thread434-1760928 Hello, Was

johnvins · Oct 7, 2016

thread434-1760928

Hello,

Was there ever a resolution to the thread above?
I have exactly the same problem---both on a development test server and VPS, this is the only piece of the pie that doesn't work. Fill out the form and submit it---nothing happens, no post to the database or confirmation to the user and no write to append the recipe with the star rating and comment.

The code is in a file that will allow a user to vote and comment on a recipe. You could give up to 5 stars and write a comment. The app was free from mfscripts.com All in all everything works and I've been able to customize it very much to my liking. Since it was "free" mfscripts.com offers no support, alas.

If okay here is the the content of the file view.html, Thanks in advance and BTW the name of the database is world and the data is to go into comments.

johnvins

<?php

include_once("config.php");

// get vars
$id = $_REQUEST['id'];
$id = sanitize(1, 11, $id);

// start session for captcha
session_start();

$vote = $_REQUEST['vote'];
if($submitme) {

$yourname = formatField($_POST['yourname']);
$comment = formatField($_POST['comment']);

// validation
if(strlen($yourname) == 0) $error = "Please enter your name.";
elseif(strlen($yourname) > 50) $error = "Maximum name length is 50 characters.";
elseif(strlen($comment) == 0) $error = "Please enter your comments.";
elseif(strlen($comment) > 500) $error = "Maximum comment length is 500 characters.";
elseif($_SESSION["captcha"] != $_POST['captcha']) $error = "Your confirmation text does not match, only enter the black characters.";

if(strlen($error) == 0) {

$ip = $REMOTE_ADDR;
$insert_comment = mysql_query("INSERT INTO comments (name, comment, recipeid, dateadded, userip) VALUES ('".mysql_real_escape_string($yourname)."', '".mysql_real_escape_string($comment)."', ".$id.", NOW(), '".mysql_real_escape_string($ip)."')");
$hideform = TRUE;

if(strlen($vote) > 0) {
$lookup_field = "votestar".$vote;
$get_values = mysql_query("SELECT votestar1, votestar2, votestar3, votestar4, votestar5 FROM recipes WHERE id = ".$id." LIMIT 1");
$votestar1 = mysql_result($get_values, 0, votestar1);
$votestar2 = mysql_result($get_values, 0, votestar2);
$votestar3 = mysql_result($get_values, 0, votestar3);
$votestar4 = mysql_result($get_values, 0, votestar4);
$votestar5 = mysql_result($get_values, 0, votestar5);
if($vote == 1) $votestar1 = $votestar1+1;
elseif($vote == 2) $votestar2 = $votestar2+1;
elseif($vote == 3) $votestar3 = $votestar3+1;
elseif($vote == 4) $votestar4 = $votestar4+1;
elseif($vote == 5) $votestar5 = $votestar5+1;
$total = ($votestar1 * 1)+($votestar2 * 2)+($votestar3 * 3)+($votestar4 * 4)+($votestar5 * 5);
$total = $total/($votestar1+$votestar2+$votestar3+$votestar4+$votestar5);
$update_joke = mysql_query("UPDATE recipes SET ".$lookup_field." = ".$$lookup_field.", votestartotal = ".$total." WHERE id = ".$id." LIMIT 1");
}
}
}

$temp = mysql_query("SELECT * FROM recipes WHERE id = ".$id." LIMIT 1");
$title = UCWords(mysql_result($temp, 0, title));
$category = mysql_result($temp, 0, category);
$subcategory = mysql_result($temp, 0, category2);
$recipe = mysql_result($temp, 0, recipe);
$recipe = trim(str_replace(array("<h1>", "</h1>"), "", $recipe));
$votestartotal = mysql_result($temp, 0, votestartotal);

$ptitle = "Recipe for ".$title;
$pkeys = $title.", italian recipe, lasagna recipe, low carb recipe, low fat recipe";
$pdesc = $title." food recipe";

// get comments
$get_comments = mysql_query("SELECT name, comment, recipeid, dateadded, userip FROM comments WHERE recipeid = ".$id." ORDER BY dateadded DESC");

include_once("header_view.php");

?>
<tr>
<td height="100%" background="images/captext.gif" valign="top" style="padding-left:100px;padding-top:11px">
<table width="900" height="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="160" height="100%" valign="top">
<?php
include("mainmenu.php");
?>
</td>

<td width="525" align="right" style="padding-right:3px" valign="top">
<table width="388" border="0" cellspacing="0" cellpadding="0">
<?php
include("toptext.php");
?>
<tr>
<td height="29" background="#FFFFFF" style="padding-left:23px"><strong>RECIPE FOR <?php echo strtoupper($title); ?></strong></td>
</tr>
<tr>
<td bgcolor="#FFFFFF" height="100%" style="padding-top:2px;" valign="top">
<table width="100%" height="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="100%" style="padding-left:11px;padding-top:3px;" valign="top">

<table width='100%' cellpadding='0' cellspacing='0'>
<?php
echo "<tr><td valign='top'><b>Title:</b></td><td width='280'>$title</td></tr>";
if(strlen($category) > 0) echo "<tr><td><b>Category:</b></td><td>".UCWords($category)."</td></tr>";
if(strlen($subcategory) > 0) echo "<tr><td><b>Sub-Category:</b></td><td>".UCWords($subcategory)."</td></tr>";

if(number_format($votestartotal, 0) == 0) $rating = "not yet rated";
else $rating = number_format($votestartotal, 0)." stars";
echo "<tr><td style='padding-top:4px;' height='35'><b>Rating:</b></td><td style='padding-top:4px;'><img src='images/small-stars-".number_format($votestartotal, 0).".gif' width='52' height='8' alt='".$rating."'>";
echo "</td></tr>";

echo "</table>";

echo "<b>Instructions:</b><br><br>";
echo $recipe."<br><br>";

?>

</td>
</tr>
<tr>
<td style="padding-left:11px;padding-top:3px;" valign="top" bgcolor="#FFFFFF">
 
</td>
</tr>

<?php
if(mysql_numrows($get_comments) > 0) {
?>
<tr><td style="padding-left:11px;padding-top:9px;" valign="top" bgcolor="#FFFFFF">
<table width='100%' cellpadding='0' cellspacing='0'>
<tr><td class="commentlabel"><b>User Comments:</b><br><br></td></tr>
<?php
while($row = mysql_fetch_array($get_comments)) {
$date_com = substr($row['dateadded'], 8, 2)."/".substr($row['dateadded'], 5, 2)."/".substr($row['dateadded'], 0, 4);
echo "<tr><td style='color:#999999;'>".$date_com." - ".$row['name']."</td></tr>";
echo "<tr><td style='color:#999999; border-bottom:1'>\"".$row['comment']."\"<br><br></td></tr>";
}
echo "</table>";

?>
</td>
</tr>
<tr>
<td style="padding-left:11px;padding-top:3px;" valign="top" bgcolor="#FFFFFF">
 
</td>
</tr>
<?php
}
?>
<?php

if(!$hideform) {
?>
<tr>
<td style="padding-left:11px;padding-top:3px;" valign="top" bgcolor="#FFFFFF">
<?php
if(strlen($error) > 0) echo "<br><font style='color:red;'>ERROR: ".$error."</font><br><br>";
?>
<table width='100%' cellpadding='0' cellspacing='0'>
<form method='POST' action='view.html?id=<?php echo $id; ?>'>
<tr><td colspan="2" height="25" class="commentlabel"><b>Add A Comment/Rating:</b></td></tr>
<tr><td width="90" class="commentlabel">Your Name:</td><td><input name="yourname" value="<?php echo $yourname; ?>" type="text" class="smallform"></td></tr>
<?php
echo "<tr><td height='25' class='commentlabel'>Rating:</td><td>";
echo "<select name='vote' class='smallform'><option value=''>< rate ></option><option value='1'>1 out of 5</option><option value='2'>2 out of 5</option><option value='3'>3 out of 5</option><option value='4'>4 out of 5</option><option value='5'>5 out of 5</option></select>";
echo "</td></tr>";
?>
<tr><td valign="top" class="commentlabel">Comment:</td><td><textarea name="comment" class="smallform" cols="41" rows="5"><?php echo $comment; ?></textarea></td></tr>
<tr><td height="25" class="commentlabel">Confirm Code:</td><td>

<table width='100%' cellpadding='0' cellspacing='0'>
<tr><td width="65"><img src="captcha.php" alt="captcha image" width="60" height="20"></td><td><input type="text" name="captcha" size="3" maxlength="3" class="smallform"> (black characters only)</td></tr>
</table>

</td></tr>
<tr><td height="25"></td><td><input name='submit' type='submit' value='add comment' class='smallform'></td></tr>
<input name='submitme' type='hidden' value='1'>
</form>
</table><br>
<?php
}
?>

</td>
</tr>

</table>
</td>
</tr>
<tr>
<td height="3"><img src="images/spacer.gif" width="1" height="3"></td>
</tr>
</table>
</td>

<?php
include("menuright.php");
?>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr><td height="10" background="#FFFFFF"><img src="images/spacer.gif" width="1" height="1"></td></tr>

<?php
include("footer.php");
?>

ChrisHirst · Oct 8, 2016

Same comment to you;

USE the code tags so we can read the thread and differentiate question from supporting information.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.

Never mind this jesus character, stars had to die for me to live.

johnvins · Oct 8, 2016

I'm sorry that I don't know what you mean? I'm just asking for a few ideas on how to correct the code so it submits the data to the database in the appropriate column. Do you only want to see my php code and not html? Is my post not appropriate for this forum?

Why doesn't this form connect to the database, is that what you mean by---differentiate question from supporting information?

johnvins

ChrisHirst · Oct 8, 2016

What I mean is to use the forum code formatting 'tags', it's the button with <> on it. click the 'help' button [next to 'preview'] to see how to use it

The forum then puts the code in a separate block.

e.g:

PHP:

echo ("this is in a code box");

so the code isn't cramped up with all the other text, is formatted differently, and is therefore readable.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.

Never mind this jesus character, stars had to die for me to live.

Olaf Doschke · Oct 9, 2016

Besides that, which for me is forgivable, it would be nice of you to concentrate on the essential parts. Formatting HTML is unnecessary. And to know the structure of your database would be very essential to answer.
Even though your sample code might be complete, without any database it can't be run, it can't be a test case we can mend or extend. To get help, get all necesssary informations needed for it.

Bye, Olaf.

vacunita · Oct 9, 2016

As was said in the other thread. Use the mysql_error() function to specifically ask mysql if there was an error. Print your final query, and try it directly on the DB to rule out any query errors.

Code:

$get_values = mysql_query("SELECT votestar1, votestar2, votestar3, votestar4, votestar5 FROM recipes WHERE id = ".$id." LIMIT 1") [COLOR=#A40000][b]or die(mysql_error())[/b][/color];

Code:

echo "SELECT votestar1, votestar2, votestar3, votestar4, votestar5 FROM recipes WHERE id = ".$id." LIMIT 1";

It is alway highly recommended to include error handling in queries. So if something goes wrong you can return a message and gracefully continue, not just stop the script without a hint of what went worng. Your code assumes your queries will always always work, and does not address any case where they may not.

