for-if loop. Why does this not work????

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Clukey
Forum Commoner
Posts: 60
Joined: Fri Apr 21, 2006 9:05 pm

for-if loop. Why does this not work????

Post by Clukey »

This is part of a code for a registration page, and both adults and children, but has different codes for both of them. When I run this code with 2 adults and 2 children it only rarely inserts all four, most of the time its three and sometimes it's only one or two, and I can't figure out why.

Code: Select all

for ($i=1;$i<=$totalPeople;$i++) {
	if ($i<=$numAdults) {
		$adult_child = "adult";
		$fullName = $HTTP_POST_VARS['adultName' . $i];
		$parent_guardian = "";
		$phNum = $HTTP_POST_VARS['adultPhNum' . $i];
		$email = $HTTP_POST_VARS['adultEmail' . $i];
		$address = $HTTP_POST_VARS['adultAddress' . $i];
		$city = $HTTP_POST_VARS['adultCity' . $i];
		$state = $HTTP_POST_VARS['adultState' . $i];
		$zip = $HTTP_POST_VARS['adultZip' . $i];
		$shirtSize = $HTTP_POST_VARS['adultShirtSize' . $i];
		$IdNum;
		for ($y=0; $y<30; $y++) {
			$IdNum .= chr(mt_rand(35, 126));
		}
		$sql2 = sprintf("INSERT INTO people (IdNum, payerIdNum, adultChild, fullName, parentGuardian, phNum, email, address, city, state, zip, shirtSize) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
			GetSQLValueString($IdNum, "text"),
			GetSQLValueString($payerIdNum, "int"),
			GetSQLValueString($adult_child, "text"),
			GetSQLValueString($fullName, "text"),
			GetSQLValueString($parent_guardian, "text"),
			GetSQLValueString($phNum, "text"),
			GetSQLValueString($email, "text"),
			GetSQLValueString($address, "text"),
			GetSQLValueString($city, "text"),
			GetSQLValueString($state, "text"),
			GetSQLValueString($zip, "int"),
			GetSQLValueString($shirtSize, "text"));
		mysql_query($sql2, $RR);
	} else {
		$x = $i - $numAdults;
		$adult_child = "child";
		$fullName = $HTTP_POST_VARS['childName' . $x];
		$parent_guardian = $HTTP_POST_VARS['childParent-guardian' . $x];
		$phNum = $HTTP_POST_VARS['childPhNum' . $x];
		$email = $HTTP_POST_VARS['childEmail' . $x];
		$address = $HTTP_POST_VARS['childAddress' . $x];
		$city = $HTTP_POST_VARS['childCity' . $x];
		$state = $HTTP_POST_VARS['childState' . $x];
		$zip = $HTTP_POST_VARS['childZip' . $x];
		$shirtSize = $HTTP_POST_VARS['childShirtSize' . $x];
		$IdNum;
		for ($z=0; $z<30; $z++) {
			$IdNum .= chr(mt_rand(35, 126));
		}
		$sql2 = sprintf("INSERT INTO people (IdNum, payerIdNum, adultChild, fullName, parentGuardian, phNum, email, address, city, state, zip, shirtSize) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
			GetSQLValueString($IdNum, "text"),
			GetSQLValueString($payerIdNum, "int"),
			GetSQLValueString($adult_child, "text"),
			GetSQLValueString($fullName, "text"),
			GetSQLValueString($parent_guardian, "text"),
			GetSQLValueString($phNum, "text"),
			GetSQLValueString($email, "text"),
			GetSQLValueString($address, "text"),
			GetSQLValueString($city, "text"),
			GetSQLValueString($state, "text"),
			GetSQLValueString($zip, "int"),
			GetSQLValueString($shirtSize, "text"));
		mysql_query($sql2, $RR);
	}
	$IdNum = "";
}

Thanks
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Post by Christopher »

What are the values of $totalPeople and $numAdults? Before the loop add:

Code: Select all

echo "totalPeople=$totalPeople, numAdults=$numAdults<br/>";
It could also be that your are not really escaping the values that you are inserting so the SQL my be invalid. Checking for errors after a query is a good practice.
(#10850)
Clukey
Forum Commoner
Posts: 60
Joined: Fri Apr 21, 2006 9:05 pm

Post by Clukey »

I tried that just now and it says that totalPeople=4 and numAdults=2, but it is still being fickle

and there were no errors in the log
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

I spent a long time looking over that and the logic seems fine.
Add...

