Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hi Larry,

 

First let me thank you for a great book, out of the four I have I think I understand yours the most.

 

I am trying to use your examples in my own work but I have stummbled across a problem that I cant figure out. I am sure the problem is a simple one but I have been banging my head against a brick wall for days and I cant see the answer, though I know what the problem is.

 

The problem I have is with session information not being passed from the login page back to my index page. If I get the login page to display the session variables there all displayed. Once the page is redirected to the index page they are lost.

 

I hope that all makes sense, it doesnt really to me :)

 

Lee

Link to comment
Share on other sites

Programming can definitely be frustrating. It's best to know that from the get-go. Personally, I like the problem solving aspect of it. And if you program enough, there are so many problems to solve!

Link to comment
Share on other sites

Hello me again!!

 

I have come across something that I dont think is mentioned in your book, but I havent quite finished it yet.

 

I would like to write a SQL insert line in my code that contains data from several select sources and a date from from three values and I am not sure how to do it.

 

So i have the following

 

the user_is pulled from $_SESSION from the login

 

A couple of text fields filled in by the user

 

A date field made from a three drop down select fields, like date of birth. I am nure sure how to write that into the single date SQL field.

 

Another field with pulls information from another database and the user picks from the list in a select field.

 

I hope the above makes sense.

Link to comment
Share on other sites

It's really best to start a new topic for this as its not related to your original login.php query.

 

Can you be a bit more specific where the data is coming from - if it is all coming from the same form, you can access it via the $_POST global array as long as you've set up the form fields with name attributes e.g.

 

$q = "INSERT INTO table (user_id, email, address1, address2, city, postcode) VALUES ($_SESSION['user_id'], $_POST['email'], $_POST['city'], $_POST['postcode'])";

 

For the text fields you may want to consider assigning them to variables and using mysqli_real_escape_string for security reasons.

 

For the date field, there are a couple of ways you could do this - look in the php manual for the different date functions it offers and consider the implode function.

  • Upvote 1
Link to comment
Share on other sites

Thanks Margaux, your post helped me alot. I still seem to have a problem with dates getting inserted using the INSERT. I know I should start a new thread but seeing as I have started it here maybe I should continue.

 

I have three drop down boxes using a select form. My array gets populated correctly, I then use the following code to make just a number

$mdate = date("Ymd", mktime(0, 0, 0, $mn, $dt, $yr));

 

Looking in the array the above seems to work.

 

Here is the insert command that I use, forget everything else other than mdate bit.

$q = "INSERT INTO bird (user_id, bird_name, sex, species_id, ringno, dob) VALUES ($_SESSION[user_id], '$_POST[bird_name]', '$_POST[sex]', $_POST[species_id], '$_POST[ringno]', '$_POST[mdate]')";

 

The error I get is as below

 

[page_title] => add_bird

[bn] => Dorris

[sex] => Female

[sp] => 4

[dt] => 31

[mn] => 10

[yr] => 2011

[mdate] => 20111031

[md] =>

[rn] => THC3547

)

 

#0 my_error_handler(8, Undefined index: mdate, /home/sites/falconrylogs.co.uk/public_html/test_add_bird.php, 110, Array ([GLOBALS] => Array ( *RECURSION*,[_POST] => Array ([bird_name] => Dorris,[sex] => Female,[species_id] => 4,[day] => 31,[month] => 10,[year] => 2011,[ringno] => THC3547,[breeder] => ,[mentor] => ,[submit] => Add bird to database),[_GET] => Array (),[_COOKIE] => Array ([phpSESSID] => tnfk6q3pbn19fvhine0pgs8ho4),[_FILES] => Array (),[_SERVER] => Array ([PATH] => /usr/local/bin:/usr/bin:/bin,[HTTP_HOST] => www.falconrylogs.co.uk,[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2,[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,[HTTP_ACCEPT_LANGUAGE] => en-gb,en;q=0.5,[HTTP_ACCEPT_ENCODING] => gzip, deflate,[HTTP_CONNECTION] => keep-alive,[HTTP_REFERER] => http://www.falconrylogs.co.uk/test_add_bird.php?,[HTTP_COOKIE] => PHPSESSID=tnfk6q3pbn19fvhine0pgs8ho4,[CONTENT_TYPE] => application/x-www-form-urlencoded,[CONTENT_LENGTH] => 126,[sERVER_SIGNATURE] => Apache/2 Server at www.falconrylogs.co.uk Port 80

Thank you for your help in this frustrating matter.

Link to comment
Share on other sites

Thanks for the thanks.

 

The error message is giving you some clues by reflecting the variables you've created, but these are variables and it looks like you're using a variable as a $_POST index. Have you set up a field in your form with the name mdate? The error handler shows you the $_POST variables - you have $_POST[bird_name}, $_POST[species_id], $_POST[day] etc. You have to pass mdate in another way or use your mysql statement to manipulate day, month, year. Since you already have a session, how about $_SESSION['dob'] = date("Ymd", mktime(0, 0, 0, $mn, $dt, $yr)); and then your insert statement could be

$q = "INSERT INTO bird (user_id, bird_name, sex, species_id, ringno, dob) VALUES ($_SESSION['user_id], $_POST['bird_name'], $_POST['sex'], $_POST['species_id'], $_POST['ringno'], '$_SESSION['dob'])";

Also make sure you've got the quotes in the right place - e.g. instead of '$_POST[birdname]' it should be $_POST['bird_name']

  • Upvote 1
Link to comment
Share on other sites

Again thank you for your reply and for the way you have written it. As a newbie its good when it gets written in a way that is understood. However, the formatting of my INSERT command is the only way I can get it to work.

Setting the INSERT command as you have suggested produces an error like this.

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING.

 

Perhaps it would useful to show the code for the whole page.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Falconry Logs</title>
<style type="text/css">
<!--
-->
</style>
<link href="styles/mystyles.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="container">
 <div class="header"><a href="#"><img src="Images/logo.jpg" width="961" height="100" alt="Logo" /></a>
</div>
 <div class="sidebar1">
<?php
  // ob_start();
  session_start();

  if($_SESSION['user_id'] > '1'){
  include('includes/navbar1.inc.php');
} else {
  include('includes/navbar.inc.php');
}
  ?>
</div>
 <div class="content">

<?php
require ('includes/config.inc.php');
require (MYSQL);
$page_title = 'add_bird';

  if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.

 // Validate the Bird Name
 if (!empty($_POST['bird_name'])) {
  $bn = mysqli_real_escape_string ($dbc, $_POST['bird_name']);
 } else {
  $bn = FALSE;
  echo '<p class="error">You forgot to enter a birdname!</p>';
 }

 // Validate the Sex
 if (!empty($_POST['sex'])) {
  $sex = mysqli_real_escape_string ($dbc, $_POST['sex']);
 } else {
  $sex = FALSE;
  echo 'p class="error">Please enter the birds sex!</p>';
 }

 // Validate the birds species
 if (!empty($_POST['species_id'])) {
 $sp = mysqli_real_escape_string ($dbc, $_POST['species_id']);
 } else {
 $sp = FALSE;
 echo '<p class="error">You forgot to specify the species!</p>';
 }

 // Validate the day
 if (!empty($_POST['day'])) {
  $dt = mysqli_real_escape_string ($dbc, $_POST['day']);
 } else {
  $dt = FALSE;
  echo '<p class="error"> You forgot to enter the day!</p>';
 }

 // Validate the Month
 if (!empty($_POST['month'])) {
  $mn = mysqli_real_escape_string ($dbc, $_POST['month']);
 } else {
  $mn = FALSE;
  echo '<p class="error"> You forgot to enter the month!</p>';
 }

 // Validate the Year
 if (!empty($_POST['year'])) {
  $yr = mysqli_real_escape_string ($dbc, $_POST['year']);
 } else {
  $yr = FALSE;
  echo '<p class="error">You forgot to enter the year!</p>';
 }

 // Setup Date
 $_SESSION['dob'] = date("Ymd", mktime(0, 0, 0, $mn, $dt, $yr));
 //if (($_POST['day'] > 0) and ($_POST['month'] > 0) and ($_POST['year'] > 0)) {
 //$mdate = "$_POST[$yr]-$_POST[$mn]-$_POST[$dt]";
 //} else {
 // die("Invalid date values supplied.");
 //}

 // Validate Date
 if (!empty($_POST['$mdate'])) {
  $md = mysqli_real_escape_string ($dbc, $_POST['$mdate']);
 } else {
  $md = FALSE;
  echo '<p class="error">Date didnt work!!</p>';
 }

 // Validate the Ring Number
 if (!empty($_POST['ringno'])) {
  $rn = mysqli_real_escape_string ($dbc, $_POST['ringno']);
 } else {
  $rn = FALSE;
  echo '<p class="error">You forgot to enter the Ring Number!</p>';
 }

 // Check everything is okay
 if ($bn && $sex && $sp) {

  // Add the bird to the database:
  $mdate = date("Ymd", mktime(0, 0, 0, $mn, $dt, $yr));
  //$q = "INSERT INTO bird (user_id, bird_name, sex, species_id, ringno, dob) VALUES ($_SESSION[user_id], '$_POST[bird_name]', '$_POST[sex]', $_POST[species_id], '$_POST[ringno]', '$_POST[dob]')";
  $q = "INSERT INTO bird (user_id, bird_name, sex, species_id, ringno, dob) VALUES ($_SESSION['user_id], $_POST['bird_name'], $_POST['sex'], $_POST['species_id'], $_POST['ringno'], $_SESSION['dob'])";
  $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
  if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.

  // Finish the page
  echo '<h3>Bird Added</h3>';
  exit();

  } else {

// If it did not run OK.
echo '<p class="error">Its gone horribly wrong!!.</p>';
  }
} else { // If one of the data tests failed.
echo '<p class="error">Please try again.</p>';
}
// mysqli_close($dbc);
}
// End of the main Submit conditional.
?>
  <h3 align="left" class="style2">Add your bird(s) to the database</h3>
<form action="test_add_bird.php" method="post">
<p><b>Bird Name:</b> <input type="text" name="bird_name" size="30" maxlength="30" /></p>
<p><b>Sex:</b> <select name="sex"> <option value="Female">Female</option> <option value="Male">Male</option> </select>
<p><b>Species:</b>
<?php
$q1 = ("SELECT common_name, species_id FROM species");
$r1 = mysqli_query($dbc, $q1);
?>
<select id="species_id" name="species_id">  
<option value=''></option>  
 <?php
while ($row = mysqli_fetch_array($r1))
{	  
echo "<option value=\"".$row['species_id']."\">".$row['common_name']."</option>\n  ";
  }  
  ?> </select>

<p><b>Date of birth / Ownership:<br /> Day:</b><select name="day" >
<option value='01'>01</option>
<option value='02'>02</option>
<option value='03'>03</option>
<option value='04'>04</option>
<option value='05'>05</option>
<option value='06'>06</option>
<option value='07'>07</option>
<option value='08'>08</option>
<option value='09'>09</option>
<option value='10'>10</option>
<option value='11'>11</option>
<option value='12'>12</option>
<option value='13'>13</option>
<option value='14'>14</option>
<option value='15'>15</option>
<option value='16'>16</option>
<option value='17'>17</option>
<option value='18'>18</option>
<option value='19'>19</option>
<option value='20'>20</option>
<option value='21'>21</option>
<option value='22'>22</option>
<option value='23'>23</option>
<option value='24'>24</option>
<option value='25'>25</option>
<option value='26'>26</option>
<option value='27'>27</option>
<option value='28'>28</option>
<option value='29'>29</option>
<option value='30'>30</option>
<option value='31'>31</option>
</select>
<b>Month:</b><select name="month" >
<option value='01'>January</option>
<option value='02'>February</option>
<option value='03'>March</option>
<option value='04'>April</option>
<option value='05'>May</option>
<option value='06'>June</option>
<option value='07'>July</option>
<option value='08'>August</option>
<option value='09'>September</option>
<option value='10'>October</option>
<option value='11'>November</option>
<option value='12'>December</option>
</select>
<b>Year:</b><input type="text" name="year" size=4 value=2011>
</select>
<p><b>Ring Number:</b> <input type="text" name="ringno" size="30" maxlength="30" /></p>
<p><b>Breeder</b> (Optional): <input type="text" name="breeder" size="30" maxlength="30" /></p>
<p><b>Mentor</b>  (Optional):<input type="text" name="mentor" size="30" maxlength="30" /></p>
</p>
  <div align="center"><input type="submit" name="submit" value="Add bird to database" /></div>
</form>
 </div>
 <div class="footer">
<p>
<?php include('./includes/footer.inc.php'); ?>
</p>
</div>
 </div>
</body>
</html>

Link to comment
Share on other sites

I'm a little confused by your code so maybe I didn't understand the original question. Is all this going on in the same test_add_bird.php file? Just before the insert you create $mdate and then don't use it. It looks like you've created a few variables that you're not using e.g. $rn, $bn which you've used real_escape_string on presumably to insert clean data in the database. Why don't you use these variables in your INSERT statement? If you've tested it thoroughly and it does what you want, then maybe I'm missing something.

 

Also there was an error in my previous code, an extra single quote - apologies for that!

  • Upvote 1
Link to comment
Share on other sites

The test_add_bird.php will become the add_bird.php once I have it working as intended. As I say I am very new to this so I have probably made many mistakes and I am probably not explaining myself very well due to my lack of understanding.

 

I had copied the code from examples in the book and tried to modify it to my needs but I keep hitting brick walls because my understand is insufficient and I make many changes trying to fix things, so there is code that is not required. I would like to use the cleaned variables but I cant figure out how to get it to work and I am finding my lack of progress frustrating.

 

If your happy to take the time to help me then I would be grateful because I clearly need a eurika moment.

 

Here is my code that seems to do what I need but not using the cleaned variables.

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Bird Registration - Page 1</title>
<style type="text/css">
<!--
-->
</style>
<link href="styles/mystyles.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div class="container">
 <div class="header"><a href="#"><img src="Images/logo.jpg" width="961" height="100" alt="Logo" /></a>
   </div>
 <div class="sidebar1">
   <?php
  // ob_start();
  session_start();

  if($_SESSION['user_id'] > '1'){
  include('includes/navbar1.inc.php');
} else {
  include('includes/navbar.inc.php');
} 
  ?>
   </div>
 <div class="content"> 

<?php
require ('includes/config.inc.php');
require (MYSQL);
$page_title = 'add_bird';

 // Form Data Script

  if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.

 // Validate the Bird Name
 if (!empty($_POST['bird_name'])) {
  $bn = mysqli_real_escape_string ($dbc, $_POST['bird_name']);
 } else {
  $bn = FALSE;
  echo '<p class="error">You forgot to enter a birdname!</p>';
 }

 // Validate the Sex
 if (!empty($_POST['sex'])) {
  $sex = mysqli_real_escape_string ($dbc, $_POST['sex']);
 } else {
  $sex = FALSE;
  echo 'p class="error">Please enter the birds sex!</p>';
 }

 // Validate the birds species
 if (!empty($_POST['species_id'])) {
 $sp = mysqli_real_escape_string ($dbc, $_POST['species_id']);
 } else {
 $sp = FALSE;
 echo '<p class="error">You forgot to specify the species!</p>';
 }

 // Validate the day
 if (!empty($_POST['day'])) {
  $dt = mysqli_real_escape_string ($dbc, $_POST['day']);
 } else {
  $dt = FALSE;
  echo '<p class="error"> You forgot to enter the day!</p>';
 }

 // Validate the Month
 if (!empty($_POST['month'])) {
  $mn = mysqli_real_escape_string ($dbc, $_POST['month']);
 } else {
  $mn = FALSE;
  echo '<p class="error"> You forgot to enter the month!</p>';
 }

 // Validate the Year
 if (!empty($_POST['year'])) {
  $yr = mysqli_real_escape_string ($dbc, $_POST['year']);
 } else {
  $yr = FALSE;
  echo '<p class="error">You forgot to enter the year!</p>';
 }

 // Setup Date
 $_POST['dob'] = date("Ymd", mktime(0, 0, 0, $mn, $dt, $yr));

 // Validate Date
 if (!empty($_POST['dob'])) {
  $md = mysqli_real_escape_string ($dbc, $_POST['dob']);
 } else {
  $md = FALSE;
  echo '<p class="error">Date didnt work!!</p>';
 }

 // Validate the Ring Number
 if (!empty($_POST['ringno'])) {
  $rn = mysqli_real_escape_string ($dbc, $_POST['ringno']);
 } else {
  $rn = FALSE;
  echo '<p class="error">You forgot to enter the Ring Number!</p>';
 }

 // Check everything is okay
 if ($bn && $sex && $sp && $md) {

  // Add the bird to the database:
  $q = "INSERT INTO bird (user_id, bird_name, sex, species_id, ringno, dob) VALUES ($_SESSION[user_id], '$_POST[bird_name]', '$_POST[sex]', $_POST[species_id], '$_POST[ringno]', '$_POST[dob]')";

  $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
  if (mysqli_affected_rows($dbc) == 1) { // If it ran OK.

