ellegua220 Posted October 27, 2009 Share Posted October 27, 2009 $action = "insert"; //$action = $_GET['action']; why is this invalid type? I am just modifying code that is there and want the action = insert so it will run all the parts of the code for insert and nothing else... Quote Link to comment Share on other sites More sharing options...
Bricktop Posted October 27, 2009 Share Posted October 27, 2009 Hi ellegua220, Post your full code so we can see exactly where this is going wrong. Quote Link to comment Share on other sites More sharing options...
ellegua220 Posted October 27, 2009 Author Share Posted October 27, 2009 <html> <head> <title>User Admin</title> <link rel="STYLESHEET" href="../style.css" type="text/css"> </head> <body> <center> <h1>User Admin</h1> </center> <script language="php"> include("db.php"); $action = $_GET['action']; $userid = $_GET['userid']; // this is where I want to assign insert to action so it just runs the insert // can I email you? if ($action == "update" || $action == "insert") { if (preg_match('/[^\d]/', $userid) > 0) { die("<p class=highlight>invalid userid</p>"); } $username = $_GET['username']; if (preg_match('/[^\w\.@ ]/', $username) > 0) { die("<p class=highlight>invalid username: must only contain letters, digits, spaces, dots, underscores and @</p>"); } $email = $_GET['email']; if ($email != "") { if (! (preg_match('/@/', $email))) { die("<p class=highlight>invalid email address</p>"); } if (! (preg_match('/\./', $email))) { die("<p class=highlight>invalid email address</p>"); } if (preg_match('/[ \047\042\|<>]/', $email) > 0) { die("<p class=highlight>invalid email address</p>"); } } $first_name = $_GET['first_name']; if (preg_match('/[\047\042]/', $first_name) > 0) { die("<p class=highlight>invalid first name</p>"); } $last_name = $_GET['last_name']; if (preg_match('/[\047\042]/', $last_name) > 0) { die("<p class=highlight>invalid last name</p>"); } $password = $_GET['password']; if (preg_match('/[\047\042]/', $password) > 0) { die("<p class=highlight>invalid password</p>"); } $phone = $_GET['phone']; if (preg_match('/[^ \d\.\/\(\)\+\-]/', $phone) > 0) { die("<p class=highlight>invalid phone number</p>"); } $street_address = $_GET['street_address']; if (preg_match('/[\047\042]/', $street_address) > 0) { die("<p class=highlight>invalid street_address</p>"); } $other_address = $_GET['other_address']; if (preg_match('/[\047\042]/', $other_address) > 0) { die("<p class=highlight>invalid other_address</p>"); } $city = $_GET['city']; if (preg_match('/[\047\042]/', $city) > 0) { die("<p class=highlight>invalid city</p>"); } $state = $_GET['state']; if (preg_match('/[^a-zA-Z]/', $state) > 0) { die("<p class=highlight>invalid state</p>"); } $zipcode = $_GET['zipcode']; if (preg_match('/[\047\042]/', $zipcode) > 0) { die("<p class=highlight>invalid zipcode</p>"); } $type = $_GET['type']; if ($type != "T" && $type != "A" && $type != "S" && $type != "K") { die("<p class=highlight>invalid type</p>"); } $school = $_GET['school']; if (preg_match('/[\047\042]/', $school) > 0) { die("<p class=highlight>invalid school</p>"); } $school_district = $_GET['school_district']; if (preg_match('/[\047\042]/', $school_district) > 0) { die("<p class=highlight>invalid school_district</p>"); } $double_gui = $_GET['double_gui']; if ($double_gui != "Y") { $double_gui = "N"; } if ($email == "") { die("<p class=highlight>email cannot be blank</p>"); } if ($username == "") { die("<p class=highlight>username cannot be blank</p>"); } if ($first_name == "") { die("<p class=highlight>first name cannot be blank</p>"); } if ($last_name == "") { die("<p class=highlight>last name cannot be blank</p>"); } if ($street_address == "") { die("<p class=highlight>street_address cannot be blank</p>"); } if ($city == "") { die("<p class=highlight>city cannot be blank</p>"); } if ($state == "") { die("<p class=highlight>state cannot be blank</p>"); } if ($zipcode == "") { die("<p class=highlight>zipcode cannot be blank</p>"); } if ($password == "") { die("<p class=highlight>password cannot be blank</p>"); } if ($type == "") { die("<p class=highlight>type cannot be blank</p>"); } if ($action == "insert") { // adding a new user if ($username == "") { die("<p class=highlight>username cannot be blank</p>"); } if ($company_id == "") { $company_id = "null"; } $query = "insert into user values(null, '$username', '$email', '$first_name', '$last_name', '$password', '$phone', '$street_address', '$other_address', '$city', '$state', '$zipcode', '$type', '$school', '$school_district', current_timestamp, '$double_gui')"; mysql_query($query, $mysql_link) or die(mysql_error()); print "<p class=highlight>User added</p>"; print "<meta http-equiv='Refresh' content='2; url=useradmin.php'>"; } else { if ($userid == "") { die("<p class=highlight>no userid specified</p>"); } $query = "UPDATE user set username='$username', email='$email', first_name='$first_name', last_name='$last_name', password='$password', phone='$phone', street_address='street_address', other_address='$other_address', city='$city', state='$state', zipcode='$zipcode', type='$type', school='$school', school_district='$school_district',double_gui='$double_gui' where userid=$userid"; mysql_query($query, $mysql_link) or die(mysql_error()); print "<p class=highlight>User details updated</p>"; print "<meta http-equiv='Refresh' content='2; url=useradmin.php'>"; } include("updatepasswd.php"); include("updateconfig.php"); } elseif ($action == "edit" || $action == "add") { if ($action == "edit") { if ($userid == "") { die("<p class=highlight>no userid specified</p>"); } if (preg_match('/[^\d]/', $userid) > 0) { die("<p class=highlight>invalid userid</p>"); } // get details from db $query = "SELECT userid, username, email, first_name, last_name, password, phone, street_address, other_address, city, state, zipcode, type, school, school_district, DATE_ADD(date_registered, INTERVAL $time_diff HOUR),double_gui from user where userid=$userid"; $result = mysql_query($query, $mysql_link); if((!result) || (! mysql_num_rows($result))) { die("<p class=highlight>error getting details of user userid=$userid from db</p>"); } if ($row = mysql_fetch_row($result)) { $userid = $row[0]; $username = $row[1]; $email = $row[2]; $first_name = $row[3]; $last_name = $row[4]; $password = $row[5]; $phone = $row[6]; $street_address = $row[7]; $other_address = $row[8]; $city = $row[9]; $state = $row[10]; $zipcode = $row[11]; $type = $row[12]; $school = $row[13]; $school_district = $row[14]; $date_registered = $row[15]; $double_gui = $row[16]; if ($type == "S") { $student_selected = "selected"; } elseif ($type == "T") { $tutor_selected = "selected"; } elseif ($type == "A") { $admin_selected = "selected"; } elseif ($type == "K") { $tech_selected = "selected"; } } } print "<form>"; print "<table>"; if ($action == "edit") { print "<input type=hidden name=action value=update>"; print "<input type=hidden name=userid value='$userid'>"; } else { print "<input type=hidden name=action value=insert>"; } print "<tr><td>Username:</td><td><input type=text maxlength=40 name=username value=\"$username\"> (REQUIRED)</td><tr>"; print "<tr><td>Email: </td><td><input type=text maxlength=80 name=email value=\"$email\"> (REQUIRED)</td><tr>"; print "<tr><td>First Name:</td><td><input type=text maxlength=40 name=first_name value=\"$first_name\"> (REQUIRED)</td><tr>"; print "<tr><td>Last Name:</td><td><input type=text maxlength=40 name=last_name value=\"$last_name\"> (REQUIRED)</td><tr>"; print "<tr><td>Password:</td><td><input type=text maxlength=40 name=password value=\"$password\"> (REQUIRED)</td><tr>"; print "<tr><td>Phone:</td><td><input type=text maxlength=20 name=phone value=\"$phone\"></td><tr>"; print "<tr><td>Street Address:</td><td><input type=text maxlength=80 name=street_address value=\"$street_address\"> (REQUIRED)</td><tr>"; print "<tr><td>Other Address:</td><td><input type=text maxlength=80 name=other_address value=\"$other_address\"></td><tr>"; print "<tr><td>City:</td><td><input type=text maxlength=40 name=city value=\"$city\"> (REQUIRED)</td><tr>"; print "<tr><td>State:</td><td><input size=2 type=text maxlength=2 name=state value=\"$state\"> (REQUIRED)</td><tr>"; print "<tr><td>Zipcode:</td><td><input type=text maxlength=10 name=zipcode value=\"$zipcode\"> (REQUIRED)</td><tr>"; print "<tr><td>Type:</td><td><select name=type><option value='S' $student_selected>Student</option><option value='T' $tutor_selected>Tutor</option><option value='A' $admin_selected>Admin</option><option value='K' $tech_selected>Tech</option></select>"; print "<tr><td>School:</td><td><input type=text maxlength=80 name=school value=\"$school\"></td><tr>"; print "<tr><td>School District:</td><td><input type=text maxlength=80 name=school_district value=\"$school_district\"></td><tr>"; $checked = ""; if ($double_gui == "Y") { $checked = "checked"; } print "<tr><td>Use Double GUI:</td><td><input type=checkbox name=double_gui value=\"Y\" $checked></td><tr>"; print "</table>"; if ($action == "add") { print "<p><input type=submit value=\"Add User\"></p>"; } else { print "<p><input type=submit value=\"Update User Details\"></p>"; } print "</form>"; print "<hr>"; print "<p>Upload multiple students from CSV file:</p>\n"; print "<form enctype='multipart/form-data' action='csvupload.php' method='POST'>\n"; print "<input type='hidden' name='MAX_FILE_SIZE' value='100000000'>\n"; print "Choose a file to upload: <input name='csvfile' type='file'><br>\n"; print "<input type='submit' value='Upload CSV File'>\n"; print "</form>\n"; } elseif ($action == "") { $qual = ""; if ($userid != "") { if (preg_match('/[^\d]/', $userid) > 0) { die("<p class=highlight>invalid userid</p>"); } $qual = "where userid=$userid"; } print "<form><input type=\"hidden\" name=\"action\" value=\"add\"><input type=submit value=\"Add New User\"></form>"; } </script> <a href=index.html>Back to Admin Home</a> </body> </html> CancelCancel Quote Link to comment Share on other sites More sharing options...
Bricktop Posted October 27, 2009 Share Posted October 27, 2009 Hi ellegua220, $action = "insert"; should work, what is the exact error message you are receiving? Quote Link to comment Share on other sites More sharing options...
ellegua220 Posted October 27, 2009 Author Share Posted October 27, 2009 invalid type Quote Link to comment Share on other sites More sharing options...
Bricktop Posted October 28, 2009 Share Posted October 28, 2009 Hi ellegua220, I got your Private Message and have removed the button as requested. I have also made a few changes to the logic of your code in other places as it wasn't quite right. The reason your type variable always returns "Invalid Type" is because of the logic of the query, click here for a better explanation. I have simply removed this line of code, you're already validating $type for being empty, and as it's a select box hard coded into the form the extra level of checking you were trying to achieve probably isn't required. Below is the new code. <html> <head> <title>User Admin</title> <link rel="STYLESHEET" href="../style.css" type="text/css"> </head> <body> <center> <h1>User Admin</h1> </center> <script language="php"> include("db.php"); $action = $_GET['action']; $userid = $_GET['userid']; // this is where I want to assign insert to action so it just runs the insert // can I email you? if ($action == "update" || $action == "insert") { if (preg_match('/[^\d]/', $userid) > 0) { die("<p class=highlight>invalid userid</p>"); } $username = $_GET['username']; if (preg_match('/[^\w\.