Code: Select all

ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);
...to the top of your script and change your query line to...

Code: Select all

mysql_query($sql2, $RR) or die('Query Error: ' . mysql_error($RR) . ' -- ' . $sql2);
...and show us the definition of GetSQLValueString()
Clukey
Forum Commoner
Posts: 60
Joined: Fri Apr 21, 2006 9:05 pm

Post by Clukey »

I added those codes, and it returned this:
Query Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '6cByDp:G,@(MA?5aJV7VF(dm', 2147483647, 'adult', 'Adult 1', NULL, '111-111-1111',' at line 1 -- INSERT INTO people (IdNum, payerIdNum, adultChild, fullName, parentGuardian, phNum, email, address, city, state, zip, shirtSize) VALUES ('YRI*t'6cByDp:G,@(MA?5aJV7VF(dm', 2147483647, 'adult', 'Adult 1', NULL, '111-111-1111', '111@111.com', '111 One Lane', 'Wonsville', 'WO', 11111, 'small')
Then I did it again and it returned this:
Query Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '[ZU', 2147483647, 'adult', 'Adult 2', NULL, '222-222-2222', '222@222.com', '222 ' at line 1 -- INSERT INTO people (IdNum, payerIdNum, adultChild, fullName, parentGuardian, phNum, email, address, city, state, zip, shirtSize) VALUES (']?SG:}2@BSwF(2zl/v9fmi)o
For the idNum I have it picking 30 random characters so could that mess it up if it picks like a " or a '??

And what did you mean by "show us the definition of GetSQLValueString()"?

Thanks
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

The way you generate IdNum is not correct, sometimes it adds a quote to the string which breaks the SQL.
Drop this entirely and just use the DB autoincrement feature with an INT index.
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

use

Code: Select all

mysql_real_escape_string()
to prevent " characters mucking it up. Missing this out it a serious security risk called an SQL Injection vulnerability.
And what did you mean by "show us the definition of GetSQLValueString()"?
This is the definition of a function called addNums

Code: Select all

function addNums($a, $b)
{
    return $a + $b;
}
show me that for GetSQLValueString() :), its likely you will want to put mysql_real_escape_string in there.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Last I saw, GetSQLValueString was a function supplied by Macromedia Dreamweaver... While I can (barely) understand the wish to use Dreamweaver, their function is quite antiquated.
Clukey
Forum Commoner
Posts: 60
Joined: Fri Apr 21, 2006 9:05 pm

Post by Clukey »

feyd is right it is supplied by dreamweaver I just copied and pasted it into my code, and it is this:

Code: Select all

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
And a note about dreamweaver being antiquated this is dreamweaver v6 so the new ones might be better, but I wouldn't know.

Thanks
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

try this:

Code: Select all

function GetSQLValueString($v) 
{
    if (is_numeric($v)) {
        // these are added just as they are, only in string form
        $inputDb = (string)$v;
    } else if (is_null($v) or $v === '') {
        // nulls and empty strings are added as SQL NULL literals
        $inputDb = 'NULL';
    } else if (is_string($v)) {
        // a string needed to be quoted and escaped
        $inputDb = '\''. mysql_real_escape_string($v) . '\'';
    } else if (is_bool($v)) {
        // booleans are added as '0' and '1' for portibility
        $inputDb = (string)(int)$v;
    } else if (is_object($v) or (is_array($v))) {
        // objects and arrays are added as escaped, quoted, serialize versions of themselves
        // serialize is a good choice because of __sleep() magic method
        $inputDb = '\''. mysql_real_escape_string(serialize($v)) . '\'';
    } else {
        die('Unhandled type: ' . gettype($v) . ' ' . __FUNCTION__);
    }
}
...you don't need to specify a second argument with this.
Clukey
Forum Commoner
Posts: 60
Joined: Fri Apr 21, 2006 9:05 pm

Post by Clukey »

I just tried adding your GetSQLValueString function and I got rid of the second argument and it returned this error:
Query Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' , , , , , , , , , , )' at line 1 -- INSERT INTO people (IdNum, payerIdNum, adultChild, fullName, parentGuardian, phNum, email, address, city, state, zip, shirtSize) VALUES (, , , , , , , , , , , )
It looks like your function isn't returning anything, is it supposed to have a

Code: Select all

return $inputDb;
at the end of it?
User avatar
Ollie Saunders
DevNet Master
Posts: 3179
Joined: Tue May 24, 2005 6:01 pm
Location: UK

Post by Ollie Saunders »

is it supposed to have a

Code: Select all

return $inputDb;
at the end of it?
Yep. That it be.
Sorry I adapted it something else and quickly patched it.
Clukey
Forum Commoner
Posts: 60
Joined: Fri Apr 21, 2006 9:05 pm

Post by Clukey »

Thanks that fixed it, but now that I did that is't giving me a different problem. The following code comes right before the code I posted in my first post, and is the information for the purchaser of the registration and is entered into a different table within the same database. I give the payer an id num called $payerIdNum which I also enter into the registrants records, and it is a 30 digit number, and in the registrants record it is correct, but in the payer's record it is a complety different number, and odly enough it is always the same 10 digit number! Why is this??

Code: Select all

$payerIdNum = "";
for ($i=0; $i<30; $i++) {
	$payerIdNum .= chr(mt_rand(48, 57));
}
	$sql = sprintf("INSERT INTO payers (idNum, fullName, phNum, email, address, city, state, zip, numAdults, numChilds, cardLast4, cardExpM, cardExpY, small, medium, large, xl, 2xl, 3xl, reunionDocumentary, price) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
		GetSQLValueString($payerIdNum),
		GetSQLValueString($payerName),
		GetSQLValueString($payerPhNum),
		GetSQLValueString($payerEmail),
		GetSQLValueString($payerAddress),
		GetSQLValueString($payerCity),
		GetSQLValueString($payerState),
		GetSQLValueString($payerZip),
		GetSQLValueString($payerNumAdults),
		GetSQLValueString($payerNumChilds),
		GetSQLValueString($payerCardLast4),
		GetSQLValueString($payerCardExpM),
		GetSQLValueString($payerCardExpY),
		GetSQLValueString($payerSmall),
		GetSQLValueString($payerMedium),
		GetSQLValueString($payerLarge),
		GetSQLValueString($payerXl),
		GetSQLValueString($payer2Xl),
		GetSQLValueString($payer3Xl),
		GetSQLValueString($payerReunionDocumentary),
		GetSQLValueString($amount));
	mysql_query($sql, $RR);
Thanks
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Post by Mordred »

Can you explain, in simple terms, why do you insist to have that 30-digit monster for an id? The 4-byte (~12 digits) type INT can hold more than 4000000000 unique ids, do you expect to have more payers (lucky you ;) )? It has the added bonus that the DB will care for making it unique, which is not (theoretically) the case with your random.

$payerIdNum here looks correct, maybe something else happens in the missing code? Unless of course GetSQLValueString() garbles it in some way.
Clukey
Forum Commoner
Posts: 60
Joined: Fri Apr 21, 2006 9:05 pm

Post by Clukey »

I don't really expect that many payers, I just figured I might as well make it big, and I've never heard that there is a way to make the db care if an id number is unique, that is really what I am looking for so could you please explain how to do that? Thanks
Post Reply