Re: [PHP] PHP & Database Problems -- Code Snippets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 06:47 PM 5/2/2012, Matijn Woudt wrote:
On Wed, May 2, 2012 at 11:43 PM, Ethan Rosenberg <ethros@xxxxxxxxxxxxx> wrote: > Dear list - > > Sorry for the attachment.  Here are code snippets --- Ethan, I don't want to sound rude, but it appears to me you don't have any understanding of what you're doing. It might help if you understand what the code is doing... Let me explain. > > GET THE DATA FROM INTAKE3: > >   function handle_data() >   { >    global $cxn; >    $query = "select * from Intake3 where  1"; > > > >    if(isset($_Request['Sex'])&& trim($_POST['Sex']) != '' ) $_Request does not exists, you're looking for $_REQUEST. And why are you mixing $_REQUEST and $_POST here? >    { >       if ($_REQUEST['Sex'] === "0") >       { >        $sex = 'Male'; >       } >       else >       { >        $sex = 'Female'; >       } >    } > >   } What is the point of the handle_data function above? It doesn't do anything. >   $allowed_fields = array >    (  'Site' =>$_POST['Site'], 'MedRec' => $_POST['MedRec'], 'Fname' => > $_POST['Fname'], 'Lname' => $_POST['Lname'] , >       'Phone' => $_POST['Phone'] , 'Sex' => $_POST['Sex']  , 'Height' > => $_POST['Height']  ); > >   if(empty($allowed_fields)) >   { >      echo "ouch"; >   } > >   $query = "select * from Intake3  where  1 "; > >   foreach ( $allowed_fields as $key => $val ) >   { >    if ( (($val != '')) ) > >   { >    $query .= " AND ($key  = '$val') "; >   } >    $result1 = mysqli_query($cxn, $query); >   } First, this will allow SQL injections, because you insert the values directly from the browser. Second, you should move the last line ($result1=...), outside of the foreach loop, now you're executing the query multiple times. Third, you should check if $result1 === FALSE, in case the query fails > >   $num = mysqli_num_rows($result1); >   if(($num = mysqli_num_rows($result1)) == 0) Doing the same thing twice? >   { > ?> >   <br /><br /><center><b><p style="color: red; font-size:14pt;" >No Records > Retrieved #1</center></b></style></p> > <?php >   exit(); >   } > > DISPLAY THE INPUT3 DATA: > >>>> THIS SEEMS TO BE THE ROUTINE THAT IS FAILING <<< > >   <center><b>Search Results</b></center><br /> > >   <center><table border="4" cellpadding="5" cellspacing="55"  rules="all" >  frame="box"> >   <tr class=\"heading\"> >   <th>Site</th> >   <th>Medical Record</th> >   <th>First Name</th> >   <th>Last Name</th> >   <th>Phone</td> >   <th>Height</td> >   <th>Sex</td> >   <th>History</td> >   </tr> > > <?php > >    while ($row1 = mysqli_fetch_array($result1, MYSQLI_BOTH)) >    { >       print_r($_POST); Doesn't really make sense to print $_POST here.. >        global $MDRcheck; >        $n1++; >        echo "<br />n1 <br />";echo $n1; >       { >        if (($n1 > 2) && ($MDRcheck == $row1[1])) >        { >           echo ">2==  "; >           echo $MDRcheck; >           echo "<td> $row1[0] </td>\n"; >           echo "<td> $row1[1] </td>\n"; >           echo "<td> $row1[2] </td>\n"; >           echo "<td> $row1[3] </td>\n"; >           echo "<td> $row1[4] </td>\n"; >           echo "<td> $row1[5] </td>\n"; >           echo "<td> $row1[6] </td>\n"; >           echo "<td> $row1[7] </td>\n"; >           echo "</tr>\n"; >        } >        elseif (($n1 > 2) && ($MDRcheck != $row1[1])) >        { >           echo ">2!=  "; > >           echo $MDRcheck; > > >           continue; continue doesn't do anything here. >        } >        elseif ($n1 == 2) >        { > >           define( "MDR" ,  $row1[1]); >           echo "<br />row1 <br>";echo $row1[1]; >           echo "<tr>\n"; > >           $_GLOBALS['mdr']= $row1[1]; >           $_POST['MedRec'] = $row1[1]; You're not supposed to set variables in $_POST... >           $MDRold = $_GLOBALS['mdr']; It appears you want the old value of mdr, if so, then you should do this before you set it again 2 lines above.. >           echo "<td> $row1[0] </td>\n"; >           echo "<td> $row1[1] </td>\n"; >           echo "<td> $row1[2] </td>\n"; >           echo "<td> $row1[3] </td>\n"; >           echo "<td> $row1[4] </td>\n"; >           echo "<td> $row1[5] </td>\n"; >           echo "<td> $row1[6] </td>\n"; >           echo "<td> $row1[7] </td>\n"; >           echo "</tr>\n"; >        } > >       } >    } > > ?> You say this routine is probably the one that is failing.. but what is going wrong? And how the heck are we supposed to know what this function should do? > > SELECT AND DISPLAY DATA FROM VISIT3 DATABASE > > <?php >   $query2 = "select * from Visit3 where  1 AND (Site = 'AA')  AND (MedRec = > $_GLOBALS[mdr])"; You're using mdr as a constant here, this will generate a warning, but sadly enough it works. >   $result2 = mysqli_query($cxn, $query2); You should check if $result2 === FALSE, in case the query fails. >   $num = mysqli_num_rows($result2); You're counting the rows here, but you don't do anything with the result? > << Snip the rest of this crappy code >> > > I hope this helps. > > Ethan > > I think I made my point. I guess if I continued on the rest of the code there will be tons of other bugs. Try to understand what you're doing. Break things down in smaller pieces, check if they work, then write another piece. If something breaks, you know where it was because you just added that part. - Matijn 


Martijn -
Thank you for your insights into my poorly written code. I am very much of a newbie, and therefore am asking for help.
Would you please look at the routine that is failing. I stripped out all the echo and print_r statements, but I had a large number of them in the code. Everything that I can think of has been tried to no avail. Any help that you can render would be deeply appreciated. 

Thanks again,

Ethan




--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]
  Powered by Linux