• Announcements

    • boen_robot

      Guidelines and Netiquette   03/28/2017

      Posting Problems:   Having problems posting your topic? Read through this: To join, you agree to our terms and conditions and fill out and submit a registration form. An activation email will be sent to your email adress, so you'll need to verify your account. After that the account has to be validated by one of the moderators. This will mean that it can take up to a day to be activated. A couple of things to remember to ensure approval: Don't use an email address in one of those $2 four character .com domains eg. xyds.com. These will be deleted and the domain added to the banned list. Don't use an email address that is within a domain with a bad reputation for spam. A Google search is run on every email address and email domain. Don't sign up with an email address that doesn't exist, doesn't work or requires the sender to answer a quiz before their email can get to you. Put your country and or state and city in the signup form. Blank forms will go to the botton of the "to do" list. And make sure that your email address and your country match, saying you're from Alabama and using a .ru email address is not going to get you activated. After a membership is activated the first few posts will be monitored. Posting spam or unapproved topics described in the agreement results in an immediate ban. The email provider and the IP addresses associated with the account will be banned and all posts will be deleted. These strict measures have been deemed necessary to hinder spam. Sorry for any inconvenience this causes, but it's not liable to change. If, after reading this, you still can't post and don't understand why, contact one of the Moderators listed here.   Topic Guidelines   Including the following information can expedite an accurate response from board members: Must be a Specific Problem or Question related to web design and development Include Code in Question (wrap with   for small blocks of code and for longer blocks   ) Include Code Author Include Extra Notes/Modifications/Attempts Include web link to page/file when possible Content Guidelines   You may not post, upload, link to, or email any Content that contains, promotes, gives instruction about, or provides prohibited Content. Prohibited Content includes any Content that breaks any local, state, county, national or international law. Prohibited Content also includes: No direct or indirect advertising or websites, forums, products, services No hijacking of posts (do not post your question in someone elses) Content that infringes upon any rights [ex. MP3s and ROMs] (including, but not limited to, copyrights and trademarks) Abusive, threatening, defamatory, racist, or obscene Viruses or any other harmful computer software False Information or libel Spam, chain letters, or Pyramid schemes Gambling or Illicit drugs Terrorism Hacking or cheating for internet/online games Warez, Roms, CD-Keys, Cracks, Passwords, or Serial Numbers Pornography, nudity, or sexual material of any kind Excessive profanity Invasive of privacy or impersonation of any person/entity Hacking materials or information Posting Tips   There are more BBcodes than there are buttons for on the reply menu. To get the full list, click "BB Code Help" underneath the clickable smilie face menu. Use   for small snippets of code Use   for lengthy snippets of code Use   if your snippet is HTML (optional) Use   if your snippet is SQL (optional) Rules of Conduct   Be nice. There's no need for calling someone stupid if they ask an 'easy' question. Keep your avatars and signatures absolutely child friendly. We have a younger audience on this forum. Keep your language appropriate for the same reason above. Do not PM moderators for help on the forum. Post on the topic, or create a new one.   Spam:   Recently, as you have all without doubt noticed, we have had lots of spam and advertisement on the forum. Therefore, we'd like to alert you as to what to do when you have found any of the aforementioned annoying messages: it. Immediately. Give a clear reason, please, if the advertising is not evident. DO NOT POST! Report, let the post stay as is, and we will get to it, meanwhile if you continue to post as normal in the other threads, it won't be on the top so long. Refrain from PMing the member. This won't help at all, as they are most likely spambots anyway. Thank you.       Images in signatures:   After thinking of users on dial-up, we have decided to enforce the following rules regarding signatures. Please pay heed to them. Respecting these rules is respecting the members on this forum with dial-up. Signature rules: No animated images AT ALL. No matter the amount of animation. Maximum image widthxheight: 300x150 Maximum image (file) size: 15kb Use calm colors. Do not use highly contrasting images in your signature, as this can get really annoying when seeing several posts from one member in the same thread. The same prohibited content goes for images as for posts. Lastly, use common sense. No lengthy signatures please. Save us some scrolling. Thank you.       Links in signatures:   Please understand that w3schools.com only exists because of voluntary work and is barely supported by the advertising littered throughout the tutorials and the forum. So, please, stop advertising other sites. DO not post links that drive traffic away from the w3schools domain - especially to a site that offers similar if not identical information. Please help support the site by keeping individuals on it. Thank you. Here are some guidelines as to what you can put in your signature: w3schools links --> allowed w3.org links --> allowed browser links --> allowed html editor links --> allowed personal sites --> allowed tutorial sites competing with w3schools --> NOT allowed sites completely irrelevant to webprogramming and this forum --> NOT allowed   Thanks for understanding, and for taking the time to read this. ~W3Schools Modstaff~
danmiddo

Converting .ASP to PHP HELP!!

21 posts in this topic

I have been given a .asp file that needs converting into PHP,

the only issue i am having is with the mass update fields.

 

 

<%@ Language=VBScript %>

<% if Request.QueryString("Home") = Request.QueryString("Away") Then %>
<% Response.Redirect("same.asp") %>
<%End If%>
<% if Request.QueryString("HomeGoal") > Request.QueryString("AwayGoal") Then%>
<%
  Home = Request.QueryString("Home")
  away = Request.QuerySTring("Away")
  Goal = Request.QueryString("HomeGoal")
  GoalIn = Request.QueryString("AwayGoal")

 

Set objConn = Server.CreateObject("ADODB.Connection")
ConnStr = "DRIVER={MySQL ODBC 3.51 Driver};SERVER=localhost;DATABASE=databse;UID=username;PWD=password!;"
objconn.Open(ConnStr)

 

        objConn.Execute "UPDATE teams SET Victories = Victories + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Points = Points + 3 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & Goal & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & GoalIn & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Defeats = Defeats + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & GoalIn & "' WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & Goal & "' WHERE Team='" & Away & "'"
    objConn.Close
    Set objConn= Nothing
%>
<%End if%>
<% if Request.QueryString("HomeGoal") < Request.QueryString("AwayGoal") Then%>
<%
  Home = Request.QueryString("Home")
  Away = Request.QuerySTring("Away")
  Goal = Request.QueryString("HomeGoal")
  GoalIn = Request.QueryString("AwayGoal")
Set objConn = Server.CreateObject("ADODB.Connection")
ConnStr = "DRIVER={MySQL ODBC 3.51 Driver};SERVER=localhost;DATABASE=databse;UID=username;PWD=password!;"
objconn.Open(ConnStr)

    
        objConn.Execute "UPDATE teams SET Defeats = Defeats + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & Goal & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & GoalIn & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Victories = Victories + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Points = Points + 3 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & GoalIn & "' WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & Goal & "' WHERE Team='" & Away & "'"
    objConn.Close
    Set objConn= Nothing
%>
<%End if%>
<% if Request.QueryString("HomeGoal") = Request.QueryString("AwayGoal") Then%>
<%
  Home = Request.QueryString("Home")
  Away = Request.QueryString("Away")
  Goal = Request.QueryString("HomeGoal")
  GoalIn = Request.QueryString("AwayGoal")
Set objConn = Server.CreateObject("ADODB.Connection")
ConnStr = "DRIVER={MySQL ODBC 3.51 Driver};SERVER=localhost;databse=fifa2;UID=username;PWD=password!;"
objconn.Open(ConnStr)

    
        objConn.Execute "UPDATE teams SET Draws = Draws + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Points = Points + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & Goal & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & GoalIn & "' WHERE Team='" & Home & "'"
        objConn.Execute "UPDATE teams SET Draws = Draws + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Points = Points + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Played = Played + 1 WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Made = Made + '" & GoalIn & "' WHERE Team='" & Away & "'"
        objConn.Execute "UPDATE teams SET Let = Let + '" & Goal & "' WHERE Team='" & Away & "'"
    objConn.Close
    Set objConn= Nothing
%>
<%End if%>
<% Home = Request.QueryString("Home") %>
<% Away = Request.QueryString("Away") %>
<% HomeGoal = Request.QueryString("HomeGoal") %>
<% AwayGoal = Request.QueryString("AwayGoal") %>

<head>
<title>Game: <%=Home%> against <%=Away%> - Result updated...</title>    


<H3>Result submitted</H3><HR>
<CENTER><B><%=Home%> - <%=HomeGoal%> - <%=AwayGoal%> - <%=Away%></CENTER><BR>
<HR>
<% if HomeGoal = AwayGoal Then %>
<CENTER>The game ended as a draw!</CENTER>
<%End If%>
<% if HomeGoal > AwayGoal Then %>
<CENTER><%=Home%> won against <%=Away%> !</CENTER>
<%End If%>
<% if HomeGoal < AwayGoal Then %>
<CENTER><%=Away%> won against <%=Home%> !</CENTER>
<%End If%>
</b>
<input type="button" value="Back" OnClick="top.location='results.asp'">

 

result_process.asp

Share this post


Link to post
Share on other sites

Which part of this are you having trouble with? Surely you know how to convert an IF statement to PHP.

Share this post


Link to post
Share on other sites

It's the Update queries. 

As there are so many of them they don't work when I set it out in php 

Share this post


Link to post
Share on other sites

How are you writing your PHP? PHP has several different database libraries, which one are you using?

Share this post


Link to post
Share on other sites

I'm using MySQL with PHP version 5.5.38 and I'm coding it all from scratch

Share this post


Link to post
Share on other sites

Do you know how to write PHP code for MySQL queries?

Share this post


Link to post
Share on other sites

not to an advanced level like this appears to require

Share this post


Link to post
Share on other sites

i'm not sure if its because the .asp code looks a mess which is why its giving me the headache trying to make this work in php

Share this post


Link to post
Share on other sites

That ASP code is poorly-written.  There are blocks of 4 or 5 update statements which all update the same row in the database.  That only needs to be 1 update statement.  Instead of 5 queries which each update one value, you only need 1 query which updates 5 values.  There's nothing particularly advanced about that, that's just a normal update query.

What you do need to worry about is making sure that you're doing this the right way.  If you're using the old mysql extension with mysql_query, that's the wrong way, that's not supported in PHP 7.  You should use either PDO or mysqli, and you should use prepared statements for each of those update queries.  You need a total of 6 update queries, not the 30 that the original file has.

If you're having problems writing this then post the code you have now and say what issues you're having.

Share this post


Link to post
Share on other sites

Posted (edited)

Yes I am aware the ASP code is poorly presented which is why im probably struggling so much

what im working with at the moment is

 

<?php

if ($_GET["home"] == $_GET["away"]) {
  header("Location: same.php");

$servername = "localhost";
$username = "username";
$password = "password!";

try {
    $conn = new PDO("mysql:host=$servername;dbname=database", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    echo "Connected successfully";
    }
catch(PDOException $e)
    {
    echo "Connection failed: " . $e->getMessage();
    }

if ($_GET["homegoal"] > $_GET["awaygoal"]) {
  $Home=$_GET["home"];
  $Away=$_GET["away"];
  $Goal=$_GET["homegoal"];
  $GoalIn=$_GET["awaygoal"];


$sql = "UPDATE `teams` SET `Victories` = 'Victories + 1', `Points` = 'Points + 3', `Played` = 'Played + 1', `Made` = 'Made + $Goal', `Let` = 'Let + $GoalIn' WHERE team = $Home AND SET 'Defeats' = 'Defeats + 1', 'Played' = 'Played + 1', 'Made' = 'Made + $GoalIn', 'Let' = 'Let + $Goal' WHERE team = $Away";

?>

 

I am aware that there is flaws with my SQL statement as this is where i am struggling

Untitled.png

Edited by danmiddo
Attached Image

Share this post


Link to post
Share on other sites

Your quotes aren't correct.  Don't quote the field name, when you quote the field name you're telling it to use the actual name of the field instead of the value in that field.  So instead of this:

UPDATE `teams` SET `Victories` = 'Victories + 1',

You should do this:

UPDATE `teams` SET `Victories` = `Victories` + 1,

The backticks are optional, you don't need to surround table or field names with them but it's good practice.  You don't need to quote the value at all if it's a number.

You also don't separate 2 update queries with AND like you did there.  You need to actually write and execute 2 update queries, not try to cram 2 update queries into one.

Also, where you have variables in your queries, you should make those placeholders and then add the values later.  That will protect your code from SQL injection attacks.  So instead of this:

`Made` = `Made` + $Goal

You do this:

`Made` = `Made` + ?

or this:

`Made` = `Made` + :goal

And you bind a value to that parameter when you execute the query.  That's what prepared statements are, you prepare the query first with placeholders for the values, and then when you execute it you send the values to the database server.  That will cause the database to always treat the values correctly (you don't have to worry about escaping any characters, or whether or not a value needs to be quoted), and it will prevent SQL injection attacks.

http://php.net/manual/en/pdo.prepared-statements.php

Share this post


Link to post
Share on other sites

Yeah i know that the AND statement doesn't/wouldn't work i was just struggling for how to run 2 queries.

I don't need to worry about SQL injection for this as all variables are sent from a previous page which has all values as pre defined values via drop down lists.

have you any idea how i could work this into 2 executable queries?

Share this post


Link to post
Share on other sites

Yeah i know that the AND statement doesn't/wouldn't work i was just struggling for how to run 2 queries.

You just define and run them separately.  2 calls to PDO->prepare, execute, etc.

I don't need to worry about SQL injection for this as all variables are sent from a previous page which has all values as pre defined values via drop down lists.

That's not an excuse, there's no rule that says I need to use your form to send $_GET data to that page.  I can type whatever I want in the URL and your code will use it.  You can validate the values or convert to integers if you want to on the server, but any time you use a variable in your query you should use a prepared statement.  That's the rule.

Share this post


Link to post
Share on other sites

 

1 minute ago, justsomeguy said:

That's not an excuse, there's no rule that says I need to use your form to send $_GET data to that page.  I can type whatever I want in the URL and your code will use it.  You can validate the values or convert to integers if you want to on the server, but any time you use a variable in your query you should use a prepared statement.  That's the rule.

Everything will be changed to post once its working, GET is purely for testing right now.
and everything on the previous page has the security.

Thanks for your help :)

I shall try and sort this out again, and will update

Share this post


Link to post
Share on other sites

Posted (edited)

Any idea where i am going wrong now? -.-

 

<?php

if ($_GET["home"] == $_GET["away"]) {
  header("Location: same.php");
}

// Connection data (server_address, database, name, poassword)
$servername = "localhost";
$username = "username";
$password = "password!";
$db = "database";

if ($_GET["homegoal"] > $_GET["awaygoal"]) {
  $Home=$_GET["home"];
  $Away=$_GET["away"];
  $Goal=$_GET["homegoal"];
  $GoalIn=$_GET["awaygoal"];

  // Connect and create the PDO object
  $conn = new PDO("mysql:host=$servername; dbname=$db", $username, $password);
 
  $sql1 = "UPDATE teams SET Victories = 'Victories' + 1, Points = 'Points' + 3, Played = 'Played' + 1, Made = 'Made' + $Goal, Let = 'Let' + $GoalIn WHERE team = $Home";
  $sql2 = "UPDATE teams SET Defeats = 'Defeats' + 1, Played = 'Played' + 1, Made = 'Made' + $GoalIn, Let = 'Let' + $Goal WHERE team = $Away";
  $count = $conn->exec($sql1, $sql2);

  $conn = null;        // Disconnect
}
catch(PDOException $e) {
  echo $e->getMessage();
}


?>

Edited by danmiddo
Na

Share this post


Link to post
Share on other sites

Everything will be changed to post once its working, GET is purely for testing right now.

Again, there is literally no reason to avoid prepared statements.  I don't have to use your form to do anything.  I can open my browser's developer tools and create a new request to your page and submit whatever post data I want.  Assuming that you can trust the data coming in is probably the #1 major mistake that web programmers make, it's the reason why sites get hacked.  Don't assume that you can trust any data coming in.  What the data is for will depend on how you handle it, if it's going in a database then at a minimum you use a prepared statement to get it there.  If you're going to print it anywhere on a page then you also have to sanitize it against things like cross-site scripting attacks.  If you are expecting numbers, or email addresses, or some type of data, then validate and convert if necessary.  If all of those values you're expecting are numbers then explicitly convert them all to numbers in PHP.  And, really, use prepared statements.  Don't learn how to write PHP code the wrong way, get in the habit of using good practices from the start.

and everything on the previous page has the security.

Assuming that responsibilities for security are somewhere else is how you get into trouble.  With PHP, each request stands alone, they do not depend on other requests.  Security is a responsibility in every request.

Any idea where i am going wrong now?

You're still quoting the column names.  You're telling it to add 1 to the text "Victories".  You don't want text, you want the value in that column.  Don't quote them, quoted things are text.

Also, the exec method only takes 1 parameter:

http://php.net/manual/en/pdo.exec.php

If you're going to use exec you call it once per query, that's what it expects.  You shouldn't use exec though, you should use prepare to prepare your statements with placeholders:

http://php.net/manual/en/pdo.prepare.php

And then call execute to pass the values.  Learn how to do this the right way from the start, there's no reason to even learn the wrong way to do things.

Share this post


Link to post
Share on other sites

Obviously I am more of a novice than i thought..
Any chance you could demonstrate how you would solve this?

Share this post


Link to post
Share on other sites

e.g.:

$stmt = $conn->prepare('UPDATE teams SET Victories = Victories + 1, Points = Points + 3, Played = Played + 1, Made = Made + :goal, Let = Let + :goalin WHERE team = :home');
	$stmt->execute([
	  ':goal' => $Goal, 
	  ':goalin' => $Goalin, 
	  ':home' => $Home
	]);

Share this post


Link to post
Share on other sites

I'm not sure why it indented that so far, but whatever.  Note that you can use any names for the placeholders you want, they don't have to match the variables or anything.

Share this post


Link to post
Share on other sites
1 minute ago, justsomeguy said:

I appreciate your reply,
i can get that part working no issues
my issue is that i need to have 2 queries running
  $sql1 = "UPDATE teams SET Victories = 'Victories' + 1, Points = 'Points' + 3, Played = 'Played' + 1, Made = 'Made' + $Goal, Let = 'Let' + $GoalIn WHERE team = $Home";
  $sql2 = "UPDATE teams SET Defeats = 'Defeats' + 1, Played = 'Played' + 1, Made = 'Made' + $GoalIn, Let = 'Let' + $Goal WHERE team = $Away";

I pull in data for example
Man Utd (home)
3 (goals)

Chelsea (away)

1(goals)

so i need to do 2 updates one for the home team that gets the win and one for the away team that gets the loss.
your example only provides the winning teams Victories, Points, Played, Made, Let
 

 

1 minute ago, justsomeguy said:

 


$stmt = $conn->prepare('UPDATE teams SET Victories = Victories + 1, Points = Points + 3, Played = Played + 1, Made = Made + :goal, Let = Let + :goalin WHERE team = :home');
	$stmt->execute([
	  ':goal' => $Goal, 
	  ':goalin' => $Goalin, 
	  ':home' => $Home
	]);

 

 

Share this post


Link to post
Share on other sites

The other query is just like it.  Prepare the query first with placeholders for your variables, then execute it.  Each of the 6 queries on the page will follow the same format.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now