@ ]/', $username) > 0) { die("<p class=highlight>invalid username: must only contain letters, digits, spaces, dots, underscores and @</p>"); } $email = $_GET['email']; if ($email != "") { if (! (preg_match('/@/', $email))) { die("<p class=highlight>invalid email address</p>"); } if (! (preg_match('/\./', $email))) { die("<p class=highlight>invalid email address</p>"); } if (preg_match('/[ \047\042\|<>]/', $email) > 0) { die("<p class=highlight>invalid email address</p>"); } } $first_name = $_GET['first_name']; if (preg_match('/[\047\042]/', $first_name) > 0) { die("<p class=highlight>invalid first name</p>"); } $last_name = $_GET['last_name']; if (preg_match('/[\047\042]/', $last_name) > 0) { die("<p class=highlight>invalid last name</p>"); } $password = $_GET['password']; if (preg_match('/[\047\042]/', $password) > 0) { die("<p class=highlight>invalid password</p>"); } $phone = $_GET['phone']; if (preg_match('/[^ \d\.\/\(\)\+\-]/', $phone) > 0) { die("<p class=highlight>invalid phone number</p>"); } $street_address = $_GET['street_address']; if (preg_match('/[\047\042]/', $street_address) > 0) { die("<p class=highlight>invalid street_address</p>"); } $other_address = $_GET['other_address']; if (preg_match('/[\047\042]/', $other_address) > 0) { die("<p class=highlight>invalid other_address</p>"); } $city = $_GET['city']; if (preg_match('/[\047\042]/', $city) > 0) { die("<p class=highlight>invalid city</p>"); } $state = $_GET['state']; if (preg_match('/[^a-zA-Z]/', $state) > 0) { die("<p class=highlight>invalid state</p>"); } $zipcode = $_GET['zipcode']; if (preg_match('/[\047\042]/', $zipcode) > 0) { die("<p class=highlight>invalid zipcode</p>"); } $school = $_GET['school']; if (preg_match('/[\047\042]/', $school) > 0) { die("<p class=highlight>invalid school</p>"); } $school_district = $_GET['school_district']; if (preg_match('/[\047\042]/', $school_district) > 0) { die("<p class=highlight>invalid school_district</p>"); } $double_gui = $_GET['double_gui']; if ($double_gui != "Y") { $double_gui = "N"; } if ($email == "") { die("<p class=highlight>email cannot be blank</p>"); } if ($username == "") { die("<p class=highlight>username cannot be blank</p>"); } if ($first_name == "") { die("<p class=highlight>first name cannot be blank</p>"); } if ($last_name == "") { die("<p class=highlight>last name cannot be blank</p>"); } if ($street_address == "") { die("<p class=highlight>street_address cannot be blank</p>"); } if ($city == "") { die("<p class=highlight>city cannot be blank</p>"); } if ($state == "") { die("<p class=highlight>state cannot be blank</p>"); } if ($zipcode == "") { die("<p class=highlight>zipcode cannot be blank</p>"); } if ($password == "") { die("<p class=highlight>password cannot be blank</p>"); } if ($type == "") { die("<p class=highlight>type cannot be blank</p>"); } if ($action == "insert") { // adding a new user if ($username == "") { die("<p class=highlight>username cannot be blank</p>"); } if ($company_id == "") { $company_id = "null"; } $query = "insert into user values(null, '$username', '$email', '$first_name', '$last_name', '$password', '$phone', '$street_address', '$other_address', '$city', '$state', '$zipcode', '$type', '$school', '$school_district', current_timestamp, '$double_gui')"; mysql_query($query, $mysql_link) or die(mysql_error()); print "<p class=highlight>User added</p>"; print "<meta http-equiv='Refresh' content='2; url=useradmin.php'>"; } else { if ($userid == "") { die("<p class=highlight>no userid specified</p>"); } $query = "UPDATE user set username='$username', email='$email', first_name='$first_name', last_name='$last_name', password='$password', phone='$phone', street_address='street_address', other_address='$other_address', city='$city', state='$state', zipcode='$zipcode', type='$type', school='$school', school_district='$school_district',double_gui='$double_gui' where userid=$userid"; mysql_query($query, $mysql_link) or die(mysql_error()); print "<p class=highlight>User details updated</p>"; print "<meta http-equiv='Refresh' content='2; url=useradmin.php'>"; } include("updatepasswd.php"); include("updateconfig.php"); } elseif (!$action) { if ($action == "edit") { if ($userid == "") { die("<p class=highlight>no userid specified</p>"); } if (preg_match('/[^\d]/', $userid) > 0) { die("<p class=highlight>invalid userid</p>"); } // get details from db $query = "SELECT userid, username, email, first_name, last_name, password, phone, street_address, other_address, city, state, zipcode, type, school, school_district, DATE_ADD(date_registered, INTERVAL $time_diff HOUR),double_gui from user where userid=$userid"; $result = mysql_query($query, $mysql_link); if((!result) || (! mysql_num_rows($result))) { die("<p class=highlight>error getting details of user userid=$userid from db</p>"); } if ($row = mysql_fetch_row($result)) { $userid = $row[0]; $username = $row[1]; $email = $row[2]; $first_name = $row[3]; $last_name = $row[4]; $password = $row[5]; $phone = $row[6]; $street_address = $row[7]; $other_address = $row[8]; $city = $row[9]; $state = $row[10]; $zipcode = $row[11]; $type = $row[12]; $school = $row[13]; $school_district = $row[14]; $date_registered = $row[15]; $double_gui = $row[16]; if ($type == "S") { $student_selected = "selected"; } elseif ($type == "T") { $tutor_selected = "selected"; } elseif ($type == "A") { $admin_selected = "selected"; } elseif ($type == "K") { $tech_selected = "selected"; } } } print "<form>"; print "<table>"; if ($action == "edit") { print "<input type=hidden name=action value=update>"; print "<input type=hidden name=userid value='$userid'>"; } else { print "<input type=hidden name=action value=insert>"; } print "<tr><td>Username:</td><td><input type=text maxlength=40 name=username value=\"$username\"> (REQUIRED)</td><tr>"; print "<tr><td>Email: </td><td><input type=text maxlength=80 name=email value=\"$email\"> (REQUIRED)</td><tr>"; print "<tr><td>First Name:</td><td><input type=text maxlength=40 name=first_name value=\"$first_name\"> (REQUIRED)</td><tr>"; print "<tr><td>Last Name:</td><td><input type=text maxlength=40 name=last_name value=\"$last_name\"> (REQUIRED)</td><tr>"; print "<tr><td>Password:</td><td><input type=text maxlength=40 name=password value=\"$password\"> (REQUIRED)</td><tr>"; print "<tr><td>Phone:</td><td><input type=text maxlength=20 name=phone value=\"$phone\"></td><tr>"; print "<tr><td>Street Address:</td><td><input type=text maxlength=80 name=street_address value=\"$street_address\"> (REQUIRED)</td><tr>"; print "<tr><td>Other Address:</td><td><input type=text maxlength=80 name=other_address value=\"$other_address\"></td><tr>"; print "<tr><td>City:</td><td><input type=text maxlength=40 name=city value=\"$city\"> (REQUIRED)</td><tr>"; print "<tr><td>State:</td><td><input size=2 type=text maxlength=2 name=state value=\"$state\"> (REQUIRED)</td><tr>"; print "<tr><td>Zipcode:</td><td><input type=text maxlength=10 name=zipcode value=\"$zipcode\"> (REQUIRED)</td><tr>"; print "<tr><td>Type:</td><td><select name=type><option value=\"Student\" $student_selected>Student</option><option value=\"Tutor\" $tutor_selected>Tutor</option><option value=\"Admin\" $admin_selected>Admin</option><option value=\"Tech\" $tech_selected>Tech</option></select>"; print "<tr><td>School:</td><td><input type=text maxlength=80 name=school value=\"$school\"></td><tr>"; print "<tr><td>School District:</td><td><input type=text maxlength=80 name=school_district value=\"$school_district\"></td><tr>"; $checked = ""; if ($double_gui == "Y") { $checked = "checked"; } print "<tr><td>Use Double GUI:</td><td><input type=checkbox name=double_gui value=\"Y\" $checked></td><tr>"; print "</table>"; if ($action == "add") { print "<p><input type=submit value=\"Add User\"></p>"; } else { print "<p><input type=submit value=\"Update User Details\"></p>"; } print "</form>"; print "<hr>"; print "<p>Upload multiple students from CSV file:</p>\n"; print "<form enctype='multipart/form-data' action='csvupload.php' method='POST'>\n"; print "<input type='hidden' name='MAX_FILE_SIZE' value='100000000'>\n"; print "Choose a file to upload: <input name='csvfile' type='file'><br>\n"; print "<input type='submit' value='Upload CSV File'>\n"; print "</form>\n"; } </script> <a href=index.html>Back to Admin Home</a> </body> </html> Hope this helps. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.