Can't figure out how to update table with form variables.

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I've been working on this off and on for months and no matter how many times I've read the php and mySql manuals and other tutorials, I just can't figure out how to get this to do what I want.

I'm trying to pass information from the form input and update 1 column of a table with the data. I'll post an example of the form I'm trying to use and beneath it will add additional information:

Code: [ Select ]
<table summary="Table of schedules" width="100% cellspacing="0" cellpadding="10" border="1" class="forumline">
<tr>
<td align="center" colspan="2" valign="middle"><h2>Test Divisional Playoffs || Official Picks</h2><br>
<h2>Welcome ATNO/TW!</h2></td>
</tr>
<tr>
<td align="center" valign="top" width="50%">
<form method="POST" action="pick_divisional.php">
<input type="hidden" name="player" value="{L_PLAYER}">
    <table width="100%" cellpadding="3" cellspacing="1" border="0" class="forumline">
    <tr>
     <th height="25" class="thCornerL" nowrap="nowrap">Divisional Playoffs<br>Test</th>

     <th class="thTop" nowrap="nowrap">Visiting Team</th>
        <th class="thTop" nowrap="nowrap">Pick</th>
     <th class="thTop" nowrap="nowrap">Home Team</th>
        <th class="thTop" nowrap="nowrap">Pick</th>
        <th class="thTop" nowrap="nowrap">Day</th>
     <th class="thTop" nowrap="nowrap">Date</th>
        <th class="thTop" nowrap="nowrap">Game Time</th>


    </tr>
    <tr>
     <td class="row1" align="center"><span class="gensmall">&nbsp;1&nbsp;</span></td>

     <td class="row1" align="center" valign="middle"><span class="gensmall">TBA</span></td>
        <td class="row1" align="center" valign="middle"><input type="radio" name="1" value="TBA" /></td>
     <td class="row1" align="center" valign="middle"><span class="gensmall">St. Louis</span></td>
        <td class="row1" align="center" valign="middle"><input type="radio" name="1" value="St. Louis" /></td>
        <td class="row1" align="center" valign="middle"><span class="gensmall">SAT</span></td>
     <td class="row1" align="center" valign="middle"><span class="gensmall">1-10</span></td>
        <td class="row1" align="center" valign="middle"><span class="gensmall">4:30 PM</span></td>


    </tr>
    <tr>
     <td class="row2" align="center"><span class="gensmall">&nbsp;2&nbsp;</span></td>

     <td class="row2" align="center" valign="middle"><span class="gensmall">TBA</span></td>
        <td class="row2" align="center" valign="middle"><input type="radio" name="2" value="TBA" /></td>
     <td class="row2" align="center" valign="middle"><span class="gensmall">New England</span></td>
        <td class="row2" align="center" valign="middle"><input type="radio" name="2" value="New England" /></td>
        <td class="row2" align="center" valign="middle"><span class="gensmall">SAT</span></td>
     <td class="row2" align="center" valign="middle"><span class="gensmall">1-10</span></td>
        <td class="row2" align="center" valign="middle"><span class="gensmall">8:15 PM</span></td>


    </tr>
    <tr>
     <td class="row1" align="center"><span class="gensmall">&nbsp;3&nbsp;</span></td>

     <td class="row1" align="center" valign="middle"><span class="gensmall">TBA</span></td>
        <td class="row1" align="center" valign="middle"><input type="radio" name="3" value="TBA" /></td>
     <td class="row1" align="center" valign="middle"><span class="gensmall">Kansas City</span></td>
        <td class="row1" align="center" valign="middle"><input type="radio" name="3" value="Kansas City" /></td>
        <td class="row1" align="center" valign="middle"><span class="gensmall">SUN</span></td>
     <td class="row1" align="center" valign="middle"><span class="gensmall">1-11</span></td>
        <td class="row1" align="center" valign="middle"><span class="gensmall">1:00 PM</span></td>


    </tr>
    <tr>
     <td class="row2" align="center"><span class="gensmall">&nbsp;4&nbsp;</span></td>

     <td class="row2" align="center" valign="middle"><span class="gensmall">TBA</span></td>
        <td class="row2" align="center" valign="middle"><input type="radio" name="4" value="TBA" /></td>
     <td class="row2" align="center" valign="middle"><span class="gensmall">Philadelphia</span></td>
        <td class="row2" align="center" valign="middle"><input type="radio" name="4" value="Philadelphia" /></td>
        <td class="row2" align="center" valign="middle"><span class="gensmall">SUN</span></td>
     <td class="row2" align="center" valign="middle"><span class="gensmall">1-11</span></td>
        <td class="row2" align="center" valign="middle"><span class="gensmall">4:45 PM</span></td>


    </tr>
    <tr>
     <td class="catbottom" colspan="2" height="28"><span class="gensmall">* All Times are Eastern</span></td>
        <td class="catbottom" colspan="6" height="28"><span class="gensmall">Enter the total TBA vs. Philadelphia Game points for the tiebreaker. &nbsp;<input type="text" name="tiebreaker" size="4" class="liteoption" /></span></td>
    </tr>
 </table>
    <input type="submit" name="submit" value="Submit Your Picks" class="liteoption" />&nbsp;<input type="reset" name="reset" value="Clear Your Picks" class="liteoption" /></form>
</td>

</tr>

</table>
  1. <table summary="Table of schedules" width="100% cellspacing="0" cellpadding="10" border="1" class="forumline">
  2. <tr>
  3. <td align="center" colspan="2" valign="middle"><h2>Test Divisional Playoffs || Official Picks</h2><br>
  4. <h2>Welcome ATNO/TW!</h2></td>
  5. </tr>
  6. <tr>
  7. <td align="center" valign="top" width="50%">
  8. <form method="POST" action="pick_divisional.php">
  9. <input type="hidden" name="player" value="{L_PLAYER}">
  10.     <table width="100%" cellpadding="3" cellspacing="1" border="0" class="forumline">
  11.     <tr>
  12.      <th height="25" class="thCornerL" nowrap="nowrap">Divisional Playoffs<br>Test</th>
  13.      <th class="thTop" nowrap="nowrap">Visiting Team</th>
  14.         <th class="thTop" nowrap="nowrap">Pick</th>
  15.      <th class="thTop" nowrap="nowrap">Home Team</th>
  16.         <th class="thTop" nowrap="nowrap">Pick</th>
  17.         <th class="thTop" nowrap="nowrap">Day</th>
  18.      <th class="thTop" nowrap="nowrap">Date</th>
  19.         <th class="thTop" nowrap="nowrap">Game Time</th>
  20.     </tr>
  21.     <tr>
  22.      <td class="row1" align="center"><span class="gensmall">&nbsp;1&nbsp;</span></td>
  23.      <td class="row1" align="center" valign="middle"><span class="gensmall">TBA</span></td>
  24.         <td class="row1" align="center" valign="middle"><input type="radio" name="1" value="TBA" /></td>
  25.      <td class="row1" align="center" valign="middle"><span class="gensmall">St. Louis</span></td>
  26.         <td class="row1" align="center" valign="middle"><input type="radio" name="1" value="St. Louis" /></td>
  27.         <td class="row1" align="center" valign="middle"><span class="gensmall">SAT</span></td>
  28.      <td class="row1" align="center" valign="middle"><span class="gensmall">1-10</span></td>
  29.         <td class="row1" align="center" valign="middle"><span class="gensmall">4:30 PM</span></td>
  30.     </tr>
  31.     <tr>
  32.      <td class="row2" align="center"><span class="gensmall">&nbsp;2&nbsp;</span></td>
  33.      <td class="row2" align="center" valign="middle"><span class="gensmall">TBA</span></td>
  34.         <td class="row2" align="center" valign="middle"><input type="radio" name="2" value="TBA" /></td>
  35.      <td class="row2" align="center" valign="middle"><span class="gensmall">New England</span></td>
  36.         <td class="row2" align="center" valign="middle"><input type="radio" name="2" value="New England" /></td>
  37.         <td class="row2" align="center" valign="middle"><span class="gensmall">SAT</span></td>
  38.      <td class="row2" align="center" valign="middle"><span class="gensmall">1-10</span></td>
  39.         <td class="row2" align="center" valign="middle"><span class="gensmall">8:15 PM</span></td>
  40.     </tr>
  41.     <tr>
  42.      <td class="row1" align="center"><span class="gensmall">&nbsp;3&nbsp;</span></td>
  43.      <td class="row1" align="center" valign="middle"><span class="gensmall">TBA</span></td>
  44.         <td class="row1" align="center" valign="middle"><input type="radio" name="3" value="TBA" /></td>
  45.      <td class="row1" align="center" valign="middle"><span class="gensmall">Kansas City</span></td>
  46.         <td class="row1" align="center" valign="middle"><input type="radio" name="3" value="Kansas City" /></td>
  47.         <td class="row1" align="center" valign="middle"><span class="gensmall">SUN</span></td>
  48.      <td class="row1" align="center" valign="middle"><span class="gensmall">1-11</span></td>
  49.         <td class="row1" align="center" valign="middle"><span class="gensmall">1:00 PM</span></td>
  50.     </tr>
  51.     <tr>
  52.      <td class="row2" align="center"><span class="gensmall">&nbsp;4&nbsp;</span></td>
  53.      <td class="row2" align="center" valign="middle"><span class="gensmall">TBA</span></td>
  54.         <td class="row2" align="center" valign="middle"><input type="radio" name="4" value="TBA" /></td>
  55.      <td class="row2" align="center" valign="middle"><span class="gensmall">Philadelphia</span></td>
  56.         <td class="row2" align="center" valign="middle"><input type="radio" name="4" value="Philadelphia" /></td>
  57.         <td class="row2" align="center" valign="middle"><span class="gensmall">SUN</span></td>
  58.      <td class="row2" align="center" valign="middle"><span class="gensmall">1-11</span></td>
  59.         <td class="row2" align="center" valign="middle"><span class="gensmall">4:45 PM</span></td>
  60.     </tr>
  61.     <tr>
  62.      <td class="catbottom" colspan="2" height="28"><span class="gensmall">* All Times are Eastern</span></td>
  63.         <td class="catbottom" colspan="6" height="28"><span class="gensmall">Enter the total TBA vs. Philadelphia Game points for the tiebreaker. &nbsp;<input type="text" name="tiebreaker" size="4" class="liteoption" /></span></td>
  64.     </tr>
  65.  </table>
  66.     <input type="submit" name="submit" value="Submit Your Picks" class="liteoption" />&nbsp;<input type="reset" name="reset" value="Clear Your Picks" class="liteoption" /></form>
  67. </td>
  68. </tr>
  69. </table>


the name of the table I'm trying to update is in this case nfl2003_playoffs_divisional_test .

Here's a brief explanation of the structure. To keep it simple my first column is "id" and is the primary key and auto-increments. My second column is "game". There are 7 rows to the table. Row id 1 is null in this column. Row id 2 is "Game 1", id 3 is "Game 2", id 4 is "Game 3" id 5 is "Game 4", id 6 is "Tiebreaker", and id 7 is "Total W/L"

The third and subsequent columns are player_1, player_2, player_3, etc.
Row id 1 in each column contains the names of all the players that are playing the football pool and are EXACTLY the phpBB membership names the players signed up for. In the form the hidden input variable {$L_PLAYER} holds the value of the player's phpBB username.

I need to update the column that contains only that member with their football picks for the week as submitted by the form. All year long, I have easily been able to run an update query in phpMyAdmin such as this:

Code: [ Select ]
UPDATE `nfl2003_playoffs_divisional_test` SET `player_1` = 'St. Louis' WHERE `id` = '2' LIMIT 1 ;
UPDATE `nfl2003_playoffs_divisional_test` SET `player_1` = 'New England' WHERE `id` = '3' LIMIT 1 ;
UPDATE `nfl2003_playoffs_divisional_test` SET `player_1` = 'Kansas City' WHERE `id` = '4' LIMIT 1 ;
UPDATE `nfl2003_playoffs_divisional_test` SET `player_1` = 'Philadelphia' WHERE `id` = '5' LIMIT 1 ;
UPDATE `nfl2003_playoffs_divisional_test` SET `player_1` = '45' WHERE `id` = '6' LIMIT 1 ;
  1. UPDATE `nfl2003_playoffs_divisional_test` SET `player_1` = 'St. Louis' WHERE `id` = '2' LIMIT 1 ;
  2. UPDATE `nfl2003_playoffs_divisional_test` SET `player_1` = 'New England' WHERE `id` = '3' LIMIT 1 ;
  3. UPDATE `nfl2003_playoffs_divisional_test` SET `player_1` = 'Kansas City' WHERE `id` = '4' LIMIT 1 ;
  4. UPDATE `nfl2003_playoffs_divisional_test` SET `player_1` = 'Philadelphia' WHERE `id` = '5' LIMIT 1 ;
  5. UPDATE `nfl2003_playoffs_divisional_test` SET `player_1` = '45' WHERE `id` = '6' LIMIT 1 ;


