...

View Full Version : $_POST[$variable] help needed



Sandcrawler
03-17-2010, 03:22 AM
I'm having toruble getting $_POST to work in one small section of my code:


$i=0;
while($i < $players)
{
$t1p = "t1p$i";
$st1p = "scoret1p$i";
$team1 = "$team1". $_POST[$t1p] ."|". $_POST[$st1p] ."\n";

$t2p = "t2p$i";
$st2p = "scoret2p$i";
$team2 = "$team2 ". $_POST[$t2p] ."|". $_POST[$st2p] ."\n";
$i++;
}


I'd like it to grab the data from a form variable, and be able to avoid having to define each form object.

This same setup is working earlier in the code that queries my database based on form/POST data.

I can post more code if needed. but I've isolated the problem to this bit of code using an echo to see if the $_POST were working, and all I was getting back was the |

Goldfish
03-17-2010, 03:57 AM
$i=0;
while($i < $players)
{
$t1p = "t1p".$i;
$st1p = "scoret1p".$i;
// $team1 = "$team1". $_POST[$t1p] ."|". $_POST[$st1p] ."\n";
// my guess, theres a $ too much
$team1 = "team1". $_POST[$t1p] ."|". $_POST[$st1p] ."\n";

if($_POST[$t1p] == "")
{
echo "formfield ".$t1p." doesnīt exist or is empty<br>";
}
if($_POST[$st1p] == "")
{
echo "formfield ".$st1p." doesnīt exist or is empty<br>";
}

$t2p = "t2p".$i;
$st2p = "scoret2p".$i;
$team2 = "team2". $_POST[$t2p] ."|". $_POST[$st2p] ."\n";

if($_POST[$t2p] == "")
{
print "formfield ".$t2p." doesnīt exist or is empty<br>";
}
if($_POST[$st2p] == "")
{
print "formfield ".$st2p." doesnīt exist or is empty<br>";
}

$i++;
}

tomws
03-17-2010, 04:30 AM
I don't know what Goldfish is attempting. Looks like there are just some variables moved into a concat, which won't make any difference, and some tests for missing POST values, which could only happen if you've broken them earlier in the code you haven't shown.

There's a better way to check array contents: print_r(). If you're not working on a live site, an easy way to see what an array contains would be to do something like this:

echo '<pre>';
print_r($myArray);
die('</pre>');
Removes the need to set up convoluted loops just to view array contents.

More to the root of the problem, did you know you can use array notation for naming your form inputs? If you did that, then you're just catching an array of values and don't need to bother with these screwy loops.

Sandcrawler
03-17-2010, 05:20 AM
I've tried using an array before, and couldn't get it to work so I went to using the loops, maybe you can tell me what I have wrong in the array:

The form elements (all of them shown below): Inside of a loop, with an echo


echo "<form action='afw.php?page=$page&command=report&players=$players' method='post'><table><tr><td colspan=\"2\">Match Title: <input type='text' name='title' size='20'> (Game initials and match id will be added to your title)</td></tr><tr><td>Team 1<br></td><td>Team 2</td></tr>";
for ($i=1; $i<=$players; $i++)
{
echo "<tr><td><select name=\"t1p[ ]\">";

$sql = mysql_query ("SELECT * FROM suser WHERE signup$gameid='1' ORDER BY 'cid'");
while($row = mysql_fetch_array ($sql))
{
$name = $row['username'];
$cid = $row['cid'];

$sql2 = mysql_query ("SELECT * FROM afwc WHERE id='$cid'");
$row2 = mysql_fetch_array ($sql2);
$init = $row2['initial'];

echo "$num <option value=\"$name\">$init$name</option>";
}
echo "</select><br>Score: <input name=\"scoret1p[ ]\" size=\"2\" type=\"text\"></td><td><select name=\"t2p[ ]\">";

$sql = mysql_query ("SELECT * FROM suser WHERE signup$gameid='1' ORDER BY 'cid'");
while($row = mysql_fetch_array ($sql))
{
$name = $row['username'];
$cid = $row['cid'];

$sql2 = mysql_query ("SELECT * FROM afwc WHERE id='$cid'");
$row2 = mysql_fetch_array ($sql2);
$init = $row2['initial'];

echo "$num <option value=\"$name\">$init$name</option>";
}
echo "</select><br>Score: <input name=\"scoret2p[ ]\" size=\"2\" type=\"text\"></td></tr>";
}
echo "<input type=\"hidden\" name=\"upload\" id=\"uploaded\" value=\"\"/>";

echo "<tr><td colspan=\"2\">Report button will be shown after you upload a screenshot.<br><span id=\"finished\" style=\"display: none;\"><input type='submit' name='submit' value='Report'></span></form></td></tr></table>";


Updated above loop for data:



$t1p = $_POST['t1p'];
$t1ps = $_POST['scoret1p'];
$t2p = $_POST['t2p'];
$t2ps = $_POST['scoret2p'];

//set the team players/scores
$i=0;
while($i < $players)
{
$team1 = "$team1". $t1p['$i'] ."|". $t1ps['$i'] ."\n";
$team2 = "$team2 ". $t2p[ $i ] ."|". $t2ps[ $i ] ."\n";
$i++;
}
echo "$team1 $team2";

echo '<pre>';
print_r($t1p);
echo '</pre>';

$ntitle = "$game1ini ($nid) $title";
mysql_query("INSERT INTO afw SET gameid='$gameid', round='$round', team1='$team1', team2='$team2', title='$ntitle', screenshot='$screensh', reported='$username'");
echo "Thanks for playing and reporting $ntitle. You can now use the navigation above, or <a href=\"./afw.php?page=$page\">click here to go back</a>";



The Script whole (185 lines):


if ($status == '1')
{//activecheck
$players = $_GET['players'];
if(empty($players))
{
echo "Please select the number of players from below.<br>";

$i=1;
while($i <= $max)
{
if(($i <= $max) && ($i >= $min))
{
echo "<a href=\"./afw.php?page=$page&command=report&players=$i\">$i v $i</a><br>";
}
$i++;
}
}
else
{
if (isset($_POST['submit']))
{
//check if valid players
if(($players <= $max) && ($players >= $min))
{
$title = $_POST['title'];
$upload = $_POST['upload'];
$screensh = "$gameid/$round/$upload";
$t1p = $_POST['t1p'];
$t1ps = $_POST['scoret1p'];
$t2p = $_POST['t2p'];
$t2ps = $_POST['scoret2p'];

//adding scores to the player stats
for ($i=1; $i<=$players; $i++)
{
//team1player
$p1 = "t1p$i";
$p1s = "scoret1p$i";
$you1 = mysql_query ("SELECT * FROM suser WHERE username='$_POST[$p1]'");
$you2 = mysql_fetch_array($you1);
$clan = $you2['cid'];
$games = $you2['cgames1'];

if($games == '0')
{
mysql_query("UPDATE afwc SET active$gameid= active$gameid +1 WHERE id='$clan'");
}

mysql_query("UPDATE suser SET cscore$gameid=cscore$gameid +$_POST[$p1s] , cgames$gameid=cgames$gameid + 1 WHERE username='$_POST[$p1]'");

//team2player
$p2 = "t2p$i";
$p2s = "scoret2p$i";
$you1 = mysql_query ("SELECT * FROM suser WHERE username='$_POST[$p2]'");
$you2 = mysql_fetch_array($you1);
$clan = $you2['cid'];
$games = $you2['cgames1'];

if($games == '0')
{
mysql_query("UPDATE afwc SET active$gameid= active$gameid +1 WHERE id='$clan'");
}

mysql_query("UPDATE suser SET cscore$gameid=cscore$gameid +$_POST[$p2s] , cgames$gameid=cgames$gameid + 1 WHERE username='$_POST[$p2]'");
}

//lastid
$sql = mysql_query ("SELECT COUNT(title) FROM afw WHERE gameid='$gameid' AND round='$round'");
$row = mysql_fetch_array ($sql);
$id = $row['COUNT(title)'];
$nid = $id+1;
//lastid

$t1p = $_POST['t1p'];
$t1ps = $_POST['scoret1p'];
$t2p = $_POST['t2p'];
$t2ps = $_POST['scoret2p'];

//set the team players/scores
$i=0;
while($i < $players)
{
$team1 = "$team1". $t1p['$i'] ."|". $t1ps['$i'] ."\n";
$team2 = "$team2 ". $t2p[ $i ] ."|". $t2ps[ $i ] ."\n";
$i++;
}
echo "$team1 $team2";

echo '<pre>';
print_r($t1p);
echo '</pre>';

$ntitle = "$game1ini ($nid) $title";
mysql_query("INSERT INTO afw SET gameid='$gameid', round='$round', team1='$team1', team2='$team2', title='$ntitle', screenshot='$screensh', reported='$username'");
echo "Thanks for playing and reporting $ntitle. You can now use the navigation above, or <a href=\"./afw.php?page=$page\">click here to go back</a>";
}//end of valid player check
}
else
{
?>
<script language="javascript" type="text/javascript">
function startUpload()
{
document.getElementById('upload_process').style.display = 'block';
document.getElementById('upload_form').style.display = 'none';
}
function stopUpload(success, file)
{
var result = '';

if (success == 1)
{
result = '<span class="msg">The file was uploaded successfully!<\/span><br>';
}
else if (success == 2)
{
result = '<span class="msg">There was an error during file upload! The file has a size of 0<\/span><br> File: <input name="ufile[]" id="ufile[]" type="file" size="30"> <input type="submit" name="submitBtn" value="Upload">';
}
else if (success == 3)
{
result = '<span class="msg"> We only allow .png, .jpg, and .gif files to be uploaded. If you think we should allow other please make a suggestion on the forums.<\/span><br> File: <input name="ufile[]" id="ufile[]" type="file" size="30"> <input type="submit" name="submitBtn" value="Upload">';
}
document.getElementById("uploaded").value= file;
document.getElementById("finished").style.display = 'block';
document.getElementById("upload_process").style.display = 'none';
document.getElementById("upload_form").innerHTML = result;
document.getElementById("upload_form").style.display = 'block';
}
</script>
<?php
echo "Use the following form to report a match: <br><br>";
?>
Allowed formats: png, jpg, gif<br>
<span id='upload'>
<form action="./website/afw/upload.php?round=<?php echo $round; ?>&gameid=<?php echo $gameid; ?>" method="post" enctype="multipart/form-data" target="upload_target" onsubmit="startUpload();" >
<span id="upload_process" style="display: none;">
<img src="./website/loader.gif" />
</span>
<span id="upload_form">
File: <input name="ufile[]" id="ufile[]" type="file" size="30" /> <input type="submit" name="submitBtn" value="Upload" />
</span>
<iframe id="upload_target" name="upload_target" src="#" style="width:0;height:0;border:0px solid #fff;"></iframe>
</form>
</span>
<?php
echo "<form action='afw.php?page=$page&command=report&players=$players' method='post'><table><tr><td colspan=\"2\">Match Title: <input type='text' name='title' size='20'> (Game initials and match id will be added to your title)</td></tr><tr><td>Team 1<br></td><td>Team 2</td></tr>";
for ($i=1; $i<=$players; $i++)
{
echo "<tr><td><select name=\"t1p[ ]\">";

$sql = mysql_query ("SELECT * FROM suser WHERE signup$gameid='1' ORDER BY 'cid'");
while($row = mysql_fetch_array ($sql))
{
$name = $row['username'];
$cid = $row['cid'];

$sql2 = mysql_query ("SELECT * FROM afwc WHERE id='$cid'");
$row2 = mysql_fetch_array ($sql2);
$init = $row2['initial'];

echo "$num <option value=\"$name\">$init$name</option>";
}
echo "</select><br>Score: <input name=\"scoret1p[ ]\" size=\"2\" type=\"text\"></td><td><select name=\"t2p[ ]\">";

$sql = mysql_query ("SELECT * FROM suser WHERE signup$gameid='1' ORDER BY 'cid'");
while($row = mysql_fetch_array ($sql))
{
$name = $row['username'];
$cid = $row['cid'];

$sql2 = mysql_query ("SELECT * FROM afwc WHERE id='$cid'");
$row2 = mysql_fetch_array ($sql2);
$init = $row2['initial'];

echo "$num <option value=\"$name\">$init$name</option>";
}
echo "</select><br>Score: <input name=\"scoret2p[ ]\" size=\"2\" type=\"text\"></td></tr>";
}
echo "<input type=\"hidden\" name=\"upload\" id=\"uploaded\" value=\"\"/>";

echo "<tr><td colspan=\"2\">Report button will be shown after you upload a screenshot.<br><span id=\"finished\" style=\"display: none;\"><input type='submit' name='submit' value='Report'></span></form></td></tr></table>";

}//end form submitted
}
}//endactivecheck

Goldfish
03-17-2010, 11:42 AM
I canīt really make sense out of your code, i.e. I canīt see where you get the values for $status, $min and $max from.
If your script begins with:



if ($status == '1')
{//activecheck
$players = $_GET['players'];
if(empty($players))
{
echo "Please select the number of players from below.<br>";

$i=1;
while($i <= $max)

...



Where do the values come from?

Then there are 101 things not by the rules, i.e.



mysql_query ("SELECT * FROM suser WHERE signup$gameid='1' ORDER BY 'cid'");


should read



mysql_query ("SELECT * FROM `suser` WHERE `signup".$gameid."`= 1 ORDER BY `cid`");


Assuming your code would work anyway, because PHP/MySql are a bit tolerant there, I would suggest, print out all queries, so you see what commands you actually send to MySql, like this:



$sql2 = mysql_query ("SELECT * FROM afwc WHERE id='$cid'");
print "SELECT * FROM afwc WHERE id='$cid'";


If you still canīt see anything wrong in the output, copy&paste the queries it prints out into PHPMyAdmin and see whether it works there, else PHPMyAdmin should tell you whatīs wrong.

MattF
03-17-2010, 11:52 AM
mysql_query ("SELECT * FROM suser WHERE signup$gameid='1' ORDER BY 'cid'");


should read



mysql_query ("SELECT * FROM `suser` WHERE `signup".$gameid."`= 1 ORDER BY `cid`");



No, it should not. The back ticks serve one purpose and one purpose only, and that is masking something which shouldn't occur in the first place. They allow the use of reserved words in names. The ticks should never be needed because the DB design shouldn't create that situation to start with, if designed correctly. As far as I know, it's not even valid syntax outside of MySQL, (although I could be mistaken on that part).

tomws
03-17-2010, 03:49 PM
An unrelated issue first:

$you1 = mysql_query ("SELECT * FROM suser WHERE username='$_POST[$p1]'");
Queries like that are open to SQL injection. You should read up on that and how to use mysql_real_escape_string(). There may be other places where you need to implement that, too.

Did the array actually have data when you dumped it?

In the targeted area of code, you have these lines which don't match:

$team1 = "$team1". $t1p['$i'] ."|". $t1ps['$i'] ."\n";
$team2 = "$team2 ". $t2p[ $i ] ."|". $t2ps[ $i ] ."\n";

Now, for the arrays. Once you pass them as arrays from the from the form, you still iterate through them with a loop, but it's simpler than playing with strings and trying to match them up with POST array keys. If you dump the POST variable, you should see something like [scoret1p] => Array(blah), for example - one for each of your input arrays.

Sandcrawler
03-18-2010, 07:26 AM
I tried it again and it worked this time...I didn't change anythign that I hadn't already tried. Anyways, its working now.



Sandcrawler|2 Sandcrawler|3 Sandcrawler|4 Sandcrawler|3 arramus|1 arramus|2 arramus|6 arramus|2 T1:
Array
(
[0] => Sandcrawler
[1] => Sandcrawler
[2] => Sandcrawler
[3] => Sandcrawler
)
T2:
Array
(
[0] => arramus
[1] => arramus
[2] => arramus
[3] => arramus
)

(They should all four be the same in this case)

The cleaned up submission code:


//check if valid players
if(($players <= $max) && ($players >= $min))
{
$title = mysql_real_escape_string($_POST['title']);
$upload = mysql_real_escape_string($_POST['upload']);
$screensh = "$gameid/$round/$upload";
$t1p = $_POST['t1p'];
$t1ps = $_POST['scoret1p'];
$t2p = $_POST['t2p'];
$t2ps = $_POST['scoret2p'];

//lastid
$sql = mysql_query ("SELECT COUNT(title) FROM afw WHERE gameid='$gameid' AND round='$round'");
$row = mysql_fetch_array ($sql);
$id = $row['COUNT(title)'];
$nid = $id+1;

//set the team players/scores
$i=0;
while($i < $players)
{
$p1 = mysql_real_escape_string($t1p[$i]);
$p1s = mysql_real_escape_string($t1ps[$i]);
$p2 = mysql_real_escape_string($t2p[$i]);
$p2s = mysql_real_escape_string($t2ps[$i]);
$team1 = "$team1". $p1 ."|". $p1s ."\n";
$team2 = "$team2". $p2 ."|". $p2s ."\n";

//team1player
$you1 = mysql_query ("SELECT * FROM suser WHERE username='$p1'");
$you2 = mysql_fetch_array($you1);
$clan = $you2['cid'];
$games = $you2['cgames1'];
if($games == '0')
{
mysql_query("UPDATE afwc SET active$gameid= active$gameid +1 WHERE id='$clan'");
}
mysql_query("UPDATE suser SET cscore$gameid=cscore$gameid +$p1s , cgames$gameid=cgames$gameid + 1 WHERE username='$p1'");

//team2player
$you1 = mysql_query ("SELECT * FROM suser WHERE username='$p2'");
$you2 = mysql_fetch_array($you1);
$clan = $you2['cid'];
$games = $you2['cgames1'];
if($games == '0')
{
mysql_query("UPDATE afwc SET active$gameid= active$gameid +1 WHERE id='$clan'");
}
mysql_query("UPDATE suser SET cscore$gameid=cscore$gameid +$p2s , cgames$gameid=cgames$gameid + 1 WHERE username='$p2'");

$i++;
}

$ntitle = "$game1ini ($nid) $title";
mysql_query("INSERT INTO afw SET gameid='$gameid', round='$round', team1='$team1', team2='$team2', title='$ntitle', screenshot='$screensh', reported='$username'");
echo "Thanks for playing and reporting $ntitle. You can now use the navigation above, or <a href=\"./afw.php?page=$page\">click here to go back</a>";
}//end of valid player check


The $min and $max come from another section of the file. Its pulled from a database along with a few other variables that are used commonly on the page. Everything is working, and its writting out to the database correctly.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum