Jump to content
Larry Ullman's Book Forums

Search the Community

Showing results for tags 'get'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Single Editions
    • Modern Javascript: Develop and Design
    • The Yii Book
    • Effortless Flex 4 Development
    • Building a Web Site with Ajax: Visual QuickProject
    • Ruby: Visual QuickStart Guide
    • C++ Programming: Visual QuickStart Guide
    • C Programming: Visual QuickStart Guide
    • Adobe AIR: Visual QuickPro Guide
  • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (5th Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (4th Edition)
    • PHP 6 and MySQL 5 for Dynamic Web Sites: Visual QuickPro Guide (3rd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (2nd Edition)
    • PHP and MySQL for Dynamic Web Sites: Visual QuickPro Guide (1st Edition)
  • PHP for the Web: Visual QuickStart Guide
    • PHP for the Web: Visual QuickStart Guide (5th Edition)
    • PHP for the Web: Visual QuickStart Guide (4th Edition)
    • PHP for the Web: Visual QuickStart Guide (3rd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (2nd Edition)
    • PHP for the World Wide Web: Visual QuickStart Guide (1st Edition)
  • Effortless E-commerce with PHP and MySQL
    • Effortless E-Commerce with PHP and MySQL (2nd Edition)
    • Effortless E-Commerce with PHP and MySQL
  • PHP Advanced: Visual QuickPro Guide
    • PHP Advanced and Object-Oriented Programming: Visual QuickPro Guide (3rd Edition)
    • PHP 5 Advanced: Visual QuickPro Guide (2nd Edition)
    • PHP Advanced: Visual QuickPro Guide
  • MySQL: Visual QuickStart Guide
    • MySQL: Visual QuickStart Guide (2nd Edition)
    • MySQL: Visual QuickStart Guide (1st Edition)
  • Other
    • Announcements
    • Newsletter, Blog, and Other Topics
    • Forum Issues
    • Social

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Found 3 results

  1. I'm working my way through Chapter 13 and I'm unable to get my edit_quote.php page to work. The error message I'm getting is: I understand that the reason for this is that the script isn't getting a valid ID. I'm just not sure why. Here's my code. I've reviewed it line-by-line a few times, but I'm not seeing the problem: <?php define('TITLE', 'Edit a Quote'); include('templates/header.html'); print '<h2>Edit a Quotation</h2>'; //Restrict access to adminsitrators only. if (!is_administrator()) { print '<h2>Acess Denied!</h2> <p class="error">You do not have permission to access this page.</p>'; include('templates/footer.html'); exit(); } //Need the database connection. include('includes/mysql_connect.php'); if (isset($_GET['id']) && is_numeric($_GET['id']) && ($_GET['id'] > 0)) { // Display the entry in a form. //Define the query. $query = "SELECT quote, source, favorite FROM quotes WHERE quote_id={$_GET['id']}"; if ($r = mysql_query($query, $dbc)) { //Run the query. $row = mysql_fetch_array($r); //retrieve the information. //Make the form. print '<form action="edit_quote.php" method="post"> <p><label>Quote <textarea name="quote" rows="5" cols="30">' .htmlentities($row['quote']). '</textarea></label></p> <p><label>Source <input type="text" name="source" value="'.htmlentities($row['source']). '"/></label></p> <p><label>Is this a favorite? <input type="checkbox" name="favorite" value="yes"'; //Chec the box if it is a favorite. if ($row['favorite'] == 1) { print ' checked ="checked"'; } //Complete the form. print ' /></label></p> <input type="hidden" name="id" value="' .$_GET['id']. '" /> <p><input type="submit" name="submit" value="Update This Quote!" /></p> </form>'; } else { //Couldn't get the infomration. print '<p class="error">Could not retrieve the quotation because:<br/>' .mysql_error($dbc). '.</p> <p>The query being run was: ' .$query. '</p>'; } }elseif (isset($_POST['id']) && is_numeric($_POST['id']) && ($_POST['id'] > 0)) { //Handle the form. //Validate and secure the form data. $problem = FALSE; if (!empty($_POST['quote']) && !empty($_POST['source']) ) { //Prepare the values for storing. $quote = mysql_real_escape_string(trim(strip_tags($_POST['quote'])), $dbc); $source = mysql_real_escape_string(trim(strip_tags($_POST['source'])), $dbc); //Create the "favorite" value. if (isset($_POST['favorite'])) { $favorite = 1; } else { $favorite = 0; } } else { print '<p class="error">Please submit both a quotation and source.</p>'; $problem = TRUE; } if (!$problem) { //Define the query. $query = "UPDATE quotes SET quote='$quote', source='$source', favorite=$favorite WHERE quote_id={$_POST['id']}"; if ($r = mysql_query($query, $dbc)) { print '<p>The quotation has been updated.</p>'; } else { print '<p class="error">Could not update the quotation because:<br/>' .mysql_error($dbc) . '.</p><p>The query being run was" ' .$query. '</p>'; } }// No problem! } else { // No ID set. print '<p class="error">This page has been accessed in error.</p>'; } // End of main IF. mysql_close($dbc); //Close the connection. include('templates/footer.html'); //Include the footer. ?> Thanks!
  2. Hi, I have a script that works OK but I'm not sure if it's by design or by accident. On pages 91 through 94, Larry advises on how to use PHP redux, a technique that I use often. Here's my scenario: I have a PHP script, let's call it script one, that calls PHP script 2 and passes a key value to it. I test for a key value as the first thing in script 2 via 'if (isset($GET['key']))' and retrieve its value. This works fine. Then script 2 uses that key value to populate a form with values from a database select. The user is able to change any of the values in the form. Script 2 then calls itself via PHP redux. Now this is the part that I don't quite understand. The form is method=POST and that same key value is included in the form via an input type=hidden, a name of 'key', and the value via a PHP echo. But the test for isset($GET['key']) still works and retrieves the correct value for key. But the form is POST? On the URL for the redux-called script two I can see the '?key=key-value suffix. Can someone please help me understand this? Thank you in anticipation.
  3. Hi all, I've created a search page on my website with pagination from the book. If a search is entered with an apostrophe, the first time the search page (and sticky form value) is loaded, it looks fine, but as you click on each of the page links, the apostrophe is escaped again, adding slashes into the form value and the url: Initial search of Mother's Day: http://aqualee.com/n...=Mother%27s+Day After clicking back & forth on the previous/next page links a couple times: http://aqualee.com/new/search.php?keyword=Mother\\\\\\\'s%20Day&s=6&p=2 My best guess is that it's applying htmlspecialchars (for the page title & form value) and/or mysqli_real_escape_string (for the keyword in the url) with each page load, but I can't figure out the logic in how to avoid that while keeping the data safe. This update to my site is my first foray into PHP or SQL, and I have as much experience in programming as a semester in C++ can give you. Here's the relevant code (I think!)... $show_keyword is set and used in the title and form value here // set page title if (isset($_GET['keyword'])) { $show_keyword = htmlspecialchars($_GET['keyword']); } $page_title = 'Search results for '.$show_keyword.' greeting cards by Aqua Lee'; include ('header.html'); // create text form to search with sticky value echo '<form action="search.php" method="GET"> <label>Search: <input type="text" name="keyword" size="20" maxlength="50" value="'.$show_keyword.'" /></label> <input type="submit" value="Search" /></form>'; $search_term is set & escaped here // validate and secure user entry if (!empty($_GET['keyword']) ) { $search_term = mysqli_real_escape_string($dbcon, trim($_GET['keyword']) ); } $search_term is used in the urls where extra slashes show # create pagination links // Make the links to other pages, if necessary. if ($pages > 1) { echo '<br /><p>'; $current_page = ($start/$display) + 1; // If it's not the first page, make a Previous button: if ($current_page != 1) { echo '<a href="search.php?keyword='.$search_term.'&s=' . ($start - $display) . '&p=' . $pages. /*. '&sort=' . $sort . */'">Previous</a> '; } // Make all the numbered pages: for ($i = 1; $i <= $pages; $i++) { if ($i != $current_page) { echo '<a href="search.php?keyword='.$search_term.'&s=' . (($display * ($i - 1))) . '&p=' . $pages./* . '&sort=' . $sort . */'">' . $i . '</a> '; } else { echo $i . ' '; } } // End of FOR loop. // If it's not the last page, make a Next button: if ($current_page != $pages) { echo '<a href="search.php?keyword='.$search_term.'&s=' . ($start + $display) . '&p=' . $pages./* . '&sort=' . $sort . */'">Next</a>'; } echo '</p>'; } Can you tell me where the redundancy is, if that's the problem? Do I even need to escape the form input if I'm just displaying it in the title or in the form? I read about some similar problems with apostrophe, and magic quotes were suggested to be the culprit...they are turned off in my php.ini file. Thanks for taking a look!! -Marilee
×
×
  • Create New...