Page 1 of 1

Verifing multiple fields...

Posted: Sat Feb 26, 2005 11:33 pm
by neon068
I want to make it so if the codesql value in the database does not equal the one provided in the browser link, then DIE! :-D But if it does equal, then continue on with the script... pretty simple eh? Well not for me, I'm having a day... :( Anyways here it is...

https://www.serasfinancial.com/testing/ ... &xcode=123

As you see above, the id should be 1 and the xcode for that id is 123.

Username: test
Pass: test123

Current coding...

Code: Select all

<?
    include_once ( 'config.php' );
    $id = $_GET&#1111;'id'];
    $xcode = $_GET&#1111;'xcode'];


$query = "select codesql
    from clients
    where id = $id";

$result = mysql_query($query);
$xcodemysql=mysql_fetch_assoc($result);
if ( ( $xcode ) != ( $xcodemysql ) ); &#123;
  die ( 'Your xcode is invalid' ); 
&#125; else &#123;
   

    
    if ( isset ( $_REQUEST&#1111;'id'] ) && ! empty ( $_REQUEST&#1111;'id'] ) )
    &#123;

        if ( strtolower ( $_SERVER&#1111;'REQUEST_METHOD'] ) == 'post' )
        &#123;
            $query = array ();

            if ( isset ( $_POST&#1111;'firstname'] ) && ! empty ( $_POST&#1111;'firstname'] ) )
            &#123;
                $query&#1111;] = "firstname = '" . mysql_real_escape_string ( $_POST&#1111;'firstname'] ) . "'";
            &#125;

            if ( isset ( $_POST&#1111;'lastname'] ) && ! empty ( $_POST&#1111;'lastname'] ) )
            &#123;
                $query&#1111;] = "lastname = '" . mysql_real_escape_string ( $_POST&#1111;'lastname'] ) . "'";
            &#125;

            if ( isset ( $_POST&#1111;'email'] ) && ! empty ( $_POST&#1111;'email'] ) )
            &#123;
                $query&#1111;] = "email = '" . mysql_real_escape_string ( $_POST&#1111;'email'] ) . "'";
            &#125;

            if ( ! empty ( $query ) )
            &#123;

                $result = "UPDATE clients SET " . implode ( ', ', $query ) . " WHERE id = '" . mysql_real_escape_string ( $_REQUEST&#1111;'id'] ) . "'";

                mysql_query ( $result ) or die ( 'UPDATE ERROR: ' . mysql_error () );

                echo '<b>Thank you! client UPDATED Successfully!<br>';
                echo '<meta http-equiv=Refresh content=2;url=index.php>';
            &#125;
            else
            &#123;
                echo 'the request did not contain any valid data, try again';
                echo '<meta http-equiv=Refresh content=2;url=' . $SERVER&#1111;'PHP_SELF'] . '?id=' . $_REQUEST&#1111;'id'] .'>';
            &#125;
        &#125;
        else
        &#123;

            $result = "SELECT firstname, lastname, email FROM clients WHERE id = " . (int)$_REQUEST&#1111;'id'];

            $r = mysql_query ( $result ) or die ( 'SELECT ERROR: ' . mysql_error () );

            if ( mysql_num_rows ( $r ) > 0 )
            &#123;
                $form = mysql_fetch_assoc ( $r );
?>

<h3>Edit Clients</h3>

<form method="post" action="<?=$_SERVER&#1111;'PHP_SELF'];?>">

<?
$id = (int)$_REQUEST&#1111;'id'];
?>
<input type="hidden" name="id" value="<?=$id?>">

firstname: <input name="firstname" size="50" maxlength="50" value="<?=htmlentities($form&#1111;'firstname']);?>">
<br>
lastname: <input name="lastname"  size="50" maxlength="50" value="<?=htmlentities($form&#1111;'lastname']);?>">
<br>
email: <input name="email" size="50" maxlength="50" value="<?=htmlentities($form&#1111;'email']);?>">
<br>
<input type="submit" name="submit" value="Update Client">
</form>

<?

            &#125;
            else
            &#123;
                die ( 'QUERY ERROR: the id is not valid' );
            &#125;
        &#125;
    &#125;
    else
    &#123;
        echo 'the request is missing data';
    &#125;
&#125;

?>

Posted: Sat Feb 26, 2005 11:42 pm
by feyd

Code: Select all

$xcodemysql&#1111;'codesql']

Posted: Sat Feb 26, 2005 11:49 pm
by neon068

Code: Select all

$query = "select codesql
    from clients
    where id = $id";

$result = mysql_query($query);
$xcodemysql&#1111;'codesql']=mysql_fetch_assoc($result);
if ( ( $xcode ) != ( $xcodemysql ) ); &#123;
  die ( 'Your xcode is invalid' );
&#125; else &#123;
I get
Parse error: parse error, unexpected T_ELSE in edit.php on line 15
which is the else statement. Do I have the else set up wrong?

Posted: Sat Feb 26, 2005 11:56 pm
by feyd
  1. remove the semicolon in the 'if' line.
  2. change the mysql_fetch_assoc() line back to original.
  3. change $xcodemysql in the 'if' line to $xcodemysql['codesql']