Some help if possible


#1

Need help with two of my PHP scripts.

The first one I need help with is my addnewrecord.php script. Here is the code:

[code]

Tyne Arts & Ents - Add New Record <?php /* Make the connection to the database. The syntax is: variable = mysql_connect ('hostname', 'username', 'password') ; */ $con = mysql_connect('hostname', 'username', 'password') or die("Could Not Connect to the Database!"); mysql_select_db("username"); $tle = $_POST['Title']; $artname = $_POST['ArtistName']; $desc = $_POST['Description']; $tipe = $_POST['Type']; $sddate = $_POST['StartDate']; $eddate = $_POST['EndDate']; $emit = $_POST['Time']; $vnuename = $_POST['VenueName']; $vnueadd = $_POST['VenueAddress']; $tel = $_POST['Telephone']; $web = $_POST['URL']; $sql="INSERT INTO events (Title, ArtistName, Description, Type, StartDate, EndDate, Time, VenueName, VenueAddress, Telephone, URL) VALUES ('$tle','$artname','$desc','$tipe','$sddate','$eddate','$emit','$vnuename','$vnueadd','$tel','$web')"; if (strlen($tle)>25) { echo "You may only enter upto 25 characters in the Title field"; } if (strlen($artname>)30) { echo "You may only enter upto 30 characters in the ArtistName field"; } if (strlen($desc)>200) { echo "You may only enter upto 200 characters in the Description field"; } if (strlen($vnuename)>50) { echo "You may only enter upto 50 characters in the VenueName field"; } if (strlen($vnueadd)>70) { echo "You may only enter upto 70 characters in the VenueAddress field"; } if (strlen($tel)>11) { echo "You may only enter upto 11 characters in the Telephone field"; } if (strlen($url)>40) { echo "You may only enter upto 40 characters in the URL field"; } if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } if ($tle <= 25 && $artname <= 30 && $desc <= 200 && $vnuename <= 50 && $vnueadd <= 70 && $tel <=11 && $url<=40 } { echo "1 record added"; } mysql_close($con) ?>[/code]

Basically I want some validation. When all the validation is correct then the echo message “1 record added” appears but all I get at the moment is a blank screen when clicking the submit button on the form. The code does work when I remove all the validation codes. I’ve tried putting the number values in " " but still didn’t work and now I’m out of ideas. I have shown this code to someone else before and they said the mysql_query needs to be within the if {brackets} below it, otherwise it will always execute even if there are errors with the input validation but I didn’t know what he meant. They were also the ones that said I needed the strlen command.
Also how do I add validation for the time and date? would it be something like:
if $sdate !=date
{
echo “You must enter a valid date format”
}

and:
if $emit !=time
{
echo “You must enter a valid date format”
}

Second script I need help with is my deleterecord.php. Bascially, the events in the database appear in a dropdown box and the user selects which event they would like to delete. So far I’ve just edited my editrecord.php, editrecordv2.php and editrecordv3.php script so that it deletes and doesn’t update a record but maybe i’m doing it in the wrong way. At the moment whenever I try to delete an event I get the following error message:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '* FROM events WHERE title = 'terewr'' at line 1

terewr was just a random title name I did as a test. Here’s my php code for my deleterecord.php:

[code]

Tyne Arts & Ents - Delete Record

Select an event to delete

<?php
/*
Make the connection to the database. The syntax is:
variable = mysql_connect ('hostname', 'username', 'password') ; 
*/

$con = mysql_connect(‘hostname’, ‘username’, ‘password’) or die(“Could Not Connect to the Database!”);
mysql_select_db(“username”); //select which database to use

$sql = "SELECT Title FROM events"; 
$queryresult = mysql_query($sql) or die (mysql_error());
while($row = mysql_fetch_array($queryresult)){
$tle = $row['Title'];
echo "<option value = "$tle">$tle</option> n";
}

mysql_free_result($queryresult); 
mysql_close($con);

?>

[/code]

deleterecordv2.php code:

[code]

Tyne Arts & Ents - Delete Record Continued... <?php
/*
Make the connection to the database. The syntax is:
variable = mysql_connect ('hostname', 'username', 'password') ; 
*/

