Syntax error NEED HELP! (Still Need Help! [SERIOUSLY!])

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

zain1992
Forum Newbie
Posts: 15
Joined: Thu Oct 26, 2006 3:10 pm

Syntax error NEED HELP! (Still Need Help! [SERIOUSLY!])

Post by zain1992 »

Hello everybody. I am using this PHP Code generator thingy and i generated a PHP file that edits the MySQL Table. I changed it pu a bit so it can edit any Table i want it to using POST Method. So basically i input the name of the table and it edits that particular Table. this is the error i keep getting:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
. so if anyone can take a look at this please that would be great.

So here is the original code:

Code: Select all

<? session_start(); ?>
<html>
<head>
<title>qfq -- iahkhi</title>
<meta name="generator" content="text/html">
<style type="text/css">
  body {
    background-color: #FFFFFF;
    color: #004080;
    font-family: Arial;
    font-size: 12px;
  }
  .bd {
    background-color: #FFFFFF;
    color: #004080;
    font-family: Arial;
    font-size: 12px;
  }
  .tbl {
    background-color: #FFFFFF;
  }
  a:link { 
    color: #FF0000;
    font-family: Arial;
    font-size: 12px;
  }
  a:active { 
    color: #0000FF;
    font-family: Arial;
    font-size: 12px;
  }
  a:visited { 
    color: #800080;
    font-family: Arial;
    font-size: 12px;
  }
  .hr {
    background-color: #336699;
    color: #FFFFFF;
    font-family: Arial;
    font-size: 12px;
  }
  a.hr:link {
    color: #FFFFFF;
    font-family: Arial;
    font-size: 12px;
  }
  a.hr:active {
    color: #FFFFFF;
    font-family: Arial;
    font-size: 12px;
  }
  a.hr:visited {
    color: #FFFFFF;
    font-family: Arial;
    font-size: 12px;
  }
  .dr {
    background-color: #FFFFFF;
    color: #000000;
    font-family: Arial;
    font-size: 12px;
  }
  .sr {
    background-color: #FFFFCF;
    color: #000000;
    font-family: Arial;
    font-size: 12px;
  }
</style>
</head>
<body>
<table class="bd" width="100%"><tr><td class="hr"><h2>PHP Generator</h2></td></tr></table>
<?
  $conn = connect();
  $showrecs = 20;
  $pagerange = 10;

  $a = @$_GET["a"];
  $recid = @$_GET["recid"];
  if (isset($_GET["order"])) $order = @$_GET["order"];
  if (isset($_GET["type"])) $ordtype = @$_GET["type"];

  if (isset($_POST["filter"])) $filter = @$_POST["filter"];
  if (isset($_POST["filter_field"])) $filterfield = @$_POST["filter_field"];
  $wholeonly = false;
  if (isset($_POST["wholeonly"])) $wholeonly = @$_POST["wholeonly"];

  if (!isset($order) && isset($_SESSION["order"])) $order = $_SESSION["order"];
  if (!isset($ordtype) && isset($_SESSION["type"])) $ordtype = $_SESSION["type"];
  if (!isset($filter) && isset($_SESSION["filter"])) $filter = $_SESSION["filter"];
  if (!isset($filterfield) && isset($_SESSION["filter_field"])) $filterfield = $_SESSION["filter_field"];

  $page = @$_GET["page"];
  if (!isset($page)) $page = 1;

  $sql = @$_POST["sql"];

  switch ($sql) {
    case "insert":
      sql_insert();
      break;
    case "update":
      sql_update();
      break;
    case "delete":
      sql_delete();
      break;
  }

  switch ($a) {
    case "add":
      addrec();
      break;
    case "view":
      viewrec($recid);
      break;
    case "edit":
      editrec($recid);
      break;
    case "del":
      deleterec($recid);
      break;
    default:
      select();
      break;
  }

  if (isset($order)) $_SESSION["order"] = $order;
  if (isset($ordtype)) $_SESSION["type"] = $ordtype;
  if (isset($filter)) $_SESSION["filter"] = $filter;
  if (isset($filterfield)) $_SESSION["filter_field"] = $filterfield;
  if (isset($wholeonly)) $_SESSION["wholeonly"] = $wholeonly;

  mysql_close($conn);
?>
<table class="bd" width="100%"><tr><td class="hr">http://www.sqlmaestro.com/products/mysql/phpgenerator/</td></tr></table>
</body>
</html>

<? function select()
  {
  global $a;
  global $showrecs;
  global $page;
  global $filter;
  global $filterfield;
  global $wholeonly;
  global $order;
  global $ordtype;


  if ($a == "reset") {
    $filter = "";
    $filterfield = "";
    $wholeonly = "";
    $order = "";
    $ordtype = "";
  }

  $checkstr = "";
  if ($wholeonly) $checkstr = " checked";
  if ($ordtype == "asc") { $ordtypestr = "desc"; } else { $ordtypestr = "asc"; }
  $res = sql_select();
  $count = sql_getrecordcount();
  if ($count % $showrecs != 0) {
    $pagecount = intval($count / $showrecs) + 1;
  }
  else {
    $pagecount = intval($count / $showrecs);
  }
  $startrec = $showrecs * ($page - 1);
  if ($startrec < $count) {mysql_data_seek($res, $startrec);}
  $reccount = min($showrecs * $page, $count);
  $fields = array(
    "AirLine" => "AirLine",
    "Class" => "Class",
    "AdtPrice" => "AdtPrice",
    "chdPrice" => "chdPrice",
    "InfPrice" => "InfPrice",
    "MaxStay" => "MaxStay",
    "MinStay" => "MinStay",
    "Rules" => "Rules",
    "TktBy" => "TktBy",
    "Chg" => "Chg",
    "Can" => "Can",
    "TrvlBetweena" => "TrvlBetweena",
    "TrvlBetweenb" => "TrvlBetweenb");
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr><td>Table: iahkhi</td></tr>
<tr><td>Records shown <? echo $startrec + 1 ?> - <? echo $reccount ?> of <? echo $count ?></td></tr>
</table>
<hr size="1" noshade>
<form action="iahkhi.php" method="post">
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><b>Custom Filter</b>&nbsp;</td>
<td><input type="text" name="filter" value="<? echo $filter ?>"></td>
<td><select name="filter_field">
<option value="">All Fields</option>
<?
  reset($fields);
  foreach($fields as $val => $caption) {
    if ($val == $filterfield) {$selstr = " selected"; } else {$selstr = ""; }
?>
<option value="<? echo $val ?>"<? echo $selstr ?>><? echo htmlspecialchars($caption) ?></option>
<? } ?>
</select></td>
<td><input type="checkbox" name="wholeonly"<? echo $checkstr ?>>Whole words only</td>
</td></tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="action" value="Apply Filter"></td>
<td><a href="iahkhi.php?a=reset">Reset Filter</a></td>
</tr>
</table>
</form>
<hr size="1" noshade>
<? showpagenav($page, $pagecount); ?>
<br>
<table class="tbl" border="0" cellspacing="1" cellpadding="5"width="100%">
<tr>
<?
  reset($fields);
  foreach($fields as $val => $caption) {
?>
<td class="hr"><a class="hr" href="iahkhi.php?order=<? echo $val ?>&type=<? echo $ordtypestr ?>"><? echo htmlspecialchars($caption) ?></a></td>
<? } ?>
<td class="hr">&nbsp;</td>
<td class="hr">&nbsp;</td>
<td class="hr">&nbsp;</td>
</tr>
<?
  for ($i = $startrec; $i < $reccount; $i++)
  {
    $row = mysql_fetch_assoc($res);
    $style = "dr";
    if ($i % 2 != 0) {
      $style = "sr";
    }
?>
<tr>
<?
  reset($fields);
  foreach($fields as $val => $caption) {
?>
<td class="<? echo $style ?>"><? echo htmlspecialchars($row[$val]) ?></td>
<? } ?>
<td class="<? echo $style ?>"><a href="iahkhi.php?a=view&recid=<? echo $i ?>">View</a></td>
<td class="<? echo $style ?>"><a href="iahkhi.php?a=edit&recid=<? echo $i ?>">Edit</a></td>
<td class="<? echo $style ?>"><a href="iahkhi.php?a=del&recid=<? echo $i ?>">Delete</a></td>
</tr>
<?
  }
  mysql_free_result($res);
?>
</table>
<br>
<? showpagenav($page, $pagecount); ?>
<? } ?>

<? function showrow($row)
  {
?>
<table class="tbl" border="0" cellspacing="1" cellpadding="5"width="50%">
<tr>
<td class="hr"><? echo htmlspecialchars("AirLine")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["AirLine"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Class")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["Class"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("AdtPrice")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["AdtPrice"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("chdPrice")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["chdPrice"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("InfPrice")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["InfPrice"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("MaxStay")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["MaxStay"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("MinStay")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["MinStay"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Rules")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["Rules"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TktBy")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["TktBy"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Chg")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["Chg"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Can")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["Can"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TrvlBetweena")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["TrvlBetweena"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TrvlBetweenb")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["TrvlBetweenb"]) ?></td>
</tr>
</table>
<? } ?>

<? function showroweditor($row)
  {
  global $conn;
?>
<table class="tbl" border="0" cellspacing="1" cellpadding="5"width="50%">
<tr>
<td class="hr"><? echo htmlspecialchars("AirLine")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="AirLine" maxlength="15" value="<? echo str_replace('"', '"', trim($row["AirLine"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Class")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="Class" maxlength="15" value="<? echo str_replace('"', '"', trim($row["Class"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("AdtPrice")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="AdtPrice" value="<? echo str_replace('"', '"', trim($row["AdtPrice"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("chdPrice")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="chdPrice" value="<? echo str_replace('"', '"', trim($row["chdPrice"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("InfPrice")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="InfPrice" value="<? echo str_replace('"', '"', trim($row["InfPrice"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("MaxStay")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="MaxStay" maxlength="3" value="<? echo str_replace('"', '"', trim($row["MaxStay"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("MinStay")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="MinStay" maxlength="3" value="<? echo str_replace('"', '"', trim($row["MinStay"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Rules")."&nbsp;" ?></td>
<td class="dr"><textarea cols="35" rows="4" name="Rules" maxlength="100"><? echo str_replace('"', '"', trim($row["Rules"])) ?></textarea></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TktBy")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="TktBy" maxlength="10" value="<? echo str_replace('"', '"', trim($row["TktBy"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Chg")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="Chg" value="<? echo str_replace('"', '"', trim($row["Chg"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Can")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="Can" value="<? echo str_replace('"', '"', trim($row["Can"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TrvlBetweena")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="TrvlBetweena" maxlength="11" value="<? echo str_replace('"', '"', trim($row["TrvlBetweena"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TrvlBetweenb")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="TrvlBetweenb" maxlength="11" value="<? echo str_replace('"', '"', trim($row["TrvlBetweenb"])) ?>"></td>
</tr>
</table>
<? } ?>

<? function showpagenav($page, $pagecount)
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="iahkhi.php?a=add">Add Record</a>&nbsp;</td>
<? if ($page > 1) { ?>
<td><a href="iahkhi.php?page=<? echo $page - 1 ?>"><<&nbsp;Prev</a>&nbsp;</td>
<? } ?>
<?
  global $pagerange;

  if ($pagecount > 1) {

  if ($pagecount % $pagerange != 0) {
    $rangecount = intval($pagecount / $pagerange) + 1;
  }
  else {
    $rangecount = intval($pagecount / $pagerange);
  }
  for ($i = 1; $i < $rangecount + 1; $i++) {
    $startpage = (($i - 1) * $pagerange) + 1;
    $count = min($i * $pagerange, $pagecount);

    if ((($page >= $startpage) && ($page <= ($i * $pagerange)))) {
      for ($j = $startpage; $j < $count + 1; $j++) {
        if ($j == $page) {
?>
<td><b><? echo $j ?></b></td>
<? } else { ?>
<td><a href="iahkhi.php?page=<? echo $j ?>"><? echo $j ?></a></td>
<? } } } else { ?>
<td><a href="iahkhi.php?page=<? echo $startpage ?>"><? echo $startpage ."..." .$count ?></a></td>
<? } } } ?>
<? if ($page < $pagecount) { ?>
<td>&nbsp;<a href="iahkhi.php?page=<? echo $page + 1 ?>">Next&nbsp;>></a>&nbsp;</td>
<? } ?>
</tr>
</table>
<? } ?>

<? function showrecnav($a, $recid, $count)
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="iahkhi.php">Index Page</a></td>
<? if ($recid > 0) { ?>
<td><a href="iahkhi.php?a=<? echo $a ?>&recid=<? echo $recid - 1 ?>">Prior Record</a></td>
<? } if ($recid < $count) { ?>
<td><a href="iahkhi.php?a=<? echo $a ?>&recid=<? echo $recid + 1 ?>">Next Record</a></td>
<? } ?>
</tr>
</table>
<hr size="1" noshade>
<? } ?>

<? function addrec()
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="iahkhi.php">Index Page</a></td>
</tr>
</table>
<hr size="1" noshade>
<form action="iahkhi.php" method="post">
<p><input type="hidden" name="sql" value="insert"></p>
<?
$row = array(
  "AirLine" => "",
  "Class" => "",
  "AdtPrice" => "",
  "chdPrice" => "",
  "InfPrice" => "",
  "MaxStay" => "",
  "MinStay" => "",
  "Rules" => "",
  "TktBy" => "",
  "Chg" => "",
  "Can" => "",
  "TrvlBetweena" => "",
  "TrvlBetweenb" => "");
showroweditor($row)
?>
<p><input type="submit" name="action" value="Post"></p>
</form>
<? } ?>

<? function viewrec($recid)
{
  $res = sql_select();
  $count = sql_getrecordcount();
  mysql_data_seek($res, $recid);
  $row = mysql_fetch_assoc($res);
  showrecnav("view", $recid, $count);
?>
<br>
<? showrow($row) ?>
<br>
<hr size="1" noshade>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="iahkhi.php?a=add">Add Record</a></td>
<td><a href="iahkhi.php?a=edit&recid=<? echo $recid ?>">Edit Record</a></td>
<td><a href="iahkhi.php?a=del&recid=<? echo $recid ?>">Delete Record</a></td>
</tr>
</table>
<?
  mysql_free_result($res);
} ?>

<? function editrec($recid)
{
  $res = sql_select();
  $count = sql_getrecordcount();
  mysql_data_seek($res, $recid);
  $row = mysql_fetch_assoc($res);
  showrecnav("edit", $recid, $count);
?>
<br>
<form action="iahkhi.php" method="post">
<input type="hidden" name="sql" value="update">
<input type="hidden" name="xAirLine" value="<? echo $row["AirLine"] ?>">
<input type="hidden" name="xClass" value="<? echo $row["Class"] ?>">
<input type="hidden" name="xAdtPrice" value="<? echo $row["AdtPrice"] ?>">
<input type="hidden" name="xchdPrice" value="<? echo $row["chdPrice"] ?>">
<input type="hidden" name="xInfPrice" value="<? echo $row["InfPrice"] ?>">
<input type="hidden" name="xMaxStay" value="<? echo $row["MaxStay"] ?>">
<input type="hidden" name="xMinStay" value="<? echo $row["MinStay"] ?>">
<input type="hidden" name="xRules" value="<? echo $row["Rules"] ?>">
<input type="hidden" name="xTktBy" value="<? echo $row["TktBy"] ?>">
<input type="hidden" name="xChg" value="<? echo $row["Chg"] ?>">
<input type="hidden" name="xCan" value="<? echo $row["Can"] ?>">
<input type="hidden" name="xTrvlBetweena" value="<? echo $row["TrvlBetweena"] ?>">
<input type="hidden" name="xTrvlBetweenb" value="<? echo $row["TrvlBetweenb"] ?>">
<? showroweditor($row) ?>
<p><input type="submit" name="action" value="Post"></p>
</form>
<?
  mysql_free_result($res);
} ?>

<? function deleterec($recid)
{
  $res = sql_select();
  $count = sql_getrecordcount();
  mysql_data_seek($res, $recid);
  $row = mysql_fetch_assoc($res);
  showrecnav("del", $recid, $count);
?>
<br>
<form action="iahkhi.php" method="post">
<input type="hidden" name="sql" value="delete">
<input type="hidden" name="xAirLine" value="<? echo $row["AirLine"] ?>">
<input type="hidden" name="xClass" value="<? echo $row["Class"] ?>">
<input type="hidden" name="xAdtPrice" value="<? echo $row["AdtPrice"] ?>">
<input type="hidden" name="xchdPrice" value="<? echo $row["chdPrice"] ?>">
<input type="hidden" name="xInfPrice" value="<? echo $row["InfPrice"] ?>">
<input type="hidden" name="xMaxStay" value="<? echo $row["MaxStay"] ?>">
<input type="hidden" name="xMinStay" value="<? echo $row["MinStay"] ?>">
<input type="hidden" name="xRules" value="<? echo $row["Rules"] ?>">
<input type="hidden" name="xTktBy" value="<? echo $row["TktBy"] ?>">
<input type="hidden" name="xChg" value="<? echo $row["Chg"] ?>">
<input type="hidden" name="xCan" value="<? echo $row["Can"] ?>">
<input type="hidden" name="xTrvlBetweena" value="<? echo $row["TrvlBetweena"] ?>">
<input type="hidden" name="xTrvlBetweenb" value="<? echo $row["TrvlBetweenb"] ?>">
<? showrow($row) ?>
<p><input type="submit" name="action" value="Confirm"></p>
</form>
<?
  mysql_free_result($res);
} ?>

<? function connect()
{
  $conn = mysql_connect("localhost", "root", "ookerate");
  mysql_select_db("qfq");
  return $conn;
}

function sqlvalue($val, $quote)
{
  if ($quote)
    $tmp = sqlstr($val);
  else
    $tmp = $val;
  if ($tmp == "")
    $tmp = "NULL";
  elseif ($quote)
    $tmp = "'".$tmp."'";
  return $tmp;
}

function sqlstr($val)
{
  return str_replace("'", "''", $val);
}

function sql_select()
{
  global $conn;
  global $order;
  global $ordtype;
  global $filter;
  global $filterfield;
  global $wholeonly;

  $filterstr = sqlstr($filter);
  if (!$wholeonly && isset($wholeonly) && $filterstr!='') $filterstr = "%" .$filterstr ."%";
  $sql = "select `AirLine`, `Class`, `AdtPrice`, `chdPrice`, `InfPrice`, `MaxStay`, `MinStay`, `Rules`, `TktBy`, `Chg`, `Can`, `TrvlBetweena`, `TrvlBetweenb` from `iahkhi`";
  if (isset($filterstr) && $filterstr!='' && isset($filterfield) && $filterfield!='') {
    $sql .= " where " .sqlstr($filterfield) ." like '" .$filterstr ."'";
  } elseif (isset($filterstr) && $filterstr!='') {
    $sql .= " where (`AirLine` like '" .$filterstr ."') or (`Class` like '" .$filterstr ."') or (`AdtPrice` like '" .$filterstr ."') or (`chdPrice` like '" .$filterstr ."') or (`InfPrice` like '" .$filterstr ."') or (`MaxStay` like '" .$filterstr ."') or (`MinStay` like '" .$filterstr ."') or (`Rules` like '" .$filterstr ."') or (`TktBy` like '" .$filterstr ."') or (`Chg` like '" .$filterstr ."') or (`Can` like '" .$filterstr ."') or (`TrvlBetweena` like '" .$filterstr ."') or (`TrvlBetweenb` like '" .$filterstr ."')";
  }
  if (isset($order) && $order!='') $sql .= " order by \"" .sqlstr($order) ."\"";
  if (isset($ordtype) && $ordtype!='') $sql .= " " .sqlstr($ordtype);
  $res = mysql_query($sql, $conn) or die(mysql_error());
  return $res;
}

function sql_getrecordcount()
{
  global $conn;
  global $order;
  global $ordtype;
  global $filter;
  global $filterfield;
  global $wholeonly;

  $filterstr = sqlstr($filter);
  if (!$wholeonly && isset($wholeonly) && $filterstr!='') $filterstr = "%" .$filterstr ."%";
  $sql = "select count(*) from `iahkhi`";
  if (isset($filterstr) && $filterstr!='' && isset($filterfield) && $filterfield!='') {
    $sql .= " where " .sqlstr($filterfield) ." like '" .$filterstr ."'";
  } elseif (isset($filterstr) && $filterstr!='') {
    $sql .= " where (`AirLine` like '" .$filterstr ."') or (`Class` like '" .$filterstr ."') or (`AdtPrice` like '" .$filterstr ."') or (`chdPrice` like '" .$filterstr ."') or (`InfPrice` like '" .$filterstr ."') or (`MaxStay` like '" .$filterstr ."') or (`MinStay` like '" .$filterstr ."') or (`Rules` like '" .$filterstr ."') or (`TktBy` like '" .$filterstr ."') or (`Chg` like '" .$filterstr ."') or (`Can` like '" .$filterstr ."') or (`TrvlBetweena` like '" .$filterstr ."') or (`TrvlBetweenb` like '" .$filterstr ."')";
  }
  $res = mysql_query($sql, $conn) or die(mysql_error());
  $row = mysql_fetch_assoc($res);
  reset($row);
  return current($row);
}

function sql_insert()
{
  global $conn;
  global $_POST;

  $sql = "insert into `iahkhi` (`AirLine`, `Class`, `AdtPrice`, `chdPrice`, `InfPrice`, `MaxStay`, `MinStay`, `Rules`, `TktBy`, `Chg`, `Can`, `TrvlBetweena`, `TrvlBetweenb`) values (" .sqlvalue(@$_POST["AirLine"], true) .", " .sqlvalue(@$_POST["Class"], true) .", " .sqlvalue(@$_POST["AdtPrice"], false) .", " .sqlvalue(@$_POST["chdPrice"], false) .", " .sqlvalue(@$_POST["InfPrice"], false) .", " .sqlvalue(@$_POST["MaxStay"], true) .", " .sqlvalue(@$_POST["MinStay"], true) .", " .sqlvalue(@$_POST["Rules"], true) .", " .sqlvalue(@$_POST["TktBy"], true) .", " .sqlvalue(@$_POST["Chg"], false) .", " .sqlvalue(@$_POST["Can"], false) .", " .sqlvalue(@$_POST["TrvlBetweena"], true) .", " .sqlvalue(@$_POST["TrvlBetweenb"], true) .")";
  mysql_query($sql, $conn) or die(mysql_error());
}

function sql_update()
{
  global $conn;
  global $_POST;

  $sql = "update `iahkhi` set `AirLine`=" .sqlvalue(@$_POST["AirLine"], true) .", `Class`=" .sqlvalue(@$_POST["Class"], true) .", `AdtPrice`=" .sqlvalue(@$_POST["AdtPrice"], false) .", `chdPrice`=" .sqlvalue(@$_POST["chdPrice"], false) .", `InfPrice`=" .sqlvalue(@$_POST["InfPrice"], false) .", `MaxStay`=" .sqlvalue(@$_POST["MaxStay"], true) .", `MinStay`=" .sqlvalue(@$_POST["MinStay"], true) .", `Rules`=" .sqlvalue(@$_POST["Rules"], true) .", `TktBy`=" .sqlvalue(@$_POST["TktBy"], true) .", `Chg`=" .sqlvalue(@$_POST["Chg"], false) .", `Can`=" .sqlvalue(@$_POST["Can"], false) .", `TrvlBetweena`=" .sqlvalue(@$_POST["TrvlBetweena"], true) .", `TrvlBetweenb`=" .sqlvalue(@$_POST["TrvlBetweenb"], true) ." where " ."(`AirLine`=" .sqlvalue(@$_POST["xAirLine"], true) .") and (`Class`=" .sqlvalue(@$_POST["xClass"], true) .") and (`AdtPrice`=" .sqlvalue(@$_POST["xAdtPrice"], false) .") and (`chdPrice`=" .sqlvalue(@$_POST["xchdPrice"], false) .") and (`InfPrice`=" .sqlvalue(@$_POST["xInfPrice"], false) .") and (`MaxStay`=" .sqlvalue(@$_POST["xMaxStay"], true) .") and (`MinStay`=" .sqlvalue(@$_POST["xMinStay"], true) .") and (`Rules`=" .sqlvalue(@$_POST["xRules"], true) .") and (`TktBy`=" .sqlvalue(@$_POST["xTktBy"], true) .") and (`Chg`=" .sqlvalue(@$_POST["xChg"], false) .") and (`Can`=" .sqlvalue(@$_POST["xCan"], false) .") and (`TrvlBetweena`=" .sqlvalue(@$_POST["xTrvlBetweena"], true) .") and (`TrvlBetweenb`=" .sqlvalue(@$_POST["xTrvlBetweenb"], true) .")";
  mysql_query($sql, $conn) or die(mysql_error());
}

function sql_delete()
{
  global $conn;
  global $_POST;

  $sql = "delete from `iahkhi` where " ."(`AirLine`=" .sqlvalue(@$_POST["xAirLine"], true) .") and (`Class`=" .sqlvalue(@$_POST["xClass"], true) .") and (`AdtPrice`=" .sqlvalue(@$_POST["xAdtPrice"], false) .") and (`chdPrice`=" .sqlvalue(@$_POST["xchdPrice"], false) .") and (`InfPrice`=" .sqlvalue(@$_POST["xInfPrice"], false) .") and (`MaxStay`=" .sqlvalue(@$_POST["xMaxStay"], true) .") and (`MinStay`=" .sqlvalue(@$_POST["xMinStay"], true) .") and (`Rules`=" .sqlvalue(@$_POST["xRules"], true) .") and (`TktBy`=" .sqlvalue(@$_POST["xTktBy"], true) .") and (`Chg`=" .sqlvalue(@$_POST["xChg"], false) .") and (`Can`=" .sqlvalue(@$_POST["xCan"], false) .") and (`TrvlBetweena`=" .sqlvalue(@$_POST["xTrvlBetweena"], true) .") and (`TrvlBetweenb`=" .sqlvalue(@$_POST["xTrvlBetweenb"], true) .")";
  mysql_query($sql, $conn) or die(mysql_error());
} ?>
and here is the modified, by me, code:

Code: Select all

<? session_start(); ?>
<html>
<head>
<title>qfq -- <?php echo $cityp; ?></title>
<meta name="generator" content="text/html">
<style type="text/css">
  body {
    background-color: #FFFFFF;
    color: #004080;
    font-family: Arial;
    font-size: 12px;
  }
  .bd {
    background-color: #FFFFFF;
    color: #004080;
    font-family: Arial;
    font-size: 12px;
  }
  .tbl {
    background-color: #FFFFFF;
  }
  a:link { 
    color: #FF0000;
    font-family: Arial;
    font-size: 12px;
  }
  a:active { 
    color: #0000FF;
    font-family: Arial;
    font-size: 12px;
  }
  a:visited { 
    color: #800080;
    font-family: Arial;
    font-size: 12px;
  }
  .hr {
    background-color: #336699;
    color: #FFFFFF;
    font-family: Arial;
    font-size: 12px;
  }
  a.hr:link {
    color: #FFFFFF;
    font-family: Arial;
    font-size: 12px;
  }
  a.hr:active {
    color: #FFFFFF;
    font-family: Arial;
    font-size: 12px;
  }
  a.hr:visited {
    color: #FFFFFF;
    font-family: Arial;
    font-size: 12px;
  }
  .dr {
    background-color: #FFFFFF;
    color: #000000;
    font-family: Arial;
    font-size: 12px;
  }
  .sr {
    background-color: #FFFFCF;
    color: #000000;
    font-family: Arial;
    font-size: 12px;
  }
</style>
</head>
<body>
<table class="bd" width="100%"><tr><td class="hr"><h2>Quick Fare Quotes System</h2></td></tr></table>
<table width="100%">
<tr>

<td width="10%" valign="top">
<li>
</td>
<td width="5%">
</td>
<td bgcolor="#e0e0e0">
</td>
<td width="5%">
</td>
<td width="80%" valign="top">
<?
  $cityp = $_POST["cityp"];
  $conn = connect();
  $showrecs = 20;
  $pagerange = 10;

  $a = @$_GET["a"];
  $recid = @$_GET["recid"];
  if (isset($_GET["order"])) $order = @$_GET["order"];
  if (isset($_GET["type"])) $ordtype = @$_GET["type"];

  if (isset($_POST["filter"])) $filter = @$_POST["filter"];
  if (isset($_POST["filter_field"])) $filterfield = @$_POST["filter_field"];
  $wholeonly = false;
  if (isset($_POST["wholeonly"])) $wholeonly = @$_POST["wholeonly"];

  if (!isset($order) && isset($_SESSION["order"])) $order = $_SESSION["order"];
  if (!isset($ordtype) && isset($_SESSION["type"])) $ordtype = $_SESSION["type"];
  if (!isset($filter) && isset($_SESSION["filter"])) $filter = $_SESSION["filter"];
  if (!isset($filterfield) && isset($_SESSION["filter_field"])) $filterfield = $_SESSION["filter_field"];

  $page = @$_GET["page"];
  if (!isset($page)) $page = 1;

  $sql = @$_POST["sql"];

  switch ($sql) {
    case "insert":
      sql_insert();
      break;
    case "update":
      sql_update();
      break;
    case "delete":
      sql_delete();
      break;
  }

  switch ($a) {
    case "add":
      addrec();
      break;
    case "view":
      viewrec($recid);
      break;
    case "edit":
      editrec($recid);
      break;
    case "del":
      deleterec($recid);
      break;
    default:
      select();
      break;
  }

  if (isset($order)) $_SESSION["order"] = $order;
  if (isset($ordtype)) $_SESSION["type"] = $ordtype;
  if (isset($filter)) $_SESSION["filter"] = $filter;
  if (isset($filterfield)) $_SESSION["filter_field"] = $filterfield;
  if (isset($wholeonly)) $_SESSION["wholeonly"] = $wholeonly;

  mysql_close($conn);
?>
</td></tr></table>
<table class="bd" width="100%"><tr><td class="hr">http://www.sqlmaestro.com/products/mysql/phpgenerator/</td></tr></table>
</body>
</html>

<? function select()
  {
  global $a;
  global $showrecs;
  global $page;
  global $filter;
  global $filterfield;
  global $wholeonly;
  global $order;
  global $ordtype;


  if ($a == "reset") {
    $filter = "";
    $filterfield = "";
    $wholeonly = "";
    $order = "";
    $ordtype = "";
  }

  $checkstr = "";
  if ($wholeonly) $checkstr = " checked";
  if ($ordtype == "asc") { $ordtypestr = "desc"; } else { $ordtypestr = "asc"; }
  $res = sql_select();
  $count = sql_getrecordcount();
  if ($count % $showrecs != 0) {
    $pagecount = intval($count / $showrecs) + 1;
  }
  else {
    $pagecount = intval($count / $showrecs);
  }
  $startrec = $showrecs * ($page - 1);
  if ($startrec < $count) {mysql_data_seek($res, $startrec);}
  $reccount = min($showrecs * $page, $count);
  $fields = array(
    "AirLine" => "AirLine",
    "Class" => "Class",
    "AdtPrice" => "AdtPrice",
    "chdPrice" => "chdPrice",
    "InfPrice" => "InfPrice",
    "MaxStay" => "MaxStay",
    "MinStay" => "MinStay",
    "Rules" => "Rules",
    "TktBy" => "TktBy",
    "Chg" => "Chg",
    "Can" => "Can",
    "TrvlBetweena" => "TrvlBetweena",
    "TrvlBetweenb" => "TrvlBetweenb");
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr><td>Citypair: <?php echo $cityp; ?></td></tr>
<tr><td>Fares shown <? echo $startrec + 1 ?> - <? echo $reccount ?> of <? echo $count ?></td></tr>
</table>
<hr size="1" noshade>
<form action="edit.php" method="post">
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><b>Custom Filter</b>&nbsp;</td>
<td><input type="text" name="filter" value="<? echo $filter ?>"></td>
<td><select name="filter_field">
<option value="">All Fields</option>
<?
  reset($fields);
  foreach($fields as $val => $caption) {
    if ($val == $filterfield) {$selstr = " selected"; } else {$selstr = ""; }
?>
<option value="<? echo $val ?>"<? echo $selstr ?>><? echo htmlspecialchars($caption) ?></option>
<? } ?>
</select></td>
<td><input type="checkbox" name="wholeonly"<? echo $checkstr ?>>Whole words only</td>
</td></tr>
<tr>
<td>&nbsp;</td>
<td><input type="submit" name="action" value="Apply Filter"></td>
<td><a href="edit.php?a=reset">Reset Filter</a></td>
</tr>
</table>
</form>
<hr size="1" noshade>
<? showpagenav($page, $pagecount); ?>
<br>
<table class="tbl" border="0" cellspacing="1" cellpadding="5"width="100%">
<tr>
<?
  reset($fields);
  foreach($fields as $val => $caption) {
?>
<td class="hr"><a class="hr" href="edit.php?order=<? echo $val ?>&type=<? echo $ordtypestr ?>"><? echo htmlspecialchars($caption) ?></a></td>
<? } ?>
<td class="hr">&nbsp;</td>
<td class="hr">&nbsp;</td>
<td class="hr">&nbsp;</td>
</tr>
<?
  for ($i = $startrec; $i < $reccount; $i++)
  {
    $row = mysql_fetch_assoc($res);
    $style = "dr";
    if ($i % 2 != 0) {
      $style = "sr";
    }
?>
<tr>
<?
  reset($fields);
  foreach($fields as $val => $caption) {
?>
<td class="<? echo $style ?>"><? echo htmlspecialchars($row[$val]) ?></td>
<? } ?>
<td class="<? echo $style ?>"><a href="edit.php?a=view&recid=<? echo $i ?>">View</a></td>
<td class="<? echo $style ?>"><a href="edit.php?a=edit&recid=<? echo $i ?>">Edit</a></td>
<td class="<? echo $style ?>"><a href="edit.php?a=del&recid=<? echo $i ?>">Delete</a></td>
</tr>
<?
  }
  mysql_free_result($res);
?>
</table>
<br>
<? showpagenav($page, $pagecount); ?>
<? } ?>

<? function showrow($row)
  {
?>
<table class="tbl" border="0" cellspacing="1" cellpadding="5"width="50%">
<tr>
<td class="hr"><? echo htmlspecialchars("AirLine")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["AirLine"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Class")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["Class"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("AdtPrice")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["AdtPrice"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("chdPrice")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["chdPrice"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("InfPrice")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["InfPrice"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("MaxStay")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["MaxStay"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("MinStay")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["MinStay"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Rules")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["Rules"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TktBy")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["TktBy"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Chg")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["Chg"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Can")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["Can"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TrvlBetweena")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["TrvlBetweena"]) ?></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TrvlBetweenb")."&nbsp;" ?></td>
<td class="dr"><? echo htmlspecialchars($row["TrvlBetweenb"]) ?></td>
</tr>
</table>
<? } ?>

<? function showroweditor($row)
  {
  global $conn;
?>
<table class="tbl" border="0" cellspacing="1" cellpadding="5"width="50%">
<tr>
<td class="hr"><? echo htmlspecialchars("AirLine")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="AirLine" maxlength="15" value="<? echo str_replace('"', '"', trim($row["AirLine"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Class")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="Class" maxlength="15" value="<? echo str_replace('"', '"', trim($row["Class"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("AdtPrice")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="AdtPrice" value="<? echo str_replace('"', '"', trim($row["AdtPrice"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("chdPrice")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="chdPrice" value="<? echo str_replace('"', '"', trim($row["chdPrice"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("InfPrice")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="InfPrice" value="<? echo str_replace('"', '"', trim($row["InfPrice"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("MaxStay")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="MaxStay" maxlength="3" value="<? echo str_replace('"', '"', trim($row["MaxStay"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("MinStay")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="MinStay" maxlength="3" value="<? echo str_replace('"', '"', trim($row["MinStay"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Rules")."&nbsp;" ?></td>
<td class="dr"><textarea cols="35" rows="4" name="Rules" maxlength="100"><? echo str_replace('"', '"', trim($row["Rules"])) ?></textarea></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TktBy")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="TktBy" maxlength="10" value="<? echo str_replace('"', '"', trim($row["TktBy"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Chg")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="Chg" value="<? echo str_replace('"', '"', trim($row["Chg"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("Can")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="Can" value="<? echo str_replace('"', '"', trim($row["Can"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TrvlBetweena")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="TrvlBetweena" maxlength="11" value="<? echo str_replace('"', '"', trim($row["TrvlBetweena"])) ?>"></td>
</tr>
<tr>
<td class="hr"><? echo htmlspecialchars("TrvlBetweenb")."&nbsp;" ?></td>
<td class="dr"><input type="text" name="TrvlBetweenb" maxlength="11" value="<? echo str_replace('"', '"', trim($row["TrvlBetweenb"])) ?>"></td>
</tr>
</table>
<? } ?>

<? function showpagenav($page, $pagecount)
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="edit.php?a=add">Add Fare</a>&nbsp;</td>
<? if ($page > 1) { ?>
<td><a href="edit.php?page=<? echo $page - 1 ?>"><<&nbsp;Prev</a>&nbsp;</td>
<? } ?>
<?
  global $pagerange;

  if ($pagecount > 1) {

  if ($pagecount % $pagerange != 0) {
    $rangecount = intval($pagecount / $pagerange) + 1;
  }
  else {
    $rangecount = intval($pagecount / $pagerange);
  }
  for ($i = 1; $i < $rangecount + 1; $i++) {
    $startpage = (($i - 1) * $pagerange) + 1;
    $count = min($i * $pagerange, $pagecount);

    if ((($page >= $startpage) && ($page <= ($i * $pagerange)))) {
      for ($j = $startpage; $j < $count + 1; $j++) {
        if ($j == $page) {
?>
<td><b><? echo $j ?></b></td>
<? } else { ?>
<td><a href="edit.php?page=<? echo $j ?>"><? echo $j ?></a></td>
<? } } } else { ?>
<td><a href="edit.php?page=<? echo $startpage ?>"><? echo $startpage ."..." .$count ?></a></td>
<? } } } ?>
<? if ($page < $pagecount) { ?>
<td>&nbsp;<a href="edit.php?page=<? echo $page + 1 ?>">Next&nbsp;>></a>&nbsp;</td>
<? } ?>
</tr>
</table>
<? } ?>

<? function showrecnav($a, $recid, $count)
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="edit.php">Index Page</a></td>
<? if ($recid > 0) { ?>
<td><a href="edit.php?a=<? echo $a ?>&recid=<? echo $recid - 1 ?>">Prior Fare</a></td>
<? } if ($recid < $count) { ?>
<td><a href="edit.php?a=<? echo $a ?>&recid=<? echo $recid + 1 ?>">Next Fare</a></td>
<? } ?>
</tr>
</table>
<hr size="1" noshade>
<? } ?>

<? function addrec()
{
?>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="edit.php">Index Page</a></td>
</tr>
</table>
<hr size="1" noshade>
<form action="edit.php" method="post">
<p><input type="hidden" name="sql" value="insert"></p>
<?
$row = array(
  "AirLine" => "",
  "Class" => "",
  "AdtPrice" => "",
  "chdPrice" => "",
  "InfPrice" => "",
  "MaxStay" => "",
  "MinStay" => "",
  "Rules" => "",
  "TktBy" => "",
  "Chg" => "",
  "Can" => "",
  "TrvlBetweena" => "",
  "TrvlBetweenb" => "");
showroweditor($row)
?>
<p><input type="submit" name="action" value="Post"></p>
</form>
<? } ?>

<? function viewrec($recid)
{
  $res = sql_select();
  $count = sql_getrecordcount();
  mysql_data_seek($res, $recid);
  $row = mysql_fetch_assoc($res);
  showrecnav("view", $recid, $count);
?>
<br>
<? showrow($row) ?>
<br>
<hr size="1" noshade>
<table class="bd" border="0" cellspacing="1" cellpadding="4">
<tr>
<td><a href="edit.php?a=add">Add Fare</a></td>
<td><a href="edit.php?a=edit&recid=<? echo $recid ?>">Edit Fare</a></td>
<td><a href="edit.php?a=del&recid=<? echo $recid ?>">Delete Fare</a></td>
</tr>
</table>
<?
  mysql_free_result($res);
} ?>

<? function editrec($recid)
{
  $res = sql_select();
  $count = sql_getrecordcount();
  mysql_data_seek($res, $recid);
  $row = mysql_fetch_assoc($res);
  showrecnav("edit", $recid, $count);
?>
<br>
<form action="edit.php" method="post">
<input type="hidden" name="sql" value="update">
<input type="hidden" name="xAirLine" value="<? echo $row["AirLine"] ?>">
<input type="hidden" name="xClass" value="<? echo $row["Class"] ?>">
<input type="hidden" name="xAdtPrice" value="<? echo $row["AdtPrice"] ?>">
<input type="hidden" name="xchdPrice" value="<? echo $row["chdPrice"] ?>">
<input type="hidden" name="xInfPrice" value="<? echo $row["InfPrice"] ?>">
<input type="hidden" name="xMaxStay" value="<? echo $row["MaxStay"] ?>">
<input type="hidden" name="xMinStay" value="<? echo $row["MinStay"] ?>">
<input type="hidden" name="xRules" value="<? echo $row["Rules"] ?>">
<input type="hidden" name="xTktBy" value="<? echo $row["TktBy"] ?>">
<input type="hidden" name="xChg" value="<? echo $row["Chg"] ?>">
<input type="hidden" name="xCan" value="<? echo $row["Can"] ?>">
<input type="hidden" name="xTrvlBetweena" value="<? echo $row["TrvlBetweena"] ?>">
<input type="hidden" name="xTrvlBetweenb" value="<? echo $row["TrvlBetweenb"] ?>">
<? showroweditor($row) ?>
<p><input type="submit" name="action" value="Post"></p>
</form>
<?
  mysql_free_result($res);
} ?>

<? function deleterec($recid)
{
  $res = sql_select();
  $count = sql_getrecordcount();
  mysql_data_seek($res, $recid);
  $row = mysql_fetch_assoc($res);
  showrecnav("del", $recid, $count);
?>
<br>
<form action="edit.php" method="post">
<input type="hidden" name="sql" value="delete">
<input type="hidden" name="xAirLine" value="<? echo $row["AirLine"] ?>">
<input type="hidden" name="xClass" value="<? echo $row["Class"] ?>">
<input type="hidden" name="xAdtPrice" value="<? echo $row["AdtPrice"] ?>">
<input type="hidden" name="xchdPrice" value="<? echo $row["chdPrice"] ?>">
<input type="hidden" name="xInfPrice" value="<? echo $row["InfPrice"] ?>">
<input type="hidden" name="xMaxStay" value="<? echo $row["MaxStay"] ?>">
<input type="hidden" name="xMinStay" value="<? echo $row["MinStay"] ?>">
<input type="hidden" name="xRules" value="<? echo $row["Rules"] ?>">
<input type="hidden" name="xTktBy" value="<? echo $row["TktBy"] ?>">
<input type="hidden" name="xChg" value="<? echo $row["Chg"] ?>">
<input type="hidden" name="xCan" value="<? echo $row["Can"] ?>">
<input type="hidden" name="xTrvlBetweena" value="<? echo $row["TrvlBetweena"] ?>">
<input type="hidden" name="xTrvlBetweenb" value="<? echo $row["TrvlBetweenb"] ?>">
<? showrow($row) ?>
<p><input type="submit" name="action" value="Confirm"></p>
</form>
<?
  mysql_free_result($res);
} ?>

<? function connect()
{
  $conn = mysql_connect("localhost", "root", "ookerate");
  mysql_select_db("qfq");
  return $conn;
}

function sqlvalue($val, $quote)
{
  if ($quote)
    $tmp = sqlstr($val);
  else
    $tmp = $val;
  if ($tmp == "")
    $tmp = "NULL";
  elseif ($quote)
    $tmp = "'".$tmp."'";
  return $tmp;
}

function sqlstr($val)
{
  return str_replace("'", "''", $val);
}

function sql_select()
{
  global $conn;
  global $order;
  global $ordtype;
  global $filter;
  global $filterfield;
  global $wholeonly;

  $filterstr = sqlstr($filter);
  if (!$wholeonly && isset($wholeonly) && $filterstr!='') $filterstr = "%" .$filterstr ."%";
  $sql = "select `AirLine`, `Class`, `AdtPrice`, `chdPrice`, `InfPrice`, `MaxStay`, `MinStay`, `Rules`, `TktBy`, `Chg`, `Can`, `TrvlBetweena`, `TrvlBetweenb` from $cityp";
  if (isset($filterstr) && $filterstr!='' && isset($filterfield) && $filterfield!='') {
    $sql .= " where " .sqlstr($filterfield) ." like '" .$filterstr ."'";
  } elseif (isset($filterstr) && $filterstr!='') {
    $sql .= " where (`AirLine` like '" .$filterstr ."') or (`Class` like '" .$filterstr ."') or (`AdtPrice` like '" .$filterstr ."') or (`chdPrice` like '" .$filterstr ."') or (`InfPrice` like '" .$filterstr ."') or (`MaxStay` like '" .$filterstr ."') or (`MinStay` like '" .$filterstr ."') or (`Rules` like '" .$filterstr ."') or (`TktBy` like '" .$filterstr ."') or (`Chg` like '" .$filterstr ."') or (`Can` like '" .$filterstr ."') or (`TrvlBetweena` like '" .$filterstr ."') or (`TrvlBetweenb` like '" .$filterstr ."')";
  }
  if (isset($order) && $order!='') $sql .= " order by \"" .sqlstr($order) ."\"";
  if (isset($ordtype) && $ordtype!='') $sql .= " " .sqlstr($ordtype);
  $res = mysql_query($sql, $conn) or die(mysql_error());
  return $res;
}

function sql_getrecordcount()
{
  global $conn;
  global $order;
  global $ordtype;
  global $filter;
  global $filterfield;
  global $wholeonly;

  $filterstr = sqlstr($filter);
  if (!$wholeonly && isset($wholeonly) && $filterstr!='') $filterstr = "%" .$filterstr ."%";
  $sql = "select count(*) from $cityp";
  if (isset($filterstr) && $filterstr!='' && isset($filterfield) && $filterfield!='') {
    $sql .= " where " .sqlstr($filterfield) ." like '" .$filterstr ."'";
  } elseif (isset($filterstr) && $filterstr!='') {
    $sql .= " where (`AirLine` like '" .$filterstr ."') or (`Class` like '" .$filterstr ."') or (`AdtPrice` like '" .$filterstr ."') or (`chdPrice` like '" .$filterstr ."') or (`InfPrice` like '" .$filterstr ."') or (`MaxStay` like '" .$filterstr ."') or (`MinStay` like '" .$filterstr ."') or (`Rules` like '" .$filterstr ."') or (`TktBy` like '" .$filterstr ."') or (`Chg` like '" .$filterstr ."') or (`Can` like '" .$filterstr ."') or (`TrvlBetweena` like '" .$filterstr ."') or (`TrvlBetweenb` like '" .$filterstr ."')";
  }
  $res = mysql_query($sql, $conn) or die(mysql_error());
  $row = mysql_fetch_assoc($res);
  reset($row);
  return current($row);
}

function sql_insert()
{
  global $conn;
  global $_POST;

  $sql = "insert into $cityp (`AirLine`, `Class`, `AdtPrice`, `chdPrice`, `InfPrice`, `MaxStay`, `MinStay`, `Rules`, `TktBy`, `Chg`, `Can`, `TrvlBetweena`, `TrvlBetweenb`) values (" .sqlvalue(@$_POST["AirLine"], true) .", " .sqlvalue(@$_POST["Class"], true) .", " .sqlvalue(@$_POST["AdtPrice"], false) .", " .sqlvalue(@$_POST["chdPrice"], false) .", " .sqlvalue(@$_POST["InfPrice"], false) .", " .sqlvalue(@$_POST["MaxStay"], true) .", " .sqlvalue(@$_POST["MinStay"], true) .", " .sqlvalue(@$_POST["Rules"], true) .", " .sqlvalue(@$_POST["TktBy"], true) .", " .sqlvalue(@$_POST["Chg"], false) .", " .sqlvalue(@$_POST["Can"], false) .", " .sqlvalue(@$_POST["TrvlBetweena"], true) .", " .sqlvalue(@$_POST["TrvlBetweenb"], true) .")";
  mysql_query($sql, $conn) or die(mysql_error());
}

function sql_update()
{
  global $conn;
  global $_POST;

  $sql = "update $cityp set `AirLine`=" .sqlvalue(@$_POST["AirLine"], true) .", `Class`=" .sqlvalue(@$_POST["Class"], true) .", `AdtPrice`=" .sqlvalue(@$_POST["AdtPrice"], false) .", `chdPrice`=" .sqlvalue(@$_POST["chdPrice"], false) .", `InfPrice`=" .sqlvalue(@$_POST["InfPrice"], false) .", `MaxStay`=" .sqlvalue(@$_POST["MaxStay"], true) .", `MinStay`=" .sqlvalue(@$_POST["MinStay"], true) .", `Rules`=" .sqlvalue(@$_POST["Rules"], true) .", `TktBy`=" .sqlvalue(@$_POST["TktBy"], true) .", `Chg`=" .sqlvalue(@$_POST["Chg"], false) .", `Can`=" .sqlvalue(@$_POST["Can"], false) .", `TrvlBetweena`=" .sqlvalue(@$_POST["TrvlBetweena"], true) .", `TrvlBetweenb`=" .sqlvalue(@$_POST["TrvlBetweenb"], true) ." where " ."(`AirLine`=" .sqlvalue(@$_POST["xAirLine"], true) .") and (`Class`=" .sqlvalue(@$_POST["xClass"], true) .") and (`AdtPrice`=" .sqlvalue(@$_POST["xAdtPrice"], false) .") and (`chdPrice`=" .sqlvalue(@$_POST["xchdPrice"], false) .") and (`InfPrice`=" .sqlvalue(@$_POST["xInfPrice"], false) .") and (`MaxStay`=" .sqlvalue(@$_POST["xMaxStay"], true) .") and (`MinStay`=" .sqlvalue(@$_POST["xMinStay"], true) .") and (`Rules`=" .sqlvalue(@$_POST["xRules"], true) .") and (`TktBy`=" .sqlvalue(@$_POST["xTktBy"], true) .") and (`Chg`=" .sqlvalue(@$_POST["xChg"], false) .") and (`Can`=" .sqlvalue(@$_POST["xCan"], false) .") and (`TrvlBetweena`=" .sqlvalue(@$_POST["xTrvlBetweena"], true) .") and (`TrvlBetweenb`=" .sqlvalue(@$_POST["xTrvlBetweenb"], true) .")";
  mysql_query($sql, $conn) or die(mysql_error());
}

function sql_delete()
{
  global $conn;
  global $_POST;

  $sql = "delete from $cityp where " ."(`AirLine`=" .sqlvalue(@$_POST["xAirLine"], true) .") and (`Class`=" .sqlvalue(@$_POST["xClass"], true) .") and (`AdtPrice`=" .sqlvalue(@$_POST["xAdtPrice"], false) .") and (`chdPrice`=" .sqlvalue(@$_POST["xchdPrice"], false) .") and (`InfPrice`=" .sqlvalue(@$_POST["xInfPrice"], false) .") and (`MaxStay`=" .sqlvalue(@$_POST["xMaxStay"], true) .") and (`MinStay`=" .sqlvalue(@$_POST["xMinStay"], true) .") and (`Rules`=" .sqlvalue(@$_POST["xRules"], true) .") and (`TktBy`=" .sqlvalue(@$_POST["xTktBy"], true) .") and (`Chg`=" .sqlvalue(@$_POST["xChg"], false) .") and (`Can`=" .sqlvalue(@$_POST["xCan"], false) .") and (`TrvlBetweena`=" .sqlvalue(@$_POST["xTrvlBetweena"], true) .") and (`TrvlBetweenb`=" .sqlvalue(@$_POST["xTrvlBetweenb"], true) .")";
  mysql_query($sql, $conn) or die(mysql_error());
} ?>
Ya so if any one can help me that would be great.
Last edited by zain1992 on Sun Jul 08, 2007 5:31 pm, edited 2 times in total.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Re: Syntax error NEED HELP!

Post by volka »

zain1992 wrote:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
replace all mysql_query($sql, $conn) or die(mysql_error());by

Code: Select all

echo '<div>Debug: ', htmlentities($sql), "</div>\n";
mysql_query($sql, $conn) or die(mysql_error());
and take a look at the querries it prints.
zain1992
Forum Newbie
Posts: 15
Joined: Thu Oct 26, 2006 3:10 pm

Post by zain1992 »

Well i did what you told me to do but now it is saying:
Parse error: syntax error, unexpected T_ECHO in C:\http\PROJECT\qfq\edit.php on line 615
i still dont know what to do.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

You didn't something wrong when you insterted the echo statement.
Please post lines 600 - 620 of your current code.
zain1992
Forum Newbie
Posts: 15
Joined: Thu Oct 26, 2006 3:10 pm

Post by zain1992 »

Here is Line 600 - 620:

Code: Select all

global $ordtype;
  global $filter;
  global $filterfield;
  global $wholeonly;

  $filterstr = sqlstr($filter);
  if (!$wholeonly && isset($wholeonly) && $filterstr!='') $filterstr = "%" .$filterstr ."%";
  $sql = "select `AirLine`, `Class`, `AdtPrice`, `chdPrice`, `InfPrice`, `MaxStay`, `MinStay`, `Rules`, `TktBy`, `Chg`, `Can`, `TrvlBetweena`, `TrvlBetweenb` from $cityp";
  if (isset($filterstr) && $filterstr!='' && isset($filterfield) && $filterfield!='') {
    $sql .= " where " .sqlstr($filterfield) ." like '" .$filterstr ."'";
  } elseif (isset($filterstr) && $filterstr!='') {
    $sql .= " where (`AirLine` like '" .$filterstr ."') or (`Class` like '" .$filterstr ."') or (`AdtPrice` like '" .$filterstr ."') or (`chdPrice` like '" .$filterstr ."') or (`InfPrice` like '" .$filterstr ."') or (`MaxStay` like '" .$filterstr ."') or (`MinStay` like '" .$filterstr ."') or (`Rules` like '" .$filterstr ."') or (`TktBy` like '" .$filterstr ."') or (`Chg` like '" .$filterstr ."') or (`Can` like '" .$filterstr ."') or (`TrvlBetweena` like '" .$filterstr ."') or (`TrvlBetweenb` like '" .$filterstr ."')";
  }
  if (isset($order) && $order!='') $sql .= " order by \"" .sqlstr($order) ."\"";
  if (isset($ordtype) && $ordtype!='') $sql .= " " .sqlstr($ordtype);
  $res = echo '<div>Debug: ', htmlentities($sql), "</div>\n"; 
   mysql_query($sql, $conn) or die(mysql_error());
  return $res;
}

function sql_getrecordcount()
it is not exactly written how it is in my Editor but the thing is i think this forum thingy has a word wrap or something like that which makes it more than 20 line to 26 lines. line 615 is where it says : $res = echo'<div> and so on...
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Code: Select all

echo '<div>Debug: ', htmlentities($sql), "</div>\n";
$res = mysql_query($sql, $conn) or die(mysql_error());
zain1992
Forum Newbie
Posts: 15
Joined: Thu Oct 26, 2006 3:10 pm

Post by zain1992 »

ok well that was my bad on the stupid mistake i made but now it is saying:
Debug: select `AirLine`, `Class`, `AdtPrice`, `chdPrice`, `InfPrice`, `MaxStay`, `MinStay`, `Rules`, `TktBy`, `Chg`, `Can`, `TrvlBetweena`, `TrvlBetweenb` from
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
Please help.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

SELECT x,y,z FROM tablename
But you have only SELECT x,y,z FROM
From what?
from $cityp
$cityp obviously is either not set ot empty.
zain1992
Forum Newbie
Posts: 15
Joined: Thu Oct 26, 2006 3:10 pm

Post by zain1992 »

i did put $cityp and if you see in my code above it is in there. it just isnt showing that in the error.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Then try

Code: Select all

if ( !isset($cityp) ) {
	die('there is no $cityp');
}
$sql = "select `AirLine`, `Class`, `AdtPrice`, `chdPrice`, ...
zain1992
Forum Newbie
Posts: 15
Joined: Thu Oct 26, 2006 3:10 pm

Post by zain1992 »

Well now it is saying:

Code: Select all

there is no $cityp
which is wierd because i delared that $cityp = $_POST["cityp"]; and i have the html file if you want to look at it to: here it is:

Code: Select all

<html>
<body>
<form action="/qfq/edit.php" method="POST">
<br><h4>Enter Citypair edit</h4><br><br>
CityPair: <input type="text" name="cityp"><br>
<input type="submit" value="Edit Citypair">
</form>
</body>
</html>
so i am not really sure what is going on.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

$cityp is set from $_POST['cityp'] which is not in the posted code. I also didn't see any protection being applied to it; quite dangerous.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

There's a reason why you have
global $conn;
global $order;
global $ordtype;
global $filter;
global $filterfield;
global $wholeonly;
For the same reason you have no $cityp in your function (yet).
see http://www.php.net/manual/en/language.v ... .scope.php
and while you're at it please also read http://de3.php.net/security.database.sql-injection
zain1992
Forum Newbie
Posts: 15
Joined: Thu Oct 26, 2006 3:10 pm

Post by zain1992 »

ok i put it in all my functions now and it is showing me the table info. but there is a problem when i try to insert a record it gives me this:
Debug: insert into (`AirLine`, `Class`, `AdtPrice`, `chdPrice`, `InfPrice`, `MaxStay`, `MinStay`, `Rules`, `TktBy`, `Chg`, `Can`, `TrvlBetweena`, `TrvlBetweenb`) values ('KL', 'V', 1234, 1111, 234, '06M', 'SAN', 'NO RULES', '07DEC2007', 200, 250, '070812', '071013')
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(`AirLine`, `Class`, `AdtPrice`, `chdPrice`, `InfPrice`, `MaxStay`, `MinStay`, `' at line 1
i dont understand what i am doing wrong now.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Please read the documents behind the two links carefully and think about it.
Post Reply