char_transaction.php is not running!

rohan30993 · August 11th, 2011, 10:01 AM

I tried everything and it's simply not working.The problem is that I can add powers but I can't delete one.
I have attached my script along with this post!

Code:

<?php
require 'db.inc.php';
$db = mysql_connect(MYSQL_HOST, MYSQL_USER) or die ('Unable to connect please check connection parameters.');
mysql_select_db(MYSQL_DB,$db)  or die(mysql_error($db));

switch ($_POST['action']) {

case 'Add Character':

    // escape incoming values to protect database
    $alias = mysql_real_escape_string($_POST['alias'], $db);
    $real_name = mysql_real_escape_string($_POST['real_name'], $db);
    $address = mysql_real_escape_string($_POST['address'], $db);
    $city = mysql_real_escape_string($_POST['city'], $db);
    $state = mysql_real_escape_string($_POST['state'], $db);
    $zipcode_id = mysql_real_escape_string($_POST['zipcode_id'], $db);
    $alignment = ($_POST['alignment'] == 'good') ? 'good' : 'evil';

    // add character information into database tables
    $query = 'INSERT IGNORE INTO hp_zipcode
            (zipcode_id, city, state)
        VALUES
            ("' . $zipcode_id . '", "' . $city . '", "' . $state . '")';
    mysql_query($query, $db) or die (mysql_error($db));

    $query = 'INSERT INTO hp_lair 
            (lair_id, zipcode_id, address)
        VALUES 
            (NULL, "' . $zipcode_id . '", "' . $address . '")';
    mysql_query($query, $db) or die (mysql_error($db));

    // retrieve new lair_id generated by MySQL
    $lair_id = mysql_insert_id($db);
    $query = 'INSERT INTO hp_character
            (character_id, alias, real_name, lair_id, alignment) 
        VALUES
            (NULL, "' . $alias . '", "' . $real_name . '", ' .
            $lair_id . ', "' . $alignment . '")';
    mysql_query($query, $db) or die (mysql_error($db));

    // retrieve new character_id generated by MySQL
    $character_id = mysql_insert_id($db);
    if (!empty($_POST['powers'])) {
        $values = array();
        foreach ($_POST['powers'] as $power_id) {
            $values[] = sprintf('(%d, %d)', $character_id, $power_id);
        }
        $query = 'INSERT IGNORE INTO hp_character_power
                (character_id, power_id)
            VALUES ' .
                implode(',', $values);
        mysql_query($query, $db) or die (mysql_error($db));
    }

    if (!empty($_POST['rivalries'])) {
        $values = array();
        foreach ($_POST['rivalries'] as $rival_id) {
            $values[] = sprintf('(%d, %d)', $character_id, $rival_id);
        }
        
        // alignment will affect column order
        $columns = ($alignment = 'good') ? '(hero_id, villain_id)' : 
            '(villain_id, hero_id)';

        $query = 'INSERT IGNORE INTO hp_rivalry   
                ' . $columns . '
            VALUES
                ' . implode(',', $values);
        mysql_query($query, $db) or die (mysql_error($db));
    }

    $redirect = 'list_characters.php';
    break;

case 'Delete Character':

    // make sure character_id is a number just to be safe
    $character_id = (int)$_POST['character_id'];

    // delete character information from tables
    $query = 'DELETE FROM c, l
        USING
            hp_character c, hp_lair l
        WHERE
            c.lair_id = l.lair_id AND 
            c.character_id = ' . $character_id;
    mysql_query($query, $db) or die (mysql_error($db));

    $query = 'DELETE FROM hp_character_power
        WHERE
            character_id = ' .  $character_id;
    mysql_query($query, $db) or die (mysql_error($db));

    $query = 'DELETE FROM hp_rivalry
        WHERE
            hero_id = ' . $character_id . ' OR villain_id = ' . $character_id;
    mysql_query($query, $db) or die (mysql_error($db));

    $redirect = 'list_characters.php';
    break;

case 'Edit Character':

    // escape incoming values to protect database
    $character_id = (int)$_POST['character_id'];
    $alias = mysql_real_escape_string($_POST['alias'], $db);
    $real_name = mysql_real_escape_string($_POST['real_name'], $db);
    $address = mysql_real_escape_string($_POST['address'], $db);
    $city = mysql_real_escape_string($_POST['city'], $db);
    $state = mysql_real_escape_string($_POST['state'], $db);
    $zipcode_id = mysql_real_escape_string($_POST['zipcode_id'], $db);
    $alignment = ($_POST['alignment'] == 'good') ? 'good' : 'evil';

    // update existing character information in tables
    $query = 'INSERT IGNORE INTO hp_zipcode
            (zipcode_id, city, state)
        VALUES
            ("' . $zipcode_id . '", "' . $city . '", "' . $state . '")';
    mysql_query($query, $db) or die (mysql_error($db));

    $query = 'UPDATE hp_lair l, hp_character c
            SET   
                l.zipcode_id = ' . $zipcode_id . ', 
                l.address = "' . $address . '", 
                c.real_name = "' . $real_name . '", 
                c.alias = "' . $alias . '", 
                c.alignment = "' . $alignment . '" 
        WHERE
            c.character_id = ' . $character_id . ' AND 
            c.lair_id = l.lair_id';
    mysql_query($query, $db) or die (mysql_error($db));

    $query = 'DELETE FROM hp_character_power
        WHERE
            character_id = ' . $character_id;
    mysql_query($query, $db) or die (mysql_error($db));

    if (!empty($_POST['powers'])) {
        $values = array();
        foreach ($_POST['powers'] as $power_id) {
            $values[] = sprintf('(%d, %d)', $character_id, $power_id);
        }
        $query = 'INSERT IGNORE INTO hp_character_power
                (character_id, power_id)
            VALUES 
                ' . implode(',', $values);
        mysql_query($query, $db) or die (mysql_error($db));
    }

    $query = 'DELETE FROM hp_rivalry
        WHERE
            hero_id = ' . $character_id . ' OR villain_id = ' . $character_id;
    mysql_query($query, $db) or die (mysql_error($db));

    if (!empty($_POST['rivalries'])) {
        $values = array();
        foreach ($_POST['rivalries'] as $rival_id) {
            $values[] = sprintf('(%d, %d)', $character_id, $rival_id);
        }
        
        // alignment will affect column order
        $columns = ($alignment = 'good') ? '(hero_id, villain_id)' : 
            '(villain_id, hero_id)';

        $query = 'INSERT IGNORE INTO hp_rivalry
                ' . $columns . '
            VALUES 
                ' . implode(',', $values);

        mysql_query($query, $db) or die (mysql_error($db));
    }

    $redirect = 'list_characters.php';
    break;

case 'Delete Selected Powers':

    if (!empty($_POST['powers'])) {
        // escape incoming values to protect database-- they should be numeric
        // values, but just to be safe
        $powers = implode(',', $_POST['powers']);
        $powers = mysql_real_escape_string($powers, $db);

        // delete powers
        $query = 'DELETE FROM hp_power 
            WHERE 
                power_id IN (' . $powers . ')';
        mysql_query($query, $db) or die (mysql_error($db));

        $query = 'DELETE FROM hp_character_power 
            WHERE
                power_id IN (' . $powers . ')';
        mysql_query($query, $db) or die (mysql_error($db));
    }

    $redirect = 'edit_power.php';
    break;

case 'Add New Power':

    // trim and check power to prevent adding blank values
    $power = trim($_POST['new_power']);
    if ($power != '')
    {
        // escape incoming value
        $power = mysql_real_escape_string($power, $db);

        // create new power
        $query = 'INSERT IGNORE INTO hp_power
                (power_id, power)
            VALUES 
                (NULL, "' . $power . '")';
        mysql_query($query, $db) or die (mysql_error($db));
    }

    $redirect = 'edit_power.php';
    break;

default:
    $redirect = 'list_characters.php';
}

header('Location: ' . $redirect);
?>

the error cam like this..
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'on)' at line 3
thanks for reading!

rohan30993 · September 28th, 2011, 12:16 PM

I have tried everything I can to solve this issue!Used in various versions of SQL but still the problem is not solving.The same error come for every time I delete a power.
Thank You!

UseLess · September 30th, 2011, 04:29 AM

Greetings,

If you only get the error when deleting a power then check the 'edit_power.php' file as that is where the error is as there is no 'on)' on line 3 of the code posted above.

TedBronson · October 11th, 2011, 03:42 PM

The problem is an error in the book.

In the edit_powers.php file, during the section for deleting powers, the book has the line:

Code:

echo '<input type="checkbox" name="powers[]" "value="' . $row['power_id'] . '" /> ';

It should be:

Code:

echo '<input type="checkbox" name="powers[]" value="' .$row['power_id'] . '" /> ';

The extra double-quote causes it to send the word "on" instead of the power_id.