On Thu, May 3, 2012 at 4:20 PM, Ethan Rosenberg <ethros@xxxxxxxxxxxxx> wrote: > At 06:47 PM 5/2/2012, Matijn Woudt wrote: >> >> On Wed, May 2, 2012 at 11:43 PM, Ethan Rosenberg <ethros@xxxxxxxxxxxxx> >> wrote: > Dear list - > > Sorry for the attachment.  Here are code snippets >> --- Ethan, I don't want to sound rude, but it appears to me you don't have >> any understanding of what you're doing. It might help if you understand what >> the code is doing... Let me explain. > > GET THE DATA FROM INTAKE3: > >   >> function handle_data() >   { >    global $cxn; >    $query = >> "select * from Intake3 where  1"; > > > >    >> if(isset($_Request['Sex'])&& trim($_POST['Sex']) != '' ) $_Request does not >> exists, you're looking for $_REQUEST. And why are you mixing $_REQUEST and >> $_POST here? >    { >       if ($_REQUEST['Sex'] === "0") > >>       { >        $sex = 'Male'; >       >> } >       else >       { >        $sex = >> 'Female'; >       } >    } > >   } What is the point of >> the handle_data function above? It doesn't do anything. >   >> $allowed_fields = array >    (  'Site' =>$_POST['Site'], 'MedRec' => >> $_POST['MedRec'], 'Fname' => > $_POST['Fname'], 'Lname' => $_POST['Lname'] , >> >       'Phone' => $_POST['Phone'] , 'Sex' => $_POST['Sex']  , >> 'Height' > => $_POST['Height']  ); > >   if(empty($allowed_fields)) >  >>  { >      echo "ouch"; >   } > >   $query = "select * from >> Intake3  where  1 "; > >   foreach ( $allowed_fields as $key => $val ) >> >   { >    if ( (($val != '')) ) > >   { >    $query .= " >> AND ($key  = '$val') "; >   } >    $result1 = mysqli_query($cxn, >> $query); >   } First, this will allow SQL injections, because you insert >> the values directly from the browser. Second, you should move the last line >> ($result1=...), outside of the foreach loop, now you're executing the query >> multiple times. Third, you should check if $result1 === FALSE, in case the >> query fails > >   $num = mysqli_num_rows($result1); >   if(($num = >> mysqli_num_rows($result1)) == 0) Doing the same thing twice? >   { > ?> > >>   <br /><br /><center><b><p style="color: red; font-size:14pt;" >No >> Records > Retrieved #1</center></b></style></p> > <?php >   exit(); >  >>  } > > DISPLAY THE INPUT3 DATA: > >>>> THIS SEEMS TO BE THE ROUTINE THAT >> IS FAILING <<< > >   <center><b>Search Results</b></center><br /> > >  >>  <center><table border="4" cellpadding="5" cellspacing="55"  rules="all" >> >  frame="box"> >   <tr class=\"heading\"> >   <th>Site</th> >   >> <th>Medical Record</th> >   <th>First Name</th> >   <th>Last Name</th> >> >   <th>Phone</td> >   <th>Height</td> >   <th>Sex</td> >   >> <th>History</td> >   </tr> > > <?php > >    while ($row1 = >> mysqli_fetch_array($result1, MYSQLI_BOTH)) >    { >       >> print_r($_POST); Doesn't really make sense to print $_POST here.. >    >>     global $MDRcheck; >        $n1++; >      >>   echo "<br />n1 <br />";echo $n1; >       { >      >>   if (($n1 > 2) && ($MDRcheck == $row1[1])) >        { > >>           echo ">2==  "; >           >> echo $MDRcheck; >           echo "<td> $row1[0] </td>\n"; >> >           echo "<td> $row1[1] </td>\n"; >      >>      echo "<td> $row1[2] </td>\n"; >           >> echo "<td> $row1[3] </td>\n"; >           echo "<td> >> $row1[4] </td>\n"; >           echo "<td> $row1[5] >> </td>\n"; >           echo "<td> $row1[6] </td>\n"; >  >>          echo "<td> $row1[7] </td>\n"; >       >>     echo "</tr>\n"; >        } >        >> elseif (($n1 > 2) && ($MDRcheck != $row1[1])) >        { >  >>          echo ">2!=  "; > >           >> echo $MDRcheck; > > >           continue; continue >> doesn't do anything here. >        } >        >> elseif ($n1 == 2) >        { > >           >> define( "MDR" ,  $row1[1]); >           echo "<br />row1 >> <br>";echo $row1[1]; >           echo "<tr>\n"; > >   >>         $_GLOBALS['mdr']= $row1[1]; >         >>   $_POST['MedRec'] = $row1[1]; You're not supposed to set variables in >> $_POST... >           $MDRold = $_GLOBALS['mdr']; It >> appears you want the old value of mdr, if so, then you should do this before >> you set it again 2 lines above.. >           echo "<td> >> $row1[0] </td>\n"; >           echo "<td> $row1[1] >> </td>\n"; >           echo "<td> $row1[2] </td>\n"; >  >>          echo "<td> $row1[3] </td>\n"; >       >>     echo "<td> $row1[4] </td>\n"; >           >> echo "<td> $row1[5] </td>\n"; >           echo "<td> >> $row1[6] </td>\n"; >           echo "<td> $row1[7] >> </td>\n"; >           echo "</tr>\n"; >       >>  } > >       } >    } > > ?> You say this routine is >> probably the one that is failing.. but what is going wrong? And how the heck >> are we supposed to know what this function should do? > > SELECT AND DISPLAY >> DATA FROM VISIT3 DATABASE > > <?php >   $query2 = "select * from Visit3 >> where  1 AND (Site = 'AA')  AND (MedRec = > $_GLOBALS[mdr])"; You're using >> mdr as a constant here, this will generate a warning, but sadly enough it >> works. >   $result2 = mysqli_query($cxn, $query2); You should check if >> $result2 === FALSE, in case the query fails. >   $num = >> mysqli_num_rows($result2); You're counting the rows here, but you don't do >> anything with the result? > << Snip the rest of this crappy code >> > > I >> hope this helps. > > Ethan > > I think I made my point. I guess if I >> continued on the rest of the code there will be tons of other bugs. Try to >> understand what you're doing. Break things down in smaller pieces, check if >> they work, then write another piece. If something breaks, you know where it >> was because you just added that part. - Matijn > > > > Martijn - > > Thank you for your insights into my poorly written code. I am very much of > a newbie, and therefore am asking for help. > > Would you please look at the routine that is failing. I stripped out all > the echo and print_r statements, but I had a large number of them in the > code. Everything that I can think of has been tried to no avail. Any help > that you can render would be deeply appreciated. > > Thanks again, > > Ethan > Ethan, You're code got messed up I guess. Though, it seems there's still way too much code to review here. You should try to bring your problem down to 10-20 lines of code, then we can probably easily spot the error in the code. - Matijn