Jump to content

Recommended Posts

Can anyone fix why a dropdown value doesn't get stored?

 

Database Field Definition

==================

`rec_access` set('Y','N') NOT NULL,

 

 

Form extract (correct value shows on entry)

==========

if($rec_access=="Y"){$rec="Yes";}

elseif($rec_access=="N"){$rec="No";}

echo"<tr><td align='right' width='160'>Give Record Access: </td><td>

<select name = 'rec_access'>

<option value='$rec_access'>$rec</option>

<option value=''>===</option>

<option value='Y'>Yes</option>

<option value='N'>No</option>

</select></td></tr>";

 

 

DBUpdate extract (text fields such as 'name' work fine, 'rec_access' always updates to 'Y')

=============

$sqlinsert = @mysql_query("update associates set

  name='$name',

  rec_access='$rec_access'

");

 

 

Thanks.

 

Link to comment
https://forums.phpfreaks.com/topic/157005-database-update-from-dropdown-value/
Share on other sites

I hadn't come across 'set' field types either which is part of my problem.

 

I understand that values are like enum but bitwise (1,2,4,8..); but if I sqldump, current values are 'Y' or 'N'.

 

I have tried setting option values to 'Y'/'N' '0'/'1' and '1'/'2' but the value always gets set to 'Y' no matter which option is selected.

 

I still haven't solved it.

How are you grabbing $rec_access from the form after it is submitted? Are you just calling $rec_access if so this means that you had register_globals turned on at one point and it was probably disabled due to a huge security flaw in it. Instead you need to assign $rec_access before you use it like below, assuming the form data is POST'ed:

 

$rec_access = isset($_POST['rec_access'])?$_POST['rec_access']:null;

 

This will check if that variables has been set if so it assigns $rec_access to that variable, if not it defaults it to null.

Register Globals is ON !!

 

I have just inherited the site which is over 7 years old with several thousand bespoke files. I share your concern about Register Globals but turning it OFF would be a major undertaking.

 

Hardcoding the value to 'N' works fine. Very frustrating!

 

My first thoughts were to change the field type to Boolean but it is fairly deeply embedded.

 

 

 

Hardcoding the value to 'N' works fine. Very frustrating!

 

It is not really hardcoding it. That is how it should be done. If that variable has not been set you do want it defaulted, since HTML/FORMS can be modified/submitted from remote sites it is better to do this in the code that you know will set it and it will work properly.

 

It is also good to set it like I showed, I know it is a major undertaking, but the security aspect alone should be worth it. I mean think if someone finds an exploit and jacks up your major files or finds a way into your DB and screws that up. It is well worth the security to do it right than to not. And if it was done right, with defined variables like I showed above, you would know where/why the value is not getting a value. As it is you are just playing a guessing game because you do not know if a COOKIE has been set for rec_access that overwrites the post data somewhere of if the user is simply passing it as a get string with their own sql injected value.

 

In my opinion, since it obviously would help you out here, I would fix the code, even if it is just 1 page at a time. As such, if you want to update to PHP 6 in the near future (less than 2 years my bet) you will have to do the re-code as register_globals is being removed completely from PHP with no option to turn it on.

 

/end rant/

The SQL is simply:

 

$get_ass_data = @mysql_query("select * from `associates` where `ref` = '$ref'");

 

The value of Rec_Access is read correctly and shows 'Yes' or 'No' on the first line of the dropdown accordingly. Regardless, it reverts to 'Yes' following the update.

 

I can't be reading the value from the control properly but I think my first post shows it all.

 

There is no declaration for rec_access; it is first assigned from a DB read:

 

$recs_access = $ass_result["rec_access"];

 

I understand that part. I am talking about when you submit the form to change the dropdown. You stated that it gets put back in as "Y" no matter what. That part of the code is where you would put that definition I posted earlier as it seems like your $rec_access variable is not being set or retrieved from the form properly.

 

The code to populate that dropdown list has nothing to do with the issue you are describing. It is mute point. You are saying that the value being submitted from the form is not updating correctly, however the form is populating just fine right?

There's reams of it but this is the entire section...

 

 

if (isset($submit)){

$testuser = @mysql_query("select count(id) from associates where username like '$username' and `ref`<>'$ref'");

$count=mysql_result($testuser,0,"count(id)");

if($count>0) # username already exists - display form again - with completed variables

{

$notes=stripslashes($notes);

$lname=stripslashes($lname);

echo"<form action='$php_self' method='post'>

<table width='600'>

<tr><td colspan='2' style='color:red;font-weight:600;'>";

echo"<br />Username ($username) Already In Use - Please Try Another"; unset($username);

echo"<br /><br /></td></tr>

 

<tr><td align='right' width='160'>First Name: </td><td><input type = text name = 'fname' value='$fname'></td></tr>

<tr><td align='right' width='160'>Last Name: </td><td><input type = text name = 'lname' value='$lname'></td></tr>

<tr><td align='right' width='160'>Telephone: </td><td><input type = text name = 'tel' value='$tel'></td></tr>

<tr><td align='right' width='160'>Email Address: </td><td><input type = text name = 'email' value='$email'> <small><em>(This must have been setup in \"Set up your Email\")</em></small></td></tr>

<tr><td align='right' width='160'>Email Password: </td><td><input type = text name = 'empass' value='$empass'> <small><em>(As Above)</em></small></td></tr>

<tr><td align='right' width='160'>Preferred Username: </td><td><input type = text name = 'username' value='$username'> <small><em>(Minimum 8 chars - lower case - no spaces)</em></small></td></tr>

<tr><td align='right' width='160'>Preferred Password: </td><td><input type = text name = 'password' value='$password'> <small><em>(Minimum 8 chars - lower case - no spaces)</em></small></td></tr>

<tr><td align='right' width='160'>Address: </td><td><textarea name= 'address' rows='3' cols='30' style='font-size: 10px; color: maroon; padding:10 10 10 10;'>$address</textarea></td></tr>";

 

if($recons_access=="Y"){$recons="Yes";}

elseif($recons_access=="N"){$recons="No";}

echo"<tr><td align='right' width='160'>Give Reconciliations Access: </td><td>

<select name = 'recons_access'>

<option value='$recons_access'> $recons </option>

<option value=''>=======</option>

<option value='Y'>Yes</option>

<option value='N'>No</option>

</select></td></tr>";

 

if($active==1){$actval = "Yes";}

elseif($active==0){$actval = "No";}

echo"<tr><td align='right' width='160'>Active: </td><td>

<select name = 'active'>

<option value='$active'>$actval »</option>

<option value=''>=======</option>

<option value='1'>Yes</option>

<option value='0'>No</option>

</select><small><em></td></tr>";

 

echo"<tr><td valign=\"top\"

align='right'>Notes: </td><td><textarea name= 'notes' rows='3' cols='40' style='font-size: 10px; color: maroon; padding:10 10 10 10;'>$notes</textarea></td></tr>

<tr><td colspan = '2' align='center'>

<input type = 'hidden' name = 'ref' value='$ref'>

<input type=\"submit\" name=\"submit\" value=\"Submit information\"> 

<input type=\"reset\" value=\"Clear all fields\"></td></tr></table>

</form>";

exit();

}

elseif($count=='0')

{

$sqlinsert = @mysql_query("update associates set

fname = '$fname',

lname='$lname',

recons_access= '$recons_access',

tel = '$tel',

email='$email',

empass='$empass',

username='$username',

password='$password',

address='$address',

active='$active',

notes='$notes'

where ref = '$ref'

");

 

if ($sqlinsert)

{

echo("<tr><td colspan = '2' align='center'>Database Updated Successfully</td></tr>");

}

else

{

echo("<tr><td colspan = '2' align='center' style='font-weight:600;'>Error Updating Database: " . mysql_error() . "</td></tr>");

}

echo"<tr><td colspan = '2' align='center'><br />

Logon Using:<br />

<br />

$username as Username<br />

$password as Password<br /><br />

<br />

<br />

<a href='admin.php'>Return to Main Admin Page</a><br /><br />

</td></tr>";

}

# if more than 1 county required - then it/they need(s) to be added manually into areas table using county id

echo"</table>";

exit();

}

 

# =======================

//main entry point

# =======================

 

elseif((isset($ref))&&(!$submit))

{

# get all data from database for $ref...

$get_ass_data = @mysql_query("select * from `associates` where `ref` = '$ref'");

while($ass_result = @mysql_fetch_array($get_ass_data))

{

$fname = $ass_result["fname"];

$lname = $ass_result["lname"];

$tel = $ass_result["tel"];

$email = $ass_result["email"];

$empass = $ass_result["empass"];

$username = $ass_result["username"];

$password = $ass_result["password"];

$address = $ass_result["address"];

$recons_access = $ass_result["recons_access"];

$active = $ass_result["active"];

$notes = $ass_result["notes"];

echo "

<form action='$php_self' method='post'>

<table width='600'>

<tr><td colspan='2'><h1>Edit Partners and Assistants</h1><hr /><br /><br /></td></tr>";

echo"

<tr><td align='right' width='160'>First Name: </td><td><input type = text name = 'fname' value='$fname'></td></tr>

<tr><td align='right' width='160'>Last Name: </td><td><input type = text name = 'lname' value='$lname'></td></tr>

<tr><td align='right' width='160'>Telephone: </td><td><input type = text name = 'tel' value='$tel'></td></tr>

<tr><td align='right' width='160'>Email Address: </td><td><input type = text name = 'email' value='$email'> <small><em>(This must have been setup in \"Set up your Email\")</em></small></td></tr>

<tr><td align='right' width='160'>Email Password: </td><td><input type = text name = 'empass' value='$empass'> <small><em>(As Above)</em></small></td></tr>

<tr><td align='right' width='160'>Preferred Username: </td><td><input type = text name = 'username' value='$username'> <small><em>(Minimum 8 chars - lower case - no spaces)</em></small></td></tr>

<tr><td align='right' width='160'>Preferred Password: </td><td><input type = text name = 'password' value='$password'> <small><em>(Minimum 8 chars - lower case - no spaces)</em></small></td></tr>

<tr><td align='right' width='160'>Address: </td><td><textarea name= 'address' rows='3' cols='30' style='font-size: 10px; color: maroon; padding:10 10 10 10;'>$address</textarea></td></tr>";

 

if($recons_access=="Y"){$recons="Yes";}

elseif($recons_access=="N"){$recons="No";}

echo"<tr><td align='right' width='160'>Give Reconciliations Access: </td><td>

<select name = 'recons_access'>

<option value='$recons_access'> $recons </option>

<option value=''>=======</option>

<option value='Y'>Yes</option>

<option value='N'>No</option>

</select><small><em></td></tr>";

 

if($active==1){$actval = "Yes";}

elseif($active==0){$actval = "No";}

echo"<tr><td align='right' width='160'>Active: </td><td>

<select name = 'active'>

<option value='$active'>$actval »</option>

<option value=''>=======</option>

<option value='1'>Yes</option>

<option value='0'>No</option>

</select><small><em></td></tr>";

 

echo"<tr><td valign=\"top\"

align='right'>Notes: </td><td><textarea name= 'notes' rows='3' cols='40' style='font-size: 10px; padding:10 10 10 10;'>$notes</textarea></td></tr>

<tr><td colspan = '2' align='center'>

<input type = 'hidden' name = 'ref' value='$ref'>

<input type=\"submit\" name=\"submit\" value=\"Update Information\">

</form>";

 

Again there is still no formal declaration of $recons_access.

 

If, in the very original post, I change the Name of the select to something different and reference that. Viz:

 

<select name = 'rec_access_xxx'>

...

$sqlinsert = @mysql_query("update associates set

  rec_access='$rec_access_xxx'

");

 

 

It works!!!

 

Am I missing something really fundamental?

It's funny but I expected all lines in the insert to be $_POST[]; but they weren't and are as shown.

 

All textboxes work fine which still Name and Value; if I add $_POST the page falls over with a parse error.

 

I am beginning to regret my php involvement !!

 

Form

====

echo"<form action='$php_self' method='post'>

<select name = 'rec_access'>

 

Update

=====

$sqlinsert = @mysql_query("update associates set

rec_access = $_POST[$rec_access];

");

 

 

 

Editing the last line from rec_access = '$rec_access' gives:

 

Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in xxx.php on line yy

 

Also tried as many derivatives as I can think of

eg. rec_access = '$_POST[$rec_access];'

Ah...

 

$recs_access = $_POST['rec_access'];

$sqlinsert = @mysql_query("update associates set

rec_access= '$rec_access',

 

Still not quite sure why this is not necessary with textboxs on the form but at last, it works.

 

Many thanks indeed for sticking with it Ken2k7, and excuse my slight stupidity!

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.