Re: [PHP] PHP & Database Problems -- Code Snippets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, May 3, 2012 at 4:20 PM, Ethan Rosenberg <ethros@xxxxxxxxxxxxx> wrote:
> At 06:47 PM 5/2/2012, Matijn Woudt wrote:
>>
>> On Wed, May 2, 2012 at 11:43 PM, Ethan Rosenberg <ethros@xxxxxxxxxxxxx>
>> wrote: > Dear list - > > Sorry for the attachment. Â Here are code snippets
>> --- Ethan, I don't want to sound rude, but it appears to me you don't have
>> any understanding of what you're doing. It might help if you understand what
>> the code is doing... Let me explain. > > GET THE DATA FROM INTAKE3: > > Â  Â
>> function handle_data() > Â  Â { > Â  Â  Â  global $cxn; > Â  Â  Â  $query =
>> "select * from Intake3 where  1"; > > > >   Â  Â
>>  if(isset($_Request['Sex'])&& trim($_POST['Sex']) != '' ) $_Request does not
>> exists, you're looking for $_REQUEST. And why are you mixing $_REQUEST and
>> $_POST here? > Â  Â  Â  { > Â  Â  Â  Â  Â  Â if ($_REQUEST['Sex'] === "0") >
>> Â  Â  Â  Â  Â  Â { > Â  Â  Â  Â  Â  Â  Â  $sex = 'Male'; > Â  Â  Â  Â  Â  Â
>> } > Â  Â  Â  Â  Â  Â else > Â  Â  Â  Â  Â  Â { > Â  Â  Â  Â  Â  Â  Â  $sex =
>> 'Female'; > Â  Â  Â  Â  Â  Â } > Â  Â  Â  } > > Â  Â } What is the point of
>> the handle_data function above? It doesn't do anything. > Â  Â
>> $allowed_fields = array > Â  Â  Â  ( Â 'Site' =>$_POST['Site'], 'MedRec' =>
>> $_POST['MedRec'], 'Fname' => > $_POST['Fname'], 'Lname' => $_POST['Lname'] ,
>> > Â  Â  Â  Â  Â  Â  'Phone' => $_POST['Phone'] , 'Sex' => $_POST['Sex'] Â ,
>> 'Height' > => $_POST['Height'] Â ); > > Â  Â if(empty($allowed_fields)) > Â
>>  Â { > Â  Â  Â  Â  Â echo "ouch"; > Â  Â } > > Â  Â $query = "select * from
>> Intake3  where  1 "; > >   Â foreach ( $allowed_fields as $key => $val )
>> > Â  Â { > Â  Â  Â  if ( (($val != '')) ) > > Â  Â { > Â  Â  Â  $query .= "
>> AND ($key  = '$val') "; >   Â } >   Â  Â  $result1 = mysqli_query($cxn,
>> $query); > Â  Â } First, this will allow SQL injections, because you insert
>> the values directly from the browser. Second, you should move the last line
>> ($result1=...), outside of the foreach loop, now you're executing the query
>> multiple times. Third, you should check if $result1 === FALSE, in case the
>> query fails > > Â  Â $num = mysqli_num_rows($result1); > Â  Â if(($num =
>> mysqli_num_rows($result1)) == 0) Doing the same thing twice? > Â  Â { > ?> >
>> Â  Â <br /><br /><center><b><p style="color: red; font-size:14pt;" >No
>> Records > Retrieved #1</center></b></style></p> > <?php > Â  Â exit(); > Â
>>  Â } > > DISPLAY THE INPUT3 DATA: > >>>> THIS SEEMS TO BE THE ROUTINE THAT
>> IS FAILING <<< > > Â  Â <center><b>Search Results</b></center><br /> > > Â
>>  Â <center><table border="4" cellpadding="5" cellspacing="55" Â rules="all"
>> > Â frame="box"> > Â  Â <tr class=\"heading\"> > Â  Â <th>Site</th> > Â  Â
>> <th>Medical Record</th> > Â  Â <th>First Name</th> > Â  Â <th>Last Name</th>
>> > Â  Â <th>Phone</td> > Â  Â <th>Height</td> > Â  Â <th>Sex</td> > Â  Â
>> <th>History</td> > Â  Â </tr> > > <?php > > Â  Â  Â  while ($row1 =
>> mysqli_fetch_array($result1, MYSQLI_BOTH)) > Â  Â  Â  { > Â  Â  Â  Â  Â  Â
>> print_r($_POST); Doesn't really make sense to print $_POST here.. > Â  Â  Â
>>  Â  Â  Â  Â  global $MDRcheck; > Â  Â  Â  Â  Â  Â  Â  $n1++; > Â  Â  Â  Â  Â
>>  Â  Â  echo "<br />n1 <br />";echo $n1; > Â  Â  Â  Â  Â  Â { > Â  Â  Â  Â  Â
>>  Â  Â  if (($n1 > 2) && ($MDRcheck == $row1[1])) > Â  Â  Â  Â  Â  Â  Â  { >
>> Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo ">2== Â "; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â
>> echo $MDRcheck; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td> $row1[0] </td>\n";
>> > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td> $row1[1] </td>\n"; > Â  Â  Â  Â  Â
>>  Â  Â  Â  Â  Â echo "<td> $row1[2] </td>\n"; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â
>> echo "<td> $row1[3] </td>\n"; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td>
>> $row1[4] </td>\n"; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td> $row1[5]
>> </td>\n"; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td> $row1[6] </td>\n"; > Â
>>  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td> $row1[7] </td>\n"; > Â  Â  Â  Â  Â  Â
>>  Â  Â  Â  Â echo "</tr>\n"; > Â  Â  Â  Â  Â  Â  Â  } > Â  Â  Â  Â  Â  Â  Â
>>  elseif (($n1 > 2) && ($MDRcheck != $row1[1])) > Â  Â  Â  Â  Â  Â  Â  { > Â
>>  Â  Â  Â  Â  Â  Â  Â  Â  Â echo ">2!= Â "; > > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â
>> echo $MDRcheck; > > > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â continue; continue
>> doesn't do anything here. > Â  Â  Â  Â  Â  Â  Â  } > Â  Â  Â  Â  Â  Â  Â
>>  elseif ($n1 == 2) > Â  Â  Â  Â  Â  Â  Â  { > > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â
>> define( "MDR" , Â $row1[1]); > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<br />row1
>> <br>";echo $row1[1]; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<tr>\n"; > > Â  Â
>>  Â  Â  Â  Â  Â  Â  Â  Â $_GLOBALS['mdr']= $row1[1]; > Â  Â  Â  Â  Â  Â  Â  Â
>>  Â  Â $_POST['MedRec'] = $row1[1]; You're not supposed to set variables in
>> $_POST... > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â $MDRold = $_GLOBALS['mdr']; It
>> appears you want the old value of mdr, if so, then you should do this before
>> you set it again 2 lines above.. > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td>
>> $row1[0] </td>\n"; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td> $row1[1]
>> </td>\n"; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td> $row1[2] </td>\n"; > Â
>>  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td> $row1[3] </td>\n"; > Â  Â  Â  Â  Â  Â
>>  Â  Â  Â  Â echo "<td> $row1[4] </td>\n"; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â
>> echo "<td> $row1[5] </td>\n"; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td>
>> $row1[6] </td>\n"; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "<td> $row1[7]
>> </td>\n"; > Â  Â  Â  Â  Â  Â  Â  Â  Â  Â echo "</tr>\n"; > Â  Â  Â  Â  Â  Â
>>  Â  } > > Â  Â  Â  Â  Â  Â } > Â  Â  Â  } > > ?> You say this routine is
>> probably the one that is failing.. but what is going wrong? And how the heck
>> are we supposed to know what this function should do? > > SELECT AND DISPLAY
>> DATA FROM VISIT3 DATABASE > > <?php > Â  Â $query2 = "select * from Visit3
>> where  1 AND (Site = 'AA')  AND (MedRec = > $_GLOBALS[mdr])"; You're using
>> mdr as a constant here, this will generate a warning, but sadly enough it
>> works. > Â  Â $result2 = mysqli_query($cxn, $query2); You should check if
>> $result2 === FALSE, in case the query fails. > Â  Â $num =
>> mysqli_num_rows($result2); You're counting the rows here, but you don't do
>> anything with the result? > << Snip the rest of this crappy code >> > > I
>> hope this helps. > > Ethan > > I think I made my point. I guess if I
>> continued on the rest of the code there will be tons of other bugs. Try to
>> understand what you're doing. Break things down in smaller pieces, check if
>> they work, then write another piece. If something breaks, you know where it
>> was because you just added that part. - Matijn
>
>
>
> Martijn -
>
> Thank you for your insights into my poorly written code.  I am very much of
> a newbie, and therefore am asking for help.
>
> Would you please look at the routine that is failing.  I stripped out all
> the echo and print_r statements, but I had a large number of them in the
> code.  Everything that I can think of has been tried  to no avail. Any help
> that you can render would be deeply appreciated.
>
> Thanks again,
>
> Ethan
>

Ethan,

You're code got messed up I guess. Though, it seems there's still way
too much code to review here. You should try to bring your problem
down to 10-20 lines of code, then we can probably easily spot the
error in the code.

- Matijn



[Index of Archives]     [PHP Home]     [PHP Users]     [Postgresql Discussion]     [Kernel Newbies]     [Postgresql]     [Yosemite News]

  Powered by Linux