Jump to content

Variable from url into db

sprinjee

By sprinjee
in PHP Coding Help

 Share

Recommended Posts

sprinjee Newbie

sprinjee

Posted
Posted


I have a variable in my url: [a href=\"http://www.test.com/test.php?linkcode=call\" target=\"_blank\"]http://www.test.com/test.php?linkcode=call[/a]

I can get and call the variable without any problem:

[code]
$linkcode = $_GET['linkcode'];
echo "the word is: $linkcode";
[/code]

however I haven't managed to insert it in MySql:

[code]
$sql_insert = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` (`id_survey`,`LinkCode`,`timestamp`,`ip`,`uniq`)";
            $sql_insert .= " VALUES ('".getP("survey_id")."','$linkcode',unix_timestamp(now()),'".$_SERVER["REMOTE_ADDR"]."'";
            if ($params["uniq"] != '') {
                $sql_insert .=", '".$params["uniq"]."')";
            } else {
                $sql_insert .=", '')";
            }

            dbQuery($sql_insert);
            $id_result = dbInsertId();
            dbQuery("UNLOCK TABLES");
[/code]

I've been trying everything but the record in the database remains empty! Please help me out I've been trying to solve this for hours now.
Link to comment
https://forums.phpfreaks.com/topic/11162-variable-from-url-into-db/
Share on other sites
sprinjee Newbie

sprinjee

Posted
  • Author
Posted
[!--quoteo(post=379920:date=Jun 4 2006, 10:56 AM:name=homchz)--][div class=\'quotetop\']QUOTE(homchz @ Jun 4 2006, 10:56 AM) [snapback]379920[/snapback][/div][div class=\'quotemain\'][!--quotec--]
is anything being inserted? or just not the $linkcode variable??
[/quote]

just not the linkcode variable
AndyB Regular Member

AndyB

Posted
Posted
modify your dbQuery function so that it echoes out the MySQL error AND the query that was passed to the function ...
[code] .. or die("Error: ". mysql_error(). " with query ". $sql_insert";[/code]

When the error is identified, it should be simple to spot the problem.
sprinjee Newbie

sprinjee

Posted
  • Author
Posted
The problem is that my variable linkcode is reset to "" before the actual inserting takes place. Is there anyway I can prevent this? I'm just editing this code and my knowledge op php is limited
I'd really appreciate the help!!

[code]
<?php
    require_once('appTop.php');
echo "the word is: $linkcode";
if (empty($lnkcode)) {
     $lnkcod = $_GET['linkcode'];
echo "the word is: $linkcode";
     $params = array();
          
     if (getG("uid") != '') {
         // display the survey
         $params["mode"] = "survey";
         $sql ="SELECT * FROM `".DB_NAME."`.`".TABLE_SURVEYS."` WHERE uniqid='".getG("uid")."' LIMIT 1";
         $rez = dbQuery($sql);
         $row = dbFetchArray($rez);
         $params["display_survey"] = $row;
        
         $sql2 ="SELECT `t1`.*, `t2`.`max_responses_from_ip` FROM `".DB_NAME."`.`".TABLE_USER_DETAILS."` `t1`, `".DB_NAME."`.`".TABLE_USERS."` `t2`  WHERE  t1.id_user=t2.id AND t2.id='".$row["id_user"]."' LIMIT 1";
         $rez2 = dbQuery($sql2);
         $row2 = dbFetchArray($rez2);
         $params["user"] = $row2;

         $sql_q = "SELECT * FROM `".DB_NAME."`.`".TABLE_QUESTIONS."` WHERE `id_survey`='".$row["id"]."' ORDER BY `position`";
         $res_q = dbQuery($sql_q);
         $i     = 0;
         while ($row_q = dbFetchArray($res_q)) {
             $params["display_survey"]["questions"][$i] = $row_q;
             if($row_q["type"] != "text") {
                 $sql_a = "SELECT * FROM `".DB_NAME."`.`".TABLE_QUESTION_ANSWERS."` WHERE `id_question`='".$row_q["id"]."' ORDER BY `position`";
                 $res_a = dbQuery($sql_a);
                 $j     = 0;
                 while ($row_a = dbFetchArray($res_a)) {
                     $params["display_survey"]["questions"][$i]["answers"][$j] = $row_a;
                     $j++;
                 }  // end while
             }  // end if
             $i++;
         } // end while  
    
     } elseif (getP("survey_id") != '') {
        // the client answred the survey
        $params["mode"] = "answers";
        $params["uniq"] = getP("hidden_uniq");

        // extra verif (for emails only)
        // if the user got the survey through email he must have a hidden_uniq set - we verify if he already completed the survey
        if ($params["uniq"] != '') {
            $sql_verif = "SELECT COUNT(`id`) AS `noResponses` FROM `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."`  WHERE `id_survey`='".getP("survey_id")."' AND `uniq`='".$params["uniq"]."' ";
            $rez_verif = dbQuery($sql_verif);
            $row_verif = dbFetchAssoc($rez_verif);
            if ($row_verif['noResponses'] > 0) {
                $params["err"] = 1;
            }
        }

        $sql ="SELECT * FROM `".DB_NAME."`.`".TABLE_SURVEYS."` WHERE id='".getP("survey_id")."' LIMIT 1";
        $rez = dbQuery($sql);
        $row = dbFetchArray($rez);
        $params["display_survey"] = $row;
        
        $sql2 ="SELECT `t1`.*, `t2`.`max_responses_from_ip` FROM `".DB_NAME."`.`".TABLE_USER_DETAILS."` `t1`, `".DB_NAME."`.`".TABLE_USERS."` `t2`  WHERE  t1.id_user=t2.id AND t2.id='".$row["id_user"]."' LIMIT 1";
        $rez2 = dbQuery($sql2);
        $row2 = dbFetchArray($rez2);
        $params["user"] = $row2;

        // verify if the user already answered at this survey
        $sql_verif = "SELECT COUNT(`id`) AS `noResponses` FROM `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` WHERE ";
        $sql_verif.= "`id_survey`='".getP("survey_id")."' AND `ip`='".$_SERVER["REMOTE_ADDR"]."'";
        $rez_verif = dbQuery($sql_verif);
        $info      = dbFetchAssoc($rez_verif);

        if ($info['noResponses'] >= $params["user"]["max_responses_from_ip"] OR $_COOKIE[$row["uniqid"]] == "y") {
            //error: the user already answered at thos survey
            $params["err"] = 1;
        }

        if ($params["err"] == '') {
            dbQuery("LOCK TABLES `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` WRITE");
            $sql_insert = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` (`id_survey`,`LinkCode`,`timestamp`,`ip`,`uniq`)";
            $sql_insert .= " VALUES ('".getP("survey_id")."','".$lnkcod."',unix_timestamp(now()),'".$_SERVER["REMOTE_ADDR"]."'";
            if ($params["uniq"] != '') {
                $sql_insert .=", '".$params["uniq"]."')";
            } else {
                $sql_insert .=", '')";
            

            dbQuery($sql_insert);
echo "$sql_insert";
            $id_result = dbInsertId();
            dbQuery("UNLOCK TABLES");


            foreach ($_POST as $key=>$val) {
                if (!(strpos($key,"quest_") === false)) {
                    $temp_ar = explode ("_",$key); //$temp_ar[1] - question id


                    // multiple select, multiple answers
                    if (is_array($val)) {
                        foreach ($val as $option) {
                            // insert the option answers
                            $sql_insert2 = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS_ANSWERS."` (`id_survey_result`,`id_question`,`id_answer`, `answer_text`)";
                            $sql_insert2.= " VALUES ('".$id_result."','".$temp_ar[1]."', '".$option."', '')";
                            dbQuery($sql_insert2);
                        }
                    } else {
                        //find out the question type
                        $sql_t = "SELECT `type` FROM `".DB_NAME."`.`".TABLE_QUESTIONS."` WHERE id='".$temp_ar[1]."' LIMIT 1";
                        $rez_t = dbQuery($sql_t);
                        $row_t = dbFetchAssoc($rez_t);
                        $type = $row_t["type"];

                        // insert the answer
                        $sql_insert2 = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS_ANSWERS."` (`id_survey_result`,`id_question`,`id_answer`, `answer_text`)";
                        $sql_insert2.= " VALUES ('".$id_result."','".$temp_ar[1]."'";
                        if ($type == "text") {
                            $sql_insert2 .= ", '','".$val."')";  //text answer
                        } else {
                            $sql_insert2 .= ",'".$val."','')";  //option answer
                        }
                        dbQuery($sql_insert2);
                    }



                }
            }

            //set the cookie for an year
            setcookie($row["uniqid"], "y", time() + 365 * 24 * 3600);
       }

     } else {
        $params["mode"] = "none";
     }        
    
     }
     }

    $smarty->assign('params', $params);
    $smarty->display('content_survey.tmpl.html');
?>
[/code]
AndyB Regular Member

AndyB

Posted
Posted
$lnkcod
$linkcode
$lnkcode

I suspect part 2 of the problem is that what I think is the same variable has been given different names in different sections of the code, which is perhaps why it is blank.

Part 1 of the problem is it isn't obvious why the value of that variable would even be available to the script - unless it's relying on register_globals being ON (nominally insecure).
sprinjee Newbie

sprinjee

Posted
  • Author
Posted
[!--quoteo(post=379966:date=Jun 4 2006, 12:41 PM:name=AndyB)--][div class=\'quotetop\']QUOTE(AndyB @ Jun 4 2006, 12:41 PM) [snapback]379966[/snapback][/div][div class=\'quotemain\'][!--quotec--]
$lnkcod
$linkcode
$lnkcode

I suspect part 2 of the problem is that what I think is the same variable has been given different names in different sections of the code, which is perhaps why it is blank.

Part 1 of the problem is it isn't obvious why the value of that variable would even be available to the script - unless it's relying on register_globals being ON (nominally insecure).
[/quote]

I messed the code up bit...but the different names is not the issue...
There is a submit button when you access the page...the variables in the url dissappear when clicking the button...there are two variables in the url uid and linkcode, I'm convinced if only the uid variable is errased that the problem is solved...I realy don't see a submit button in this php script though
sprinjee Newbie

sprinjee

Posted
  • Author
Posted
[!--quoteo(post=379975:date=Jun 4 2006, 01:03 PM:name=sprinjee)--][div class=\'quotetop\']QUOTE(sprinjee @ Jun 4 2006, 01:03 PM) [snapback]379975[/snapback][/div][div class=\'quotemain\'][!--quotec--]
I messed the code up bit...but the different names is not the issue...
There is a submit button when you access the page...the variables in the url dissappear when clicking the button...there are two variables in the url uid and linkcode, I'm convinced if only the uid variable is errased that the problem is solved...I realy don't see a submit button in this php script though
[/quote]

Yep that's it..solved it using

$lnkcod = str_replace("http://www.koenvissers.nl/survey/survey.php?uid=14482e0bec0181&linkcode=", "" , $_SERVER['HTTP_REFERER']);

Thanx for everyones efforts
sprinjee Newbie

sprinjee

Posted
  • Author
Posted
[!--quoteo(post=380009:date=Jun 4 2006, 02:31 PM:name=sprinjee)--][div class=\'quotetop\']QUOTE(sprinjee @ Jun 4 2006, 02:31 PM) [snapback]380009[/snapback][/div][div class=\'quotemain\'][!--quotec--]
hmm there are some severe limitations to 'HTTP_REFERER'. If an url entered directly it will not work. Seems I'm still in need of a better solution.
[/quote]


Nevermind used session variables to solve the issue...works great
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.