Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 3 of 4 FirstFirst 1234 LastLast
Results 31 to 45 of 53

Thread: PHP / MsSQL

  1. #31
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    You appear to have mis-matched tags according to the recent code you posted: missing closing div and closing table tag(s). You are also using the obsolete center tag. These should be corrected but probably do not account for your issue.

    I don't believe action="" should be used to re-direct to the same page. In particular, this attribute should not be empty. I use:

    PHP Code:
    <form id="login" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"
        onsubmit="return validate(this);">
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  2. Users who have thanked AndrewGSW for this post:

    willscarlet (12-17-2012)

  3. #32
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    Also
    PHP Code:
    enctype="multipart/form-data" 
    is only necessary if posting a file. It's probably not causing any harm but you might as well delete it - assuming you are not actually posting a file.
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  4. #33
    New Coder
    Join Date
    Aug 2012
    Posts
    65
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Thank you for the advice, I have changed the form syntax. The in page styling is just there temporarily. The CSS will be created in detail after I actually get the enter, update, and delete features to finally work But I fear that may never happen, lol

  5. #34
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    The mismatched tags shouldn't be a problem so long as you have matched form tags (and even then I question if it would be a problem. . .) and valid input types. Its bad form for HTML of course, but that shouldn't cause a problem with what the browsers actually send. Action can be empty; I don't know if that's valid with the html specifications or if they prefer a lack of element attribute. I personally always provide an action as well.

    Isset is used to verify a variable exists and is not null. In the case of an offset in post, it is verifying that a value has been provided to it via post method. In all honesty if you want to do it precise you should check that every relevant field is provided (minus the submit).
    You still need to clarify what you mean by a refresh. You don't mean by actually pressing the refresh button do you? You need to resubmit it completely from scratch to resubmit it fresh.

    Add a print $strSQL; before the sqlsrv_query. Take that and run it directly into a SQL client to verify it works. If it doesn't print, then make sure that the form shows.
    If the form is not showing (ie: a white blank page) after submit, then run the code through a PHP lint on the command line with php -l thatfile.php and it will verify no syntax errors. Double check that the url specified is that of the form.
    If the form does show, view the source HTML to verify you cannot see the PHP code. If you can, you are not processing PHP (which does not sound to be the case); this can be caused though if you are using the file:// protocol instead of the http:// protocol on a local machine. If that checks out, and you do not see the SQL string, then it is not entering that conditional block. With what you have here, it will upon submission as you have specified a text field called "LOWNUMBER" as being available. All text fields are successful regardless of the value specified, unlike radios and checkboxes for example which are only submitted if checked.

    At minimum, you should always see the form regardless of if you have submitted it or not.

  6. #35
    New Coder
    Join Date
    Aug 2012
    Posts
    65
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Okay, I added the print $strSQL; into the code and when I hit the refresh button, the page shows normally, but this line is present at the top left corner of the page:

    INSERT INTO MSAG (StreetName) VALUES ('0x4a414d4945')

    When I was speaking of hitting the submit button earlier and it 'refreshing' the page. I was refering to when I hit the submit button, the page 'blinks' and all the form data that I had entered disapears. I hope that made sense.

    However, I did not notice this before, but now when I fill out the StreetName field on the form, it will add it to the database, but only if the street name is just a number. (ie, I can enter a record with a streetname of '1' and it will work, however, if i enter 'Broad St' it will not.)


    PHP Code:
    <?php
    include 'includes/db/connect.php';

    error_reporting(E_ALL); 
    ini_set("display_errors""on");

    /**
    First thing, we create a function that will make your data safe! 
    **/ 
    function mssql_escape($data) { 
        if(
    is_numeric($data)) 
            return 
    $data
        
    $unpacked unpack('H*hex'$data); 
        return 
    '0x' $unpacked['hex']; 


    if (isset(
    $_POST['LOWNUMBER'])) {
        
    //now we loop through the post data and sanitize it! 
        
    foreach ($_POST as $key=>$value) { 
            
    $_POST[$key] = mssql_escape($value); 
        } 
        
        
    //now we build the query! 
        
    $strSQL "INSERT INTO MSAG ";   
        
    $strSQL .="(StreetName) ";   
        
    $strSQL .="VALUES ";   
        
    $strSQL .= "('{$_POST['StreetName']}')";
        
        print 
    $strSQL;
        
    //now we insert it 
        
    sqlsrv_query($conn$strSQL) or die(print_r(sqlsrv_errors(), true));
    }
    ?>

    <?php include 'includes/head/head_main.php'?> 

    <div id = "top_content"> 
    <body> 

    <?php include 'includes/header/header_main.php'?> 

    <h1>Add New Record</h1> 

    <div id = "enter_record"> 

    </center> 
    <div id = "modify"> 

    <form id="login" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post"
        onsubmit="return validate(this);">

    <table>
    <tr>
    <td>Pre Dir:    <br><input type="text" name="StreetPrefix"> <br></td>
    <td>Street:     <br><input type="text" name="StreetName"> <br></td>
    <td>Suffix:     <br><input type="text" name="StreetSuffix"> <br></td>
    <td>Post Dir:     <br><input type="text" name="StreetPostDir"> <br></td>
    <td>Community:     <br><input type="text" name="COMMUNITY"> <br></td>
    </tr></table>
    <br>

    <table>
    <tr>
    <td>Low:    <br><input type="text" name="LOWNUMBER"> <br></td>
    <td>High:    <br><input type="text" name="HighNumber"> <br></td>
    <td>EOB:    <br><input type="text" name="EOB"> <br></td>
    <td>ESN:    <br><input type="text" name="ESN"> <br></td>
    </tr>
    </table>
    <br>

    <table>
    <tr>
    <td>Telco:    <br><input type="text" name="TELCO"> <br></td>
    <td>ZIP:    <br><input type="text" name="PostOffice"> <br></td>
    <td>Zone:    <br><input type="text" name="ZONE"> <br></td>
    <td>Map:    <br><input type="text" name="MAP"> <br></td>
    </tr>
    </table>
    <br>

    <table> 
    <tr> 
    <td>Entered:    <br><input type="text" name="DateEntered"> <br></td> 
    <td>Modified:    <br><input type="text" name="DateUpdated"> <br></td> 
    </tr> 
    </table> 
    <br> 

    <table> 
    <tr> 
    <td>Comments:    <br><input type="text" name="Commments"> <br></td> 
    </tr> 
    </table> 
    <br> 
    </div> 

    <input type="submit" align = "left" name="submit" value="Submit"/> 
    </table> 

    </form> 
    <br>     

    </div>

  7. #36
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Are you sure the datatype in the MSAG table for StreetName is a text type? It looks to me that it is (SQLServer should complain about a datatype mismatch if its not and reject).
    Comment out this line and try again: $_POST[$key] = mssql_escape($value);.

  8. Users who have thanked Fou-Lu for this post:

    willscarlet (12-17-2012)

  9. #37
    New Coder
    Join Date
    Aug 2012
    Posts
    65
    Thanks
    5
    Thanked 0 Times in 0 Posts
    That worked that time. I commented out that line and I was able to enter a text street name. does this mean that the data entry script is working correctly, sir?

    If so, to enter all the other fields as well, I would just need to make more of these correct?
    $strSQL .= "('{$_POST['LOWNUMBER']}')";
    $strSQL .= "('{$_POST['HIGHNUMBER']}')";
    $strSQL .= "('{$_POST['COMMUNITY']}')";

    etc...

  10. #38
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    No, use prepared statements.
    I have an example of that here.

  11. #39
    New Coder
    Join Date
    Aug 2012
    Posts
    65
    Thanks
    5
    Thanked 0 Times in 0 Posts
    My newness is really shinning here, but, I see your example I am really not familiar with this implode funtion at all:

    PHP Code:
    $a = array()// your array of key => values
    $sFields implode('], ['array_keys($a));
    $sReplacement rtrim(str_repeat('?, 'count($a)), ', ');
    $sQry "INSERT INTO [MSAG] ([$sFields]) VALUES ($sReplacement)";

    if (
    $stmt sqlsrv_query($conn$sQry$a))
    {
        print 
    'done.';

    2 questions, where would I place the field names in this, and would that replace this whole block?:

    PHP Code:
    /**
    First thing, we create a function that will make your data safe! 
    **/ 
    function mssql_escape($data) { 
        if(
    is_numeric($data)) 
            return 
    $data
        
    $unpacked unpack('H*hex'$data); 
        return 
    '0x' $unpacked['hex']; 


    if (isset(
    $_POST['LOWNUMBER'])) {
        
    //now we loop through the post data and sanitize it! 
        
    foreach ($_POST as $key=>$value) { 
            
    //$_POST[$key] = mssql_escape($value); 
        

        
        
    //now we build the query! 
        
    $strSQL "INSERT INTO MSAG ";   
        
    $strSQL .="(StreetName) ";   
        
    $strSQL .="VALUES ";   
        
    $strSQL .= "('{$_POST['StreetName']}')";
        
        print 
    $strSQL;
        
    //now we insert it 
        
    sqlsrv_query($conn$strSQL) or die(print_r(sqlsrv_errors(), true));

    Last edited by willscarlet; 12-17-2012 at 09:54 PM.

  12. #40
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    You don't need to specify the fields. The implode's job is to create them for you.
    It is terribly insecure though. What would be better would be to give it a quick dataset to compare against for what you do allow (keyname wise). This assumes the keyname matches the fieldname provided in the form.
    PHP Code:
    $aAllowed = array('StreetPrefix''StreetName''StreetSuffix''...'); // all the allowed items.
    function removeUnknowns(&$item$key, array $aAllowed)
    {
        if (!
    in_array($key$aAllowed))
        {
            
    $item "";
        }
    }

    $aSubmitted $_POST;
    array_walk($aSubmitted'removeUnknowns'$aAllowed);
    $aSubmitted array_filter($aSubmitted);

    $sFields implode('], ['array_keys($aSubmitted));
    $sReplacement rtrim(str_repeat('?, 'count($aSubmitted)), ', ');
    $sQry "INSERT INTO [MSAG] ([$sFields]) VALUES ($sReplacement)";

    if (
    $stmt sqlsrv_query($conn$sQry$aSubmitted))
    {
        print 
    'done.';

    Yeah.
    That would become the entire body of the isset($_POST['...']) branch.

  13. #41
    Senior Coder
    Join Date
    Apr 2011
    Location
    London, England
    Posts
    2,120
    Thanks
    15
    Thanked 354 Times in 353 Posts
    You seem to have included the following from my code sample:

    PHP Code:
    onsubmit="return validate(this);" 
    This is only relevant, of course, if you have a JS function named validate() already.
    "I'm here to save your life. But if I'm going to do that, I'll need total uninanonynymity." Me Myself & Irene.
    Validate your HTML and CSS

  14. #42
    New Coder
    Join Date
    Aug 2012
    Posts
    65
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Okay, I changed the code around abit as you suggested, sir. however now it no longer lets me enter information into the database. maybe I havea syntax error that you would be able to easily spot? no errors are being thrown. Also, I have asked before but was unclear on what to do, but the LOWNUMBER that I have in the isset _POST, should i be replacing that with something else?

    PHP Code:
    <?php
    include 'includes/db/connect.php';

    error_reporting(E_ALL); 
    ini_set("display_errors""on");

    /**
    First thing, we create a function that will make your data safe! 
    **/ 
    function mssql_escape($data) { 
        if(
    is_numeric($data)) 
            return 
    $data
        
    $unpacked unpack('H*hex'$data); 
        return 
    '0x' $unpacked['hex']; 


    if (isset(
    $_POST['LOWNUMBER'])) {
        
        
    $aAllowed = array(    'StreetPrefix'
                            
    'StreetName'
                            
    'StreetSuffix'
                            
    'StreetPostDir'
                            
    'COMMUNITY',
                            
    'LOWNUMBER',
                            
    'HighNumber',
                            
    'EOB',
                            
    'ESN',
                            
    'TELCO',
                            
    'PostOffice',
                            
    'ZONE',
                            
    'MAP',
                            
    'DateEntered',
                            
    'DateUpdated',
                            
    'Comments'
                            
    ); // all the allowed items.
    function removeUnknowns(&$item$key, array $aAllowed)
    {
        if (!
    in_array($key$aAllowed))
        {
            
    $item "";
        }
    }

    $aSubmitted $_POST;
    array_walk($aSubmitted'removeUnknowns'$aAllowed);
    $aSubmitted array_filter($aSubmitted);

    $sFields implode('], ['array_keys($aSubmitted));
    $sReplacement rtrim(str_repeat('?, 'count($aSubmitted)), ', ');
    $sQry "INSERT INTO [MSAG] ([$sFields]) VALUES ($sReplacement)";

    if (
    $stmt sqlsrv_query($conn$sQry$aSubmitted))
    {
        print 
    'done.';
    }  

    }
    ?>

    <?php include 'includes/head/head_main.php'?> 

    <div id = "top_content"> 
    <body> 

    <?php include 'includes/header/header_main.php'?> 

    <h1>Add New Record</h1> 

    <div id = "enter_record"> 

    </center> 
    <div id = "modify"> 

    <form id="login" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" >

    <table>
    <tr>
    <td>Pre Dir:    <br><input type="text" name="StreetPrefix"> <br></td>
    <td>Street:     <br><input type="text" name="StreetName"> <br></td>
    <td>Suffix:     <br><input type="text" name="StreetSuffix"> <br></td>
    <td>Post Dir:   <br><input type="text" name="StreetPostDir"> <br></td>
    <td>Community:  <br><input type="text" name="COMMUNITY"> <br></td>
    </tr></table>
    <br>

    <table>
    <tr>
    <td>Low:    <br><input type="text" name="LOWNUMBER"> <br></td>
    <td>High:   <br><input type="text" name="HighNumber"> <br></td>
    <td>EOB:    <br><input type="text" name="EOB"> <br></td>
    <td>ESN:    <br><input type="text" name="ESN"> <br></td>
    </tr>
    </table>
    <br>

    <table>
    <tr>
    <td>Telco:  <br><input type="text" name="TELCO"> <br></td>
    <td>ZIP:    <br><input type="text" name="PostOffice"> <br></td>
    <td>Zone:   <br><input type="text" name="ZONE"> <br></td>
    <td>Map:    <br><input type="text" name="MAP"> <br></td>
    </tr>
    </table>
    <br>

    <table> 
    <tr> 
    <td>Entered:    <br><input type="text" name="DateEntered"> <br></td> 
    <td>Modified:   <br><input type="text" name="DateUpdated"> <br></td> 
    </tr> 
    </table> 
    <br> 

    <table> 
    <tr> 
    <td>Comments:    <br><input type="text" name="Commments"> <br></td> 
    </tr> 
    </table> 
    <br> 
    </div> 

    <input type="submit" align = "left" name="submit" value="Submit"/> 
    </table> 

    </form> 
    <br>     

    </div>
    Last edited by willscarlet; 12-18-2012 at 01:03 PM.

  15. #43
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Change this:
    PHP Code:
    if ($stmt sqlsrv_query($conn$sQry$aSubmitted))
    {
        print 
    'done.';

    to this:
    PHP Code:
    if (false === ($stmt sqlsrv_query($conn$sQry$aSubmitted)))
    {
        die(
    print_r(sqlsrv_errors(), true));

    It should tell you if there is any errors.

  16. #44
    New Coder
    Join Date
    Aug 2012
    Posts
    65
    Thanks
    5
    Thanked 0 Times in 0 Posts
    Changed, still showing no errors, sir.

  17. #45
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,979
    Thanks
    4
    Thanked 2,659 Times in 2,628 Posts
    Your form no longer has a post method. You need to extract from $_GET if you don't specify a method of post. I'd suggest changing it to post.


 
Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •