Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 16

Thread: PHP Math

  1. #1
    New Coder
    Join Date
    Feb 2010
    Posts
    43
    Thanks
    9
    Thanked 0 Times in 0 Posts

    PHP Math

    I am having trouble getting this script to work. What I am trying to do: Get the
    two form inputs ($reason & $prev) to subtract and take that number and send it to the database along with those ^. For example:

    $reason = $10.00
    $prev = $15.00
    $dif = +$5.00

    I really don't know where to start on this one. Any help is appreciated. Thanks.

  • #2
    Senior Coder
    Join Date
    May 2005
    Posts
    2,137
    Thanks
    96
    Thanked 72 Times in 72 Posts
    Code:
    $prev = '15';
    $reason = '10';
    $dif = $prev - $reason;
    
    echo 'There is a difference of $dif';
    Rowsdower! has accused me of having mental problems, and the administrator allowed it. What a great forum huh?

  • #3
    New Coder
    Join Date
    Feb 2010
    Posts
    43
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by masterofollies View Post
    Code:
    $prev = '15';
    $reason = '10';
    $dif = $prev - $reason;
    
    echo 'There is a difference of $dif';
    The thing is the users input the numbers. (I had already tried something like that)

    I had tried something like this.

    PHP Code:
    $dif $reason $prev;
    echo
    "$dif"
    Whole code:
    PHP Code:
    <?
    ob_start
    ();
    include(
    "config.php");
    switch(
    $_GET[act]){
    default:
    if(
    $logged[username] && !$_POST[report]){
    echo 
    "
    <form method=\"post\" action=\"report.php?act=do\">

    <b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Website</b>: (<i>FullTilt, PokerStars, etc.</i>)<br />
    <input type=\"text\" class=\"input\" name=\"user\" size=\"15\"><br />

    <b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Current Bankroll</b>: (<i>ex. 152.65</i>)<br />$
    <input type=\"text\" class=\"input\" name=\"reason\" size=\"15\"><br />

    <b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Starting Bankroll</b>: (<i>ex. 68.25</i>)<br />$
    <input type='text' class='input' name='prev' size='15'><br />

    <input type=\"submit\" class=\"input\" name=\"report\" value=\"Report Bankroll\">
    </form>
    "
    ;
    }else {
    if(!
    $logged[username] && !$_POST[report]){
    echo 
    "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Are Not Logged In";
    }
    }
    $dif $reason $prev;
    echo
    "$dif";
    break;

    case 
    'do':
    if(
    $logged[username] && $_POST[report]){
    $user stripslashes(htmlspecialchars($_POST[user]));
    $reason stripslashes(htmlspecialchars($_POST[reason]));
    $prev stripslashes(htmlspecialchars($_POST[prev]));
    $dif stripslashes(htmlspecialchars($_POST[dif]));
    $date date("d-m-y");
    $errs = array();
    if(empty(
    $user)){
    $errs[] = "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Enter A Username<br />";
    }
    if(empty(
    $reason)){
    $errs[] = "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Enter A Reason<br />";
    }
    if(
    count($errs) > 1){ 
    foreach(
    $errs as $oops){
    echo 
    "$oops";
    }
    }else{
    $sql "INSERT INTO reps(`username`,`reason`,`prev`,`dif`,`date`,`reported_by`) VALUES ('$user',$reason,$prev,$dif,'$date','$logged[username]')";
    report == mysql_query$sql );
    echo 
    "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><meta http-equiv=\"Refresh\" content=\"10; URL=usercp.php\"/><center>Thank you <b>$user</b>, you are being redirected.</center><br>";
    }
    }elseif(
    $logged[username] && !$_POST[report]){
    echo 
    "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Go Back And Submit The Form";
    }elseif(!
    $logged[username] && !$_POST[report]){
    echo 
    "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Are Not Logged In";
    }
    break;
    }
    ?>

  • #4
    Regular Coder
    Join Date
    Jul 2002
    Posts
    301
    Thanks
    7
    Thanked 2 Times in 2 Posts
    Hi

    I didn't look carefully at your code or test it however one thing stands out.
    PHP Code:
    $myvar stripslashes(htmlspecialchars($_POST['postVar'])); 
    Would probably work as expected. Note the single quotes in the $_POST array value.

    PHP Code:
    $myvar stripslashes(htmlspecialchars($_POST[postVar])); 
    may not work.

    Since the POST value will be a string you might want to read these functions:
    http://us2.php.net/manual/en/function.is-float.php
    http://us2.php.net/manual/en/function.is-numeric.php
    http://us2.php.net/manual/en/function.floatval.php
    http://us2.php.net/manual/en/function.intval.php
    This can be interesting too:
    http://php.net/manual/en/language.ty...e-juggling.php
    http://www.php.net/manual/en/languag...es.typecasting
    http://www.php.net/manual/en/types.comparisons.php

    So assuming the rest of the code is fine perhaps:
    PHP Code:
    $prev stripslashes(htmlspecialchars($_POST['prev'
    then
    PHP Code:
    $dif intval($reason) - intval($prev); 
    That said you should really test that they actually entered numbers after all.
    PHP Code:
    if(is_numeric($reason)&&is_numeric($prev))//otherwise what if they enter $15 instead of 15.
    {
        
    $dif intval($reason) - intval($prev);
    }
    else
    {
        
    $dif 'invalid input';  

    Or some such.

    The above is untested, off the top of my head code early in the morning after a late night and before coffee. In short or not have caught everything, I may be wrong but that's what I could see easily.
    Last edited by MattyUK; 02-28-2010 at 02:18 PM.

  • #5
    New Coder
    Join Date
    Feb 2010
    Posts
    43
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by MattyUK View Post
    Hi

    I didn't look carefully at your code or test it however one thing stands out.
    PHP Code:
    $myvar stripslashes(htmlspecialchars($_POST['postVar'])); 
    Would probably work as expected. Note the single quotes in the $_POST array value.

    PHP Code:
    $myvar stripslashes(htmlspecialchars($_POST[postVar])); 
    may not work.

    Since the POST value will be a string you might want to read these functions:
    http://us2.php.net/manual/en/function.is-float.php
    http://us2.php.net/manual/en/function.is-numeric.php
    http://us2.php.net/manual/en/function.floatval.php
    http://us2.php.net/manual/en/function.intval.php
    This can be interesting too:
    http://php.net/manual/en/language.ty...e-juggling.php
    http://www.php.net/manual/en/languag...es.typecasting
    http://www.php.net/manual/en/types.comparisons.php

    So assuming the rest of the code is fine perhaps:
    PHP Code:
    $prev stripslashes(htmlspecialchars($_POST['prev'
    then
    PHP Code:
    $dif intval($reason) - intval($prev); 
    That said you should really test that they actually entered numbers after all.
    PHP Code:
    if(is_numeric($reason)&&is_numeric($prev))//otherwise what if they enter $15 instead of 15.
    {
        
    $dif intval($reason) - intval($prev);
    }
    else
    {
        
    $dif 'invalid input';  

    Or some such.

    The above is untested, off the top of my head code early in the morning after a late night and before coffee. In short or not have caught everything, I may be wrong but that's what I could see easily.
    I tried what you posted. But it gave my a syntax error in PMA, it was around the date. So I just removed the date value all together and found that it didn't recieve the number. So either I didn't put the code in the right spot or there is something wrong. :P I am a total n00b so all I can do is guess.

    PHP Code:
    <?
    ob_start
    ();
    include(
    "config.php");
    switch(
    $_GET[act]){
    default:
    if(
    $logged[username] && !$_POST[report]){
    echo 
    "
    <form method=\"post\" action=\"report.php?act=do\">

    <b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Website</b>: (<i>FullTilt, PokerStars, etc.</i>)<br />
    <input type=\"text\" class=\"input\" name=\"user\" size=\"15\"><br />

    <b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Current Bankroll</b>: (<i>ex. 152.65</i>)<br />$
    <input type=\"text\" class=\"input\" name=\"reason\" size=\"15\"><br />

    <b><font type='verdana' size='2'><body link='white' alink='white' vlink='white'>Starting Bankroll</b>: (<i>ex. 68.25</i>)<br />$
    <input type='text' class='input' name='prev' size='15'><br />

    <input type=\"submit\" class=\"input\" name=\"report\" value=\"Report Bankroll\">
    </form>
    "
    ;
    }else {
    if(!
    $logged[username] && !$_POST[report]){
    echo 
    "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Are Not Logged In";
    }
    }
    if(
    is_numeric($reason)&&is_numeric($prev))
    {
        
    $dif intval($reason) - intval($prev);
    }
    else
    {
        
    $dif 'invalid input';  
    }  
    break;

    case 
    'do':
    if(
    $logged[username] && $_POST[report]){
    $user stripslashes(htmlspecialchars($_POST[user]));
    $reason stripslashes(htmlspecialchars($_POST[reason]));
    $prev stripslashes(htmlspecialchars($_POST[prev]));
    $dif stripslashes(htmlspecialchars($_POST[dif]));
    $errs = array();
    if(empty(
    $user)){
    $errs[] = "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Enter A Username<br />";
    }
    if(empty(
    $reason)){
    $errs[] = "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Enter A Reason<br />";
    }
    if(
    count($errs) > 1){ 
    foreach(
    $errs as $oops){
    echo 
    "$oops";
    }
    }else{
    $sql "INSERT INTO reps(`username`,`reason`,`prev`,`dif`,`reported_by`) VALUES ('$user',$reason,$prev,$dif,'$logged[username]')";
    echo 
    "DEBUG SQL: $sql<hr>";
    report == mysql_query$sql );
    echo 
    "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><meta http-equiv=\"Refresh\" content=\"10; URL=usercp.php\"/><center>Thank you <b>$user</b>, you are being redirected.</center><br>";
    }
    }elseif(
    $logged[username] && !$_POST[report]){
    echo 
    "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Must Go Back And Submit The Form";
    }elseif(!
    $logged[username] && !$_POST[report]){
    echo 
    "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: You Are Not Logged In";
    }
    break;
    }
    ?>

  • #6
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    Have you tried something like this?
    PHP Code:
    $reason = (float) trim($_POST['reason'], '$ ');
    $prev = (float) trim($_POST['prev'], '$ ');
    $diff number_format($prev $reason); 

  • #7
    New Coder
    Join Date
    Feb 2010
    Posts
    43
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Inigoesdr View Post
    Have you tried something like this?
    PHP Code:
    $reason = (float) trim($_POST['reason'], '$ ');
    $prev = (float) trim($_POST['prev'], '$ ');
    $diff number_format($prev $reason); 
    Unless I didn't put it in the right spot, didn't work. If this would be easier, is there a way to make it so it shows up in the area where you view the numbers? (I have an admin panel where you view the 3 variables) Is there a way that in that file it just does the math, so it doesn't have to deposit to the DB at all? Ill post the code for that as well. (I have had a couple failed attempts to do this)

    PHP Code:
    <?php
    ob_start
    ();
    include(
    "config.php");
    switch(
    $_GET[x]){
    default:
    if (
    $logged[username] && $logged[level] == Admin){
    $get mysql_query("SELECT * FROM reps") or die(mysql_error());
    $gnum mysql_num_rows($get);
    if(
    $gnum == 0){
    echo 
    "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'><b>Error</b>: There Are No Reports To Review";
    }else{
    echo 
    "<font type='verdana' size='2'><body link='white' alink='white' vlink='white'>There Are Currently $gnum Reports To Review<br>";
    while(
    $ec mysql_fetch_array($get)){
    echo 
    "<table width='150' align='Left'>

    <tr>
    <td width='150' align='left' valign='top'>
    <b><font type='verdana' size='2'><body link='black' alink='black' vlink='black'></b><br />
    &nbsp;<b>Reported By</b>:  $ec[reported_by]
    </td>
    </tr>

    <tr>
    <td width='200' colspan='2' align='center' valign='top'>
    <b><font type='verdana' size='2'><body link='black' alink='black' vlink='black'>Current Bankroll</b>:  <font type='verdana' size='2'><body link='black' alink='black' vlink='black'>$ec[reason]
    </td>
    </tr>

