PHP RSS PHP RSS

Multiple SQL Queries in PHP page

Reply

Join Date: Oct 2008
Posts: 5
Reputation: tkmc is an unknown quantity at this point 
Solved Threads: 0
tkmc tkmc is offline Offline
Newbie Poster

Multiple SQL Queries in PHP page

 
0
  #1
Oct 10th, 2008
Hi all,

I have been racking my brain today, trying to get a page to run 2 queries.

Basically i have a page that has a form on it and there is a bunch of numbers in one of the drop down lists that comes from a table called cab_eticket_numbers this and the rest of the data on this form is posted to a MySQL table called cab_details, which works all good. However I also need to update a flag in the cab_eticket_numbers table called cab_eticket_used so that the number does not come up in the drop down list again.

Can someone please advise how you would do this? I have checked out google and found a few things (such as http://www.artfulsoftware.com/infotree/tip.php?id=799) however dont seem to make much sense, i feel there has to be a better way as i thought this would be a rather common scenario?

Any help would be much appreciated, maybe even if i could use the same query that i use to do the INSERT if i cant have 2 queries.

Any help would be much appreciated.

Thanks very much in advance.
Reply With Quote Quick reply to this message  
Join Date: Aug 2005
Posts: 149
Reputation: sDJh is an unknown quantity at this point 
Solved Threads: 13
sDJh sDJh is offline Offline
Junior Poster

Re: Multiple SQL Queries in PHP page

 
0
  #2
Oct 10th, 2008
Why shouldn't you be able to use more than one query in a php-file?

When I got you problem correctyl you want to save the selected dropdown as a flag in the table
PHP Syntax (Toggle Plain Text) 
  1. mysql_query("UPDATE `cab_eticket_numbers` SET `cab_eticket_used`=1 WHERE `number`=".$yourphpvariable);
and secondly you want to hide it the second time:
PHP Syntax (Toggle Plain Text) 
  1. mysql_query("SELECT *  FROM `cab_eticket_numbers` WHERE `cab_eticket_used`=0");
I hope I got you right.
http://www.explosive-software.de/?lang=en
Reply With Quote Quick reply to this message  
Join Date: Oct 2008
Posts: 5
Reputation: tkmc is an unknown quantity at this point 
Solved Threads: 0
tkmc tkmc is offline Offline
Newbie Poster

Re: Multiple SQL Queries in PHP page

 
0
  #3
Oct 10th, 2008
Yeah kinda what I am after

I don't actually want to save the selected item from the drop down... but the query will be based on one of the drop downs.

Here is a copy of the page. The SQL with variable $sql (The INSERT) works fine and the database is populated perfectly. However the second one with variable $updateused (The UPDATE) does not seem to do anything at all?

php Syntax (Toggle Plain Text) 
  1. <?
  2. include "include_header.php";
  3. include "include_ad.php";
  4.  
  5. echo '<SCRIPT language=JavaScript>';
  6. echo 'function reload(form){';
  7. echo 'var val=form.cab_manager.options[form.cab_manager.options.selectedIndex].value;';
  8. echo "self.location='page_cabticket_submit.php?cab_manager=' + val ;";
  9. echo '}';
  10. echo '</script>';
  11.  
  12. @$cab_manager=$_GET['cab_manager'];
  13.  
  14. $quer2=mysql_query("select distinct cab_manager,cab_manager_id from cab_managernumbers order by cab_manager");
  15.  
  16. if(isset($cab_manager) and strlen($cab_manager) > 0){
  17. $quer=mysql_query("SELECT DISTINCT cab_eticket_number FROM cab_managernumbers where cab_manager_id=$cab_manager and cab_ticket_used=0 order by cab_eticket_number"); 
  18. } 
  19. else{
  20. $quer=mysql_query("SELECT DISTINCT cab_eticket_number FROM cab_managernumbers where cab_ticket_used=0 order by cab_eticket_number"); 
  21. } 
  22.  
  23. echo "<h2>e-Ticket System</h2>\n";
  24.  
  25. if (isset($_POST["submit"])) {
  26.   $date_in_form = explode("-", $_POST["cab_dateused"]);
  27.   //Validate the date
  28.   $error_msg = "";
  29.   if ((intval($date_in_form[0]) < 1) OR (intval($date_in_form[0]) > 31)){
  30.     $error_msg = "Day must be between 1 and 31.";
  31.   } else {}
  32.   if ((intval($date_in_form[1]) < 1) OR (intval($date_in_form[1]) > 12)){
  33.     $error_msg = "Month must be between 1 and 12.";
  34.   } else {}
  35.   if ((intval($date_in_form[2]) < 2000) OR (intval($date_in_form[2]) > 2020)){
  36.     $error_msg = "Year must be between 2000 and 2020.";
  37.   } else {}
  38. } else {}
  39.  
  40. if (isset($_POST["submit"]) AND ($error_msg == "")){
  41.   $form_day = str_pad($date_in_form[0], 2, "0", STR_PAD_LEFT);
  42.   $form_mnt = str_pad($date_in_form[1], 2, "0", STR_PAD_LEFT);
  43.   $new_date = $date_in_form[2] . "/" . $form_mnt . "/" . $form_day;
  44.   $sql  = "INSERT INTO cab_detail (cab_eticket_number, ";
  45.   $sql .= "cab_date_travelled, ";
  46.   $sql .= "cab_location_to, ";
  47.   $sql .= "cab_location_from, ";
  48.   $sql .= "cab_trip_reason, ";
  49.   $sql .= "cab_manager, ";
  50.   $sql .= "cab_issued_to) VALUES (";
  51.   $sql .= "'" . $_POST["cab_eticket_number"] . "', ";
  52.   $sql .= "'" . $new_date . "', ";
  53.   $sql .= "'" . $_POST["cab_locationto"] . "', ";
  54.   $sql .= "'" . $_POST["cab_locationfrom"] . "', ";
  55.   $sql .= "'" . $_POST["cab_reason"] . "', ";
  56.   $sql .= "'" . $_POST["cab_manager"] . "', ";
  57.   $sql .= "'" . $_POST["cab_issueto"] . "')";
  58.  
  59.   $result = mysql_query($sql);
  60.  
  61.   $updateused = "UPDATE cab_managernumbers SET cab_ticket_used = 0 where cab_eticket_number = $cab_eticket_number";
  62.   $resultused = mysql_query($updateused);
  63.  
  64.   echo "Thank you, the ticket has been saved with the below details.<br /><br />";
  65.   echo "Manager Responsible: " . $_POST["cab_manager"] . "<br />";
  66.   echo "e_Ticket Number:     " . $_POST["cab_eticket_number"] . "<br />";
  67.   echo "Issued To:           " . $_POST["cab_issueto"] . "<br />";
  68.   echo "Location To:         " . $_POST["cab_locationto"] . "<br />";
  69.   echo "Location From:       " . $_POST["cab_locationfrom"] . "<br />";
  70.   echo "Date Travelled:      " . $_POST["cab_dateused"] . "<br />";
  71.   echo "Trip Reason:         " . $_POST["cab_reason"] . "<br />";
  72. } else {
  73.  
  74.   for ($i=0; $i<$entries["count"]; $i++)
  75.   {
  76.     if ($entries[$i]["samaccountname"][0] == $user_name) {
  77.       $user_dept = $entries[$i]["department"][0];
  78.       $user_phone = $entries[$i]["telephonenumber"][0];
  79.       $user_email = $entries[$i]["mail"][0];
  80.       $user_full_name  = $entries[$i]["displayname"][0];
  81.     } else {}
  82.   }
  83.  
  84.   if ($error_msg <> ""){
  85.     echo "<table cellspacing=\"0\" cellpadding=\"0\">\n";
  86.     echo "  <tr>\n";
  87.     echo "    <td><font color=\"red\">$error_msg</font><br />Please click the 'back' button and correct the error.</td>\n";
  88.     echo "  </tr>\n";
  89.     echo "</table>\n";
  90.   } else {
  91.     echo "<form action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"post\">\n";
  92.     echo "<table cellpadding=\"2\" cellspacing=\"0\" border=\"0\" width=\"600\" style=\"border: 1px solid #0a246a;\">";
  93.     echo "<tr><td colspan=\"2\">Use this form to submit an e-Ticket entry into the database.<br />\n";
  94.     echo "Click the &quot;Submit&quot; button to save the e-Ticket. Thank you!<br /></td></tr>\n";
  95.     $bg = change_bg($bg);	
  96.  
  97. 	echo "<tr bgcolor=\"$bg\"><td>Manager Responsible</td><td><select name='cab_manager' onchange=\"reload(this.form)\"><option value=''>-</option>";
  98. 	while($noticia2 = mysql_fetch_array($quer2)) {
  99. 	if($noticia2['cab_manager_id']==@$cab_manager){echo "<option selected value='$noticia2[cab_manager_id]'>$noticia2[cab_manager]</option>"."<BR>";}
  100. 	else{echo  "<option value='$noticia2[cab_manager_id]'>$noticia2[cab_manager]</option>";}
  101. 	}
  102. 	echo "</select></td></tr>\n";
  103. 	$bg = change_bg($bg);
  104.  
  105. 	echo "<tr bgcolor=\"$bg\"><td>e_Ticket Number</td><td><select name='cab_eticket_number'><option value=''>-</option>";
  106. 	while($noticia = mysql_fetch_array($quer)) { 
  107. 	echo  "<option value='$noticia[cab_eticket_number]'>$noticia[cab_eticket_number]</option>";
  108. 	}
  109. 	echo "</select></td></tr>\n";
  110. 	$bg = change_bg($bg);
  111.  
  112.  
  113.     echo "<tr bgcolor=\"$bg\"><td>Issued to: </td><td><input type=\"text\" name=\"cab_issueto\"  size=\"30\" /></td></tr>\n";
  114.     $bg = change_bg($bg);
  115.  
  116.     echo "<tr bgcolor=\"$bg\"><td>Location From: </td><td><input type=\"text\" name=\"cab_locationfrom\"  size=\"40\" /></td></tr>\n";
  117.     $bg = change_bg($bg);
  118.  
  119.     echo "<tr bgcolor=\"$bg\"><td>Location To: </td><td><input type=\"text\" name=\"cab_locationto\" size=\"40\" /></td></tr>\n";
  120.     $bg = change_bg($bg);
  121.  
  122.     echo "<tr bgcolor=\"$bg\"><td>Travelling Date: </td><td><input type=\"text\" name=\"cab_dateused\" size=\"12\" /> (dd-mm-yyyy)</td></tr>\n";
  123.     $bg = change_bg($bg);
  124.  
  125.     echo "<tr bgcolor=\"$bg\"><td colspan=\"2\">Reason for trip:<br />\n";
  126.     echo "<textarea rows=\"2\" name=\"cab_reason\" cols=\"90\"></textarea></td></tr>\n";
  127.     $bg = change_bg($bg);
  128.  
  129.     echo "<tr bgcolor=\"$bg\"><td><input type=\"submit\" name=\"submit\" value=\"Submit e-Ticket\" /></td><td>&nbsp;</td></tr>\n";
  130.     echo "</table>\n";
  131.     echo "</form>\n";
  132.   }
  133. }
  134.  
  135. include "include_footer.php";
  136. ?>
Last edited by tkmc; Oct 10th, 2008 at 9:24 am.
Reply With Quote Quick reply to this message  
Join Date: Oct 2008
Posts: 5
Reputation: tkmc is an unknown quantity at this point 
Solved Threads: 0
tkmc tkmc is offline Offline
Newbie Poster

Re: Multiple SQL Queries in PHP page

 
0
  #4
Oct 10th, 2008
I have not yet solved the problem as i still can not get the UPDATE query to use the variable $cab_eticket_number to be used as part of the SQL query.

I did spot an error in my above code with the UPDATE query where it was setting it to 0 instead of 1, this has been corrected, however as i said still having the issue.

I tried to hard code the UPDATE without using the $cab_ticket_number variable and it seemed to work ok.... anyone have any ideas what im doing wrong here?

Thanks
Reply With Quote Quick reply to this message  
Join Date: Oct 2008
Posts: 5
Reputation: tkmc is an unknown quantity at this point 
Solved Threads: 0
tkmc tkmc is offline Offline
Newbie Poster

Re: Multiple SQL Queries in PHP page

 
0
  #5
Oct 10th, 2008
Spotted the problem, instead of using the variable name i should have used the POST to get the ticket number. I replace the UPDATE with the one below and all works perfect now.

php Syntax (Toggle Plain Text) 
  1. $updateused = "UPDATE cab_managernumbers SET cab_ticket_used = 1 where cab_eticket_number = ". $_POST["cab_eticket_number"] ."";
Reply With Quote Quick reply to this message  
Join Date: May 2008
Posts: 524
Reputation: Will Gresham is on a distinguished road 
Solved Threads: 86
Sponsor
Will Gresham's Avatar
Will Gresham Will Gresham is offline Offline
Posting Pro

Re: Multiple SQL Queries in PHP page

 
0
  #6
Oct 10th, 2008
Originally Posted by tkmc View Post
Spotted the problem, instead of using the variable name i should have used the POST to get the ticket number. I replace the UPDATE with the one below and all works perfect now.

php Syntax (Toggle Plain Text) 
  1. $updateused = "UPDATE cab_managernumbers SET cab_ticket_used = 1 where cab_eticket_number = ". $_POST["cab_eticket_number"] ."";
This may work but is not recommended and certainly isn't secure.

Taking variables directly from the POST, GET or QUERY in PHP is not safe, it leaves your script vunerable to injection attacks.. You should be taking the POST variable and sanitizing it first (for instance, a number should only contain the characters 0-9) you could do the following:
php Syntax (Toggle Plain Text) 
  1. if(is_numeric($_POST["cab_eticket_number"])) {
  2. $cab_eticket_number = $_POST["cab_eticket_number"];
  3. } else {
  4.   //Process an input which is nit numeric.
  5. }
  6. $updateused = "UPDATE cab_managernumbers SET cab_ticket_used = 1 where cab_eticket_number = $cab_eticket_number";
Last edited by Will Gresham; Oct 10th, 2008 at 12:04 pm.
AJAX is not a programming language, scripting language or any other sort of language.
It is acheived by using JavaScript http functions.
So, AJAX = JavaScript.
Reply With Quote Quick reply to this message  
Join Date: Sep 2007
Posts: 54
Reputation: HazardTW is an unknown quantity at this point 
Solved Threads: 2
HazardTW HazardTW is offline Offline
Junior Poster in Training

Re: Multiple SQL Queries in PHP page

 
0
  #7
Oct 11th, 2008
You beat me to it Xan

I too noticed the use of $_POST and $_GET vars directly in the queries, something you absolutely do not want to do.

If you have some kind of user-input validation on the client-side, it isn't good enough, client-side validation is for user convenience so they don't have to post the page only to have it reload and tell them there was a problem.

This is one lesson you do not want to learn the hard way
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the PHP Forum
Thread Tools Search this Thread



301 access apache api array beginner binary broken cakephp checkbox class clean cms code compression countingeverycharactersfromastring crack cron curl database date decode directory display dissertation dropdown dynamic echo email error fairness file files folder form forms function functions google href htaccess html httppost image include insert integration ip javascript joomla limit link login mail match md5 menu methods mlm multiple mysql newsletters oop pageing pagerank paypal pdf php problem protocol query radio random recursion remote script search secure server sessions simple sms soap source space spam sql syntax system table tutorial update upload url validator variable video votedown web youtube
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC