[thelist] Null entry in form
Phil Turmel
pturmel-webdev at turmel.org
Wed Apr 25 07:16:23 CDT 2007
Santilal Parbhu wrote:
> Hi
[snip /]
>
> My problem is that when I run the script to update the results into the
> database, the database record changes from Null to a value of 0. This
> should occur for non-null entries but not for Null entries. I need a null
> entry to remain Null. Can anyone see where my code is in error? I think
> that the UPDATE is not being skipped and the NULL is being updated to 0.
>
Empty text fields in web forms usually submit as zero-length strings.
They won't be NULL. In cases where a text field in a web form is always
supposed to be numeric (or empty), I use is_numeric() as my condition on
the original POST variable.
> I have tried using Print statements as breakpoints in the code, but they
> didn't print. This tens to suggest that the code is not running, but it
> must be, because the database is being updated. Hope someone can help.
>
You put the 'print' instruction in the 'else' portion of the
if-then-else, and it didn't print. So the 'then' portion must have
executed.
[snip /]
Your script is also vulnerable to SQL injection, both in the scores and
in the $id. You should not use the POST variables themselves as the
source of match IDs to loop through. If they're always the same, use a
constant array. Otherwise, query the database for the list of valid
IDs. And the scores need to be run through intval() to be sure they're
clean. Try something like this:
$matches = array('id1', 'id2', 'id3', 'id4');
foreach ($matches as $id) {
if (is_numeric($HTTP_POST_VARS['score1'][$id]) &&
is_numeric($HTTP_POST_VARS['score2'][$id])) {
$score1 = intval($HTTP_POST_VARS['score1'][$id]);
$score2 = intval($HTTP_POST_VARS['score2'][$id]);
$query = "UPDATE $compdraw SET score1=('$score1'),
score2=('$score2') WHERE row_id = '$id' AND grade='$grd'";
if (FALSE === mysql_query($query)) {
print '<div id="draw">';
die ('<p>Could not update the data because: <b>' . mysql_error() .
"</b>. The query was $query.</p>");
}
}
}
HTH,
Phil
More information about the thelist
mailing list