$con = mysql_connect(‘webhost’, ‘username’, ‘password’) or die(“Could Not Connect to the Database!”);

mysql_select_db(“username”); //select which database to use

$code = $_POST[‘event’]; // store the users choice of event from the web form

$sql = “Delete * FROM events WHERE title = ‘$code’”;

$queryresult = mysql_query($sql) or die (mysql_error());

$row = mysql_fetch_array($queryresult); // Fetch the record returned by the query

/* store the record details returned by the SQL query in variables.
Note: no need to use a while loop as there will only be one record returned by 	the query */

$tle = $row[‘Title’];
$artname = $row[‘ArtistName’];
$desc = $row[‘Description’];
$tipe = $row[‘Type’];
$sddate = $row[‘Startdate’];
$eddate = $row[‘Enddate’];
$emit = $row[‘Time’];
$vnuename = $row[‘VenueName’];
$vnueadd = $row[‘VenueAddress’];
$tel = $row[‘Telephone’];
$web = $row[‘URL’];
$eventcode = $row[‘EventCode’];

mysql_free_result($queryresult);
mysql_close($con);

?>

Delete chosen event

" />
Title " />
ArtistName " maxlength = "30" />
Description " maxlength = "200" />
Type " maxlength = "20" />
Startdate " />
Enddate " />
Time " />
VenueName " maxlength = "20" />
VenueAddress " maxlength = "70" />
Telephone " maxlength = "11" />
URL " maxlength = "70" />
 
[/code]

deletrecordv3.php code:

[code]

Tyne Arts & Ents - Delete Event Continued... <? $code = $_POST['EventCode']; // need this to identify the particular record $Ndesc = $_POST['Ndescription']; // new value for description $Ntype = $_POST['Ntype']; // new value for type $Nsdate = $_POST['Nsdate']; // new value for start date $Nedate = $_POST['Nedate']; // new value for end date $Ntime = $_POST['Ntime']; // new value for the time $Nvnuename = $_POST['Nvnuename']; // new value for the venue name $Nvnueadd = $_POST['Nvnueadd']; // new value for the venue address $Ntel = $_POST['Ntel']; // new value for the telephone number $Nurl = $_POST['Nurl']; // new value for the url echo "Deleting record ...

"; include 'database_conn.php'; // make db connection $con = mysql_connect('webhost', 'username', 'password') or die("Could Not Connect to the Database!"); mysql_select_db("username"); $sql = "DELTE * FROM events WHERE EventCode = $code"; mysql_query($sql) or die (mysql_error()); echo "Event deleted"; mysql_close($con); ?>
Go Back to Admin page [/code]

I know it’s a lot of code to look through but any help will be really appreciated.


#2

For the error message with near * FROM, it’s only because you used DELETE * FROM. The appropriate syntax is DELETE FROM …

Little notice for the entire piece. When using variables inside a query, make sure the value is correctly escaped to avoid SQL injections. For MySQL, the escape function is mysql_real_escape_string().

The logic of your validation is broken. You validate each parameter and output if there is something wrong, but you execute the query anyway. Only after the query is executed, you do some additional checks and display a confirmation message if the check is fine. If one of the tests fail, the row will be added, but no message will be displayed.

I have no idea if I answered everything. Keep it one question per post, it makes tracking easier.


#3

Thanks for your reply. Managed to get the delete record working now. However, still having problems with my addnewrecord.php validation. The validation error appears to the user when they enter more than 25 characters in the Title field but it also displays the “1 record added” echo and as a result the recoed gets added to database. Updated code:

[php]<?php
error_reporting(E_ALL^E_NOTICE);
?>

Tyne Arts & Ents - Add New Record <?php
/*
Make the connection to the database. The syntax is:
variable = mysql_connect ('hostname', 'username', 'password') ; 
*/

$con = mysql_connect(‘hostname’, ‘username’, ‘password’) or die(“Could Not Connect to the Database!”);
mysql_select_db(“username”);

$tle = $_POST[‘Title’];
$artname = $_POST[‘ArtistName’];
$desc = $_POST[‘Description’];
$tipe = $_POST[‘Type’];
$sddate = $_POST[‘StartDate’];
$eddate = $_POST[‘EndDate’];
$emit = $_POST[‘Time’];
$vnuename = $_POST[‘VenueName’];
$vnueadd = $_POST[‘VenueAddress’];
$tel = $_POST[‘Telephone’];
$web = $_POST[‘URL’];