    <tr>
    <td width='200' colspan='2' align='center' valign='top'>
    <b><font type='verdana' size='2'><body link='black' alink='black' vlink='black'>Previous Bankroll</b>:  <font type='verdana' size='2'><body link='black' alink='black' vlink='black'>$ec[prev]
    </td>
    </tr>

    <tr>
    <td width='350' colspan='3' align='center' valign='top'>
    <b><font type='verdana' size='2'><body link='black' alink='black' vlink='black'>Date Reported</b>:<br><font type='verdana' size='2'><body link='black' alink='black' vlink='black'> $ec[date]<br><a href='repcp.php?x=warn&y=$ec[username]'>Warn User</a>&nbsp;|&nbsp;<a href='repcp.php?x=delete&id=$ec[id]'>Delete</a>
    </td>
    </tr>
    </table>"
    ;


    }
    break;
    case 
    'warn':
    if (
    $_GET[y]){
    if(!
    $_POST[warn]){
    echo 
    "<form method='post'>
    <b>Username</b>:<br />
    <input type='text' name='user' class='input' value='$_GET[y]' readonly='readonly'><Br />
    <b>Warn Reason</b>:<Br />
    <textarea rows='5' cols='35' class='textarea' name='reason'></textarea><br />
    <input type='submit' name='warn' value='Warn $_GET[y]'>
    </form>"
    ;
    }else{
    $user strip_tags(stripslashes($_POST[user]));
    $reason stripslashes(strip_tags($_POST[reason]));
    $date date("l, F d, Y");
    mysql_query("INSERT INTO warnings (`user`,`reason`,`from`,`date`) VALUES ('$user','$reason','$logged[username]','$date')") or die(mysql_error()); //mysql query to insert or die
    echo "$user Has Been Warned";

    } else {
    echo 
    "<b>Error</b>: No User Selected";

    break;
    case 
    'delete':
    if(
    $_GET[id]){
    mysql_query("DELETE FROM reps WHERE id = '$_GET[id]'") or die(mysql_error());
    echo 
    "<meta http-equiv=\"Refresh\" content=\"0; URL=repcp.php\"/>Report Deleted. Redirecting...";
    } else {
    echo 
    "<b>Error</b>: No Report Was Selected To Delete";
    }
    break;
    }
    ?>

  • #8
    Super Moderator Inigoesdr's Avatar
    Join Date
    Mar 2007
    Location
    Florida, USA
    Posts
    3,647
    Thanks
    2
    Thanked 406 Times in 398 Posts
    I don't see anything like that in the code you posted. And you should know that script is incredibly insecure.

  • #9
    Regular Coder
    Join Date
    Jul 2002
    Posts
    301
    Thanks
    7
    Thanked 2 Times in 2 Posts
    Hi SBDTHRU

    Ok, strictly as a learning aid I've prepared a very quick sample page for you that you might learn from whilst picking apart.

    PHP Code:
    <?php 

    /*
     Strictly as a learning exercise.
     There is a lot wrong but this should give you enough to play with and learn from.
     For example:
      How will it cope if people enter in 1,200.00?
      Perhaps you'll always want to round down... or always up.
      Is it HTML or XHTML?
      Should we really use $_SERVER["PHP_SELF"]?
      How can you get it to always display the trailing zeros... 
                       (http://php.net/manual/en/function.money-format.php)
      Negative numbers?
      Very very large numbers?
      Extra junk entered by users?
       ...and so on.
     */

    //get the values with some sanity filtering from POST.
    //Note the single quotes around the POST value names (ALL of them that we use).
    $prev stripslashes(htmlspecialchars(trim($_POST['prev'],'$ ')));
    $reason stripslashes(htmlspecialchars(trim($_POST['reason'],'$ ')));
    //We can only use them if they are valid numbers, so lets test
    if(is_numeric($prev))
    //yep a number
        
    $prev floatval($prev);
    }
    else
    //nah, bad input so zero it out
        
    $prev 0.00;
    }
    if(
    is_numeric($reason))
    //yep a number
        
    $reason floatval($reason);
    }
    else
    //nah, bad input so zero it out
        
    $reason 0.00;
    }
    //the php math part
    $dif round($reason $prev,2);

    echo 
    '<html><head></head><body><form method="post" action="'.$_SERVER["PHP_SELF"].'" >
    <table width="400" border="1" cellpadding="5">
        <tr><th colspan="2">Example</th></tr>
        <tr>
            <td align="right">Previous Value:</td><td><input type="text" maxlength="9" size="9" name="prev" value="$'
    .htmlspecialchars($prev).'"/></td>
        </tr>
        <tr>
            <td align="right">Reasoned Value:</td><td><input type="text" maxlength="9" size="9" name="reason" value="$'
    .htmlspecialchars($reason).'"/></td>
        </tr>
        <tr>
            <td align="right"><input type="reset" value="Reset"/></td><td><input type="submit" value="Update"/></td>
        </tr>
        <tr>
            <td align="right">Difference:</td><td><input type="text" maxlength="9" size="9" name="dif" value="$'
    .htmlspecialchars($dif).'"/></td>
        </tr>
    </table>
    </form></body></html>'
    ;

    ?>
    Hope it helps.

    Matty

  • #10
    New Coder
    Join Date
    Feb 2010
    Posts
    43
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by MattyUK View Post
    Hi SBDTHRU

    Ok, strictly as a learning aid I've prepared a very quick sample page for you that you might learn from whilst picking apart.

    PHP Code:
    <?php 

    /*
     Strictly as a learning exercise.
     There is a lot wrong but this should give you enough to play with and learn from.
     For example:
      How will it cope if people enter in 1,200.00?
      Perhaps you'll always want to round down... or always up.
      Is it HTML or XHTML?
      Should we really use $_SERVER["PHP_SELF"]?
      How can you get it to always display the trailing zeros... 
                       (http://php.net/manual/en/function.money-format.php)
      Negative numbers?
      Very very large numbers?
      Extra junk entered by users?
       ...and so on.
     */

    //get the values with some sanity filtering from POST.
    //Note the single quotes around the POST value names (ALL of them that we use).
    $prev stripslashes(htmlspecialchars(trim($_POST['prev'],'$ ')));
    $reason stripslashes(htmlspecialchars(trim($_POST['reason'],'$ ')));
    //We can only use them if they are valid numbers, so lets test
    if(is_numeric($prev))
    //yep a number
        
    $prev floatval($prev);
    }
    else
    //nah, bad input so zero it out
        
    $prev 0.00;
    }
    if(
    is_numeric($reason))
    //yep a number
        
    $reason floatval($reason);
    }
    else
    //nah, bad input so zero it out
        
    $reason 0.00;
    }
    //the php math part
    $dif round($reason $prev,2);

    echo 
    '<html><head></head><body><form method="post" action="'.$_SERVER["PHP_SELF"].'" >
    <table width="400" border="1" cellpadding="5">
        <tr><th colspan="2">Example</th></tr>
        <tr>
            <td align="right">Previous Value:</td><td><input type="text" maxlength="9" size="9" name="prev" value="$'
    .htmlspecialchars($prev).'"/></td>
        </tr>
        <tr>
            <td align="right">Reasoned Value:</td><td><input type="text" maxlength="9" size="9" name="reason" value="$'
    .htmlspecialchars($reason).'"/></td>
        </tr>
        <tr>
            <td align="right"><input type="reset" value="Reset"/></td><td><input type="submit" value="Update"/></td>
        </tr>
        <tr>
            <td align="right">Difference:</td><td><input type="text" maxlength="9" size="9" name="dif" value="$'
    .htmlspecialchars($dif).'"/></td>
        </tr>
    </table>
    </form></body></html>'
    ;

    ?>
    Hope it helps.

    Matty
    Your post was extremely helpful, and indeed I did learn a lot from it. But I had a few problems. I tried to see any errors and correct them. But there were things that I just couldn't get around.

    This for one, was the first thing I ran into. The "" gives it a syntax error but when I try to avoid that by doing \"\" or '', it still has the same problem..

    PHP Code:
    <form method="post" action="'.$_SERVER["PHP_SELF"].'" 

  • #11
    Regular Coder
    Join Date
    Jul 2002
    Posts
    301
    Thanks
    7
    Thanked 2 Times in 2 Posts
    Hi

    I can't spot a single place where there is two double quotes "" but if so that would give you an error.

