Jump to content

[SOLVED] Simple form extraction.. or so i thought....


will_1990

Recommended Posts

OK, so i thought i could easily create a php script to extract data from my form, i was wrong, all iwant to do is extract the information input by the user check it against a database and then return the results using an arrray; it was not as simple as i though as all i get when i execute the script is a blank page, no error return. Therefore i have come to you brainy lot for some advice. thanks in advance and here is my php code, sorry for posting it all, but i am not sure what is causing the problem so better safe than sorry!

 

<?php
    //database inforamtion
      $host="stocks"; // Host name
      $username="wbennett"; // Mysql username
      $password="mysql5"; // Mysql password
      $db_name="wbennett"; // Database name
      $tbl_name1="flight_webair";
  
    // Connect to server and select databse.
      mysql_connect("$host", "$username", "$password")or die(echo "cannot connect");
      mysql_select_db("$db_name")or die(echo "cannot select DB");    
  
    //variables 
      $flight_route_out=$_POST['flight_route_out'];
  $flight_route_return=$_post['flight_route_return'];
  $date_out=$_POST['departure_date'];
  $date_return=$_POST['return_date'];
  $passenger_num=$_POST['num_of_pass'];
  $one_way=$_POST['one_way'];

//To protect MySQL injection 
  $flight_route_out = stripslashes($flight_route_out);
      $flight_route_return = stripslashes($flight_route_return);
      $flight_route_out = mysql_real_escape_string($flight_route_out);
      $flight_route_return = mysql_real_escape_string($flight_route_return);

//Queries
  $sql1="SELECT * FROM '$tbl_name1' WHERE 'flight_route_out' = '$flight_route_out'";
  //$sql="SELECT * FROM $tbl_name1 WHERE flight_route_return='$flight_route_return'";

//Execute  query  1
  $result = mysql_query($sql1);
    or die (echo "Couldn't execute statement");

    if (!$result) {
    $message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $sql1;
    die($message);
                 }

while ($row = mysql_fetch_assoc($result)) {
    echo $row['flight_route_out'];
    echo $row['flight_route_return'];
  			 


mysql_free_result($result);   
  
?>

 

thanks in advance

 

Will

Link to comment
Share on other sites

  • Replies 87
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

   //Execute  query  1
     $result = mysql_query($sql1);
       or die (echo "Couldn't execute statement");

think that should be

   //Execute  query  1
$result = mysql_query($sql1) or die (echo "Couldn't execute statement");

try and see please

Link to comment
Share on other sites

     $flight_route_return=$_post['flight_route_return'];

 

$_POST needs to be caps.

 

'$tbl_name1' WHERE 'flight_route_out'

Needs to be:

`$tbl_name1` WHERE `flight_route_out`

 

Table and columns need to be encapsulated in backticks (`) not single quotes('), only data should be encapsulated in (').

 

Link to comment
Share on other sites

How do i easily check whether the php is spitting out the varibles in my form?

 

thanks

 

first I suggest you do what Premiso posted, you have some errors in your script, just review that.

 

A quick way to do it is

 

<?php 
foreach($_POST as $key => $val){
echo $val .'<br>';
}

//  or

print_r($_POST);
?>

Link to comment
Share on other sites

i have also put "==" instead of just "=" in my sql query as  this ensures its checking it against the database apparantly, things are never simple!

 

thanks

 

 

For queries this is not true, a single equals works.

 

For the verification part.

 

print_r($_POST);

 

Will print out all the variables, make sure the ones you need come out.

Link to comment
Share on other sites

How do i easily check whether the php is spitting out the varibles in my form?

 

i have also put "==" instead of just "=" in my sql query as  this ensures its checking it against the database apparantly, things are never simple!

 

thanks

 

 

for the while($row = mysql_fetch... ?

 

No that is correct, now your checking if $row actualy is the mysql_fetch.. Thats not correct, leave it as is. You want $row to carry the values from the query not to check against it.

Link to comment
Share on other sites

Here is where im at

<?php
error_reporting(E_ALL);
    //database inforamtion
      $host="stocks"; // Host name
      $username="wbennett"; // Mysql username
      $password="mysql5"; // Mysql password
      $db_name="wbennett"; // Database name
      $tbl_name1="flight_webair";
  
    // Connect to server and select databse.
      mysql_connect("$host", "$username", "$password")or die(echo "cannot connect");
      mysql_select_db("$db_name")or diedie(mysql_error());
  
    //variables 
      $flight_route_out=$_POST['flight_route_out'];
  $flight_route_return=$_POST['flight_route_return'];
  $date_out=$_POST['departure_date'];
  $date_return=$_POST['return_date'];
  $passenger_num=$_POST['num_of_pass'];
  $one_way=$_POST['one_way'];

//To protect MySQL injection 
  $flight_route_out = stripslashes($flight_route_out);
      $flight_route_return = stripslashes($flight_route_return);
      $flight_route_out = mysql_real_escape_string($flight_route_out);
      $flight_route_return = mysql_real_escape_string($flight_route_return);

//Queries
  $sql1="SELECT * FROM `$tbl_name1` WHERE `flight_route_out` == '$flight_route_out'";
  //$sql="SELECT * FROM $tbl_name1 WHERE flight_route_return='$flight_route_return'";

//Execute  query  1
     $result = mysql_query($sql1) or die (echo "Couldn't execute statement");

    if (!$result) {
    $message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $sql1;
    die($message);
                 }

while ($row = mysql_fetch_assoc($result)) {
    echo $row['flight_route_out'];
    echo $row['flight_route_return'];
           
   

   mysql_free_result($result);   
     
?>

 

am i on the right lines to what you have advised?

 

thanks so much!

Link to comment
Share on other sites

no how do i impliment this, just put it at the top of my php, is this like fatals to browser in perl?

 

thanks

 

ps i have no idea how to impliment that checking script that you showed me above! sorry!

 

Here I also fixed those errors

 

also you dont do this

 

die(echo"something");

<?php
    //database inforamtion
      $host="stocks"; // Host name
      $username="wbennett"; // Mysql username
      $password="mysql5"; // Mysql password
      $db_name="wbennett"; // Database name
      $tbl_name1="flight_webair";
     
    // Connect to server and select databse.
      mysql_connect("$host", "$username", "$password")or die(echo "cannot connect");
      mysql_select_db("$db_name")or die(echo "cannot select DB");    
     
    //variables 
      $flight_route_out=$_POST['flight_route_out'];
     $flight_route_return=$_POST['flight_route_return'];
     $date_out=$_POST['departure_date'];
     $date_return=$_POST['return_date'];
     $passenger_num=$_POST['num_of_pass'];
     $one_way=$_POST['one_way'];

     print_r($_POST);
   
      //To protect MySQL injection 
      $flight_route_out = stripslashes($flight_route_out);
      $flight_route_return = stripslashes($flight_route_return);
      $flight_route_out = mysql_real_escape_string($flight_route_out);
      $flight_route_return = mysql_real_escape_string($flight_route_return);
   
   //Queries
     $sql1="SELECT * FROM `$tbl_name1` WHERE 'flight_route_out' = '$flight_route_out'";
     //$sql="SELECT * FROM `$tbl_name1` WHERE flight_route_return='$flight_route_return'";
   
   //Execute  query  1
     $result = mysql_query($sql1) or die ("Couldn't execute statement");

    if (!$result) {
    $message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $sql1;
    die($message);
                 }
             
   while ($row = mysql_fetch_assoc($result)) {
    
    echo $row['flight_route_out'];
    echo $row['flight_route_return'];
            
   }

   mysql_free_result($result);   
     
?>

Link to comment
Share on other sites

Fully corrected version, with error turned on:

 

<?php
ini_set("display_errors", 1);
error_reporting(E_ALL);

echo "Test Post Data <pre>";
print_r($_POST);
echo "</pre>End Test Post Data";

    //database inforamtion
      $host="stocks"; // Host name
      $username="wbennett"; // Mysql username
      $password="mysql5"; // Mysql password
      $db_name="wbennett"; // Database name
      $tbl_name1="flight_webair";
     
    // Connect to server and select databse.
      mysql_connect("$host", "$username", "$password")or die("cannot connect");
      mysql_select_db("$db_name")or die("cannot select DB");    
     
    //variables 
      $flight_route_out=$_POST['flight_route_out'];
     $flight_route_return=$_POST['flight_route_return'];
     $date_out=$_POST['departure_date'];
     $date_return=$_POST['return_date'];
     $passenger_num=$_POST['num_of_pass'];
     $one_way=$_POST['one_way'];
   
   //To protect MySQL injection 
     $flight_route_out = stripslashes($flight_route_out);
      $flight_route_return = stripslashes($flight_route_return);
      $flight_route_out = mysql_real_escape_string($flight_route_out);
      $flight_route_return = mysql_real_escape_string($flight_route_return);
   
   //Queries
     $sql1="SELECT * FROM `$tbl_name1` WHERE `flight_route_out` = '$flight_route_out'";
     //$sql="SELECT * FROM $tbl_name1 WHERE flight_route_return='$flight_route_return'";
   
   //Execute  query  1
     $result = mysql_query($sql1);

    if (mysql_error()) {
    $message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $sql1;
    die($message);
                 }
             
   while ($row = mysql_fetch_assoc($result)) {
    echo $row['flight_route_out'];
    echo $row['flight_route_return'];
   }         
   

   mysql_free_result($result);   
     
?>

 

Run that and see what shows up.