That works just fine doing it manually. Let's say in the above example that I am player_1. I realize that player_1 that is being updated is the column name. But my hidden input {$L_PLAYER} contains the value of my phpBB member name in Row id 1 which is ATNO/TW in my case. I do have this successfully set up so that anytime a logged in member accesses this form the {$L_PLAYER} variable will be their name and that's the column that will need updated. I can't figure out how to equate the {$L_PLAYER} variable with the player_1 column that needs updated.

I also can't figure out how to pass the variables for the teams that are selected in the form to the appropriate fields for the given player. I'm sorry if all that's a little lengthy, but I've been batting my head against the wall with this one for a couple months, and I just plain need help.

Thanks for any advice.
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • b_heyer
  • Web Master
  • Web Master
  • User avatar
  • Posts: 4581
  • Loc: Maryland

Post 3+ Months Ago

Alright... To access the radio buttons (I think that is what you meant) you use the POST global variable (Which is an array) like so:

Code: [ Select ]

echo $_POST['1'];
  1. echo $_POST['1'];

This would call up the value chosen from your first set of radio buttons, either TBA or St. Louis.

Now I am not 100% sure what you want with the other stuff...but I think you may need a query like:

Code: [ Select ]
$query = "UPDATE 'nf12003_playoff_divisionals_test' SET '" . $player_variable ."' = '" . $_POST['1'] . "' WHERE id='2' LIMIT=1";


I guess your table confuses me a bit, because I am not really sure where whats going on with it...
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Let's see if I can do this. Here is the table structure:

<pre>
id game player_1 player_1_wl player_2 player_2_wl
1 ATNO/TW Player2
2 Game 1
3 Game 2
4 Game 3
5 Game 4
6 Tiebreaker
7 Total W/L
</pre>

Then what I need to do is get the form selections to update the table for just the {$L_PLAYER} which in this case is me, so the result looks like this:

<pre>
id game player_1 player_1_wl player_2 player_2_wl
1 ATNO/TW Player2
2 Game 1 St. Louis
3 Game 2 New England
4 Game 3 Kansas City
5 Game 4 Philadelphia
6 Tiebreaker 45
7 Total W/L
</pre>

There are roughly 30 such players columns in the table and Row ID 1 already contains their member names.

Does that help clarify it?
  • b_heyer
  • Web Master
  • Web Master
  • User avatar
  • Posts: 4581
  • Loc: Maryland

Post 3+ Months Ago

ok one last question...so it goes on like player_1 player_1_wl player_2 player_2_wl, and keeps going like that pattern?

I guess it really doesn't matter now that I think of it. I am just trying to conetemplate different structures of the database but it might not be needed...

ok let see:
Code: [ Select ]
//this gets the users column:
$que = "SELECT * FROM 'nf12003_playoff_divisionals_test' WHERE id = 1";
$que_row = mysql_fetch_array(mysql_query($que));
$player = {$L_PLAYER};
$player_col = array_search($que_row, $player);

//this updates all 4 games for that column:
$games = 4;
$c = 1;
while ($c <= $games){
$update_query = "UPDATE 'nf12003_playoff_divisionals_test' SET '" . $player_col . "' = '" $_POST[$c] "' WHERE 'id' = '" . $c+1 . "' LIMIT 1";
mysql_query($update_query) or DIE (mysql_error());
$c++;
}
  1. //this gets the users column:
  2. $que = "SELECT * FROM 'nf12003_playoff_divisionals_test' WHERE id = 1";
  3. $que_row = mysql_fetch_array(mysql_query($que));
  4. $player = {$L_PLAYER};
  5. $player_col = array_search($que_row, $player);
  6. //this updates all 4 games for that column:
  7. $games = 4;
  8. $c = 1;
  9. while ($c <= $games){
  10. $update_query = "UPDATE 'nf12003_playoff_divisionals_test' SET '" . $player_col . "' = '" $_POST[$c] "' WHERE 'id' = '" . $c+1 . "' LIMIT 1";
  11. mysql_query($update_query) or DIE (mysql_error());
  12. $c++;
  13. }


Ok I think that may do what you are looking for. I guess the problem you might have been having was the snippet in the first part.

I hope that helps, if you don't understand anything (you should though we are on the same level...) then let me know!
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Thanks b_heyer. That does shed some light. I'll experiment with that, but unfortunately, I'll not have the time to do it now. Will hopefully get some time in the next day or so. But your thoughts make sense. I'd like to try to get it on my own with your help so far before you spend more time on it. Thanks Much.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I couldn't resist playing with it and initially got the following error:

Quote:
Parse error: parse error, unexpected '{' in /usr/local/psa/home/vhosts/imagesculptor.com/httpdocs/pool/pick_divisional.php on line 71


I did several variations of

Code: [ Select ]
$player = {$L_PLAYER};


and each time I did I got this error:
Quote:
Parse error: parse error, unexpected T_VARIABLE in /usr/local/psa/home/vhosts/imagesculptor.com/httpdocs/pool/pick_divisional.php on line 78

---which is this line:
$update_query = "UPDATE 'nf12003_playoff_divisionals_test' SET '" . $player_col . "' = '" $_POST[$c] "' WHERE 'id' = '" . $c+1 . "' LIMIT 1";



I appreciate your help very much, but this is the kind of thing that has been driving me nuts for months. I know I'm close but no cigar.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

b_heyer wrote:
ok one last question...so it goes on like player_1 player_1_wl player_2 player_2_wl, and keeps going like that pattern?


Yes -- you have the pattern exact here
  • b_heyer
  • Web Master
  • Web Master
  • User avatar
  • Posts: 4581
  • Loc: Maryland

Post 3+ Months Ago

Ahh Sorry, that was my bad I forgot the little joining periods:

Code: [ Select ]
$update_query = "UPDATE 'nf12003_playoff_divisionals_test' SET '" . $player_col . "' = '" . $_POST['$c'] . "' WHERE 'id' = '" . $c+1 . "' LIMIT 1";


Just as a side note that T_VARIABLE thing comes up occasionally for me, and I find it normally is because an array being called inside of a query. For some reason you have to have it parse outside of the quotes *shrugs helplessly*.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I might have an idea where the problem is, but I'm not going to be able to finish now. I'll play with it more in the next day or so. I really do have to give up trying now for the moment. I have some things in the test table that aren't jiving with you're code, so I'll have to work my way around those again.
  • Crimson_King
  • Newbie
  • Newbie
  • User avatar
  • Posts: 9

Post 3+ Months Ago

i am at work now and don't have a chance to read the whole thing (but this is my kinda problem), but the one thing i did see that i would *highly* recommend you change is putting the user ID in a hidden form variable. You're just *asking* for someone to screw with it (unless you check it throughly after, of course).
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Crimson_King wrote:
i am at work now and don't have a chance to read the whole thing (but this is my kinda problem), but the one thing i did see that i would *highly* recommend you change is putting the user ID in a hidden form variable. You're just *asking* for someone to screw with it (unless you check it throughly after, of course).


Actually, I do:

Code: [ Select ]
<input type="hidden" name="player" value="{L_PLAYER}">


{L_PLAYER} is the variable that holds the value of a logged in member. Registered logged in members are the only ones that can access the page and as noted above, this is the variable used to determine which table column to update. The form page contains all the phpBB security, so it cannot be easily messed with from external referers. It's not impossible to hack it I'm sure, but it is about as good as it gets.

Thanks for the tip though. I think I should finally have some time later today to get back to messing with this.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Well, played with this for about another 5 hours. B_heyer, I think your solution really has the potential to work. I'm stuck on a couple things.

Code: [ Select ]
First, You have this: $player = {$L_PLAYER};
but, since my hidden input is: <input type="hidden" name="player" value="{L_PLAYER}">, shouldn't that be $player = $_POST['player'] ? //or something like that?

Second. I keep getting this error message: mysql_fetch_array(): supplied argument is not a valid MySQL result resource
for this line: $que_row = mysql_fetch_array(mysql_query($que));

When I comment that line out. The error goes away.

I'm also frequently getting this error:
Wrong datatype for second argument in call to array_search in /usr/local/psa/.../.php on line 139
You have an error in your SQL syntax near '1' LIMIT 1' at line 1

which is this line: $player_col = array_search($que_row, $player);
  1. First, You have this: $player = {$L_PLAYER};
  2. but, since my hidden input is: <input type="hidden" name="player" value="{L_PLAYER}">, shouldn't that be $player = $_POST['player'] ? //or something like that?
  3. Second. I keep getting this error message: mysql_fetch_array(): supplied argument is not a valid MySQL result resource
  4. for this line: $que_row = mysql_fetch_array(mysql_query($que));
  5. When I comment that line out. The error goes away.
  6. I'm also frequently getting this error:
  7. Wrong datatype for second argument in call to array_search in /usr/local/psa/.../.php on line 139
  8. You have an error in your SQL syntax near '1' LIMIT 1' at line 1
  9. which is this line: $player_col = array_search($que_row, $player);



Added note. The other thing I need to include in that query is the value for the "tiebreaker" variable in the form.
Any thoughts?
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I've just been thinking. Would doing this update query be easier if I recreated the tables to where the names of the columns were the members usernames vs a sequenced, player_1, player_2, etc...? Hmmm...probably. Don't mind me...I'm just thinking outloud. I'm just considering how I need to work this in the future.

Or perhaps create a reference table to associate usernames with player columns. This is more complicated than I imagined.
  • b_heyer
  • Web Master
  • Web Master
  • User avatar
  • Posts: 4581
  • Loc: Maryland

Post 3+ Months Ago

ok I'll address all your problems in the order you listed them:

Code: [ Select ]
1) Yes that was just my misunderstanding of where {$L_PLAYER}; was coming from.

2)try changing that line to:
$que_sql = mysql_query($que)) or DIE(mysql_error());
$que_row = mysql_fetch_array($que_sql);

3) That error should be fixed when you fix the other two problems, since it uses both of those variables.
  1. 1) Yes that was just my misunderstanding of where {$L_PLAYER}; was coming from.
  2. 2)try changing that line to:
  3. $que_sql = mysql_query($que)) or DIE(mysql_error());
  4. $que_row = mysql_fetch_array($que_sql);
  5. 3) That error should be fixed when you fix the other two problems, since it uses both of those variables.


I believe what you have right now for database structure should work. I personally would have used user_id's instead of user names, but either way will work as long as user names have to be unique (usually the case).
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Yep -- that got rid of the array error, but not quite perfect. I need to step out for awhile, but will try again later tonight. Thanks. That puts me a step closer. I appreciate the help b_heyer.
  • b_heyer
  • Web Master
  • Web Master
  • User avatar
  • Posts: 4581
  • Loc: Maryland

Post 3+ Months Ago

Any time, keep me updated!
  • Crimson_King
  • Newbie
  • Newbie
  • User avatar
  • Posts: 9

Post 3+ Months Ago

whoops, before i meant take out all hidden variables, not put them in.
they're to large of a security risk if you keep any kind of info in them.
you have to worry about possible SQL injections, and anyone with the web dev toolbar for firebird can change them in 9 seconds.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Crimson_King - you have me curious. But just so you know how this is working, all of the form inputs are actually retrieved from the database. Nothing in the form itself is actually HTML. For a person to even access the page, they have to be a logged in member. They can't even see it as I have it set to default to a login/registration page if they try to access it as a guest. In addition the security verifies both the IP and SID of the user before establishing a session. The SID changes from session to session. In addition, any attempt to hack the form input from an external referrer should return an error. Would this not be enough security? Essentially it's the same security used on the forum board itself to deter hacking attempts. I sorta understand your point, but I need the value of the user for that hidden variable to update the correct table column. I'm having a hard enough time as it is getting it to do that "simple" task.

Post Information

  • Total Posts in this topic: 18 posts
  • Users browsing this forum: No registered users and 169 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.