Delete record-leaving a blank line

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
SamCec
Forum Newbie
Posts: 17
Joined: Mon Aug 16, 2010 11:43 am

Delete record-leaving a blank line

Post by SamCec »

I do not know PHP or MySQL. A gentleman actually wrote a routine for me but there is a problem and I can't reach this fellow. He did a great job. I'm hoping you can help.
Scenario:
I have a drop-down box that displays Wood Types (Cherry, White Oak, Poplar, Walnut, etc.) The display routine, with other code, is in a separate PHP program called "Shop.php".

There is another PHP routine called "Edit.PHP" that is used to do maintenance on the various databases of the application.
Here is my problem. The following is the output when I click on the drop down box in the Shop.php program

[text]In the Wood Type drop down box, the result looks like this:
White Oak
Cherry
<------ a blank line here.
Poplar
Walnut[/text]
How did I get this:
In the Edit.php routine, I deleted an existing record in the Wood database and entered a couple new ones.
The code in the Edit.php routine looks like this:(there is additional code in the Edit.php routine but I did not show it.)

Code: Select all

function deleteEntry(index, table, deleteImage)
{
    var sql =     "DELETE FROM "+table+" WHERE `index` = "+index;
    
    if(deleteImage != "")
    {
        deleteImage = "images/"+deleteImage;    
    }

    document.location = "edit.php?sql="+sql+"&deleteImage="+deleteImage;
}

var woodPhotos = new Array    (<?php     for($i = 0; $i < sizeof($photos); $i++)                                                                    {                                                                                                                                                                                                if($photos[$i][3] == 'wood')                                                                                                                                                                {                                                                                                                                                             if($first == false)                                                                                                                                                                {                                                                                                                                                                            echo ",";                                                                                                                                                                    }                                                                                                                                                                         $first = false;?>                                                                                                                                                                                                                                                                                                                                                                        new Array('<?php echo $photos[$i][1]; ?>', '<?php echo $photos[$i][2]; ?>')                                                                                                                    <?php                                                                                                                                                                             }                                                                                                                                                                                                                }                                                                                                                                                                            ?>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            );

Code: Select all

 <?php for($i = 0; $i < sizeof($woods); $i++)
    {?>
    <tr>
        <td><?php echo $woods[$i][0];?></td>
        <td id="name<?php echo $i; ?>"><?php echo $woods[$i][1]; ?></td>
        <td id="image<?php echo $i; ?>"><img id="imageWood<?php echo $i; ?>" width="100" height="80" src="images/wood/<?php echo $woods[$i][2]; ?>" /></td>
        <td><input type="button" id="btnEdit<?php echo $i; ?>" onclick="editEntry(<?php echo $i; ?>, <?php echo $woods[$i][0]; ?>)" value="edit" /></td>
        <td><input type="button" onclick="deleteEntry('<?php echo $woods[$i][0]; ?>', 'wood')" value="delete" /></td>
    </tr>    
    <?php }?>
Can anyone help me straighten this out???
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Delete record-leaving a blank line

Post by McInfo »

This is an indicator of bad design. Executing an arbitrary SQL query that has been sent through a request is a huge security hole.

Code: Select all

document.location = "edit.php?sql="+sql
You have not given enough code for me to help with the problem you asked about. Please show at least the part of the code that generates the drop-down menu. Even better, post all of edit.php.
SamCec
Forum Newbie
Posts: 17
Joined: Mon Aug 16, 2010 11:43 am

Re: Delete record-leaving a blank line

Post by SamCec »

McInfo:

Per your request, here is a zipped file of edit.php
Attachments
edit.zip
Edit.php
(3.1 KiB) Downloaded 129 times
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Delete record-leaving a blank line

Post by McInfo »

Not only does the script allow execution of arbitrary queries, it allows deletion of arbitrary files. This is not good.

Code: Select all

if (isset($_GET['sql'])) {
    if ($_GET['deleteImage'] != "") {
        unlink($_GET['deleteImage']);
    }
    mysql_query($_GET['sql']) or die(mysql_error());
}
It appears that the problem with the drop-down menu is in shop.php, not edit.php. (Sorry, I should have requested shop.php.) A possible cause is that a counter is incremented in a loop and used as an array index for an element that does not exist.
SamCec
Forum Newbie
Posts: 17
Joined: Mon Aug 16, 2010 11:43 am

Re: Delete record-leaving a blank line

Post by SamCec »

McInfo:
Thank you for the time. Coincidentally in writing this post, tonight I got an e-mail from the author of the code. He apologized for not getting back to me but said he would be working on the problems I sent him. I have no reason not to believe him. Except for a few problems, he's achieving what I need. I can't comment on his coding because of my lack of PHP knowledge.

Again, I would like to thank you for taking the time and looking at the code.

I would like to ask you and/or others a general PHP question. I am going to reference and use as an example Microsoft Visual Basic version 6. In VB, when debugging a program, you can "step" through code, one line at a time looking at the contents of variables and fields by setting a breakpoint and hitting the "F8" key. You can also change code within a procedure and can use an "Immediate Window" to do various things. Is there a way to do this in PHP?

Sam
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Delete record-leaving a blank line

Post by McInfo »

There is debugging software for PHP.

What software environment do you have (operating system, server software, editors, etc.)?
SamCec
Forum Newbie
Posts: 17
Joined: Mon Aug 16, 2010 11:43 am

Re: Delete record-leaving a blank line

Post by SamCec »

McInfo wrote:There is debugging software for PHP.

What software environment do you have (operating system, server software, editors, etc.)?
I have a "stand alone" system. I am a retired individual and only have a PC at home.

You asked what OS I have: Windows-7-Ultimate
As far as Editors: The only one I use for programming is Notepad ++

I would like to learn PHP. I am using http://www.w3cschools.com

Sam
User avatar
McInfo
DevNet Resident
Posts: 1532
Joined: Wed Apr 01, 2009 1:31 pm

Re: Delete record-leaving a blank line

Post by McInfo »

You mean http://w3schools.com/.

Probably the easiest way to get PHP-debugging ability on Windows is to install the latest versions of XAMPP and NetBeans. XAMPP for Windows includes Xdebug, which facilitates the debugging, and NetBeans has the user interface.

After installing XAMPP, you need to edit <path to xampp>\php\php.ini and disable all of the lines that start with "xdebug." by ensuring that there is a semicolon (;) at the beginning of each line. The semicolon makes the line a comment so the INI parser will ignore the setting on that line.

Then, find the following lines and un-comment them. Change the values to match, if needed.
[text]xdebug.remote_enable = 1
xdebug.remote_handler = "dbgp"
xdebug.remote_host = "localhost"
xdebug.remote_port = 9000[/text]
Also un-comment this line. The path might be different depending on where you installed XAMPP.
[text]zend_extension = "\xampp\php\ext\php_xdebug.dll"[/text]
Start or restart Apache using the XAMPP control panel.

In NetBeans, create or open a project and create or open a PHP file. On the "Debug" menu, choose "Debug File" or use the key combination Ctrl+Shift+F5. Your browser should open and look busy. In NetBeans, you should be able to use the debugging controls to step through, step over, run to cursor, etc.
Post Reply