Re: [PHP] PHP & Database Problems -- Code Snippets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, May 2, 2012 at 11:43 PM, Ethan Rosenberg <ethros@xxxxxxxxxxxxx> wrote:
> Dear list -
>
> Sorry for the attachment.  Here are code snippets ---

Ethan,

I don't want to sound rude, but it appears to me you don't have any
understanding of what you're doing. It might help if you understand
what the code is doing... Let me explain.

>
> GET THE DATA FROM INTAKE3:
>
>    function handle_data()
>    {
>       global $cxn;
>       $query = "select * from Intake3 where  1";
>
>
>
>       if(isset($_Request['Sex'])&& trim($_POST['Sex']) != '' )

$_Request does not exists, you're looking for $_REQUEST. And why are
you mixing $_REQUEST and $_POST here?

>       {
>            if ($_REQUEST['Sex'] === "0")
>            {
>               $sex = 'Male';
>            }
>            else
>            {
>               $sex = 'Female';
>            }
>       }
>
>    }

What is the point of the handle_data function above? It doesn't do anything.

>    $allowed_fields = array
>       (  'Site' =>$_POST['Site'], 'MedRec' => $_POST['MedRec'], 'Fname' =>
> $_POST['Fname'], 'Lname' => $_POST['Lname'] ,
>             'Phone' => $_POST['Phone'] , 'Sex' => $_POST['Sex']  , 'Height'
> => $_POST['Height']  );
>
>    if(empty($allowed_fields))
>    {
>          echo "ouch";
>    }
>
>    $query = "select * from Intake3  where  1 ";
>
>    foreach ( $allowed_fields as $key => $val )
>    {
>       if ( (($val != '')) )
>
>    {
>       $query .= " AND ($key  = '$val') ";
>    }
>       $result1 = mysqli_query($cxn, $query);
>    }

First, this will allow SQL injections, because you insert the values
directly from the browser.
Second, you should move the last line ($result1=...), outside of the
foreach loop, now you're executing the query multiple times.
Third, you should check if $result1 === FALSE, in case the query fails

>
>    $num = mysqli_num_rows($result1);
>    if(($num = mysqli_num_rows($result1)) == 0)

Doing the same thing twice?

>    {
> ?>
>    <br /><br /><center><b><p style="color: red; font-size:14pt;" >No Records
> Retrieved #1</center></b></style></p>
> <?php
>    exit();
>    }
>
> DISPLAY THE INPUT3 DATA:
>
>>>> THIS SEEMS TO BE THE ROUTINE THAT IS FAILING <<<
>
>    <center><b>Search Results</b></center><br />
>
>    <center><table border="4" cellpadding="5" cellspacing="55"  rules="all"
>  frame="box">
>    <tr class=\"heading\">
>    <th>Site</th>
>    <th>Medical Record</th>
>    <th>First Name</th>
>    <th>Last Name</th>
>    <th>Phone</td>
>    <th>Height</td>
>    <th>Sex</td>
>    <th>History</td>
>    </tr>
>
> <?php
>
>       while ($row1 = mysqli_fetch_array($result1, MYSQLI_BOTH))
>       {
>            print_r($_POST);

Doesn't really make sense to print $_POST here..

>               global $MDRcheck;
>               $n1++;
>               echo "<br />n1 <br />";echo $n1;
>            {
>               if (($n1 > 2) && ($MDRcheck == $row1[1]))
>               {
>                    echo ">2==  ";
>                    echo $MDRcheck;
>                    echo "<td> $row1[0] </td>\n";
>                    echo "<td> $row1[1] </td>\n";
>                    echo "<td> $row1[2] </td>\n";
>                    echo "<td> $row1[3] </td>\n";
>                    echo "<td> $row1[4] </td>\n";
>                    echo "<td> $row1[5] </td>\n";
>                    echo "<td> $row1[6] </td>\n";
>                    echo "<td> $row1[7] </td>\n";
>                    echo "</tr>\n";
>               }
>               elseif (($n1 > 2) && ($MDRcheck != $row1[1]))
>               {
>                    echo ">2!=  ";
>
>                    echo $MDRcheck;
>
>
>                    continue;

continue doesn't do anything here.


>               }
>               elseif ($n1 == 2)
>               {
>
>                    define( "MDR" ,  $row1[1]);
>                    echo "<br />row1 <br>";echo $row1[1];
>                    echo "<tr>\n";
>
>                    $_GLOBALS['mdr']= $row1[1];
>                    $_POST['MedRec'] = $row1[1];

You're not supposed to set variables in $_POST...

>                    $MDRold = $_GLOBALS['mdr'];

It appears you want the old value of mdr, if so, then you should do
this before you set it again 2 lines above..

>                    echo "<td> $row1[0] </td>\n";
>                    echo "<td> $row1[1] </td>\n";
>                    echo "<td> $row1[2] </td>\n";
>                    echo "<td> $row1[3] </td>\n";
>                    echo "<td> $row1[4] </td>\n";
>                    echo "<td> $row1[5] </td>\n";
>                    echo "<td> $row1[6] </td>\n";
>                    echo "<td> $row1[7] </td>\n";
>                    echo "</tr>\n";
>               }
>
>            }
>       }
>
> ?>

You say this routine is probably the one that is failing.. but what is
going wrong? And how the heck are we supposed to know what this
function should do?
>
> SELECT AND DISPLAY DATA FROM VISIT3 DATABASE
>
> <?php
>    $query2 = "select * from Visit3 where  1 AND (Site = 'AA')  AND (MedRec =
> $_GLOBALS[mdr])";

You're using mdr as a constant here, this will generate a warning, but
sadly enough it works.

>    $result2 = mysqli_query($cxn, $query2);

You should check if $result2 === FALSE, in case the query fails.

>    $num = mysqli_num_rows($result2);

You're counting the rows here, but you don't do anything with the result?
>
<< Snip the rest of this crappy code >>
>
> I hope this helps.
>
> Ethan
>
>

I think I made my point. I guess if I continued on the rest of the
code there will be tons of other bugs. Try to understand what you're
doing. Break things down in smaller pieces, check if they work, then
write another piece. If something breaks, you know where it was
because you just added that part.

- Matijn



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux