='inputact'"
               onBlur="this.className='inputOk'">
      </td>
    </tr>
	<?php &#125; while ($Resultset = $MyDb->f_GetRecord($Result)); ?>
   </table>
  </td>
 </tr>
</table>
<center><input type="image" src="Images/update.gif" name="SubmitForm" border=0></center>
</form>
</body>
</html>

<?php
 $updateSql = "UPDATE txtprices SET "
 .",rprices="".$_POST&#1111;'rprices']."""
 .",gprices="".$_POST&#1111;'gprices']."""
 ." WHERE  = '".$_GET&#1111;'']."'";
 $MyDb->f_ExecuteSql($updateSql);
?>
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

The problem is with the WHERE part of the query. Before it wasn't specifying anything, it just said WHERE = '', when it should be more like WHERE id='$id'.

#1. Add in this inside of the form:

Code: Select all

<input type="hidden" name="txtid" value="<?php echo $Resultset&#1111;'txtid']; ?>">
#2. Change the query to:

Code: Select all

$updateSql = "UPDATE txtprices SET rprices='" . $_POST&#1111;'rprices'] . "', gprices='" . $_POST&#1111;'gprices'] . "' WHERE  txtid= '" . $_POST&#1111;'txtid'] . "'";
KeithO
Forum Newbie
Posts: 4
Joined: Sun Feb 08, 2004 4:25 pm

Post by KeithO »

I copy and pasted that in to no avail. I placed the

Code: Select all

<input type="hidden" name="txtid" value="<?php echo $Resultset&#1111;'txtid']; ?>">
line on the line after the submit button. Is there something else I am missing?
User avatar
DuFF
Forum Contributor
Posts: 495
Joined: Tue Jun 24, 2003 7:49 pm
Location: USA

Post by DuFF »

Try seeing what the query looks like. Fill out the form and press submit after replacing the bottom code with:

Code: Select all

<?php
$updateSql = "UPDATE txtprices SET rprices='" . $_POST['rprices'] . "', gprices='" . $_POST['gprices'] . "' WHERE  txtid= '" . $_POST['txtid'] . "'";
echo $updateSql; //ECHO FOR DEBUGGING
$MyDb->f_ExecuteSql($updateSql);
?>
There is probably something wrong with the query.
KeithO
Forum Newbie
Posts: 4
Joined: Sun Feb 08, 2004 4:25 pm

Post by KeithO »

all that happens is that it refreshes the page. I'm wondering if maybe its not actually getting to the updatesql portion.
KeithO
Forum Newbie
Posts: 4
Joined: Sun Feb 08, 2004 4:25 pm

Post by KeithO »

help?
User avatar
Michael 01
Forum Commoner
Posts: 87
Joined: Wed Feb 04, 2004 12:26 am

Post by Michael 01 »

It seems that this is like the 5th topic on SQL that involves using $_post variables within the SQL query, so now I am starting to second guess myself a bit.

Maybe somebody could clear this up for me, but I have been very successful with just using set variables with the addslashes and htmspecialchars funtion, and than placing the variables within the SQL query.

Is there any difference, or should I say, any reason not to do it this way? Has the way that I have been doing, been ruled out for the $_post method because of security concerns? 8O
User avatar
Michael 01
Forum Commoner
Posts: 87
Joined: Wed Feb 04, 2004 12:26 am

Post by Michael 01 »

At any rate, you would be better off just to make a single SQL statement in this case, rather than the function sets you have above for the SQL statement. Adding Java into a SQL return probably should not be done either because there really is nothing defined differently than what a normal HTML drop-down could pull off.

My 2 cents on the problem. :wink:
Post Reply