problem with PHP

am 16.04.2008 12:58:32 von ghalyonline

i have problem with PHP language and it's :
------------------- the first page -----------------

function add_form (){
?>

>

cellspacing="0" bordercolor="#FFFFFF" bgcolor="#F2F2F2">

Worker Id:
Worker Name:
Passport Number:
Age:
Languages:
Country:
Photo:	value="2000"> Maximum File is 200 KB
More Info:	</<br /> textarea></td><br /> </tr><br /> <tr><br /> <td width="160">Available:</td><br /> <td width="344">Yes<input name="ava" type="radio" value="yes"<br /> checked="checked" /><br /> No<input name="ava" type="radio" value="no" /></td><br /> </tr><br /> <tr><br /> <td width="160">Date of Enter To Syria:</td><br /> <td width="344"><input name="enter_syria" type="text" /> dd/mm/<br /> yyyy</td><br /> </tr><br /> <tr><br /> <td width="160" align="center"></td><br /> <td width="344" align="center"><input type="submit" name="add"<br /> value="Add Worker"/><br /> </td><br /> </tr><br /> </table><br /> </form><br /> <br /> <br /> <?php<br /> }<br /> <br /> <br /> function add ()<br /> {<br /> <br /> $sql="INSERT INTO `workers` ( `id` , `worker_id` , `name` ,<br /> `passport_number` , `age` , `languages` , `country` , `photo` ,<br /> `available` , `date_enter_syria` , `start_work` , `requested_name` ,<br /> `more_info` )<br /> VALUES (<br /> '' , `$_POST[worker_id]` , `$_POST[worker_name]` , `<br /> $_POST[passport_nu]` , `$_POST[age]` , `$_POST[lang]` , `<br /> $_POST[country]` , `photo` , `$_POST[ava]` , `$_POST[enter_syria]` ,<br /> `` , `` , `$_POST[info]` ) ";<br /> <br /> mysql_query($sql);<br /> echo"<center>The worker has been added successfully.<a<br /> href=index.php?page=main&op=browse>Back</a></center><br />";<br /> }<br /> <br /> <br /> <br /> function browse (){<br /> ?><br /> <center><br /> <br /><br /> <p><a href="index.php?page=new_worker&op=add_form">Add New Worker</<br /> a></p><br /> </center><br /> <br /> <?php<br /> }<br /> <br /> <br /> function edit_form (){<br /> if(!$_GET[subid]) return;<br /> $sql="select * from`sub` where `subid`=$_GET[subid]";<br /> $rs=mysql_query($sql);<br /> $subid=mysql_result($rs,0,'subid');<br /> $subname_en=mysql_result($rs,0,'subname_en');<br /> $subname_ar=mysql_result($rs,0,'subname_ar');<br /> $banner=mysql_result($rs,0,'banner');<br /> $title_ar=mysql_result($rs,0,'title_ar');<br /> $title_en=mysql_result($rs,0,'title_en');<br /> $side_right=mysql_result($rs,0,'side_right');<br /> $side_left=mysql_result($rs,0,'side_left');<br /> $body=mysql_result($rs,0,'body');<br /> $order=mysql_result($rs,0,'order');<br /> $key_en=mysql_result($rs,0,'meta_key_en');<br /> $key_ar=mysql_result($rs,0,'meta_key_ar');<br /> $desc_en=mysql_result($rs,0,'meta_desc_en');<br /> $desc_ar=mysql_result($rs,0,'meta_desc_ar');<br /> $images=mysql_result($rs,0,'images');<br /> $text_en=mysql_result($rs,0,'text_en');<br /> $text_ar=mysql_result($rs,0,'text_ar');<br /> <br /> <br /> ?><br /> <center><br /> <form action="index.php?page=sub&op=edit&subid=<?=$subid?>"<br /> method="POST" enctype="multipart/form-data" ><br /> <center></center><br /><br /> <br /> <table border="1" align="center" cellpadding="5" cellspacing="0"<br /> bordercolor="#FFFFFF" bgcolor="#F2F2F2"><br /> <tr><br /> <td width="150">Name_en :</td><br /> <td width="200"><input name="subname_en" value="<?=$subname_en?<br /> >" /></td><br /> <td width="5"> </td><br /> <td width="150">Name_ar :</td><br /> <td width="200"><input name="subname_ar" value="<?=$subname_ar?<br /> >" dir="rtl" /></td><br /> </tr><br /> <br /> <tr><br /> <td width="150" height="35">Title_en: </td><br /> <td width="200"><input name="title_en" id="title_en" value="<?=<br /> $title_en?>"></td><br /> <td width="5"> </td><br /> <td width="150">Title_ar: </td><br /> <td width="200"> <input name="title_ar" id="title_ar" value="<?<br /> =$title_ar?>" ></td><br /> </tr><br /> <tr><br /> <td width="150">order </td><br /> <td width="200"> <input name="order" value="<?=$order?>"></td><br /> <td width="5"> </td><br /> <td width="150">Banner:</td><br /> <td width="200"><input name="banner" id="banner" value="<?=<br /> $banner?>" /></td><br /> </tr><br /> <br /> <tr><br /> <td width="150">HTML Right : </td><br /> <td width="200"><input name="side_right" value="<?=<br /> $side_right?>" /> </td><br /> <td width="5"> </td><br /> <td width="150">HTML Left : </td><br /> <td width="200"> <input name="side_left" value="<?=<br /> $side_left?>" /></td><br /> </tr><br /> <br /> <tr><br /> <td width="150">KeyWords_en </td><br /> <td width="200"> <textarea name="key_en" cols=60 rows="5"<br /> ><?=$key_en?>	KeyWords_ar	><?=$key_ar?>
Description_en	rows="5" ><?=$desc_en?>	Description_ar	><?=$desc_ar?>
Text_en :	rows="5" ><? echo"$text_en"; ?>	Text_ar :	rows="5" ><? echo"$text_ar"; ?>
Photo Gallery :	Yes if($images==yes){echo'checked=checked';} ?> value="yes"> NO type="radio" name="images" > value="no">
name="edit" value=" Edit ">

