Xtremer360 Posted January 17, 2011 Share Posted January 17, 2011 This problem is existing on a few pages so I'll be in the clear if I can figure out to solve it on one page. Problem is on form submission its still echoing back that sortorder variable which makes it hard for it to compare on the success function to display the right message because the message should be good, bad1, bad2, ... . So is there anyway around that or do I need to do something on the client side of the form page. <?php // Include the database page require ('../inc/dbconfig.php'); if ( isset( $_POST['menuid'] ) ) { $menuid = (int)$_POST['menuid']; $query = "SELECT COUNT(sortorder) AS numOrder FROM `menuitems` WHERE `menu_id` = '".$menuid."'"; $result = mysqli_query ($dbc, $query); $row = mysqli_fetch_array( $result, MYSQL_ASSOC ); $sortorder = $row[ 'numOrder' ] + 1; echo $sortorder; } if (isset($_POST['submitmenuitem'])) { $menuid = mysqli_real_escape_string($dbc, $_POST['menuid']); $itemname = mysqli_real_escape_string($dbc, $_POST['itemname']); $itemurl = mysqli_real_escape_string($dbc, $_POST['itemurl']); $sortorder = mysqli_real_escape_string($dbc, $_POST['sortorder']); $contentpage = mysqli_real_escape_string($dbc, $_POST['contentpage']); $newscategory = mysqli_real_escape_string($dbc, $_POST['newscategory']); $application = mysqli_real_escape_string($dbc, $_POST['application']); $query = "SELECT * FROM `menuitems` WHERE (`itemname` = '".$itemname."') OR (`itemurl` = '".$itemurl."') OR (`contentpage_id` = '".$contentpage."') OR (`application_id` = '".$application."') OR (`newscategory_id` = '".$newscategory."') AND `menu_id` = '".$menuid."'"; $result = mysqli_query ( $dbc, $query ); // Run The Query $rows = mysqli_num_rows($result); if ($rows == 0) { $query = "INSERT INTO `menuitems` (menu_id, itemname, itemurl, sortorder, contentpage_id, newscategory_id, application_id, creator_id, datecreated, enabled) VALUES ('".$menuid."','".$itemname."','".$itemurl."','".$sortorder."','".$contentpage."', '".$newscategory."', '".$application."', 1, NOW(), 0)"; mysqli_query($dbc, $query); echo "good"; } else { $row = mysqli_fetch_array($result); if (($row['itemname'] == $itemname) && ($row['newscategory_id'] == $newscategory)) echo 'bad9'; elseif (($row['itemname'] == $itemname) && ($row['application_id'] == $application)) echo 'bad8'; elseif (($row['itemname'] == $itemname) && ($row['contentpage_id'] == $contentpage)) echo 'bad7'; elseif (($row['itemname'] == $itemname) && ($row['itemurl'] == $itemurl)) echo 'bad6'; elseif ($row['newscategory_id'] == $newscategory) echo 'bad5'; elseif ($row['application_id'] == $application) echo 'bad4'; elseif ($row['contentpage_id'] == $contentpage) echo 'bad3'; elseif ($row['itemurl'] == $itemurl) echo 'bad2'; elseif ($row['itemname'] == $itemname) echo 'bad1'; } } if (isset($_POST['deletemenuitem'])){ $menuitemID = (int)$_POST['menuitemID']; $query = "UPDATE `menuitems` SET `enabled` = '1' WHERE `id` = '".$menuitemID."' LIMIT 1"; mysqli_query($dbc,$query); } ?> Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted January 17, 2011 Share Posted January 17, 2011 maybe remove echo $sortorder; ? Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted January 17, 2011 Author Share Posted January 17, 2011 I can't do that because I'll need it for an another ajax call that is on my form. Quote Link to comment Share on other sites More sharing options...
BlueSkyIS Posted January 17, 2011 Share Posted January 17, 2011 have ajax pass another variable that tells the script to echo the values, otherwise don't echo them. or use a second, similar script for ajax. Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted January 20, 2011 Author Share Posted January 20, 2011 Any other ideas? Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 20, 2011 Share Posted January 20, 2011 To be honest I'm not really following you code. Although it is apprently used for an AJAX request - which would have been helpful to know in your original post. Anyway, from what I seem to understand you want that script to return just one value; either "good", "badX" or the sort order variable, correct? If that is the case, then I think there is a simple solution. Instead of directly echoing the output in those specific places set an output variable (e.g. $result) and echo the output at the end. So, you will first define $result as the $sortorder variable. But, if you reach a condition where you want "good" or one of the "badX" responses you will redefine $result as that value. Then when the script gets to the end just echo $result. So, if the conditions for good or bad responses are never met then the script will output the sort order. Is that what you want? <?php // Include the database page require ('../inc/dbconfig.php'); if ( isset( $_POST['menuid'] ) ) { $menuid = (int) $_POST['menuid']; $query = "SELECT COUNT(sortorder) AS numOrder FROM `menuitems` WHERE `menu_id` = '{$menuid}'"; $result = mysqli_query ($dbc, $query); $row = mysqli_fetch_assoc( $result ); $sortorder = $row[ 'numOrder' ] + 1; $result = $sortorder; } if (isset($_POST['submitmenuitem'])) { $menuid = mysqli_real_escape_string($dbc, $_POST['menuid']); $itemname = mysqli_real_escape_string($dbc, $_POST['itemname']); $itemurl = mysqli_real_escape_string($dbc, $_POST['itemurl']); $sortorder = mysqli_real_escape_string($dbc, $_POST['sortorder']); $contentpage = mysqli_real_escape_string($dbc, $_POST['contentpage']); $newscategory = mysqli_real_escape_string($dbc, $_POST['newscategory']); $application = mysqli_real_escape_string($dbc, $_POST['application']); $query = "SELECT * FROM `menuitems` WHERE (`itemname` = '{$itemname}') OR (`itemurl` = '{$itemurl}') OR (`contentpage_id` = '{$contentpage}') OR (`application_id` = '{$application}') OR (`newscategory_id` = '{$newscategory}') AND `menu_id` = '{$menuid}'"; $result = mysqli_query ( $dbc, $query ); // Run The Query if (mysqli_num_rows($result) == 0) { $query = "INSERT INTO `menuitems` (menu_id, itemname, itemurl, sortorder, contentpage_id, newscategory_id, application_id, creator_id, datecreated, enabled) VALUES ('{$menuid}, {$itemname}, {$itemurl}, {$sortorder}, {$contentpage}', '{$newscategory}, {$application}, 1, NOW(), 0)"; mysqli_query($dbc, $query); $result = "good"; } else { $row = mysqli_fetch_array($result); if (($row['itemname'] == $itemname) && ($row['newscategory_id'] == $newscategory)) $result = 'bad9'; elseif (($row['itemname'] == $itemname) && ($row['application_id'] == $application)) $result = 'bad8'; elseif (($row['itemname'] == $itemname) && ($row['contentpage_id'] == $contentpage)) $result = 'bad7'; elseif (($row['itemname'] == $itemname) && ($row['itemurl'] == $itemurl)) $result = 'bad6'; elseif ($row['newscategory_id'] == $newscategory) $result = 'bad5'; elseif ($row['application_id'] == $application) $result = 'bad4'; elseif ($row['contentpage_id'] == $contentpage) $result = 'bad3'; elseif ($row['itemurl'] == $itemurl) $result = 'bad2'; elseif ($row['itemname'] == $itemname) $result = 'bad1'; } } if (isset($_POST['deletemenuitem'])) { $menuitemID = (int)$_POST['menuitemID']; $query = "UPDATE `menuitems` SET `enabled` = '1' WHERE `id` = '".$menuitemID."' LIMIT 1"; mysqli_query($dbc,$query); } //Output the result echo $result; ?> Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 20, 2011 Share Posted January 20, 2011 Also, for the sake of readability, you could always rewrite all those elseif statements as a switch switch(true) { case (($row['itemname'] == $itemname) && ($row['newscategory_id'] == $newscategory)): $result = 'bad9'; break; case (($row['itemname'] == $itemname) && ($row['application_id'] == $application)): $result = 'bad8'; break; case (($row['itemname'] == $itemname) && ($row['contentpage_id'] == $contentpage)): $result = 'bad7'; break; case (($row['itemname'] == $itemname) && ($row['itemurl'] == $itemurl)): $result = 'bad6'; break; case ($row['newscategory_id'] == $newscategory): $result = 'bad5'; break; case ($row['application_id'] == $application): $result = 'bad4'; break; case ($row['contentpage_id'] == $contentpage): $result = 'bad3'; break; case ($row['itemurl'] == $itemurl): $result = 'bad2'; break; case ($row['itemname'] == $itemname): $result = 'bad1'; break; } Although, if it were my code I would use a bitwise operator for the return value. Have each bit represent a different error condition (e.g. ($row['itemname'] == $itemname) could be bit in position 1) and set each bit to true if that error condition is met. The value would equal 0 if there were no errors, otherwise you would have a bitwise number to pass that can be used to determine all of the error conditions As it is right now, you have no specific error condition for