----------------------------------
Phil AKA Vacunita
----------------------------------
OS-ception: Running Linux on a Virtual Machine in Windows which itself is running in a Virtual Machine on Mac OSx.

Web & Tech

ChrisHirst · Oct 9, 2016

vacunita said:
It is alway highly recommended to include error handling in queries.

With the added proviso of:

While you are testing and 'debugging'.

When you move to a production model, particularly in a 'public facing' scenario, you should make your error messages be of the "Something went wrong" variety, so you do not provide any 'hints' to the 'crackers' out there trying to 'crack'/'break' your server..

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.

Never mind this jesus character, stars had to die for me to live.

vacunita · Oct 9, 2016

When you move to a production model, particularly in a 'public facing' scenario, you should make your error messages be of the "Something went wrong" variety, so you do not provide any 'hints' to the 'crackers' out there trying to 'crack'/'break' your server..

Ttue, but there should still be some type of error handling even in production. If only to not have the entire page just die. The traditional "Ooops!, something went wrong..." with a redirection to say the home page or something is generally a good thing.

Otherwise the page may just be blank or have unexpected data popping up.

----------------------------------
Phil AKA Vacunita
----------------------------------
OS-ception: Running Linux on a Virtual Machine in Windows which itself is running in a Virtual Machine on Mac OSx.

Web & Tech

johnvins · Oct 9, 2016

Here is updated and clean information with my comments at the end of the code:

<?php

include_once("config.php");

// get vars
$id = $_REQUEST['id'];
$id = sanitize(1, 11, $id);

// start session for captcha
session_start();

$vote = $_REQUEST['vote'];
if($submitme) {

$yourname = formatField($_POST['yourname']);
$comment = formatField($_POST['comment']);

// validation
if(strlen($yourname) == 0) $error = "Please enter your name.";
elseif(strlen($yourname) > 50) $error = "Maximum name length is 50 characters.";
elseif(strlen($comment) == 0) $error = "Please enter your comments.";
elseif(strlen($comment) > 500) $error = "Maximum comment length is 500 characters.";
elseif($_SESSION["captcha"] != $_POST['captcha']) $error = "Your confirmation text does not match, only enter the black characters.";

if(strlen($error) == 0) {

$ip = $REMOTE_ADDR;
$insert_comment = mysql_query("INSERT INTO comments (name, comment, recipeid, dateadded, userip) VALUES ('".mysql_real_escape_string($yourname)."', '".mysql_real_escape_string($comment)."', ".$id.", NOW(), '".mysql_real_escape_string($ip)."')");
$hideform = TRUE;

if(strlen($vote) > 0) {
$lookup_field = "votestar".$vote;
$get_values = mysql_query("SELECT votestar1, votestar2, votestar3, votestar4, votestar5 FROM recipes WHERE id = ".$id." LIMIT 1");
$votestar1 = mysql_result($get_values, 0, votestar1);
$votestar2 = mysql_result($get_values, 0, votestar2);
$votestar3 = mysql_result($get_values, 0, votestar3);
$votestar4 = mysql_result($get_values, 0, votestar4);
$votestar5 = mysql_result($get_values, 0, votestar5);
if($vote == 1) $votestar1 = $votestar1+1;
elseif($vote == 2) $votestar2 = $votestar2+1;
elseif($vote == 3) $votestar3 = $votestar3+1;
elseif($vote == 4) $votestar4 = $votestar4+1;
elseif($vote == 5) $votestar5 = $votestar5+1;
$total = ($votestar1 * 1)+($votestar2 * 2)+($votestar3 * 3)+($votestar4 * 4)+($votestar5 * 5);
$total = $total/($votestar1+$votestar2+$votestar3+$votestar4+$votestar5);
$update_joke = mysql_query("UPDATE recipes SET ".$lookup_field." = ".$$lookup_field.", votestartotal = ".$total." WHERE id = ".$id." LIMIT 1");
}
}
}

$temp = mysql_query("SELECT * FROM recipes WHERE id = ".$id." LIMIT 1");
$title = UCWords(mysql_result($temp, 0, title));
$category = mysql_result($temp, 0, category);
$subcategory = mysql_result($temp, 0, category2);
$recipe = mysql_result($temp, 0, recipe);
$recipe = trim(str_replace(array("<h1>", "</h1>"), "", $recipe));
$votestartotal = mysql_result($temp, 0, votestartotal);

$ptitle = "Recipe for ".$title;
$pkeys = $title.", italian recipe, lasagna recipe, low carb recipe, low fat recipe";
$pdesc = $title." food recipe";

// get comments
$get_comments = mysql_query("SELECT name, comment, recipeid, dateadded, userip FROM comments WHERE recipeid = ".$id." ORDER BY dateadded DESC");

include_once("header_view.php");
?>

<?php
include("mainmenu.php");
?>

<?php
include("toptext.php");
?>

<?php echo strtoupper($title);
?>

<?php echo "<tr><td valign='top'><b>Title:</b></td><td width='280'>$title</td></tr>";
if(strlen($category) > 0) echo "<tr><td><b>Category:</b></td><td>".UCWords($category)."</td></tr>";
if(strlen($subcategory) > 0) echo "<tr><td><b>Sub-Category:</b></td><td>".UCWords($subcategory)."</td></tr>";
if(number_format($votestartotal, 0) == 0) $rating = "not yet rated";
else $rating = number_format($votestartotal, 0)." stars";
echo "<tr><td style='padding-top:4px;' height='35'><b>Rating:</b></td><td style='padding-top:4px;'><img src='images/small-stars-".number_format($votestartotal, 0).".gif' width='52' height='8' alt='".$rating."'>";
echo "</td></tr>";
echo "</table>";
echo "<b>Instructions:</b><br><br>";
echo $recipe."<br><br>";
?>

<?php if(mysql_numrows($get_comments) > 0) {
?>

<?php while($row = mysql_fetch_array($get_comments)) {
$date_com = substr($row['dateadded'], 8, 2)."/".substr($row['dateadded'], 5, 2)."/".substr($row['dateadded'], 0, 4);
echo "<tr><td style='color:#999999;'>".$date_com." - ".$row['name']."</td></tr>";
echo "<tr><td style='color:#999999; border-bottom:1'>\"".$row['comment']."\"<br><br></td></tr>";
}
echo "</table>";

?>
<?php
}
?>

<?php
if(!$hideform) {
?>

<?php
if(strlen($error) > 0) echo "<br><font style='color:red;'>ERROR: ".$error."</font><br><br>";
?>

<form method='POST' action='view.html?id=<?php echo $id; ?>'>
<tr><td colspan="2" height="25" class="commentlabel"><b>Add A Comment/Rating:</b></td></tr>
<tr><td width="90" class="commentlabel">Your Name:</td><td><input name="yourname" value="<?php echo $yourname; ?>" type="text" class="smallform"></td></tr>
<?php echo "<tr><td height='25' class='commentlabel'>Rating:</td><td>";
echo "<select name='vote' class='smallform'><option value=''>< rate ></option><option value='1'>1 out of 5</option><option value='2'>2 out of 5</option><option value='3'>3 out of 5</option><option value='4'>4 out of 5</option><option value='5'>5 out of 5</option></select>";
echo "</td></tr>";
?>
<tr><td valign="top" class="commentlabel">Comment:</td><td><textarea name="comment" class="smallform" cols="41" rows="5"><?php echo $comment; ?></textarea></td></tr>
<tr><td height="25" class="commentlabel">Confirm Code:</td><td>
<table width='100%' cellpadding='0' cellspacing='0'>
<tr><td width="65"><img src="captcha.php" alt="captcha image" width="60" height="20"></td><td><input type="text" name="captcha" size="3" maxlength="3" class="smallform"> (black characters only)</td></tr>
</table>
</td></tr>
<tr><td height="25"></td><td><input name='submit' type='submit' value='add comment' class='smallform'></td></tr>
<input name='submitme' type='hidden' value='1'>
</form>
</table><br>
<?php
}
?>
<?php
include("menuright.php");
?>

<?php
include("footer.php");
?>

the database name is---world it has 4 tables
(1 categories)---contains all the different titles of what recipe it is classified as:i.e. chicken, shrimp, beef, pizza, pasta, etc.
(2 comments)this where the users vote/comment is stored,
(3 searches) I believe this is recent keyword searches
(4recipes) all 20,000 recipes are here with title, instructions, category, category2, votestar1, votestar2, votestar3, votestar4, votestar5, votestartotal. I have enabled php
error logging on the production server but don't get any errors that pop up. rather nothing happens after submitting the form and no confirmation of submission shows---nothing is updated.
I hope this is what you all said I should have posted in the first place? I don't think it's allowed in this forum to give the actual website so you can see it for yourself OR is it?

Olaf Doschke · Oct 10, 2016

Knowing names and meanings of your tables is only a starter. Use MySQL Workbench to create statements, which create the database. Also learn to use TGML code tags. Click the (?) icon just left to the Preview/Submit buttons to learn how to format text and code here at tek-tips.

Bye, Olaf.

ChrisHirst · Oct 10, 2016

Ttue, but there should still be some type of error handling even in production. If only to not have the entire page just die.

Of course, which is why I advocated a generic error message for the error handler. Sure, too generic an error message can be slightly annoying if you are a user with geek tendencies, but for the average user, showing them a technical 'debugging' error message is just so much gibberish and of no use. If I want to buy something from a website, knowing that;

"error 110008765dfc1: record does not exist in db.table"

Just occurred isn't useful, but "Sorry, cannot find that item" tells the user all they need to know.

Chris.

Indifference will be the downfall of mankind, but who cares?
Time flies like an arrow, however, fruit flies like a banana.

Never mind this jesus character, stars had to die for me to live.

vacunita · Oct 10, 2016

I have enabled php
error logging on the production server but don't get any errors that pop up. rather nothing happens after submitting the form and no confirmation of submission shows---nothing is updated.
I hope this is what you all said I should have posted in the first place?

Then you'll need to add some more aggressive step debugging.

Debugging 101: If you get no php errors, then try to introduce some yourself just to make sure error logging is working and everything is as it should. In other words add echo statements to print out variables,through the code so you can see there values and verify they have what they are supposed to have. Add an actual PHP error you know will show up and see if it does. You need to get in there and work with the code.

Again output the complete query and try to run it directly in mysql, either through an DB IDE, or directly on the command line. Take PHP out of the loop so to speak and make sure the query as is being constructed works as you expect it to work on mysql.

There is no magic "turn this switch and it will work" answer if that is what you expect, you will need to get in there and follow the code and see where it may be going wrong.

You need error handling, you have not checked that your queries are actually returning what you think they are. At least while you figure out what is happening, you can remove it once it works.

----------------------------------
Phil AKA Vacunita
----------------------------------
OS-ception: Running Linux on a Virtual Machine in Windows which itself is running in a Virtual Machine on Mac OSx.

Web & Tech

johnvins · Oct 10, 2016

Here I go again, FYI---I've been a chef all my life who has had a website since 1995, that focuses on food etc. I'm self taught using MySql, html, PHP and some java script. I'm here in this forum to be guided to learn how to fix my issue and not here for someone to fix it for me, all thought that would be nice.

Let me rephrase my issue, I have a free app from mfscripts that has a MySql database with 22,000 recipes. With html and php a user on my website can select ones to display and or even comment on. All is configured and works well on a test server and on my VPS---both the test server and VPS have identical OS, MySql and PHP versions.

My only problem is that the html form page doesn't post the user input to the database, nor does it provide the user with an acknowledgement of submission or failure. In theory, the recipe that was comment on, should refresh showing the comment and star rating. This is the only issue I face.

So here is the code on the page again...I clicked the 'clean' button but I don't know if that did what I was told to do, I'm sorry if I did something wrong again? Is it OK to give my website address so you might see this app work???

John V.

<?php

include_once("config.php");

// get vars
$id = $_REQUEST;
$id = sanitize(1, 11, $id);

// start session for captcha
session_start();

$vote = $_REQUEST;
if($submitme) {

$yourname = formatField($_POST);
$comment = formatField($_POST);

// validation
if(strlen($yourname) == 0) $error = "Please enter your name.";
elseif(strlen($yourname) > 50) $error = "Maximum name length is 50 characters.";
elseif(strlen($comment) == 0) $error = "Please enter your comments.";
elseif(strlen($comment) > 500) $error = "Maximum comment length is 500 characters.";
elseif($_SESSION != $_POST) $error = "Your confirmation text does not match, only enter the black characters.";

if(strlen($error) == 0) {

$ip = $REMOTE_ADDR;
$insert_comment = mysql_query("INSERT INTO comments (name, comment, recipeid, dateadded, userip) VALUES ('".mysql_real_escape_string($yourname)."', '".mysql_real_escape_string($comment)."', ".$id.", NOW(), '".mysql_real_escape_string($ip)."')");
$hideform = TRUE;

if(strlen($vote) > 0) {
$lookup_field = "votestar".$vote;
$get_values = mysql_query("SELECT votestar1, votestar2, votestar3, votestar4, votestar5 FROM recipes WHERE id = ".$id." LIMIT 1");
$votestar1 = mysql_result($get_values, 0, votestar1);
$votestar2 = mysql_result($get_values, 0, votestar2);
$votestar3 = mysql_result($get_values, 0, votestar3);
$votestar4 = mysql_result($get_values, 0, votestar4);
$votestar5 = mysql_result($get_values, 0, votestar5);
if($vote == 1) $votestar1 = $votestar1+1;
elseif($vote == 2) $votestar2 = $votestar2+1;
elseif($vote == 3) $votestar3 = $votestar3+1;
elseif($vote == 4) $votestar4 = $votestar4+1;
elseif($vote == 5) $votestar5 = $votestar5+1;
$total = ($votestar1 * 1)+($votestar2 * 2)+($votestar3 * 3)+($votestar4 * 4)+($votestar5 * 5);
$total = $total/($votestar1+$votestar2+$votestar3+$votestar4+$votestar5);
$update_joke = mysql_query("UPDATE recipes SET ".$lookup_field." = ".$$lookup_field.", votestartotal = ".$total." WHERE id = ".$id." LIMIT 1");
}
}
}

$temp = mysql_query("SELECT * FROM recipes WHERE id = ".$id." LIMIT 1");
$title = UCWords(mysql_result($temp, 0, title));
$category = mysql_result($temp, 0, category);
$subcategory = mysql_result($temp, 0, category2);
$recipe = mysql_result($temp, 0, recipe);
$recipe = trim(str_replace(array("<h1>", "</h1>"), "", $recipe));
$votestartotal = mysql_result($temp, 0, votestartotal);

$ptitle = "Recipe for ".$title;
$pkeys = $title.", italian recipe, lasagna recipe, low carb recipe, low fat recipe";
$pdesc = $title." food recipe";

// get comments
$get_comments = mysql_query("SELECT name, comment, recipeid, dateadded, userip FROM comments WHERE recipeid = ".$id." ORDER BY dateadded DESC");

include_once("header_view.php");
?>

<?php
include("mainmenu.php");
?>

<?php
include("toptext.php");
?>

<?php echo strtoupper($title);
?>

<?php echo "<tr><td valign='top'><b>Title:</b></td><td width='280'>$title</td></tr>";
if(strlen($category) > 0) echo "<tr><td><b>Category:</b></td><td>".UCWords($category)."</td></tr>";
if(strlen($subcategory) > 0) echo "<tr><td><b>Sub-Category:</b></td><td>".UCWords($subcategory)."</td></tr>";
if(number_format($votestartotal, 0) == 0) $rating = "not yet rated";
else $rating = number_format($votestartotal, 0)." stars";
echo "<tr><td style='padding-top:4px;' height='35'><b>Rating:</b></td><td style='padding-top:4px;'><img src='images/small-stars-".number_format($votestartotal, 0).".gif' width='52' height='8' alt='".$rating."'>";
echo "</td></tr>";
echo "</table>";
echo "<b>Instructions:</b><br><br>";
echo $recipe."<br><br>";
?>

<?php if(mysql_numrows($get_comments) > 0) {
?>

<?php while($row = mysql_fetch_array($get_comments)) {
$date_com = substr($row, 8, 2)."/".substr($row, 5, 2)."/".substr($row, 0, 4);
echo "<tr><td style='color:#999999;'>".$date_com." - ".$row."</td></tr>";
echo "<tr><td style='color:#999999; border-bottom:1'>\"".$row."\"<br><br></td></tr>";
}
echo "</table>";

?>
<?php
}
?>

<?php
if(!$hideform) {
?>

<?php
if(strlen($error) > 0) echo "<br><font style='color:red;'>ERROR: ".$error."</font><br><br>";
?>

<form method='POST' action='view.html?id=<?php echo $id; ?>'>
<tr><td colspan="2" height="25" class="commentlabel"><b>Add A Comment/Rating:</b></td></tr>
<tr><td width="90" class="commentlabel">Your Name:</td><td><input name="yourname" value="<?php echo $yourname; ?>" type="text" class="smallform"></td></tr>
<?php echo "<tr><td height='25' class='commentlabel'>Rating:</td><td>";
echo "<select name='vote' class='smallform'><option value=''>< rate ></option><option value='1'>1 out of 5</option><option value='2'>2 out of 5</option><option value='3'>3 out of 5</option><option value='4'>4 out of 5</option><option value='5'>5 out of 5</option></select>";
echo "</td></tr>";
?>
<tr><td valign="top" class="commentlabel">Comment:</td><td><textarea name="comment" class="smallform" cols="41" rows="5"><?php echo $comment; ?></textarea></td></tr>
<tr><td height="25" class="commentlabel">Confirm Code:</td><td>
<table width='100%' cellpadding='0' cellspacing='0'>
<tr><td width="65"><img src="captcha.php" alt="captcha image" width="60" height="20"></td><td><input type="text" name="captcha" size="3" maxlength="3" class="smallform"> (black characters only)</td></tr>
</table>
</td></tr>
<tr><td height="25"></td><td><input name='submit' type='submit' value='add comment' class='smallform'></td></tr>
<input name='submitme' type='hidden' value='1'>
</form>
</table><br>
<?php
}
?>
<?php
include("menuright.php");
?>

<?php
include("footer.php");
?>

vacunita · Oct 10, 2016

Yes, you can post the URL, but it will not help us much since we won't be able to see the PHP code or actually debug it.

It seems the debugging part is what is getting at you. ie You are not entirely sure how to debug. Perhaps this is what you should have said to start with. O.K, add the parts in red to your code, and post back with what you see when you try to run the code:

Code:

<?php

include_once("config.php");

// get vars
$id = $_REQUEST;
[COLOR=#A40000]echo "id=[ " . $id . " ]==";[/color]
$id = sanitize(1, 11, $id);

// start session for captcha
session_start();

$vote = $_REQUEST;
if($submitme) {

$yourname = formatField($_POST);
$comment = formatField($_POST);

// validation
if(strlen($yourname) == 0) $error = "Please enter your name.";
elseif(strlen($yourname) > 50) $error = "Maximum name length is 50 characters.";
elseif(strlen($comment) == 0) $error = "Please enter your comments.";
elseif(strlen($comment) > 500) $error = "Maximum comment length is 500 characters.";
elseif($_SESSION != $_POST) $error = "Your confirmation text does not match, only enter the black characters.";

if(strlen($error) == 0) {

$ip = $REMOTE_ADDR;
$insert_comment = mysql_query("INSERT INTO comments (name, comment, recipeid, dateadded, userip) VALUES ('".mysql_real_escape_string($yourname)."', '".mysql_real_escape_string($comment)."', ".$id.", NOW(), '".mysql_real_escape_string($ip)."')") [COLOR=#CC0000]or die(mysql_error())[/color];

[COLOR=#CC0000]echo "MYSQL QUERY = " . "INSERT INTO comments (name, comment, recipeid, dateadded, userip) VALUES ('".mysql_real_escape_string($yourname)."', '".mysql_real_escape_string($comment)."', ".$id.", NOW(), '".mysql_real_escape_string($ip)."')";
[/color]
$hideform = TRUE;

if(strlen($vote) > 0) {
$lookup_field = "votestar".$vote;
$get_values = mysql_query("SELECT votestar1, votestar2, votestar3, votestar4, votestar5 FROM recipes WHERE id = ".$id." LIMIT 1") [b]or die(mysql_error()[/b]);
$votestar1 = mysql_result($get_values, 0, votestar1);
$votestar2 = mysql_result($get_values, 0, votestar2);
$votestar3 = mysql_result($get_values, 0, votestar3);
$votestar4 = mysql_result($get_values, 0, votestar4);
$votestar5 = mysql_result($get_values, 0, votestar5);
if($vote == 1) $votestar1 = $votestar1+1;
elseif($vote == 2) $votestar2 = $votestar2+1;
elseif($vote == 3) $votestar3 = $votestar3+1;
elseif($vote == 4) $votestar4 = $votestar4+1;
elseif($vote == 5) $votestar5 = $votestar5+1;
$total = ($votestar1 * 1)+($votestar2 * 2)+($votestar3 * 3)+($votestar4 * 4)+($votestar5 * 5);
$total = $total/($votestar1+$votestar2+$votestar3+$votestar4+$votestar5);
$update_joke = mysql_query("UPDATE recipes SET ".$lookup_field." = ".$$lookup_field.", votestartotal = ".$total." WHERE id = ".$id." LIMIT 1") [COLOR=#A40000]or die(mysql_error())[/color];
}
}
}

$temp = mysql_query("SELECT * FROM recipes WHERE id = ".$id." LIMIT 1")[COLOR=#A40000] or die(mysql_error())[/color];
$title = UCWords(mysql_result($temp, 0, title));
$category = mysql_result($temp, 0, category);
$subcategory = mysql_result($temp, 0, category2);
$recipe = mysql_result($temp, 0, recipe);
$recipe = trim(str_replace(array("<h1>", "</h1>"), "", $recipe));
$votestartotal = mysql_result($temp, 0, votestartotal);

$ptitle = "Recipe for ".$title;
$pkeys = $title.", italian recipe, lasagna recipe, low carb recipe, low fat recipe";
$pdesc = $title." food recipe";

// get comments
$get_comments = mysql_query("SELECT name, comment, recipeid, dateadded, userip FROM comments WHERE recipeid = ".$id." ORDER BY dateadded DESC") [COLOR=#CC0000]or die(mysql_error())[/color];

include_once("header_view.php");
?>

<?php
include("mainmenu.php");
?>

<?php
include("toptext.php");
?>

<?php echo strtoupper($title);
?>

<?php echo "<tr><td valign='top'><b>Title:</b></td><td width='280'>$title</td></tr>";
if(strlen($category) > 0) echo "<tr><td><b>Category:</b></td><td>".UCWords($category)."</td></tr>";
if(strlen($subcategory) > 0) echo "<tr><td><b>Sub-Category:</b></td><td>".UCWords($subcategory)."</td></tr>";
if(number_format($votestartotal, 0) == 0) $rating = "not yet rated";
else $rating = number_format($votestartotal, 0)." stars";
echo "<tr><td style='padding-top:4px;' height='35'><b>Rating:</b></td><td style='padding-top:4px;'><img src='images/small-stars-".number_format($votestartotal, 0).".gif' width='52' height='8' alt='".$rating."'>";
echo "</td></tr>";
echo "</table>";
echo "<b>Instructions:</b><br><br>";
echo $recipe."<br><br>";
?>

<?php if(mysql_numrows($get_comments) > 0) {
?>

<?php while($row = mysql_fetch_array($get_comments)) {
$date_com = substr($row, 8, 2)."/".substr($row, 5, 2)."/".substr($row, 0, 4);
echo "<tr><td style='color:#999999;'>".$date_com." - ".$row."</td></tr>";
echo "<tr><td style='color:#999999; border-bottom:1'>\"".$row."\"<br><br></td></tr>";
}
echo "</table>";

?>
<?php
}
?>

<?php
if(!$hideform) {
?>

<?php
if(strlen($error) > 0) echo "<br><font style='color:red;'>ERROR: ".$error."</font><br><br>";
?>

<form method='POST' action='view.html?id=<?php echo $id; ?>'>
<tr><td colspan="2" height="25" class="commentlabel"><b>Add A Comment/Rating:</b></td></tr>
<tr><td width="90" class="commentlabel">Your Name:</td><td><input name="yourname" value="<?php echo $yourname; ?>" type="text" class="smallform"></td></tr>
<?php echo "<tr><td height='25' class='commentlabel'>Rating:</td><td>";
echo "<select name='vote' class='smallform'><option value=''>< rate ></option><option value='1'>1 out of 5</option><option value='2'>2 out of 5</option><option value='3'>3 out of 5</option><option value='4'>4 out of 5</option><option value='5'>5 out of 5</option></select>";
echo "</td></tr>";
?>
<tr><td valign="top" class="commentlabel">Comment:</td><td><textarea name="comment" class="smallform" cols="41" rows="5"><?php echo $comment; ?></textarea></td></tr>
<tr><td height="25" class="commentlabel">Confirm Code:</td><td>
<table width='100%' cellpadding='0' cellspacing='0'>
<tr><td width="65"><img src="captcha.php" alt="captcha image" width="60" height="20"></td><td><input type="text" name="captcha" size="3" maxlength="3" class="smallform"> (black characters only)</td></tr>
</table>
</td></tr>
<tr><td height="25"></td><td><input name='submit' type='submit' value='add comment' class='smallform'></td></tr>
<input name='submitme' type='hidden' value='1'>
</form>
</table><br>
<?php
}
?>
<?php
include("menuright.php");
?>

<?php
include("footer.php");
?>

Add them all together or one by one and ets each time. This is the debugging we've been suggesting. You need to step through your code, and test that things work as the are expected to work.

Do you understand what I mean by "Run your query directly on MYSQL"?

----------------------------------
Phil AKA Vacunita
----------------------------------
OS-ception: Running Linux on a Virtual Machine in Windows which itself is running in a Virtual Machine on Mac OSx.

Web & Tech

johnvins · Oct 10, 2016

http://www.goodcooking.com/recipe

is where it resides

No, I don't know how to debug. I did run it from the command line and the result was seeing all the information from the includes, such as all the information in the database about category names.

I also went to phpcodechecker and ran the code, it said---Warning: There are 3 functions in your code that have been deprecated in the current version of PHP
◦mysql_query()
◦ mysql_real_escape_string()
◦ mysql_result()

https://www.piliapp.com/php-syntax-check/

said---no errors in code

This is what I put in which includes the line you had in red____

<?php

include_once("config.php");

// get vars
$id = $_REQUEST;
echo "id===";
$id = sanitize(1, 11, $id);

// start session for captcha
session_start();

$vote = $_REQUEST;
if($submitme) {

$yourname = formatField($_POST);
$comment = formatField($_POST);

// validation
if(strlen($yourname) == 0) $error = "Please enter your name.";
elseif(strlen($yourname) > 50) $error = "Maximum name length is 50 characters.";
elseif(strlen($comment) == 0) $error = "Please enter your comments.";
elseif(strlen($comment) > 500) $error = "Maximum comment length is 500 characters.";
elseif($_SESSION != $_POST) $error = "Your confirmation text does not match, only enter the black characters.";

if(strlen($error) == 0) {

$ip = $REMOTE_ADDR;
$insert_comment = mysql_query("INSERT INTO comments (name, comment, recipeid, dateadded, userip) VALUES ('".mysql_real_escape_string($yourname)."', '".mysql_real_escape_string($comment)."', ".$id.", NOW(), '".mysql_real_escape_string($ip)."')");

echo "MYSQL QUERY = " . "INSERT INTO comments (name, comment, recipeid, dateadded, userip) VALUES ('".mysql_real_escape_string($yourname)."', '".mysql_real_escape_string($comment)."', ".$id.", NOW(), '".mysql_real_escape_string($ip)."')";
$hideform = TRUE;

if(strlen($vote) > 0) {
$lookup_field = "votestar".$vote;
$get_values = mysql_query("SELECT votestar1, votestar2, votestar3, votestar4, votestar5 FROM recipes WHERE id = ".$id." LIMIT 1");
$votestar1 = mysql_result($get_values, 0, votestar1);
$votestar2 = mysql_result($get_values, 0, votestar2);
$votestar3 = mysql_result($get_values, 0, votestar3);
$votestar4 = mysql_result($get_values, 0, votestar4);
$votestar5 = mysql_result($get_values, 0, votestar5);
if($vote == 1) $votestar1 = $votestar1+1;
elseif($vote == 2) $votestar2 = $votestar2+1;
elseif($vote == 3) $votestar3 = $votestar3+1;
elseif($vote == 4) $votestar4 = $votestar4+1;
elseif($vote == 5) $votestar5 = $votestar5+1;
$total = ($votestar1 * 1)+($votestar2 * 2)+($votestar3 * 3)+($votestar4 * 4)+($votestar5 * 5);
$total = $total/($votestar1+$votestar2+$votestar3+$votestar4+$votestar5);
$update_joke = mysql_query("UPDATE recipes SET ".$lookup_field." = ".$$lookup_field.", votestartotal = ".$total." WHERE id = ".$id." LIMIT 1");
}
}
}

$temp = mysql_query("SELECT * FROM recipes WHERE id = ".$id." LIMIT 1");
$title = UCWords(mysql_result($temp, 0, title));
$category = mysql_result($temp, 0, category);
$subcategory = mysql_result($temp, 0, category2);
$recipe = mysql_result($temp, 0, recipe);
$recipe = trim(str_replace(array("<h1>", "</h1>"), "", $recipe));
$votestartotal = mysql_result($temp, 0, votestartotal);

$ptitle = "Recipe for ".$title;
$pkeys = $title.", italian recipe, lasagna recipe, low carb recipe, low fat recipe";
$pdesc = $title." food recipe";

// get comments
$get_comments = mysql_query("SELECT name, comment, recipeid, dateadded, userip FROM comments WHERE recipeid = ".$id." ORDER BY dateadded DESC");

johnvins · Oct 10, 2016

Hello again, thank you---I'm learning a lot. So I ran the code in my browser without the suggest "red" additions w/ file named testing.php and the result was---
Notice: Undefined index: id in /var/

http://www/html/recipe_db/testing.php

on line 4 Fatal error: Call to undefined function sanitize() in /var/

http://www/html/recipe_db/testing.php

on line 5

John V.

vacunita · Oct 11, 2016

When I said run the code, I meant run it as you would normally on the website, except with the extra bits I added in red. I never suggested the command line. Also in the command line it may not be able to find and include the config.php which likely has the sanitize function declared inside it so its generating errors it otherwise would not have.

Let's do this step by step:

Add the first echo to the code, without any other red parts, and run it on the website as you would normally, and see if you see anything.

Code:

<?php

include_once("config.php");

// get vars
$id = $_REQUEST['id'];
[COLOR=#A40000][b]echo "id=[ " . $id . " ]==";[/b][/color]
$id = sanitize(1, 11, $id);

// start session for captcha
session_start();

...

Add it as it is above. do not change anything about it. Just add it in, and then run it normally on the website as you have done when the commenting and voting did not work.

See if you get the expected ID there echoed to the screen between the brackets and equal signs.

----------------------------------
Phil AKA Vacunita
----------------------------------
OS-ception: Running Linux on a Virtual Machine in Windows which itself is running in a Virtual Machine on Mac OSx.

Web & Tech

johnvins · Oct 11, 2016

I clicked on the Chicken Curry recipe and then, in the very upper left top of the page that displays, is--- id=[12746]==

Which is the # of the recipe in the database and in browser address bar localhost/recipe_db/12746-recipe-Chicken-Curry.html

John V.

Olaf Doschke · Oct 11, 2016

I would suspect just a linefeed and/or carriage return in the comment breaks your code. Your insert statement will split into two lines where it shouldn't. You better make use of parameterized statements.
Also using mysql_query is using a deprecated feature of PHP, at least when you use a newer version it will get a deprecation warning. In PHP 7.0 mysql_query is not part of the PHP langauge any more.

Use PDO or at least MySQLi, use a parameterized query:

Code:

$dsn = 'mysql:host=localhost;dbname=myDb';
$user = 'userName';
$password = 'xxxx';
$pdo = new PDO($dsn, $user, $password);

$sql = "INSERT INTO comments (name, comment, recipeid, dateadded, userip) VALUES (:name, :comment, :recipeid, NOW(), :userip)";
$stmt = $pdo->prepare($sql);
                                              
$stmt->bindParam(':name', $yourname, PDO::PARAM_STR);  
$stmt->bindParam(':comment', $comment, PDO::PARAM_STR);     
$stmt->bindParam(':recipeid', $id, PDO::PARAM_INT); 
$stmt->bindParam(':userip', $ip, PDO::PARAM_STR);   
                                      
$stmt->execute();

Bye, Olaf.

johnvins · Oct 11, 2016

Olaf,

Thank you for your patience and insight! I'll continue to plug away until I solve it. Something interesting just happened though, even if you enter an incorrect Captcha sequence, it doesn't throw back to say it wasn't correct. It goes along with the same old, same old that it's been doing all along---is this odd to you or anyone else?

Thanks

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

thread434-1760928 Hello, Was

Technical User

IS-IT--Management

Technical User

IS-IT--Management

Programmer

Programmer

IS-IT--Management

Programmer

Technical User

Programmer

IS-IT--Management

Programmer

Technical User

Programmer

Technical User

Technical User

Programmer

Technical User

Programmer

Technical User

Similar threads

Log in

Part and Inventory Search

Sponsor