Page 1 of 1

Delete record-leaving a blank line

Posted: Sat Sep 25, 2010 8:20 am
by SamCec
I do not know PHP or MySQL. A gentleman actually wrote a routine for me but there is a problem and I can't reach this fellow. He did a great job. I'm hoping you can help.
Scenario:
I have a drop-down box that displays Wood Types (Cherry, White Oak, Poplar, Walnut, etc.) The display routine, with other code, is in a separate PHP program called "Shop.php".

There is another PHP routine called "Edit.PHP" that is used to do maintenance on the various databases of the application.
Here is my problem. The following is the output when I click on the drop down box in the Shop.php program

[text]In the Wood Type drop down box, the result looks like this:
White Oak
Cherry
<------ a blank line here.
Poplar
Walnut[/text]
How did I get this:
In the Edit.php routine, I deleted an existing record in the Wood database and entered a couple new ones.
The code in the Edit.php routine looks like this:(there is additional code in the Edit.php routine but I did not show it.)

Code: Select all

function deleteEntry(index, table, deleteImage)
{
    var sql =     "DELETE FROM "+table+" WHERE `index` = "+index;
    
    if(deleteImage != "")
    {
        deleteImage = "images/"+deleteImage;    
    }

    document.location = "edit.php?sql="+sql+"&deleteImage="+deleteImage;
}

var woodPhotos = new Array    (<?php     for($i = 0; $i < sizeof($photos); $i++)                                                                    {                                                                                                                                                                                                if($photos[$i][3] == 'wood')                                                                                                                                                                {                                                                                                                                                             if($first == false)                                                                                                                                                                {                                                                                                                                                                            echo ",";                                                                                                                                                                    }                                                                                                                                                                         $first = false;?>                                                                                                                                                                                                                                                                                                                                                                        new Array('<?php echo $photos[$i][1]; ?>', '<?php echo $photos[$i][2]; ?>')                                                                                                                    <?php                                                                                                                                                                             }                                                                                                                                                                                                                }                                                                                                                                                                            ?>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            );

Code: Select all

 <?php for($i = 0; $i < sizeof($woods); $i++)
    {?>
    <tr>
        <td><?php echo $woods[$i][0];?></td>
        <td id="name<?php echo $i; ?>"><?php echo $woods[$i][1]; ?></td>
        <td id="image<?php echo $i; ?>"><img id="imageWood<?php echo $i; ?>" width="100" height="80" src="images/wood/<?php echo $woods[$i][2]; ?>" /></td>
        <td><input type="button" id="btnEdit<?php echo $i; ?>" onclick="editEntry(<?php echo $i; ?>, <?php echo $woods[$i][0]; ?>)" value="edit" /></td>
        <td><input type="button" onclick="deleteEntry('<?php echo $woods[$i][0]; ?>', 'wood')" value="delete" /></td>
    </tr>    
    <?php }?>
Can anyone help me straighten this out???

Re: Delete record-leaving a blank line

Posted: Sat Sep 25, 2010 10:49 am
by McInfo
This is an indicator of bad design. Executing an arbitrary SQL query that has been sent through a request is a huge security hole.

Code: Select all

document.location = "edit.php?sql="+sql
You have not given enough code for me to help with the problem you asked about. Please show at least the part of the code that generates the drop-down menu. Even better, post all of edit.php.

Re: Delete record-leaving a blank line

Posted: Sat Sep 25, 2010 1:06 pm
by SamCec
McInfo:

Per your request, here is a zipped file of edit.php

Re: Delete record-leaving a blank line

Posted: Sat Sep 25, 2010 6:58 pm
by McInfo
Not only does the script allow execution of arbitrary queries, it allows deletion of arbitrary files. This is not good.

Code: Select all

if (isset($_GET['sql'])) {
    if ($_GET['deleteImage'] != "") {
        unlink($_GET['deleteImage']);
    }
    mysql_query($_GET['sql']) or die(mysql_error());
}
It appears that the problem with the drop-down menu is in shop.php, not edit.php. (Sorry, I should have requested shop.php.) A possible cause is that a counter is incremented in a loop and used as an array index for an element that does not exist.

Re: Delete record-leaving a blank line

Posted: Sat Sep 25, 2010 7:18 pm
by SamCec
McInfo:
Thank you for the time. Coincidentally in writing this post, tonight I got an e-mail from the author of the code. He apologized for not getting back to me but said he would be working on the problems I sent him. I have no reason not to believe him. Except for a few problems, he's achieving what I need. I can't comment on his coding because of my lack of PHP knowledge.

Again, I would like to thank you for taking the time and looking at the code.

I would like to ask you and/or others a general PHP question. I am going to reference and use as an example Microsoft Visual Basic version 6. In VB, when debugging a program, you can "step" through code, one line at a time looking at the contents of variables and fields by setting a breakpoint and hitting the "F8" key. You can also change code within a procedure and can use an "Immediate Window" to do various things. Is there a way to do this in PHP?

Sam

Re: Delete record-leaving a blank line

Posted: Sat Sep 25, 2010 11:24 pm
by McInfo
There is debugging software for PHP.

What software environment do you have (operating system, server software, editors, etc.)?

Re: Delete record-leaving a blank line

Posted: Sun Sep 26, 2010 3:39 am
by SamCec
McInfo wrote:There is debugging software for PHP.

What software environment do you have (operating system, server software, editors, etc.)?
I have a "stand alone" system. I am a retired individual and only have a PC at home.

You asked what OS I have: Windows-7-Ultimate
As far as Editors: The only one I use for programming is Notepad ++

I would like to learn PHP. I am using http://www.w3cschools.com

Sam

Re: Delete record-leaving a blank line

Posted: Sun Sep 26, 2010 12:24 pm
by McInfo
You mean http://w3schools.com/.

Probably the easiest way to get PHP-debugging ability on Windows is to install the latest versions of XAMPP and NetBeans. XAMPP for Windows includes Xdebug, which facilitates the debugging, and NetBeans has the user interface.

After installing XAMPP, you need to edit <path to xampp>\php\php.ini and disable all of the lines that start with "xdebug." by ensuring that there is a semicolon (;) at the beginning of each line. The semicolon makes the line a comment so the INI parser will ignore the setting on that line.

Then, find the following lines and un-comment them. Change the values to match, if needed.
[text]xdebug.remote_enable = 1
xdebug.remote_handler = "dbgp"
xdebug.remote_host = "localhost"
xdebug.remote_port = 9000[/text]
Also un-comment this line. The path might be different depending on where you installed XAMPP.
[text]zend_extension = "\xampp\php\ext\php_xdebug.dll"[/text]
Start or restart Apache using the XAMPP control panel.

In NetBeans, create or open a project and create or open a PHP file. On the "Debug" menu, choose "Debug File" or use the key combination Ctrl+Shift+F5. Your browser should open and look busy. In NetBeans, you should be able to use the debugging controls to step through, step over, run to cursor, etc.