[Chugalug] Newbie question

Randy Yates lpcustom at gmail.com
Sat Aug 17 16:29:19 UTC 2013


What's in inventory.php? You can probably remove that other include.


On Sat, Aug 17, 2013 at 12:27 PM, Tyler Mittan <
flashbatmanquestion at gmail.com> wrote:

> http://pastebin.com/1DReBY32
>
> I took the include out, but the break appears to be happening at the first
> stmt
> On Aug 17, 2013 12:24 PM, "Randy Yates" <lpcustom at gmail.com> wrote:
>
>> buttonId is just my generic term for whatever your button's id is. If
>> it's id='create' then you should just use if(isset($_POST['create']))
>>
>> As far as the php showing up in your browser, I was saying earlier that
>> it may be from your duplicate "include" statements. You could be including
>> the inventory.php file twice. Pastebin what you have right now so I can see
>> what's causing the breakage.
>>
>>
>> On Sat, Aug 17, 2013 at 12:18 PM, Tyler Mittan <
>> flashbatmanquestion at gmail.com> wrote:
>>
>>> Well, right now I have it as if(isset($_POST['buttonId'])=='create')
>>> etc.. does that 'create' need to be there or what should it be if not
>>> create. And for some reason the greater than bracket keeps closing the php
>>> syntax, and I am not sure why. Do you think it's the browser or that the
>>> php editor is just not very good?
>>>  On Aug 17, 2013 12:09 PM, "Randy Yates" <lpcustom at gmail.com> wrote:
>>>
>>>> If you are checking the button, you can just check if the button id
>>>> isset in post, I believe. Like:
>>>>
>>>> if(isset($_POST['buttonId'])) {
>>>> ....
>>>> }
>>>>
>>>>
>>>> On Sat, Aug 17, 2013 at 12:03 PM, Tyler Mittan <
>>>> flashbatmanquestion at gmail.com> wrote:
>>>>
>>>>> Thanks, I am trying out what you sent because it looks cleaner and
>>>>> easier to read. The first if statement being made with the $_POST, instead
>>>>> of 'action' and 'create', should it be the name of the submit button? I
>>>>> just want to clarify before trying it.
>>>>>  On Aug 17, 2013 11:58 AM, "Randy Yates" <lpcustom at gmail.com> wrote:
>>>>>
>>>>>> If you are seeing code, it could be from the multiple includes of the
>>>>>> same file in your code.
>>>>>>
>>>>>>
>>>>>> On Sat, Aug 17, 2013 at 11:50 AM, Randy Yates <lpcustom at gmail.com>wrote:
>>>>>>
>>>>>>> Tyler, here is a slightly better version of your pastebin code. I
>>>>>>> haven't tested it to see how it looks, so I may have a mistake here and
>>>>>>> there. However, notice the use of PDO. Check out the :year, :make, :model,
>>>>>>> etc in the SQL statement. Then when the $pdo->execute() is executed an
>>>>>>> array is passed as an argument to tell PDO how to bind the values.
>>>>>>>
>>>>>>> http://pastebin.com/W5tas7J9
>>>>>>>
>>>>>>>
>>>>>>> On Sat, Aug 17, 2013 at 11:29 AM, Randy Yates <lpcustom at gmail.com>wrote:
>>>>>>>
>>>>>>>> When I said that, I was just trying to find the quick fix for his
>>>>>>>> problem. I later warned him that he would have SQL injection issues with a
>>>>>>>> statement like that. I just didn't want anyone to get the idea that I wrote
>>>>>>>> that SQL statement. I was merely pointing out that he was missing the
>>>>>>>> keyword "VALUES" in his pastebin code.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sat, Aug 17, 2013 at 11:24 AM, Dan Lyke <danlyke at flutterby.com>wrote:
>>>>>>>>
>>>>>>>>> On Fri, 16 Aug 2013 20:18:04 -0400
>>>>>>>>> Randy Yates <lpcustom at gmail.com> wrote:
>>>>>>>>> > Tyler, your SQL statement may be failing. Have you tried that
>>>>>>>>> > statement manually in mysql? You may need to add VALUES like so:
>>>>>>>>> >
>>>>>>>>> >    1. INSERT INTO sedan ( year, make, model, color, price)
>>>>>>>>> >    values('{$_POST['year']}','{$_POST['make']}',
>>>>>>>>> '{$_POST['model']}',
>>>>>>>>> >    '{$_POST['color']}', '{$_POST['price']}')";
>>>>>>>>>
>>>>>>>>> I know nothing about PDO, and am not generally a fan of ORMs, but
>>>>>>>>> never
>>>>>>>>> ever ever do this.
>>>>>>>>>
>>>>>>>>> Use bound variables, or make sure that values put into SQl
>>>>>>>>> statements
>>>>>>>>> get properly quoted.
>>>>>>>>>
>>>>>>>>> Here's why: http://xkcd.com/327/
>>>>>>>>>
>>>>>>>>> Dan
>>>>>>>>> _______________________________________________
>>>>>>>>> Chugalug mailing list
>>>>>>>>> Chugalug at chugalug.org
>>>>>>>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Google reads my email!
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Google reads my email!
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Google reads my email!
>>>>>>
>>>>>> _______________________________________________
>>>>>> Chugalug mailing list
>>>>>> Chugalug at chugalug.org
>>>>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>>>>
>>>>>>
>>>>> _______________________________________________
>>>>> Chugalug mailing list
>>>>> Chugalug at chugalug.org
>>>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Google reads my email!
>>>>
>>>> _______________________________________________
>>>> Chugalug mailing list
>>>> Chugalug at chugalug.org
>>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>>
>>>>
>>> _______________________________________________
>>> Chugalug mailing list
>>> Chugalug at chugalug.org
>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>
>>>
>>
>>
>> --
>> Google reads my email!
>>
>> _______________________________________________
>> Chugalug mailing list
>> Chugalug at chugalug.org
>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>
>>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
>


-- 
Google reads my email!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130817/ecaa9b12/attachment.html>


More information about the Chugalug mailing list