Answer the question
In order to leave comments, you need to log in
R
R
Rasul_El-Sheikh2015-09-23 11:59:30
Rasul_El-Sheikh, 2015-09-23 11:59:30
Why are zeros and empty strings written to the database?
Greetings, comrades. Nothing without your help. Problem: the data is written to the database incorrectly (in the figure). At what SOMETIMES it is correct, and SOMETIMES is not present. How to fix? In which direction to dig? (Data with empty strings and zeros is obtained from outside). Yes, there is no protection against XSS in the code, etc. But why don't the and selects work? The code is here, (I KNOW IT'S HORRIBLE). -
<?php
session_start();
if (!isset($_SESSION['login'])){
header("Location: login.php");
}
require_once('db.php');
include_once("../includes/analyticstracking.php");
?>
<?
$gocity = $_POST['gocity'];
$outcity = $_POST['outcity'];
$gomonth = $_POST['gomonth'];
switch($gomonth){
case 'январь': $gomonth = '01'; break;
case 'февраль': $gomonth = '02'; break;
case 'март': $gomonth = '03'; break;
case 'апрель': $gomonth = '04'; break;
case 'май': $gomonth = '05'; break;
case 'июнь': $gomonth = '06'; break;
case 'июль': $gomonth = '07'; break;
case 'август': $gomonth = '08'; break;
case 'сентябрь': $gomonth = '09'; break;
case 'октябрь': $gomonth = '10'; break;
case 'ноябрь': $gomonth = '11'; break;
case 'декабрь': $gomonth = '12'; break;
}
$goday = $_POST['goday'];
$gotime = $_POST['gotime'];
$outstreet = $_POST['outstreet'];
$outhouse = $_POST['outhouse'];
$sum_pass = $_POST['sum_pass'];
$login = $_SESSION['login'];
$check_id_user = "SELECT * FROM users WHERE login = '$login'";
$query = mysqli_query($db_connect, $check_id_user);
while($row = mysqli_fetch_array($query)){
$id_user = $row['id'];
}
$_SESSION['id_user'] = $id_user;
$form_date = "INSERT INTO current_flight (id_user, gocity, outcity, outstreet, outhouse, goday, gomonth, gotime, sum_pass)
VALUES ('{$id_user}', '{$gocity}', '{$outcity}', '{$outstreet}', '{$outhouse}', '{$goday}', '{$gomonth}', '{$gotime}', '{$sum_pass}');";
$query = mysqli_query($db_connect, $form_date);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html" charset="utf-8">
<title>Уведомление</title>
<link href="css/style.css" type="text/css" rel="stylesheet">
</head>
<body>
<div id="wrapper">
<div id="header">
<div id="menu">
<ul>
<li>
<a href="kabinetpass.php">личный кабинет</a>
</li>
<li>
<a href="index.php">как это работает</a>
</li>
<li>
<a href="faqvod.php"><span>вход водителя</span></a>
</li>
</ul>
</div>
<div id="exit_login">
<? if(isset($_SESSION['login'])){
?><td>
<ul>
<li>
<a href="login.php?act=exit">выход</a>
</li>
</ul>
</td><?}else{
?><td>
<ul>
<li>
<a href="login.php">войти</a>
</li>
</ul>
<?}
?>
</div>
</div>
<div id="logo">
<td>
<img src="images/logo2.png" alt="Логотип" />
</td>
</div>
<div class="pasibpage">
<div class="pagemodule">
<h1 class="item fn">Спасибо большое! ВАШ ЗАКАЗ ОФОРМЛЕН.</h1>
<p>Ваш рейс: <?php
if($_POST['gocity'] === $_POST['outcity']){
echo "Такого рейса не существует";
} else {
$_SESSION['gocity'] = $gocity;
echo $gocity;
?>
<?
$_SESSION['outcity'] = $outcity;
echo $outcity; ?>
</p>
<p>Время и дата вашей поездки: <?php
echo $gotime;
echo $goday;
echo $gomonth; ?>
<p>Вы находитесь по адресу: <?php
$_SESSION['outcity'] = $outcity;
echo $outcity;
$_SESSION['outstreet'] = $outstreet;
echo $outstreet;
$_SESSION['outhouse'] = $outhouse;
echo $outhouse;?></p>
<p>Количество забронированных мест: <?php
$_SESSION['sum_pass'] = $sum_pass;
echo $sum_pass;?>
</p>
<p>Сумма к оплате за поездку: <?php
$way = $_POST['gocity'].$_POST['outcity'];
$arr_way_many = array('АстанаКокшетау' => 3000, 'АстанаКараганда' => 2500,
'КокшетауАстана' => 2700, 'КарагандаАстана' => 2400);
if(array_key_exists($way, $arr_way_many)) {
$total = $arr_way_many[$way] * $sum_pass;
echo $total;
$_SESSION['total'] = $total;
}
?>
<? } ?>
</p>
<p>Оплата производится наличными водителю такси</p>
<p>Добавить или изменить заказ можно изменить в <a href="kabinetpass.php" name="Lichnyi kabinet"> личном кабинете.</a></p>
<p>Сервис коллективных поездок <b>сomptaxi</b></p>
</div>
</div>
<div id="foot">
<p>
<b>comptaxi 2015 ©</b>
</p>
</div>
</div>
</body>
</html> 3 answer(s)
@Rasul_El-Sheikh
@onqu
I will not consider the quality of the code, but to be sure that the request came with the POST method, add a check. ( php.net/manual/en/reserved.variables.server.php)
M
maximw, 2015-09-23 @Rasul_El-Sheikh
If the page opens without POST data. For example, just using the GET method, you will get an empty string. IMHO, you need to write to the database only when there is data.
I
Igor Makarov, 2015-09-23 @onqu
To maximw , I want to add that the "header" function does not interrupt the script, it's just an http header. Terminate it with exit or die.
if (!isset($_SESSION['login'])){
header("Location: login.php");
exit();
}I will not consider the quality of the code, but to be sure that the request came with the POST method, add a check. ( php.net/manual/en/reserved.variables.server.php)
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
// что-то сделать
// можно вернуть обратно, но хорошо бы проверить содержимое $_SERVER['HTTP_REFERER'];
// header('Location: ' . $_SERVER['HTTP_REFERER'])
// завершить exit()
}
Similar questions
S
P
N
S
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question