why my explode and str_split code is not working?

[Michael_Baxter]

Hello to you all this code I am working on just will not quiet work for me I know as always I am missing something basic that's why I thought one of you may kindly help me fix it.

I have a form a very basic form a text area and a submit button,

in the form my user will be submitting a result set of player names and points from a tournament,

the result set looks like:

player1 5

player2 5

player3 5

player4 10

player5 10

player6 15

 

player7 20

 

in the actual results player1 would be a player name followed by the points of up to 120 points,

I need to take that post on submission I'm sending it to a points_processing.php,

I need to break that down to insert it into a database as individual player names and player points so that when the next report is submitted I can check for the player name (if exists ) add the new points to the current total and save it again back to my database.

so I started putting together a script to catch and explode this result set see my posted script,

	//explode the post into an array
	$points = $_POST['points'];
	$player_name = explode(" ", $points);
	//get the INT points value
	$player_points = str_split($player_name, -3);
	
	// count the array length
	$player_count = count($player_name);
	for($i = 0; $i<$player_count; $i++) {

if I echo player_name[$I]  I get the post echo but I can not seem to separate the INT point value from the end of each line,

please please can anyone help me work out how to get this done

 

P.S

     I have attached a screenshot of an actual result set that will be posted,

everything from START POINTS to STOP POINTS will be submitted.

 

[cyberRobot]

explode() returns an array. So you'll need to access the values using array format (e.g. $player_name[0]). More information can be found here:

http://php.net/manual/en/function.explode.php

[Psycho]

In addition to what cyberRobot stated:

 

1. You are trying to split the records based on spaced - but your example shows them being split by line breaks.

2. You are getting the points using the last three characters of a string. If you were getting the player records correctly, this would fail for any point values with 1 digit or more than three digits

 

You should:

1. Split the records based on line breaks. Use the PHP constant PHP_EOL so it woill work on any server (Windows vs. Linux)

2. Get the score based on the characters after the last space (although you should trim each record first)

 

 

//Get each record based on line breaks
$records = explode(PHP_EOL, $_POST['points']);
 
//Trim each array value
$records = array_map('trim',$records);
 
//loop thorough each record
foreach($records as $record)
{
    //Get position of last space
    $lastSpace = strrpos($record, ' ');
    //Get player name and points
    $player = trim(substr($record, 0, $lastSpace));
    $points = trim(substr($record, $lastSpace+1));
 
    //Output for debugging, Do whatever you need with the data
    // e.g. put into array, run query, etc.
    echo "Player Name: '{$player}', Points: {$points}<br>\n";
}

[Michael_Baxter]

thank you that was a wonderful correction to my code.

so now my code just is not inserting to the database,

on submit the first records are sent to the database then I get an error as follows,

"New record created successfully player name: 'Alberto', points: 5

ERROR: INSERT INTO bg_points(player_name, points) VALUES ('brs_edu2', 5)

player name: 'brs_edu2', points: 5"

 

 

then this repeats for every row after that any idea why it is failing after the first record inserts??

[Barand]

The error is on line 116.

[Jacques1]

How did you end up with this strange error format, anyway? There should be a detailed SQL error message explaining exactly what the problem is.

 

Which database interface are you using? PDO? mysqli?

[Michael_Baxter]

I'm not sure how I got this error format it is just what the page is printing back to me when I hit submit,

I'm using mysqli

[cyberRobot]

What does the related code currently look like?

[mac_gyver]

you are closing the database connection inside your loop, which you would know if you spent any time looking at your code.

 

if you had php's error_reporting/display_errors turned fully on, you would be getting an error similar to  - Warning: mysqli::query(): Couldn't fetch mysqli in your_file on line x.

[Jacques1]

I'm using mysqli

 

Then enable exceptions for mysqli so that you get a proper error message whenever something goes wrong:

<?php

// make mysqli throw an exception whenever it encounters a problem
$mysqli_driver = new mysqli_driver();
$mysqli_driver->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT;

$database_connection = new mysqli(...);

[Michael_Baxter]

ok that's just too funny,

I was looking at all of these last few comments thinking I do have error_reporting (E_ALL) turned on,

then I realised I do have E_ALL on but I didn't have the second line of code in there  ini_set("display_errors",1)

so there we go that's why I was not getting the real error messages shown

so now I am getting the errors displayed not just reported and they are saying

 

Warning: mysqli: :query() coundn't fetch mysqli in /file path/point_processing.php on line 50

 

Warning: main(): couldn't fetch mysqli in /file path/points_processing.php on line 53

 

 

then this is repeated all the way down the post.................................................

OMG STOP looking I just while typing this post out found my own answer

this is even more funny than anything I have EVER done

if anyone could reach me I would certainly be asking you give me a quick slap for this one

1 thing I constantly point out is when I make these posts its something basic and simple and somewhere someone did mention this schoolboy error,

in my code I had put my  conn->close() line  inside my if statement

so I just as said was looking at my codes and saw what that meant so I moved it,

I will show you and comment out where it was and where it is now

but either way this code is working just fine now,

<?PHP //THIS IS THE WHOLE OF MY CODE THAT MAKES POINTS_PROCESSING.PHP
 error_reporting(E_ALL);
ini_set("display_errors",1);
 ?>

<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php confirm_logged_in(); ?>
<?php
	$errors = array();

	include("includes/header.php");


$servername = "localhost";
$username = "*************";
$password = "*********";
$dbname = "******************";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

	
	//testing new code for points split up


	//Get each record based on line breaks
$records = explode(PHP_EOL, $_POST['points']);
 
//Trim each array value
$records = array_map('trim',$records);
 
//loop thorough each record
foreach($records as $record)
{
    //Get position of last space
    $lastSpace = strrpos($record, ' ');
    //Get player name and points
    $player = trim(substr($record, 0, $lastSpace));
    $points = trim(substr($record, $lastSpace+1));

    //Output for debugging, Do whatever you need with the data
    // e.g. put into array, run query, etc.
	$sql = "INSERT INTO bg_points (player_name, points)
 VALUES ('$player', '$points')";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

//THIS IS WHERE I DID HAVE MY DB CLOSE CONN	  
  echo "Player Name: '{$player}', Points: {$points}<br>\n";
}
	
		include("includes/footer.php");
$conn->close();  //THIS IS WHERE I HAVE NOW PLACED MY DB CLOSE CONN
		?>

[Jacques1]

The code is not fine. You're wide open to SQL injection attacks, because you insert the user input straight into the query string. And instead of using exceptions as I said above, you're relying on this weird self-made error handling where most relevant information is missing. If you print those error messages on your actual website, that's yet another problem.

 

Learn mysqli. Make sure you actually understand features like prepared statements and exceptions.

[Michael_Baxter]

yes I did not disregard your above comment sorry I failed to respond to it however that is not the case if you see near the top of my code last posted there is an includes/functions.php inside there now I have the actual funtions already in use and pre defined for covering all of the sql injection attacks real escape string and so on I now simply just need to call them

[Jacques1]

Manual escaping is nonsense and simply doesn't work. I've reviewed lots of code from many different programmers who were all convinced that they “just have to remember to call the escape function”, and they've all failed. Sure, you can fix those two simple lines. But can you write a entire application with thousands of lines of code without ever making a mistake? Do you fully understand even the most obscure edge cases? Have you found a solution to inherent problems like the fact that encoding issues can break escape functions? I doubt it.

 

We have prepared statements now. Use them. There's no reason to write code like it was 1990 and put yourself and your users at unnecessary risk.

[Michael_Baxter]

ok so I get it you have more knowledge of the programming world than mere mortals like me,

I get my programming is still under a learning process I never claimed to be any kind of expert at this Hence my been here asking question for help..

as I said before I have things like this already pre defined,

	function mysql_prep( $value ) {
		$magic_quotes_active = get_magic_quotes_gpc();
		$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
		if( $new_enough_php ) { // PHP v4.3.0 or higher
			// undo any magic quote effects so mysql_real_escape_string can do the work
			if( $magic_quotes_active ) { $value = stripslashes( $value ); }
			$value = mysql_real_escape_string( $value );
		} else { // before PHP v4.3.0
			// if magic quotes aren't already on then add slashes manually
			if( !$magic_quotes_active ) { $value = addslashes( $value ); }
			// if magic quotes are active, then the slashes already exist
		}
		return $value;
	}

and that I have to yet include the function call

and yes your right I need to look at using things like

mysqli stm

and yes I thank you for pointing out clearly I have not finished with the writing of this code however i thought I was pretty clear in saying I was not finished with the code I just needed to have it working in the first place before I went onto making the full code I mean its not like this code is on a live application or anything been used at this time for just that reason

[ginerjm]

Try adding some English skills to your writing too. It will make you look smarter at least. Periods, Capitals and sentences make for better reading.

[Jacques1]

as I said before I have things like this already pre defined,

 

The code you've copied and pasted checks for PHP 4.3.0 which was released 14(!) years ago and doesn't even work for mysqli which was released 12 years ago. So wherever you got this from, it's literally ancient.

 

I understand that you're still learning, and that's exactly what this forum is for. What I'm trying to get across is that programming is more than “somehow making things work”. Sure, you can assemble your programs from 14-year-old code snippets you found somewhere on the interwebs. And you might even get a result in the sense that you see rendered HTML on the screen. But that's not really programming.

 

Modern PHP is actually a decent language which allows you to write secure and compact code, but so many people learning PHP (not just you) seem to be stuck in early 2000. That's why I'm trying to promote the PHP of 2016.