tags:

views:

62

answers:

2
Q: 

PHP - Passing db value to a $_POST - value wrong

Hi, I'm having problems with my code - when I run it, it seem to only pass through the ID information for the last record rather than the one in the row I am trying to list and have a button for. The code for the page is the following (Sorry if there is heaps there - I'm only very new to this):

<?php require_once('Connections/Demand.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_Recordset1 = "-1";
if (isset($_COOKIE['DRLogin'])) {
  $colname_Recordset1 = $_COOKIE['DRLogin'];
}
mysql_select_db($database_Demand, $Demand);
$query_Recordset1 = sprintf("SELECT Title, `Action`, Type, Information, `Date`, Status, ID FROM username WHERE Username = %s AND Active = '1' ORDER BY `Date` ASC", GetSQLValueString($colname_Recordset1, "text"));
$Recordset1 = mysql_query($query_Recordset1, $Demand) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$row=0; 
$numrows=mysql_num_rows($row_Recordset1);

$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login - Demand &amp; Resolve</title>
<script type="text/javascript">
    function ChangeColor(tableRow, highLight)
    {
    if (highLight)
    {
      tableRow.style.backgroundColor = '#dcfac9';
    }
    else
    {
      tableRow.style.backgroundColor = 'white';
    }
  }

  function DoNav(theUrl)
  {
  document.location.href = theUrl;
  }
  </script>

</head>

<body>
<form id="form1" name="form1" method="post" action="">
  <p>
    <input name="hiddenField"  type = "hidden" id="GUsername" value="<?php echo $_COOKIE['DRLogin'] ?>" />
  To Do List</p>
  <p>&nbsp;</p>
</form>
<table border="1">
  <tr>
    <td>Title</td>
    <td>Action</td>
    <td>Type</td>
    <td>Information</td>
    <td>Date</td>
    <td>Status</td>
    <td>Task ID</td>
  </tr>
  <?php do { ?>
    <tr onmouseover="ChangeColor(this, true); " 
              onmouseout="ChangeColor(this, false);" 
              >
      <td><?php echo $row_Recordset1['Title']; ?></td>
      <td><?php echo $row_Recordset1['Action']; ?></td>
      <td><?php echo $row_Recordset1['Type']; ?></td>
      <td><?php echo $row_Recordset1['Information']; ?></td>
      <td><?php echo $row_Recordset1['Date']; ?></td>
      <td><?php echo $row_Recordset1['Status']; ?></td>
      <td><form method="post" action="full.php"><input type="hidden" name="pull0" value="<?php echo $row_Recordset1['ID']; ?>"/><input type="submit" name="Action" id="Submit" value="Action" /></td>


    </tr>
    <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1));  ?>
</table>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

On the full.php I am using a $_POST action to pick up the value.

A: 

You have to close the form:

<td>
    <form method="post" action="full.php">
        <input type="hidden" name="pull0" value="<?php echo $row_Recordset1['ID']; ?>"/>
        <input type="submit" name="Action" id="Submit" value="Action" />
    </form> <!-- add this line -->
</td>

Besides that: Use a while loop instead of a do-while loop. Your code is a bit "hackish" because when you use the do_while loop, $row_Recordset1 is not defined in the first iteration. You circumvent this problem by making a single call to mysql_fetch_assoc at the beginning of the file.

A while loop would be much easier to understand and it makes sure that $row_Recordset1 is defined in every iteration:

<?php while(($row_Recordset1 = mysql_fetch_assoc($Recordset1))): ?>
    <tr onmouseover="ChangeColor(this, true); " 
              onmouseout="ChangeColor(this, false);" 
              >
      <td><?php echo $row_Recordset1['Title']; ?></td>
      <td><?php echo $row_Recordset1['Action']; ?></td>
      <td><?php echo $row_Recordset1['Type']; ?></td>
      <td><?php echo $row_Recordset1['Information']; ?></td>
      <td><?php echo $row_Recordset1['Date']; ?></td>
      <td><?php echo $row_Recordset1['Status']; ?></td>
      <td><form method="post" action="full.php"><input type="hidden" name="pull0" value="<?php echo $row_Recordset1['ID']; ?>"/><input type="submit" name="Action" id="Submit" value="Action" /></form></td>   
    </tr>
<?php endwhile; ?>

Note that I use the alternative syntax for control structures here which I personally find much easier to read and to use when dealing with HTML. Also note that when using the while loop, you should not call mysql_fetch_assoc at the beginning of the file, otherwise you skip the first record.

And applying mysql_num_rows on one row does not make sense to me ;)

Felix Kling  2010-09-12 06:24:20
OMG - I can't believe I missed something that simple!
Nathan  2010-09-12 06:36:04
A: 

function GetSQLValueString should be something like this 

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  switch ($theType) {
    case "text":
      if (function_exists("mysql_real_escape_string")) {
        $theValue = mysql_real_escape_string($theValue);
      } else {
        $theValue = mysql_escape_string($theValue);
      }
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
  }
  return $theValue;
}

though I'd say even this one is overkill
and theType concept is totally wrong. Why do you think that defined values shouldn't be escaped as well?

Col. Shrapnel  2010-09-12 07:46:54

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases