Posted by .:[ ikciu ]:. on 10/17/06 20:26

Hmm Steve <no.one@example.com> wrote:


> $add = isset($_REQUEST['add']);
> $back = isset($_POST['back']);
> $confirm = isset($_POST['confirm']);
> $delete = isset($_REQUEST['delete']);
> $edit = isset($_REQUEST['edit']);

too many variables - so wrong for me you should to use only one and compare
bits in this variable
for example delete = 1, add =2, edit = 4 ....and so on 2^x otherwise some1
can send you all values at the same time - and your script won't work
correctly so code below will produce an "error" i will remove it
temportary - you know what you wrote there :)

$id = isset($_REQUEST['id']) ?
$_REQUEST['id'] : 0;
$personFirstName = isset($_REQUEST['personFirstName']) ?
$_REQUEST['personFirstName'] : '';
$personMiddleName = isset($_REQUEST['personMiddleName']) ?
$_REQUEST['personMiddleName'] : '';
$personLastName = isset($_REQUEST['personLastName']) ?
$_REQUEST['personLastName'] : '';
$personUserName = isset($_REQUEST['personUserName']) ?
$_REQUEST['personUserName'] : '';
$personPassword = isset($_REQUEST['personPassword']) ?
$_REQUEST['personPassword'] : '';
$personRePassword = isset($_REQUEST['personRePassword']) ?
$_REQUEST['personRePassword'] : '';
$personEmail = isset($_REQUEST['personEmail']) ?
$_REQUEST['personEmail'] : '';
$personPhoto = isset($_REQUEST['personPhoto']) ?
$_REQUEST['personPhoto'] : '';
$setSiteAccess = isset($_REQUEST['setSiteAccess']) ?
$_REQUEST['setSiteAccess'] : false;
$copyUserPermissions = isset($_REQUEST['copyUserPermissions']) ?
$_REQUEST['copyUserPermissions'] : false;
$passwordMismatch = strtolower($personPassword) !=
strtolower($personRePassword);


you don't check values - wrong for me some cant set it manualy

(error will ocure there)
> if ($back)
> {
> $add = false;
> $delete = false;
> $edit = false;
> $method = '';
> }
> if ($confirm)
> {
> $add = false;
> $delete = false;
> $edit = false;
> $method = '';
> $sql = "
>> if (!($delete || $confirm) && $method == 'put')
> {
> $sql = "
> SELECT COUNT(*) PersonExists
> FROM people
> WHERE Id != '" .
> $db->prepare($id) . "'
> AND LOWER(UserName) = LOWER('" .
> $db->prepare($personUserName) . "')
> ";
> unset($records);
> $records = $db->execute($sql);
> $personExists = $records[0]['PERSONEXISTS'] ? true : false;

if your execute command don't use stripslaslehs then next error

(here next error from your values)

> if ($action == 'add')
> {
> $sql = "
> INSERT INTO people
> (
> FirstName ,
> MiddleName ,
> LastName ,
> UserName ,
> Password ,
> Email
> )
> VALUES
> (
> '" . $db->prepare($personFirstName) . "' ,
> '" . $db->prepare($personMiddleName) . "' ,
> '" . $db->prepare($personLastName) . "' ,
> '" . $db->prepare($personUserName) . "' ,
> '" . $db->prepare($personPassword) . "' ,

i preffer second type of insert much better - so hard to make mistake,
you store not encoded password - wrong for me

<br>
> <div class="bullet" style="background:white no-repeat url('<?=
> $site->imagesDirectory ?>bullet.jpg');">
> People
> </div>
> <hr>

again mistakes in this code (semantci error) - if some1 will see it then
ROTFL - if you use css then dont use style in code this is .......


> <script language="javascript">
> var skipValidation = false;
> function validate()

good solution is pass form to this function - onsubmit="validate(this)"

> {
> if (skipValidation){ return true; }
> var warning = new String();
> var el = record.personFirstName;

document.record.....


> if (warning.length == 0 && trim(el.value) == '')
> {
> warning = "FIRST NAME is required.";
> }
> var el = record.personLastName;
> if (warning.length == 0 && trim(el.value) == '')
> {
> warning = "LAST NAME is required.";
> }
> var el = record.personUserName;
> if (warning.length == 0 && trim(el.value) == '')
> {
> warning = "USER NAME is required.";
> }
> var el = record.personEmail;
> if (warning.length != 0 && !isEmail(el.value))
> {
> warning = "Invalid EMAIL.";
> }

did you see what you wrote ???? what do you think will be the error msg when
some1 won't fill any data? - the last error only!
totaly wrong and no sense to to check all fields waste of processor time, if
one error then show it or just store all errors and show all at the same
time

> unset($records);
> $records = $db->execute($sql);
> $id = $records[0]['ID'];
> $personFirstName = $records[0]['FIRSTNAME'];
> $personMiddleName = $records[0]['MIDDLENAME'];
> $personLastName = $records[0]['LASTNAME'];
> $personUserName = $records[0]['USERNAME'];
> $personPassword = $records[0]['PASSWORD'];
> $personRePassword = $records[0]['PASSWORD'];
> $personEmail = $records[0]['EMAIL'];

same here if no stripslashes execute then next error

> if (count($errors))
> {
> $displayedErrors = array_unique(array_values($errors));

why? if you use text as a key in array there is no chances you will have 2
same errors for same field otherwise if you will use same msg for errors on
few fields then just make more userfriendly msg and let him know what is
wrong in msg not only check the fields


> Password
> <span style="color:#660000; font-size:10pt;"><?=
> (isset($errors['personPassword']) ? '*' : '') ?></span>
> </td>
> <td colspan="2">
> <input class="value"
> name="personPassword"
> maxlength="255"
> type="text"

no comment ... - wrong for me


> Password Confirmation
> <span style="color:#660000; font-size:10pt;"><?=
> (isset($errors['personRePassword']) ? '*' : '') ?></span>
> </td>
> <td colspan="2">
> <input class="value"
> name="personRePassword"
> maxlength="255"
> type="text"

again



> <input name="confirm" type="submit" style="cursor:'hand';
> width:100px;" value="Confirm&nbsp;" onclick="skipValidation=true;">

cursor: hand deprecated, i won't write more about your tableless code and
css :P

> <input name="delete" type="submit" style="cursor:'hand';
> width:100px;" value="Delete&nbsp;" onclick="skipValidation=true;">

value="Delete&nbsp;" - great

> </form>
> <script language="javascript">
> record.personFirstName.focus();
> record.personFirstName.select();

document.record.....

> $lastSort = isset($_REQUEST['lastSort']) ?
> $_REQUEST['lastSort'] : '';
> $sort = isset($_REQUEST['sort']) ?
> $_REQUEST['sort']
>> 'LASTNAME';
> $sortDirection = isset($_REQUEST['sortDirection']) ?
> $_REQUEST['sortDirection'] : 'ASC';
> if ($sort == $lastSort){ $sortDirection = $sortDirection == 'ASC' ?
> 'DESC' : 'ASC'; }

again you dont check values - wrong for me


> $lastSort = $sort;
>
> $group = $_REQUEST['group'];
> $page = $_REQUEST['page'];
> $pages = $_REQUEST['pages'];

again you dont check values - wrong for me

> $recordsPerPage = $_REQUEST['recordsPerPage'];
> if (!is_numeric($group)){ $group = 0; }
> if (!is_numeric($page)){ $page = 1; }
> if (!is_numeric($pages)){ $pages = 5; }
> if (!is_numeric($recordsPerPage)){ $recordsPerPage = 10; }

totaly wrong 123.45 is numeric too so next code is totaly wrong too .....


> $sql = "
> SELECT COUNT(*) RecordCount
> FROM people
> ";
> unset($records);
> $records = $db->execute($sql);
> $recordCount = $records[0]['RECORDCOUNT'];
> $currentPage = $page;
> $group = floor((($page - 1) * $recordsPerPage) /
> ($recordsPerPage * $pages));
> $navigation = array();
> $page = $group * $pages + 1;
> $lastPage = $page + $pages;
> $maxPages = ceil($recordCount / $recordsPerPage);
> $range = ($currentPage * $recordsPerPage) - $recordsPerPage;
> if ($group)
> > style="border-bottom:1px solid lightsteelblue; border-right:1px
> solid lightsteelblue; cursor:pointer; font-size:8pt;"
> title="Click to sort"
> onclick="document.location='<?= $_SERVER['PHP_SELF']
> ?>?lastSort=<?= $lastSort ?>&sortDirection=<?= $sortDirection
> ?>&sort=LASTNAME'" >Last Name</th>
>

..... you should have a array with possible sort and with loop make it and
pass ofc only int value no string as a $sort
thech check array_key_exists in this array and use value in query and you
will have error handler for this one variable

> $sql = "
> SELECT Id ,
> FirstName ,
> MiddleName ,
> LastName ,
> UserName ,
> Email
> FROM people
> ORDER BY " . $sort . " " . $sortDirection . "
> LIMIT " . $range . ", " . $recordsPerPage . "

db inssues for your code - means next error


> <a
> class="menuItem"
> href="<?= $_SERVER['PHP_SELF']?>?edit=1&id=<?= $record['ID']
> ?>" style="font-size:7.25pt; font-weight:normal;
> text-decoration:underline; white-space:nowrap;"
> title="EDIT [ <?= $description ?> ]"
> >Edit &#9655;</a>
> <br>
> <a
> class="menuItem"
> href="<?= $_SERVER['PHP_SELF']?>?edit=1&delete=1&id=<?=
> $record['ID'] ?>"
> style="font-size:7.25pt; font-weight:normal;
> text-decoration:underline; white-space:nowrap;"
> title="DELETE [ <?= $description ?> ]"
> >Delete &#9655;</a>

here is your first error should be passed $action variable with int value
and then error handling


i was so tired and i show you only few most important mistakes my
experienced i18n developer, have fun :)

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Ikciu | gg: 718845 | yahoo: ikciu_irsa | www: www.e-irsa.pl

2be || !2be $this => mysql_query();

• Next in forum: Re: on input form showing error message for duplicate entry.
• Prev in forum: Re: on input form showing error message for duplicate entry.
• Thread view: Re: on input form showing error message for duplicate entry.

[Reply to this message]