Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    New Coder
    Join Date
    Sep 2011
    Posts
    78
    Thanks
    15
    Thanked 0 Times in 0 Posts

    Radio Button trying to reference DB field (NEED HELP)

    I wasn't sure what to put in the TITLE sorry guys...

    Okay so here is what i am trying to do....i am trying to make a page where a user can ADD users into the Database being used. It is a very simple page...the user must enter a username, firstname, lastname, password, and using RADIO buttons must distinguish if the user being added is a DOCTOR or a Receptionist

    My table for users in the database looks something like this:

    Table Users:
    user_id INT (PRIMARY KEY)
    username
    fname
    lnam
    pword
    role (INT)

    Now here is my QUESTION.... I want to be able to distinguish between a Doctor and a receptionist by using the Radio Buttons like i mentioned ABOVE. My IDEA was something like this.

    If the user being added is a Doctor and the radio button "doctor" is selected then pass the number '1' to the role field in the DB.

    OR

    if the user being added is a receptionist then pass a '2' to the role field in the DB.

    HOW WOULD I GO ABOUT DOING THIS TEST and passing a '1' or '2' value into the DB?

    Here is my code that i have so far for the 'add user' pageTHE RADIO BUTTONS I USED ARE LOCATED AT THE VERY BOTTOM OF THIS CODE)
    Code:
    <?php
    $db = mysql_connect( "localhost","root", "temp1234");
    mysql_select_db( "DoctorsOfficeDB");
    include( "office-user.php" );
    
    // POST handler
    $added = false;
    if( $_POST )
    {
       // instantiate data class
       $postdata = new User( $_POST );
    
       if( $postdata->validate() )
       {
          $postdata->insert();
    
          $added = $postdata->user;
          $postdata = NULL;
       }
    }
    
    ?>
    <html>
    
    <head>
    
    <title>Add User</title>
    
    <script src="add-user.js"></script>
    
    </head>
    
    <body>
    
    <h1>Add User</h1>
    
    <? if( $added ) { ?>
          <h3>User <?=$added?> successfully added</h3>
    <? } ?>
    
    <form action="add-user.php" method=POST>
    
    <table>
    
      <tr><td>username:</td>
          <td><input type="textbox" name="username" id="username" value="<?=$postdata->user?>">
    	            <div  id="usernameerr" style="color:red;
    	 <? if ($postdata->user_err){
    			echo "\">";
    			echo $postdata->user_err;
    	  } else
    			{
    				echo "display:none;\">";
    				}
    	  ?>
    	  </div>
     
      </td></tr>
    
      <tr><td>password:</td>
          <td><input type="password" name="password" id="pw1"></td></tr>
    
      <tr><td>re-type password:</td>
          <td><input type="password" name="password2" id="pw2">
          <? if( $postdata->pass_err ) { ?>
                <div style="color:red;" id="pw2err"><?=$postdata->pass_err?>
          <? } ?>
      </td></tr>
    
      <tr><td colspan="2"><hr><h4>User Info:</h4></td></tr>
    
      <tr><td>First Name:</td>
          <td><input type="textbox" name="first_name" id="fname" value="<?=$postdata->fname?>"></td></tr>
    
      <tr><td>Last Name:</td>
          <td><input type="textbox" name="last_name" id="lname" value="<?=$postdata->lname?>">
          <? if( $postdata->name_err ) { ?>
                <div style="color:red;" id="lnameerr"><?=$postdata->name_err?>
          <? } ?>
      </td></tr>
    
      <tr><td>Role:</td>
          <td><input type="radio" name="role" id="r1" value="<?=$postdata->role?>"> Doctor <br /></td></tr>
    	<td><input type="radio" name="role2" id="r2" value="<?=$postdata->role2?>"> Nurse/receptionist <br /></td></tr>
    
      <tr><td>&nbsp;</td>
          <td><input type="submit" value="Submit"></td></tr>
    
    </form>
    
    </body>
    
    </html>
    Here is my other code that is a separate php file that calls functions to validate teh data being entered and does the ACTUAL SQL INSERT command. I am not sure if I need to change the INSERT statement to distinguish which role is being
    entered (Doctor or Receptionist)
    MY INSERT statement is inside the FUNCTION called insert
    Code:
    <?
    // a class
    class User
    {
       public $user, $pass, $fname, $lname, $role;
       public $user_err, $pass_err, $name_err;
    
       public function __construct( $post_array ) {
          $this->user = $_POST['username'];
          $this->pass = $_POST['password'];
          $this->pass2 = $_POST['password2'];
          $this->fname = $_POST['first_name'];
          $this->lname = $_POST['last_name'];
         $this->role = $_POST['role'];
          $this->role2 = $_POST['role2'];
    
          $this->user_err = NULL;
          $this->pass_err = NULL;
          $this->name_err = NULL;
       }
    
       public function validate() {
    
          // username isn't a duplicate
          if( !$this->user ) {
             $this->user_err = "Please specify username";
          } else if( duplicate( $this->user ) ) {
             $this->user_err = "That username is already in use";
          }
    
          // passwords match and are at least 6 chars
          if( !$this->pass || strlen( $this->pass ) < 6 ) {
             $this->pass_err = "Password must be at least 6 characters";
          } else if( $this->pass != $this->pass2 ) {
             $this->pass_err = "Passwords do not match";
          }
    
          // first/last name aren't blank
          if( !$this->fname || !$this->lname ) {
             $this->name_err = "Please provide a first and last name";
          }
    
          return !$this->has_errors();
       }
    
       public function has_errors() {
          return $this->user_err || $this->pass_err || $this->name_err;
       }
    
       public function insert()
       {
          $sql = "
    INSERT INTO users 
    (username, f_name, l_name, role, pword)
    VALUES ( '$this->user', '$this->fname', '$this->lname', '$this->role', aes_encrypt( 'The Secret Phrase', '$this->pass' );";
    
          mysql_query( $sql ) or die( "Error( $sql): " . mysql_error() );
       }
    }
    
    function duplicate( $username )
    {
       $sql = "SELECT id FROM users WHERE username = '$username'";
    
       $result = mysql_query( $sql ) or die( "Error( $sql): " . mysql_error() );
    
       return mysql_num_rows( $result ) > 0;
    }
    
    ?>
    Last edited by VickP07; 11-05-2011 at 08:52 PM.

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,207
    Thanks
    80
    Thanked 4,453 Times in 4,418 Posts
    Radio buttons aren't radio buttons unless they have *SAME NAME* in the <form>!!!

    Might I suggest also dropping your "1" and "2" for something more readily understood?

    Code:
    <tr>
        <td>Role:</td>
        <td><input type="radio" name="role" value="DR"
                 <?= if( $postdata->role == "DR") echo "checked" ?> > Doctor <br /></td></tr>
        <td><input type="radio" name="role" value="RN"
                 <?= if( $postdata->role == "RN") echo "checked" ?> > Nurse/receptionist <br /></td></tr>
    Change your table to this:
    Code:
    Table Users:
        user_id INT (PRIMARY KEY)
        username
        fname
        lname
        pword
        role  CHAR(2)
    And simply store $_POST["role"] into that role field.

    In MySQL, a CHAR(3) field takes the same space as an INT field, so you gain readability and usability and sacrifice nothing, neither space nor speed.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #3
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,207
    Thanks
    80
    Thanked 4,453 Times in 4,418 Posts
    The alternative would be to use a MySQL ENUM type (which looks like a string in terms of setting and getting the values but which is actually an INT or even TINYINT in the table).

