[Chugalug] Newbie question

Tyler Mittan flashbatmanquestion at gmail.com
Sat Aug 17 16:52:14 UTC 2013


Yes.
On Aug 17, 2013 12:44 PM, "Randy Yates" <lpcustom at gmail.com> wrote:

> Does your file have a .php extension?
>
>
>
> On Sat, Aug 17, 2013 at 12:33 PM, Tyler Mittan <
> flashbatmanquestion at gmail.com> wrote:
>
>> whoops! sorry forgot to include that.
>>
>> http://pastebin.com/7c5VHCtz
>> On Aug 17, 2013 12:24 PM, "Randy Yates" <lpcustom at gmail.com> wrote:
>>
>>> buttonId is just my generic term for whatever your button's id is. If
>>> it's id='create' then you should just use if(isset($_POST['create']))
>>>
>>> As far as the php showing up in your browser, I was saying earlier that
>>> it may be from your duplicate "include" statements. You could be including
>>> the inventory.php file twice. Pastebin what you have right now so I can see
>>> what's causing the breakage.
>>>
>>>
>>> On Sat, Aug 17, 2013 at 12:18 PM, Tyler Mittan <
>>> flashbatmanquestion at gmail.com> wrote:
>>>
>>>> Well, right now I have it as if(isset($_POST['buttonId'])=='create')
>>>> etc.. does that 'create' need to be there or what should it be if not
>>>> create. And for some reason the greater than bracket keeps closing the php
>>>> syntax, and I am not sure why. Do you think it's the browser or that the
>>>> php editor is just not very good?
>>>>  On Aug 17, 2013 12:09 PM, "Randy Yates" <lpcustom at gmail.com> wrote:
>>>>
>>>>> If you are checking the button, you can just check if the button id
>>>>> isset in post, I believe. Like:
>>>>>
>>>>> if(isset($_POST['buttonId'])) {
>>>>> ....
>>>>> }
>>>>>
>>>>>
>>>>> On Sat, Aug 17, 2013 at 12:03 PM, Tyler Mittan <
>>>>> flashbatmanquestion at gmail.com> wrote:
>>>>>
>>>>>> Thanks, I am trying out what you sent because it looks cleaner and
>>>>>> easier to read. The first if statement being made with the $_POST, instead
>>>>>> of 'action' and 'create', should it be the name of the submit button? I
>>>>>> just want to clarify before trying it.
>>>>>>  On Aug 17, 2013 11:58 AM, "Randy Yates" <lpcustom at gmail.com> wrote:
>>>>>>
>>>>>>> If you are seeing code, it could be from the multiple includes of
>>>>>>> the same file in your code.
>>>>>>>
>>>>>>>
>>>>>>> On Sat, Aug 17, 2013 at 11:50 AM, Randy Yates <lpcustom at gmail.com>wrote:
>>>>>>>
>>>>>>>> Tyler, here is a slightly better version of your pastebin code. I
>>>>>>>> haven't tested it to see how it looks, so I may have a mistake here and
>>>>>>>> there. However, notice the use of PDO. Check out the :year, :make, :model,
>>>>>>>> etc in the SQL statement. Then when the $pdo->execute() is executed an
>>>>>>>> array is passed as an argument to tell PDO how to bind the values.
>>>>>>>>
>>>>>>>> http://pastebin.com/W5tas7J9
>>>>>>>>
>>>>>>>>
>>>>>>>> On Sat, Aug 17, 2013 at 11:29 AM, Randy Yates <lpcustom at gmail.com>wrote:
>>>>>>>>
>>>>>>>>> When I said that, I was just trying to find the quick fix for his
>>>>>>>>> problem. I later warned him that he would have SQL injection issues with a
>>>>>>>>> statement like that. I just didn't want anyone to get the idea that I wrote
>>>>>>>>> that SQL statement. I was merely pointing out that he was missing the
>>>>>>>>> keyword "VALUES" in his pastebin code.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Sat, Aug 17, 2013 at 11:24 AM, Dan Lyke <danlyke at flutterby.com>wrote:
>>>>>>>>>
>>>>>>>>>> On Fri, 16 Aug 2013 20:18:04 -0400
>>>>>>>>>> Randy Yates <lpcustom at gmail.com> wrote:
>>>>>>>>>> > Tyler, your SQL statement may be failing. Have you tried that
>>>>>>>>>> > statement manually in mysql? You may need to add VALUES like so:
>>>>>>>>>> >
>>>>>>>>>> >    1. INSERT INTO sedan ( year, make, model, color, price)
>>>>>>>>>> >    values('{$_POST['year']}','{$_POST['make']}',
>>>>>>>>>> '{$_POST['model']}',
>>>>>>>>>> >    '{$_POST['color']}', '{$_POST['price']}')";
>>>>>>>>>>
>>>>>>>>>> I know nothing about PDO, and am not generally a fan of ORMs, but
>>>>>>>>>> never
>>>>>>>>>> ever ever do this.
>>>>>>>>>>
>>>>>>>>>> Use bound variables, or make sure that values put into SQl
>>>>>>>>>> statements
>>>>>>>>>> get properly quoted.
>>>>>>>>>>
>>>>>>>>>> Here's why: http://xkcd.com/327/
>>>>>>>>>>
>>>>>>>>>> Dan
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Chugalug mailing list
>>>>>>>>>> Chugalug at chugalug.org
>>>>>>>>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Google reads my email!
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> Google reads my email!
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Google reads my email!
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Chugalug mailing list
>>>>>>> Chugalug at chugalug.org
>>>>>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Chugalug mailing list
>>>>>> Chugalug at chugalug.org
>>>>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Google reads my email!
>>>>>
>>>>> _______________________________________________
>>>>> Chugalug mailing list
>>>>> Chugalug at chugalug.org
>>>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>>>
>>>>>
>>>> _______________________________________________
>>>> Chugalug mailing list
>>>> Chugalug at chugalug.org
>>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>>
>>>>
>>>
>>>
>>> --
>>> Google reads my email!
>>>
>>> _______________________________________________
>>> Chugalug mailing list
>>> Chugalug at chugalug.org
>>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>>
>>>
>> _______________________________________________
>> Chugalug mailing list
>> Chugalug at chugalug.org
>> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>>
>>
>
>
> --
> Google reads my email!
>
> _______________________________________________
> Chugalug mailing list
> Chugalug at chugalug.org
> http://chugalug.org/cgi-bin/mailman/listinfo/chugalug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://chugalug.org/pipermail/chugalug/attachments/20130817/45a11d02/attachment-0001.html>


More information about the Chugalug mailing list