Jump to content

Probably a broken array


maitland

Recommended Posts

I'm trying to build a form for a TCG i run where it allow people to vote for decks they want to see released. It would show in the database by adding 1 for yes and nothing for no. I have it coded but I can't get it to update the database does anyone see where I went wrong?

<?php session_start();
if (isset($_SESSION['USR_LOGIN'])=="") {
	header("Location:http://leisure.day-is-gone.net/login.php");
}
	include("mytcg/settings.php");
	include("$header");

if(!$_SERVER['QUERY_STRING']) {
	$select = mysql_query("SELECT * FROM `$table_members` WHERE name='$_SESSION[USR_LOGIN]'");
	while($row=mysql_fetch_assoc($select)) {
		?>

		<h1>Release Me Form</h1>
Chose an option for all.<Br>
<?php
$select2 = mysql_query("SELECT * FROM `$table_cards` WHERE released='N' AND `voted` NOT LIKE '$_SESSION[USR_LOGIN]' ORDER BY set2, category, deckname");
$count = mysql_num_rows($select2);
if($count==0) {
	echo "There are currently no requested decks.\n";
	echo "<br /><br />\n\n";
}
else {
	echo "<table width=\"100%\">\n";
	echo "<form method=\"post\" action=\"forms_reme2.php?thanks\">
		<input type=\"hidden\" name=\"name\" value=\"$row[name]\" />
		<input type=\"hidden\" name=\"email\" value=\"$row[email]\" />";
	echo "<tr><td width=\"50%\"><b>Deckname</b></td><td width=\"25%\"><b>Category</b></td><td width=\"10%\"><b>Yes</b></td><td width=\"10%\"><b>No</b></td></tr>\n";
	while($row2=mysql_fetch_assoc($select2)) {
		$cat=$row2[category];
		if
($row2[groupmember]=="No") {
echo "		<input type=\"hidden\" name=\"id\" value=\"$row2[id]\" /><tr><td>$row2[deckname]</td><td>$category[$cat]</td><td><input name=\"reme[$row2[id]]\" value=\"1\" type=\"radio\">Yes</td><td><input name=\"reme[$row2[id]]\" value=\"0\" type=\"radio\">No</td></tr>\n";
}
	else {		echo "<input type=\"hidden\" name=\"id\" value=\"$row2[id]\" /><tr><td>$row2[set2]: $row2[deckname]</td><td>$category[$cat]</td><td><input name=\"reme[$row2[id]]\" value=\"1\" type=\"radio\">Yes</td><td><input name=\"reme[$row2[id]]\" value=\"0\" type=\"radio\">No</td></tr>";
		}}
	echo "</table>\n";
	echo "<br /><br />\n";
}

?>
		<tr><td> </td><td><input type="submit" name="submit" value="Release It! " /></td></tr>
		</table>
		</form>

		<?php
	}
}

elseif($_SERVER['QUERY_STRING']=="thanks") {
	if (!isset($_POST['submit']) || $_SERVER['REQUEST_METHOD'] != "POST") {
		exit("<p>You did not press the submit button; this page should not be accessed directly.</p>");
	}
	else {
		$exploits = "/(content-type|bcc:|cc:|document.cookie|onclick|onload|javascript|alert)/i";
		$profanity = "/(beastial|bestial|blowjob|clit|cum|cunilingus|cunillingus|cunnilingus|cunt|ejaculate|fag|felatio|fellatio|fuck|fuk|fuks|gangbang|gangbanged|gangbangs|hotsex|jism|jiz|kock|kondum|kum|kunilingus|orgasim|orgasims|orgasm|orgasms|phonesex|phuk|phuq|porn|pussies|pussy|spunk|xxx)/i";
		$spamwords = "/(viagra|phentermine|tramadol|adipex|advai|alprazolam|ambien|ambian|amoxicillin|antivert|blackjack|backgammon|texas|holdem|poker|carisoprodol|ciara|ciprofloxacin|debt|dating|porn)/i";
		$bots = "/(Indy|Blaiz|Java|libwww-perl|Python|OutfoxBot|User-Agent|PycURL|AlphaServer)/i";
		
		if (preg_match($bots, $_SERVER['HTTP_USER_AGENT'])) {
			exit("<h1>Error</h1>\nKnown spam bots are not allowed.<br /><br />");
			}
			foreach ($_POST as $key => $value) {
				$value = trim($value);
				if (empty($value)) {
					exit("<h1>Error</h1>\nEmpty fields are not allowed. Please go back and fill in the form properly.<br /><br />");
				}
				elseif (preg_match($exploits, $value)) {
					exit("<h1>Error</h1>\nExploits/malicious scripting attributes aren't allowed.<br /><br />");
				}
				elseif (preg_match($profanity, $value) || preg_match($spamwords, $value)) {
					exit("<h1>Error</h1>\nThat kind of language is not allowed through our form.<br /><br />");
				}
				
				$_POST[$key] = stripslashes(strip_tags($value));
			}
			$name = escape_sql(CleanUp($_POST['name']));
			$email = escape_sql(CleanUp($_POST['email']));
			$reme = escape_sql(CleanUp($_POST['reme']));
if (is_array($reme)) {
if($_POST['submit']){
foreach($_POST["id"] AS $key => $val) {
$id = $val;


$area = $_POST['reme'.$id.''];



$update = "UPDATE cards SET reme='$area' AND voted='$name' WHERE id='$id'";
 

  }
}}

			
				if(mysql_query($update, $connect)) {
					?>
					<h1>Thank You!</h1>
					Thank you for sending in the release it form this helps me decide what upcoming decks to release. Please take what you see below

					<br /><br />
				
					<center>
					<?php

			}
			else {
				?>
				<h1>Error</h1>
				It looks like there was an error in processing your level up form. Send the information to <?php echo $tcgemail; ?> and we will send you your rewards ASAP. Thank you and sorry for the inconvenience.
				<?php
			}
	}
}
include("$footer"); ?>
Link to comment
Share on other sites

I see a many problems. But, I'm not really going to go through line by line since it would take me quire a while.

 

You are trying to get the IDs to update using a hidden field, but  that makes no sense since the user cannot modify those fields (directly).

 

foreach($_POST["id"] AS $key => $val) {
$id = $val;

 

But, the id field is not an array, so you should get an error on the foreach() loop. Plus, you should not run multiple queries to make the updates. Instead you should do an UPDATE using an IN() listing all the IDs to update.

 

On another note, you need to code more efficiently. For example you have this:

 

if ($row2[groupmember]=="No")
{
    echo "<input type=\"hidden\" name=\"id\" value=\"$row2[id]\" /><tr><td>$row2[deckname]</td><td>$category[$cat]</td><td><input name=\"reme[$row2[id]]\" value=\"1\" type=\"radio\">Yes</td><td><input name=\"reme[$row2[id]]\" value=\"0\" type=\"radio\">No</td></tr>\n";
}
else
{
    echo "<input type=\"hidden\" name=\"id\" value=\"$row2[id]\" /><tr><td>$row2[set2]: $row2[deckname]</td><td>$category[$cat]</td><td><input name=\"reme[$row2[id]]\" value=\"1\" type=\"radio\">Yes</td><td><input name=\"reme[$row2[id]]\" value=\"0\" type=\"radio\">No</td></tr>";
}

 

The if and else are basically the same with a minor change. You should instead do this

 

$label = ($row2['groupmember']=="No") ? $row2['deckname'] : "{$row2['set2']}: {$row2['deckname']}";

echo "<tr>";
echo "<td>{$label}<input type=\"hidden\" name=\"id\" value=\"{$row2['id']}\" /></td>";
echo "<td>{$category[$cat]}</td>";
echo "<td><input name=\"reme[{$row2['id']}]\" value=\"1\" type=\"radio\">Yes</td>";
echo "<td><input name=\"reme[{$row2['id']}]\" value=\"0\" type=\"radio\">No</td></tr>\n";
echo "</tr>\n";
echo "</table>\n";

 

Note, I broke up the echo to improve readability and I moved the hidden input into a TD because it creates invalid code to put elements in-between table elements.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.