Problems reaching condition after second call to $PHP_SELF

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Ross
Forum Newbie
Posts: 9
Joined: Thu Feb 16, 2006 1:14 pm

Problems reaching condition after second call to $PHP_SELF

Post by Ross »

Hey All,

I've been screwing around with this code for a long while now and i've gotten no where. I figure my problem is that I am never able to execute the code inside if($edit). I've checked everything and it seems like it should be running fine. I use the same method of testing form variables for the first time through the page and everything works there.

My entire php file is below (including forms). Basically, you type in an 'id' number into a form, it retrieves that entry from the database and then asks you to alter the entry. However, the entry is never changed because once you hit the "edit" button, the code that should execute does not.

Any suggestions would be greatly appreciated. -ross

Code: Select all

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Tour Dates - Editing/Removal Center</title>
</head>

<body>
<div id="container">



<?php
	// Global Variables
	$SECURE_IMAGE_URL = "";
	$REDIRECT_URL = "";
	
	// Connect to database
	$db = mysql_connect("localhost", "...", "...");
	mysql_select_db("mydb", $db);
	$db_table = events;
	
	if($select){
	
	
	
		if($edit){
			
			/*$sql = "UPDATE  $db_table 
					SET  	DATE =  '$date',
							ESTABLISHMENT =  $establishment,
							CITY =  $city,
							TIME =  $time,
							MISC_INFO =  $misc_info'
					WHERE  	id = $idNumber					";*/
			
			// playing with db queries.
			$sql = "UPDATE $db_table SET DATE='0000-00-00' WHERE id = $idNumber"; 
					
			$result = mysql_query($sql, $db);
			
			// Redirect to pause and then reload form.
			printf("<div id =\"redirect_page\">
						<h1><span>Information Submitted!</span></h1> 
				
						<p><a href=\"%s\">Redirecting...</a></p>
					</div>", $REDIRECT_URL);
			printf("<meta HTTP-EQUIV=\"refresh\" content=5;url=\"%s\">", $REDIRECT_URL);
			
		
		}
		else if(!$edit){
			// Select the specified row
			$sql = "SELECT * FROM $db_table WHERE id = $idNumber";
			$result = mysql_query($sql, $db);
			$row = mysql_fetch_array($result);
			
			// Start a table for the fields of the database row
			printf("	<div id=\"selected_entry\">
							<table bgcolor=\"white\" border=\"0\" cellspacing=\"0\" cellpadding=\"3\">
								<h1>Current Values</h1>
								
								
							
					");
			
			// Print each field of the selected row
			$fieldName_array[] = "ID";
			$fieldName_array[] = "Date";
			$fieldName_array[] = "Est.";
			$fieldName_array[] = "City";
			$fieldName_array[] = "Time";
			$fieldName_array[] = "Misc";
			$num_of_fields = 6;
			$counter = 0;
			
			// Poor cohesion here, fix later.
			for($counter; $counter < $num_of_fields; ++$counter)
			{
				printf("			<tr>
										<td class=\"table_left\">%s</td>", $fieldName_array[$counter]);
				
				if($row[$counter] != $row["DATE"]){
					printf("			<td class=\"table_right\">%s</td>		
									</tr>", $row[$counter]);
				}
				else{
					printf("			<td class=\"table_right\">%s</td>		
									</tr>", date('M-d-y', strtotime($row["DATE"])));
				}
			}
			
			
			// Close up table
			printf("			
							</table>
						</div>				");
							
			
			//FORM ELEMENTS TO ADD NEW ENTRIES
			?>
			<div id="note">
				<p>Enter a new entry to replace the existing one. Do not omit any fields.</p>
			</div>
			
			<div id="loggedIn"><h2><span><img src="<?php echo $SECURE_IMAGE_URL; ?>" id="secure_pic"><br> Secure Area!</span></h2></div>
				<div id="editor_form">
					<form id="form_form" name="event" method="post" action="<?php $PHP_SELF ?>">
						<h1>Submit an Event into the Tour-Events Database</h1>
						<p><label for="date">Date of Event</label>			
						   <select name="month" id="month">
							<option selected>Month</option>
							<option value="01">Jan</option>
							<option value="02">Feb</option>
							<option value="03">Mar</option>
							<option value="04">Apr</option>
							<option value="05">May</option>
							<option value="06">Jun</option>
							<option value="07">Jul</option>
							<option value="08">Aug</option>
							<option value="09">Sept</option>
							<option value="10">Oct</option>
							<option value="11">Nov</option>
							<option value="12">Dec</option>
						  </select>
						  <select name="day" id="day">
							<option selected>Day</option>
							<option value="01">01</option>
							<option value="02">02</option>
							<option value="03">03</option>
							<option value="04">04</option>
							<option value="05">05</option>
							<option value="06">06</option>
							<option value="07">07</option>
							<option value="08">08</option>
							<option value="09">09</option>
							<option value="10">10</option>
							<option value="11">11</option>
							<option value="12">12</option>
							<option value="13">13</option>
							<option value="14">14</option>
							<option value="15">15</option>
							<option value="16">16</option>
							<option value="17">17</option>
							<option value="18">18</option>
							<option value="19">19</option>
							<option value="20">20</option>
							<option value="21">21</option>
							<option value="22">22</option>
							<option value="23">23</option>
							<option value="24">24</option>
							<option value="25">25</option>
							<option value="26">26</option>
							<option value="27">27</option>
							<option value="28">28</option>
							<option value="29">29</option>
							<option value="30">30</option>
							<option value="31">31</option>
						  </select>
						  <select name="year" id="year">
							<option value="2006" selected>2006</option>
							<option value="2007">2007</option>
							<option value="2008">2008</option>
							<option value="2009">2009</option>
							<option value="2010">2010</option>
							<option value="2011">2011</option>
							<option value="2012">2012</option>
							<option value="2013">2013</option>
							<option value="2014">2014</option>
							<option value="2015">2015</option>
						  </select></p>
						
