Form issue[topic solved]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

SirChick
Forum Contributor
Posts: 125
Joined: Tue Jul 31, 2007 11:55 am

Post by SirChick »

So would this work on the next page:

$_POST{$soldhousesrow['Price']};

Cos thats from the form not the query.

And I'm not too sure on this part:
Edit your SQL to include the data you need to build the select, and then you'll be able to reference it the way you are.
Could you show me an example and then ill give it a try.
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Post by Stryks »

Ok, before you do anything else, have a read of this page.

It's important that you have a good read of it, even if you dont really 'get' it, because all of your problems here seem to relate in some way to arrays and the way you are trying to use them.

As far as the SQL goes, I don't know your database, so I really am flying blind with it. However, assuming you are just attempting to reference an existing database field and have just forgotten to query it, you would change this ...

Code: Select all

$soldhousesquery = "SELECT Price, HouseType FROM soldhouses ORDER BY Price ASC";
to this ...

Code: Select all

$soldhousesquery = "SELECT SoldHouseID, Price, HouseType FROM soldhouses ORDER BY Price ASC";
When this command is executed

Code: Select all

$soldhousesrow = mysql_fetch_array($soldhousesresult)
it will return an array of the fields (columns) relating to a single record (row). When you specify columns to return (between SELECT and FROM) they will be the ONLY values returned.

Now, with the POST array, the way you are trying to access it is wrong on a few different levels. Firstly, to my knowledge, you cannot access an array with the syntax

Code: Select all

$_POST{anything}
Someone may correct me on that, but I don't think so. Direct access to an array element should always be in the form of

Code: Select all

$_POST['something']
As for using a variable as the key for the array, this is possible - with the format

Code: Select all

$key = "something";
echo $_POST[$key]
or even

Code: Select all

echo $_POST[$test['key']]
However, what you are trying to do here

Code: Select all

$_POST{$soldhousesrow['Price']};
is access an array using the wrong format, using a key which by your reckoning would equate to a value, not a key. Worse that that though, the value you are aiming at accessing is not set, because it is not passed to the second page via the form as you suspect.

When you submit a form, the $_POST array will store a series of values in the format "form control name"=>"form control value". Accessed with ...

Code: Select all

$_POST["form_control_name"]
The form you specify has two controls, "houselist" and "buy", as shown when you var_dump the post value.
array(2) { ["houselist"]=> string(0) "" ["Buy"]=> string(9) "Buy House" }
So, accessing $_POST, you only have access to "houselist" and "Buy". You can add hidden fields to your form to carry the extra data across, or you can fix the SQL as shown above, and use the SoldHouseID stored as a value in the form as "houselist" and run a second query on the second page to get access to the extended data.

I've tried to lay this all out as simply as I can without actually rewriting your code for you. I hope it helps.
SirChick
Forum Contributor
Posts: 125
Joined: Tue Jul 31, 2007 11:55 am

Post by SirChick »

Right i think i understand you.

I have tried a new attempt at this but im still getting House ID cannot be found. I think its my $_POST call up on the second page that is incorrect.... but not entirely too sure... this is what i have changed it to...
I changed the query on the form like you said and done a post call for "houselist" which is the select name... would that be correct? Or should i post call some other value from the form ?

Code: Select all

<form name="Form1" method="POST" action="housepurchaseprocess.php" enctype="multipart/form-data" id="Form1" onsubmit="return ValidateForm1(this)">

<?php
//generates a list box to display the rows of available houses in the soldhouses table depending on which one the user clicks on then clicks buy will be "should be" the one that goes to the session
$soldhousesquery = "SELECT SoldHouseID, Price, HouseType FROM soldhouses ORDER BY Price ASC";
$soldhousesresult = @mysql_query($soldhousesquery) or die(mysql_error());


echo '<select name="houselist" size=10>">';

while($soldhousesrow = mysql_fetch_array($soldhousesresult)) {
        echo "<option value=\"{$soldhousesrow['SoldHouseID']}\">£ {$soldhousesrow['Price']} - {$soldhousesrow['HouseType']}</option>";
		}

echo '</select>';


?>
</div>
<input type="submit" id="Button2" name="Buy" value="Buy House" style="position:absolute;left:350px;top:600px;width:184px;height:24px;z-index:20">
</form>
Process page:

Code: Select all

$HouseId = $_POST['houselist'];

$GetHouseInfo = mysql_query("SELECT * FROM soldhouses WHERE SoldHouseID='$HouseID'");
// Fetch the row from the database
if (!($gethouseinforow = mysql_fetch_assoc($GetHouseInfo))) {
    echo "House ID not found!";
    exit;
	echo mysql_error();
}
josa
Forum Commoner
Posts: 75
Joined: Mon Jun 24, 2002 4:58 am
Location: Sweden

Post by josa »

It looks correct but I think it's a good idea to look inside the $_POST array and see what it actually contains. Place this code somewhere in housepurchaseprocess.php:

Code: Select all

echo '<pre>';
var_dump($_POST);
echo '</pre>';
/josa
SirChick
Forum Contributor
Posts: 125
Joined: Tue Jul 31, 2007 11:55 am

Post by SirChick »

array(2) {
["houselist"]=>
string(1) "1"
["Buy"]=>
string(9) "Buy House"
}

House ID not found!


thats the result, not entirely sure what it means with the sting(1) "1" .

Could that be the ID?
josa
Forum Commoner
Posts: 75
Joined: Mon Jun 24, 2002 4:58 am
Location: Sweden

Post by josa »

Yes, that is what gets posted from the form.

"houselist" => string(1) "1"
  • "houselist" is the array key and this key is what you use when you write $_POST['houselist'].
  • string(1) tells us that the value for that key is of type string with the length of one (1).
  • "1" is the value. In this case the house id.
Next step is to look at the query and see if there is something wrong with that. If you do like this...

Code: Select all

$sql = "SELECT * FROM soldhouses WHERE SoldHouseID='$HouseID'";
echo $sql;
$GetHouseInfo = mysql_query($sql);
...
...you can see exactly how the query looks like. You can then cut and paste it into phpMyAdmin for example and see what happens.

/josa
SirChick
Forum Contributor
Posts: 125
Joined: Tue Jul 31, 2007 11:55 am

Post by SirChick »

Hmmm if you say the "1" is the value of house id... the query is showing "0"

array(2) {
["houselist"]=>
string(1) "1"
["Buy"]=>
string(9) "Buy House"
}

SELECT * FROM soldhouses WHERE SoldHouseID='0'House ID not found!

So could that mean that String(1) "1"


is not houseID but infact something like the item position? Example:

1 cottage - 50000
2 apartment - 10000

and because i picked cottage the item is 1 as in option one ? instead of the house ID?
josa
Forum Commoner
Posts: 75
Joined: Mon Jun 24, 2002 4:58 am
Location: Sweden

Post by josa »

Oh, I missed a detail. Variables in PHP are case sensitive. $HouseID in your query should be $HouseId. You should also consider converting the posted variable to an integer to prevent sql injection.

Code: Select all

$HouseId = intval($_POST['houselist']);
/josa
SirChick
Forum Contributor
Posts: 125
Joined: Tue Jul 31, 2007 11:55 am

Post by SirChick »

the user does not type anything though they just select an option. so they cant type an SQL injection....


Hmm im getting this now :
1 (this 1 is coming from Echo $HouseID; as show in below code, suggesting the HouseID now does work)

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\xampp\htdocs\housepurchaseprocess.php on line 20
House ID not found!

