Am I doing something wrong here..?

[mak-uk]

Hi

Wonderful, that works.

Can I ask for help with the rest of the stuff?

Thanks.

Mak

[Sarah]

which bits do we have left then? the parts you mentioned earlier or new stuff

[mak-uk]

Hi

What is left is what I mentioned earlier mostly.

Firstly, the password issue. I realise that some sort of 'mumbo-jumbo' should be entered into the mPassword field in the DB, but instead it is blank.

The DB insertion is:

PHP Code:

mPassword  =  '".$_POST['encrypted_password']."'"; 


The password code is:

PHP Code:

<TR VALIGN="middle"> 
<TD>Password:</TD>
<TD><INPUT TYPE="password" NAME="PasswordOne" SIZE="20" MAXLENGTH="20" VALUE=""></TD>
</TR>
<TR VALIGN="middle"> 
<TD>Confirm Password:</TD>
<TD><INPUT TYPE="password" NAME="Password" SIZE="20" MAXLENGTH="20" VALUE="" alt="equalto|PasswordOne"></TD>
</TR>
            
<?php
// MD5 of password to encrpt. Then $encrypted_password goes into database
$encrypted_password = md5($_POST["Password"]);
?>

Thanks.

Mak

[Sarah]

like we changed the mDOB stuff to remove the POST in eth sql query you also need to do the same with the password in the sql query, because you already get the $_POST value of password and using that you create the $encrypted value so therefore the line in the sql query should just read

PHP Code:

mPassword  =  '$encrypted_password' "; 


does that work now?

[Dr Livingston]

It should 8)

[mak-uk]

Hi

Yeah that worked a treat, except that I had to move the md5 part to to the top so that it does it after the form has been submitted - see, I am learning.. slowly but surely! [img]images/smilies/biggrin.gif[/img]

Now, I get an error with the following:

PHP Code:

// generate and execute query 2
$query2 = "INSERT INTO Lookup SET
relMemberID = '".$_POST['memberID']."',
relReligionID = '".$_POST['religion_id']."',
relRelationID = '".$_POST['relation_id']."',
relMStatusID = '".$_POST['mstatus_id']."',
relHeightID = '".$_POST['height_id']."',
relBuildID = '".$_POST['build_id']."',
relComplexionID = '".$_POST['complexion_id']."',
relCBirthID = '".$_POST['country_id1']."'
relCOriginID = '".$_POST['country_id2']."'
relEducationID = '".$_POST['education_id']."',
relOccupationID = '".$_POST['occupation_id']."',
relDietID = '".$_POST['diet_ID']."'"; 


I get this error but I cannot see what it is:

Error in query 2: INSERT INTO Lookup SET relMemberID = '', relReligionID = '', relRelationID = '', relMStatusID = '', relHeightID = '', relBuildID = '', relComplexionID = '', relCBirthID = '' relCOriginID = '' relEducationID = '', relOccupationID = '', relDietID = ''. You have an error in your SQL syntax near 'relCOriginID = '' relEducationID = '', relOccupationID = '', relD' at line 10

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Dr Livingston]

Look closely and you'll notice that you've missed out 2 comma's to seperate individual data going to each field:

Birth and Origin

Proberly a typo 8)

[mak-uk]

Hi

Yes, just seen them. [img]images/smilies/smile.gif[/img]

Now, however, I get:

Error in query 2: INSERT INTO Lookup SET relMemberID = '', relReligionID = '', relRelationID = '', relMStatusID = '', relHeightID = '', relBuildID = '', relComplexionID = '', relCBirthID = '', relCOriginID = '', relEducationID = '', relOccupationID = '', relDietID = ''. Duplicate entry '0-0-0-0-0-0-0-0-0-0-0-0-0-0' for key 1

When I look in the DB all the fields are just '0' and not set to the appropriate relative-key values.

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Dr Livingston]

Within your database you have a field that has a UNIQUE flag.

In one database I have the username is set to UNIQUE ID so that only one - ever - database insertion will have a unique username -

No 2 users can ever have the same username can they ? It doesn't matter about passwords for example - you may find this with Email's as well at some point 8)

So your error is saying that you are attempting to insert - whatever field - something that is already there and it - the database table - cannot have more than one record with this value.

What I do to get around this is to put the query within an IF condition so if there is no errors i.e. no duplication then only then the insert/update will take place.

The ELSE condition would then alert the user to the insertion/update being cancelled due to a duplicate entry.

So have a look at the database structure (mysql> desc <database table name here>) and see what field(s) are UNIQUE.

Hope this explains things to you ?

[Dr Livingston]

Here is my database table - do you notice the UNI for the username field ? You should have this for your first field as well - proberly an ID of some sort 8)

PHP Code:

+-------------+---------------+------+-----+---------+----------------
| Field       | Type          | Null | Key | Default | Extra          
+-------------+---------------+------+-----+---------+----------------
| id          | smallint(6)   |      | PRI | NULL    | auto_increment 
| date        | timestamp(14) | YES  |     | NULL    |                
| username    | varchar(32)   |      | UNI |         |                
| password    | varchar(32)   |      |     |         |                
| accesslevel | tinyint(3)    |      |     | 0       |                
| forename    | varchar(32)   |      |     |         |                
| surname     | varchar(40)   |      |     |         |                
+-------------+---------------+------+-----+---------+----------------
7 rows in set (0.00 sec) 


[mak-uk]

Hi

I understand what you mean. By issuing the 'desc' instruction in MySQL I get:

+-----------------+--------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+--------+------+-----+---------+-------+
| relMemberID | int(5) | | PRI | 0 | |
| relReligionID | int(5) | | PRI | 0 | |
| relRelationID | int(5) | | PRI | 0 | |
| relMStatusID | int(5) | | PRI | 0 | |
| relHeightID | int(5) | | PRI | 0 | |
| relBuildID | int(5) | | PRI | 0 | |
| relComplexionID | int(5) | | PRI | 0 | |
| relCBirthID | int(5) | | PRI | 0 | |
| relCOriginID | int(5) | | PRI | 0 | |
| relEducationID | int(5) | | PRI | 0 | |
| relOccupationID | int(5) | | PRI | 0 | |
| relDietID | int(5) | | PRI | 0 | |
| relReferrerID | int(5) | | PRI | 0 | |
| relLinkID | int(5) | | PRI | 0 | |
+-----------------+--------+------+-----+---------+-------+

You see, all this other information about a individual's diet (or whatever), I do not want stored in the main Members table. As a result, I have this table which should contain relative-keys as to which member has what particulars. For example:

Member 1 has a diet of 1 (which is vegetarian) and education of 3 (which is a batchelors).. and so on. Each time when a member joins, they enter a record for the member table, and subsequently, corresponding relation-keys are entered into this table.

Am I going about this the right way?

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Dr Livingston]

There may be a UNI within a related table that has a relationship with this one ?

There is definitely a database design issue there somewhere.

Looking at my table again I think - key 1 - could be something to do with your PK. This could be this table it's self or another ID within another table that is related to this tables - the one you've put up in this forum - id.

I'd check your database queries for mis-placed insertions or updates in regards to your table relationships though 8)

-- EDITED --

[mak-uk]

Hi

Well the structure I knocked up is:

PHP Code:

CREATE TABLE `members` (
`memberID` int(5) NOT NULL auto_increment,
`mForename` varchar(25) NOT NULL default '',
.. etc
PRIMARY KEY (`memberID`)
) TYPE=MyISAM AUTO_INCREMENT=45 ; 


PHP Code:

CREATE TABLE `lookup` (
`relMemberID` int(5) NOT NULL default '0',
`relReligionID` int(5) NOT NULL default '0',
`relRelationID` int(5) NOT NULL default '0',
.... etc
PRIMARY KEY (`relMemberID`,`relReligionID`,`relRelationID`etc...)
) TYPE=MyISAM; 


As regards to the queries, well, I only have two within the script. One for entering a member record and the second to enter the other details into the Lookup table:

PHP Code:

// generate and execute query
$query = "INSERT INTO Members SET 
mForename = '".$_POST['Forename']."', 
... etc
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
$memberID = mysql_insert_id(); 


And:

PHP Code:

$query2 = "INSERT INTO Lookup SET
relMemberID = '".$_POST['memberID']."',
relReligionID = '".$_POST['religion_id']."',
etc...
$result2 = mysql_query($query2) or die ("Error in query 2: $query2. " . mysql_error()); 


So I am wondering, is there something wrong with my Lookup table or the query I am using for it? i.e. Should it be an UPDATE instead?

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Dr Livingston]

I was thinking about this earlier and another thing that might cause this problem is that your putting a different data type into a field in this table - posted earlier - that should be something else ?

For example, a string is going into one of your IDs and in fact it should be an integer.

Are your values your inserting into the table all correct ? BTW an update is only used to update a record already there so stick with the insert 8)

[mak-uk]

Hi

With the second query my aim is to insert IDs that are just integers, thus:

PHP Code:

// generate and execute query 2
$query2 = "INSERT INTO Lookup SET
relMemberID = '".$_POST['memberID']."',
relReligionID = '".$_POST['religion_id']."',
relRelationID = '".$_POST['relation_id']."',
relMStatusID = '".$_POST['mstatus_id']."',
etc... 


For example, a person's marital status would be taken from:

PHP Code:

<TD>Marital Status:</TD>
<TD><SELECT NAME="marital" />
<OPTION SELECTED VALUE="">Select</OPTION>
<?php
while ($mstatus_q = mysql_fetch_array($mstatus_query)) {
$mstatus_id = $mstatus_q["mStatusID"];
$mstatus_type = $mstatus_q["mStatusType"];
echo("<OPTION VALUE='$mstatus_id'>$mstatus_type<BR>\n");
}
?>
</SELECT> </TD>

Am I going about this the right way?

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Sarah]

Mak,

can you check the page source when you view the actual form itself to check that you are actually getting ID values for the martial status etc? So print out here the html source code here to show us.

then write echo "lookup... insert your full lookup query2 here" BEFORE the actual query2 line that will show whether you have a problem with the data not being passed from the form OR its the insert into the dB issue.

because you have the error saying 0-0-0-0-0- etc I would think you are somehow not getting those ID values from the form correctly... and don't worry about the duplicate error as I am pretty sure when we did your dB Schema that is correct

also you don't need to have single quote around these lookup values as they are just integers (but that shouldn't be an issue)

HMM skip the above Mak, on your form side you have shown the Marital one here and the name of that drop down box is marital? therefore your post values should be $_POST['marital'] and not $_POST['mstatusid'], as its the NAME of the form field that is passed and not the value you inserted? Does that make sense? try echoing out $_POST['marital'] just before the $query2 part and see if that gives you the value - if it does then just run through each form segment getting the form name (i.e. <select name="marital">)

see whether that changes anything..

Sarah

[mak-uk]

Hi

Yes, you were absolutely right Sarah. [img]images/smilies/biggrin.gif[/img] [img]images/smilies/thumbs_up.gif[/img]

I was trying to post the variables themselves rather than the name of the 'select' in which they were assigned and encapsulated.

Now, apart from a few little tinkers to the various things I have been working on so far, I can register a member.

What I now need is input from you guys as to how I deal with a couple of things:

1. Currently, if there are any errors when adding user details, a blank page comes up with an echo of the error. I was thinking of ammending this so that on submission, if any errors are discovered, they are displayed on the same (original) page in say, red, allowing the user to correct them.

Is this the best way to go about it? If so, how? (NOTE: currently I am posting to PHP_SELF).

2. Is the use of sessions on such a site a necessary requirement or, in-fact, worth doing?

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Dr Livingston]

Ummm.... In the event that a user / script gives an error on the same page you should consider using output buffering.

To get a better idea of what this is and how it works you should read the manual 8)

But in the meantime I use this to put errors on the page regardless of when an error occured within the script - i.e. an error could occur near the end and still the error will display okay - w/out prior HTML output 8)

Start at very top of page BEFORE any output at all - as in the case of using COOKIEs - to use output buffering:

PHP Code:

<?php
# start buffering here
ob_start();
# following gets printed
echo('Hello World !!');
.
.
# some more script which generates an error
# now I give an error
ob_clean();
ReportError('Bad User Inputs');
?>

Now this function 'ReportError' will format and display the error in it's own way - ie not using the page layout dependent on your scripts generated output.

So for example I could put the error in it's own table - in this example I call a function though but normally I would INCLUDE a page to be displayed passing it the error message. 8) Any content generated by your script will not be displayed either once you've used ob_clean().

Here is my ErrorReport class for example.

PHP Code:

class ErrorReport {

var $state;
var $XmlHandler;
var $FileHandler;

/**
* class constructor
*/
function ErrorReport() {
$this -> XmlHandler = & new TransformXml;

ob_start();
}

/**
* set error reporting method(s)
*/
function SetErrorState($msg) {
$this -> state = $msg;
}

/**
* get error reporting state
*/
function GetErrorState() {
return $this -> state;
}

/**
* process an error
*/
function DoError($msg) {
if(strtolower($this -> state) == (string) 'report') {
ob_clean();
$this -> XmlHandler -> SetXmlDir('templates/');
$this -> XmlHandler -> SetXslFile('transform.xsl');
$this -> XmlHandler -> SetXmlFile('errors-general.xml');

$this -> XmlHandler -> AppendText2XmlFile('<import />', '<message-block><bold>'. strtoupper($msg) .'</bold></message-block>');
$this -> XmlHandler -> MakeXmlString();
exit();
}
else if(strtolower($this -> state) == (string) 'log') {
$this -> FileHandler = & new Files;
$this -> FileHandler -> SetDirectory();
$this -> FileHandler -> DumpText2File('errors.txt', $msg);
}
else if(strtolower($this -> state) == (string) 'all') {
$this -> FileHandler = & new Files;
$this -> FileHandler -> SetDirectory();
$this -> FileHandler -> DumpText2File('errors.txt', $msg);

ob_clean();
$this -> XmlHandler -> SetXmlDir('templates/');
$this -> XmlHandler -> SetXslFile('transform.xsl');
$this -> XmlHandler -> SetXmlFile('errors-general.xml');

$this -> XmlHandler -> AppendText2XmlFile('<import />', '<message-block><bold>'. strtoupper($msg) .'</bold></message-block>');
$this -> XmlHandler -> MakeXmlString();
exit();
}
}

} 


To use something like this yourself you'd declare ob_start() at the top of your page before output.

Once you detect an error, simply use ob_clean() to clear the output buffer and begin to generate your new output again - ie error reporting.

-- EDIT --

Your previously generated output will be erased. Simple as that really. For example a database query gives an error:

Normally you'd use:

PHP Code:

... or die(mysql_error());
# correct ?
.
.
# but now you'd call your ErrorReporter instead...
... or myErrorReport('I have an error with my database');
.
. 


[mak-uk]

Hi

I'm sorry if I am being thick here (and no funny comments if I am!!), but is there no way of going about it without going through the classes rigmarol?

[It's just that I am sure that, in-passing, I have seen people do what I require in a relatively easy way. Eg. the user presses submit, if there is an error in regards to validation, they are taken to the top of the page and in red-colour, told to correct the error (maybe with a asterisk next to the field(s))].

Thanks.

Mak

[Sarah]

yeah Mak there is, I will need to respond when in work as most of the code that I work on is there, but basically you will need to set an error array at the start of the code and then fill it with any error message as you go along, which on submits displays them next to the form sections.

BUT it can be quite complicated so not trying to put you off or anything I woudl get teh rest working and leave it that it goes to a new page listing all the error messages (which you can alter to say Name or which field you are talking about) and then say click back to make changes. Otherwise you will need to change the way you have done the validation etc etc personally I have used this method once and still prefer doing the old fashioned version - makes life much easier...

I think though you could probably do something half way in between (just thinking off top of head now) but instead of showing a new page you could echo out the errors just at the top of the page allowing them to make the changes directly, getting * next to the form in question is a little harder though.

Basically with the code that you have you know you have print form, press submit, do error checking, update dB. well after error checking you display form again if any errors were found, so you would need to include the whole form again, but instead of having all the areas blank you would use the $_POST['marital'] as the value of the form boxes so they would already be filled in.

Hopefully that makes some sense, short on time tonight - let me know whether you get my drift and I will expand on it tomorrow

And no you are not thick I struggled with the code above also

Sarah

[mak-uk]

Hi

Yes, I think I am getting what you mean.

So I have an array: $errors = array(); and then after each validation part have a count of each error as so:

PHP Code:

if(empty($mForename)){
$errors[] = 'You did not enter your friggin Forename';
} 


And then count the errors and display them:

PHP Code:

$nerrors = count($errors);

if($nerrors > 0) {
echo "\n".'<p>'.$nerrors.' error(s) found</p>';
echo "\n".'<ol>';
for ($i = 0; $i < $nerrors; $i++)
echo "\n".'<li>'.$errors[$i].'</li>';
echo "\n".'</ol>';
exit;
} 


I understand the part about not leaving the form blank after initial submission and having the original submitted values now present in the fields. However, what I do not get is:

1. How to display the whole form again after submission.
2. How to place the so-called 'red error messages' at the top of the form.
3. My form is quite long, should I perhaps split it up into a two page form. For example, form 1 - enter username, password, e-mail, if that is validated okay, go to form 2 and enter rest of profile details, then submit and the member has joined.
4. I am also implementing client-side Javascript and that should take care of most errors, hence, I shouldn't really make much of a fuss over this should I?

Thanks.

Mak [img]images/smilies/smile.gif[/img]

[Dr Livingston]

Nope - keep the FORM as one - it isn't that long either 8)

When using FORMS I do things in 2 parts. The first part displays the FORM asking user to fill it in and submit it.

In which case the first part is the first function. The second part - error validation and db dump is taken by a second function.

This is all you need. If you have any errors, void the db dump and re-create the FORM again (from second function) though for the FORM elements which have errors, you leave these blank and if an element is okay, you put back the value (from $_POST).

The user submit's the FORM again with correct details and again you reload the page.

The page detects (using some script you write - later) the FORM submission and again checks validation etc - using the second function.

Now to know the difference between a FORM submission or not I use:

PHP Code:

if(isset($_FORM['SubmittedForm'])) {
# form has been submitted so
# check validation etc
} else {
# display form for user to complete
} 


The $_POST variable above is from:

PHP Code:

<form type='submit' name='SubmittedForm' value='Send Form' /> 


This should help you I think ?

[mak-uk]

Hi

Sorry for the lack of replies, have been ill for a few days!

Last weekend, what you said did make sense.. but it seems a bit hazy now.. sorry!

My script structure is as follows:

PHP Code:

<?php if (isset($_POST['submit'])) { // a new member joins using the form below
// Form validation
else { 
// If validation is all TRUE, then enter a record into DB
}
 } else { 
// Drop-down box queries
?>
// Start FORM
...
// End FORM
<?php
} // end if main if else statement for if the form has been submitted
?>

Given the above, could you explain the modifications required?

Thanks.

Mak

[mak-uk]

Hey guys

I am still stuck at my previous message. If you're back from the bank holiday w/end can you help?

Thanks.

Mak

[Dr Livingston]

Good weekend - thanks 8) The weather up here in the North was good as well 8)

Makes a bloody change since it was raining like there were no tomorrow on Fri....

About your problem though, I have posted some script to help you understand some more.

Though for the moment, the script doesn't put the correct values back to the form in the event of one or more bad user inputs - i.e. invalid characters.

Instead the form is simply displayed again - it's a login basically and I don't like to see the password passed along again if it's correct and the username isn't - I want the user to re-type both the username/password again so just to be sure a user is exactly who they say they are 8)

PHP Code:


 /** copyright 2002-03 les quinn all rights reserved
 *
 * filename    : login.php
 * description  : main framework user log-in controller
 * author/date  : les quinn 03.05.03 
 * version no.  : 1.16a
 * notes    : none
 */
  
 
 # INCLUDE following files req. by framework
 #
 include('protected/common.php');
 include('protected/library.php');
 include('protected/classes.php');
 include('templates/config/config.php');
 
 # check for framework COOKIEs
 #
 session_start();
 $session = session_id();
 
 if(!isset($_COOKIE['Cookie'])) {
  # no COOKIEs exist so create new one
  #
  setcookie("Cookie", $session, time() + ((3600 * 24) * $cfg['COOKIE_DURATION']));
 }
 else {
  # found COOKIEs so update
  #
  $session = $_COOKIE["Cookie"];
  setcookie("Cookie", $session, time() + ((3600 * 24) * $cfg['COOKIE_DURATION']));
 }
  
 # check for framework SESSIONs
 #
 if(!isset($_SESSION)) {
  # no SESSIONs exist so create new one
  #
  $_SESSION['Session']['UserId'];
  $_SESSION['Session']['UserAccess'];
  
  $_SESSION['Session']['Username'];
  $_SESSION['Session']['Password'];
  
  $_SESSION['Session']['MenuState'];
  $_SESSION['Session']['MenuCommand'];
 }
 
 # create new instance of ErrorReport class
 #
 $e = new ErrorReport($cfg['ERROR_DIR']);
 $e -> SetErrorState($cfg['ERROR_FLAG']);
 
 # create new instance of DBaseMYSQL class
 #
 $db = new Dao($e);
 $db -> SetMYSQL($cfg['DB_SOURCE'], $cfg['HOSTNAME_'], $cfg['USERNAME_'], $cfg['PASSWORD_']);
 
 # create new instance of Template class
 #
 $tmp = new Template;
 $tmp -> SetTempDir($cfg['TEMPLATE_DIR']);
 $tmp -> SetTemplate('login.tpl');
 $tmp -> SetTempVariables(array('_body'));
 $tmp -> SetTempFunctions(array('DisplayLogInForm'));
 
 # create new instance of FormValidation class
 #
 $f = new FormValidation;
 # check to see if login FORM has been submitted first
 if(!$f -> CheckFormStatus()) {
  # FORM not submitted so display FORM
  $tmp -> ParseTemplate();
 }
 else {
  $f -> GetFormPostData();
  $f -> InitFormVars();
  
  # validate user inputs for valid characters
  $f -> FormInputIsAlphaNumeric('');
  $f -> FormInputIsAlphaNumeric('');
  
  if(!$f -> FormValidated()) {
   # there has been invalid characters for one or more input fields
   $tmp -> ParseTemplate();
  }
  else {
   # valid characters so check against database records
   if($db -> RequestUser($f -> GetFormUserInput(0), $f -> GetFormUserInput(1), 1) == (int) 1) {
    $DbArray = $db -> DumpDbase();
    
    # put database records to SESSION variable
    $_SESSION['Session']['UserId']   = (int)  $DbArray[0][0];
    $_SESSION['Session']['Username']  = (string)  $DbArray[0][2];
    $_SESSION['Session']['Password']  = (string)  $DbArray[0][3];
    $_SESSION['Session']['UserAccess']  = (int)  $DbArray[0][4];
    
    # use Javascript to re-direct back to application file
    RedirectJS('index.php');
   }
   else {
    # no match found from database query
    $tmp -> ParseTemplate();
   }
  }  
 }
 
 /** copyright 2002-03 les quinn all rights reserved
 */ 


Ignore the FormValidation class inserts - for your problem, this is where you actually check up on your user inputs against proper validated inputs etc.

Place your own PHP checks here instead - the script above basically will show you the script flow and structure I suppose.

So take out the parts that are not revelent to you - FormValidation usage for example - and put your own bits and pieces in there instead.

Any questions, etc then get back to this post 8)