Jump to content


Photo

Variable from url into db


  • Please log in to reply
10 replies to this topic

#1 sprinjee

sprinjee
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 04 June 2006 - 03:49 PM



I have a variable in my url: [a href=\"http://www.test.com/test.php?linkcode=call\" target=\"_blank\"]http://www.test.com/test.php?linkcode=call[/a]

I can get and call the variable without any problem:

$linkcode = $_GET['linkcode']; 
echo "the word is: $linkcode";

however I haven't managed to insert it in MySql:

$sql_insert = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` (`id_survey`,`LinkCode`,`timestamp`,`ip`,`uniq`)";
            $sql_insert .= " VALUES ('".getP("survey_id")."','$linkcode',unix_timestamp(now()),'".$_SERVER["REMOTE_ADDR"]."'";
            if ($params["uniq"] != '') {
                $sql_insert .=", '".$params["uniq"]."')";
            } else {
                $sql_insert .=", '')";
            }

            dbQuery($sql_insert);
            $id_result = dbInsertId();
            dbQuery("UNLOCK TABLES");

I've been trying everything but the record in the database remains empty! Please help me out I've been trying to solve this for hours now.


#2 homchz

homchz
  • Members
  • PipPipPip
  • Advanced Member
  • 93 posts
  • LocationLee, New Hampshire

Posted 04 June 2006 - 03:56 PM

is anything being inserted? or just not the $linkcode variable??

#3 sprinjee

sprinjee
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 04 June 2006 - 04:01 PM

[!--quoteo(post=379920:date=Jun 4 2006, 10:56 AM:name=homchz)--][div class=\'quotetop\']QUOTE(homchz @ Jun 4 2006, 10:56 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
is anything being inserted? or just not the $linkcode variable??
[/quote]

just not the linkcode variable

#4 AndyB

AndyB
  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 04 June 2006 - 04:01 PM

modify your dbQuery function so that it echoes out the MySQL error AND the query that was passed to the function ...
.. or die("Error: ". mysql_error(). " with query ". $sql_insert";

When the error is identified, it should be simple to spot the problem.
Legend has it that reading the manual never killed anyone.
My site

#5 homchz

homchz
  • Members
  • PipPipPip
  • Advanced Member
  • 93 posts
  • LocationLee, New Hampshire

Posted 04 June 2006 - 04:24 PM

Nevermind: Bad advice at second glance.


#6 sprinjee

sprinjee
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 04 June 2006 - 05:26 PM

The problem is that my variable linkcode is reset to "" before the actual inserting takes place. Is there anyway I can prevent this? I'm just editing this code and my knowledge op php is limited
I'd really appreciate the help!!

<?php
    require_once('appTop.php');
echo "the word is: $linkcode";
if (empty($lnkcode)) {
     $lnkcod = $_GET['linkcode']; 
echo "the word is: $linkcode";
     $params = array();
          
     if (getG("uid") != '') {
         // display the survey
         $params["mode"] = "survey";
         $sql ="SELECT * FROM `".DB_NAME."`.`".TABLE_SURVEYS."` WHERE uniqid='".getG("uid")."' LIMIT 1";
         $rez = dbQuery($sql);
         $row = dbFetchArray($rez);
         $params["display_survey"] = $row;
         
         $sql2 ="SELECT `t1`.*, `t2`.`max_responses_from_ip` FROM `".DB_NAME."`.`".TABLE_USER_DETAILS."` `t1`, `".DB_NAME."`.`".TABLE_USERS."` `t2`  WHERE  t1.id_user=t2.id AND t2.id='".$row["id_user"]."' LIMIT 1";
         $rez2 = dbQuery($sql2);
         $row2 = dbFetchArray($rez2);
         $params["user"] = $row2;

         $sql_q = "SELECT * FROM `".DB_NAME."`.`".TABLE_QUESTIONS."` WHERE `id_survey`='".$row["id"]."' ORDER BY `position`";
         $res_q = dbQuery($sql_q);
         $i     = 0;
         while ($row_q = dbFetchArray($res_q)) {
             $params["display_survey"]["questions"][$i] = $row_q;
             if($row_q["type"] != "text") {
                 $sql_a = "SELECT * FROM `".DB_NAME."`.`".TABLE_QUESTION_ANSWERS."` WHERE `id_question`='".$row_q["id"]."' ORDER BY `position`";
                 $res_a = dbQuery($sql_a);
                 $j     = 0;
                 while ($row_a = dbFetchArray($res_a)) {
                     $params["display_survey"]["questions"][$i]["answers"][$j] = $row_a;
                     $j++;
                 }  // end while
             }  // end if
             $i++;
         } // end while   
     
     } elseif (getP("survey_id") != '') {
        // the client answred the survey
        $params["mode"] = "answers";
        $params["uniq"] = getP("hidden_uniq");

        // extra verif (for emails only)
        // if the user got the survey through email he must have a hidden_uniq set - we verify if he already completed the survey
        if ($params["uniq"] != '') {
            $sql_verif = "SELECT COUNT(`id`) AS `noResponses` FROM `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."`  WHERE `id_survey`='".getP("survey_id")."' AND `uniq`='".$params["uniq"]."' ";
            $rez_verif = dbQuery($sql_verif);
            $row_verif = dbFetchAssoc($rez_verif);
            if ($row_verif['noResponses'] > 0) {
                $params["err"] = 1;
            }
        }

        $sql ="SELECT * FROM `".DB_NAME."`.`".TABLE_SURVEYS."` WHERE id='".getP("survey_id")."' LIMIT 1";
        $rez = dbQuery($sql);
        $row = dbFetchArray($rez);
        $params["display_survey"] = $row;
         
        $sql2 ="SELECT `t1`.*, `t2`.`max_responses_from_ip` FROM `".DB_NAME."`.`".TABLE_USER_DETAILS."` `t1`, `".DB_NAME."`.`".TABLE_USERS."` `t2`  WHERE  t1.id_user=t2.id AND t2.id='".$row["id_user"]."' LIMIT 1";
        $rez2 = dbQuery($sql2);
        $row2 = dbFetchArray($rez2);
        $params["user"] = $row2;

        // verify if the user already answered at this survey
        $sql_verif = "SELECT COUNT(`id`) AS `noResponses` FROM `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` WHERE ";
        $sql_verif.= "`id_survey`='".getP("survey_id")."' AND `ip`='".$_SERVER["REMOTE_ADDR"]."'";
        $rez_verif = dbQuery($sql_verif);
        $info      = dbFetchAssoc($rez_verif);

        if ($info['noResponses'] >= $params["user"]["max_responses_from_ip"] OR $_COOKIE[$row["uniqid"]] == "y") {
            //error: the user already answered at thos survey
            $params["err"] = 1;
        }

        if ($params["err"] == '') {
            dbQuery("LOCK TABLES `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` WRITE");
            $sql_insert = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS."` (`id_survey`,`LinkCode`,`timestamp`,`ip`,`uniq`)";
            $sql_insert .= " VALUES ('".getP("survey_id")."','".$lnkcod."',unix_timestamp(now()),'".$_SERVER["REMOTE_ADDR"]."'";
            if ($params["uniq"] != '') {
                $sql_insert .=", '".$params["uniq"]."')";
            } else {
                $sql_insert .=", '')";
            

            dbQuery($sql_insert);
echo "$sql_insert";
            $id_result = dbInsertId();
            dbQuery("UNLOCK TABLES");


            foreach ($_POST as $key=>$val) {
                if (!(strpos($key,"quest_") === false)) {
                    $temp_ar = explode ("_",$key); //$temp_ar[1] - question id


                    // multiple select, multiple answers
                    if (is_array($val)) {
                        foreach ($val as $option) {
                            // insert the option answers
                            $sql_insert2 = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS_ANSWERS."` (`id_survey_result`,`id_question`,`id_answer`, `answer_text`)";
                            $sql_insert2.= " VALUES ('".$id_result."','".$temp_ar[1]."', '".$option."', '')";
                            dbQuery($sql_insert2);
                        }
                    } else {
                        //find out the question type
                        $sql_t = "SELECT `type` FROM `".DB_NAME."`.`".TABLE_QUESTIONS."` WHERE id='".$temp_ar[1]."' LIMIT 1";
                        $rez_t = dbQuery($sql_t);
                        $row_t = dbFetchAssoc($rez_t);
                        $type = $row_t["type"];

                        // insert the answer
                        $sql_insert2 = "INSERT INTO `".DB_NAME."`.`".TABLE_SURVEY_RESULTS_ANSWERS."` (`id_survey_result`,`id_question`,`id_answer`, `answer_text`)";
                        $sql_insert2.= " VALUES ('".$id_result."','".$temp_ar[1]."'";
                        if ($type == "text") {
                            $sql_insert2 .= ", '','".$val."')";  //text answer
                        } else {
                            $sql_insert2 .= ",'".$val."','')";  //option answer
                        }
                        dbQuery($sql_insert2);
                    }



                }
            }

            //set the cookie for an year
            setcookie($row["uniqid"], "y", time() + 365 * 24 * 3600);
       }

     } else {
        $params["mode"] = "none";
     }         
     
     }
     }

    $smarty->assign('params', $params);
    $smarty->display('content_survey.tmpl.html');
?>


#7 AndyB

AndyB
  • Staff Alumni
  • Advanced Member
  • 5,465 posts
  • LocationToronto

Posted 04 June 2006 - 05:41 PM

$lnkcod
$linkcode
$lnkcode

I suspect part 2 of the problem is that what I think is the same variable has been given different names in different sections of the code, which is perhaps why it is blank.

Part 1 of the problem is it isn't obvious why the value of that variable would even be available to the script - unless it's relying on register_globals being ON (nominally insecure).
Legend has it that reading the manual never killed anyone.
My site

#8 sprinjee

sprinjee
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 04 June 2006 - 06:03 PM

[!--quoteo(post=379966:date=Jun 4 2006, 12:41 PM:name=AndyB)--][div class=\'quotetop\']QUOTE(AndyB @ Jun 4 2006, 12:41 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
$lnkcod
$linkcode
$lnkcode

I suspect part 2 of the problem is that what I think is the same variable has been given different names in different sections of the code, which is perhaps why it is blank.

Part 1 of the problem is it isn't obvious why the value of that variable would even be available to the script - unless it's relying on register_globals being ON (nominally insecure).
[/quote]

I messed the code up bit...but the different names is not the issue...
There is a submit button when you access the page...the variables in the url dissappear when clicking the button...there are two variables in the url uid and linkcode, I'm convinced if only the uid variable is errased that the problem is solved...I realy don't see a submit button in this php script though

#9 sprinjee

sprinjee
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 04 June 2006 - 06:46 PM

[!--quoteo(post=379975:date=Jun 4 2006, 01:03 PM:name=sprinjee)--][div class=\'quotetop\']QUOTE(sprinjee @ Jun 4 2006, 01:03 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
I messed the code up bit...but the different names is not the issue...
There is a submit button when you access the page...the variables in the url dissappear when clicking the button...there are two variables in the url uid and linkcode, I'm convinced if only the uid variable is errased that the problem is solved...I realy don't see a submit button in this php script though
[/quote]

Yep that's it..solved it using

$lnkcod = str_replace("http://www.koenvissers.nl/survey/survey.php?uid=14482e0bec0181&linkcode=", "" , $_SERVER['HTTP_REFERER']);

Thanx for everyones efforts


#10 sprinjee

sprinjee
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 04 June 2006 - 07:31 PM

hmm there are some severe limitations to 'HTTP_REFERER'. If an url entered directly it will not work. Seems I'm still in need of a better solution.

#11 sprinjee

sprinjee
  • Members
  • PipPip
  • Member
  • 11 posts

Posted 04 June 2006 - 08:19 PM

[!--quoteo(post=380009:date=Jun 4 2006, 02:31 PM:name=sprinjee)--][div class=\'quotetop\']QUOTE(sprinjee @ Jun 4 2006, 02:31 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
hmm there are some severe limitations to 'HTTP_REFERER'. If an url entered directly it will not work. Seems I'm still in need of a better solution.
[/quote]


Nevermind used session variables to solve the issue...works great




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users