Link to comment
Share on other sites

no how do i impliment this, just put it at the top of my php, is this like fatals to browser in perl?

 

thanks

 

ps i have no idea how to impliment that checking script that you showed me above! sorry!

 

Here I also fixed those errors

 

also you dont do this

 

die(echo"something");

<?php
    //database inforamtion
      $host="stocks"; // Host name
      $username="wbennett"; // Mysql username
      $password="mysql5"; // Mysql password
      $db_name="wbennett"; // Database name
      $tbl_name1="flight_webair";
     
    // Connect to server and select databse.
      mysql_connect("$host", "$username", "$password")or die(echo "cannot connect");
      mysql_select_db("$db_name")or die(echo "cannot select DB");    
     
    //variables 
      $flight_route_out=$_POST['flight_route_out'];
     $flight_route_return=$_POST['flight_route_return'];
     $date_out=$_POST['departure_date'];
     $date_return=$_POST['return_date'];
     $passenger_num=$_POST['num_of_pass'];
     $one_way=$_POST['one_way'];

     print_r($_POST);
   
      //To protect MySQL injection 
      $flight_route_out = stripslashes($flight_route_out);
      $flight_route_return = stripslashes($flight_route_return);
      $flight_route_out = mysql_real_escape_string($flight_route_out);
      $flight_route_return = mysql_real_escape_string($flight_route_return);
   
   //Queries
     $sql1="SELECT * FROM `$tbl_name1` WHERE 'flight_route_out' = '$flight_route_out'";
     //$sql="SELECT * FROM `$tbl_name1` WHERE flight_route_return='$flight_route_return'";
   
   //Execute  query  1
     $result = mysql_query($sql1) or die ("Couldn't execute statement");

    if (!$result) {
    $message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $sql1;
    die($message);
                 }
             
   while ($row = mysql_fetch_assoc($result)) {
    
    echo $row['flight_route_out'];
    echo $row['flight_route_return'];
            
   }

   mysql_free_result($result);   
     
?>

 

thanks for that, still no output, is this definitely an error with my php, although ive run a test.cgi on my index with the same paramaters i have used in my php and it returns what i expect! damn!

 

thanks for fixing those bugs, do you know how i can use that errors output code?

 

edit thanks for that update!

 

many thanks

Link to comment
Share on other sites

Woo!! Now some errors

 

Test Post Data

Array
(
    [flight_route] => Bristol - Manchester
    [departure_date] => 24/12/2008
    [return_flight] => Bristol - Manchester
    [return_date] => 30/12/2008
    [Number_Of_Passengers] => 1
    [submit] => Submit
)

End Test Post Data
Notice: Undefined index: flight_route_out in /nas/students/w/wbennett/unix/public_html/webair/booking.php on line 21

Notice: Undefined index: flight_route_return in /nas/students/w/wbennett/unix/public_html/webair/booking.php on line 22

Notice: Undefined index: num_of_pass in /nas/students/w/wbennett/unix/public_html/webair/booking.php on line 25

Notice: Undefined index: one_way in /nas/students/w/wbennett/unix/public_html/webair/booking.php on line 26
Invalid query: Unknown column 'flight_route_out' in 'where clause' Whole query: SELECT * FROM `flight_webair` WHERE `flight_route_out` = ''

 

im gona try and solve a few of these any advice feel free to throw it at me!

 

many thanks!

Link to comment
Share on other sites

latest errors after some fixing... stil lsome issues...

 

Test Post Data

Array
(
    [flight_route_out] => Bristol - Newcastle
    [departure_date] => dd/mm/yy
    [flight_route_return] => Bristol - Newcastle
    [return_date] => dd/mm/yy
    [num_of_pass] => 1
    [submit] => Submit
)

End Test Post Data
Notice: Undefined index: one_way in /nas/students/w/wbennett/unix/public_html/webair/booking.php on line 26

Notice: Undefined index: $flight_route_out in /nas/students/w/wbennett/unix/public_html/webair/booking.php on line 48

Notice: Undefined index: $flight_route_return in /nas/students/w/wbennett/unix/public_html/webair/booking.php on line 49

 

latest code line 21 to end of php

 

 $one_way=$_POST['one_way'];
   
   //To protect MySQL injection 
     $flight_route_out = stripslashes($flight_route_out);
      $flight_route_return = stripslashes($flight_route_return);
      $flight_route_out = mysql_real_escape_string($flight_route_out);
      $flight_route_return = mysql_real_escape_string($flight_route_return);
   
   //Queries
     $sql1="SELECT * FROM `$tbl_name1` WHERE `flight_route` = '$flight_route_out'";
     //$sql="SELECT * FROM $tbl_name1 WHERE flight_route_return='$flight_route_return'";
   
   //Execute  query  1
     $result = mysql_query($sql1);

    if (mysql_error()) {
    $message  = 'Invalid query: ' . mysql_error() . "\n";
    $message .= 'Whole query: ' . $sql1;
    die($message);
                 }
             
   while ($row = mysql_fetch_assoc($result)) {
    echo $row['$flight_route_out'];
    echo $row['$flight_route_return'];
   }         
   

   mysql_free_result($result);   
     
?>

 

many thanks

Link to comment
Share on other sites

money on the form post that form as well please so we all get it write...

 

good point.. here is the form... thanks

 

 <form 
		   action= 'booking.php'
		   name="form1" 
		   method="post"
		 >  
               <select 
		     value="flight_route"
			 name= "flight_route_out" 
		   >
                 <option selected>
			   Bristol - Newcastle
             <option>
			   Newcastle - Bristol
             <option>
			   Bristol - Manchester
                 <option>
			   Manchester - Bristol
             <option>
			   Bristol - Dublin
             <option>
			   Dublin - Glasgow
             <option>
			   Glasgow - Bristol
             <option>
			   Bristol - Glasgow
             <option>
			   Glasgow - Newcastle
             <option>
			   Newcastle - Manchester
   
               </select>
   
           </td>

         <tr>
           <td>
	     Departure Date:
	   </td>
	 </tr>
         <tr>
	   <td>
             <input
	       type="text"
		   readonly="readonly"
		   value="dd/mm/yy"
		   onfocus="this.select();lcs(this)" 
		   onclick="event.cancelBubble=true;this.select();lcs(this)" 
		   name="departure_date"
		 >
	   </td>
           <td>
             One Way:
		   <br>
		    
		   <input 
		     name="one_way" 
			 type="checkbox" 
			 value="" 
			 onclick="greyText('one_way','return_date','return_flight')" 
               /> 
           </td>
	 </tr>
         <tr>
	   <td>
	     Return Flight
	   </td>
	 </tr>   
           <td>
	     <form 
		   action='booking.cgi'
		   name="form1"
		   method="post"
		 >
               <select
		     value="flight_route"
			 name= "flight_route_return" 
		   >
                 <option selected>
			   Bristol - Newcastle
                 <option>
			   Newcastle - Bristol
             <option>
			   Bristol - Manchester
                 <option>
			   Manchester - Bristol
             <option>
			   Bristol - Dublin
             <option>
			   Dublin - Glasgow
             <option>
			   Glasgow - Bristol
             <option>
			   Bristol - Glasgow
             <option>
			   Glasgow - Newcastle
             <option>
			   Newcastle - Manchester
   
               </select>
   
           </td>

           <tr>
             <td>
		   Return Date:
		 </td>
	   </tr>
           <tr>
	     <td>
		   <input
		     type="text"
		     name="return_date"
		     readonly="readonly"
		     value="dd/mm/yy"
		     onfocus="this.select();lcs(this)" 
		     onclick="event.cancelBubble=true;this.select();lcs(this)"
		   >
	     </td>
	   </tr>
           <tr>
	     <td>
		   Number of Passengers:
	     </td>
	   </tr>
           <td>
	     <select 
		   name="num_of_pass"
		 >
               <option selected>
		     1
               <option>
		     2
               <option>
		     3
               <option>
		     4
               <option>
		     5
               <option>
		     6
               <option>
		     7
               <option>
		     8
               <option>
		     9
               <option>
		     10
               <option>
		     11
               <option>
		     12
               <option>
		     13
               <option>
		     14
               <option>
		     15
             </selected>
           </td>
	 </tr>
         <tr>
	   <td>
	     <b>
		   <input
		     type="submit"
			 value= "Submit"
			 name="submit"
		   > 
		    
		   <input
		     type="reset"
			 value="Reset"
		   >
             </b>
           </td>
	 </tr>
       </td>
     </tr>
   </table> 	   
</form>

Link to comment
Share on other sites

Your forgot to close the first form with </form>

ill get on that, just changed 

             
   while ($row = mysql_fetch_assoc($result)) {
    echo $row['$flight_route_out'];
    echo $row['$flight_route_return'];
   }         
   

 

back to

 

             
   while ($row = mysql_fetch_assoc($result)) {
    echo $row['flight_route_out'];
    echo $row['flight_route_return'];
   }         
   

 

edit going to get rid of the second form and have it all in the same form...

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.