						
						<p><label for="establishment">Place of Event (Establishment Name):</label>	
							<input name="establishment" type="text" id="establishment" size="20" maxlength="50"></input></p>
							
						<p><label for="city">City/State of Event:</label>					
							<input name="city" type="text" id="city" size="20" maxlength="50"></input></p>
							
						<p><label for="time">Time Interval of Event (HH:MM am/pm - HH:MM am/pm):</label>					
							<input name="time" type="text" id="time" size="20" maxlength="50"></input></p>
										
						<p><label for="misc_info">Misc. Details (Include directions, cost, etc):</label>		
							<textarea name="misc_info" cols="40" rows="10" id="misc_info"></textarea></p>
						
						<div id="form_buttons">
							<p>	<input name="edit" 		id="edit" 	type="submit" 	value="Edit" 	/>
								<input name="reset"		id="reset"	type="reset"	value="Reset" 	/></p>
						</div>
					</form>
	<?php
		}	
	}
	else{
			//print out all db rows
			$sql = "SELECT * FROM $db_table";
			$result = mysql_query($sql, $db);
			
			//If there are entries in the database
			if($row = mysql_fetch_array($result))
			{
				//We use this variable to specify the class of the table row
				$rowClass = "odd";
				$eventDate = date('Y-m-d', strtotime($row["DATE"]));
//				$curDate = date('Y-m-d', mktime(getdate()));	//This was giving me two hours off time
				$curDate = date('Y-m-d', gmmktime() + (-6 * 60 * 60)); 
				
				//Start HTML Table
				printf("		<table id=\"table\" border=\"0\" cellspacing=\"0\" padding=\"2\">
									<tr class=\"top_row\">
										<td>ID</td>
										<td>Date</td>
										<td>Establishment</td>
										<td>City</td>
										<td>Time</td>
										<td>Misc_Info</td>
									</tr>
									<tr>
						
				");
				
				
				
				//DO WHILE loop becacuse we've already called the first row of the db_table
				do{
					if($rowClass == "odd")
						$rowClass = "even";
					else if($rowClass == "even")
						$rowClass = "odd";
						
					
					
					if(strtotime($row["DATE"]) >= strtotime($curDate))
					{
					printf("
							<tr class = \"%s\">
								<td width=\"30\"> %s </td>
								<td width=\"65\"> %s </td>
								<td width=\"170\"> %s </td>
								<td width=\"100\"> %s </td>
								<td width=\"140\"> %s </td>
								<td> %s </td>
							</tr>",
							$rowClass,
							$row["id"],
							date('M-d-y', strtotime($row["DATE"])),
							$row["ESTABLISHMENT"],
							$row["CITY"],
							$row["TIME"],
							$row["MISC_INFO"]);
					}
				}while($row = mysql_fetch_array($result));
				
				//end table
				printf("</table>");
?>
			<form id="input_id_form" name="select_row_form" method="post" action="<?php $PHP_SELF ?>">
				<label for="idNumber">ID Number of the Event to Edit</label>
				<input name="idNumber" type="text" size="4" maxlength="4">
				<input name="select" type="submit" value="Select">
			</form>			
<?php			
			}
			else
				printf("Sorry, no database entries at this time.");
		}
		
?>



	
</div>


</body>
</html>
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Where are $select and $edit being set? I can't see where they get their values.

Another thing,

Code: Select all

<?php $db_table = events; ?>
Should be

Code: Select all

<?php $db_table = 'events'; ?>
... andso on throughout the script.
Ross
Forum Newbie
Posts: 9
Joined: Thu Feb 16, 2006 1:14 pm

Post by Ross »

$edit and $submit get their values from when their corresponding form buttons are pressed. Or atleast thats what I thought happened. I could be horribly wrong.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

That would assume that your register_blobals directive is set to on, which is a big security risk. I would recommend coding as though it were off and setting your vars to their respective $_GET, $_POST, $_COOKIE, $_SESSION array var values before using them in anything that you are doing.

Moving on, if register_globals is off, $edit will never be set so that if() will never trigger.
Ross
Forum Newbie
Posts: 9
Joined: Thu Feb 16, 2006 1:14 pm

Post by Ross »

But if registered_globals is off and $edit cannot be set, why is if($submit) passing?
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

$select is part of one form, $edit is part of another. That being said, $edit will never fire because $edit will never be sent with the form data that comes from the $select submit. Putting $edit inside of the if($select) conditional will virtually guarantee that it will never evaluate to true.
Ross
Forum Newbie
Posts: 9
Joined: Thu Feb 16, 2006 1:14 pm

Post by Ross »

Oh Sweet!

Everah, you have helped me learn a valueable lesson today about forms. Thank you very much. I've got to play around with the sql now but i'm reaching the redirect page so i know i'm close.

As for the registered_globals, i'll have to read some about them and try to use it. This is the first time i've heard of using them (I guess since the server my stuff is on runs PHP3). I might be back around with some more questions on that but as for now, i'm cool. Thanks again for the help.

-ross
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

There is a security issue with using $_SERVER['PHP_SELF']. If you use '#' as action you can also redirect the users to the same page where they posted the form (but without the security issue).

http://blog.phpdoc.info/index.php?url=a ... D=threaded
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Ross wrote:(I guess since the server my stuff is on runs PHP3)
PHP3! Whoa, your host needs to update, stat! Seriously, I would look at upgrading to at least PHP 4.4, if not to 5.
Post Reply