Jump to content

why my explode and str_split code is not working?


Michael_Baxter
Go to solution Solved by Jacques1,

Recommended Posts

Hello to you all this code I am working on just will not quiet work for me I know as always I am missing something basic that's why I thought one of you may kindly help me fix it.

I have a form a very basic form a text area and a submit button,

in the form my user will be submitting a result set of player names and points from a tournament,

the result set looks like:

player1 5

player2 5

player3 5

player4 10

player5 10

player6 15

 

player7 20

 

in the actual results player1 would be a player name followed by the points of up to 120 points,

I need to take that post on submission I'm sending it to a points_processing.php,

I need to break that down to insert it into a database as individual player names and player points so that when the next report is submitted I can check for the player name (if exists ) add the new points to the current total and save it again back to my database.

so I started putting together a script to catch and explode this result set see my posted script,

	//explode the post into an array
	$points = $_POST['points'];
	$player_name = explode(" ", $points);
	//get the INT points value
	$player_points = str_split($player_name, -3);
	
	// count the array length
	$player_count = count($player_name);
	for($i = 0; $i<$player_count; $i++) {

if I echo player_name[$I]  I get the post echo but I can not seem to separate the INT point value from the end of each line,

please please can anyone help me work out how to get this done

 

P.S

     I have attached a screenshot of an actual result set that will be posted,

everything from START POINTS to STOP POINTS will be submitted.

 

post-173124-0-81340600-1475594398_thumb.png

Link to comment
Share on other sites

In addition to what cyberRobot stated:

 

1. You are trying to split the records based on spaced - but your example shows them being split by line breaks.

2. You are getting the points using the last three characters of a string. If you were getting the player records correctly, this would fail for any point values with 1 digit or more than three digits

 

You should:

1. Split the records based on line breaks. Use the PHP constant PHP_EOL so it woill work on any server (Windows vs. Linux)

2. Get the score based on the characters after the last space (although you should trim each record first)

 

 

//Get each record based on line breaks
$records = explode(PHP_EOL, $_POST['points']);
 
//Trim each array value
$records = array_map('trim',$records);
 
//loop thorough each record
foreach($records as $record)
{
    //Get position of last space
    $lastSpace = strrpos($record, ' ');
    //Get player name and points
    $player = trim(substr($record, 0, $lastSpace));
    $points = trim(substr($record, $lastSpace+1));
 
    //Output for debugging, Do whatever you need with the data
    // e.g. put into array, run query, etc.
    echo "Player Name: '{$player}', Points: {$points}<br>\n";
}
  • Like 1
Link to comment
Share on other sites

thank you that was a wonderful correction to my code.

so now my code just is not inserting to the database,

on submit the first records are sent to the database then I get an error as follows,

"New record created successfully player name: 'Alberto', points: 5

ERROR: INSERT INTO bg_points(player_name, points) VALUES ('brs_edu2', 5)

player name: 'brs_edu2', points: 5"

 

 

then this repeats for every row after that any idea why it is failing after the first record inserts??

Link to comment
Share on other sites

you are closing the database connection inside your loop, which you would know if you spent any time looking at your code.

 

if you had php's error_reporting/display_errors turned fully on, you would be getting an error similar to  - Warning: mysqli::query(): Couldn't fetch mysqli in your_file on line x.

Link to comment
Share on other sites

I'm using mysqli

 

Then enable exceptions for mysqli so that you get a proper error message whenever something goes wrong:

<?php

// make mysqli throw an exception whenever it encounters a problem
$mysqli_driver = new mysqli_driver();
$mysqli_driver->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT;

$database_connection = new mysqli(...);
Link to comment
Share on other sites

ok that's just too funny,

I was looking at all of these last few comments thinking I do have error_reporting (E_ALL) turned on,

then I realised I do have E_ALL on but I didn't have the second line of code in there  ini_set("display_errors",1)

so there we go that's why I was not getting the real error messages shown

so now I am getting the errors displayed not just reported and they are saying

 

Warning: mysqli: :query() coundn't fetch mysqli in /file path/point_processing.php on line 50

 

Warning: main(): couldn't fetch mysqli in /file path/points_processing.php on line 53

 

 

then this is repeated all the way down the post.................................................

OMG STOP looking I just while typing this post out found my own answer

this is even more funny than anything I have EVER done

if anyone could reach me I would certainly be asking you give me a quick slap for this one

1 thing I constantly point out is when I make these posts its something basic and simple and somewhere someone did mention this schoolboy error,

in my code I had put my  conn->close() line  inside my if statement

so I just as said was looking at my codes and saw what that meant so I moved it,

I will show you and comment out where it was and where it is now

but either way this code is working just fine now,

<?PHP //THIS IS THE WHOLE OF MY CODE THAT MAKES POINTS_PROCESSING.PHP
 error_reporting(E_ALL);
ini_set("display_errors",1);
 ?>

<?php require_once("includes/session.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php confirm_logged_in(); ?>
<?php
	$errors = array();

	include("includes/header.php");


$servername = "localhost";
$username = "*************";
$password = "*********";
$dbname = "******************";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
} 

	
	//testing new code for points split up


	//Get each record based on line breaks
$records = explode(PHP_EOL, $_POST['points']);
 
//Trim each array value
$records = array_map('trim',$records);
 
//loop thorough each record
foreach($records as $record)
{
    //Get position of last space
    $lastSpace = strrpos($record, ' ');
    //Get player name and points
    $player = trim(substr($record, 0, $lastSpace));
    $points = trim(substr($record, $lastSpace+1));

    //Output for debugging, Do whatever you need with the data
    // e.g. put into array, run query, etc.
	$sql = "INSERT INTO bg_points (player_name, points)
 VALUES ('$player', '$points')";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

//THIS IS WHERE I DID HAVE MY DB CLOSE CONN	  
  echo "Player Name: '{$player}', Points: {$points}<br>\n";
}
	
		include("includes/footer.php");
$conn->close();  //THIS IS WHERE I HAVE NOW PLACED MY DB CLOSE CONN
		?>
Link to comment
Share on other sites

The code is not fine. You're wide open to SQL injection attacks, because you insert the user input straight into the query string. And instead of using exceptions as I said above, you're relying on this weird self-made error handling where most relevant information is missing. If you print those error messages on your actual website, that's yet another problem.

 

Learn mysqli. Make sure you actually understand features like prepared statements and exceptions.

Link to comment
Share on other sites

yes I did not disregard your above comment sorry I failed to respond to it however that is not the case if you see near the top of my code last posted there is an includes/functions.php inside there now I have the actual funtions already in use and pre defined for covering all of the sql injection attacks real escape string and so on I now simply just need to call them

Link to comment
Share on other sites

Manual escaping is nonsense and simply doesn't work. I've reviewed lots of code from many different programmers who were all convinced that they “just have to remember to call the escape function”, and they've all failed. Sure, you can fix those two simple lines. But can you write a entire application with thousands of lines of code without ever making a mistake? Do you fully understand even the most obscure edge cases? Have you found a solution to inherent problems like the fact that encoding issues can break escape functions? I doubt it.

 

We have prepared statements now. Use them. There's no reason to write code like it was 1990 and put yourself and your users at unnecessary risk.

Link to comment
Share on other sites

ok so I get it you have more knowledge of the programming world than mere mortals like me,

I get my programming is still under a learning process I never claimed to be any kind of expert at this Hence my been here asking question for help..

as I said before I have things like this already pre defined,

	function mysql_prep( $value ) {
		$magic_quotes_active = get_magic_quotes_gpc();
		$new_enough_php = function_exists( "mysql_real_escape_string" ); // i.e. PHP >= v4.3.0
		if( $new_enough_php ) { // PHP v4.3.0 or higher
			// undo any magic quote effects so mysql_real_escape_string can do the work
			if( $magic_quotes_active ) { $value = stripslashes( $value ); }
			$value = mysql_real_escape_string( $value );
		} else { // before PHP v4.3.0
			// if magic quotes aren't already on then add slashes manually
			if( !$magic_quotes_active ) { $value = addslashes( $value ); }
			// if magic quotes are active, then the slashes already exist
		}
		return $value;
	}

and that I have to yet include the function call

and yes your right I need to look at using things like

mysqli stm

and yes I thank you for pointing out clearly I have not finished with the writing of this code however i thought I was pretty clear in saying I was not finished with the code I just needed to have it working in the first place before I went onto making the full code I mean its not like this code is on a live application or anything been used at this time for just that reason

Link to comment
Share on other sites

  • Solution

as I said before I have things like this already pre defined,

 

The code you've copied and pasted checks for PHP 4.3.0 which was released 14(!) years ago and doesn't even work for mysqli which was released 12 years ago. So wherever you got this from, it's literally ancient.

 

I understand that you're still learning, and that's exactly what this forum is for. What I'm trying to get across is that programming is more than “somehow making things work”. Sure, you can assemble your programs from 14-year-old code snippets you found somewhere on the interwebs. And you might even get a result in the sense that you see rendered HTML on the screen. But that's not really programming.

 

Modern PHP is actually a decent language which allows you to write secure and compact code, but so many people learning PHP (not just you) seem to be stuck in early 2000. That's why I'm trying to promote the PHP of 2016.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.