[prev in list] [next in list] [prev in thread] [next in thread]
List: php-db
Subject: [PHP-DB] Re: [PHP] PHP & Database Problems -- Code Snippets
From: Matijn Woudt <tijnema () gmail ! com>
Date: 2012-05-05 22:35:15
Message-ID: CAC_gtuNV21Lnk5RV7WKUGMT-83DK=FtU+HvGnOGJ4ve-tPSwvg () mail ! gmail ! com
[Download RAW message or body]
On Thu, May 3, 2012 at 4:20 PM, Ethan Rosenberg <ethros@earthlink.net> wrote:
> At 06:47 PM 5/2/2012, Matijn Woudt wrote:
>>
>> On Wed, May 2, 2012 at 11:43 PM, Ethan Rosenberg <ethros@earthlink.net>
>> wrote: > Dear list - > > Sorry for the attachment. Here are code snippets
>> --- Ethan, I don't want to sound rude, but it appears to me you don't have
>> any understanding of what you're doing. It might help if you understand what
>> the code is doing... Let me explain. > > GET THE DATA FROM INTAKE3: > >
>> function handle_data() > { > global $cxn; > $query =
>> "select * from Intake3 where 1"; > > > >
>> if(isset($_Request['Sex'])&& trim($_POST['Sex']) != '' ) $_Request does not
>> exists, you're looking for $_REQUEST. And why are you mixing $_REQUEST and
>> $_POST here? > { > if ($_REQUEST['Sex'] === "0") >
>> { > $sex = 'Male'; >
>> } > else > { > $sex =
>> 'Female'; > } > } > > } What is the point of
>> the handle_data function above? It doesn't do anything. >
>> $allowed_fields = array > ( 'Site' =>$_POST['Site'], 'MedRec' =>
>> $_POST['MedRec'], 'Fname' => > $_POST['Fname'], 'Lname' => $_POST['Lname'] ,
>> > 'Phone' => $_POST['Phone'] , 'Sex' => $_POST['Sex'] ,
>> 'Height' > => $_POST['Height'] ); > > if(empty($allowed_fields)) >
>> { > echo "ouch"; > } > > $query = "select * from
>> Intake3 where 1 "; > > foreach ( $allowed_fields as $key => $val )
>> > { > if ( (($val != '')) ) > > { > $query .= "
>> AND ($key = '$val') "; > } > $result1 = mysqli_query($cxn,
>> $query); > } First, this will allow SQL injections, because you insert
>> the values directly from the browser. Second, you should move the last line
>> ($result1=...), outside of the foreach loop, now you're executing the query
>> multiple times. Third, you should check if $result1 === FALSE, in case the
>> query fails > > $num = mysqli_num_rows($result1); > if(($num =
>> mysqli_num_rows($result1)) == 0) Doing the same thing twice? > { > ?> >
>> <br /><br /><center><b><p style="color: red; font-size:14pt;" >No
>> Records > Retrieved #1</center></b></style></p> > <?php > exit(); >
>> } > > DISPLAY THE INPUT3 DATA: > >>>> THIS SEEMS TO BE THE ROUTINE THAT
>> IS FAILING <<< > > <center><b>Search Results</b></center><br /> > >
>> <center><table border="4" cellpadding="5" cellspacing="55" rules="all"
>> > frame="box"> > <tr class=\"heading\"> > <th>Site</th> >
>> <th>Medical Record</th> > <th>First Name</th> > <th>Last Name</th>
>> > <th>Phone</td> > <th>Height</td> > <th>Sex</td> >
>> <th>History</td> > </tr> > > <?php > > while ($row1 =
>> mysqli_fetch_array($result1, MYSQLI_BOTH)) > { >
>> print_r($_POST); Doesn't really make sense to print $_POST here.. >
>> global $MDRcheck; > $n1++; >
>> echo "<br />n1 <br />";echo $n1; > { >
>> if (($n1 > 2) && ($MDRcheck == $row1[1])) > { >
>> echo ">2== "; >
>> echo $MDRcheck; > echo "<td> $row1[0] </td>\n";
>> > echo "<td> $row1[1] </td>\n"; >
>> echo "<td> $row1[2] </td>\n"; >
>> echo "<td> $row1[3] </td>\n"; > echo "<td>
>> $row1[4] </td>\n"; > echo "<td> $row1[5]
>> </td>\n"; > echo "<td> $row1[6] </td>\n"; >
>> echo "<td> $row1[7] </td>\n"; >
>> echo "</tr>\n"; > } >
>> elseif (($n1 > 2) && ($MDRcheck != $row1[1])) > { >
>> echo ">2!= "; > >
>> echo $MDRcheck; > > > continue; continue
>> doesn't do anything here. > } >
>> elseif ($n1 == 2) > { > >
>> define( "MDR" , $row1[1]); > echo "<br />row1
>> <br>";echo $row1[1]; > echo "<tr>\n"; > >
>> $_GLOBALS['mdr']= $row1[1]; >
>> $_POST['MedRec'] = $row1[1]; You're not supposed to set variables in
>> $_POST... > $MDRold = $_GLOBALS['mdr']; It
>> appears you want the old value of mdr, if so, then you should do this before
>> you set it again 2 lines above.. > echo "<td>
>> $row1[0] </td>\n"; > echo "<td> $row1[1]
>> </td>\n"; > echo "<td> $row1[2] </td>\n"; >
>> echo "<td> $row1[3] </td>\n"; >
>> echo "<td> $row1[4] </td>\n"; >
>> echo "<td> $row1[5] </td>\n"; > echo "<td>
>> $row1[6] </td>\n"; > echo "<td> $row1[7]
>> </td>\n"; > echo "</tr>\n"; >
>> } > > } > } > > ?> You say this routine is
>> probably the one that is failing.. but what is going wrong? And how the heck
>> are we supposed to know what this function should do? > > SELECT AND DISPLAY
>> DATA FROM VISIT3 DATABASE > > <?php > $query2 = "select * from Visit3
>> where 1 AND (Site = 'AA') AND (MedRec = > $_GLOBALS[mdr])"; You're using
>> mdr as a constant here, this will generate a warning, but sadly enough it
>> works. > $result2 = mysqli_query($cxn, $query2); You should check if
>> $result2 === FALSE, in case the query fails. > $num =
>> mysqli_num_rows($result2); You're counting the rows here, but you don't do
>> anything with the result? > << Snip the rest of this crappy code >> > > I
>> hope this helps. > > Ethan > > I think I made my point. I guess if I
>> continued on the rest of the code there will be tons of other bugs. Try to
>> understand what you're doing. Break things down in smaller pieces, check if
>> they work, then write another piece. If something breaks, you know where it
>> was because you just added that part. - Matijn
>
>
>
> Martijn -
>
> Thank you for your insights into my poorly written code. I am very much of
> a newbie, and therefore am asking for help.
>
> Would you please look at the routine that is failing. I stripped out all
> the echo and print_r statements, but I had a large number of them in the
> code. Everything that I can think of has been tried to no avail. Any help
> that you can render would be deeply appreciated.
>
> Thanks again,
>
> Ethan
>
Ethan,
You're code got messed up I guess. Though, it seems there's still way
too much code to review here. You should try to bring your problem
down to 10-20 lines of code, then we can probably easily spot the
error in the code.
- Matijn
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic