Jump to content

infinite php input=bad

ksb24930

By ksb24930
in PHP Coding Help

 Share

Recommended Posts

ksb24930 Member

ksb24930

Posted
Posted

I am running this following script to update a mysql database. When I press "submit," an error is returned that says something about the CGI not being able to return a complete set of headers. Then, the information that I put in is displayed over 200 times (i only want it once). (it works on another server!)

 

<?

if (!isset($_COOKIE['***'])) die("Do you belong here? I do not recognize you! I want cookies! Make sure your browser accepts cookies!<br><a href='../home.php'>Away From Here!</a>");

$conn = mysql_connect("localhost", "***", "***") OR DIE (mysql_error());
@mysql_select_db ("databox", $conn) OR DIE (mysql_error());



if ($_POST) {



  $location = $_POST["location"];
  $date = $_POST["date"];
  $venue = $_POST["venue"];
  
    $sql = "INSERT INTO schedule (location, date, venue) ";
    $sql.= "VALUES (";
    $sql.= "'{$location}', '{$date}', '{$venue}')";
    @mysql_query ($sql, $conn);
    Header("Location:".$_SERVER["PHP_SELF"]);
   
  
}



// Do this process of user has click a file name to view or remove
if ($_GET) {
  
  $iid = $_GET["iid"];
  $act = $_GET["act"];
  switch ($act) {
    case rem:
      $sql = "DELETE FROM schedule WHERE id=$iid";
      @mysql_query ($sql, $conn);
      Header("Location:./sched_index.php");
exit();
      break;
   
    default:
      break;
  }
}?>
<html>

<body>
<a href='../maintaindir.php'>Return to Maintain Headquarters</a><br>
<a href='../home.php'>Return Home</a>

<FORM name="formcheck" method="post" enctype="multipart/form-data" onsubmit="return formCheck(this);">

<center><font size=6>Schedule Update</font><hr><br>
<table>
    <P>
<tr><td>
<LABEL for="name">Location (ex. Omaha, NE): </LABEL></td>
	<td><INPUT type="text" name="location" size="20"></td>
</tr>
<tr>
<td>
<LABEL for="name">Date (ex. April 26): </LABEL></td><td>
	<INPUT type="text" name="date" size="20"></td>
</tr>
<tr><td><LABEL for="name">Venue (ex. Downtown Boxing): </LABEL></td><td><INPUT type="text" name="venue" size="30"></td>
</tr>
<tr><td></td><td>

<input type="submit" value="submit"></td></tr>
</form></table>
<?
echo "<br><br>These is the current schedule<br><hr><br>";
   
   $sql3 = "SELECT * FROM schedule ORDER BY id asc";
  $result3 = mysql_query ($sql3, $conn);
  if (mysql_num_rows($result3)>0) {
    while ($row = mysql_fetch_array($result3, MYSQL_ASSOC)) {
      $ic++;
      $str3 .= $ic.". ";
      $str3 .= "<a href=\"sched_index.php?iid=".$row["id"]."&tbl=schedule\">".$row["location"]."</a> ";
      $str3 .= "[".$row["date"]."] ";
      $str3 .= "[".$row["venue"]."]<br> ";
      $str3 .= "[<a href=\"sched_index.php?act=rem&iid=".$row["id"]."&tbl=schedule\">REMOVE</a>]<br><br>";
    }
    print $str3;
  }
  mysql_free_result ($result3);?></body>
</html>

 

 

 

Link to comment
Share on other sites
john010117 Member

john010117

Posted
Posted 

<?php

if (!isset($_COOKIE['***'])) {
die("Do you belong here? I do not recognize you! I want cookies! Make sure your browser accepts cookies!<br><a href='../home.php'>Away From Here!</a>");
}
$conn = mysql_connect("localhost", "***", "***") OR DIE (mysql_error());
@mysql_select_db ("databox", $conn) OR DIE (mysql_error());

if ($_POST) {

   $location = $_POST["location"];
   $date = $_POST["date"];
   $venue = $_POST["venue"];

   $sql = "INSERT INTO `schedule` (location, date, venue) VALUES ('{$location}', '{$date}', '{$venue}')";
   @mysql_query ($sql, $conn);
   Header("Location:".$_SERVER["PHP_SELF"]);
}

// Do this process of user has click a file name to view or remove
if ($_GET) {
  
   $iid = $_GET["iid"];
   $act = $_GET["act"];
   switch ($act) {
      case rem:
      $sql = "DELETE FROM schedule WHERE id='$iid'";
      @mysql_query ($sql, $conn);
      Header("Location:./sched_index.php");
  exit();
      break;

      default:
      break;
   }
}?>
<html>

<body>
<a href='../maintaindir.php'>Return to Maintain Headquarters</a><br>
<a href='../home.php'>Return Home</a>

<FORM name="formcheck" method="post" enctype="multipart/form-data" onsubmit="return formCheck(this);">

<center><font size=6>Schedule Update</font><hr><br>
<table>
    <P>
<tr><td>
<LABEL for="name">Location (ex. Omaha, NE): </LABEL></td>
	<td><INPUT type="text" name="location" size="20"></td>
</tr>
<tr>
<td>
<LABEL for="name">Date (ex. April 26): </LABEL></td><td>
	<INPUT type="text" name="date" size="20"></td>
</tr>
<tr><td><LABEL for="name">Venue (ex. Downtown Boxing): </LABEL></td><td><INPUT type="text" name="venue" size="30"></td>
</tr>
<tr><td></td><td>

<input type="submit" value="submit"></td></tr>
</form></table>
<?php
echo "<br><br>These is the current schedule<br><hr><br>";
   
$sql3 = "SELECT * FROM schedule ORDER BY id asc";
$result3 = mysql_query ($sql3, $conn);
if (mysql_num_rows($result3)>0) {
   while ($row = mysql_fetch_array($result3, MYSQL_ASSOC)) {
      $ic++;
      $str3 .= $ic.". ";
      $str3 .= "<a href=\"sched_index.php?iid=".$row["id"]."&tbl=schedule\">".$row["location"]."</a> ";
      $str3 .= "[".$row["date"]."] ";
      $str3 .= "[".$row["venue"]."]<br> ";
      $str3 .= "[<a href=\"sched_index.php?act=rem&iid=".$row["id"]."&tbl=schedule\">REMOVE</a>]<br><br>";
   }
   print $str3;
}
mysql_free_result ($result3);?></body>
</html>

 

I cleaned up some mistakes. Also, try not to use short-hand tags.

Link to comment
Share on other sites
Ravo Newbie

Ravo

Posted
Posted

$_POST and $_GET are global variables. Regardless of whether they are empty or not, they exist. Your script is running the code in the if($_POST){} statement in an infinite loop because it redirects to itself. You'd have to check for a specific variable in $_POST and $_GET.

Link to comment
Share on other sites
Ravo Newbie

Ravo

Posted
Posted

Is it? I haven't checked the default settings recently.

 

Another alternative is rather than directing, for debug purposes only just echo and exit in the if statements.

 

if ($_POST) {

   die( "_POST found!");

   $location = $_POST["location"];
   $date = $_POST["date"];
   $venue = $_POST["venue"];

   $sql = "INSERT INTO `schedule` (location, date, venue) VALUES ('{$location}', '{$date}', '{$venue}')";
   @mysql_query ($sql, $conn);
   Header("Location:".$_SERVER["PHP_SELF"]);
}

// Do this process of user has click a file name to view or remove
if ($_GET) {
  
   die( "_GET found!" );

   $iid = $_GET["iid"];
   $act = $_GET["act"];
   switch ($act) {
      case rem:
      $sql = "DELETE FROM schedule WHERE id='$iid'";
      @mysql_query ($sql, $conn);
      Header("Location:./sched_index.php");
  exit();
      break;

      default:
      break;
   }

 

If it turns out one is running when it shouldn't this will tell you without it looping. After that, revise your if statement and try again. When it does work, remove or comment out die()'s. But from the description of the problem, I really think that $_POST is there on his server no matter what.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.