$sql=“INSERT INTO events (Title, ArtistName, Description, Type, StartDate, EndDate, Time, VenueName, VenueAddress, Telephone, URL)
VALUES
(’$tle’,’$artname’,’$desc’,’$tipe’,’$sddate’,’$eddate’,’$emit’,’$vnuename’,’$vnueadd’,’$tel’,’$web’)”;
if (strlen($tle) > 25){
echo “You may only enter upto 25 characters in the Title field”;
}

if (strlen($artname) > 30){
echo “You may only enter upto 30 characters in the ArtistName field”;
}

if (strlen($desc) > 200){
echo “You may only enter upto 200 characters in the Description field”;
}

if (strlen($vnuename) > 50){
echo “You may only enter upto 50 characters in the VenueName field”;
}

if (strlen($vnueadd) > 70){
echo “You may only enter upto 70 characters in the VenueAddress field”;
}

if (strlen($tel) > 11){
echo “You may only enter upto 11 characters in the Telephone field”;
}

if (strlen($url) > 40){
echo “You may only enter upto 40 characters in the URL field”;
}

if ($tle <= 25 && $artname <= 30 && $desc <= 200 && $vnuename <= 50 && $vnueadd <= 70 && $tel <= 11 && $url<= 40 ) {
if (!mysql_query($sql,$con)){ die('Error: ’ . mysql_error()); }
else { echo “1 record added”;}
}

mysql_close($con);
?>[/php]


Go Back to Admin page

can anyone spot any mistakes in my code? being a beginner I don’t know much about php.


#4

First off I notice that in your if statement at the end (just before the query)
[php]
if ($tle <= 25 && $artname <= 30 && $desc <= 200 && $vnuename <= 50 && $vnueadd <= 70 && $tel <= 11 && $url<= 40 ) {
if (!mysql_query($sql,$con)){ die('Error: ’ . mysql_error()); }
else { echo “1 record added”;}
}
[/php]

You are checking to see if the fields are less than or equal to their respective values. When in fact you want to see if their LENGTH is less than or equal to their respective values.

In my test (of just $tle), I intialized it with a string of length greater than 25 and then less than 25 and then the IF clause at the end would ALWAY evaluate as true.

That being said (and the sometimes difficult boolean ANDs (and ORs)) I would just set a flag at the beginning of the string and if there is an “ERROR” switch the flag. Then finally before the query, verify the flag.

[php]<?php
error_reporting(E_ALL^E_NOTICE);
?>

Tyne Arts & Ents - Add New Record <?php
/*
Make the connection to the database. The syntax is:
variable = mysql_connect ('hostname', 'username', 'password') ; 
*/

$con = mysql_connect(‘hostname’, ‘username’, ‘password’) or die(“Could Not Connect to the Database!”);
mysql_select_db(“username”);

$tle = $_POST[‘Title’];
$artname = $_POST[‘ArtistName’];
$desc = $_POST[‘Description’];
$tipe = $_POST[‘Type’];
$sddate = $_POST[‘StartDate’];
$eddate = $_POST[‘EndDate’];
$emit = $_POST[‘Time’];
$vnuename = $_POST[‘VenueName’];
$vnueadd = $_POST[‘VenueAddress’];
$tel = $_POST[‘Telephone’];
$web = $_POST[‘URL’];
$ErrorFlag = 0; // Initialize Error Flag

$sql=“INSERT INTO events (Title, ArtistName, Description, Type, StartDate, EndDate, Time, VenueName, VenueAddress, Telephone, URL)
VALUES
(’$tle’,’$artname’,’$desc’,’$tipe’,’$sddate’,’$eddate’,’$emit’,’$vnuename’,’$vnueadd’,’$tel’,’$web’)”;
if (strlen($tle) > 25){
echo “You may only enter upto 25 characters in the Title field”;
$ErrorFlag = 1;
}

if (strlen($artname) > 30){
echo “You may only enter upto 30 characters in the ArtistName field”;
$ErrorFlag = 1;
}

if (strlen($desc) > 200){
echo “You may only enter upto 200 characters in the Description field”;
$ErrorFlag = 1;
}

if (strlen($vnuename) > 50){
echo “You may only enter upto 50 characters in the VenueName field”;
$ErrorFlag = 1;
}

if (strlen($vnueadd) > 70){
echo “You may only enter upto 70 characters in the VenueAddress field”;
$ErrorFlag = 1;
}

if (strlen($tel) > 11){
echo “You may only enter upto 11 characters in the Telephone field”;
$ErrorFlag = 1;
}

if (strlen($url) > 40){
echo “You may only enter upto 40 characters in the URL field”;
$ErrorFlag = 1;
}

if ($ErrorFlag == 0) {
if (!mysql_query($sql,$con)){ die('Error: ’ . mysql_error()); }
else { echo “1 record added”;}
}

mysql_close($con);
?>


Go Back to Admin page

[/php]


#5

Thanks a lot peg :D


#6

Back again :-?. What’s wrong with the following validation for my telephone number field?. When I enter a number I get an error saying only numbers are allowed.

[php]if(!is_int($tel)){
echo “The Telephone field must only contain numbers”;
$ErrorFlag = 1;
}[/php]


#7

Well you shouldn’t use int for for a phone number in case there is a preceding ZERO (i.e. 011 49 6401 93555)

Next an INT is limited to 32 bits which would allow for 4,294,967,295 if UNSIGNED, however PHP does support UNSIGNED integers so that leaves you with 2,147,483,647 ( to -2,147,483,646) . Either way, that’s 10 digits however, with the SIGNED you can only have a first digit UP TO the number 2. At least in the US a full phone number requires 10 digits and that would severely limit the number of valid phone numbers.

NEXT If you specify a number beyond the bounds of the integer type, it will be interpreted as a float instead. Also, if you perform an operation that results in a number beyond the bounds of the integer type, a float will be returned instead.

Thus, the is_int could more often than not return a FALSE because what you thought was an INT got automatically interpreted as a float.

Perhaps you should look at is_numeric http://us2.php.net/is_numeric instead.


#8

[quote author=“peg110”][quote author=“protocol”]Back again :-?


#9

Another question/problem regarding my addnewrecord.php script. Currently my startdate and enddate fields are text boxes. I was thinking of making things more practical by having a calendar using drop-down menus. I have created an example Here using a book I bought. But the example in the book doesn’t explain how you would incoperate the calendar into a form. Just checked the link and seems the calendar is messed up when viewed in FF :-?. Is what I mentioned possible? I’m not sure if I should ask this here or on a HTML forum.


#10

There is no built-in controls for that, so you have to rely on JavaScript libraries to do the job. I like the library provided by Yahoo! for UI components.

http://developer.yahoo.com/yui/calendar/


#11

Ok thanks.

New problem this time. I’m now using an index.php to get the user to login and when done so, they will get transfered to main.php. I have looked around and all the scripts I have found have been checking a database for a matching username and password. All I want is a text box which the vistor types their name into and they then get taken to main.php. I have got the text box to show, but I’m needing help with some code what would transfer the vistor to main.php once they have typed their name. I think I need some sort of if statement on line 14. I was thinking something like:
[php]
if($_POST[‘Login’] == $Login && $_POST[‘name’] == $name){
session_register(“name”); // Create session name.
header(“location:main.php”); // Re-direct to main.php
} else {
echo “Please enter your name!”
}[/php]

or would I need some sort of $_SESSION code?

index.php code:
[php]

<? error_reporting(E_ALL^E_NOTICE); // Use session variable on this page. This function must put on the top of page. session_start(); ////// Logout Section. Delete all session variable. if(isset($_GET['logout'])) { session_destroy(); } ////// Login Section. $Login=$_POST['Login']; if($Login){ // If clicked on Login button. $name=$_POST['name']; } ?> Tyne Arts & Ents - Login
Name:
[/php]

my main.php code if it helps in any way:
[php]<?
session_start(); // Use session variable on this page. This function must put on the top of page.
if(!session_is_registered(“name”)){ // if session variable “name” does not exist.
header(“location:index.php”); // Re-direct to index.php
}
?>

Tyne Arts & Ents - Main

Hello <? echo $_SESSION['name']; ?>! You are now Logged in.

Logout

[/php]

once again, thanks for any help.