Jump to content

I'm new to PHP-please help with my code!


JBrom

Recommended Posts

Hi,

 

This is my first post and below is my first bash at a php script. I have set up IIS on my PC and created a web form using HTML form fields. I want the form fields to be used to update an Access database which is in my root folder. The ODBC connection seems to work but for some reason the update isn't working. I dont receive any error messages but dont get the desired result of updating my db. Can you help - please go easy on me? My code is below.

 

HTML code is:

 

<form action= "update_script.php" method="post" enctype="text/plain" name="SubmitQuery" onsubmit="return formValidator()">

Please type your name in the field below:

</br></br>
<input type="text" class ="details" tabindex="1" size="37" name="Name of person submitting the query" id="req1"/>
</br><hr/>

Select the subject of your query from the drop down list:
</br></br>
<select class="formtextboxes" name="Subject of the Query" tabindex="2" id="selection2"/>
<option value="Please choose">Please choose</option>
<<option value="C.Tax">C.Tax</option>
<option value="Capital">Capital</option> 
<option value="Change of address">Change of address</option>
<option value="Dates">Dates</option>
<option value="E.Payment">E.Payment</option>
<option value="ED Bens">ED Bens</option>
<option value="Eligibility">Eligibility</option>
<option value="In & out of work">In & out of work</option>
<option value="Income">Income</option>
<option value="Other-Please state">Other-Please state</option>
<option value="Overpayments">Overpayments</option>
<option value="P/Credits">P/Credits</option>
<option value="Payments">Payments</option>
<option value="PFA's">PFA's</option>
<option value="Rent">Rent</option>
<option value="Revision/Supersession">Revision/Supersession</option>
<option value="Students">Students</option>
<option value="Training">Training</option>
</select>
<hr/>

Describe your query in detail so that we can answer in the best way:
</br></br>
<TEXTAREA name="Details of the query"  value="" tabindex="3" cols ="6" rows ="4"  id="req2"></TEXTAREA>
<hr/>

<input class="formbuttons" type="submit" value="Send"/>

<input class="formbuttons" type="reset" value="Reset"/>

<input type="hidden" size="20" id="date" Name="Contact type" value ="Email">

<input type="hidden" size="20" id="date" Name="Date the query was sent" value =" ">

<script type="text/javascript"> 
window.onload=function()
{var output=document.getElementById('date'); 
output.disabled=false; 
var mydate=new Date(), 
month=mydate.getMonth()+ 1, 
day=mydate.getDate(), 
year=mydate.getYear(); 
output.value = (day<10?'0'+day:day)+'-'+(month<10?'0'+month:month)+'-'+year; } 
</script>

</form>

 

update_script.php is as follows:

 

<html>
<head>
<title>Update script</title>
<head>
<body>

<link href ="P&Q CTax web page.css" rel="stylesheet" type="text/css"/>

<style type ="text/CSS">
</style>
</head>

<body>

<div id="container">
<img STYLE="position:absolute; TOP:25px; LEFT:250px; WIDTH:550px; HEIGHT:35px" src="Logo.jpg" alt="Bolton Logo"/> 

<div id="menu">
</div>
<div id="content">
</br></br></br></br></br></br></br></br>

<?php

$conn=odbc_connect('MyDSN','',''); 
if (!$conn)
  {exit("Connection Failed: " . $conn);}

$sql = "INSERT INTO Phone_log(Name of Person, Subject, Details, Contact type, Date of Query, In procedure manual, Time taken) 
VALUES 
(`{$_POST['Name of person submitting the query']}`,
`{$_POST['Subject of the Query']}`,
`{$_POST['Details of the query']}`,
`{$_POST['Contact type']}`,
`{$_POST['Date the query was sent']}`
`{['Awaiting update']}`,  
`{['Awaiting update']}`)";

if (!$sql)
{
print "Error in SQL";
}

else
{
print "<h3>Thank you for sumitting your query to the Policy & Quality team</h3><p>\n";
echo $_POST["Name of person submitting the query"];
echo $_POST["Subject of the Query"];
echo $_POST["Details of the query"];
echo $_POST["Contact type"];
echo $_POST["Date the query was sent"];
}

odbc_close($conn);

echo '<pre> 1. All GET and POST';
print_r($_REQUEST);
echo '<br>2. Only GET';
print_r($_GET);
echo '<br>2. Only POST';
print_r($_POST);
echo '</pre>';  
echo phpinfo()

?>
</body>
</html>

Link to comment
Share on other sites

Hi,

 

In script.php I can see odbc_connect, you then build the SQL statement to be executed into $sql and the next step is the odbc_close. At no point are you executing the SQL statement say with odbc_exec or with a prepare and execute.

 

Of course you need to seriously sanitise that data as it is horribly wide open at the moment - but then you know that already :)

 

Ant

Link to comment
Share on other sites

Thanks very much for the feedback.

 

I have amended the script based on your suggestion and it worked. Then had a nighmare with the php.ini reading from c:Windows/ instead of c:PHP. Eventually sorted that and set global variables to on. But still when I post my form even though the script appends to the db, nothing posts.

Used the following to check for output and nothing.

echo '<pre> 1. All GET and POST';
print_r($_REQUEST);
echo '<br>2. Only GET';
print_r($_GET);
echo '<br>2. Only POST';
print_r($_POST);

Re-checked all my HTML field names and they are correctly typed in the $POST_['Name'] funtion. When submitting the form I get  the message 'PHP Notice:  Undefined index:'.

 

Then tried Get rather than Post and the form values are sent to the receiving php page, but when I changed php to use $GET_['Name'] again no update in my db.

 

I never realised PHP this was this much fun!!!!

 

Again, any help would be appreciated, feels like when I resolve one issue another rasies its head. Code below.

 

 

<?php
//odbc connection 
$conn=odbc_connect('MyDSN','','');
if (!$conn)
  {exit("Connection Failed: " . $conn);}

foreach ($_POST AS $k => $v) { 
// ..trim, slash, escape...
$$k= mysql_real_escape_string( stripslashes( trim( $v ) ) ); 
} 

//sql declaration
$jbsql= "INSERT INTO Phone_log(`Name of Person`, `Subject`, `Details`, `Contact type`, `Date of Query`, `In procedure manual`, `Time taken`)
VALUES
('{$_POST['Name']}','{$_POST['Subject']}','{$_POST['Details']}','{$_POST['Contact']}','20/05/2011','Awaiting update','Awaiting update')";
//execute sql
$result = odbc_exec($conn, $jbsql);

echo '<pre> 1. All GET and POST';
print_r($_REQUEST);
echo '<br>2. Only GET';
print_r($_GET);
echo '<br>2. Only POST';
print_r($_POST);
echo '</pre>';  

//close connection
odbc_close($conn);

?>

 

Any help would very much appreciated. Thanks again :)

 

Link to comment
Share on other sites

im not sure that i follow your logic for doing this...but try this

echo '<pre> 1. All GET and POST';
print_r($_REQUEST[]);
echo '<br>2. Only GET';
print_r($_GET[]);
echo '<br>2. Only POST';
print_r($_POST[]);
echo '</pre>';  

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.