eternal_newbie Posted December 17, 2014 Share Posted December 17, 2014 (edited) Before I get into my problem a couple of things. First, this is a work project. My organization cannot afford a full time developer so as a database guy I'm being asked to develop a web based data system using php/html/mysql/javacript/etc. So I am not asking anyone to help me cheat or violate an honor code for a school project. Also I am having to learn PHP on the fly, by the seat of my pants. Second, my organization is using a version of PHP older that 5.5.X and I am powerless to update the version. So I know that some of the syntax I am using has been deprecated in more recent PHP versions. I don't mean to sound snarky or ungrateful but I really need some help solving this problem versus unhelpful comments about deprecated code. Third I am adapting code from the guys at TechStream so H/T to them. Here is what I am trying to build. My office helps other offices in my large organization manage their records through the creation of a file plan. We are currently using a clunky, user-unfriendly Access database that was created back in 2009. I am tasked to transition that Access hoopty into a proper, web-based, user friendly system. The index.php form page consists of 2 parts. You can see the original TechStream demo here: http://demo.techstream.org/Dynamic-Form-Processing-with-PHP/ I've adapted the top part of the form ("Travel Information") for my users to enter information about their office such as Office Name, Office Code, Office Chief, Creator (the user), Status and date. I've adapted the bottom part of the form ("Passenger Details") to be "Folder Details". This is an html table where users can add up to 10000 rows to list all the folders for their office by entering the folder name in the text box and then assign descriptors to each folder using the drop down menus. I've changed the drop down menus to reflect the descriptors we need, i.e. file-series, classification, media type. The user needs the flexibility to add folders as the number of folders will vary between offices. This adding and deleting of folders is accomplished dynamically through a javascript script.js file. Now, here's my problem. When the user clicks submit button that fires a php script that runs an insert into query to place the array data into the backend mysql database. However, when the foreach loop is only inserting the office office from the top portion of the form with the first folder in the bottom portion of the form. In other words let's say the user fills out the top part with his office information and then adds 5 folders into the html table at the botton. The first folder will be inserted into the database table with both office information and folder information. However the subsequent 4 folders will have their folder information inserted into the table but the office information fields will be null. The office information needs to be inserted with each folder the user adds to the html table piece. I suspect that my foreach loop is only capturing that office information on the first iteration of the loop and then flushing or deleting the office information after the first loop. Also, I suspect there is some disconnect between the html table for entering individual folders and the top part of the form that is not in html format. Any help I can get is most welcome. Thanks in advance! Code is below. index.php <?php session_start(); if(!isset($_SESSION['myusername'])) { header('Location:index.php'); } echo $_SESSION['myusername']; echo '<a href="logout.php"><span>Logout</span></a></li>'; <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Records Management File Plan Application</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <link rel="stylesheet" type="text/css" href="css/default.css"/> <script type="text/javascript" src="js/script.js"></script> </head> <body> <form action="InsertFileDetailArraytoDB.php" class="register" method="POST"> <h1>Office File Plan Application/h1> <fieldset class="row1"> <legend>Office Information</legend> <p> <label>Office Code * </label> <input name="officecode[]" type="text" required="required"/> <label>Date* </label> <select class="date" name="day[]"> <option value="1">01 </option> <option value="2">02 </option> <option value="3">03 </option> <option value="4">04 </option> <option value="5">05 </option> <option value="6">06 </option> <option value="7">07 </option> <option value="8">08 </option> <option value="9">09 </option> <option value="10">10 </option> <option value="11">11 </option> <option value="12">12 </option> <option value="13">13 </option> <option value="14">14 </option> <option value="15">15 </option> <option value="16">16 </option> <option value="17">17 </option> <option value="18">18 </option> <option value="19">19 </option> <option value="20">20 </option> <option value="21">21 </option> <option value="22">22 </option> <option value="23">23 </option> <option value="24">24 </option> <option value="25">25 </option> <option value="26">26 </option> <option value="27">27 </option> <option value="28">28 </option> <option value="29">29 </option> <option value="30">30 </option> <option value="31">31 </option> </select> <select name="month[]"> <option value="1">January </option> <option value="2">February </option> <option value="3">March </option> <option value="4">April </option> <option value="5">May </option> <option value="6">June </option> <option value="7">July </option> <option value="8">August </option> <option value="9">September </option> <option value="10">October </option> <option value="11">November </option> <option value="12">December </option> </select> <select name="year[]"> <option value="2013">2013 </option> <option value="2014">2014 </option> <option value="2015">2015 </option> <option value="2016">2016 </option> </select> </p> <p> <label>Office Chief* </label> <input name="officechief[]" required="required" type="text"/> <label>Status* </label> <select name="status[]"> <option value="Draft">Draft </option> <option value="Submitted">Submitted </option> <option value="Approved">Approved </option> </select> </p> <p> <label>Creator * </label> <input name="creator[]" required="required" type="text"/> </p> <div class="clear"></div> </fieldset> <fieldset class="row2"> <legend>Folder Details</legend> <p> <input type="button" value="Add Folder" onClick="addRow('dataTable')" /> <input type="button" value="Remove Folder" onClick="deleteRow('dataTable')" /> <p>(All actions apply only to entries with check marked check boxes.)</p> </p> <table id="dataTable" class="form" border="1"> <tbody> <tr> <p> <td><input type="checkbox" required="required" name="chk[]" checked="checked" /></td> <td> <label>Folder Name</label> <input type="text" required="required" name="BX_NAME[]"> </td> <td> <label for="BX_fileseries">File Series</label> <select id="BX_fileseries required="required" name="BX_fileseries[]"> <option>100-01-Inspection and Survey/PII-NO</option> <option>200-02-Credit Card Purchases/PII-NO</option> <option>300-07-Time and Attendance/PII-YES</option> </td> <td> <label for="BX_classification">Classification</label> <select id="BX_classification" name="BX_classification" required="required"> <option>Unclassified</option> <option>Confidential</option> <option>Secret</option> <option>Top Secret</option> <option>Ridiculous Top Secret</option> <option>Ludicrous Top Secret</option> </select> </td> <td> <label for="BX_media">Media</label> <select id="BX_media" name="BX_media" required="required"> <option>Paper</option> <option>Shared Drive</option> <option>Film</option> <option>Floppy Disk</option> <option>Mixed</option> <option>Other</option> </select> </td> </p> </tr> </tbody> </table> <div class="clear"></div> </fieldset> <input class="submit" type="submit" value="File Plan Complete »" /> <div class="clear"></div> </form> </body> </html>PHP script with foreach loop to loop through the array from index.php and insert into database: InsertFileDetailArrayToDB.php /* When the user has finished entering their folders, reviewed the form inputs for accuracy and clicks the submit button, this will loop through all folder entries and using the SQL insert into query will place them in the database. When it completes data insertion it will redirect the user back to the file detail input form*/ <?php /*this part requires the user to be logged in and allows their user name to be included in the insert into query. If you remove the "ob_start();" piece it will screw up the header statement down at the botton. See the comments by the header statement for an explanation of its purpose*/ ob_start(); session_start(); if(!isset($_SESSION['myusername'])) { header('Location:index.php') } /*these two lines would ordinarily display the user name and a link a allowing the user to log out. However this php script does not output anything so the user will never it.*/ echo $_SESSION['myusername']; echo '<a href="logout.php"><span>Logout</span></a></li>'; ?> <?php /*this include statement connects this script to the MySQL database so the user form inputs can be inserted into the file_plan_details table*/ include ('database_connection.php'); foreach($_POST['BX_NAME'] as $row=>$BX_NAME) { $BX_NAME1 = mysql_real_escape_string($_POST['BX_NAME'); $officecode1 = mysql_real_escape_string($_POST['officecode'][$row]); $username1 = mysql_real_escape_string($_SESSION['myusername'][$row]); $day1 = mysql_real_escape_string($_POST['day'][$row]); $month1 = mysql_real_escape_string($_POST['month'][$row]); $year1 = mysql_real_escape_string($_POST['year'][$row]); $creator1 = mysql_real_escape_string($_POST['creator'][$row]); $officechief1 = mysql_real_escape_string($_POST['officechief'][$row]); $status1 = mysql_real_escape_string($_POST['status'][$row]); $BX_fileseries1 = mysql_real_escape_string($_POST['BX_fileseries'][$row]); $BX_classification1 = mysql_real_escape_string($_POST['BX_classification'][$row]); $BX_media1 = mysql_real_escape_string($_POST['BX_media'][$row]); $fileplandetailinsert1 = "INSERT INTO file_plan_details (folder_name, office_code, user_name, day, month, year, creator, office_chief, status, file_series, classification, media) VALUES ('$BX_NAME1','$officecode1','$username1','$day1','$month1','$year1','$creator1','$officechief1','$status1','$BX_fileseries1','$BX_classification1','$BX_media1')"; mysql_query($fileplandetailinsert1); } /*this header statement redirects the user back to the folder detail input form after it inserts data into the db After I build a main navigation page, I will switch out index.php with whatever I name the script that will produce the main navigation page*/ header('Location:index.php'); ?> script.js function addRow(tableID) { var table = document.getElementById(tableID); var rowCount = table.rows.length; if(rowCount < 10000){ // limit the user from creating fields more than your limits var row = table.insertRow(rowCount); var colCount = table.rows[0].cells.length; for(var i=0; i<colCount; i++) { var newcell = row.insertCell(i); newcell.innerHTML = table.rows[0].cells[i].innerHTML; } }else{ alert("Maximum Passenger per ticket is 5."); } } function deleteRow(tableID) { var table = document.getElementById(tableID); var rowCount = table.rows.length; for(var i=0; i<rowCount; i++) { var row = table.rows[i]; var chkbox = row.cells[0].childNodes[0]; if(null != chkbox && true == chkbox.checked) { if(rowCount <= 1) { // limit the user from removing all the fields alert("Cannot Remove all the Passenger."); break; } table.deleteRow(i); rowCount--; i--; } } } Edited December 17, 2014 by mac_gyver code tags around posted code please Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted December 17, 2014 Share Posted December 17, 2014 the office information only exists once in the form data. you should not be looping over it when you are processing the file plan form data. in fact, you should store the common office information in an office information database table, which will establish an office_id for that information (you would typically allow the user to select an existing office that has already been stored to prevent typo errors when adding new data.) you would use the office_id as key in the file_plan_details table to relate each file plan row to the office it belongs with. p.s. - please use the forum's bbcode tags (the edit form's <> button) around code when posting it in the forum. i edited your post above for you this time. p.p.s. - your login check code is NOT secure. you need an exit; statement after the header() redirect to stop the code on the page from running. your current code, without the exit; is still running all the code, which will let hackers do anything a logged in user can, since they can simply ignore the header() redirect. Quote Link to comment Share on other sites More sharing options...
eternal_newbie Posted December 17, 2014 Author Share Posted December 17, 2014 mac_gyver: Thank you for getting back to me. This is my first post and I tried to research this site's rules/decorum but I must've missed that. Thanks for editing my code to make it compliant. As for your suggestion, I do have a `members` table that holds the users and their subsequent office information. What is the best way to associate the data in the `members` table with data in the file_plan_details table? I noticed that my session variable `myusername` is actually being inserted for each folder and I tried to make all the variables associated with office information session variables so the foreach loop would capture them in each loop iteration but couldn't make that work. I also attempted to make them global variables to see if that would but to no avail. Hence my frustration. I will add exit per your suggestion. However, this system will be on a closed network so I'm not so much focused on security right now but will be once I get most of the functionality I need. Thank you again! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.