  // Finish the page
  header('Location: test_add_bird_2.php');
  exit();

  } else {

   // If it did not run OK.
   echo '<p class="error">Its gone horribly wrong!!.</p>';
  }
} else { // If one of the data tests failed.
   echo '<p class="error">Please try again.</p>';
}
// mysqli_close($dbc);
}
// End of the main Submit conditional.
?>
  <h3 align="left" class="style2">Add your bird(s) to the database</h3>
   <form action="test_add_bird.php" method="post">
<p><b>Bird Name:</b> <input type="text" name="bird_name" size="30" maxlength="30" /></p>
   <p><b>Sex:</b> <select name="sex"> <option value="Female">Female</option> <option value="Male">Male</option> </select>
   <p><b>Species:</b>
<?php
$q1 = ("SELECT common_name, species_id FROM species");
$r1 = mysqli_query($dbc, $q1);
?>
   <select id="species_id" name="species_id">   
   <option value=''></option>   
 <?php
   while ($row = mysqli_fetch_array($r1))
   {	  
   echo "<option value=\"".$row['species_id']."\">".$row['common_name']."</option>\n  ";
  }  
  ?> </select>

<p><b>Date of birth / Ownership:<br /> Day:</b><select name="day" >
<option value='01'>01</option>
<option value='02'>02</option>
<option value='03'>03</option>
<option value='04'>04</option>
<option value='05'>05</option>
<option value='06'>06</option>
<option value='07'>07</option>
<option value='08'>08</option>
<option value='09'>09</option>
<option value='10'>10</option>
<option value='11'>11</option>
<option value='12'>12</option>
<option value='13'>13</option>
<option value='14'>14</option>
<option value='15'>15</option>
<option value='16'>16</option>
<option value='17'>17</option>
<option value='18'>18</option>
<option value='19'>19</option>
<option value='20'>20</option>
<option value='21'>21</option>
<option value='22'>22</option>
<option value='23'>23</option>
<option value='24'>24</option>
<option value='25'>25</option>
<option value='26'>26</option>
<option value='27'>27</option>
<option value='28'>28</option>
<option value='29'>29</option>
<option value='30'>30</option>
<option value='31'>31</option>
</select>
<b>Month:</b><select name="month" >
<option value='01'>January</option>
<option value='02'>February</option>
<option value='03'>March</option>
<option value='04'>April</option>
<option value='05'>May</option>
<option value='06'>June</option>
<option value='07'>July</option>
<option value='08'>August</option>
<option value='09'>September</option>
<option value='10'>October</option>
<option value='11'>November</option>
<option value='12'>December</option>
</select>
<b>Year:</b><input type="text" name="year" size=4 value=2011>
</select>
<p><b>Ring Number:</b> <input type="text" name="ringno" size="30" maxlength="30" /></p>
<p><b>Breeder</b> (Optional): <input type="text" name="breeder" size="30" maxlength="30" /></p>
<p><b>Mentor</b>  (Optional):<input type="text" name="mentor" size="30" maxlength="30" /></p>
</p>
  <div align="center"><input type="submit" name="submit" value="Add bird to database" /></div>
   </form>
 </div> 
   <div class="footer">
   <p>
   <?php include('./includes/footer.inc.php'); ?>
   </p>
   </div>
 </div>
</body>
</html>

Link to comment
Share on other sites

where possible I like to use my own variables as opposed to the global ones in mysql statements as I find it easier to read and to code. so this is how I would do it

if ($bn && $sex && $sp && $md && $rn) {
$q = "INSERT INTO bird (user_id, bird_name, sex, species_id, ringno, dob) VALUES ($uid, '$bn', '$sex', $sp, '$rn', '$md')";

 

at the top of the page where you check the $_SESSION['user_id'], set the $uid variable at the same time -

  if ($_SESSION['user_id'] > '1'){
$uid = $_SESSION['user_id];
	  include('includes/navbar1.inc.php');
} else {
	  include('includes/navbar.inc.php');
}

Depending on what you are using $_SESSION['user_id'] for you may also need to set the $uid variable in that else clause.

 

A couple of other things - I think your session_start must be at the very top of the page even before your !DOCTYPE declaration or you will get problems with 'headers already sent'.

 

Also you don't need $_POST['dob']. I originally suggested $_SESSION['dob'] as I thought the data was coming from a different page. The coding for the date validation is a little confusing, may I suggest the following starting with //Set up Date

// Setup Date
if ($mn && $dt && $yr) {
 $md = date("Ymd", mktime(0, 0, 0, $mn, $dt, $yr));
} else {
 $md = FALSE;
 echo '<p class="error">Please enter valid values in the date fields.</p>';
 }

Then you can delete the //Validate Date snippet.

 

Finally the validation of sex doesn't check for valid data. I posted some code on another post which you may want to try - ch.2 review and pursue.

  • Upvote 1
Link to comment
Share on other sites

Thank you Thank you Thank you.

 

Your code snippits do EXACTLY what I was trying to achieve. I really appreciate your help as I think I know have a form that works just the way I wanted and a great point of reference for the rest of my rather simple site.

Link to comment
Share on other sites

 Share

×
×
  • Create New...