Form calculator not working?

trekky28

Hi!
I have a form where users enter their votes and it is inserted into the db.
The form works but the validation isn't doing its job.. The total should be 58 and if it is below or over, an error should be displayed.
What could be wrong?

$check = "SELECT email, password FROM users WHERE email = '".$username."' and password = '".$password."'";

$a = $_POST["a"];
$b = $_POST["b"];
$c = $_POST["c"];
$d = $_POST["d"];
$e = $_POST["e"];
$f = $_POST["f"];
$g = $_POST["g"];
$h = $_POST["h"];
$i = $_POST["i"];
$j = $_POST["j"];
$k = $_POST["k"];

$submit = $_POST["userlogin"];
if($submit["userlogin"] == "add") {
	$total = "$a" + "$b" + "$c" + "$d" + "$e" + "$f" + "$g" + "$h" + "$i" + "$j" + "$k";
}
$rows = mysql_query($check) or die ("Supplied username and/or password is incorrect");
$numrows = mysql_numrows($rows);
if($numrows > 0)
if($total != 58) {

$query = "REPLACE INTO chart(email, a, b, c, d, e, f, g, h, i, j, k) VALUES('$username', '$a', '$b', '$c', '$d', '$e', '$f', '$g', '$h', '$i', '$j', '$k')";

$result = mysql_query($query);

echo "Your vote has been added, please wait or return to <a href=chart.php>vote</a> page.";

} else {
echo "Something went wrong";
}

qadeer_ahmad

Hi ,

Replace this line
$numrows = mysql_numrows($rows);
with
$numrows = mysql_num_rows($rows);

hope your problem will solve.

Enjoy

laserlight

if($total != 58)

That's a simple logic error. You say that if the total is not equal to 58, it should report an error, but you write that if the total is not equal to 58, update the database.

A few other things to note:
1. Failure to check incoming variables before use. You should use [man]isset/man or [man]empty/man to check that the $_POST variables actually exist before using them.

mysql_numrows() is deprecated, use mysql_num_rows() instead.
For $check, instead of writing "SELECT email, password FROM users", write "SELECT COUNT(email) FROM users", then check with mysql_result() instead of mysql_num_rows().

Houdini

What happens here?

if($numrows > 0)

then you have another if with a block after it, you have done nothing with this if statement.

laserlight

then you have another if with a block after it, you have done nothing with this if statement.

That's okay, just that it is dangerous style.

Consider:

$a = $b = true;
if ($a)
	if ($b) {
		echo 'foo';
	} else {
		echo 'bar';
	}
else
	echo 'baz';

trekky28

Yes I'm a newbie. :o
I edited this line, is it okay?

if($total = 58) {

And $numrows = mysql_num_rows($rows);

Why is SELECT count() better? User validation works as it is..

Can't get the form to work though. The values are inserted no matter if correct or not..

qadeer_ahmad

Replace your if condition with this and tell what you found output

if($numrows > 0)
{
print "Enter in ist IF<br>";
if($total != 58)
{
print "Enter in 2nd IF<br>";
$query = "REPLACE INTO chart(email, a, b, c, d, e, f, g, h, i, j, k) VALUES('$username', '$a', '$b', '$c', '$d', '$e', '$f', '$g', '$h', '$i', '$j', '$k')";
print $query."<br>";
$result = mysql_query($query);
echo "Your vote has been added, please wait or return to <a href=chart.php>vote</a> page.";
}
else
{
print "Total is not equal to 58 is :".$total."<br>";
}

}
else
{
echo "Something went wrong";
}

trekky28

The result page was:

Enter in ist IF
Enter in 2nd IF
REPLACE INTO chart(email, a, b, c, d, e, f, g, h, i, j, k) VALUES('xx@xx.com', '8', '10', '12', '7', '6', '5', '4', '3', '2', '8', '0')
Your vote has been added, please wait or return to vote page.

Form values are added even though if wrong..

Blulagoon

trekky28 wrote:
Yes I'm a newbie. :o
I edited this line, is it okay?

if($total = 58) {

And $numrows = mysql_num_rows($rows);

Why is SELECT count() better? User validation works as it is..

Can't get the form to work though. The values are inserted no matter if correct or not..

You need:

if($total ==58) {

With your code you were simply assigning the value of 58 to $total.

HTH - Blu

trekky28

I tried that too;

Username/Password OK (first IF)
Total is not equal to 58 is :

Something is wrong..

require ("configure.php");


function make_safe($variable) {
$variable = addslashes(trim($variable));
return $variable;
}

$mysql_link = mysql_pconnect( "$DBhost", "$DBuser", "$DBpass") or die
("Cannot reach the server. Please send a mail to $admin_email.");
mysql_select_db( "$DBName") or die( "Cannot reach the database. Please send a mail to $admin_email.");

$username = make_safe($_POST['username']);
$password = make_safe($_POST['password']);


$check = "SELECT email, password FROM users WHERE email = '".$username."' and password = '".$password."'";


$rows = mysql_query($check) or die ("Supplied username and/or password is incorrect");
$numrows = mysql_num_rows($rows);
$a = $_POST["a"];
$b = $_POST["b"];
$c = $_POST["c"];
$d = $_POST["d"];
$e = $_POST["e"];
$f = $_POST["f"];
$g = $_POST["g"];
$h = $_POST["h"];
$i = $_POST["i"];
$j = $_POST["j"];
$k = $_POST["k"];

$submit = $_POST["userlogin"];
if($submit["userlogin"] == "add") {
    $total = "$a" + "$b" + "$c" + "$d" + "$e" + "$f" + "$g" + "$h" + "$i" + "$j" + "$k";
} 
if($numrows > 0)
{
print "Username/Password OK<br>";
if($total ==58)
{
print "Data OK<br>";
$query = "REPLACE INTO chart(email, a, b, c, d, e, f, g, h, i, j, k) VALUES('$username', '$a', '$b', '$c', '$d', '$e', '$f', '$g', '$h', '$i', '$j', '$k')";
print $query."<br>";
$result = mysql_query($query);
echo "Your vote has been added, please wait or return to <a href=chart.php>vote</a> page.";
}
else
{
print "Total is not equal to 58 is :".$total."<br>";
}

}
else
{
echo "Something went wrong";
}

Houdini

Apparently all your $_POST variables are blank;

Username/Password OK (first IF)
Total is not equal to 58 is :

Looks like $total=""

scrupul0us

also.. may be trivial but instead of doing each letter assignment manually like:

$a = $_POST["a"];

do this:

for($i=65; $i<=75; $i++)  //A-K
{
$letter = chr($i);    

if($_POST["$letter"]) { $letter = $_POST["$letter"]; } //IF the post var exists assign it
}

trekky28

Thanks! I found why the values were null.
Thanks for help guys.

trekky28

I got some problems again.
I got rid of the test table and made a new one.

Everything works fine but it always displays error line "Something went wrong" even if mysql_query works. Any idea why? What could go wrong when all checks work perfectly?

<? 
require ("configure.php");


function make_safe($variable) {
$variable = addslashes(trim($variable));
return $variable;
}

$mysql_link = mysql_pconnect( "$DBhost", "$DBuser", "$DBpass") or die
("Cannot reach the server. Please send a mail to $admin_email.");
mysql_select_db( "$DBName") or die( "Cannot reach the database. Please send a mail to $admin_email.");

$username = make_safe($_POST['username']);
$password = make_safe($_POST['password']);

$check = "SELECT email, password FROM users WHERE email = '".$username."' and password = '".$password."'";

$rows = mysql_query($check) or die ("Supplied username and/or password is incorrect");
$numrows = mysql_num_rows($rows);

$al = $_POST["al"];
$ad = $_POST["ad"];
$am = $_POST["am"];
$bx = $_POST["bx"];
$be = $_POST["be"];
$ba = $_POST["ba"];
$bg = $_POST["bg"];
$hr = $_POST["hr"];
$cy = $_POST["cy"];
$dk = $_POST["dk"];
$ee = $_POST["ee"];
$fi = $_POST["fi"];
$fr = $_POST["fr"];
$de = $_POST["de"];
$gr = $_POST["gr"];
$ix = $_POST["ix"];
$ie = $_POST["ie"];
$il = $_POST["il"];
$lv = $_POST["lv"];
$lt = $_POST["lt"];
$mk = $_POST["mk"];
$mt = $_POST["mt"];
$md = $_POST["md"];
$mc = $_POST["mc"];
$nl = $_POST["nl"];
$no = $_POST["no"];
$pl = $_POST["pl"];
$pt = $_POST["pt"];
$ro = $_POST["ro"];
$ru = $_POST["ru"];
$si = $_POST["si"];
$es = $_POST["es"];
$se = $_POST["se"];
$ch = $_POST["ch"];
$tr = $_POST["tr"];
$ua = $_POST["ua"];
$gb = $_POST["gb"];

$total = "$al" + "$ad" + "$am" + "$bx" + "$be" + "$ba" + "$bg" + "$hr" + "$cy" + "$dk" + "$ee" + "$fi" + "$fr" + "$de" + "$gr" + "$ix" + "$ie" + "$il" + "$lv" + "$lt" + "$mk" + "$mt" + "$md" + "$mc" + "$nl" + "$no" + "$pl" + "$pt" + "$ro" + "$ru" + "$si" + "$es" + "$se" + "$ch" + "$tr" + "$ua" + "$gb";

if($numrows > 0)
{
print "Username/Password OK<br>";
if($total ==58)
{
print "Data OK<br>";
$query = "REPLACE INTO chart(email, al, ad, am, bx, be, ba, bg, hr, cy, dk, ee, fi, fr, de, gr, ix, ie, il, lv, lt, mk, mt, md, mc, nl, no, pl, pt, ro, ru, si, es, se, ch, tr, ua, gb) VALUES('$username', '$al', '$ad', '$am', '$bx', '$be', '$ba', '$bg', '$hr', '$cy', '$dk', '$ee', '$fi', '$fr', '$de', '$gr', '$ix', '$ie', '$il', '$lv', '$lt', '$mk', '$mt', '$md', '$mc', '$nl', '$no', '$pl', '$pt', '$ro', '$ru', '$si', '$es', '$se', '$ch', '$tr', '$ua', '$gb')";
print $query."<br>";
$result = mysql_query($query);
echo "Your vote has been added, please wait or return to <a href=vote.php>vote</a> page.";
}
else
{
print "Error in form. Please take a look at the form and try again!";
}

}
else
{
echo "Something went wrong. Please take a look at the form and try again!";
}



?>

Blulagoon

Just an observation .....

$check = "SELECT email, password FROM users WHERE email = '".$username."' and password = '".$password."'";

Should that be WHERE email=$username or
WHERE username=$username

Blu

trekky28

No that line is fine.
All connection goes through OK and $query works. Why does it print error anyway?

Blulagoon

What exactly is the print error. Try adding these two lines above the first IF and see if the values echo'd out help at all.

echo $numrows."<br>";
echo $total."<br>";
if($numrows > 0)

If you are getting the something is wrong error message then $numrows is not greater than 0, which would be the case if $numrows had no value.

If you are getting the go back to the form and check error message, then $total is not 58. The above code should answer these questions for you.

HTH - Blu