Page 1 of 1

die() preveting sql query from being executed

Posted: Wed Oct 04, 2006 3:21 pm
by salmanraza
Hi,

-IDEAL SCENARIO-

I have some php code that takes user input from a form's "select" menu and sends the value selected to a mysql DB using an "insert" query. The list of values that the user selects, itself is pulled from the DB. The value that the user selects is shown to them in a popup window. The php code for inserting the selected value into the DB is in the popup. Once the insert query is done, the popup window refreshes its calling "opener" window and closes itself, and the user is back to the place where they clicked the "add" button and the newly added values are shown on this place. If the user want to add another value, the process is repeated...

For removing any of the value(s) from this same list of values which is populated using the above mentioned scenario, the user has the option of using "check boxes" on the form. The user ticks all the boxes next to the values that they want deleted and clicks the "Remove" button. The PHP then cycles through all the selected values and deletes them one by one using a "delete" query.

The user can add or remove values as many times as wanted, as described above.

-PROBLEM-

STEPS:

1-The user clicks the add button
-> show popup.

Code: Select all

<input name="btn_addu2lec" type="button" id="btn_addu2lec" onclick="show_popup('assign_u2lec_pop.php?lecid=<?php echo $LECID;?>','assgnu2lecPop')" value="    Add    " />


2-The user selects the required value from the drop down list, clicks add on the popup window

- > insert query executed, values added to the DB(confirmed from mysql command line prompt "mysql> select * from table", and the value is there).

Code: Select all

$result = @mysql_query("insert into R_LECR_UNIT (LECR_ID,UNIT_ID) values('$LECID','$_GET[select]')");

->The calling parent window refreshed and the popup is closed

Code: Select all

die("<script>window.opener.location.reload();window.opener.scroll(20,20);window.close();</script>");
3- The user selects the just added value and clicks remove, the selected value is deleted from the DB using a delete query


4- The user selects the same value again(the one they just deleted in step-3) to add from the list by repeating step 1 and 2, but the value does not insert into the DB

5- The user selects another value and clicks remove, it is removed

6- Now the user tries to add the same value which they removed in step-3 and tried to add again in step-4 - now it WORKS!. The only difference factor being another value was deleted first (in step-5), other wise it doesnt work as in step 4.


The code

Code: Select all

<?php 
include("DBheader.php"); 

$LECID = $_GET['lecid'];





?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Assign Unit Administration Overhead</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />



</head>

<?php
if ($_GET['assignUnit'] == 'Assign')
{

$result = @mysql_query("insert into R_LECR_UNIT (LECR_ID,UNIT_ID) values('$LECID','$_GET[select]')");

if (!$result)
{
die("<p> Error in insert : " . mysql_error() . "</p>");
}
else
{

die("<script>window.opener.location.reload();window.opener.scroll(20,20);window.close();</script>");


}

}

else

{

?>

<body>
<form name="form1" id="form1" method="get" action="assign_u2lec_pop.php" onSubmit="return check_unit_exist()">
<?php echo "<input type='hidden' name='lecid' value='$LECID' />"; ?>

  <table width="100%" border="1" bordercolor="#0000CC">
    <tr>
	
<?php
$qrylec_name = @mysql_query("select FIRST_NAME,LAST_NAME from LECTURER where LECR_ID='$LECID'");


if (!$qrylec_name)
{
die("<p> Error in retrieving Lecturer name : " . mysql_error() . "</p>");
}


$lec_name = mysql_fetch_array($qrylec_name);

?>	
      <td>Unit Assignment for <strong><?php echo $lec_name[FIRST_NAME] . " " . $lec_name[LAST_NAME]; ?></strong> 
      </td>
    </tr>
    <tr>
      <td><table width="100%" border="0">
          <tr>
            <td><table width="100%" border="0">
                <tr>
                  <td width="8%">Select Unit</td>
                  <td width="16%"><select name="select">
<?php				  
	$qry_units = 	@mysql_query("select * from UNITS");
if (!$qry_units)
{
die("<p> Error in retrieving Units : " . mysql_error() . "</p>");
}	

while($row = mysql_fetch_array($qry_units))
{
echo "
			  
                      <option value='$row[UNIT_ID]'>$row[UNIT_NAME]</option>
                      
					  ";
}					  
?>					  
                    </select></td>
                  <td width="76%">&nbsp;</td>
                </tr>
              </table></td>
          </tr>
          <tr>
            <td><table width="100%" border="0">
                <tr>
                  <td width="45%"><div align="right">
                      <input name="assignUnit" type="submit" id="assignUnit" value="Assign" />
                    </div></td>
                  <td width="55%"><input type="button" name="cancel" value="Cancel" onClick="window.close();"/></td>
                </tr>
              </table></td>
          </tr>
        </table></td>
    </tr>
  </table>
</form>
</body>
</html>

<?php } 

?>

The only thing that makes it work is when the following line is removed

Code: Select all

die("<script>window.opener.location.reload();window.opener.scroll(20,20);window.close();</script>");

but this causes the system not to refresh the calling parent window, to show the updated values in the list and close the popup window, which is the core requirement.

It was working fine a couple of days back, and the only change done was changing the datatype of a column in the MySQL DB from and 'int' to a 'varchar'. This is the LECR_ID column and the corresponding changes as required in the PHP code were done. I dont see the relation between this change and the problem, but thats only me, thought ill mention it here.

Any help will be highly highly appreciated.

Thanks in advance

Salman

Posted: Fri Oct 06, 2006 1:36 am
by RobertGonzalez
Moved to PHP - Code.

die() kills script execution at the moment the call is interpreted. Is that what you want? Also, you should lose the error suppression ('@') and do some isset() checking on your $_GET vars.

Done as suggested.

Posted: Fri Oct 06, 2006 3:45 am
by salmanraza
Hi Everah,

Thank you so much for your time. Yes that's what i want, the script dies and control goes to the browser javascript via tha <script> tags, the caller window of the popup refreshes and the popup itself closes. All this was working fine, until i changed the data type as mentioned in the post.

Quote -> "It was working fine a couple of days back, and the only change done was changing the datatype of a column in the MySQL DB from and 'int' to a 'varchar'. This is the LECR_ID column and the corresponding changes as required in the PHP code were done".

The query is well before the die() and it should execute ideally. I have checked the $_GET vars by echoing them and without the @ also, all seems to be in order as expected regarding the values of the vars. Removing the die() works, the query updates the DB, but other functionality of refreshing and closing is compromised. Also doesnt work when the die in that particular line is replaced with "exit()" or "echo". The problem persists - the values dont enter the DB when the particular record is removed and re-added again. I was wondering is it possible that it is a server side issue?, like the admin changed some config for PHP or some service regarding PHP has hanged or something. It is a university server.

I had one of the senior research students look at this, he was baffled too. The new thing that he discovered regarding this problem was, when testing using two different browsers on 2 different machines. If you remove the record on one machine and add the same one again it doesnt work. Now, start again, remove the record from one machine and add it from the other machine, works perfect. Also on the same machine, delete the record, close the browser, open it again go to the same page and add the same record, it works. So weird. Tested with opera, IE and firefox, same problem persists. Target browser is firefox.

Any ideas?.

Thanks again for the reply :D


Salman

Posted: Fri Oct 06, 2006 4:18 am
by RobertGonzalez
I was looking through the code a little closer, and it looks like on the first insert query, you are error checking the query, and on success, you are using die() to try to pop open a window. See if this does anything to help the code...

Code: Select all

<?php
// Include the DB code
include("DBheader.php");

/*
    Setting a var to a $_GET val that doesn't exist could lead to problems
	To try to counter this, set it conditionally
*/
$LECID = ( isset($_GET['lecid']) ) ? $_GET['lecid'] : null;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Assign Unit Administration Overhead</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>

<?php
// This evaluates to true if the query string var assignUnit is 'Assign'
if ($_GET['assignUnit'] == 'Assign')
{
    if (!$result = mysql_query("insert into R_LECR_UNIT (LECR_ID,UNIT_ID) values ('$LECID','{$_GET[select]}')"))
    {
	    // Error trap the query result
        die('<p> Error in insert : ' . mysql_error() . '</p>');
    }
    else
    {
	    // This assumes the insert query worked, so now try to pop open a window
        echo '<script>window.opener.location.reload();window.opener.scroll(20,20);window.close();</script>';
    }
}
else
{
    // Yaddah...
?>