At 06:47 PM 5/2/2012, Matijn Woudt wrote:
On Wed, May 2, 2012 at 11:43 PM, Ethan Rosenberg
<ethros@xxxxxxxxxxxxx> wrote: > Dear list - > >
Sorry for the attachment. Â Here are code
snippets --- Ethan, I don't want to sound rude,
but it appears to me you don't have any
understanding of what you're doing. It might
help if you understand what the code is doing...
Let me explain. > > GET THE DATA FROM
INTAKE3: > > Â Â function handle_data() > Â Â
{ > Â Â Â global $cxn; > Â Â Â $query =
"select * from Intake3 where  1"; > > > >
   if(isset($_Request['Sex'])&&
trim($_POST['Sex']) != '' ) $_Request does not
exists, you're looking for $_REQUEST. And why
are you mixing $_REQUEST and $_POST here? >
   { >       if
($_REQUEST['Sex'] === "0") > Â Â Â Â Â Â
{ > Â Â Â Â Â Â Â $sex = 'Male'; >
      } >       else >
      { >        $sex =
'Female'; > Â Â Â Â Â Â } > Â Â Â } > >
  } What is the point of the handle_data
function above? It doesn't do anything. > Â Â
$allowed_fields = array > Â Â Â ( Â 'Site'
=>$_POST['Site'], 'MedRec' => $_POST['MedRec'],
'Fname' => > $_POST['Fname'], 'Lname' =>
$_POST['Lname'] , > Â Â Â Â Â Â 'Phone' =>
$_POST['Phone'] , 'Sex' => $_POST['Sex'] Â ,
'Height' > => $_POST['Height'] Â ); > > Â Â
if(empty($allowed_fields)) > Â Â { >
     echo "ouch"; >   } > >  Â
$query = "select * from Intake3  where  1
"; > > Â Â foreach ( $allowed_fields as $key =>
$val ) > Â Â { > Â Â Â if ( (($val != ''))
) > > Â Â { > Â Â Â $query .= " AND ($key Â
= '$val') "; > Â Â } > Â Â Â $result1 =
mysqli_query($cxn, $query); > Â Â } First, this
will allow SQL injections, because you insert
the values directly from the browser. Second,
you should move the last line ($result1=...),
outside of the foreach loop, now you're
executing the query multiple times. Third, you
should check if $result1 === FALSE, in case the
query fails > > Â Â $num =
mysqli_num_rows($result1); > Â Â if(($num =
mysqli_num_rows($result1)) == 0) Doing the same
thing twice? > Â Â { > ?> > Â Â <br /><br
/><center><b><p style="color: red;
font-size:14pt;" >No Records > Retrieved
#1</center></b></style></p> > <?php > Â Â
exit(); > Â Â } > > DISPLAY THE INPUT3
DATA: > >>>> THIS SEEMS TO BE THE ROUTINE THAT
IS FAILING <<< > > Â Â <center><b>Search
Results</b></center><br /> > > Â Â
<center><table border="4" cellpadding="5"
cellspacing="55" Â rules="all" > Â
frame="box"> > Â Â <tr class=\"heading\"> >
  <th>Site</th> >   <th>Medical
Record</th> > Â Â <th>First Name</th> > Â Â
<th>Last Name</th> > Â Â <th>Phone</td> > Â Â
<th>Height</td> > Â Â <th>Sex</td> > Â Â
<th>History</td> > Â Â </tr> > > <?php > >
   while ($row1 =
mysqli_fetch_array($result1, MYSQLI_BOTH)) >
   { >       print_r($_POST);
Doesn't really make sense to print $_POST
here.. > Â Â Â Â Â Â Â global
$MDRcheck; > Â Â Â Â Â Â Â $n1++; >
       echo "<br />n1 <br />";echo
$n1; > Â Â Â Â Â Â { >
       if (($n1 > 2) && ($MDRcheck
== $row1[1])) > Â Â Â Â Â Â Â { >
          echo ">2==  "; >
          echo $MDRcheck; >
          echo "<td> $row1[0]
</td>\n"; > Â Â Â Â Â Â Â Â Â Â echo
"<td> $row1[1] </td>\n"; >
          echo "<td> $row1[2]
</td>\n"; > Â Â Â Â Â Â Â Â Â Â echo
"<td> $row1[3] </td>\n"; >
          echo "<td> $row1[4]
</td>\n"; > Â Â Â Â Â Â Â Â Â Â echo
"<td> $row1[5] </td>\n"; >
          echo "<td> $row1[6]
</td>\n"; > Â Â Â Â Â Â Â Â Â Â echo
"<td> $row1[7] </td>\n"; >
          echo "</tr>\n"; >
       } >
       elseif (($n1 > 2) &&
($MDRcheck != $row1[1])) >
       { >
          echo ">2!=  "; > >
          echo
$MDRcheck; > > > Â Â Â Â Â Â Â Â Â Â
continue; continue doesn't do anything here. >
       } >
       elseif ($n1 == 2) >
       { > >
          define( "MDR" , Â
$row1[1]); > Â Â Â Â Â Â Â Â Â Â echo
"<br />row1 <br>";echo $row1[1]; >
          echo "<tr>\n"; > >
          $_GLOBALS['mdr']=
$row1[1]; > Â Â Â Â Â Â Â Â Â Â
$_POST['MedRec'] = $row1[1]; You're not supposed
to set variables in $_POST... >
          $MDRold =
$_GLOBALS['mdr']; It appears you want the old
value of mdr, if so, then you should do this
before you set it again 2 lines above.. >
          echo "<td> $row1[0]
</td>\n"; > Â Â Â Â Â Â Â Â Â Â echo
"<td> $row1[1] </td>\n"; >
          echo "<td> $row1[2]
</td>\n"; > Â Â Â Â Â Â Â Â Â Â echo
"<td> $row1[3] </td>\n"; >
          echo "<td> $row1[4]
</td>\n"; > Â Â Â Â Â Â Â Â Â Â echo
"<td> $row1[5] </td>\n"; >
          echo "<td> $row1[6]
</td>\n"; > Â Â Â Â Â Â Â Â Â Â echo
"<td> $row1[7] </td>\n"; >
          echo "</tr>\n"; >
       } > >       } >
   } > > ?> You say this routine is
probably the one that is failing.. but what is
going wrong? And how the heck are we supposed to
know what this function should do? > > SELECT
AND DISPLAY DATA FROM VISIT3 DATABASE > >
<?php > Â Â $query2 = "select * from Visit3
where  1 AND (Site = 'AA')  AND (MedRec = >
$_GLOBALS[mdr])"; You're using mdr as a constant
here, this will generate a warning, but sadly
enough it works. > Â Â $result2 =
mysqli_query($cxn, $query2); You should check if
$result2 === FALSE, in case the query fails. >
  $num = mysqli_num_rows($result2); You're
counting the rows here, but you don't do
anything with the result? > << Snip the rest of
this crappy code >> > > I hope this helps. > >
Ethan > > I think I made my point. I guess if I
continued on the rest of the code there will be
tons of other bugs. Try to understand what
you're doing. Break things down in smaller
pieces, check if they work, then write another
piece. If something breaks, you know where it
was because you just added that part. - Matijn
Martijn -
Thank you for your insights into my poorly
written code. I am very much of a newbie, and therefore am asking for help.
Would you please look at the routine that is
failing. I stripped out all the echo and print_r
statements, but I had a large number of them in
the code. Everything that I can think of has
been tried to no avail. Any help that you can
render would be deeply appreciated.
Thanks again,
Ethan
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php