Problem inserting records...!!!
11-03-09, 04:32 AM
|
|
Newbie Coder
|
|
Join Date: Aug 2009
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
|
Problem inserting records...!!!
hi guyes...
i have 2 files, schedulemasternew.php and schedule_entry.php.
here is schedulemasternew.php
PHP Code:
<?php
ob_start();
session_start();
?>
<?php
if($_REQUEST[month]=="January")
{
$maxday=31;
}
else if($_REQUEST[month]=="February")
{
$leap= $_REQUEST[year] % 4;
if($leap==0)
{
$maxday=29;
}
else
{
$maxday=28;
}
}
else if($_REQUEST[month]=="March")
{
$maxday=31;
}
else if($_REQUEST[month]=="April")
{
$maxday=30;
}
else if($_REQUEST[month]=="May")
{
$maxday=31;
}
else if($_REQUEST[month]=="June")
{
$maxday=30;
}
else if($_REQUEST[month]=="July")
{
$maxday=31;
}
else if($_REQUEST[month]=="August")
{
$maxday=31;
}
else if($_REQUEST[month]=="September")
{
$maxday=30;
}
else if($_REQUEST[month]=="October")
{
$maxday=31;
}
else if($_REQUEST[month]=="November")
{
$maxday=30;
}
else if($_REQUEST[month]=="December")
{
$maxday=31;
}
session_register("daycount");
$_SESSION["daycount"]=$maxday;
?>
<table width="757" align="center" cellpadding="0" cellspacing="1" border="0">
<form name="form" action="schedule_entry.php?action=new" method="post" onsubmit="return validateForms('form');">
<?php include_once("master_header.php");?>
<tr> <td align="center" width="100%">
<table width="80%" align="center" cellpadding="2" cellspacing="1" bgcolor="#333333">
<br /> <tr bgcolor="#FFFFFF">
<td colspan="5" align="left" class="bluelink_2"><strong>Water Management</strong></td>
</tr> <tr bgcolor="#FFFFFF"> <td width="29%" align="center" class="txtfld12">Date</td>
<td width="26%" align="center" class="txtfld12">Litres</td> <td width="26%" align="center" class="txtfld12">Hours</td>
</tr> <?php
for ($i=0;$i<$maxday;$i++)
{
?>
<tr bgcolor="#FFFFFF">
<td align="center" class="txtfld12" width="8%"><?php echo $i+1 ?></td>
<td align="center"><input type="text" name="litres<?php $i?>" id="litres" /><br><span id="litres" class="rederr"></span></td>
<td align="center"><input type="text" name="hours<?php $i?>" id="hours" /><br><span id="hours" class="rederr"></span></td>
</tr>
<?php
}
?>
<tr bgcolor="#FFFFFF"> <td colspan="3" align="center" class="txtfld12"> </td>
</tr>
<tr> <td align="center" colspan="3"><input type="submit" class="button" name="Add Schedule" value="Add Schedule" /></td>
</tr></table></td>
</tr>
</table>
</form>
And, here is schedule_entry.php
PHP Code:
<?php
ob_start();
session_start();
include_once("conn.php");
$count=$_SESSION["daycount"];
if($_GET['action']=="new")
{
if(mysql_query("INSERT INTO schedule(plotno,year,month) VALUES('$_POST[plotno]','$_POST[year]','$_POST[month]')"))
{
$sid = mysql_insert_id();
$litres =$_POST["litres"];
$hours =$_POST["hours"];
$record = explode('~',$litres);
$record1=explode('~',$hours);
for($i=0;$$i<$count;$i++)
{
$ScheduleDetail = explode("^",$record[$i]);
$ScheduleDetails = explode("^",$record1[$i]);
$sql ="INSERT INTO scheduledetail(scheduleid,date,litres,hours) values($sid,$i,'$ScheduleDetail[0]','$ScheduleDetails[0]')";
mysql_query($sql);
}
header("Location:index.php?page=schedulemaster");
}
else {
echo "<br>Query not executed";
}
}
?>
I am creating an application where user selects plot no, year and month. Then according to selected year and month, the no. of days for the selected month are calculated.
and then on next page i.e. schedulemasternew.php, user will have to enter date, litres and hours for no. of times depending upon the month and year selected (i.e. 31 times for January, 28 times for February).
and in schedule_entry.php, there is logic to insert the records.
but, i'm facing problem here while inserting records.
first of all, i'm not sure that, the array is properly created for the records to be inserted.
because, when i execute, it shows Fatal Error :Maximum execution time of 30 seconds exceeded in C:\wamp\www\agro\agro\schedule_entry.php on line 20
and, when i check database, only last entry is inserted in scheduledetail table.
can u please tell me, how should i solve this problem...???
|
11-03-09, 07:03 PM
|
|
Coding Addict
|
|
Join Date: Mar 2009
Location: North Carolina, USA
Posts: 277
Thanks: 3
Thanked 5 Times in 5 Posts
|
|
You have a problem in your script.
#1
In your for statement you are using a variable variable. While this can be done, you are setting it with a number, which a variable cannot be. I'm assuming that you just messed up and put an extra $ in there.
#2
You are passing the inputs as litres<?php $i;?> which doesn't really do anything. So you are posting a value from $_POST['litres'].
You should be passing the inputs as litres<?php echo $i;?> which would pass it as $_POST['litres0']. $_POST['litres1'], etc.
#3
You are not retrieving these same litres variable right, you are only retrieving $_POST['litres'] which gives you the LAST value submitted. (*note* this applies to litres and to hours).
#4
You should be retrieving your litres and hours variables from inside the for loop. Otherwise you cannot automate the count.
Side Note. Please sanitize your data, some very good sanitize functions floating around this forum. This will help your database from getting screwed, and protect your user's from the boogey man.
|
11-03-09, 11:40 PM
|
|
Newbie Coder
|
|
Join Date: Aug 2009
Posts: 18
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Thanks for the reply....
Ohh...
yes, that was a silly mistake in for loop. I have corrected it.
But still, i'm having a problem.
This loop is getting executed for a single time only, and also values in the entries are inserted to 0,0...
However i use any number,
e.g.
for($i=0;$i<30;$i++)
it is executing for the single time only.
Can u please help me...???
|
11-05-09, 06:13 PM
|
|
Coding Addict
|
|
Join Date: Mar 2009
Location: North Carolina, USA
Posts: 277
Thanks: 3
Thanked 5 Times in 5 Posts
|
|
I discovered some things that the script was asking for, that wasn't provided. I suppose your sending the plotno, year, month some other way, than that form.
Other than that, I think this will solve it. Let me know if there are problems.
PHP Code:
<?php
ob_start();
session_start();
?>
<?php
if($_REQUEST[month]=="January")
{
$maxday=31;
}
else if($_REQUEST[month]=="February")
{
$leap= $_REQUEST[year] % 4;
if($leap==0)
{
$maxday=29;
}
else
{
$maxday=28;
}
}
else if($_REQUEST[month]=="March")
{
$maxday=31;
}
else if($_REQUEST[month]=="April")
{
$maxday=30;
}
else if($_REQUEST[month]=="May")
{
$maxday=31;
}
else if($_REQUEST[month]=="June")
{
$maxday=30;
}
else if($_REQUEST[month]=="July")
{
$maxday=31;
}
else if($_REQUEST[month]=="August")
{
$maxday=31;
}
else if($_REQUEST[month]=="September")
{
$maxday=30;
}
else if($_REQUEST[month]=="October")
{
$maxday=31;
}
else if($_REQUEST[month]=="November")
{
$maxday=30;
}
else if($_REQUEST[month]=="December")
{
$maxday=31;
}
session_register("daycount");
$_SESSION["daycount"]=$maxday;
?>
<table width="757" align="center" cellpadding="0" cellspacing="1" border="0">
<form name="form" action="schedule_entry.php?action=new" method="post" onsubmit="return validateForms('form');">
<?php include_once("master_header.php");?>
<tr> <td align="center" width="100%">
<table width="80%" align="center" cellpadding="2" cellspacing="1" bgcolor="#333333">
<br /> <tr bgcolor="#FFFFFF">
<td colspan="5" align="left" class="bluelink_2"><strong>Water Management</strong></td>
</tr> <tr bgcolor="#FFFFFF"> <td width="29%" align="center" class="txtfld12">Date</td>
<td width="26%" align="center" class="txtfld12">Litres</td> <td width="26%" align="center" class="txtfld12">Hours</td>
</tr> <?php
for ($i=0;$i<$maxday;$i++)
{
?>
<tr bgcolor="#FFFFFF">
<td align="center" class="txtfld12" width="8%"><?php echo $i+1 ?></td>
<td align="center"><input type="text" name="litres<?php echo $i; ?>" id="litres" /><br><span id="litres" class="rederr"></span></td>
<td align="center"><input type="text" name="hours<?php echo $i; ?>" id="hours" /><br><span id="hours" class="rederr"></span></td>
</tr>
<?php
}
?>
<tr bgcolor="#FFFFFF"> <td colspan="3" align="center" class="txtfld12"> </td>
</tr>
<tr> <td align="center" colspan="3"><input type="submit" class="button" name="Add Schedule" value="Add Schedule" /></td>
</tr></table></td>
</tr>
</table>
</form>
PHP Code:
<?php
ob_start();
session_start();
include_once("conn.php");
////////////////////////////////////////////
// input sanitizer function - LDM 2008
//function provided by EndUser at ProgrammingTalk.com (aka Hotscripts.com);
function sanitize($dtype, $dlen, $data){
// dtype 1: allow numbers, space, and '-'
// dtype 2: allow alpha and spaces only
// dtype 3: allow alphanumeric, spaces, period, and '-'
// dtype 4: allow alphanumeric w/ all punctuation
// dtype 5: email validation chars
// dlen: data length limit, '0' = no length limit
// special cleanups
$data = preg_replace("/x1a/",'', $data);
$data = preg_replace("/x00/",'', $data);
// the 2 tests above may not be needed due to this more complete test
$data = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $data);
$data = preg_replace("|\.\./|",'', $data); // stop directory traversal
$data = preg_replace("/--/",' - ', $data); // stop mySQL comments
$data = preg_replace("/%3A%2F%2F/",'', $data); // stop B64 encoded '://'
// new, added 8-31-2008 /////////////////////////////////
////////// START NEW TESTS 08-31-2008 ////////////////////////////////////////
// Remove Null Characters
// This prevents sandwiching null characters
// between ascii characters, like Java\0script.
$data = preg_replace('/\0+/', '', $data);
$data = preg_replace('/(\\\\0)+/', '', $data);
// Validate standard character entities
// Add a semicolon if missing. We do this to enable
// the conversion of entities to ASCII later.
$data = preg_replace('#(&\#*\w+)[\x00-\x20]+;#u',"\\1;",$data);
// Validate UTF16 two byte encoding (x00)
// Just as above, adds a semicolon if missing.
$data = preg_replace('#(&\#x*)([0-9A-F]+);*#iu',"\\1\\2;",$data);
// URL Decode
// Just in case stuff like this is submitted:
// <a href="http://%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D">Google</a>
// Note: Normally urldecode() would be easier but it removes plus signs
$data = preg_replace("/([a-z0-9]{3})/i", "&#x\\1;", $data);
$data = preg_replace("/%([a-z0-9]{2})/i", "&#x\\1;", $data);
// Convert character entities to ASCII
// This permits our tests below to work reliably.
// We only convert entities that are within tags since
// these are the ones that will pose security problems.
if (preg_match_all("/<(.+?)>/si", $data, $matches)) {
for ($i = 0; $i < count($matches['0']); $i++) {
$data = str_replace($matches['1'][$i],
html_entity_decode($matches['1'][$i], ENT_COMPAT, $charset), $data);
}
}
// Convert all tabs to spaces
// This prevents strings like this: ja vascript
// Note: we deal with spaces between characters later.
$data = preg_replace("#\t+#", " ", $data);
// Makes PHP tags safe
// Note: XML tags are inadvertently replaced too:
// xml
// But who cares, only terrorists use XML. :)
$data = str_replace(array('<?php', '<?PHP', '<?', '?>'), array('<?php', '<?PHP', '<?', '?>'), $data);
// Compact any exploded words
// This corrects words like: j a v a s c r i p t
// These words are compacted back to their correct state.
$words = array('javascript', 'vbscript', 'script', 'applet', 'alert', 'document', 'write', 'cookie', 'window');
foreach ($words as $word) {
$temp = '';
for ($i = 0; $i < strlen($word); $i++) {
$temp .= substr($word, $i, 1)."\s*";
}
$temp = substr($temp, 0, -3);
$data = preg_replace('#'.$temp.'#s', $word, $data);
$data = preg_replace('#'.ucfirst($temp).'#s', ucfirst($word), $data);
}
// Remove disallowed Javascript in links or img tags
$data = preg_replace("#<a.+?href=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>.*?</a>#si", "", $data);
$data = preg_replace("#<img.+?src=.*?(alert\(|alert&\#40;|javascript\:|window\.|document\.|\.cookie|<script|<xss).*?\>#si","", $data);
$data = preg_replace("#<(script|xss).*?\>#si", "", $data);
// Remove JavaScript Event Handlers
// Note: This code is a little blunt. It removes
// the event handler and anything up to the closing >,
// but it's unlikely to be a problem.
$data = preg_replace('#(<[^>]+.*?)(onabort|onactivate|onafterprint|onafterupdate|onbeforeactivate|onbeforecopy|onbeforecut|onbeforedeactivate|onbeforeeditfocus|onbeforepaste|onbeforeprint|onbeforeunload|onbeforeupdate|onblur|onbounce|oncellchange|onchange|onclick|oncontextmenu|oncontrolselect|oncopy|oncut|ondataavailable|ondatasetchanged|ondatasetcomplete|ondblclick|ondeactivate|ondrag|ondragend|ondragenter|ondragleave|ondragover|ondragstart|ondrop|onerror|onerrorupdate|onfilterchange|onfinish|onfocus|onfocusin|onfocusout|onhelp|onkeydown|onkeypress|onkeyup|onlayoutcomplete|onload|onlosecapture|onmousedown|onmouseenter|onmouseleave|onmousemove|onmouseout|onmouseover|onmouseup|onmousewheel|onmove|onmoveend|onmovestart|onpaste|onpropertychange|onreadystatechange|onreset|onresize|onresizeend|onresizestart|onrowenter|onrowexit|onrowsdelete|onrowsinserted|onscroll|onselect|onselectionchange|onselectstart|onstart|onstop|onsubmit|onunload)[^>]*>#iU',"\\1>",$data);
// Sanitize naughty HTML elements
// If a tag containing any of the words in the list
// below is found, the tag gets converted to entities.
// So this: <blink>
// Becomes: <blink>
$data = preg_replace('#<(/*\s*)(alert|vbscript|javascript|applet|basefont|base|behavior|bgsound|blink|body|embed|expression|form|frameset|frame|head|html|ilayer|iframe|input|layer|link|meta|object|plaintext|style|script|textarea|title|xml|xss|lowsrc)([^>]*)>#is', "<\\1\\2\\3>", $data);
// Sanitize naughty scripting elements
// Similar to above, only instead of looking for
// tags it looks for PHP and JavaScript commands
// that are disallowed. Rather than removing the
// code, it simply converts the parenthesis to entities
// rendering the code un-executable.
// For example: eval('some code')
// Becomes: eval('some code')
$data = preg_replace('#(alert|cmd|passthru|eval|exec|system|fopen|fsockopen|file|file_get_contents|readfile|unlink)(\s*)\((.*?)\)#si', "\\1\\2(\\3)", $data);
// Final clean up
// This adds a bit of extra precaution in case
// something got through the above filters
$bad = array(
'document.cookie' => '',
'document.write' => '',
'window.location' => '',
"javascript\s*:" => '',
"Redirect\s+302" => '',
'<!--' => '<!--',
'-->' => '-->'
);
foreach ($bad as $key => $val) {
$data = preg_replace("#".$key."#i", $val, $data);
}
////////// END NEW TESTS /////////////////////////////////////////////////////
if($dlen != '0'){
$data = substr($data, 0, $dlen);
}
if($dtype == '1'){
// allow only numeric characters, space, period, and '-'
$data = preg_replace("/[^0-9\-\ \.]/",'', $data);
}
if($dtype == '2'){
// allow only alpha characters, '_' and space
$data = preg_replace("/[^a-zA-Z~\ \_]/",'', $data);
}
if($dtype == '3'){
// allow only alphanumeric characters, space, '_', period, colon, and '-'
$data = preg_replace("/[^0-9a-zA-Z~\-\ \.\:\_]/",'', $data);
}
if($dtype == '4'){
// allow only alphanumeric characters w/ punctuation + carriage returns
$data = preg_replace("|[^0-9a-zA-Z~@#$%=:;_, \\n\\\!\^&\*\(\)\-\+\.\?\/\'\"]|",'', $data);
}
if($dtype == '5'){
// specifically for email validation
$data = preg_replace("|[^0-9a-zA-Z@_\-\.]|",'', $data);
}
$data = trim($data);
return $data;
}
// end sanitize
////////////////////////////////////////////
$count=$_SESSION["daycount"];
if($_GET['action']=="new")
{
$plotno = sanitize(4,0,$_POST['plotno']);
$year = sanitize(1,5,$_POST['year']);
$month = sanitize(1,3,$_POST['month']);
if(mysql_query("INSERT INTO schedule(plotno,year,month) VALUES('$plotno','$year','$month')"))
{
$sid = mysql_insert_id();
// $record = explode('~',$litres);
// $record1=explode('~',$hours);
$sql ="INSERT INTO scheduledetail(scheduleid,date,litres,hours) values";
for($i=0;$i<$count;$i++)
{
$litres = sanitize(1,0,$_POST["litres$i"]);
$hours = sanitize(1,0,$_POST["hours$i"]);
// $ScheduleDetail = explode("^",$record[$i]);
// $ScheduleDetails = explode("^",$record1[$i]);
$sql .= "('$sid','$i','$litres','$hours')";
if($i < ($count - 1)) {
$sql .= ' , ';
}
}
mysql_query($sql);
header("Location:index.php?page=schedulemaster");
}
else {
echo "<br>Query not executed";
}
}
?>
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
