Hotel Tutorial Dreamweaver MX PHP Web Development

wattle99 · July 30th, 2004, 09:48 AM

Hi
Has anybody found that there is an error in the code on page 160 of this book. I have the folowing code in my page but it isn't working

if ((isset($HTTP_GET_VARS['bookingID'])) && ($HTTP_GET_VARS['bookingID'] != "") && (isset($HTTP_POST_VARS['bookingID']))) {
  $deleteSQL = sprintf("DELETE FROM bookings WHERE ID=%s",
                       GetSQLValueString($HTTP_GET_VARS['bookingID'], "int"));

  mysql_select_db($database_conn1, $conn1);
  $Result1 = mysql_query($deleteSQL, $conn1) or die(mysql_error());

  $deleteGoTo = "booking_cancelled.php?bookingID=".$HTTP_POST_ VARS['bookingID'].""; if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
    $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
    $deleteGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $deleteGoTo));

The line that I think has the problem is red.

Hope some one can help me.

Lynne

Lynne Maree Ryan

nikolai · July 30th, 2004, 01:29 PM

Well, take a look at your code a little more closely. There's a couple problems.

First, your if() statement checks to see if the "bookingID" variable was sent as a GET parameter AND a POST parameter. Odds are it's only passed by one method. You should rewrite your code to only check the method that you expect the parameter to be passed by.

Second, you're trying to print the value passed by POST, but the rest of your code (including the SQL statement) uses the value passed by GET.

Let me be clear: These are two differente variables!

Finally, you should use $_GET and $_POST instead of $HTTP_GET_VARS and $HTTP_POST_VARS. The $HTTP_xxx_VARS versions were deprecated years ago.

Oh yeah, one more thing -- if your site allows the user to submit the bookingID via GET AND POST, then you need to rewrite your code to handle either. You can't handle both at the same time, since you're only cancelling one booking. To handle both would imply cancelling TWO bookings... get it?

Here's a suggestion:

if (isset($_GET['bookingID']))
{
    $bookingID = $_GET['bookingID'];
}
else if (isset($_POST['bookingID']))
{
    $bookingID = $_POST['bookingID'];
}

// now comes your original code,
// except we use $bookingID instead of $HTTP_xxx_VARS['bookingID']

if (isset($bookingID && !empty($bookingID))
{
   $deleteSQL = ...

   ...

   $deleteGoTo = "booking_cancelled.php?bookingID={$bookingID}" ;

   ...
}

Hope this helps!

}

Take care,

Nik
http://www.bigaction.org/

wattle99 · July 30th, 2004, 08:18 PM

Hi
Thanks for your reply.
I understand where you are coming from. But tried replacing my code with what you suggested and ended up with an error message. Maybe I replaced the wrong bit :-( I have attached the code again and was wondering if you could make the changes so that I can copy it back in to my page.

Hope this doesn't seem lasy. If I can get the page working then I can study the code and hopefully understand what it is doing

<?php require_once('Connections/conn1.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

if ((isset($HTTP_GET_VARS['bookingID'])) && ($HTTP_GET_VARS['bookingID'] != "") && (isset($HTTP_POST_VARS['bookingID']))) {
  $deleteSQL = sprintf("DELETE FROM bookings WHERE ID=%s",
                       GetSQLValueString($HTTP_GET_VARS['bookingID'], "int"));

  mysql_select_db($database_conn1, $conn1);
  $Result1 = mysql_query($deleteSQL, $conn1) or die(mysql_error());

  $deleteGoTo = "booking_cancelled.php?bookingID=".$HTTP_POST_ VARS['bookingID']."";
  if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
    $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
    $deleteGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $deleteGoTo));
}
?>

Once again thanks for helping me.

Lynne Maree Ryan