Page 1 of 1

Submit pre-populated fields to MSSQL DB

Posted: Fri Feb 15, 2008 1:35 pm
by jolok
Noob here. This is my first PHP project.
I'm using this form to SELECT a row(values) from a MSSQL DB:

Code: Select all

 
<?php
 
// input the id to update
$rowID = $_POST[rowid];
 
//database connection variables
$myServer = "DBServer";
$myUser = "username";
$myPass = "password";
$myDB = "DB";
 
//connection to the database
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
  or die("Couldn't connect to SQL Server on $myServer");
 
//select a database to work with
$selected = mssql_select_db($myDB, $dbhandle)
  or die("Couldn't open database $myDB");
  
$query = "SELECT Field1, Field2 ";
$query .= "FROM dbo.Log where varID = $varID";
 
//execute the SQL query and return records
$result = mssql_query($query, $dbhandle);
$return = mssql_get_last_message();
 
$row = mssql_fetch_assoc($result);
 
?>
<HTML>
<HEAD>
</HEAD>
<BODY>
    <BR>
    <IMG src="images/Logo.gif" align=top _alt="">
 
<FORM name="RetrieveRecord" action="<?php echo $PHP_SELF;?>" method="POST">
    Record ID: <INPUT type="text" name="varid" size="4" value="" />
    <INPUT type="submit" name="retrieve" value="Go" />
</FORM>
 
<FORM name="UpdateRecord" action="post_insert_record.php" method="POST">    
 <P>
 <FIELDSET>
     <LEGEND><b>Record Form</b></LEGEND>
       <TABLE>
        <TR>
            <TD>Field1</TD>
            <TD>
                <?php
                echo '<INPUT type="text" name="field1" value="'.$row[Field1].'" />';
                ?>
            </TD>
        </TR>
        <TR>
            <TD>Field2</TD>
            <TD>
                <?php
                echo '<INPUT type="text" name="field2" value="'.$row[Field2].'" />';
                ?>
            </TD>
        </TR>                       
       </TABLE> 
 </FIELDSET>
<br>
<INPUT type="submit" name="update" value="Submit" />
</P>
</FORM>
</BODY>
</HTML>
 
The form does populate with the correct info when I enter the rowid.
What I'm trying to do from there is submit to the script below to determine if the values should be updated
in the DB, or if it's a new record, which should be inserted:

Code: Select all

 
<?php
 
// set the default timezone to use.
date_default_timezone_set('America/Chicago');
  
if (isset($_POST[submit])) {
    
//database connection variables
$myServer = "DBServer";
$myUser = "username";
$myPass = "password";
$myDB = "DB"; 
$successURL = "http://webserver/Success.html";
 
//connection to the database
$dbhandle = mssql_connect($myServer, $myUser, $myPass)
  or die("Couldn't connect to SQL Server $myServer"); 
 
//select a database to work with
$selected = mssql_select_db($myDB, $dbhandle)
  or die("Couldn't open database $myDB");
 
if (isset($rowID)) {
 
// UPDATE query - Existing Alarm
$query = "UPDATE dbo.Log set Field1 = '$_POST[field1]', Field2 = '$_POST[field2]' ";
$query .= "WHERE RowID = $rowID";
 
} else {
 
// INSERT query - New Alarm
$query = "INSERT INTO dbo.Log (Field1, Field2) ";
$query .= "VALUES ( '$_POST[field1]', '$_POST[field2]')";
}
 
//execute the SQL query and return records
$result = mssql_query($query, $dbhandle);
 
//I want to see what the SQL server returns
$return = mssql_get_last_message();
 
if ($return = "Changed database context to '$dbname'.")
{
    header( "Location: $successURL" );
} else {
 
echo $return;
 
//close the connection to the database
mssql_close($dbhandle);
exit();
}
 
// if the user didn't submit data from the webform, send this error
} else {
    echo "Forbidden:  You cannot access this page directly";
    exit;
}   
?>
 
But, once the values are populated on the first form and I edit and submit them, I get:
Forbidden: You cannot access this page directly,
Which makes me think that $_POST[submit] is not set? I'm sure the code isn't nearly as
clean as it could be. Any assistance is much appreciated.


Jolok

Re: Submit pre-populated fields to MSSQL DB

Posted: Fri Feb 15, 2008 1:39 pm
by RobertGonzalez
Trying checking against $_SERVER['REQUEST_METHOD'] == 'POST' and always make sure to wrap your array indeces in quotes (unless you are using the array and index inside of a double quoted string, in which case you can leave the quote off).

Re: Submit pre-populated fields to MSSQL DB

Posted: Fri Feb 15, 2008 1:40 pm
by liljester
i think this is your problem.

Code: Select all

if (isset($_POST[submit])) {
try this:

Code: Select all

if( $_POST['update'] == "Submit" ){

Re: Submit pre-populated fields to MSSQL DB

Posted: Fri Feb 15, 2008 1:51 pm
by RobertGonzalez
Don't check against the value of a submit button. If someone hits enter when in the field the submit button does not get sent with the form data and your user sees the form post and then do nothing because you code is looking for a button click as the trigger.

Re: Submit pre-populated fields to MSSQL DB

Posted: Fri Feb 15, 2008 2:16 pm
by jolok
Ok, I've changed this:

Code: Select all

 
if (isset($_POST[submit])) {
...conditions
 
to:

Code: Select all

 
if( $_SERVER['REQUEST_METHOD'] == 'POST' ){
...conditions
 
And I now just get a blank page, and blank View Source (which I normally see when there is a
syntax error). Maybe there's something else wrong in the code further on...
I certainly appreciate the quick responses from all on this. I will continue to troubleshoot.


Jolok

Re: Submit pre-populated fields to MSSQL DB

Posted: Fri Feb 15, 2008 3:23 pm
by RobertGonzalez
Turn on display_errors or check your error logs to see what is happening on that page.

Re: Submit pre-populated fields to MSSQL DB

Posted: Fri Feb 15, 2008 4:10 pm
by liljester
Everah wrote:Don't check against the value of a submit button. If someone hits enter when in the field the submit button does not get sent with the form data and your user sees the form post and then do nothing because you code is looking for a button click as the trigger.
I dont think ive ever seen that issue.. on any specific browsers?

Re: Submit pre-populated fields to MSSQL DB

Posted: Fri Feb 15, 2008 4:31 pm
by RobertGonzalez
Write a small form and post it. Do a var_dump($_POST) in all your browsers and see what is sent.

It gets even better when using an image submit button.