...

View Full Version : Coding Error



eschuppe
03-09-2009, 12:22 AM
I've located source of the error but i'm not exactly sure what I need to do fix it. Any advice is much appreciated.

Thanks,
Eric

<?php
session_start();


include ('dbc.php');


if ($_POST['Submit'] == 'Register')
{
if (strlen($_POST['user_idnum']) > 4)
{
header("Location: checkout.php?msg=ERROR: Incorrect Student ID. Please enter valid ID number.");
}
if (strlen($_POST['bookisbn']) < 4)
{
header("Location: checkout.php?msg=ERROR: Incorrect Student ID. Please enter valid ID number.");
}
// Error Starts here

if ($_POST['user_idnum'] && $_POST['bookisbn']) { // If everything is okay.
$query = "SELECT user_idnum FROM users";
$result = @mysql_query ($query); // Run the query.
if (mysql_fetch_object($result) == $_POST['user_idnum']) {

// Make the query.
$query = "INSERT INTO checkout (full_name, user_idnum, date, book) VALUES ('$_POST[user_idnum], 'NOW()', '$_POST[bookisbn]')";
$result = @mysql_query ($query); // Run the query.
if ($result) {
// Send an email.
echo '<p><b>You have been registered!</b></p>';
exit(); // Quit the script.
} else { // If it did not run okay.
echo '<p>You could not checkout a book due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>';
}
} else {
echo '<p>Your id number does not match.</p>';
}
mysql_close(); // Close the database.

} // End the conditionoal.

}
?>

<link href="styles.css" rel="stylesheet" type="text/css">
<?php if (isset($_GET['msg'])) { echo "<div class=\"msg\"> $_GET[msg] </div>"; } ?>
<p>&nbsp;</p>
<table width="65%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td bgcolor="d5e8f9" class="mnuheader"><strong><font size="5">Register Account</font></strong></td>
</tr>
<tr>
<td bgcolor="e5ecf9" class="forumposts"><form name="form1" method="post" action="checkout.php" style="padding:5px;">
<p><br>
ID Number:
<input name="user_idnum" type="text" id="user_idnum">
</p>
<p>
Book:
<input name="bookisbn" type="text" id="bookisbn">
</p>
<p align="center">
<input type="submit" name="Submit" value="Register">
</p>
</form></td>
</tr>
</table>
<div align="left"></div>
</body>
</html>

PappaJohn
03-09-2009, 12:47 AM
It would probably help you get an answer if you'd tell us what the error is.

Are you getting an error message? If so, what is it?
What's happening that's not supposed to happen?
What's not happening that's supposed to?

eschuppe
03-09-2009, 01:15 AM
The code is supposed to insert the values in the table checkout and confirm success, or post an error message. None of which is happening, it enters a blank page.
Not sure if that helps, if you need to know anything else let me know.

Thanks again.
Eric

masterofollies
03-09-2009, 01:49 AM
This is wrong.


$query = "INSERT INTO checkout (full_name, user_idnum, date, book) VALUES ('$_POST[user_idnum], 'NOW()', '$_POST[bookisbn]')";

PappaJohn
03-09-2009, 01:54 AM
Yeah that is helpful, it keeps people from having to guess what they're looking for.

A few problems:

<?php
if ($_POST['user_idnum'] && $_POST['bookisbn']) { // If everything is okay.
$query = "SELECT user_idnum FROM users";
$result = @mysql_query ($query); // Run the query.
if (mysql_fetch_object($result) == $_POST['user_idnum']) {

mysql_fetch_object($result) will never equal $_POST['user_idnum']. The mysql_ function returns an object and the $_POST variable is a simple variable.

I'm not entirely sure what you're trying to accomplish here, but I'm guessing you're trying to get the users name. In which case you should change your $query to:

$query = "SELECT user_idnum FROM users WHERE user_idnum = " . $_POST['user_idnum'];
You can then check to see if the query returned 1 row (use mysql_num_rows()) and, if so, continue.

This query is wrong:


// Make the query.
$query = "INSERT INTO checkout (full_name, user_idnum, date, book) VALUES ('$_POST[user_idnum], 'NOW()', '$_POST[bookisbn]')";


You specify the fields, full_name, user_idnum, date, book, but only supply values for user_idnum, date and book. You must specify values for all fields specified. I'm guessing user_idnum is an integer in which case you do not need the singe quotes around the value in the SQL.

I didn't look further, there may be other problems but you need to fix these.

Also, I'd suggest abandoning the use of @ in front of your mysql_query() calls. All it does is suppress any errors - thus you are getting no error messages. Suppressing errors does not make them go away. You need to look into proper error-trapping, error-reporting and error-handling. (There are a number of threads on this forum relating to these topics). With proper error management, your application would have provided you with a (usually) meaningful error message to point you in the right direction.

eschuppe
03-09-2009, 01:57 AM
I fixed the initial problem, however, now its always displaying "Your id number does not match."
which means this portion is wrong I think.

$query = "SELECT user_idnum FROM users";
$result = @mysql_query ($query); // Run the query.
if (mysql_fetch_object($result) == $_POST['user_idnum']) {
Not exactly sure.

eschuppe
03-09-2009, 01:59 AM
Thanks Pappa,
Extremely helpful! I'm fixing errors right now ill tell you if its fixed.
-Edit-
Everything is working now, Thankyou so much again.

PappaJohn
03-09-2009, 02:31 AM
You're welcome. Glad you got it working.

masterofollies
03-09-2009, 04:28 PM
Yeah that is helpful, it keeps people from having to guess what they're looking for.

Yeah you aren't rude are you.

PappaJohn
03-09-2009, 10:48 PM
Yeah you aren't rude are you.
Excuse me?

The OP asked

Not sure if that helps, if you need to know anything else let me know.
and I responded that it was helpful and I explained why!

At least I didn't give a terse answer such as: "This is wrong". I took the time to explain why it was wrong and to provide some suggestions. Not to mention finding other problems and pointing out those errors as well.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum