Jump to content

No Escape!


Go to solution Solved by mac_gyver,

Recommended Posts

I did not quite know how to label this post hence the unusual title.

 

I am trying to modify some code that I have written to save the choosen line that is output from an SQL query, using SESSION to make it available in a later script.

To achieve this I have started a form with a radio button inside the while loop that outputs the query items that meet the criteria set by a form in the previous script.

Before I modified this script it worked albeit without the choice coding.

When I submit the choices on the previous script the query is run and it ouputs the results as a table, with an extra column which contains a radio button.  I have for test purposes output the value of the variable to check that the variable is storing the value correctly.  When I choose a line that the query has output and clcked on the submit button it seems to be causing the code to think it has not got an Event set and displays the error message "You have selected an invalid Event.
Please try again.",
on line 21 which is part of the code I wrote to make sure that an Event has been choosen, instead of proceeding on to the next script.

 

Here is the complete script:

<?php
session_start();

include("cverse_connect.php");
doDB();

//check for required info from the query string


//verify the Event exists
$verify_Event_sql = "SELECT ID, Event_Type FROM Events WHERE ID = '".$_POST["Event_Type"]."'";
$verify_Event_res =  mysqli_query($mysqli, $verify_Event_sql) or die(mysqli_error($mysqli));



echo  $_POST["Event_Type"];
echo  $_POST["Mood"];

if (mysqli_num_rows($verify_Event_res) < 1) {
	//this Event does not exist
	$display_block = "<p><em>You have selected an invalid Event.<br/>
	Please try again.</em></p>";

} else {
//get the Event ID
	while ($Event_info = mysqli_fetch_array($verify_Event_res)) {
		$Event_ID = stripslashes($Event_info['ID']);
		$Event_Name = ($Event_info['Event_Type']);
	}

$verify_Mood_sql = "SELECT ID, Event_Sub_Type FROM Event_Sub WHERE ID = '".$_POST["Mood"]."'";
$verify_Mood_res =  mysqli_query($mysqli, $verify_Mood_sql) or die(mysqli_error($mysqli));

if (mysqli_num_rows($verify_Mood_res) < 1) {
	//this Event does not exist
	$display_block = "<p><em>You have selected an invalid Mood.<br/>
	Please try again.</em></p>";
}

	while($Mood_info = mysqli_fetch_array($verify_Mood_res)) {
		$Mood_ID = ($Mood_info['ID']);
		$Mood_Name = ($Mood_info['Event_Sub_Type']);
	}
	//gather the Events
	$get_Event_sql  = "SELECT Verses.ID AS versesID, Verses.Verse, Verses.Sub_Type, Verses.Event, Events.ID AS eventsID, Events.Event_Type, Event_Sub.ID AS event_SubID, Event_Sub.Event_Sub_Type
	FROM Verses
	LEFT JOIN Events
	ON Verses.Event = Events.ID
	LEFT JOIN Event_Sub
	ON Verses.Sub_Type = Event_Sub.ID
	WHERE Verses.Event = '".$_POST["Event_Type"]."' And Verses.Sub_Type = '".$_POST["Mood"]."'
	ORDER BY Verses.ID ASC";


	$get_Event_res = mysqli_query($mysqli, $get_Event_sql) or die(mysqli_error($mysqli));

	//create the display string
	$display_block .= "
<table width=\"70%\" cellpadding=\"3\" cellspacing=\"1\" border=\"1\" BGCOLOR=\"#87CEEB\" >
	<tr>
	<th>ID</th>
	<th>VERSE</th>
	<th>MOOD/SUB TYPE</th>
	</tr>";	

	while ($Verse_info = mysqli_fetch_array($get_Event_res)) {
		$Verse_id = $Verse_info['versesID'];
		$Verse_text = nl2br(stripslashes($Verse_info['Verse']));
		$Mood_info = $Verse_info['Event_Sub_Type'];
		$VID = $Verse_id;
		//add to display
$display_block .= "
<tr>
<td width=\"1%\" valign=\"top\">".$Verse_id."<br/></td>
<td width=\"55%\" valign=\"top\">".$Verse_text."<br/></td>
<td width=\"35%\" valign=\"top\">" .$Mood_info."<br/></td>
<td width=\"35%\" valign=\"top\">
<form .method=.\"POST\" .action=\"VInput1.php\">
<input type=\"Radio\" value=\"$VID\">
$VID
</td></tr>";
}
$display_block.="<input type=submit value=Choose Verse>";
	//free results
	mysqli_free_result($get_Event_res);
	mysqli_free_result($verify_Event_res);	
//close connection to MySQL
	mysqli_close($mysqli);
	
//close up the table
$display_block .= "</table>";	
}
$_session['Test']=$_POST[$VID]
?>
<html>
<head>
<title> List of Verses</title>
<meta charset="utf-8">
    <meta name="Description" content="Ecologic Theme">
    <meta name="author" content="CoffeeCup Software, Inc.">
    <meta name="Copyright" content="Copyright (c) 2011 CoffeeCup, all rights reserved.">
    <title>1066 Cards 4U - Home</title>
    <link rel="stylesheet" href="stylesheets/default.css" />
    <!--[if IE]>
    <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
    <![endif]-->
</head>
<body>
 <header>
        <h1><a href="index.html"> ..............</a></h1></br></br></br></br>
		<div><img src="images/1066Green.jpg" width="600" height="80" alt="" title="" border="0" /></div>
        
    </header>
<section id="mainContent" class="clear">
        <nav>
            <h3>Main Menu</h3>
            <ul>
                <li><a href="index.html">Home</a></li>
                <li><a href="Links.html">Links</a></li>
                <li><a href="Techniques.html">Techniques</a></li>
				<li><a href="Alt_inputform.html">Verse's</a></li>				
                <li><a href="contact.html">Contact Us</a></li>
				<li><a href="News.html">News</a></li>
				<li><a href="Gallery.html">Gallery</a></li>
            </ul>
        </nav>
<section id="mainRight2">		
<h1>Verses</h1>

<?php echo $display_block; ?>
</section>
<footer>
        <p>© 2011 Ecologic, Inc. All rights reserved.    <a href="http://coffeecup.com">HTML Editor Theme</a> by CoffeeCup Software.</br> © 2012 Content:1066 Cards 4U. All rights reserved.   </p>
		<ul>
            <li><a href="index.html">Home</a></li>
            <li><a href="Links.html">Links</a></li>
            <li><a href="Techniques.html">Techniques</a></li>
			<li><a href="Alt_inputform.html">Verse's</a></li>				
            <li><a href="contact.html">Contact Us</a></li>
			<li><a href="News.html">News</a></li>
			<li><a href="Gallery.html">Gallery</a></li>
        </ul>
    </footer>
</body>
</html>

Can anybody see why it is doing this?

 

Link to comment
https://forums.phpfreaks.com/topic/279264-no-escape/
Share on other sites

Hi

 

But Event_Type is only required to satisfy the SQL query, it is nothing to do with the form which is dealing with the OUTPUT from the query.

I am not too sure about the periods as somebody in a previous post suggested them.  I will remove them!

Link to comment
https://forums.phpfreaks.com/topic/279264-no-escape/#findComment-1436418
Share on other sites

Your script runs very straight-forward right thru a query to verify that your selected event type exists.  Well, you don't have any <input> tag in your html with that name, so this query will not return any rows.  Hence  your message when you check the row count.

 

As for you prev statement that Event_type has nothing to do with the form, if so, why do you refer to it as part of the $_POST array??

 

It's always a good idea to validate all incoming data before proceeding on with the work at hand.  In this case you are not.

Link to comment
https://forums.phpfreaks.com/topic/279264-no-escape/#findComment-1436421
Share on other sites

I am afraid it does not work like that!

The POSTed Event_Type and Mood_Type are POSTed on the previous script and are part of the SQL query, which runs first.  This then outputs the result as a table.  I don't understand why you are saying 'you don't have any <input> tag in your html with that name'?

 

Any way that is history now as the problem was the periods in front of method and action.

 

I have another problem now!

 

When I choose one of the lines in the table and submit using POST then create a SESSION called Test, which saves the result of the POST into the SESSION and proceed to the next script nothing is printed on the screen.

 

Here is the small script I am using to test the output:

<?
session_start();
echo $_SESSION[Test];
echo $_POST[$VID];
?>

Any ideas why I am not getting the data stored in SESSION?

Link to comment
https://forums.phpfreaks.com/topic/279264-no-escape/#findComment-1436801
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.