Re: [PHP] function not returning query
On Tue, 2009-11-24 at 23:27 -0800, Allen McCabe wrote: If I were to loop through my inputs, I could just exclude any problematic names, eg.: foreach ($_POST as $var = $val) { if ($var != filter.x || $var != filter.y) { $var = $val; } } Like that? On Tue, Nov 24, 2009 at 2:34 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Tue, 2009-11-24 at 02:11 -0800, Allen McCabe wrote: I am! Will these extra query variables cause any problems or should I use standard submit inputs? Thanks Ashley! On Tue, Nov 24, 2009 at 1:10 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Mon, 2009-11-23 at 21:53 -0800, Allen McCabe wrote: Okay, suddenly I got it to filter the results, but I still can't figure out where this part of the query is coming from, at the end of the query string in the URL, I have this filter.x=0filter.y=0. No where in my form do I have a field named filter.x or filter.y. I DO however, have 3 forms (I don't want to mess with AJAX), my set up looks like this: Filter by: User - [username dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go School - [school dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go Show - [show dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go There are actually two order by fields, but this gives you the idea. Each of the three lines is a separate form, each with a unique name all with a get method, but all three Go buttons are named filter, I didn't think to try changing it until now, but is this perhaps where the filter.x and filter.y are coming from? I have never seen this before in a query. Oh, now the filter that was working spontaneously gives me the error I have been getting all along, this is so frustrating. To those who asked, yes I am connected to the database; I forgot to mention that the else part of my if statement works, as long as I don't try to filter my results it works. Here is an example of the URL that my filter function (via one of the 3 forms) outputs: http://lpacmarketing.hostzi.com/afy/orders/default.php?filterby=schoolschoolid=36orderby1=order_idasc_desc_order1=Descendorderby2=pmt_recd_dateasc_desc_order2=Descendfilter.x=13filter.y=8filter=Go On Mon, Nov 23, 2009 at 8:03 PM, Philip Thompson philthath...@gmail.comwrote: On Nov 23, 2009, at 6:22 PM, Allen McCabe wrote: Hi, thanks for reading, I hope you can help: In my main file for an orders page I have the following code: if (isset($_GET['filterby'])) { $resultOrders = adminFilterQuery(); $numberOfOrders = mysql_num_rows($resultOrders); } else { $resultOrders = mysql_query(SELECT * FROM afy_order;) or die(mysql_error(Could not query the database!)); $numberOfOrders = mysql_num_rows($resultOrders); } You reduce this part by one line by putting the following after the else statement and removing the other 2: $numberOfOrders = mysql_num_rows ($resultOrders); Also, these queries don't need a semi-colon (;) to end the query. PHP handles this part. Remove them. adminFilterQuery() is a custom function that is supposed to return a mysql_query, here are the last few lines of this function: $query = SELECT * FROM afy_order WHERE school_id = '{$school}' ORDER BY {$order_by_param};; $result = mysql_query($query); return $result; l am getting this error
Re: [PHP] function not returning query
On Nov 25, 2009, at 4:32 AM, Ashley Sheridan wrote: On Tue, 2009-11-24 at 23:27 -0800, Allen McCabe wrote: If I were to loop through my inputs, I could just exclude any problematic names, eg.: foreach ($_POST as $var = $val) { if ($var != filter.x || $var != filter.y) { $var = $val; } } Like that? !--snip-- Not really, what if someone else decided they wanted to throw in their own form field values in the hope of breaking your system? It's much better to be specifically looking for certain form fields and certain field values/ranges. For example, if you had some fields that would filter something by cost, you might have two form fields named 'max' and 'min' which would be ranges for the cost. You should check that these fields only contain numbers for example before processing them. Any data coming from the client-side is untrustworthy and should be regarded as tainted until you can prove otherwise. Thanks, Ash The system Ash is referring to is a whitebox approach. You know what you should get in, so only accept those values. A simple thing to accomplish what you're trying to do, Allen, would be to create an array of required/accepted fields... ?php $acceptable = array('green', 'blue', 'red'); foreach ($_POST as $var = $val) { if (in_array ($var, $acceptable)) { // Do whatever here } else { // Not acceptable - throw error message or do nothing } } ? Hope that helps. ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] function not returning query
On Mon, 2009-11-23 at 21:53 -0800, Allen McCabe wrote: Okay, suddenly I got it to filter the results, but I still can't figure out where this part of the query is coming from, at the end of the query string in the URL, I have this filter.x=0filter.y=0. No where in my form do I have a field named filter.x or filter.y. I DO however, have 3 forms (I don't want to mess with AJAX), my set up looks like this: Filter by: User - [username dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go School - [school dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go Show - [show dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go There are actually two order by fields, but this gives you the idea. Each of the three lines is a separate form, each with a unique name all with a get method, but all three Go buttons are named filter, I didn't think to try changing it until now, but is this perhaps where the filter.x and filter.y are coming from? I have never seen this before in a query. Oh, now the filter that was working spontaneously gives me the error I have been getting all along, this is so frustrating. To those who asked, yes I am connected to the database; I forgot to mention that the else part of my if statement works, as long as I don't try to filter my results it works. Here is an example of the URL that my filter function (via one of the 3 forms) outputs: http://lpacmarketing.hostzi.com/afy/orders/default.php?filterby=schoolschoolid=36orderby1=order_idasc_desc_order1=Descendorderby2=pmt_recd_dateasc_desc_order2=Descendfilter.x=13filter.y=8filter=Go On Mon, Nov 23, 2009 at 8:03 PM, Philip Thompson philthath...@gmail.comwrote: On Nov 23, 2009, at 6:22 PM, Allen McCabe wrote: Hi, thanks for reading, I hope you can help: In my main file for an orders page I have the following code: if (isset($_GET['filterby'])) { $resultOrders = adminFilterQuery(); $numberOfOrders = mysql_num_rows($resultOrders); } else { $resultOrders = mysql_query(SELECT * FROM afy_order;) or die(mysql_error(Could not query the database!)); $numberOfOrders = mysql_num_rows($resultOrders); } You reduce this part by one line by putting the following after the else statement and removing the other 2: $numberOfOrders = mysql_num_rows ($resultOrders); Also, these queries don't need a semi-colon (;) to end the query. PHP handles this part. Remove them. adminFilterQuery() is a custom function that is supposed to return a mysql_query, here are the last few lines of this function: $query = SELECT * FROM afy_order WHERE school_id = '{$school}' ORDER BY {$order_by_param};; $result = mysql_query($query); return $result; l am getting this error when I try to filter my query using a form in tandem with the quey building function: *Warning*: mysql_num_rows(): supplied argument is not a valid MySQL result resource where the line is the one where I use the mysql_num_rows function. What am I missing here? Thanks! Do you get this warning with both queries? Make sure that your queries are using a valid mysql connection. You may also consider using a database class to perform the repetitive tasks so that you really only have to be concerned with the queries you're writing...? ?php class database { public function query ($sql) { $result = mysql_query ($sql); if ($result === false) { die ('Uh oh!'); } return $result; } public function numRows ($result) { return mysql_num_rows ($result); } } $db = new database(); $result = $db-query('SELECT * FROM afy_order'); $numRows = $db-numRows($result); ? Of course this is just a simple example, but you get the idea. Hope that stirs your brain! ~Philip My guess would be that you're submitting the form using an image button, which would send the x and y coordinates of the click within the button. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] function not returning query
On Tue, 2009-11-24 at 02:11 -0800, Allen McCabe wrote: I am! Will these extra query variables cause any problems or should I use standard submit inputs? Thanks Ashley! On Tue, Nov 24, 2009 at 1:10 AM, Ashley Sheridan a...@ashleysheridan.co.uk wrote: On Mon, 2009-11-23 at 21:53 -0800, Allen McCabe wrote: Okay, suddenly I got it to filter the results, but I still can't figure out where this part of the query is coming from, at the end of the query string in the URL, I have this filter.x=0filter.y=0. No where in my form do I have a field named filter.x or filter.y. I DO however, have 3 forms (I don't want to mess with AJAX), my set up looks like this: Filter by: User - [username dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go School - [school dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go Show - [show dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go There are actually two order by fields, but this gives you the idea. Each of the three lines is a separate form, each with a unique name all with a get method, but all three Go buttons are named filter, I didn't think to try changing it until now, but is this perhaps where the filter.x and filter.y are coming from? I have never seen this before in a query. Oh, now the filter that was working spontaneously gives me the error I have been getting all along, this is so frustrating. To those who asked, yes I am connected to the database; I forgot to mention that the else part of my if statement works, as long as I don't try to filter my results it works. Here is an example of the URL that my filter function (via one of the 3 forms) outputs: http://lpacmarketing.hostzi.com/afy/orders/default.php?filterby=schoolschoolid=36orderby1=order_idasc_desc_order1=Descendorderby2=pmt_recd_dateasc_desc_order2=Descendfilter.x=13filter.y=8filter=Go On Mon, Nov 23, 2009 at 8:03 PM, Philip Thompson philthath...@gmail.comwrote: On Nov 23, 2009, at 6:22 PM, Allen McCabe wrote: Hi, thanks for reading, I hope you can help: In my main file for an orders page I have the following code: if (isset($_GET['filterby'])) { $resultOrders = adminFilterQuery(); $numberOfOrders = mysql_num_rows($resultOrders); } else { $resultOrders = mysql_query(SELECT * FROM afy_order;) or die(mysql_error(Could not query the database!)); $numberOfOrders = mysql_num_rows($resultOrders); } You reduce this part by one line by putting the following after the else statement and removing the other 2: $numberOfOrders = mysql_num_rows ($resultOrders); Also, these queries don't need a semi-colon (;) to end the query. PHP handles this part. Remove them. adminFilterQuery() is a custom function that is supposed to return a mysql_query, here are the last few lines of this function: $query = SELECT * FROM afy_order WHERE school_id = '{$school}' ORDER BY {$order_by_param};; $result = mysql_query($query); return $result; l am getting this error when I try to filter my query using a form in tandem with the quey building function: *Warning*: mysql_num_rows(): supplied argument is not a valid MySQL result resource where the line is the one where I use the mysql_num_rows function. What am I missing here? Thanks! Do you get this warning with both queries? Make sure that your queries are using a valid mysql connection. You may also consider using a database class to perform the repetitive tasks so that you really only have to be concerned with the queries you're writing...? ?php class database { public function query ($sql) { $result = mysql_query ($sql); if ($result === false) { die ('Uh oh!'); } return $result; } public function numRows ($result) { return mysql_num_rows ($result); }
[PHP] function not returning query
Hi, thanks for reading, I hope you can help: In my main file for an orders page I have the following code: if (isset($_GET['filterby'])) { $resultOrders = adminFilterQuery(); $numberOfOrders = mysql_num_rows($resultOrders); } else { $resultOrders = mysql_query(SELECT * FROM afy_order;) or die(mysql_error(Could not query the database!)); $numberOfOrders = mysql_num_rows($resultOrders); } adminFilterQuery() is a custom function that is supposed to return a mysql_query, here are the last few lines of this function: $query = SELECT * FROM afy_order WHERE school_id = '{$school}' ORDER BY {$order_by_param};; $result = mysql_query($query); return $result; l am getting this error when I try to filter my query using a form in tandem with the quey building function: *Warning*: mysql_num_rows(): supplied argument is not a valid MySQL result resource where the line is the one where I use the mysql_num_rows function. What am I missing here? Thanks!
Re: [PHP] function not returning query
Likely your query failed due to an error. Try adding an or die(mysql_error()) to the end of your mysql_query statement to see what that error maybe Bastien Sent from my iPod On Nov 23, 2009, at 7:22 PM, Allen McCabe allenmcc...@gmail.com wrote: Hi, thanks for reading, I hope you can help: In my main file for an orders page I have the following code: if (isset($_GET['filterby'])) { $resultOrders = adminFilterQuery(); $numberOfOrders = mysql_num_rows($resultOrders); } else { $resultOrders = mysql_query(SELECT * FROM afy_order;) or die(mysql_error(Could not query the database!)); $numberOfOrders = mysql_num_rows($resultOrders); } adminFilterQuery() is a custom function that is supposed to return a mysql_query, here are the last few lines of this function: $query = SELECT * FROM afy_order WHERE school_id = '{$school}' ORDER BY {$order_by_param};; $result = mysql_query($query); return $result; l am getting this error when I try to filter my query using a form in tandem with the quey building function: *Warning*: mysql_num_rows(): supplied argument is not a valid MySQL result resource where the line is the one where I use the mysql_num_rows function. What am I missing here? Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] function not returning query
On Nov 23, 2009, at 6:22 PM, Allen McCabe wrote: Hi, thanks for reading, I hope you can help: In my main file for an orders page I have the following code: if (isset($_GET['filterby'])) { $resultOrders = adminFilterQuery(); $numberOfOrders = mysql_num_rows($resultOrders); } else { $resultOrders = mysql_query(SELECT * FROM afy_order;) or die(mysql_error(Could not query the database!)); $numberOfOrders = mysql_num_rows($resultOrders); } You reduce this part by one line by putting the following after the else statement and removing the other 2: $numberOfOrders = mysql_num_rows ($resultOrders); Also, these queries don't need a semi-colon (;) to end the query. PHP handles this part. Remove them. adminFilterQuery() is a custom function that is supposed to return a mysql_query, here are the last few lines of this function: $query = SELECT * FROM afy_order WHERE school_id = '{$school}' ORDER BY {$order_by_param};; $result = mysql_query($query); return $result; l am getting this error when I try to filter my query using a form in tandem with the quey building function: *Warning*: mysql_num_rows(): supplied argument is not a valid MySQL result resource where the line is the one where I use the mysql_num_rows function. What am I missing here? Thanks! Do you get this warning with both queries? Make sure that your queries are using a valid mysql connection. You may also consider using a database class to perform the repetitive tasks so that you really only have to be concerned with the queries you're writing...? ?php class database { public function query ($sql) { $result = mysql_query ($sql); if ($result === false) { die ('Uh oh!'); } return $result; } public function numRows ($result) { return mysql_num_rows ($result); } } $db = new database(); $result = $db-query('SELECT * FROM afy_order'); $numRows = $db-numRows($result); ? Of course this is just a simple example, but you get the idea. Hope that stirs your brain! ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] function not returning query
Okay, suddenly I got it to filter the results, but I still can't figure out where this part of the query is coming from, at the end of the query string in the URL, I have this filter.x=0filter.y=0. No where in my form do I have a field named filter.x or filter.y. I DO however, have 3 forms (I don't want to mess with AJAX), my set up looks like this: Filter by: User - [username dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go School - [school dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go Show - [show dropdown v] Order by [database fields v] Asc/Desc [Ascend v] - Go There are actually two order by fields, but this gives you the idea. Each of the three lines is a separate form, each with a unique name all with a get method, but all three Go buttons are named filter, I didn't think to try changing it until now, but is this perhaps where the filter.x and filter.y are coming from? I have never seen this before in a query. Oh, now the filter that was working spontaneously gives me the error I have been getting all along, this is so frustrating. To those who asked, yes I am connected to the database; I forgot to mention that the else part of my if statement works, as long as I don't try to filter my results it works. Here is an example of the URL that my filter function (via one of the 3 forms) outputs: http://lpacmarketing.hostzi.com/afy/orders/default.php?filterby=schoolschoolid=36orderby1=order_idasc_desc_order1=Descendorderby2=pmt_recd_dateasc_desc_order2=Descendfilter.x=13filter.y=8filter=Go On Mon, Nov 23, 2009 at 8:03 PM, Philip Thompson philthath...@gmail.comwrote: On Nov 23, 2009, at 6:22 PM, Allen McCabe wrote: Hi, thanks for reading, I hope you can help: In my main file for an orders page I have the following code: if (isset($_GET['filterby'])) { $resultOrders = adminFilterQuery(); $numberOfOrders = mysql_num_rows($resultOrders); } else { $resultOrders = mysql_query(SELECT * FROM afy_order;) or die(mysql_error(Could not query the database!)); $numberOfOrders = mysql_num_rows($resultOrders); } You reduce this part by one line by putting the following after the else statement and removing the other 2: $numberOfOrders = mysql_num_rows ($resultOrders); Also, these queries don't need a semi-colon (;) to end the query. PHP handles this part. Remove them. adminFilterQuery() is a custom function that is supposed to return a mysql_query, here are the last few lines of this function: $query = SELECT * FROM afy_order WHERE school_id = '{$school}' ORDER BY {$order_by_param};; $result = mysql_query($query); return $result; l am getting this error when I try to filter my query using a form in tandem with the quey building function: *Warning*: mysql_num_rows(): supplied argument is not a valid MySQL result resource where the line is the one where I use the mysql_num_rows function. What am I missing here? Thanks! Do you get this warning with both queries? Make sure that your queries are using a valid mysql connection. You may also consider using a database class to perform the repetitive tasks so that you really only have to be concerned with the queries you're writing...? ?php class database { public function query ($sql) { $result = mysql_query ($sql); if ($result === false) { die ('Uh oh!'); } return $result; } public function numRows ($result) { return mysql_num_rows ($result); } } $db = new database(); $result = $db-query('SELECT * FROM afy_order'); $numRows = $db-numRows($result); ? Of course this is just a simple example, but you get the idea. Hope that stirs your brain! ~Philip