FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Adding a record to a database
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Adding a record to a database [message #175140 is a reply to message #175116] Tue, 16 August 2011 20:13 Go to previous messageGo to previous message
sheldonlg is currently offline  sheldonlg
Messages: 166
Registered: September 2010
Karma:
Senior Member
On 8/15/2011 9:50 PM, Jerry Stuckle wrote:
> On 8/15/2011 9:02 PM, sheldonlg wrote:
>> On 8/15/2011 2:11 PM, A.Reader wrote:
>>> On Mon, 15 Aug 2011 05:35:37 -0700 (PDT),
>>> Charles<cchamb2(at)gmail(dot)com> wrote:
>>>
>>>> I'm trying to add a record to a database, and it's not working
>>>> properly.
>>>>
>>>> The general thought is to call a data entry form, fill in the form,
>>>> and use the $_POST(array) process to pass the data from the form to a
>>>> php script that handles adding the record to the database.
>>>>
>>>> The only trick part of the php script is using a hidden field to pass
>>>> the name of the data entry form to a SWITCH statement. I'm trying to
>>>> keep the site directory uncluttered and the scripting organized, and I
>>>> understand this works.
>>>>
>>>> I'm getting Error 500 as I test the script, so I think I have
>>>> something coded incorrectly in the script, or I have something
>>>> missing. Other php-based web applications wrok fine, so I suspect I
>>>> have php correctly installed.
>>>>
>>>> Here's the coding:
>>>>
>>>> =====================
>>>>
>>>> <?php
>>>>
>>>> /*<!-- This starts the switch statement. The variable passed to
>>>> control iteration
>>>> is the $_Push(switch) variable set in the first (hidden) field in a
>>>> data entry form.
>>>> The value contained in the variable is the case predicate
>>>>
>>>> */
>>>>
>>>>
>>>> switch ($_Push(switch)) {
>>>>
>>>> /*======================================================*/
>>>>
>>>> case "cab_vehicle_data_entry_add_a_vehicle":
>>>>
>>>>
>>>>
>>>> $con = mysql_connect("*********","****","******");<<These are fine
>>>> if (!$con)
>>>> {
>>>> die('Could not connect: ' . mysql_error());
>>>> }
>>>>
>>>> mysql_select_db("taxicab", $con);
>>>>
>>>> $sql="INSERT INTO
>>>> cab_vehicle (cab_vehicle_make, cab_vehicle_model,
>>>> cab_vehicle_edition,
>>>> cab_vehicle_month, cab_vehicle_year, cab_vehicle_VIN,
>>>> cab_vehicle_registration_number,
>>>> cab_vehicle_reg_exp_month, cab_vehicle_reg_exp_year,
>>>> cab_vehicle_pax_capacity,
>>>> cab_vehicle_cubic_feet_cargo, cab_vehicle_cargo_weight)
>>>>
>>>> VALUES
>>>>
>>>>
>>>> ('$_POST[Make]','$_POST[Model]','$_POST[Edition]','$_POST[Month]','$_POST[y ear]',
>>>>
>>>>
>>>> '$_POST[VIN]','$_POST[Registration]','$_POST[reg_exp_month]','$_POST[reg_ex p_year]',
>>>>
>>>>
>>>> '$_POST[pax_capacity]','$_POST[cargo_cubic_feet]','$_POST[cargo_weight_lbs] ') ";
>>>>
>>>>
>>>>
>>>> if (!mysql_query($sql,$con))
>>>> {
>>>> die('Error: ' . mysql_error());
>>>> }
>>>> echo "1 record added";
>>>>
>>>> mysql_close($con)
>>>>
>>>> break;
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>> /*======================================================*/
>>>>
>>>> /* case "whatever"
>>>> Next process subroutine
>>>> break;
>>>> */
>>>>
>>>>
>>>> }
>>>>
>>>>
>>>> ?>
>>>
>>> I'll pass on some highly-useful advice I got when I was learning
>>> to program, back during the last ice age: make your code look
>>> neat and clean. There's no logical reason for that to make bugs
>>> go away, but in fact it does.
>>>
>>> Your program should have a structure something like this:
>>>
>>> <?php
>>>
>>> if ( ! connected( 'taxicabs', 'sometable' ) ) die() ;
>>>
>>> if ( valid( $_REQUEST ) )
>>> {
>>> $s = 'INSERT INTO taxicabs.sometable SET ' ;
>>> $s .= 'Make="'.$_REQUEST['Make'].'", ' ;
>>> $s .= 'Model="'.$_REQUEST['Model'].'", ' ;
>>> // the other fields the same way
>>>
>>> // note that it's just "Make", "Model", etc not
>>> // "cab_vehicle_make" etc. because if you don't already know
>>> // that you're talking about taxis, not railway locomotives or
>>> // steamboats, you're in more
>>> // trouble than wordy fieldnames can ever fix
>>>
>>> if ( ! mysql_query( $s, $dblink ) )
>>> die( 'Could not create the new record '.
>>> ' because '.mysql_error() ) ;
>>> }
>>> else die( 'That is not a valid request because '.
>>> $val_errors ) ;
>>>
>>> // it needn't be "die()" when something goes wrong,
>>> // it could be some recovery
>>> // routine where you explain what the person should
>>> // do differently and give them another go. Of course, if
>>> // it's that the server choked or got lost, then die() is '
>>> // perfectly appropriate.
>>>
>>>
>>> // ----------------------------
>>> function connected( $db, $table )
>>> {
>>> global $dblink ;
>>> // the mysql connection stuff, returning true if it works, or
>>> // complain about the problems and return false.
>>> }
>>> // ----------------------------
>>> function valid( $a )
>>> {
>>> global $val_errors = '' ;
>>> // your validation code. If it passes your tests,
>>> // return true. If not, concatenate the complaints into
>>> // $val_errors and return false ;
>>> }
>>>
>>> ?>
>>
>> Besides all the excellent advice already given to you, didn't you say
>> that the choice came from the value of a hidden variable? If so, then
>> you want to switch on the value of the %_POST['name_of_that_variable'].
>>
>
> Which is about as insecure as you can get. I hope this isn't how you're
> coding for your "Fortune 500" company. If so, I pity them.

What part of "Besides all the excellent advice already given to you"
didn't you understand? I was only addressing that it is $_POST, not push.

As to the other part, no, I don't. However, even if I did, it wouldn't
be much of a big deal as all that coding is for an intranet behind a
very secure firewall.

--
Shelly
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: PHP 4 vs 5 timings
Next Topic: Re: ftp with win-filenames with chr#32 ?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 07:44:46 GMT 2024

Total time taken to generate the page: 0.04700 seconds