cjohnson9 Posted June 26, 2011 Share Posted June 26, 2011 Hey guys, I am doing a computer asset tracking system and cant figure out what I am doing wrong in this add asset page... any help would be greatly appreciated. Here is what I am trying to do: Allow a user to add an asset to the db as long as they are logged in, and have meet the required fields requirement. Any security comments or suggestions would be much appreciated as well... Thanks alot <?php if ($_SESSION['username']) { echo "You are logged in as <u>".$_SESSION['username']."</u>!</p>"; } else { echo "Log In"; } ?> <form action ='ah_add.php' method="POST"> <table border=1> <tr><td>Asset ID: *</td><td> <input type=text name="asset_id" maxlength="10" size="10"> </td></tr> <tr><td>Location: *</td><td> <select name="location"> <option value ="Auburn Hills"> Auburn Hills</option> <option value ="Los Angeles"> Los Angeles</option> <option value ="San Carlos"> San Carlos</option> <option value ="Boston"> Boston</option> <option value ="Nashville"> Nashville</option> </td></tr> <tr><td>Status: *</td><td> <select name="status"> <option value ="active"> active</option> <option value ="spare"> spare</option> </td></tr> <tr><td>Type: *</td><td> <select name="Type"> <option value ="desktop"> desktop</option> <option value ="laptop"> laptop</option> <option value ="server"> server</option> </td></tr> <tr><td>Manufacturer:</td><td> <select name="make"> <option value ="Apple"> Apple</option> <option value ="Dell"> Dell</option> <option value ="HP"> HP</option> <option value ="IBM"> IBM</option> <option value ="Lenovo"> Lenovo</option> <option value ="Custom"> Custom</option> </td></tr> <tr><td>Model: *</td><td> <select name="Model"> <option value ="MB Pro">MacBook Pro</option> <option value ="Mac Pro">Mac Pro</option> <option value ="Dimension D-620">Dimension D-620</option> <option value ="Dimension D-630">Dimension D-630</option> <option value ="Optiplex 745">Optiplex 745</option> <option value ="Optiplex 780">Optiplex 780</option> <option value ="Dimension M90">Dimension M90</option> <option value ="Dimension M6500">Dimension M6500</option> <option value ="Dimension E6410">Dimension E6410</option> <option value ="Dimension E6420">Dimension E6420</option> </td></tr> <tr><td>Amount of Ram:</td><td> <select name="Ram"> <option value ="not sure"> not sure</option> <option value ="Under 1GB"> under 1GB</option> <option value ="1 GB"> 1 GB</option> <option value ="2 GB"> 2 GB</option> <option value ="3 GB"> 3 GB</option> <option value ="4 GB"> 4 GB</option> <option value ="8 GB"> 8 GB</option> <option value ="16 GB"> 16 GB</option> <option value ="24 GB"> 24 GB</option> <option value ="Above 24GB"> Above 24GB</option> </td></tr> <tr><td>Warranty:</td><td> <input type="text" name="warranty" maxlength="20" size="20"></td></tr> <tr><td>Username:</td><td> <input type="text" name="active_user" maxlength="8" size="8"></td></tr> <tr><td>Notes:</td><td> <input type="text" name="notes" maxlength="45" size="45"></td></tr> </table> <br> <input class="buttonSubmit" type="submit" name="addid" value="Add"> </form> <?php if ($_SESSION['username']) { // Code to chech and insert data into the db if ($submit) { {$con = mysql_connect("localhost","root","c3rb3ru5"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("gpj_asset", $con); //process the input into variables $submit = $_POST['addid']; $asset_id = strtolower(strip_tags(trim($_POST['asset_id']))); $location = strip_tags(trim($_POST['location'])); $status = strip_tags(trim($_POST['status'])); $Platform = strip_tags(trim($_POST['type'])); $make = strip_tags(trim($_POST['make'])); $model = strip_tags(trim($_POST['model'])); $Ram = strip_tags(trim($_POST['Ram'])); $warranty = strip_tags(trim($_POST['warranty'])); $active_user = strip_tags(trim($_POST['active_user'])); $notes = strip_tags(trim($_POST['notes'])); // Check for an existing asset $runThis = "SELECT * FROM assets WHERE asset_id = '$asset_id'"; //find the amount that match $count = mysql_num_rows($runThis); //Validate input $error = false; if (empty($asset_id) || empty($location) || empty($Platform) || empty($status) || $count < "1") { $error = "All * fields are required"; } else { //No input errors, run query $result = mysql_query($query) or die(mysql_error()); $query = "INSERT INTO assets VALUES ('$asset_id','$location','$status','$Platform','$make', '$model','$Ram','$warranty','$active_user', '$notes')"; } //Check if any errors occured if($error !== false) { echo "<span style=\"color:red\"> {$error}</pan>\n"; } else { echo "Asset Added Successfully"; } } } } else echo " <form action=connect.php method=POST> <h3>Please Login <img src=\"images/0.410.gif\" /></h3> <table border=0> <tr><td>Username:</td><td> <input type=text name=username></td></tr> <tr><td>Password:</td><td> <input type=password name=password></td></tr></table> <input class=buttonSubmit type=submit name=submit value=submit></form>"; ?> Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 26, 2011 Share Posted June 26, 2011 if ($submit) ^^^ Where in your php code are you setting the $submit variable to a value that indicates that a form was submitted and that the form processing code inside that if(){} statement should be executed? Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted June 26, 2011 Share Posted June 26, 2011 You have no protection against SQL injection, BTW. Quote Link to comment Share on other sites More sharing options...
cjohnson9 Posted June 27, 2011 Author Share Posted June 27, 2011 I still am getting some syntax error... I added if (isset($_POST('addid') { } Here is the non working update... <?php if ($_SESSION['username']) { echo "You are logged in as <u>".$_SESSION['username']."</u>!</p>"; } else { echo "Log In"; } ?> <form action ='ah_add.php' method="POST"> <table border=1> <tr><td>Asset ID: *</td><td> <input type=text name="asset_id" maxlength="10" size="10"> </td></tr> <tr><td>Location: *</td><td> <select name="location"> <option value ="Auburn Hills"> Auburn Hills</option> <option value ="Los Angeles"> Los Angeles</option> <option value ="San Carlos"> San Carlos</option> <option value ="Boston"> Boston</option> <option value ="Nashville"> Nashville</option> </td></tr> <tr><td>Status: *</td><td> <select name="status"> <option value ="active"> active</option> <option value ="spare"> spare</option> </td></tr> <tr><td>Type: *</td><td> <select name="Type"> <option value ="desktop"> desktop</option> <option value ="laptop"> laptop</option> <option value ="server"> server</option> </td></tr> <tr><td>Manufacturer:</td><td> <select name="make"> <option value ="Apple"> Apple</option> <option value ="Dell"> Dell</option> <option value ="HP"> HP</option> <option value ="IBM"> IBM</option> <option value ="Lenovo"> Lenovo</option> <option value ="Custom"> Custom</option> </td></tr> <tr><td>Model: *</td><td> <select name="Model"> <option value ="MB Pro">MacBook Pro</option> <option value ="Mac Pro">Mac Pro</option> <option value ="Dimension D-620">Dimension D-620</option> <option value ="Dimension D-630">Dimension D-630</option> <option value ="Optiplex 745">Optiplex 745</option> <option value ="Optiplex 780">Optiplex 780</option> <option value ="Dimension M90">Dimension M90</option> <option value ="Dimension M6500">Dimension M6500</option> <option value ="Dimension E6410">Dimension E6410</option> <option value ="Dimension E6420">Dimension E6420</option> </td></tr> <tr><td>Amount of Ram:</td><td> <select name="Ram"> <option value ="not sure"> not sure</option> <option value ="Under 1GB"> under 1GB</option> <option value ="1 GB"> 1 GB</option> <option value ="2 GB"> 2 GB</option> <option value ="3 GB"> 3 GB</option> <option value ="4 GB"> 4 GB</option> <option value ="8 GB"> 8 GB</option> <option value ="16 GB"> 16 GB</option> <option value ="24 GB"> 24 GB</option> <option value ="Above 24GB"> Above 24GB</option> </td></tr> <tr><td>Warranty:</td><td> <input type="text" name="warranty" maxlength="20" size="20"></td></tr> <tr><td>Username:</td><td> <input type="text" name="active_user" maxlength="8" size="8"></td></tr> <tr><td>Notes:</td><td> <input type="text" name="notes" maxlength="45" size="45"></td></tr> </table> <br> <input class="buttonSubmit" type="submit" name="addid" value="Add"> </form> <?php if ($_SESSION['username'] { // Code to chech and insert data into the db if (isset($_POST('addid') { {$con = mysql_connect("localhost","root","c3rb3ru5"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("gpj_asset", $con); //process the input into variables $submit = $_POST['addid']; $asset_id = strtolower(strip_tags(trim($_POST['asset_id']))); $location = strip_tags(trim($_POST['location'])); $status = strip_tags(trim($_POST['status'])); $Platform = strip_tags(trim($_POST['type'])); $make = strip_tags(trim($_POST['make'])); $model = strip_tags(trim($_POST['model'])); $Ram = strip_tags(trim($_POST['Ram'])); $warranty = strip_tags(trim($_POST['warranty'])); $active_user = strip_tags(trim($_POST['active_user'])); $notes = strip_tags(trim($_POST['notes'])); // Check for an existing asset $runThis = "SELECT * FROM assets WHERE asset_id = '$asset_id'"; //find the amount that match $count = mysql_num_rows($runThis); //Validate input $error = false; if (empty($asset_id) || empty($location) || empty($Platform) || empty($status) || $count < "1") { $error = "All * fields are required"; } else { //No input errors, run query $result = mysql_query($query) or die(mysql_error()); $query = "INSERT INTO assets VALUES ('$asset_id','$location','$status','$Platform','$make', '$model','$Ram','$warranty','$active_user', '$notes')"; } //Check if any errors occured if($error !== false) { echo "<span style=\"color:red\"> {$error}</pan>\n"; } else { echo "Asset Added Successfully"; } } else { echo " <form action=connect.php method=POST> <h3>Please Login <img src=\"images/0.410.gif\" /></h3> <table border=0> <tr><td>Username:</td><td> <input type=text name=username></td></tr> <tr><td>Password:</td><td> <input type=password name=password></td></tr></table> <input class=buttonSubmit type=submit name=submit value=submit></form>"; ?> Quote Link to comment Share on other sites More sharing options...
cjohnson9 Posted June 27, 2011 Author Share Posted June 27, 2011 As for the SQL injection... I have SQL injection in my connect.php file which is called if the user is not logged in. Is this enough or should I add sql injection protection in all my fields? Thanks again Quote Link to comment Share on other sites More sharing options...
cjohnson9 Posted June 27, 2011 Author Share Posted June 27, 2011 Updated Code: Here is where I am at, I am not showing any errors but the data is not making it to my db... <?php if ($_SESSION['username']) { echo "You are logged in as <u>".$_SESSION['username']."</u>!</p>"; } else { echo "Log In"; } ?> <form action ='ah_add.php' method="POST"> <table border=1> <tr><td>Asset ID: *</td><td> <input type=text name="asset_id" maxlength="10" size="10"> </td></tr> <tr><td>Location: *</td><td> <select name="location"> <option value ="Auburn Hills"> Auburn Hills</option> <option value ="Los Angeles"> Los Angeles</option> <option value ="San Carlos"> San Carlos</option> <option value ="Boston"> Boston</option> <option value ="Nashville"> Nashville</option> </td></tr> <tr><td>Status: *</td><td> <select name="status"> <option value ="active"> active</option> <option value ="spare"> spare</option> </td></tr> <tr><td>Type: *</td><td> <select name="Type"> <option value ="desktop"> desktop</option> <option value ="laptop"> laptop</option> <option value ="server"> server</option> </td></tr> <tr><td>Manufacturer:</td><td> <select name="make"> <option value ="Apple"> Apple</option> <option value ="Dell"> Dell</option> <option value ="HP"> HP</option> <option value ="IBM"> IBM</option> <option value ="Lenovo"> Lenovo</option> <option value ="Custom"> Custom</option> </td></tr> <tr><td>Model: *</td><td> <select name="Model"> <option value ="MB Pro">MacBook Pro</option> <option value ="Mac Pro">Mac Pro</option> <option value ="Dimension D-620">Dimension D-620</option> <option value ="Dimension D-630">Dimension D-630</option> <option value ="Optiplex 745">Optiplex 745</option> <option value ="Optiplex 780">Optiplex 780</option> <option value ="Dimension M90">Dimension M90</option> <option value ="Dimension M6500">Dimension M6500</option> <option value ="Dimension E6410">Dimension E6410</option> <option value ="Dimension E6420">Dimension E6420</option> </td></tr> <tr><td>Amount of Ram:</td><td> <select name="Ram"> <option value ="not sure"> not sure</option> <option value ="Under 1GB"> under 1GB</option> <option value ="1 GB"> 1 GB</option> <option value ="2 GB"> 2 GB</option> <option value ="3 GB"> 3 GB</option> <option value ="4 GB"> 4 GB</option> <option value ="8 GB"> 8 GB</option> <option value ="16 GB"> 16 GB</option> <option value ="24 GB"> 24 GB</option> <option value ="Above 24GB"> Above 24GB</option> </td></tr> <tr><td>Warranty:</td><td> <input type="text" name="warranty" maxlength="20" size="20"></td></tr> <tr><td>Username:</td><td> <input type="text" name="active_user" maxlength="8" size="8"></td></tr> <tr><td>Notes:</td><td> <input type="text" name="notes" maxlength="45" size="45"></td></tr> </table> <br> <input class="buttonSubmit" type="submit" name="addid" value="Add"> </form> <?php if ($_SESSION['username']) { {$con = mysql_connect("localhost","root","c3rb3ru5"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("gpj_asset", $con); //process the input into variables $submit = $_POST['addid']; $asset_id = strtolower(strip_tags(trim($_POST['asset_id']))); $location = strip_tags(trim($_POST['location'])); $active = strip_tags(trim($_POST['status'])); $platform = strip_tags(trim($_POST['type'])); $make = strip_tags(trim($_POST['make'])); $model = strip_tags(trim($_POST['model'])); $Ram = strip_tags(trim($_POST['Ram'])); $warranty = strip_tags(trim($_POST['warranty'])); $active_user = strip_tags(trim($_POST['active_user'])); $notes = strip_tags(trim($_POST['notes'])); if ($submit) { // Check for an existing asset $runThis = "SELECT * FROM assets WHERE asset_id = '$asset_id'"; //find the amount that match $count = mysql_num_rows($runThis); //Validate input $error = false; if ($count!=0) { if ($asset_id && $location && $Platform && $status) { $error = "All * fields are required"; } else { //No input errors, run query $result = mysql_query($query) or die(mysql_error()); $query = "INSERT INTO assets ('asset_id, 'location', 'active', 'platform', 'make', 'model', 'Ram','warranty','active_user','notes') VALUES ('$asset_id','$location','$active','$platform','$make', '$model','$Ram','$warranty','$active_user', '$notes')"; } } //Check if any errors occured if($error !== false) { echo "<span style=\"color:red\"> {$error}</pan>\n"; } else { echo "Asset Added Successfully"; } } } } else echo " <form action=connect.php method=POST> <h3>Please Login <img src=\"images/0.410.gif\" /></h3> <table border=0> <tr><td>Username:</td><td> <input type=text name=username></td></tr> <tr><td>Password:</td><td> <input type=password name=password></td></tr></table> <input class=buttonSubmit type=submit name=submit value=submit></form>"; ?> I dont know what the problem is... ty, Quote Link to comment Share on other sites More sharing options...
jcbones Posted June 27, 2011 Share Posted June 27, 2011 You should probably define $query before you try to use it in the mysql_query() function. IE, move it ABOVE your database call. Quote Link to comment Share on other sites More sharing options...
cjohnson9 Posted June 27, 2011 Author Share Posted June 27, 2011 I moved the $query = INSERT statement above the $result = mysql_query($query) but I am still not writing to the database... Quote Link to comment Share on other sites More sharing options...
dolrichfortich Posted June 27, 2011 Share Posted June 27, 2011 You are using single qoutes for your table names. $query = "INSERT INTO assets ('asset_id, 'location', 'active', 'platform', 'make', 'model', 'Ram','warranty','active_user','notes') VALUES ('$asset_id','$location','$active','$platform','$make', '$model','$Ram','$warranty','$active_user', '$notes')"; Try this one and make sure you place it before you execute the query. $query = "INSERT INTO assets (`asset_id`, `location`, `active`, `platform`, `make`, `model`, `Ram`, `warranty`, `active_user`, `notes`) VALUES ('$asset_id','$location','$active','$platform','$make', '$model','$Ram','$warranty','$active_user', '$notes')"; Quote Link to comment Share on other sites More sharing options...
cjohnson9 Posted June 27, 2011 Author Share Posted June 27, 2011 I think I have it right but it doesn't add to the db still. <?php if ($_SESSION['username']) { echo "<p><b>My Account</b><br /><br /> <a href=ah.php>Auburn Hills</a><br /> <a href=la.php>Los Angeles</a><br /> <a href=sc.php>San Carlos</a><br /> <a href=bos.php>Boston</a><br /> <a href=bna.php>Nashville</a><br /> <a href=logout.php>log out</a><br /> <a href=account.php>Account Settings</a></p>"; }?> </p> </li> </ul> </li> <h4><span>About</span></h4> <ul> <li> <p style="margin: 0;"> This is system is in alpha stages of development...</p> </li> </ul> </li> <ul> <li></li> </ul> </div> <div id="content"> <div class="box"> <p><h3>Add New Machine</h3> <?php if ($_SESSION['username']) { echo "You are logged in as <u>".$_SESSION['username']."</u>!</p>"; } else { echo "Log In"; } ?> <form action ='ah_add.php' method="POST"> <table border=1> <tr><td>Asset ID: *</td><td> <input type=text name="asset_id" maxlength="10" size="10"> </td></tr> <tr><td>Location: *</td> <td> <select name="location"> <option value ="Auburn Hills"> Auburn Hills</option> <option value ="Los Angeles"> Los Angeles</option> <option value ="San Carlos"> San Carlos</option> <option value ="Boston"> Boston</option> <option value ="Nashville"> Nashville</option> </td></tr> <tr><td>Status: *</td> <td> <select name="status"> <option value ="active"> active</option> <option value ="spare"> spare</option> </td></tr> <tr><td>Type: *</td> <td> <select name="Type"> <option value ="desktop"> desktop</option> <option value ="laptop"> laptop</option> <option value ="server"> server</option> </td></tr> <tr><td>Manufacturer:</td> <td> <select name="make"> <option value ="Apple"> Apple</option> <option value ="Dell"> Dell</option> <option value ="HP"> HP</option> <option value ="IBM"> IBM</option> <option value ="Lenovo"> Lenovo</option> <option value ="Custom"> Custom</option> </td></tr> <tr><td>Model: *</td> <td> <select name="Model"> <option value ="MB Pro">MacBook Pro</option> <option value ="Mac Pro">Mac Pro</option> <option value ="Dimension D-620">Dimension D-620</option> <option value ="Dimension D-630">Dimension D-630</option> <option value ="Optiplex 745">Optiplex 745</option> <option value ="Optiplex 780">Optiplex 780</option> <option value ="Dimension M90">Dimension M90</option> <option value ="Dimension M6500">Dimension M6500</option> <option value ="Dimension E6410">Dimension E6410</option> <option value ="Dimension E6420">Dimension E6420</option> </td></tr> <tr><td>Amount of Ram:</td> <td> <select name="Ram"> <option value ="not sure"> not sure</option> <option value ="Under 1GB"> under 1GB</option> <option value ="1 GB"> 1 GB</option> <option value ="2 GB"> 2 GB</option> <option value ="3 GB"> 3 GB</option> <option value ="4 GB"> 4 GB</option> <option value ="8 GB"> 8 GB</option> <option value ="16 GB"> 16 GB</option> <option value ="24 GB"> 24 GB</option> <option value ="Above 24GB"> Above 24GB</option> </td></tr> <tr><td>Warranty:</td><td> <input type="text" name="warranty" maxlength="20" size="20"></td></tr> <tr><td>Username:</td><td> <input type="text" name="active_user" maxlength="8" size="8"></td></tr> <tr><td>Notes:</td><td> <input type="text" name="notes" maxlength="45" size="45"></td></tr> </table> <br> <input class="buttonSubmit" type="submit" name="addid" value="Add"> </form> <?php if ($_SESSION['username']) { {$con = mysql_connect("localhost","root","c3rb3ru5"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("gpj_asset", $con); //process the input into variables $submit = $_POST['addid']; $asset_id = strtolower(strip_tags(trim($_POST['asset_id']))); $location = strip_tags(trim($_POST['location'])); $active = strip_tags(trim($_POST['status'])); $platform = strip_tags(trim($_POST['type'])); $make = strip_tags(trim($_POST['make'])); $model = strip_tags(trim($_POST['model'])); $Ram = strip_tags(trim($_POST['Ram'])); $warranty = strip_tags(trim($_POST['warranty'])); $active_user = strip_tags(trim($_POST['active_user'])); $notes = strip_tags(trim($_POST['notes'])); if ($submit) { // Check for an existing asset $runThis = "SELECT * FROM assets WHERE asset_id = '$asset_id'"; //find the amount that match $count = mysql_num_rows($runThis); //Validate input $error = false; if ($count!=0) { if ($asset_id && $location && $Platform && $status) { $error = "All * fields are required"; } else { //No input errors, run query $query = "INSERT INTO assets (`asset_id`, `location`, `active`, `platform`, `make`, `model`, `Ram`, `warranty`, `active_user`, `notes`) VALUES ('$asset_id','$location','$active','$platform','$make', '$model','$Ram','$warranty','$active_user', '$notes')"; if (!$result) { die('Invalid query: ' . mysql_error()); } $result = mysql_query($query); } } //Check if any errors occured if($error !== false) { echo "<span style=\"color:red\"> {$error}</pan>\n"; } else { echo "Asset Added Successfully"; } } } } else echo " <form action=connect.php method=POST> <h3>Please Login <img src=\"images/0.410.gif\" /></h3> <table border=0> <tr><td>Username:</td><td> <input type=text name=username></td></tr> <tr><td>Password:</td><td> <input type=password name=password></td></tr></table> <input class=buttonSubmit type=submit name=submit value=submit></form>"; ?> Quote Link to comment Share on other sites More sharing options...
dolrichfortich Posted June 27, 2011 Share Posted June 27, 2011 You have some problem with your ordering of codes. //No input errors, run query $query = "INSERT INTO assets (`asset_id`, `location`, `active`, `platform`, `make`, `model`, `Ram`, `warranty`, `active_user`, `notes`) VALUES ('$asset_id','$location','$active','$platform','$make', '$model','$Ram','$warranty','$active_user', '$notes')"; if (!$result) { die('Invalid query: ' . mysql_error()); } $result = mysql_query($query); This would be the correct order. Execute the query first before checking if it is successful or not. Are you not getting some php errors from your code? //No input errors, run query $query = "INSERT INTO assets (`asset_id`, `location`, `active`, `platform`, `make`, `model`, `Ram`, `warranty`, `active_user`, `notes`) VALUES ('$asset_id','$location','$active','$platform','$make', '$model','$Ram','$warranty','$active_user', '$notes')"; $result = mysql_query($query); if (!$result) { die('Invalid query: ' . mysql_error()); } Quote Link to comment Share on other sites More sharing options...
cjohnson9 Posted June 27, 2011 Author Share Posted June 27, 2011 I made the change, but still no data in the db. Could there be something I did wrong in the form? The page doesn't seem to have any php syntax errors. Im such a noob! Thanks, Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 27, 2011 Share Posted June 27, 2011 That section of code is being skipped over due to your conditional statements (the previous error checking logic you had on the mysql_query() statement would have been giving errors due to the commas around the column names if the code was being executed.) Since there is no session_start() statement, none of your $_SESSION variables exist and any conditional logic testing those variables will be FALSE and will be skipped over. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 27, 2011 Share Posted June 27, 2011 LOL, in case anyone actually reads what I posted above - commas around the column names should have been quotes around the column names. Quote Link to comment Share on other sites More sharing options...
cjohnson9 Posted June 27, 2011 Author Share Posted June 27, 2011 I have a session start here is the whole code... I may not be understanding this though sorry... <?php session_start(); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Loki</title> <link rel="stylesheet" href="styles.css" type="text/css" /> <script type="text/javascript" src="js/jquery.js"></script> <script type="text/javascript" src="js/slider.js"></script> <script type="text/javascript" src="js/superfish.js"></script> <script type="text/javascript" src="js/custom.js"></script> </head> <body> <div id="container"> <div id="header"> <h1><a href="index.html">L0ki<strong></strong></a></h1> <h2>Asset Tracking System</h2> <div class="clear"></div> </div> <div id="nav"> <ul class="sf-menu dropdown"> <li class="selected"><a href="login.php">Login</a></li> <li class="selected"><a href="ah.php">Auburn Hills</a></li> <li class="selected"><a href="la.php">Los Angeles</a></li> <li class="selected"><a href="sc.php">San Carlos</a></li> <li class="selected"><a href="bos.php">Boston</a></li> <li class="selected"><a href="bna.php">Nashville</a></li> </ul> </div> <div id="body" class="has-slider"> <div class="sidebar"> <h4><span>GPJ Assets</span></h4> <ul> <li> <p style="margin: 0;"> <?php if ($_SESSION['username']) { echo "<p><b>My Account</b><br /><br /> <a href=ah.php>Auburn Hills</a><br /> <a href=la.php>Los Angeles</a><br /> <a href=sc.php>San Carlos</a><br /> <a href=bos.php>Boston</a><br /> <a href=bna.php>Nashville</a><br /> <a href=logout.php>log out</a><br /> <a href=account.php>Account Settings</a></p>"; }?> </p> </li> </ul> </li> <h4><span>About</span></h4> <ul> <li> <p style="margin: 0;"> This is system is in alpha stages of development...</p> </li> </ul> </li> <ul> <li></li> </ul> </div> <div id="content"> <div class="box"> <p><h3>Add New Machine</h3> <?php if ($_SESSION['username']) { echo "You are logged in as <u>".$_SESSION['username']."</u>!</p>"; } else { echo "Log In"; } ?> <form action ='ah_add.php' method="POST"> <table border=1> <tr><td>Asset ID: *</td><td> <input type=text name="asset_id" maxlength="10" size="10"> </td></tr> <tr><td>Location: *</td> <td> <select name="location"> <option value ="Auburn Hills"> Auburn Hills</option> <option value ="Los Angeles"> Los Angeles</option> <option value ="San Carlos"> San Carlos</option> <option value ="Boston"> Boston</option> <option value ="Nashville"> Nashville</option> </td></tr> <tr><td>Status: *</td> <td> <select name="status"> <option value ="active"> active</option> <option value ="spare"> spare</option> </td></tr> <tr><td>Type: *</td> <td> <select name="Type"> <option value ="desktop"> desktop</option> <option value ="laptop"> laptop</option> <option value ="server"> server</option> </td></tr> <tr><td>Manufacturer:</td> <td> <select name="make"> <option value ="Apple"> Apple</option> <option value ="Dell"> Dell</option> <option value ="HP"> HP</option> <option value ="IBM"> IBM</option> <option value ="Lenovo"> Lenovo</option> <option value ="Custom"> Custom</option> </td></tr> <tr><td>Model: *</td> <td> <select name="Model"> <option value ="MB Pro">MacBook Pro</option> <option value ="Mac Pro">Mac Pro</option> <option value ="Dimension D-620">Dimension D-620</option> <option value ="Dimension D-630">Dimension D-630</option> <option value ="Optiplex 745">Optiplex 745</option> <option value ="Optiplex 780">Optiplex 780</option> <option value ="Dimension M90">Dimension M90</option> <option value ="Dimension M6500">Dimension M6500</option> <option value ="Dimension E6410">Dimension E6410</option> <option value ="Dimension E6420">Dimension E6420</option> </td></tr> <tr><td>Amount of Ram:</td> <td> <select name="Ram"> <option value ="not sure"> not sure</option> <option value ="Under 1GB"> under 1GB</option> <option value ="1 GB"> 1 GB</option> <option value ="2 GB"> 2 GB</option> <option value ="3 GB"> 3 GB</option> <option value ="4 GB"> 4 GB</option> <option value ="8 GB"> 8 GB</option> <option value ="16 GB"> 16 GB</option> <option value ="24 GB"> 24 GB</option> <option value ="Above 24GB"> Above 24GB</option> </td></tr> <tr><td>Warranty:</td><td> <input type="text" name="warranty" maxlength="20" size="20"></td></tr> <tr><td>Username:</td><td> <input type="text" name="active_user" maxlength="8" size="8"></td></tr> <tr><td>Notes:</td><td> <input type="text" name="notes" maxlength="45" size="45"></td></tr> </table> <br> <input class="buttonSubmit" type="submit" name="addid" value="Add"> </form> <?php if ($_SESSION['username']) { {$con = mysql_connect("localhost","root","c3rb3ru5"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("gpj_asset", $con); //process the input into variables $submit = $_POST['addid']; $asset_id = strtolower(strip_tags(trim($_POST['asset_id']))); $location = strip_tags(trim($_POST['location'])); $active = strip_tags(trim($_POST['status'])); $platform = strip_tags(trim($_POST['type'])); $make = strip_tags(trim($_POST['make'])); $model = strip_tags(trim($_POST['model'])); $Ram = strip_tags(trim($_POST['Ram'])); $warranty = strip_tags(trim($_POST['warranty'])); $active_user = strip_tags(trim($_POST['active_user'])); $notes = strip_tags(trim($_POST['notes'])); if ($submit) { // Check for an existing asset $runThis = "SELECT * FROM assets WHERE asset_id = '$asset_id'"; //find the amount that match $count = mysql_num_rows($runThis); //Validate input $error = false; if ($count!=0) { if ($asset_id && $location && $Platform && $status) { $error = "All * fields are required"; } else { //No input errors, run query $query = "INSERT INTO assets (`asset_id`, `location`, `active`, `platform`, `make`, `model`, `Ram`, `warranty`, `active_user`, `notes`) VALUES ('$asset_id','$location','$active','$platform','$make', '$model','$Ram','$warranty','$active_user', '$notes')"; $result = mysql_query($query); if (!$result) { die('Invalid query: ' . mysql_error()); } } } //Check if any errors occured if($error !== false) { echo "<span style=\"color:red\"> {$error}</pan>\n"; } else { echo "Asset Added Successfully"; } } } } else echo " <form action=connect.php method=POST> <h3>Please Login <img src=\"images/0.410.gif\" /></h3> <table border=0> <tr><td>Username:</td><td> <input type=text name=username></td></tr> <tr><td>Password:</td><td> <input type=password name=password></td></tr></table> <input class=buttonSubmit type=submit name=submit value=submit></form>"; ?> </p> <p> </p> <h3> </h3> </div> </div> <div class="clear"></div> </div> <div id="footer"> <div class="footer-content"> <span class="sitename">L0ki</span> <p class="footer-links"> <a href="ah.php">Auburn Hills</a> <a href="la.php">Los Angeles</a> <a href="sc.php">San Carlos</a> <a href="bos.php">Boston</a> <a href="bna.php">Nashville</a> </p> <div class="clear"></div> </div> </div> </div> </body> </html> Thanks again for all the help Quote Link to comment Share on other sites More sharing options...
dolrichfortich Posted June 27, 2011 Share Posted June 27, 2011 Try this one. <?php if ($_SESSION['username']) { echo "<p><b>My Account</b><br /><br /> <a href=ah.php>Auburn Hills</a><br /> <a href=la.php>Los Angeles</a><br /> <a href=sc.php>San Carlos</a><br /> <a href=bos.php>Boston</a><br /> <a href=bna.php>Nashville</a><br /> <a href=logout.php>log out</a><br /> <a href=account.php>Account Settings</a></p>"; } ?> </p> </li> </ul> </li> <h4><span>About</span></h4> <ul> <li> <p style="margin: 0;"> This is system is in alpha stages of development...</p> </li> </ul> </li> <ul> <li></li> </ul> </div> <div id="content"> <div class="box"> <p><h3>Add New Machine</h3> <?php if ($_SESSION['username']) { echo "You are logged in as <u>".$_SESSION['username']."</u>!</p>"; } else { echo "Log In"; } ?> <form action="" method="POST"> <table border=1> <tr><td>Asset ID: *</td><td> <input type="text" name="asset_id" maxlength="10" size="10"> </td></tr> <tr><td>Location: *</td> <td> <select name="location"> <option value ="Auburn Hills"> Auburn Hills</option> <option value ="Los Angeles"> Los Angeles</option> <option value ="San Carlos"> San Carlos</option> <option value ="Boston"> Boston</option> <option value ="Nashville"> Nashville</option> </td></tr> <tr><td>Status: *</td> <td> <select name="status"> <option value ="active"> active</option> <option value ="spare"> spare</option> </td></tr> <tr><td>Type: *</td> <td> <select name="Type"> <option value ="desktop"> desktop</option> <option value ="laptop"> laptop</option> <option value ="server"> server</option> </td></tr> <tr><td>Manufacturer:</td> <td> <select name="make"> <option value ="Apple"> Apple</option> <option value ="Dell"> Dell</option> <option value ="HP"> HP</option> <option value ="IBM"> IBM</option> <option value ="Lenovo"> Lenovo</option> <option value ="Custom"> Custom</option> </td></tr> <tr><td>Model: *</td> <td> <select name="Model"> <option value ="MB Pro">MacBook Pro</option> <option value ="Mac Pro">Mac Pro</option> <option value ="Dimension D-620">Dimension D-620</option> <option value ="Dimension D-630">Dimension D-630</option> <option value ="Optiplex 745">Optiplex 745</option> <option value ="Optiplex 780">Optiplex 780</option> <option value ="Dimension M90">Dimension M90</option> <option value ="Dimension M6500">Dimension M6500</option> <option value ="Dimension E6410">Dimension E6410</option> <option value ="Dimension E6420">Dimension E6420</option> </td></tr> <tr><td>Amount of Ram:</td> <td> <select name="Ram"> <option value ="not sure"> not sure</option> <option value ="Under 1GB"> under 1GB</option> <option value ="1 GB"> 1 GB</option> <option value ="2 GB"> 2 GB</option> <option value ="3 GB"> 3 GB</option> <option value ="4 GB"> 4 GB</option> <option value ="8 GB"> 8 GB</option> <option value ="16 GB"> 16 GB</option> <option value ="24 GB"> 24 GB</option> <option value ="Above 24GB"> Above 24GB</option> </td></tr> <tr><td>Warranty:</td><td> <input type="text" name="warranty" maxlength="20" size="20"></td></tr> <tr><td>Username:</td><td> <input type="text" name="active_user" maxlength="8" size="8"></td></tr> <tr><td>Notes:</td><td> <input type="text" name="notes" maxlength="45" size="45"></td></tr> </table> <br> <input class="buttonSubmit" type="submit" name="addid" value="Add"> </form> <?php if($_SESSION['username']) { $con = mysql_connect("localhost","root","c3rb3ru5"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("gpj_asset", $con); //process the input into variables $submit = $_POST['addid']; $asset_id = strtolower(strip_tags(trim($_POST['asset_id']))); $location = strip_tags(trim($_POST['location'])); $active = strip_tags(trim($_POST['status'])); $platform = strip_tags(trim($_POST['Type'])); $make = strip_tags(trim($_POST['make'])); $model = strip_tags(trim($_POST['Model'])); $Ram = strip_tags(trim($_POST['Ram'])); $warranty = strip_tags(trim($_POST['warranty'])); $active_user = strip_tags(trim($_POST['active_user'])); $notes = strip_tags(trim($_POST['notes'])); if ($submit) { // Check for an existing asset $runThis = "SELECT * FROM assets WHERE asset_id = '$asset_id'"; //find the amount that match $count = mysql_num_rows($runThis); //Validate input $error = false; if ($count == 0) { if ( ! $asset_id OR ! $location OR ! $platform OR ! $active) { $error = "All * fields are required"; } else { //No input errors, run query $query = "INSERT INTO assets (`asset_id`, `location`, `active`, `platform`, `make`, `model`, `Ram`, `warranty`, `active_user`, `notes`) VALUES ('$asset_id','$location','$active','$platform','$make', '$model','$Ram','$warranty','$active_user', '$notes')"; $result = mysql_query($query); if (!$result) { die('Invalid query: ' . mysql_error()); } } } else { $error = 'Asset ID Exists!'; } //Check if any errors occured if($error !== false) { echo "<span style=\"color:red\"> {$error}</span>\n"; } else { echo "Asset Added Successfully"; } } } else echo " <form action=connect.php method=POST> <h3>Please Login <img src=\"images/0.410.gif\" /></h3> <table border=0> <tr><td>Username:</td><td> <input type=text name=username></td></tr> <tr><td>Password:</td><td> <input type=password name=password></td></tr></table> <input class=buttonSubmit type=submit name=submit value=submit></form>"; ?> Quote Link to comment Share on other sites More sharing options...
cjohnson9 Posted June 27, 2011 Author Share Posted June 27, 2011 WOW Your Right!!!! I dont know why I didnt close out that if statement I must have forgot when I was writing it... Thank you again it works now! Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 27, 2011 Share Posted June 27, 2011 Your current problem is most likely because you have a SELECT query that is not even being executed with a mysql_query() statement. There is no result available from that SELECT query until you actually execute it. Related to the above problem, when checking values, queries, validating information... in a program that a user is interacting with, almost every if(){} conditional statement needs an else{} clause so that you output some kind of message when the expected condition is not met. Your code is (trying) to test the $count from the SELECT query. When the count has an expected value, you should do something and when count doesn't have an expected value, you should inform the user they attempted to do something that was not permitted. If you already had an else{} clause in your code for the $count conditional statement, your program would have called your attention to the problem of not executing the SELECT query because you would have been getting a message indicating that the $count value was not what you expected. You should also be developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON so that php will report and display all the errors it detects. You would have been getting php error messages concerning the mysql_num_rows() statement after the SELECT query that would have called your attention to the problem with it. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 27, 2011 Share Posted June 27, 2011 Your code might appear to work, but it is not. See my post above concerning the missing mysql_query() statement for the SELECT query. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted June 27, 2011 Share Posted June 27, 2011 @dolrichfortich, sorry to pick, but posting 'fixed' code without a statement of what was wrong with the original code doesn't teach anyone anything. The code may work, but nothing was learned and the OP will have exactly the same problem the next time he tries to do the same thing. Quote Link to comment Share on other sites More sharing options...
dolrichfortich Posted June 27, 2011 Share Posted June 27, 2011 Okay, next time. @dolrichfortich, sorry to pick, but posting 'fixed' code without a statement of what was wrong with the original code doesn't teach anyone anything. The code may work, but nothing was learned and the OP will have exactly the same problem the next time he tries to do the same thing. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.