}

function edit (){
$subid=$_GET[subid];

if ($_POST[subname_en]<>""){

$sql0="update sub set
`subname_en`='$_POST[subname_en]',`subname_ar`='$_POST[subna me_ar]',
`order`='$_POST[order]',

`title_en`='$_POST[title_en]',`title_ar`='$_POST[title_ar]', `banner`='$_POST[banner]',

`meta_key_en`='$_POST[key_en]',`meta_key_ar`='$_POST[key_ar] ',`meta_desc_en`='$_POST[desc_en]',`meta_desc_ar`='$_POST[de sc_ar]',
`side_right`='$_POST[side_right]',
`side_left`='$_POST[side_left]'
,`body`='$_POST[body]' ,`images`='$_POST[images]',`text_en`='$_POST[text_en]',`text _ar`='$_POST[text_ar]'
where subid='$_GET[subid]'";
mysql_query($sql0);
}
echo"Edit Successfully
Back ";
}

function delete ()
{
$sql0="select sub_2id from sub_2 where sub_2id='$_GET[subid]'";
$rs0=mysql_query($sql0);
$num0=mysql_num_rows($rs0);

$sql7="select * from img where page='sub' and id='$_GET[subid]' ";
$rs7=mysql_query($sql7);
$num7=mysql_num_rows($rs7);

if($num0==0 and $num7==0 ){

$sql="delete from sub where subid='$_GET[subid]'";
mysql_query($sql);
}

else{
echo" There Are Sub Pages or
Images

center>"; return; }
echo"Delete Successfully
Back ";
}

$op=$_GET[op];

switch ($op)
{
case 'add_form' :
add_form();
break;

case 'add' :
add();
break;

case 'browse' :
browse();
break;

case 'edit_form' :
edit_form();
break;

case 'edit' :
edit();
break;

case 'delete' :
delete();
break;

}
?>

-----------------------
-------------- the second page ---------------

$sql="INSERT INTO `workers` ( `id` , `worker_id` , `name` ,
`passport_number` , `age` , `languages` , `country` , `photo` ,
`available` , `date_enter_syria` , `start_work` , `requested_name` ,
`more_info` )
VALUES (
'' , `$_POST[worker_id]` , `$_POST[worker_name]` , `
$_POST[passport_nu]` , `$_POST[age]` , `$_POST[lang]` , `
$_POST[country]` , `photo` , `$_POST[ava]` , `$_POST[enter_syria]` ,
`1` , `1` , `$_POST[info]` ) ";

mysql_query($sql);
if($sql){
echo"The worker has been added successfully. href=index.php?page=new_worker&op=browse>
Back
";
}
?>
------------------
the problem that i can't insert the record to db
plz help me
im on fire

Re: problem with PHP

am 16.04.2008 13:04:45 von Captain Paralytic

On 16 Apr, 10:58, ghalyonl...@gmail.com wrote:
> i have problem with PHP language and it's :
> ------------------- the first page -----------------
> the problem that i can't insert the record to db
> plz help me
> im on fire
You have posted loads of code and a totally useless problem statement.

How about telling us what does happen.

Re: problem with PHP

am 16.04.2008 13:56:54 von alvaroNOSPAMTHANKS

ghalyonline@gmail.com escribió:
> $sql="INSERT INTO `workers` ( `id` , `worker_id` , `name` ,
> `passport_number` , `age` , `languages` , `country` , `photo` ,
> `available` , `date_enter_syria` , `start_work` , `requested_name` ,
> `more_info` )
> VALUES (
> '' , `$_POST[worker_id]` , `$_POST[worker_name]` , `
> $_POST[passport_nu]` , `$_POST[age]` , `$_POST[lang]` , `
> $_POST[country]` , `photo` , `$_POST[ava]` , `$_POST[enter_syria]` ,
> `1` , `1` , `$_POST[info]` ) ";

Since you don't give much info I've picked a random snippet from your
code and I've written down the remarks I could think of:

1. You can't randomly pick ` or ' at your will. They have different
meanings:

http://dev.mysql.com/doc/refman/5.0/en/string-syntax.html
http://dev.mysql.com/doc/refman/5.0/en/identifiers.html

2. What happens when Patrick O'Brian joins the staff?

http://en.wikipedia.org/wiki/Sql_injection
http://www.php.net/mysql_real_escape_string

3. In PHP, foo is not the same as 'foo'. Your code will eventually work
as expected but just by chance.

http://www.php.net/string
http://www.php.net/manual/en/language.constants.php

4. You can't develop properly if you don't enable error reporting. Open
you php.ini file and set the error_reporting and display_errors
directives to something useful.

--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://bits.demogracia.com
-- Mi web de humor al baño María: http://www.demogracia.com
--

Re: problem with PHP

am 16.04.2008 14:55:59 von hellsop

On Wed, 16 Apr 2008 03:58:32 -0700 (PDT), ghalyonline@gmail.com wrote:
> mysql_query($sql);

After everything like this? Put something like

or die('Query failed: ' . mysql_error());

If you make the quited part of the error unique for ever single one,
you'll ewven know precisely WHICH query failed.

> ------------------
> the problem that i can't insert the record to db
> plz help me
> im on fire

What does the error message say?

--
Any research done on how to efficiently use computers has been long lost
in the mad rush to upgrade systems to do things that aren't needed by
people who don't understand what they are really supposed to do with them.
-- Graham Reed