Jump to content

Adding data...


2old2learn?
 Share

Recommended Posts

I think I forgot a closing paren on the next line. Can you show us the whole code as updates/changes have been made?edit: birbal does bring up a good point about empty. the foreach can be used to check for either case however.
I think this is right, I went birbal's way for now..for now just want to make it easy for me to understand..once I really know alot more then I can get more into it..Hope this is rightMy form_validation.php
<html><head><title>form_validation</title></head><body><?phpif (isset($_POST['id'],$_POST['srnumber'],$_POST['tenant'],$_POST['floor'],$_POST['tower'],$_POST['job_description'],$_POST['labour_cost'],$_POST['material_cost'],$_POST['date_twa_sent_to_tenant'],$_POST['date_twa_approved'],$_POST['date_parts_ordered'],$_POST['supplier'],$_POST['date_job_completed'],$_POST['date_billing_given_to_accounting'])  echo "succesful form submission. initialize DB connection .....";  $con = mysql_connect("localhost","root","");  mysql_select_db("tecicc", $con);}  if (!$con){ { die('Could not connect: ' . mysql_error()); }; echo "connection initialized....."; };?></body></html>

So is this right or did I do it wrong again..??

Link to comment
Share on other sites

  • Replies 251
  • Created
  • Last Reply

Top Posters In This Topic

sure. the foreach loop means it will check every member of POST for you, so you don't have to write out such a long if statement.edit: but when using isset, you would want to write it this way

$formValid = true;<?phpforeach($_POST as $key => $value){  if(!isset($_POST[$key])){	$formValid = false;  };};?>

Edited by thescientist
Link to comment
Share on other sites

sure. the foreach loop means it will check every member of POST for you, so you don't have to write out such a long if statement.
Understood..okay tested and get error message of >>> " Parse error: syntax error, unexpected T_ECHO in C:\xampp\htdocs\icc\form_validation.php on line 9 "this is line 9
echo "succesful form submission. initialize DB connection .....";

Link to comment
Share on other sites

Understood..okay tested and get error message of >>> " Parse error: syntax error, unexpected T_ECHO in C:\xampp\htdocs\icc\form_validation.php on line 9 "this is line 9
echo "succesful form submission. initialize DB connection .....";

show the whole code. Often the errors are on the line before. (because the interpreter ignores whitespace, and get's flumuxed when it gets to the next line without having run into an expected ending quote, paren, curly brace, semicolon, etc and gives that line number as the line with the error, silly but it kind of makes since. :) ).edit: btw, I noticed this is on form_validation.php. For now you should just being doing this on one page, unless you were creating some sort of library/class for form validating and you wanted to include that into the code. what we've got right now is enough to go in one script. Edited by thescientist
Link to comment
Share on other sites

show the whole code. Often the errors are on the line before. (because the interpreter ignores whitespace, and get's flumuxed when it gets to the next line without having run into an expected ending quote, paren, curly brace, semicolon, etc and gives that line number as the line with the error, silly but it kind of makes since. :) ).edit: btw, I noticed this is on form_validation.php. For now you should just being doing this on one page, unless you were creating some sort of library/class for form validating and you wanted to include that into the code. what we've got right now is enough to go in one script.
Okay here is my form_validation.php code...
<html><head><title>form_validation</title></head><body><?phpif (isset($_POST['id'],$_POST['srnumber'],$_POST['tenant'],$_POST['floor'],$_POST['tower'],$_POST['job_description'],$_POST['labour_cost'],$_POST['material_cost'],$_POST['date_twa_sent_to_tenant'],$_POST['date_twa_approved'],$_POST['date_parts_ordered'],$_POST['supplier'],$_POST['date_job_completed'],$_POST['date_billing_given_to_accounting'])  echo "succesful form submission. initialize DB connection .....";  $con = mysql_connect("localhost","root","");  mysql_select_db("tecicc", $con);}  if (!$con){ { die('Could not connect: ' . mysql_error()); }; echo "connection initialized....."; };?></body></html>

Link to comment
Share on other sites

yeah, you don't have an opening curly brace at the end of the long if statement. look like you have further down, after

if(!$con){

I'm not sure you are including the script in the way you think you are. It's a little awkward to be including more (opening) HTML tags into it, because you had HTML tags in your main script. For now, I would make it less confusing by having this entire script be in one script file.

Link to comment
Share on other sites

yeah, you don't have an opening curly brace at the end of the long if statement. look like you have further down, after
if(!$con){

I'm not sure you are including the script in the way you think you are. It's a little awkward to be including more (opening) HTML tags into it, because you had HTML tags in your main script. For now, I would make it less confusing by having this entire script be in one script file.

okay...thanks
Link to comment
Share on other sites

yeah, you don't have an opening curly brace at the end of the long if statement. look like you have further down, after
if(!$con){

I'm not sure you are including the script in the way you think you are. It's a little awkward to be including more (opening) HTML tags into it, because you had HTML tags in your main script. For now, I would make it less confusing by having this entire script be in one script file.

Okay I have been at this all day so..I guess I just can't see it.." { " as you say..where should it go.???
<html><head><title>form_validation</title></head><body><?phpif (isset($_POST['id'],$_POST['srnumber'],$_POST['tenant'],$_POST['floor'],$_POST['tower'],$_POST['job_description'],$_POST['labour_cost'],$_POST['material_cost'],$_POST['date_twa_sent_to_tenant'],$_POST['date_twa_approved'],$_POST['date_parts_ordered'],$_POST['supplier'],$_POST['date_job_completed'],$_POST['date_billing_given_to_accounting'])  echo "succesful form submission. initialize DB connection .....";  $con = mysql_connect("localhost","root","");  mysql_select_db("tecicc", $con);}  if (!$con){ { die('Could not connect: ' . mysql_error()); }; echo "connection initialized....."; };?></body></html>

after this I am in need of a big computer break....gonna watch Hockey Playoffs..for couple of hours..thanks..

Link to comment
Share on other sites

actually, I think you have some other odd placements of things as well.

<?phpif (isset($_POST['id'],$_POST['srnumber'],$_POST['tenant'],$_POST['floor'],$_POST['tower'],$_POST['job_description'],$_POST['labour_cost'],$_POST['material_cost'],$_POST['date_twa_sent_to_tenant'],$_POST['date_twa_approved'],$_POST['date_parts_ordered'],$_POST['supplier'],$_POST['date_job_completed'],$_POST['date_billing_given_to_accounting']) ){  // missing a closing paren ) and opening curly brace { here  echo "succesful form submission. initialize DB connection .....";  $con = mysql_connect("localhost","root","");  mysql_select_db("tecicc", $con);} // there's an extra } here//and an extra { here  if (!$con){	die('Could not connect: ' . mysql_error());  };  echo "connection initialized.....";};?>

the whole thing fixed

<?phpif(isset($_POST['id'],$_POST['srnumber'],$_POST['tenant'],$_POST['floor'],$_POST['tower'],$_POST['job_description'],$_POST['labour_cost'],$_POST['material_cost'],$_POST['date_twa_sent_to_tenant'],$_POST['date_twa_approved'],$_POST['date_parts_ordered'],$_POST['supplier'],$_POST['date_job_completed'],$_POST['date_billing_given_to_accounting'])){  echo "succesful form submission. initialize DB connection .....";  $con = mysql_connect("localhost","root","");  mysql_select_db("tecicc", $con);  if (!$con){	die('Could not connect: ' . mysql_error());  };  echo "connection initialized.....";};?>

Edited by thescientist
Link to comment
Share on other sites

actually, I think you have some other odd placements of things as well.
<?phpif (isset($_POST['id'],$_POST['srnumber'],$_POST['tenant'],$_POST['floor'],$_POST['tower'],$_POST['job_description'],$_POST['labour_cost'],$_POST['material_cost'],$_POST['date_twa_sent_to_tenant'],$_POST['date_twa_approved'],$_POST['date_parts_ordered'],$_POST['supplier'],$_POST['date_job_completed'],$_POST['date_billing_given_to_accounting']) ){  // missing a closing paren ) and opening curly brace { here  echo "succesful form submission. initialize DB connection .....";  $con = mysql_connect("localhost","root","");  mysql_select_db("tecicc", $con);} // there's an extra } here//and an extra { here  if (!$con){	die('Could not connect: ' . mysql_error());  };  echo "connection initialized.....";};?>

the whole thing fixed

<?phpif(isset($_POST['id'],$_POST['srnumber'],$_POST['tenant'],$_POST['floor'],$_POST['tower'],$_POST['job_description'],$_POST['labour_cost'],$_POST['material_cost'],$_POST['date_twa_sent_to_tenant'],$_POST['date_twa_approved'],$_POST['date_parts_ordered'],$_POST['supplier'],$_POST['date_job_completed'],$_POST['date_billing_given_to_accounting'])){  echo "succesful form submission. initialize DB connection .....";  $con = mysql_connect("localhost","root","");  mysql_select_db("tecicc", $con);  if (!$con){	die('Could not connect: ' . mysql_error());  };  echo "connection initialized.....";};?>

Thanks..added your fix..it probably would have taken me days to see it..thanks...tested and no error's..I knew this was the right place to learn...Cheers....now will take that break away from computer...
Link to comment
Share on other sites

LOL okay did a test of my form and pressed submit " Button " and it adds a empty row..even though no entries of data were entered...Also someone mentioned that I should not enter data via _$POST unless doing this. First thing never input data into a database directly from $_POST without applying mysql_real_escape_string on each $_POST element.

$safe_to_enter = mysql_real_escape_string($_POST['field']);

Any answers...

Link to comment
Share on other sites

LOL okay did a test of my form and pressed submit " Button " and it adds a empty row..even though no entries of data were entered...Also someone mentioned that I should not enter data via _$POST unless doing this. First thing never input data into a database directly from $_POST without applying mysql_real_escape_string on each $_POST element.
$safe_to_enter = mysql_real_escape_string($_POST['field']);

Any answers...

please post your full code each time things have changed and a new problem presents itself. Edited by thescientist
Link to comment
Share on other sites

Okay its not that I'm getting an error message..what happens is when I go to say my entry form and click " Submit " it then says " 1 Record Added " even though nothing has been entered into any of the fields..

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>insert.php</title><link rel="stylesheet" type="text/css" href="/icc/skins/My_Start_Style.css" /></head><body><?php $con = mysql_connect("localhost","root",""); if (!$con)   {   die('Could not connect: ' . mysql_error());   } mysql_select_db("tecicc", $con); $sql="INSERT INTO twal ( id, srnumber, tenant, floor, tower, job_description, labour_cost, material_cost, date_twa_sent_to_tenant, date_twa_approved, date_parts_ordered, supplier, date_job_completed, date_billing_given_to_accounting) values ('$_POST[id]','$_POST[srnumber]','$_POST[tenant]','$_POST[floor]','$_POST[tower]','$_POST[job_description]','$_POST[labour_cost]','$_POST[material_cost]','$_POST[date_twa_sent_to_tenant]','$_POST[date_twa_approved]','$_POST[date_parts_ordered]','$_POST[supplier]','$_POST[date_job_completed]','$_POST[date_billing_given_to_accounting]')";if (!mysql_query($sql,$con))   {   die('Error: ' . mysql_error());   } echo "1 record added"; mysql_close($con); ?> </body></html>

I think that unless someone fills in all the data into to all the fields it should return and error telling user input missing or something like that...

Link to comment
Share on other sites

Okay its not that I'm getting an error message..what happens is when I go to say my entry form and click " Submit " it then says " 1 Record Added " even though nothing has been entered into any of the fields.....I think that unless someone fills in all the data into to all the fields it should return and error telling user input missing or something like that...
yeah, that's kind of what I've been trying to tell you.
you should show us the form, but basically what everyone is trying to get is you need to be validating your inputs. you are just assuming they are coming over the wire. the best thing you can do when testing forms is to verify the data. The simplest way is to add this at the top of your insert script (ideallu right after <?php).
var_dump($_POST);

Make sure you are getting what you expect first. After that, you should be checking that all your inputs have been filled out. The best way is to usually write a script on the client side (i.e. javascript) as an initial form of validation to make sure all inputs have been filled out, that they are all numbers if they need to be numbers, are certain lengths, etc. Catching it at this point means you can give feedback before the form is even sent to the insert script.The next way to validate is to go through each member of the $_POST array and check that none of them are empty. For example, you could use a loop

$formValid = true;foreach($_POST as $key => $value){  if(empty($_POST[$key]){	$formValid = false;  };};if($formValid){  //create query and execute call to the database}else{  echo ' sorry, there was a problem with the form.  please try again';};

something like that. either way, after you verify that your form is actually submitting the data correctly, you should be checking for the integrity of that data somehow before just sending it off to the database.

I was thinking more like my post
$formValid = true;<?phpforeach($_POST as $key => $value){  if(empty($_POST[$key]){	$formValid = false;  };};if($formValid){  //create query and execute call to the database}else{  echo ' sorry, there was a problem with the form.  please try again';};?>

where if formValid == true if($formValid), then you would want to execute your database connection/insert code. For the sake of an example, I just used a comment.edit: the point is that you validate everything first, if it passes whatever criteria you deem passable, then do the database stuff, else you send a message back to the user.

sure. the foreach loop means it will check every member of POST for you, so you don't have to write out such a long if statement.edit: but when using isset, you would want to write it this way
$formValid = true;<?phpforeach($_POST as $key => $value){  if(!isset($_POST[$key])){	$formValid = false;  };};?>

Link to comment
Share on other sites

yeah, that's kind of what I've been trying to tell you.
I should've know to listen to you...lol Okay is the last code the one that works...that I can use in my form_validation.php file????
Link to comment
Share on other sites

like I've been saying, it's probably just easier to keep this all in one script. the foreach loop is only a few extra lines of code.

Link to comment
Share on other sites

like I've been saying, it's probably just easier to keep this all in one script. the foreach loop is only a few extra lines of code.
yea I hear you on that..but I think for me to easily learn and remember I like to do several doc's..
$formValid = true;<?phpforeach($_POST as $key => $value){  if(!isset($_POST[$key])){	$formValid = false;  };};?>

is this one the correct one to use???

Link to comment
Share on other sites

yea I hear you on that..but I think for me to easily learn and remember I like to do several doc's..
$formValid = true;<?phpforeach($_POST as $key => $value){  if(!isset($_POST[$key])){	$formValid = false;  };};?>

is this one the correct one to use???

ok, I'm not sure how the code spread over multiple pages would allow you to see the bigger picture, but to each his own I suppose, just make sure you understand exactly how include works. (it literally puts the code right in, so it won't need any html or anything, just scripts.) but yes, that snippet should be fine. So I guess from now on make sure you include both scripts when posting if you are having any problems.
Link to comment
Share on other sites

ok, I'm not sure how the code spread over multiple pages would allow you to see the bigger picture, but to each his own I suppose, just make sure you understand exactly how include works. (it literally puts the code right in, so it won't need any html or anything, just scripts.) but yes, that snippet should be fine. So I guess from now on make sure you include both scripts when posting if you are having any problems.
okay gotcha..
Link to comment
Share on other sites

very significant. you want to use it on all data that will be put in a query. Let's just take it one step at a time. let's just get your script to check that all the inputs are there and to report an error if it isn't. In the part of the code that makes the connection and creates the query, right before the $_POST values get used is where you want to use mysql_real_escape string.

Link to comment
Share on other sites

okay clicking " Submit " still add a record even though no entries made into the fieldsForm_Validation

<?php$formValid = false;?><?phpforeach($_POST as $key => $value){  if(!isset($_POST[$key])){	$formValid = false;  };};?>

Insert code

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>insert.php</title><link rel="stylesheet" type="text/css" href="/icc/skins/My_Start_Style.css" /></head><body><?php $con = mysql_connect("localhost","root",""); if (!$con)   {   die('Could not connect: ' . mysql_error());   } mysql_select_db("tecicc", $con); $sql="INSERT INTO twal ( id, srnumber, tenant, floor, tower, job_description, labour_cost, material_cost, date_twa_sent_to_tenant, date_twa_approved, date_parts_ordered, supplier, date_job_completed, date_billing_given_to_accounting) values ('$_POST[id]','$_POST[srnumber]','$_POST[tenant]','$_POST[floor]','$_POST[tower]','$_POST[job_description]','$_POST[labour_cost]','$_POST[material_cost]','$_POST[date_twa_sent_to_tenant]','$_POST[date_twa_approved]','$_POST[date_parts_ordered]','$_POST[supplier]','$_POST[date_job_completed]','$_POST[date_billing_given_to_accounting]')";if (!mysql_query($sql,$con))   {   die('Error: ' . mysql_error());   } echo "1 record added"; mysql_close($con); ?> </body></html>

Link to comment
Share on other sites

very significant. you want to use it on all data that will be put in a query. Let's just take it one step at a time. let's just get your script to check that all the inputs are there and to report an error if it isn't. In the part of the code that makes the connection and creates the query, right before the $_POST values get used is where you want to use mysql_real_escape string.
yea, i understand baby steps...first
Link to comment
Share on other sites

Just to show you I am trying my best and too show that..I found what I believe what you are trying to show me what the file should do..tell me if I am correct with this script..found this while reading up Php&MySQL book

<?phpforeach ($_POST as $value){ if( $value == ** ) {  echo "You have not filled in all the fields<br>\n";  display the form;  exit(); }}echo "Welcome";

is this what you are saying

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...