something such as $row['itemname'] == $itemname) && $row['newscategory_id'] == $newscategory && $row['application_id'] == $application Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted January 20, 2011 Author Share Posted January 20, 2011 Thank you very much. It works, however there's something I want to add onto the check. At one submission there's only going to be a value for either the itemurl, newscategory, contentpage, or application. Whichever doesn't have an actual value that isn't 0 will have 0 for their values. The check is I want whichever of those 4 has a value then to check that and only that against the database that way i can't have it spitting back errors because say submission one didn't put a value for itemurl and submission two didn't have a value for it either. I don't want it to bother with the check with those. Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 20, 2011 Share Posted January 20, 2011 Huh? Whichever doesn't have an actual value that isn't 0 will have 0 for their values. According to that statement you want any value that isn't already 0 to be changed to 0 - in other words you want all the values to be 0. I will try to provide help based upon what I *think* you are asking for. I think you are saying that you want the query to only be run against those individual four fields where a seach value has been passed in the POST data. In that case, you should check the POST values and use those to dynamically create the query. The sample code below assumes that the values will be empty if you don't want them checked - as opposed to not being set. Use the following to generate your query: //Prepare POST data $menuid = mysqli_real_escape_string($dbc, trim($_POST['menuid'])); $itemname = mysqli_real_escape_string($dbc, trim($_POST['itemname'])); $sortorder = mysqli_real_escape_string($dbc, trim($_POST['sortorder'])); $itemurl = mysqli_real_escape_string($dbc, trim($_POST['itemurl'])); $contentpage = mysqli_real_escape_string($dbc, trim($_POST['contentpage'])); $newscategory = mysqli_real_escape_string($dbc, trim($_POST['newscategory'])); $application = mysqli_real_escape_string($dbc, trim($_POST['application'])); //Create dynamic query $query = "SELECT * FROM `menuitems` WHERE (`itemname` = '{$itemname}')\n"; $query .= (!empty($itemurl)) ? " OR `itemurl` = '{$itemurl}'" : ''; $query .= (!empty($itemurl)) ? " OR `contentpage_id` = '{$contentpage}'" : ''; $query .= (!empty($itemurl)) ? " OR `application_id` = '{$application}'" : ''; $query .= (!empty($itemurl)) ? " OR `newscategory_id` = '{$newscategory}'" : ''; $query .= " AND `menu_id` = '{$menuid}'"; $result = mysqli_query ( $dbc, $query ); // Run The Query Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted January 20, 2011 Author Share Posted January 20, 2011 ty Quote Link to comment Share on other sites More sharing options...
Xtremer360 Posted January 20, 2011 Author Share Posted January 20, 2011 After working wit it a little more this is the correct way that I needed it to be but thanks for helping out however there is one last little problem. Its echoing the wrong error message back like bad1...bad9 for what was actual the problem. Anyone notice the issue here? if (isset($_POST['submitmenuitem'])) { $menuid = (int) $_POST['menuid']; $itemname = mysqli_real_escape_string($dbc, $_POST['itemname']); $itemurl = mysqli_real_escape_string($dbc, $_POST['itemurl']); $sortorder = (int) $_POST['sortorder']; $contentpage = (int) $_POST['contentpage']; $newscategory = (int) $_POST['newscategory']; $application = (int) $_POST['application']; $query = "SELECT * FROM `menuitems` WHERE (`itemname` = '".$itemname."')\n"; $query .= (!empty($itemurl)) ? " OR `itemurl` = '".$itemurl."'" : ''; $query .= (!empty($contentpage)) ? " OR `contentpage_id` = '".$contentpage."'" : ''; $query .= (!empty($application)) ? " OR `application_id` = '".$application."'" : ''; $query .= (!empty($newscategory)) ? " OR `newscategory_id` = '".$newscategory."'" : ''; $query .= " AND `menu_id` = '".$menuid."'"; $result = mysqli_query ( $dbc, $query ); // Run The Query if (mysqli_num_rows($result) == 0) { $query = "INSERT INTO `menuitems` (menu_id, itemname, itemurl, sortorder, contentpage_id, newscategory_id, application_id, creator_id, datecreated, enabled) VALUES ('".$menuid."', '".$itemname."', '".$itemurl."', '".$sortorder."', '".$contentpage."', '".$newscategory."', '".$application."', 1, NOW(), 0)"; mysqli_query($dbc, $query); $result = "good"; } else { $row = mysqli_fetch_array($result); if (($row['itemname'] == $itemname) && ($row['newscategory_id'] == $newscategory)) $result = 'bad9'; elseif (($row['itemname'] == $itemname) && ($row['application_id'] == $application)) $result = 'bad8'; elseif (($row['itemname'] == $itemname) && ($row['contentpage_id'] == $contentpage)) $result = 'bad7'; elseif (($row['itemname'] == $itemname) && ($row['itemurl'] == $itemurl)) $result = 'bad6'; elseif ($row['newscategory_id'] == $newscategory) $result = 'bad5'; elseif ($row['application_id'] == $application) $result = 'bad4'; elseif ($row['contentpage_id'] == $contentpage) $result = 'bad3'; elseif ($row['itemurl'] == $itemurl) $result = 'bad2'; elseif ($row['itemname'] == $itemname) $result = 'bad1'; } } Quote Link to comment Share on other sites More sharing options...
Psycho Posted January 21, 2011 Share Posted January 21, 2011 The error conditions are exactly what YOU set them to. Without specifying the input, the expected output and the actual output I can't say whether your error conditions are correct or not. But...I think I know what the error may be. I just noticed that you are defining the variables $itemname and $itemurl after modifying the input with mysql_real_escape_string()! Since I assume the url has slashes in the input they are likely getting escaped for into the database. But, you are trying to compare escaped input from the user to the unescaped value from the database and they are not equal. To solve that define one variable for the user input and a different, escaped value, one for the query. Then compare the results of the query to the user input - not the escaped value. Also, your list of conditions for errors has no final "ELSE" condition. It is possible that the "good" condition is not met, yet none of the current bad conditions are met either. I'd put a final else condition with "bad0" just in case those erros ever occur. if (isset($_POST['submitmenuitem'])) { $menuid = (int) $_POST['menuid']; $itemname = trim($_POST['itemname']); $itemnameSQL = mysqli_real_escape_string($dbc, $itemname); $itemurl = trim($_POST['itemurl']); $itemurlSQL = mysqli_real_escape_string($dbc, $_POST['itemurl']); $sortorder = (int) $_POST['sortorder']; $contentpage = (int) $_POST['contentpage']; $newscategory = (int) $_POST['newscategory']; $application = (int) $_POST['application']; $query = "SELECT * FROM `menuitems` WHERE (`itemname` = '{$itemnameSQL}')\n"; $query .= (!empty($itemurl)) ? " OR `itemurl` = '{$itemurlSQL}'" : ''; $query .= (!empty($contentpage)) ? " OR `contentpage_id` = '{$contentpage}'" : ''; $query .= (!empty($application)) ? " OR `application_id` = '{$application}'" : ''; $query .= (!empty($newscategory)) ? " OR `newscategory_id` = '{$newscategory}'" : ''; $query .= " AND `menu_id` = '{$menuid}'"; $result = mysqli_query ( $dbc, $query ); // Run The Query if (mysqli_num_rows($result) == 0) { $query = "INSERT INTO `menuitems` (menu_id, itemname, itemurl, sortorder, contentpage_id, newscategory_id, application_id, creator_id, datecreated, enabled) VALUES ('{$menuid}', '{$itemname}', '{$itemurl}', '{$sortorder}', '{$contentpage}', '{$newscategory}', '{$application}', 1, NOW(), 0)"; mysqli_query($dbc, $query); $result = "good"; } else { $row = mysqli_fetch_array($result); if (($row['itemname'] == $itemname) && ($row['newscategory_id'] == $newscategory)) $result = 'bad9'; elseif (($row['itemname'] == $itemname) && ($row['application_id'] == $application)) $result = 'bad8'; elseif (($row['itemname'] == $itemname) && ($row['contentpage_id'] == $contentpage)) $result = 'bad7'; elseif (($row['itemname'] == $itemname) && ($row['itemurl'] == $itemurl)) $result = 'bad6'; elseif ($row['newscategory_id'] == $newscategory) $result = 'bad5'; elseif ($row['application_id'] == $application) $result = 'bad4'; elseif ($row['contentpage_id'] == $contentpage) $result = 'bad3'; elseif ($row['itemurl'] == $itemurl) $result = 'bad2'; elseif ($row['itemname'] == $itemname) $result = 'bad1'; else $result = 'bad0'; } } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.