On Thu, May 3, 2012 at 4:20 PM, Ethan Rosenberg <eth...@earthlink.net> wrote:
> At 06:47 PM 5/2/2012, Matijn Woudt wrote:
>>
>> On Wed, May 2, 2012 at 11:43 PM, Ethan Rosenberg <eth...@earthlink.net>
>> wrote: > Dear list - > > Sorry for the attachment. Â Here are code snippets
>> --- Ethan, I don't want to sound rude, but it appears to me you don't have
>> any understanding of what you're doing. It might help if you understand what
>> the code is doing... Let me explain. > > GET THE DATA FROM INTAKE3: > > Â Â
>> function handle_data() > Â Â { > Â Â Â global $cxn; > Â Â Â $query =
>> "select * from Intake3 where  1"; > > > >   Â
>> if(isset($_Request['Sex'])&& trim($_POST['Sex']) != '' ) $_Request does not
>> exists, you're looking for $_REQUEST. And why are you mixing $_REQUEST and
>> $_POST here? > Â Â Â { > Â Â Â Â Â Â if ($_REQUEST['Sex'] === "0") >
>> Â Â Â Â Â Â { > Â Â Â Â Â Â Â $sex = 'Male'; > Â Â Â Â Â Â
>> } > Â Â Â Â Â Â else > Â Â Â Â Â Â { > Â Â Â Â Â Â Â $sex =
>> 'Female'; > Â Â Â Â Â Â } > Â Â Â } > > Â Â } What is the point of
>> the handle_data function above? It doesn't do anything. > Â Â
>> $allowed_fields = array > Â Â Â ( Â 'Site' =>$_POST['Site'], 'MedRec' =>
>> $_POST['MedRec'], 'Fname' => > $_POST['Fname'], 'Lname' => $_POST['Lname'] ,
>> > Â Â Â Â Â Â 'Phone' => $_POST['Phone'] , 'Sex' => $_POST['Sex'] Â ,
>> 'Height' > => $_POST['Height'] Â ); > > Â Â if(empty($allowed_fields)) > Â
>> Â { > Â Â Â Â Â echo "ouch"; > Â Â } > > Â Â $query = "select * from
>> Intake3  where  1 "; > >   foreach ( $allowed_fields as $key => $val )
>> > Â Â { > Â Â Â if ( (($val != '')) ) > > Â Â { > Â Â Â $query .= "
>> AND ($key  = '$val') "; >   } >    $result1 = mysqli_query($cxn,
>> $query); > Â Â } First, this will allow SQL injections, because you insert
>> the values directly from the browser. Second, you should move the last line
>> ($result1=...), outside of the foreach loop, now you're executing the query
>> multiple times. Third, you should check if $result1 === FALSE, in case the
>> query fails > > Â Â $num = mysqli_num_rows($result1); > Â Â if(($num =
>> mysqli_num_rows($result1)) == 0) Doing the same thing twice? > Â Â { > ?> >
>> Â Â <br /><br /><center><b><p style="color: red; font-size:14pt;" >No
>> Records > Retrieved #1</center></b></style></p> > <?php > Â Â exit(); > Â
>> Â } > > DISPLAY THE INPUT3 DATA: > >>>> THIS SEEMS TO BE THE ROUTINE THAT
>> IS FAILING <<< > > Â Â <center><b>Search Results</b></center><br /> > > Â
>> Â <center><table border="4" cellpadding="5" cellspacing="55" Â rules="all"
>> > Â frame="box"> > Â Â <tr class=\"heading\"> > Â Â <th>Site</th> > Â Â
>> <th>Medical Record</th> > Â Â <th>First Name</th> > Â Â <th>Last Name</th>
>> > Â Â <th>Phone</td> > Â Â <th>Height</td> > Â Â <th>Sex</td> > Â Â
>> <th>History</td> > Â Â </tr> > > <?php > > Â Â Â while ($row1 =
>> mysqli_fetch_array($result1, MYSQLI_BOTH)) > Â Â Â { > Â Â Â Â Â Â
>> print_r($_POST); Doesn't really make sense to print $_POST here.. > Â Â Â
>> Â Â Â Â global $MDRcheck; > Â Â Â Â Â Â Â $n1++; > Â Â Â Â Â
>> Â Â echo "<br />n1 <br />";echo $n1; > Â Â Â Â Â Â { > Â Â Â Â Â
>> Â Â if (($n1 > 2) && ($MDRcheck == $row1[1])) > Â Â Â Â Â Â Â { >
>> Â Â Â Â Â Â Â Â Â Â echo ">2== Â "; > Â Â Â Â Â Â Â Â Â Â
>> echo $MDRcheck; > Â Â Â Â Â Â Â Â Â Â echo "<td> $row1[0] </td>\n";
>> > Â Â Â Â Â Â Â Â Â Â echo "<td> $row1[1] </td>\n"; > Â Â Â Â Â
>> Â Â Â Â Â echo "<td> $row1[2] </td>\n"; > Â Â Â Â Â Â Â Â Â Â
>> echo "<td> $row1[3] </td>\n"; > Â Â Â Â Â Â Â Â Â Â echo "<td>
>> $row1[4] </td>\n"; > Â Â Â Â Â Â Â Â Â Â echo "<td> $row1[5]
>> </td>\n"; > Â Â Â Â Â Â Â Â Â Â echo "<td> $row1[6] </td>\n"; > Â
>> Â Â Â Â Â Â Â Â Â echo "<td> $row1[7] </td>\n"; > Â Â Â Â Â Â
>> Â Â Â Â echo "</tr>\n"; > Â Â Â Â Â Â Â } > Â Â Â Â Â Â Â
>> elseif (($n1 > 2) && ($MDRcheck != $row1[1])) > Â Â Â Â Â Â Â { > Â
>> Â Â Â Â Â Â Â Â Â echo ">2!= Â "; > > Â Â Â Â Â Â Â Â Â Â
>> echo $MDRcheck; > > > Â Â Â Â Â Â Â Â Â Â continue; continue
>> doesn't do anything here. > Â Â Â Â Â Â Â } > Â Â Â Â Â Â Â
>> elseif ($n1 == 2) > Â Â Â Â Â Â Â { > > Â Â Â Â Â Â Â Â Â Â
>> define( "MDR" , Â $row1[1]); > Â Â Â Â Â Â Â Â Â Â echo "<br />row1
>> <br>";echo $row1[1]; > Â Â Â Â Â Â Â Â Â Â echo "<tr>\n"; > > Â Â
>> Â Â Â Â Â Â Â Â $_GLOBALS['mdr']= $row1[1]; > Â Â Â Â Â Â Â Â
>> Â Â $_POST['MedRec'] = $row1[1]; You're not supposed to set variables in
>> $_POST... > Â Â Â Â Â Â Â Â Â Â $MDRold = $_GLOBALS['mdr']; It
>> appears you want the old value of mdr, if so, then you should do this before
>> you set it again 2 lines above.. > Â Â Â Â Â Â Â Â Â Â echo "<td>
>> $row1[0] </td>\n"; > Â Â Â Â Â Â Â Â Â Â echo "<td> $row1[1]
>> </td>\n"; > Â Â Â Â Â Â Â Â Â Â echo "<td> $row1[2] </td>\n"; > Â
>> Â Â Â Â Â Â Â Â Â echo "<td> $row1[3] </td>\n"; > Â Â Â Â Â Â
>> Â Â Â Â echo "<td> $row1[4] </td>\n"; > Â Â Â Â Â Â Â Â Â Â
>> echo "<td> $row1[5] </td>\n"; > Â Â Â Â Â Â Â Â Â Â echo "<td>
>> $row1[6] </td>\n"; > Â Â Â Â Â Â Â Â Â Â echo "<td> $row1[7]
>> </td>\n"; > Â Â Â Â Â Â Â Â Â Â echo "</tr>\n"; > Â Â Â Â Â Â
>> Â } > > Â Â Â Â Â Â } > Â Â Â } > > ?> You say this routine is
>> probably the one that is failing.. but what is going wrong? And how the heck
>> are we supposed to know what this function should do? > > SELECT AND DISPLAY
>> DATA FROM VISIT3 DATABASE > > <?php > Â Â $query2 = "select * from Visit3
>> where  1 AND (Site = 'AA')  AND (MedRec = > $_GLOBALS[mdr])"; You're using
>> mdr as a constant here, this will generate a warning, but sadly enough it
>> works. > Â Â $result2 = mysqli_query($cxn, $query2); You should check if
>> $result2 === FALSE, in case the query fails. > Â Â $num =
>> mysqli_num_rows($result2); You're counting the rows here, but you don't do
>> anything with the result? > << Snip the rest of this crappy code >> > > I
>> hope this helps. > > Ethan > > I think I made my point. I guess if I
>> continued on the rest of the code there will be tons of other bugs. Try to
>> understand what you're doing. Break things down in smaller pieces, check if
>> they work, then write another piece. If something breaks, you know where it
>> was because you just added that part. - Matijn
>
>
>
> Martijn -
>
> Thank you for your insights into my poorly written code. I am very much of
> a newbie, and therefore am asking for help.
>
> Would you please look at the routine that is failing. I stripped out all
> the echo and print_r statements, but I had a large number of them in the
> code. Everything that I can think of has been tried to no avail. Any help
> that you can render would be deeply appreciated.
>
> Thanks again,
>
> Ethan
>
Ethan,
You're code got messed up I guess. Though, it seems there's still way
too much code to review here. You should try to bring your problem
down to 10-20 lines of code, then we can probably easily spot the
error in the code.
- Matijn