    Assuming you pasted exactly as posted it should be fine. I tested before posting and did not get any errors or warnings.

    Could you eyes be playing a trick. "' look like "" ? I did use a double quote followed by s single quote "' then the reverse a single quote followed by a double quote '" but never a double double quote "" unless I missed one.

    The HTML output is a single quote encapsulated string (so it can contain double quotes without them needing escaping). Since a single quote string is a literal string it must be 'stopped and started' in order to 'insert' variables. But better this way than having the entire string parsed for variables and interpreted.

    PHP Code:
    $myvar "SOME EXTRA TEXT";
    echo 
    "some text and $myvar so that is it<br/>";//The variable is inserted
    echo 'some text and $myvar so that is it<br/>';//The variable is not inserted
    echo 'some text and '.$myvar.' so that is it<br/>';//The variable is inserted 
    So in this case:
    PHP Code:
    echo '...
    <form method="post" action="'
    .$_SERVER["PHP_SELF"].'">
    ...'

    It is a single quote encapsulated string, that is stopped, then the variable joined onto the end of it with the . then it is started again and the rest of the string joined onto the end of that. The double quotes (not any double double quotes)are actually part of the output, not the encapsulation.

    Inserting extra white space just so it reads easier:
    PHP Code:
    echo '...
    <form method="post" action=" ' 
    $_SERVER["PHP_SELF"] . ' ">
    ...'

    You could post your version of the code with your error 'corrections' if you like, I might be able to point out what you changed but perhaps didn't need too.

    Hope this helps.

    Cheers,
    Matty

    PS: No need to quote the entire previous message every time you reply.

  • #12
    New Coder
    Join Date
    Feb 2010
    Posts
    43
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Not sure if this is completely right... But I am also getting

    Parse error: syntax error, unexpected T_CASE in /home/sbdthru/public_html/repcp.php on line 86
    Code:

    PHP Code:
    <?php
    ob_start
    ();
    include(
    "config.php");
    switch(
    $_GET[x]){
    default:
    if (
    $logged[username] && $logged[level] == Admin){
    $get mysql_query("SELECT * FROM reps") or die(mysql_error());
    $gnum mysql_num_rows($get);
    if(
    $gnum == 0){
    $prev stripslashes(htmlspecialchars(trim($_POST['prev'],'$ '))); 
    $reason stripslashes(htmlspecialchars(trim($_POST['reason'],'$ ')));
    //We can only use them if they are valid numbers, so lets test 
    if(is_numeric($prev)) 
    //yep a number 
        
    $prev floatval($prev); 
    }
    else 
    //nah, bad input so zero it out 
        
    $prev 0.00
    }
    if(
    is_numeric($reason)) 
    //yep a number 
        
    $reason floatval($reason); 
    }
    else 
    //nah, bad input so zero it out 
        
    $reason 0.00
    }
    //the php math part 
    $dif round($reason $prev,2);
    echo 
    '<form method="post" action="'.$_SERVER["PHP_SELF"].'" >  
    <font type="verdana" size="2"><body link="white" alink="white" vlink="white"><b>Error</b>: There Are No Reports To Review";
    }else{
    echo "<font type="verdana" size="2"><body link="white" alink="white" vlink="white">There Are Currently $gnum Reports To Review<br>";
    while($ec = mysql_fetch_array($get)){
    echo "<table width="500" align="center">

    <tr>
    <td width="150" align="left" valign="top">
    <b><font type="verdana" size="2"><body link="black" alink="black" vlink="black"></b><br />
    &nbsp;<b>Reported By</b>:  $ec[reported_by]
    </td>
    </tr>

    <tr>
    <td width="200" colspan="2" align="center" valign="top">
    <b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Site</b>:  <font type="verdana" size="2"><body link="black" alink="black" vlink="black">$ec[name]
    </td>
    </tr>

    <tr>
    <td width="200" colspan="2" align="center" valign="top">
    <b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Username</b>:  <font type="verdana" size="2"><body link="black" alink="black" vlink="black">$ec[username]
    </td>
    </tr>

    <tr>
    <td width="200" colspan="2" align="center" valign="top">
    <b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Current Bankroll</b>:  <font type="verdana" size="2"><body link="black" alink="black" vlink="black">.htmlspecialchars($reason).
    </td>
    </tr>

    <tr>
    <td width="200" colspan="2" align="center" valign="top">
    <b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Previous Bankroll</b>:  <font type="verdana" size="2"><body link="black" alink="black" vlink="black">.htmlspecialchars($prev).
    </td>
    </tr>

    <tr>
    <td width="200" colspan="2" align="center" valign="top">
    <b><font type="verdana" size="2"><body link="black" alink="black" vlink="black">Bankroll Change</b>:  <font type="verdana" size="2"><body link="black" alink="black" vlink="black">.htmlspecialchars($dif).
    </td>
    </tr>
    <tr>

    <td width="200" colspan="2" align="center" valign="top">
    <font type="verdana" size="2"><body link="black" alink="black" vlink="black"><a href="repcp.php?x=delete&id=$ec[id]">Delete</a>
    </td>
    </tr>
    </table>
    <hr width="65%">'
    ;
    }
    }
    }
    break;
    case 
    'delete':
    if(
    $_GET[id]){
    mysql_query("DELETE FROM reps WHERE id = '$_GET[id]'") or die(mysql_error());
    echo 
    "<meta http-equiv=\"Refresh\" content=\"0; URL=repcp.php\"/>Report Deleted. Redirecting...";
    } else {
    echo 
    "<b>Error</b>: No Report Was Selected To Delete";
    }
    break;
    }
    ?>

  • #13
    Regular Coder
    Join Date
    Jul 2002
    Posts
    301
    Thanks
    7
    Thanked 2 Times in 2 Posts
    Try removing the extra } on line 85.

    Hope you don't use this approach on a production server. Just learning right?

    ouch
    mysql_query("DELETE FROM reps WHERE id = '$_GET[id]'") or die(mysql_error());

    Utterly, gigantic, huge "no no's" there (just at a glance).
    http://en.wikipedia.org/wiki/SQL_injection
    Last edited by MattyUK; 03-02-2010 at 12:55 PM. Reason: weeee, bye bye all records' OR 1 = 1; #

  • #14
    New Coder
    Join Date
    Feb 2010
    Posts
    43
    Thanks
    9
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by MattyUK View Post
    Try removing the extra } on line 85.

    Hope you don't use this approach on a production server. Just learning right?

    ouch
    mysql_query("DELETE FROM reps WHERE id = '$_GET[id]'") or die(mysql_error());

    Utterly, gigantic, huge "no no's" there (just at a glance).
    http://en.wikipedia.org/wiki/SQL_injection
    I will fix the security after I actually get it working. :P Any help with the file, besides the security...

  • #15
    Regular Coder
    Join Date
    Jul 2002
    Posts
    301
    Thanks
    7
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by SBDTHRU View Post
    :P Any help with the file, besides the security...
    Only what I've already posted in that same post. ;P I guess the security comment was a little distracting.

    Quote Originally Posted by MattyUK View Post
    Try removing the extra } on line 85.
    There may be other issues but that removed the parse error for me. I copied your code from the post into a file on my system then resolved the parse error with that one change.

    I'd suggest you consider using notepad++, indenting traditionally then using the fold feature to examine the segments. I think you may need to double check the "switch and cases" and "else's" but I stopped looking after finding the parse error cause.

    Best of luck.

    Matty

    PS: after another brief look:
    Still issues with strings. You''ll need to learn/look at the differences between "test" and 'text'
    Check out: http://php.net/manual/en/language.types.string.php
    As mentioned before I believe the $_GET[x] is bad whereas $_GET['x'] should work, or even $_GET["x"]. NOTE the quotes. This goes for any GET, POST, REQUEST, SERVER, etc variable.
    You are mixing GET and POST. They are very different. The form POSTS. Just pointing it out. It may be as you intended, I'm not sure.


    Scripting is very detail orientated. Gotta check it all.
    Last edited by MattyUK; 03-04-2010 at 02:33 AM. Reason: The PS segment.


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •