| Re: Adding a record to a database [message #175116 is a reply to message #175114] |
Tue, 16 August 2011 01:50   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 8/15/2011 9:02 PM, sheldonlg wrote:
> On 8/15/2011 2:11 PM, A.Reader wrote:
>> On Mon, 15 Aug 2011 05:35:37 -0700 (PDT),
>> Charles<cchamb2(at)gmail(dot)com> wrote:
>>
>>> I'm trying to add a record to a database, and it's not working
>>> properly.
>>>
>>> The general thought is to call a data entry form, fill in the form,
>>> and use the $_POST(array) process to pass the data from the form to a
>>> php script that handles adding the record to the database.
>>>
>>> The only trick part of the php script is using a hidden field to pass
>>> the name of the data entry form to a SWITCH statement. I'm trying to
>>> keep the site directory uncluttered and the scripting organized, and I
>>> understand this works.
>>>
>>> I'm getting Error 500 as I test the script, so I think I have
>>> something coded incorrectly in the script, or I have something
>>> missing. Other php-based web applications wrok fine, so I suspect I
>>> have php correctly installed.
>>>
>>> Here's the coding:
>>>
>>> =====================
>>>
>>> <?php
>>>
>>> /*<!-- This starts the switch statement. The variable passed to
>>> control iteration
>>> is the $_Push(switch) variable set in the first (hidden) field in a
>>> data entry form.
>>> The value contained in the variable is the case predicate
>>>
>>> */
>>>
>>>
>>> switch ($_Push(switch)) {
>>>
>>> /*======================================================*/
>>>
>>> case "cab_vehicle_data_entry_add_a_vehicle":
>>>
>>>
>>>
>>> $con = mysql_connect("*********","****","******");<<These are fine
>>> if (!$con)
>>> {
>>> die('Could not connect: ' . mysql_error());
>>> }
>>>
>>> mysql_select_db("taxicab", $con);
>>>
>>> $sql="INSERT INTO
>>> cab_vehicle (cab_vehicle_make, cab_vehicle_model,
>>> cab_vehicle_edition,
>>> cab_vehicle_month, cab_vehicle_year, cab_vehicle_VIN,
>>> cab_vehicle_registration_number,
>>> cab_vehicle_reg_exp_month, cab_vehicle_reg_exp_year,
>>> cab_vehicle_pax_capacity,
>>> cab_vehicle_cubic_feet_cargo, cab_vehicle_cargo_weight)
>>>
>>> VALUES
>>>
>>>
>>> ('$_POST[Make]','$_POST[Model]','$_POST[Edition]','$_POST[Month]','$_POST[y ear]',
>>>
>>> '$_POST[VIN]','$_POST[Registration]','$_POST[reg_exp_month]','$_POST[reg_ex p_year]',
>>>
>>> '$_POST[pax_capacity]','$_POST[cargo_cubic_feet]','$_POST[cargo_weight_lbs] ') ";
>>>
>>>
>>> if (!mysql_query($sql,$con))
>>> {
>>> die('Error: ' . mysql_error());
>>> }
>>> echo "1 record added";
>>>
>>> mysql_close($con)
>>>
>>> break;
>>>
>>> /*======================================================*/
>>>
>>> /* case "whatever"
>>> Next process subroutine
>>> break;
>>> */
>>>
>>> /*======================================================*/
>>>
>>> /* case "whatever"
>>> Next process subroutine
>>> break;
>>> */
>>>
>>> /*======================================================*/
>>>
>>> /* case "whatever"
>>> Next process subroutine
>>> break;
>>> */
>>>
>>> /*======================================================*/
>>>
>>> /* case "whatever"
>>> Next process subroutine
>>> break;
>>> */
>>>
>>> /*======================================================*/
>>>
>>> /* case "whatever"
>>> Next process subroutine
>>> break;
>>> */
>>>
>>> /*======================================================*/
>>>
>>> /* case "whatever"
>>> Next process subroutine
>>> break;
>>> */
>>>
>>> /*======================================================*/
>>>
>>> /* case "whatever"
>>> Next process subroutine
>>> break;
>>> */
>>>
>>> /*======================================================*/
>>>
>>> /* case "whatever"
>>> Next process subroutine
>>> break;
>>> */
>>>
>>>
>>> }
>>>
>>>
>>> ?>
>>
>> I'll pass on some highly-useful advice I got when I was learning
>> to program, back during the last ice age: make your code look
>> neat and clean. There's no logical reason for that to make bugs
>> go away, but in fact it does.
>>
>> Your program should have a structure something like this:
>>
>> <?php
>>
>> if ( ! connected( 'taxicabs', 'sometable' ) ) die() ;
>>
>> if ( valid( $_REQUEST ) )
>> {
>> $s = 'INSERT INTO taxicabs.sometable SET ' ;
>> $s .= 'Make="'.$_REQUEST['Make'].'", ' ;
>> $s .= 'Model="'.$_REQUEST['Model'].'", ' ;
>> // the other fields the same way
>>
>> // note that it's just "Make", "Model", etc not
>> // "cab_vehicle_make" etc. because if you don't already know
>> // that you're talking about taxis, not railway locomotives or
>> // steamboats, you're in more
>> // trouble than wordy fieldnames can ever fix
>>
>> if ( ! mysql_query( $s, $dblink ) )
>> die( 'Could not create the new record '.
>> ' because '.mysql_error() ) ;
>> }
>> else die( 'That is not a valid request because '.
>> $val_errors ) ;
>>
>> // it needn't be "die()" when something goes wrong,
>> // it could be some recovery
>> // routine where you explain what the person should
>> // do differently and give them another go. Of course, if
>> // it's that the server choked or got lost, then die() is '
>> // perfectly appropriate.
>>
>>
>> // ----------------------------
>> function connected( $db, $table )
>> {
>> global $dblink ;
>> // the mysql connection stuff, returning true if it works, or
>> // complain about the problems and return false.
>> }
>> // ----------------------------
>> function valid( $a )
>> {
>> global $val_errors = '' ;
>> // your validation code. If it passes your tests,
>> // return true. If not, concatenate the complaints into
>> // $val_errors and return false ;
>> }
>>
>> ?>
>
> Besides all the excellent advice already given to you, didn't you say
> that the choice came from the value of a hidden variable? If so, then
> you want to switch on the value of the %_POST['name_of_that_variable'].
>
Which is about as insecure as you can get. I hope this isn't how you're
coding for your "Fortune 500" company. If so, I pity them.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]