Code:

Code: Select all

$HouseID = $_POST['houselist'];
Echo $HouseID;
$sql = "SELECT * FROM soldhouses WHERE SoldHouseID='$HouseID'";
if (!($gethouseinforow = mysql_fetch_assoc($sql))) {
    echo "House ID not found!";
    exit;
	echo mysql_error();
}
josa
Forum Commoner
Posts: 75
Joined: Mon Jun 24, 2002 4:58 am
Location: Sweden

Post by josa »

You forgot to send the query to the database. The echo $sql part was for debugging so we can remove that now.

Code: Select all

$HouseID = intval($_POST['houselist']);
$sql = "SELECT * FROM soldhouses WHERE SoldHouseID='$HouseID'";
$GetHouseInfo = mysql_query($sql);
if (!($gethouseinforow = mysql_fetch_assoc($GetHouseInfo))) {
    echo "House ID not found!";
    exit;
        echo mysql_error();
}
As for sql injection you have to consider that not all clients are plain web browsers. You should always assume the client can send anything in a form post, not just what you explicitly allow.

/josa
SirChick
Forum Contributor
Posts: 125
Joined: Tue Jul 31, 2007 11:55 am

Post by SirChick »

Oh right ok ill deal with injections a bit later on then,,,,,



So just to add.... for the fields to be called do i just do:

$HouseType = $gethouseinforow['HouseType'];
$HousePrice = $gethouseinforow['Price'];
$NumberOfRooms = $gethouseinforow['RoomTotal'];

or is it $bleh = $gethouseinfo['fieldname']; ?
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Post by Stryks »

I don't really remember why now, but when I first started out with databases, I was told to try and avoid doing wildcard selects, like

Code: Select all

$sql = "SELECT * FROM soldhouses WHERE SoldHouseID='$HouseID'";
I think it had to do with being a waste of resources, pulling back all data instead of just the data needed. I dont know how good an argument that is, but as for how my style has developed, I always specify the columns to be returned simply because it's a good lookup. When I see

Code: Select all

$soldhousesquery = "SELECT SoldHouseID, Price, HouseType FROM soldhouses ORDER BY Price ASC";
I just know that when attempting to pull data from the result set, I can access $result['SoldHouseID'], $result['Price'], and $result['HouseType'] without needing to jump out of my current view to make sure I got the names right.

To give a bit of insight into what you are pulling back (and thus what and how you can access it), insert this at the end of the code you posted.

Code: Select all

    echo "You have access to:<br><br>";
    foreach($gethouseinforow as $key=>$value) echo "<strong>\$gethouseinforow['$key']</strong> &nbsp; = $value<br>";
The part in bold is what you would use to access the data, and the rest is the value being returned for that column.

If it helps you with checking out data from forms, it will also work on the form recipient page.

Code: Select all

    echo "You have access to:<br><br>";
    foreach($_POST as $key=>$value) echo "<strong>\$_POST['$key']</strong> &nbsp; = $value<br>";
Hope this helps.
User avatar
Stryks
Forum Regular
Posts: 746
Joined: Wed Jan 14, 2004 5:06 pm

Post by Stryks »

Oh ... and to answer your question, $gethouseinfo is just a reference to the database resource.

Code: Select all

echo $gethouseinfo
... should give you something like ...
Resource id #2
As per your query method, you can only access results with $gethouseinforow, however, if you wanted to ...

Code: Select all

$bleh = $gethouseinforow['fieldname'];
... theres no reason why you couldn't, assuming 'fieldname' was the key of a returned value.

8)
SirChick
Forum Contributor
Posts: 125
Joined: Tue Jul 31, 2007 11:55 am

Post by SirChick »

You have access to:

$gethouseinforow['SoldHouseID'] = 1
$gethouseinforow['Price'] = 50000
$gethouseinforow['HouseType'] = Cottage
$gethouseinforow['NumberOfRooms'] = 3



Ok that worked a treat.




Thanks for all your help.
Olga123
Forum Newbie
Posts: 1
Joined: Mon Sep 10, 2007 6:04 am

Post by Olga123 »

You'd better ask a professional to do it, may be something is wrong with the database.
Post Reply