Need Help to Fix the PHP Code Errors

#1

Hi
I need the Help with the Following PHP Code , Require Functions are mentioned below this Code.

<?php
require('../functions_select.php');
require '../../admin/config.php';

if (isset($_POST['option'])) {
    if (isset($_POST['item'])) $item = $_POST['item'];
    if (isset($_POST['item2'])) $item2 = $_POST['item2'];
    else $item2 = "null";
    if (isset($_POST['item3'])) $item3 = $_POST['item3'];
    else $item3 = "null";
    if (isset($_POST['item4'])) $item4 = $_POST['item4'];
    else $item4 = "null";
    $option = $_POST['option'];
    tblsyntom($bd_config, $item, $item2, $item3, $item4, $option);
}

function tblsyntom($bd_config, $item, $item2, $item3, $item4, $option)
{
    $conexion = conexion_cat($bd_config);
    if (!$conexion) {
        return false;
    } else {
        $html = "";
        switch ($option) {
            case 'tblsyntom':
                $query = "SELECT * FROM `tblsyntom` WHERE `idMRC` LIKE '" . $item . "' ";
                $statement = $conexion->prepare($query);
                $statement->execute();
                $data = $statement->fetchall();
                $html = "<option value='0'> -- Syntom Option -- </option>\n";
                foreach ($data as $post) {
                    $html .= "<option value='" . $post['idSyntom'] . "|" . $post['descr'] . "' >" . $post['descr'] . "</option>\n";
                }
                break;
            case 'tblrootcause':
                $query = "SELECT * FROM `tblrootcause` WHERE `idMRC` LIKE " . $item2 . "  AND `idSyntom` LIKE " . $item . " ";
                echo $query;
                $statement = $conexion->prepare($query);
                $statement->execute();
                $data = $statement->fetchall();
                $html = "<option value='0'> -- RootCause Option -- </option>\n";
                foreach ($data as $post) {
                    $html .= "<option value='" . $post['idRootC'] . "|" . $post['descr'] . "' >" . $post['descr'] . "</option>\n";
                }
                break;
            case 'tblproposal':
                $query = "SELECT * FROM `tblproposal` WHERE `idMRC` LIKE " . $item2 . " AND `idSyntom` LIKE " . $item3 . " AND `idRootC` LIKE " . $item . " ";
                echo $query;
                $statement = $conexion->prepare($query);
                $statement->execute();
                $data = $statement->fetchall();
                $html = "<option value='0'> -- Proposal Option -- </option>\n";
                foreach ($data as $post) {
                    $html .= "<option value='" . $post['idProposal'] . "|" . $post['descr'] . "' >" . $post['descr'] . "</option>\n";
                }
                break;
            case 'tbldepto':
                $query = "SELECT * FROM `tbldepto` WHERE  `idMRC` LIKE " . $item2 . " AND `idSyntom` LIKE " . $item3 . " AND `idRootC` LIKE " . $item4 . " AND `idProposal` LIKE " . $item . " ";
                $statement = $conexion->prepare($query);
                $statement->execute();
                $data = $statement->fetchall();
                $html = "<option value='0'> -- Depto Option -- </option>\n";
                foreach ($data as $post) {
                    $html .= "<option value='" . $post['idDepto'] . "|" . $post['descr'] . "' >" . $post['descr'] . "</option>\n";
                }
                break;
        }
        echo $html;
    }
}


?>

PHP Code for Function_Select is as follows

<?php
function conexion_cat($bd_config)
{
    try {
        $conexion = new PDO('mysql:host=' . $bd_config['hosting'] . ';dbname=' . $bd_config['Settings'], $bd_config['user'], $bd_config['pass']);
        return $conexion;
    } catch (PDOException $e) {
        return false;
    }
}
function mainRoot($bd_config)
{
    $conexion = conexion_cat($bd_config);
    if (!$conexion) {
        return false;
    } else {
        $statement = $conexion->prepare('SELECT * FROM `tblmainroot` WHERE 1 ');
        $statement->execute();
        $data = $statement->fetchall();
        $html = "<option id='idcat' value='0'> -- Main Option -- </option>\n";
        foreach ($data as $post) {
            $html .= "<option value='" . $post['id'] . "|" . $post['descr'] . " '>" . $post['descr'] . "</option>\n";
        }
        return $html;
    }
}

?>

PHP Code for Config.PHP is as Follows

<?php
error_reporting(0); 
define("COD", 'AES-256-CBC');
define("KEY",'Tr1ag3a#%');
define("PRIV", 'JRsRosd2');

$SandBox = 1;
define('RUTA', 'http://' . $_SERVER["HTTP_HOST"] . '');
if ($SandBox) {
    $bd_config = array(
        'hosting' => 'localhost',
        'database' => 'tracker',
        'Tracker' => 'tracker',
        'MoverStock' => 'moverstock',
        'Settings' => 'settings',
        'monitoring' => 'monitoring',
        'keyMonitoring' => 'xxxxxxxxx',
        'user' => 'root',
        'pass' => '',
        'admin' => 'master',
        'password' => 'xxxxxxxxx'
    );
} else {
    $bd_config = array(
        'hosting' => '1.2.3.4',
        'database' => 'daily_movers1',
        'Tracker' => 'tracker',
        'MoverStock' => 'moverstock',
        'Settings' => 'settings',        
        'monitoring' => 'monitoring',
        'keyMonitoring' => 'xxxxxxxx',
        'user' => 'root',
        'pass' => '',
        'admin' => 'master',
        'password' => 'xxxxxxxxx'
    );
}
?>

Br//

#2

And what errors do you get?

You should check to see whether a query has executed properly before you start to use the results from it.

As you use prepared statements (which is a good thing)

$query = "SELECT * FROM `tblsyntom` WHERE `idMRC` LIKE '" . $item . "' ";
$statement = $conexion->prepare($query);

you should make proper use of them with bound parameters, rather than concatenating parameters into the query.

#3

You need to tell us what the problem is. What is it doing and what is it supposed to do?

#4

I think Php Code Check help you for this