Database update from dropdown value

[mystifier]

Can anyone fix why a dropdown value doesn't get stored?

 

Database Field Definition

==================

`rec_access` set('Y','N') NOT NULL,

 

 

Form extract (correct value shows on entry)

==========

if($rec_access=="Y"){$rec="Yes";}

elseif($rec_access=="N"){$rec="No";}

echo"<tr><td align='right' width='160'>Give Record Access: </td><td>

<select name = 'rec_access'>

<option value='$rec_access'>$rec</option>

<option value=''>===</option>

<option value='Y'>Yes</option>

<option value='N'>No</option>

</select></td></tr>";

 

 

DBUpdate extract (text fields such as 'name' work fine, 'rec_access' always updates to 'Y')

=============

$sqlinsert = @mysql_query("update associates set

  name='$name',

  rec_access='$rec_access'

");

 

 

Thanks.

 

[Ken2k7]

What is set('Y','N')? Is set an alias of enum?

[mystifier]

I hadn't come across 'set' field types either which is part of my problem.

 

I understand that values are like enum but bitwise (1,2,4,8..); but if I sqldump, current values are 'Y' or 'N'.

 

I have tried setting option values to 'Y'/'N' '0'/'1' and '1'/'2' but the value always gets set to 'Y' no matter which option is selected.

 

I still haven't solved it.

[Ken2k7]

In your DBUpdate extract file, can you put this before your $sqlinsert?

 

var_dump($rec_access);

Tell me what that prints out.

[mystifier]

Value is NULL !!

 

Database Value following update shows 'Y' (phpmyadmin) and Dropdown shows 'Yes' on refresh.

 

[premiso]

How are you grabbing $rec_access from the form after it is submitted? Are you just calling $rec_access if so this means that you had register_globals turned on at one point and it was probably disabled due to a huge security flaw in it. Instead you need to assign $rec_access before you use it like below, assuming the form data is POST'ed:

 

$rec_access = isset($_POST['rec_access'])?$_POST['rec_access']:null;

 

This will check if that variables has been set if so it assigns $rec_access to that variable, if not it defaults it to null.

[mystifier]

Register Globals is ON !!

 

I have just inherited the site which is over 7 years old with several thousand bespoke files. I share your concern about Register Globals but turning it OFF would be a major undertaking.

 

Hardcoding the value to 'N' works fine. Very frustrating!

 

My first thoughts were to change the field type to Boolean but it is fairly deeply embedded.

 

 

 

[Ken2k7]

Hello,

If you got NULL from var_dump, then my guess is that the variable is not being set in some way. Can you post how you're defining the variable?

 

Thanks!

Ken

[premiso]

Hardcoding the value to 'N' works fine. Very frustrating!

 

It is not really hardcoding it. That is how it should be done. If that variable has not been set you do want it defaulted, since HTML/FORMS can be modified/submitted from remote sites it is better to do this in the code that you know will set it and it will work properly.

 

It is also good to set it like I showed, I know it is a major undertaking, but the security aspect alone should be worth it. I mean think if someone finds an exploit and jacks up your major files or finds a way into your DB and screws that up. It is well worth the security to do it right than to not. And if it was done right, with defined variables like I showed above, you would know where/why the value is not getting a value. As it is you are just playing a guessing game because you do not know if a COOKIE has been set for rec_access that overwrites the post data somewhere of if the user is simply passing it as a get string with their own sql injected value.

 

In my opinion, since it obviously would help you out here, I would fix the code, even if it is just 1 page at a time. As such, if you want to update to PHP 6 in the near future (less than 2 years my bet) you will have to do the re-code as register_globals is being removed completely from PHP with no option to turn it on.

 

/end rant/

[mystifier]

There is no declaration for rec_access; it is first assigned from a DB read:

 

while($ass_result = @mysql_fetch_array($get_ass_data))

{

$recs_access = $ass_result["rec_access"];

 

Thanks for sticking with it. I am new to php and mysql.

 

 

[Ken2k7]

Can you post a few lines up or up to the SQL part?

[mystifier]

The SQL is simply:

 

$get_ass_data = @mysql_query("select * from `associates` where `ref` = '$ref'");

 

The value of Rec_Access is read correctly and shows 'Yes' or 'No' on the first line of the dropdown accordingly. Regardless, it reverts to 'Yes' following the update.

 

I can't be reading the value from the control properly but I think my first post shows it all.

 

[premiso]

There is no declaration for rec_access; it is first assigned from a DB read:

 

$recs_access = $ass_result["rec_access"];

 

I understand that part. I am talking about when you submit the form to change the dropdown. You stated that it gets put back in as "Y" no matter what. That part of the code is where you would put that definition I posted earlier as it seems like your $rec_access variable is not being set or retrieved from the form properly.

 

The code to populate that dropdown list has nothing to do with the issue you are describing. It is mute point. You are saying that the value being submitted from the form is not updating correctly, however the form is populating just fine right?

[mystifier]

Yikes! I have to pick the kids up... I'll get back to it later.

 

Thanks so far.

 

[mystifier]

Back... and this is driving me nuts!

 

Somehow, $rec_access is not being set. The start of the form is:

 

echo"<form action='$php_self' method='post'>...

 

I can't believe how many hours this has soaked up 

 

[Ken2k7]

Can you please just post the entire code instead of snippets? I think this will go faster that way.

[mystifier]

There's reams of it but this is the entire section...

 

 

if (isset($submit)){

$testuser = @mysql_query("select count(id) from associates where username like '$username' and `ref`<>'$ref'");

$count=mysql_result($testuser,0,"count(id)");

if($count>0) # username already exists - display form again - with completed variables

{

$notes=stripslashes($notes);

$lname=stripslashes($lname);

echo"<form action='$php_self' method='post'>

<table width='600'>

<tr><td colspan='2' style='color:red;font-weight:600;'>";

echo"<br />Username ($username) Already In Use - Please Try Another"; unset($username);

echo"<br /><br /></td></tr>

 

<tr><td align='right' width='160'>First Name: </td><td><input type = text name = 'fname' value='$fname'></td></tr>

<tr><td align='right' width='160'>Last Name: </td><td><input type = text name = 'lname' value='$lname'></td></tr>

<tr><td align='right' width='160'>Telephone: </td><td><input type = text name = 'tel' value='$tel'></td></tr>

<tr><td align='right' width='160'>Email Address: </td><td><input type = text name = 'email' value='$email'> <small><em>(This must have been setup in \"Set up your Email\")</em></small></td></tr>

<tr><td align='right' width='160'>Email Password: </td><td><input type = text name = 'empass' value='$empass'> <small><em>(As Above)</em></small></td></tr>

<tr><td align='right' width='160'>Preferred Username: </td><td><input type = text name = 'username' value='$username'> <small><em>(Minimum 8 chars - lower case - no spaces)</em></small></td></tr>

<tr><td align='right' width='160'>Preferred Password: </td><td><input type = text name = 'password' value='$password'> <small><em>(Minimum 8 chars - lower case - no spaces)</em></small></td></tr>

<tr><td align='right' width='160'>Address: </td><td><textarea name= 'address' rows='3' cols='30' style='font-size: 10px; color: maroon; padding:10 10 10 10;'>$address</textarea></td></tr>";

 

if($recons_access=="Y"){$recons="Yes";}

elseif($recons_access=="N"){$recons="No";}

echo"<tr><td align='right' width='160'>Give Reconciliations Access: </td><td>

<select name = 'recons_access'>

<option value='$recons_access'> $recons </option>

<option value=''>=======</option>

<option value='Y'>Yes</option>

<option value='N'>No</option>

</select></td></tr>";

 

if($active==1){$actval = "Yes";}

elseif($active==0){$actval = "No";}

echo"<tr><td align='right' width='160'>Active: </td><td>

<select name = 'active'>

<option value='$active'>$actval »</option>

<option value=''>=======</option>

<option value='1'>Yes</option>

<option value='0'>No</option>

</select><small><em></td></tr>";

 

echo"<tr><td valign=\"top\"

align='right'>Notes: </td><td><textarea name= 'notes' rows='3' cols='40' style='font-size: 10px; color: maroon; padding:10 10 10 10;'>$notes</textarea></td></tr>

<tr><td colspan = '2' align='center'>

<input type = 'hidden' name = 'ref' value='$ref'>

<input type=\"submit\" name=\"submit\" value=\"Submit information\"> 

<input type=\"reset\" value=\"Clear all fields\"></td></tr></table>

</form>";

exit();

}

elseif($count=='0')

{

$sqlinsert = @mysql_query("update associates set

fname = '$fname',

lname='$lname',

recons_access= '$recons_access',

tel = '$tel',

email='$email',

empass='$empass',

username='$username',

password='$password',

address='$address',

active='$active',

notes='$notes'

where ref = '$ref'

");

 

if ($sqlinsert)

{

echo("<tr><td colspan = '2' align='center'>Database Updated Successfully</td></tr>");

}

else

{

echo("<tr><td colspan = '2' align='center' style='font-weight:600;'>Error Updating Database: " . mysql_error() . "</td></tr>");

}

echo"<tr><td colspan = '2' align='center'><br />

Logon Using:<br />

<br />

$username as Username<br />

$password as Password<br /><br />

<br />

<br />

<a href='admin.php'>Return to Main Admin Page</a><br /><br />

</td></tr>";

}

# if more than 1 county required - then it/they need(s) to be added manually into areas table using county id

echo"</table>";

exit();

}

 

# =======================

//main entry point

# =======================

 

elseif((isset($ref))&&(!$submit))

{

# get all data from database for $ref...

$get_ass_data = @mysql_query("select * from `associates` where `ref` = '$ref'");

while($ass_result = @mysql_fetch_array($get_ass_data))

{

$fname = $ass_result["fname"];

$lname = $ass_result["lname"];

$tel = $ass_result["tel"];

$email = $ass_result["email"];

$empass = $ass_result["empass"];

$username = $ass_result["username"];

$password = $ass_result["password"];

$address = $ass_result["address"];

$recons_access = $ass_result["recons_access"];

$active = $ass_result["active"];

$notes = $ass_result["notes"];

echo "

<form action='$php_self' method='post'>

<table width='600'>

<tr><td colspan='2'><h1>Edit Partners and Assistants</h1><hr /><br /><br /></td></tr>";

echo"

<tr><td align='right' width='160'>First Name: </td><td><input type = text name = 'fname' value='$fname'></td></tr>

<tr><td align='right' width='160'>Last Name: </td><td><input type = text name = 'lname' value='$lname'></td></tr>

<tr><td align='right' width='160'>Telephone: </td><td><input type = text name = 'tel' value='$tel'></td></tr>

<tr><td align='right' width='160'>Email Address: </td><td><input type = text name = 'email' value='$email'> <small><em>(This must have been setup in \"Set up your Email\")</em></small></td></tr>

<tr><td align='right' width='160'>Email Password: </td><td><input type = text name = 'empass' value='$empass'> <small><em>(As Above)</em></small></td></tr>

<tr><td align='right' width='160'>Preferred Username: </td><td><input type = text name = 'username' value='$username'> <small><em>(Minimum 8 chars - lower case - no spaces)</em></small></td></tr>

<tr><td align='right' width='160'>Preferred Password: </td><td><input type = text name = 'password' value='$password'> <small><em>(Minimum 8 chars - lower case - no spaces)</em></small></td></tr>

<tr><td align='right' width='160'>Address: </td><td><textarea name= 'address' rows='3' cols='30' style='font-size: 10px; color: maroon; padding:10 10 10 10;'>$address</textarea></td></tr>";

 

if($recons_access=="Y"){$recons="Yes";}

elseif($recons_access=="N"){$recons="No";}

echo"<tr><td align='right' width='160'>Give Reconciliations Access: </td><td>

<select name = 'recons_access'>

<option value='$recons_access'> $recons </option>

<option value=''>=======</option>

<option value='Y'>Yes</option>

<option value='N'>No</option>

</select><small><em></td></tr>";

 

if($active==1){$actval = "Yes";}

elseif($active==0){$actval = "No";}

echo"<tr><td align='right' width='160'>Active: </td><td>

<select name = 'active'>

<option value='$active'>$actval »</option>

<option value=''>=======</option>

<option value='1'>Yes</option>

<option value='0'>No</option>

</select><small><em></td></tr>";

 

echo"<tr><td valign=\"top\"

align='right'>Notes: </td><td><textarea name= 'notes' rows='3' cols='40' style='font-size: 10px; padding:10 10 10 10;'>$notes</textarea></td></tr>

<tr><td colspan = '2' align='center'>

<input type = 'hidden' name = 'ref' value='$ref'>

<input type=\"submit\" name=\"submit\" value=\"Update Information\">

</form>";

 

[Ken2k7]

Please read Forum DOs #4 - http://www.phpfreaks.com/page/rules-and-terms-of-service#toc_forum_dos

 

Keep that in mind for future posting.

 

The code posted doesn't help because I still don't know what $recons_access is defined as.

[mystifier]

Again there is still no formal declaration of $recons_access.

 

If, in the very original post, I change the Name of the select to something different and reference that. Viz:

 

<select name = 'rec_access_xxx'>

...

$sqlinsert = @mysql_query("update associates set

  rec_access='$rec_access_xxx'

");

 

 

It works!!!

 

Am I missing something really fundamental?

[Ken2k7]

If you're selecting it like that, then I think you want:

$rec_access = $_POST['rec_access'];

 

Yes?

[mystifier]

It's funny but I expected all lines in the insert to be $_POST[]; but they weren't and are as shown.

 

All textboxes work fine which still Name and Value; if I add $_POST the page falls over with a parse error.

 

I am beginning to regret my php involvement !!

 

[Ken2k7]

What do you mean if you add $_POST you get a parse error? Can you show me the code for that?

[mystifier]

Form

====

echo"<form action='$php_self' method='post'>

<select name = 'rec_access'>

 

Update

=====

$sqlinsert = @mysql_query("update associates set

rec_access = $_POST[$rec_access];

");

 

 

 

Editing the last line from rec_access = '$rec_access' gives:

 

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in xxx.php on line yy

 

Also tried as many derivatives as I can think of

eg. rec_access = '$_POST[$rec_access];'

[Ken2k7]

Wow, I never thought I say this, but just copy and paste the line of code I posted above.

[mystifier]

Ah...

 

$recs_access = $_POST['rec_access'];

$sqlinsert = @mysql_query("update associates set

rec_access= '$rec_access',

 

Still not quite sure why this is not necessary with textboxs on the form but at last, it works.

 

Many thanks indeed for sticking with it Ken2k7, and excuse my slight stupidity!