    But for this situation, the CHAR() makes just as much sense.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,207
    Thanks
    80
    Thanked 4,453 Times in 4,418 Posts
    I should also point out that this is really bad coding/practice:
    Code:
          $sql = "
    INSERT INTO users 
    (username, f_name, l_name, role, pword)
    VALUES ( '$this->user', '$this->fname', '$this->lname', '$this->role', aes_encrypt( 'The Secret Phrase', '$this->pass' );";
    You really should be using mysql_real_escape_string on any text input field, to prevent SQL injection and also to handle the case of names with apostrophes in them (e.g., "O'Leary").
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    VickP07 (11-06-2011)

  • #5
    New Coder
    Join Date
    Sep 2011
    Posts
    78
    Thanks
    15
    Thanked 0 Times in 0 Posts
    Thank you so much for your feedback i ended up getting it working prior to reading all the replys *(i saw that i had my radio buttons with different names and that was a big mistake and u pointed out)

    This is what i ended up doing.
    Code:
      <tr><td>Role:</td>
          <td><input type="radio" name="role" id="r1" value="1"> Doctor <br /></td>
    	<td><input type="radio" name="role" id="r2" value="2"> Nurse/receptionist</td></tr>
    then in another php file used for data validation i created a function called insert that actually did the insert statement.

    Code:
       public function insert()
       {
       
          $sql = "
    INSERT INTO users 
    (username, f_name, l_name, role, pword)
    VALUES ( '$this->user', '$this->fname', '$this->lname', '$this->role', aes_encrypt( 'The Secret Phrase', '$this->pass' ));";
    
          mysql_query( $sql ) or die( "Error( $sql): " . mysql_error() );  
    
       }

  • #6
    New Coder
    Join Date
    Sep 2011
    Posts
    78
    Thanks
    15
    Thanked 0 Times in 0 Posts
    The reason i made role as an INT in my table was only because i was thinking of the future way i would need to use this role field when i create the rest of the web pages.

    My idea was this: a doctor would only be able to do certain things and so i would do a test later on if the role is = 1 then display the page if not then deny access, but i suppose the char datatype would work just as well. Thanks!

    i guess i should change it then like you said.

    also im a little confused on how to use mysql_real_escape_string function....would it be something liek this:

    $this->user = mysql_real_escape_string($_POST['username']);

  • #7
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,207
    Thanks
    80
    Thanked 4,453 Times in 4,418 Posts
    Quote Originally Posted by VickP07 View Post
    i guess i should change it then like you said.
    You don't have to, but I think it's better. The other excellent choice is to use a MySQL ENUM type. Read up on them.

    also im a little confused on how to use mysql_real_escape_string function....would it be something liek this:

    $this->user = mysql_real_escape_string($_POST['username']);
    It depends. If you won't want to re-display $this->user back out to the HTML page, then sure. But if you might use that both to echo confirmation to the screen *AND* to insert into the SQL, then no. Then just do it as part of building the SQL.

    One of the things that function does, just for example, is convert an apostrophe (') into \' (the escape mechanism for MySQL). So if you echoed back a person's name to the HTML it would look funny seeing the name O\'Leary
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • Users who have thanked Old Pedant for this post:

    VickP07 (11-06-2011)

  • #8
    New Coder
    Join Date
    Sep 2011
    Posts
    78
    Thanks
    15
    Thanked 0 Times in 0 Posts
    So something like this ?:

    Code:
       public function insert()
       {
       
          $sql = "
    INSERT INTO users 
    (username, f_name, l_name, role, pword)
    VALUES ( '$this->user',  mysql_real_escape_string('$this->fname'),  mysql_real_escape_string('$this->lname'), '$this->role', aes_encrypt( 'The Secret Phrase', '$this->pass' ));";
    
          mysql_query( $sql ) or die( "Error( $sql): " . mysql_error() );  
    
       }
    Also i am running into a problem right now with my radio buttons. I am doing data validation and i wanted to make sure to send a error msg if the user forgets to select one radio button.

    the error message comes out correctly but it also shifts one of my radio buttons a little bit up making it look kinda "messy"
    Well then i make sure i select one radio button and if I select the "nurse/recept." radio button it will save the user into the DB

    BUT if i select the DOCTOR radio button and hit save, the data gets saved wrong in the users table.

    i dunno if the shifting of the radio button is causing this error or if it may just be my code?
    Code:
      <tr><td>Role:</td>
          <td><input type="radio" name="role" id="r1" value="1"> Doctor <br /></td>
    	<td><input type="radio" name="role" id="r2" value="2"> Nurse/receptionist
    	<? if( $postdata->pass_err3) { ?>
    			<div style="color:red;" id="rolemsg"><?=$postdata->pass_err3?>
    	<? } ?>
    	</td></tr>
    This is a separate php file used for data validation
    Code:
    	  //user forgot to provide a ROLE (doctor or nurse)
    	  if( $this->role == 0)
    	  {
    		$this->pass_err3 = "Please select one Role";
    	  }
    I wish i could send you a picture of what exactly i am talking about to make more sense but basically when the user forgets to select one radio button the form displays an error
    for example:

    Nurse/receptionist O
    role: Doctor O Please select one Role

    Then i try to select Doctor and when it saves the data seems to get mixed up the BLOB password encrypted seems to get mixed into the user_id (PRIMARY KEY FIELD) the rest of the user info (name) display in the DB correctly but the user_id seems to be getting encrypted for some reason?

  • #9
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,207
    Thanks
    80
    Thanked 4,453 Times in 4,418 Posts
    Sorry, I'm not a PHP user. I've only learned enough to know how it interacts with MySQL.

    I don't think this actually has anything to do with MySQL. Have you DEBUGGED?

    Have you dumped out all the $_POST variables at the top of your page as a check?

    At a bare bones minimum, have you at least debugged the SQL statement???

    That is:
    Code:
          $sql = "
    INSERT INTO users 
    (username, f_name, l_name, role, pword)
    VALUES ( '$this->user', '$this->fname', '$this->lname', '$this->role', aes_encrypt( 'The Secret Phrase', '$this->pass' ));";
    
        echo "<hr>DEBUG SQL: " . $sql . "<hr/>\n";
    
        mysql_query( $sql ) or die( "Error( $sql): " . mysql_error() )
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #10
    New Coder
    Join Date
    Sep 2011
    Posts
    78
    Thanks
    15
    Thanked 0 Times in 0 Posts
    i used a debug statement to see if my data being passed is correct and it all is right, but for some reason when it gets to the DB it gets mixed up with the Primary_Key field and it only happens when the radio button error message displays. when the radio buttons shifts on the page because the error msg displays then the data saved in the DB comes out all wrong

  • #11
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,207
    Thanks
    80
    Thanked 4,453 Times in 4,418 Posts
    So do it here:
    Code:
       public function __construct( $post_array ) {
          $this->user = $_POST['username'];
          $this->pass = $_POST['password'];
          $this->pass2 = $_POST['password2'];
          $this->fname = $_POST['first_name'];
          $this->lname = $_POST['last_name'];
         $this->role = $_POST['role'];
          $this->role2 = $_POST['role2'];
    
          echo "From POST:<ul><li>user: $this->user</li><li>pass: $this->pass</li>"
             . "<li>pass2: $this->pass2</li><li>fname: $this->fname</li><li>lname: $this->lname</li>"
             . "<li>role: $this->role</li><li>role2: $this->role2</li></ul>\n";
    
         ... continue ...
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #12
    New Coder
    Join Date
    Sep 2011
    Posts
    78
    Thanks
    15
    Thanked 0 Times in 0 Posts
    i guess the AES_encrypt is what is causing this mistake in the DB cuz after i debug the SQL statement on the page and echoed it out to see if the data being passed is okay, i copied it into a SQL terminal and the same thing happened the user_id picks up the encryption for some strange reason???


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •