| Re: Adding a record to a database [message #175140 is a reply to message #175116] |
Tue, 16 August 2011 20:13   |
sheldonlg
Messages: 166
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 8/15/2011 9:50 PM, Jerry Stuckle wrote:
> On 8/15/2011 9:02 PM, sheldonlg wrote:
>> On 8/15/2011 2:11 PM, A.Reader wrote:
>>> On Mon, 15 Aug 2011 05:35:37 -0700 (PDT),
>>> Charles<cchamb2(at)gmail(dot)com> wrote:
>>>
>>>> I'm trying to add a record to a database, and it's not working
>>>> properly.
>>>>
>>>> The general thought is to call a data entry form, fill in the form,
>>>> and use the $_POST(array) process to pass the data from the form to a
>>>> php script that handles adding the record to the database.
>>>>
>>>> The only trick part of the php script is using a hidden field to pass
>>>> the name of the data entry form to a SWITCH statement. I'm trying to
>>>> keep the site directory uncluttered and the scripting organized, and I
>>>> understand this works.
>>>>
>>>> I'm getting Error 500 as I test the script, so I think I have
>>>> something coded incorrectly in the script, or I have something
>>>> missing. Other php-based web applications wrok fine, so I suspect I
>>>> have php correctly installed.
>>>>
>>>> Here's the coding:
>>>>
>>>> =====================
>>>>
>>>> <?php
>>>>
>>>> /*<!-- This starts the switch statement. The variable passed to
>>>> control iteration
>>>> is the $_Push(switch) variable set in the first (hidden) field in a
>>>> data entry form.
>>>> The value contained in the variable is the case predicate
>>>>
>>>> */
>>>>
>>>>
>>>> switch ($_Push(switch)) {
>>>>
>>>> /*======================================================*/
>>>>
>>>> case "cab_vehicle_data_entry_add_a_vehicle":
>>>>
>>>>
>>>>
>>>> $con = mysql_connect("*********","****","******");<<These are fine
>>>> if (!$con)
>>>> {
>>>> die('Could not connect: ' . mysql_error());
>>>> }
>>>>
>>>> mysql_select_db("taxicab", $con);
>>>>
>>>> $sql="INSERT INTO
>>>> cab_vehicle (cab_vehicle_make, cab_vehicle_model,
>>>> cab_vehicle_edition,
>>>> cab_vehicle_month, cab_vehicle_year, cab_vehicle_VIN,
>>>> cab_vehicle_registration_number,
>>>> cab_vehicle_reg_exp_month, cab_vehicle_reg_exp_year,
>>>> cab_vehicle_pax_capacity,
>>>> cab_vehicle_cubic_feet_cargo, cab_vehicle_cargo_weight)
>>>>
>>>> VALUES
>>>>
>>>>
>>>> ('$_POST[Make]','$_POST[Model]','$_POST[Edition]','$_POST[Month]','$_POST[y ear]',
>>>>
>>>>
>>>> '$_POST[VIN]','$_POST[Registration]','$_POST[reg_exp_month]','$_POST[reg_ex p_year]',
>>>>
>>>>
>>>> '$_POST[pax_capacity]','$_POST[cargo_cubic_feet]','$_POST[cargo_weight_lbs] ') ";
>>>>
>>>>
>>>>
>>>> if (!mysql_query($sql,$con))
>>>> {
>>>> die('Error: ' . mysql_error());
>>>> }
>>>> echo "1 record added";
>>>>
>>>> mysql_close($con)
>>>>
>>>> break;
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>>
>>>> }
>>>>
>>>>
>>>> ?>
>>>
>>> I'll pass on some highly-useful advice I got when I was learning
>>> to program, back during the last ice age: make your code look
>>> neat and clean. There's no logical reason for that to make bugs
>>> go away, but in fact it does.
>>>
>>> Your program should have a structure something like this:
>>>
>>> <?php
>>>
>>> if ( ! connected( 'taxicabs', 'sometable' ) ) die() ;
>>>
>>> if ( valid( $_REQUEST ) )
>>> {
>>> $s = 'INSERT INTO taxicabs.sometable SET ' ;
>>> $s .= 'Make="'.$_REQUEST['Make'].'", ' ;
>>> $s .= 'Model="'.$_REQUEST['Model'].'", ' ;
>>> // the other fields the same way
>>>
>>> // note that it's just "Make", "Model", etc not
>>> // "cab_vehicle_make" etc. because if you don't already know
>>> // that you're talking about taxis, not railway locomotives or
>>> // steamboats, you're in more
>>> // trouble than wordy fieldnames can ever fix
>>>
>>> if ( ! mysql_query( $s, $dblink ) )
>>> die( 'Could not create the new record '.
>>> ' because '.mysql_error() ) ;
>>> }
>>> else die( 'That is not a valid request because '.
>>> $val_errors ) ;
>>>
>>> // it needn't be "die()" when something goes wrong,
>>> // it could be some recovery
>>> // routine where you explain what the person should
>>> // do differently and give them another go. Of course, if
>>> // it's that the server choked or got lost, then die() is '
>>> // perfectly appropriate.
>>>
>>>
>>> // ----------------------------
>>> function connected( $db, $table )
>>> {
>>> global $dblink ;
>>> // the mysql connection stuff, returning true if it works, or
>>> // complain about the problems and return false.
>>> }
>>> // ----------------------------
>>> function valid( $a )
>>> {
>>> global $val_errors = '' ;
>>> // your validation code. If it passes your tests,
>>> // return true. If not, concatenate the complaints into
>>> // $val_errors and return false ;
>>> }
>>>
>>> ?>
>>
>> Besides all the excellent advice already given to you, didn't you say
>> that the choice came from the value of a hidden variable? If so, then
>> you want to switch on the value of the %_POST['name_of_that_variable'].
>>
>
> Which is about as insecure as you can get. I hope this isn't how you're
> coding for your "Fortune 500" company. If so, I pity them.
What part of "Besides all the excellent advice already given to you"
didn't you understand? I was only addressing that it is $_POST, not push.
As to the other part, no, I don't. However, even if I did, it wouldn't
be much of a big deal as all that coding is for an intranet behind a
very secure firewall.
--
Shelly
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]