PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
Moderator: General Moderators
Obadiah
Forum Regular
Posts: 580 Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:
Post
by Obadiah » Wed Dec 06, 2006 12:01 pm
im working on a small project trying to pull values from a database where the text value meets a certain value here is what i have
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
function doDB()
{
$conn = mysql_connect("#####","####","#######") or die(mysql_error());
mysql_select_db("customerdirectory",$conn) or die(mysql_error());
return $conn;
}
function locate()
{
$sql = "SELECT * FROM merchant WHERE phone_num = '{$_POST['phone_num']}'";
$result = mysql_query($sql,$conn) or die(mysql_error());
return $result;
}
$conn = doDB();
echo "Please enter a phone number:
<form action=\"locate()\">
<input type=\"text\" name=\"phone_num\">
<input type=\"submit\" name=\"submit\" value=\"Find Merchant\">
</form>";
?>
i feel dumb for asking this question but i cant for the life of me think of a way to get the function to work when someone clicks the button....lol...help please
Last edited by
Obadiah on Thu Dec 07, 2006 9:25 am, edited 1 time in total.
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Wed Dec 06, 2006 12:13 pm
First of all...
SQL INJECTION!!!!!
you need to at the
very least mysql_real_escape_string this...
Code: Select all
$sql = "SELECT * FROM merchant WHERE phone_num = '" . mysql_real_escape_string($_POST['phone_num'], $conn) . "'";
Anyway.. since it's the magical buzz-word, you could do it the ajax way, but the standard php way is like so: (something like this anyway)
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
function doDB()
{
$conn = mysql_connect("#####","####","#######") or die(mysql_error());
mysql_select_db("customerdirectory",$conn) or die(mysql_error());
return $conn;
}
function locate($number, $conn)
{
$sql = "SELECT * FROM merchant WHERE phone_num = '" . mysql_real_escape_string($number, $conn) . "'";
$result = mysql_query($sql,$conn) or die(mysql_error());
return $result;
}
$conn = doDB();
if(isset($_POST['action']) && $_POST['action'] == 'locate')
{
$result = locate($_POST['phone_num'], $conn);
// Do something with $result
}
?>
Please enter a phone number:
<form action="#">
<input type="text" name="phone_num">
<input type="hidden" name="action" value="locate">
<input type="submit" name="submit" value="Find Merchant">
</form>
PHP is server-side, so you can not magically grab a function with html like you were trying to do...
Last edited by
Luke on Wed Dec 06, 2006 1:21 pm, edited 2 times in total.
Obadiah
Forum Regular
Posts: 580 Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:
Post
by Obadiah » Wed Dec 06, 2006 12:50 pm
sorry bout the non-sanitization....but i implemented your suggestion and the gui works in all but the submit doesnt work and i get this error
Notice: Undefined index: action in C:\Program Files\merchant_locater.php on line 24
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Wed Dec 06, 2006 12:52 pm
isset() <insert generic response here>.
Luke
The Ninja Space Mod
Posts: 6424 Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA
Post
by Luke » Wed Dec 06, 2006 12:56 pm
I fixed it...
feyd
Neighborhood Spidermoddy
Posts: 31559 Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA
Post
by feyd » Wed Dec 06, 2006 12:58 pm
The Ninja Space Goat wrote: I fixed it...
parse error now.
Obadiah
Forum Regular
Posts: 580 Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:
Post
by Obadiah » Wed Dec 06, 2006 1:15 pm
feyd wrote: The Ninja Space Goat wrote: I fixed it...
parse error now.
this fixed the parses
Code: Select all
if ( isset($_POST['action']) && 'locate'===$_POST['action'] )
[edited]
the button is still dead and my else executes automatically...this is what i have thus far
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
function doDB()
{
$conn = mysql_connect("#######","####","########") or die(mysql_error());
mysql_select_db("customerdirectory",$conn) or die(mysql_error());
return $conn;
}
function locate($number, $conn)
{
$sql = "SELECT * FROM merchant WHERE phone_num = '" . mysql_real_escape_string($number, $conn) . "'";
$result = mysql_query($sql,$conn) or die(mysql_error());
return $result;
}
$conn = doDB();
echo "Please enter a phone number:
<form action="#">
<input type="text" name="phone_num">
<input type="hidden" name="action" value="locate">
<input type="button" name="submit" value="Find Merchant">
</form>";
if ( isset($_POST['action']) && 'locate'===$_POST['action'] )
{
$result = locate($_POST['phone_num'], $conn);
while ($newArray = mysql_fetch_array($result))
{
$phone_num = $newArray['phone_num'];
$merchant_num = $newArray['merchant_num'];
$date_recieved = $newArray['date_recieved'];
$merchant_name = $newArray['merchant_name'];
$purchase_type = $newArray['purchase_type'];
$lease_score = $newArray['lease_score'];
$amex = $newArray['amex'];
$app_id = $newArray['app_id'];
$discover = $newArray['discover'];
$username = $newArray['user_name'];
$check_conversion = $newArray['check_conversion'];
$gift_loyalty = $newArray['gift_loyalty'];
$app_type = $newArray['app_type'];
$terminal = $newArray['terminal'];
$serial_num = $newArray['serial_num'];
$nms = $newArray['nms'];
$ckmerchant_num = $newArray['ckmerchant_num'];
$giftmerchant_num = $newArray['giftmerchant_num'];
$comments = $newArray['comments'];
}
echo "
<center>
<table width="683">
<tr>
<td>
<table class="text" width="683" border="1" bordercolor="green">
<tr>
<td align="center">Date Received</td>
<td colspan="2" align="center">Merchant Name</td>
<td align="center">Phone Number</td>
<td align="center">Lease Score</td>
</tr>
<tr>
<td align="center" class="output">$date_recieved </td>
<td align="center" colspan="2" class="output">$merchant_name </td>
<td align="center" class="output">$phone_num </td>
<td align="center" class="output">$lease_score </td>
</tr>
<tr>
<td align="center">Application Type</td>
<td align="center">AMEX</td>
<td align="center">Discover</td>
<td align="center">Check Conversion</td>
<td align="center">Gift & Loyalty</td>
</tr>
<tr>
<td align="center" class="output">$app_type </td>
<td align="center" class="output">$amex </td>
<td align="center" class="output">$discover </td>
<td align="center" class="output">$check_conversion </td>
<td align="center" class="output">$gift_loyalty </td>
</td>
</tr>
<tr>
<td align="center">Merchant #:</td>
<td colspan="2" align="center">Ck Merchant #:</td>
<td align="center">Gift Merchant #:</td>
<td align="center">Terminal:</td>
</tr>
<tr>
<td align="center" class="output">$merchant_num </td>
<td colspan="2" align="center" class="output">$ckmerchant_num </td>
<td align="center" class="output">$giftmerchant_num </td>
<td align="center" class="output">$terminal </td>
</tr>
<tr>
<td align="center">Serial#/SiteID/TID:</td>
<td colspan="2" align="center">DL#/NMS:</td>
<td align="center">App-ID:</td>
<td align="center">L/C/R:</td>
<td bgcolor="green" rowspan="2"> </td>
</tr>
<tr>
<td align="center" class="output">$serial_num </td>
<td colspan="2" align="center" class="output">$nms </td>
<td align="center" class="output">$app_id </td>
<td align="center" class="output">$purchase_type </td>
</tr>
<tr>
<td>Comments</td>
<td class="output" colspan="3">";
echo nl2br("$comments");
echo "
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgcolor="green" colspan="12"> </td>
</tr>
</table>";
}
else
{
echo "nothing to display";
}
?>
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Wed Dec 06, 2006 1:37 pm
Try this, see if it does anything different..
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
function doDB()
{
$conn = mysql_connect("#######","####","########") or die(mysql_error());
mysql_select_db("customerdirectory",$conn) or die(mysql_error());
return $conn;
}
function locate($number, $conn)
{
$sql = "SELECT * FROM merchant WHERE phone_num = '" . mysql_real_escape_string($number, $conn) . "'";
$result = mysql_query($sql,$conn) or die(mysql_error());
return $result;
}
$conn = doDB();
echo 'Please enter a phone number:
<form method="post" action="' . basename($_SERVER[SCRIPT_FILENAME]) . '">
<input type="text" name="phone_num">
<input type="hidden" name="action" value="locate">
<input type="button" name="submit" value="Find Merchant">
</form>';
if ( isset($_POST['action']) && 'locate' === $_POST['action'] )
{
$result = locate($_POST['phone_num'], $conn);
while ($newArray = mysql_fetch_array($result))
{
$phone_num = $newArray['phone_num'];
$merchant_num = $newArray['merchant_num'];
$date_recieved = $newArray['date_recieved'];
$merchant_name = $newArray['merchant_name'];
$purchase_type = $newArray['purchase_type'];
$lease_score = $newArray['lease_score'];
$amex = $newArray['amex'];
$app_id = $newArray['app_id'];
$discover = $newArray['discover'];
$username = $newArray['user_name'];
$check_conversion = $newArray['check_conversion'];
$gift_loyalty = $newArray['gift_loyalty'];
$app_type = $newArray['app_type'];
$terminal = $newArray['terminal'];
$serial_num = $newArray['serial_num'];
$nms = $newArray['nms'];
$ckmerchant_num = $newArray['ckmerchant_num'];
$giftmerchant_num = $newArray['giftmerchant_num'];
$comments = $newArray['comments'];
}
echo '<center>
<table width="683">
<tr>
<td>
<table class="text" width="683" border="1" bordercolor="green">
<tr>
<td align="center">Date Received</td>
<td colspan="2" align="center">Merchant Name</td>
<td align="center">Phone Number</td>
<td align="center">Lease Score</td>
</tr>
<tr>
<td align="center" class="output">' . $date_recieved . ' </td>
<td align="center" colspan="2" class="output">' . $merchant_name . ' </td>
<td align="center" class="output">' . $phone_num . ' </td>
<td align="center" class="output">' . $lease_score . ' </td>
</tr>
<tr>
<td align="center">Application Type</td>
<td align="center">AMEX</td>
<td align="center">Discover</td>
<td align="center">Check Conversion</td>
<td align="center">Gift & Loyalty</td>
</tr>
<tr>
<td align="center" class="output">' . $app_type . ' </td>
<td align="center" class="output">' . $amex . ' </td>
<td align="center" class="output">' . $discover . ' </td>
<td align="center" class="output">' . $check_conversion . ' </td>
<td align="center" class="output">' . $gift_loyalty . ' </td>
</td>
</tr>
<tr>
<td align="center">Merchant #:</td>
<td colspan="2" align="center">Ck Merchant #:</td>
<td align="center">Gift Merchant #:</td>
<td align="center">Terminal:</td>
</tr>
<tr>
<td align="center" class="output">' . $merchant_num . ' </td>
<td colspan="2" align="center" class="output">' . $ckmerchant_num . ' </td>
<td align="center" class="output">' . $giftmerchant_num . ' </td>
<td align="center" class="output">' . $terminal . ' </td>
</tr>
<tr>
<td align="center">Serial#/SiteID/TID:</td>
<td colspan="2" align="center">DL#/NMS:</td>
<td align="center">App-ID:</td>
<td align="center">L/C/R:</td>
<td bgcolor="green" rowspan="2"> </td>
</tr>
<tr>
<td align="center" class="output">' . $serial_num . ' </td>
<td colspan="2" align="center" class="output">' . $nms . ' </td>
<td align="center" class="output">' . $app_id . ' </td>
<td align="center" class="output">' . $purchase_type . ' </td>
</tr>
<tr>
<td>Comments</td>
<td class="output" colspan="3">';
echo nl2br($comments);
echo ' </td>
</tr>
</table>
</td>
</tr>
<tr>
<td bgcolor="green" colspan="12"> </td>
</tr>
</table>';
}
else
{
echo "nothing to display";
}
?>
Obadiah
Forum Regular
Posts: 580 Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:
Post
by Obadiah » Wed Dec 06, 2006 1:47 pm
the else still executes automatically and it gives me this as an error
Notice: Use of undefined constant SCRIPT_FILENAME - assumed 'SCRIPT_FILENAME' in C:\Program Files\merchant_locater.php on line 22
i took
Code: Select all
<form method="post" action="' . basename($_SERVER[SCRIPT_FILENAME]) . '">
and changed it to this
Code: Select all
<form method="post" action="' . basename($_SERVER['merchant_locater.php']) . '">
because i figured it you ment to place the name of the actual scriptname or the current file bad move i guess now it gives me
Notice: Undefined index: merchant_locator.php in C:\Program Files\merchant_locater.php on line 22
and the darn button is still being stubborn and not wanting to work at all
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Wed Dec 06, 2006 2:17 pm
Put single quotes around 'SCRIPT_FILENAME' then reload the page.
Obadiah
Forum Regular
Posts: 580 Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:
Post
by Obadiah » Wed Dec 06, 2006 2:33 pm
sweet! that removed the error...but the button isnt performing the search...it still acts as though there is no code for it at all
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Wed Dec 06, 2006 3:10 pm
Make you button a submit. Change
Code: Select all
<input type="button" name="submit" value="Find Merchant">
to
Code: Select all
<input type="submit" name="submit" value="Find Merchant">
Obadiah
Forum Regular
Posts: 580 Joined: Mon Jul 31, 2006 9:13 am
Location: Ashland, KY
Contact:
Post
by Obadiah » Wed Dec 06, 2006 3:23 pm
everah....your a genius...thanks mann:)
much thanks to feyd and space also
John Cartwright
Site Admin
Posts: 11470 Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:
Post
by John Cartwright » Wed Dec 06, 2006 3:32 pm
look carefully at which parameters you are passing mysql_real_escape_string()
RobertGonzalez
Site Administrator
Posts: 14293 Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA
Post
by RobertGonzalez » Wed Dec 06, 2006 3:43 pm
It looks like he's passing the phone number and the connection id, no?