I have 2 tables bugreports and replys. Here is the layout for each table.
bugreports
bugreport_id
website
title
type
status
author
os
browser
report
date
replys
reply_id
bugreport_id
reply
How can i make my script pull the reply and put it under the correct report. And if this is no reply how can i make it show and error like 'There is no reply currently'?
do another query, this time, of the replys table. Add "WHERE bugreport_id = '[id here]'" to the query string. Use a while loop to cycle through the results and echo them wherever you want them to show up.
So... english to code translation:
Code:
$query2 = "SELECT * FROM replys WHERE bugreport_id='" . $row['bugreport_id'] . "'";
$result2 = mysql_query($query2);
while ($row2 = mysql_fetch_assoc($result2)) {
// Do all of your echoing here
}
Hope this help you out. Let me know if you need more help.
I'm now having a problem with the submit form. I fill in the details in the form and it gets sent to another page where it inserts it into the database. However i only want it to input the $_POST variables from the form instead of $_GET aswell. Because if someone enters insert.php?title=232&website=32423& it will input it into the DB and i don't want this to happen.
Any ideas how to fix it:-
Code:
<?
// ********************************************************************** begin checking for characters
if ($status == "")
{
$status = "";
}
if ($website == "")
{
$website = "";
}
if ($type == "")
{
$type = "";
}
if(!ereg("[a-zA-z]+", $title))
{
$title = "";
}
if(!ereg("[a-zA-z]+", $name))
{
$name = "";
}
if ($os == "")
{
$os = "";
}
if ($browser == "")
{
$browser = "";
}
if ($version == "")
{
$version = "";
}
if(!ereg("[a-zA-z]+", $report))
{
$report = "";
}
// ********************************************************************** end checking for characters
// ********************************************************************** begin error messages
if ($status == ""){
$error .= "<li>Please select a status</li>";
}
if ($website == ""){
$error .= "<li>Please select a website</li>";
}
if ($type == ""){
$error .= "<li>Please select a type</li>";
}
if ($title == ""){
$error .= "<li>Please write a bug title</li>";
}
if ($name == ""){
$error .= "<li>Please type your full name</li>";
}
if ($os == ""){
$error .= "<li>Please select an operating system</li>";
}
if ($browser == ""){
$error .= "<li>Please select a web browser</li>";
}
if ($version == ""){
$error .= "<li>Please write a version for the browser</li>";
}
if ($report == ""){
$error .= "<li>Please fill in a bug report</li>";
}
// ********************************************************************** end error messages
echo "
<table align=\"center\" width=\"50%\" cellpadding=\"4\" cellspacing=\"0\" border=\"0\" style=\"border-collapse: collapse\">
<tr>
<th style=\"background: #000033; font-weight: bold; color: #FFFFFF; text-align: center;\">Information</th>
</tr>
<tr>
<td class=\"row1\" height=\"80\">";
if ($error != ""){
echo "<div class=\"text\" align=\"center\">The following fields are either incomplete or invalid:</div>";
echo "<div class=\"text\"><ul>";
echo "$error";
echo "</ul></div>";
echo "</td></tr>";
echo "<tr><th style=\"background: #EFEFEF;\"><input type=\"button\" name=\"button\" value=\"Try Again\" onClick=\"javascript:history.go(-1)\" class=\"button\"></th></tr>";
}
else{
require "connect.php";
require "common.php";
$status = quote_smart($_POST['status']);
$website = quote_smart($_POST['website']);
$type = quote_smart($_POST['type']);
$title = quote_smart($_POST['title']);
$name = quote_smart($_POST['name']);
$os = quote_smart($_POST['os']);
$browser = quote_smart($_POST['browser']);
$version = quote_smart($_POST['version']);
$report = quote_smart($_POST['report']);
$id = quote_smart($_POST['id']);
$date2 = date("Y-m-d H:i:s");
$addbug = "INSERT INTO bugreports (bugreport_id, date, status, website, type, title, author, os, browser, version, report)
VALUES ('$id', '$date2', '$status', '$website', '$type', '$title', '$name', '$os', '$browser', '$version', '$report');";
mysql_query($addbug) or die(mysql_error());
echo "<div class=\"text\" align=\"center\">The bug reported has been successfully added to the database.</div></td></tr>";
echo "<tr><th class=\"row3\"><input type=\"button\" value=\"Add another bug\" onClick=\"window.location='addbug.php'\"></th></tr>";
}
echo "</table>";
?>
Make sure that register_globals is off in the php.ini file, otherwise, it will automatically convert the $_GET variables and/or $_POST variables to $variablename. This is done by default in later versions of PHP, but... you might want to check on that.
just put the values in the query as $_POST[] values, forget setting the post values to a whole nother variable.
k but would i still be able to use my quote_smart($_POST['']) as this function is what uses mysql_real_escape_string to prevent ' etc and sql injection.
Also how can i turn register_globals off can i do it in htaccess.
magic quotes will take care of code injection hacks.
register_globals and magic_quotes are handled in the php.ini file in the server. To check if these are set, you can put the following code into a separate php file.
Code:
<?php
phpinfo();
?>
if they aren't set, you can do so either by modifying the php.ini file, or by using ini_set as follows:
it is possible that register_globals won't be set at runtime, so if it doesn't, or you must use .htaccess to control it, add the following entry into your htaccess.
And i'd rather not user magic_quotes as what i'm doing now i have more control. So how would i insert my query with quote_smart($_POST['']) still on it.
Hmm... first things first, does your host have register_globals enabled? No sense in trying to solve a problem that doesn't exist.
Your current way of assigning your modified $_POST data to a separate variable would work. Personally, I would just do it with addslashes / stripslashes. This is normally done automatically as a security precaution, but...
Of course, if your host does have magic quotes enabled to begin with, and you try adding slashes (whether by quote_smart or add slashes), you are going to end up adding slashes where you don't want. You should refer to your php.ini file (read it using the phpinfo(); function).
but.. make sure you check and see if magic_quotes_gpc is set in the php.ini file first. If it is and you use quote_magic (assuming you are using the one off of php.net) you will end up adding slashes to your query string that you don't want (\' would become \\\').
$errors = array();
$req_fields = array("field1", "field2", "field3", "field4"); // Add fields here
foreach ($req_fields as $field) {
if (empty($_POST[$field])) {
$errors[] = $field;
}
if (sizeof($errors) > 0) {
echo "Please enter valid data for the following fields:";
foreach ($errors as $error) {
echo '<br><font color="#ff0000">' . $field . '</font>';
}
} else {
// put your processing code here
}
}
This will allow you to add all of your required fields to the $req_fields array instead of writing code for each one.
hi again i'm having problems with the error checking when i have dropdown select boxes on the form. When i don't select any options it looks like this:
Quote:
Please enter valid data for the following fields:
websitePlease enter valid data for the following fields:
type
typePlease enter valid data for the following fields:
title
title
titlePlease enter valid data for the following fields:
name
name
name
namePlease enter valid data for the following fields:
os
os
os
os
osPlease enter valid data for the following fields:
browser
browser
browser
browser
browser
browserPlease enter valid data for the following fields:
version
version
version
version
version
version
versionPlease enter valid data for the following fields:
report
report
report
report
report
report
report
also when i put the quote_smart in the insert statement with the $_POST i get this error
Quote:
Fatal error: Cannot redeclare quote_smart() (previously declared in functions.php:3) in fucntions.php on line 3
. But it still adds it to the database but doesn't add slashes because of this error.
Sorry, i messed up on the error checking code. Use this instead:
Code:
$errors = array();
$req_fields = array("field1", "field2", "field3", "field4"); // Add fields here
foreach ($req_fields as $field) {
if (empty($_POST[$field])) {
$errors[] = $field;
}
}
if (sizeof($errors) > 0) {
echo "Please enter valid data for the following fields:";
foreach ($errors as $error) {
echo '<br><font color="#ff0000">' . $field . '</font>';
}
} else {
// put your processing code here
}
The previous one echoed the errors array for every missing field, which is the cause of the redundancy.
As for the redeclaration, it looks like you are including functions.php and fucntions.php in one of your files (probably once in your common, then again in the file that you are currently using). You might find out where you are including fucntions.php (looks like a misspelling).
If this isn't the problem, post up the insert statement and i'll take a look at that. You don't need to put "function" in front of the function call. In fact, this would cause the redeclaration. Without seeing the code, I don't know if this is the problem or not. I'm betting on an overlooked mistake of including that fucntions.php file.
![[PHP] Report Script Help](http://www.v7n.com/forums/iconimages/coding-forum/php-report-script-help_ltr.gif)
