开发者

Check PHP coding is correct

开发者 https://www.devze.com 2022-12-11 10:48 出处:网络
can someone please check the PHP coding is correct for this script. It needs a fresh pair of eyes to check.

can someone please check the PHP coding is correct for this script. It needs a fresh pair of eyes to check.

Since this script is slightly older since I last worked on it, I can't remember what small change I made to fix it...

So what's wrong with it? The checkbox permissions aren't being saved at this moment - not sure why :(

if ($_POST) { 
$upd = mysqli_query($db, "UPDATE `tbl_user`  SET `username` = '".mysqli_real_escape_string($db,$_POST['username'])."', `userfullname` = '".mysqli_real_escape_string($db,$_POST['fullname'])."', `useremail` = '".mysqli_real_escape_string($db,$_POST['email'])."', `userlevel`= '".mysqli_real_escape_string($db,$_POST['userlevel'])."', `usertitle` = '".mysqli_real_escape_string($db,$_POST['title'])."' WHERE `userid` = '".mysqli_real_escape_string($db,$_GET['userid'])."'");
$insert = mysqli_query($db,"UPDATE `tbl_perms` SET
`1` ='" . mysqli_real_escape_string($db,$_POST['permsA_1']) . "',    
`2` ='" . mysqli_real_escape_string($db,$_POST['permsA_2']) . "',    
`3` ='" . mysqli_real_escape_string($db,$_POST['permsA_3']) . "',    
`4` ='" . mysqli_real_escape_string($db,$_POST['permsA_4']) . "',    
`5` ='" . mysqli_real_escape_string($db,$_POST['permsA_5']) . "', 
`6` ='" . mysqli_real_escape_string($db,$_POST['permsA_6']) . "',
`7` ='" . mysqli_real_escape_string($db,$_POST['permsA_7']) . "',
`8` ='" . mysqli_real_escape_string($db,$_POST['permsA_8']) . "',
`9` ='" . mysqli_real_escape_string($db,$_POST['permsA_9']) . "',
`10` ='" . mysqli_real_escape_string($db,$_POST['permsA_10']) . "',
`11` ='" . mysqli_real_escape_string($db,$_POST['permsA_11']) . "',
`12` ='" . mysqli_real_escape_string($db,$_POST['permsA_12']) . "',
`13` ='" . mysqli_real_escape_string($db,$_POST['permsA_13']) . "',
`14` ='" . mysqli_real_escape_string($db,$_POST['permsA_14']) . "',
`15` ='" . mysqli_real_escape_string($db,$_POST['permsA_15']) . "',
`16` ='" . mysqli_real_escape_string($db,$_POST['permsA_16']) . "',
`17` ='" . mysqli_real_escape_string($db,$_POST['permsA_17']) . "',
`18` ='" . mysqli_real_escape_string($db,$_POST['permsA_18']) . "',
`19` ='" . mysqli_real_escape_string($db,$_POST['permsA_19']) . "',
`20` ='" . mysqli_real_escape_string($db,$_POST['permsA_20']) . "',
`21` ='" . mysqli_real_escape_string($db,$_POST['permsA_21']) . "',
`22` ='" . mysqli_real_escape_string($db,$_POST['permsA_22']) . "'
WHERE `userid` = '$id' ")or die(mysqli_error($db));

$insert = mysqli_query($db,"UPDATE `tbl_usrdepts` SET
`1` ='" . mysqli_real_escape_string($db,$_POST['dept_1']) . "',    
`2` ='" . mysqli_real_escape_string($db,$_POST['dept_2']) . "',    
`3` ='" . mysqli_real_escape_string($db,$_POST['dept_3']) . "'    
WHERE `userid` = '$id' ")or die(mysqli_error($db));
$updated = "1";} 

if(!empty($_GET['userid'])) {       
 $sql = mysqli_query($db, "SELECT * from tbl_user WHERE userid = $id LIMIT 1");    
 if(mysqli_affected_rows($db) == 0) {        
   $noid = "1";    
 } else {        
   $current = mysqli_fetch_assoc($sql);        
   $currentperms  = mysqli_fetch_assoc(mysqli_query($db, "SELECT * from tbl_perms WHERE userid = $id"));
   $currentdepts  = mysqli_fetch_assoc(mysqli_query($db, "SELECT * from tbl_usrdepts WHERE userid = $id"));                        
  }} else {    
    $noidentered = "1";}
// Set Permissions
 $permissionid_select = mysqli_query($db,"SELECT * FROM `tbl_perms` WHERE `userid` = '$id'")or die(mysqli_error($db));
 $permissionid = mysqli_fetch_array($permissionid_select);
 $deptid_select = mysqli_query($db,"SELECT * FROM `tbl_usrdepts` WHERE `userid` = '$id'")or die(mysqli_error($db));
 $deptid = mysqli_fetch_array($deptid_select);
 $get_perms = mysqli_query($db,"SELECT * FROM `perm_sets` WHERE `status` = '1' ORDER BY `id` ASC")or die(mysqli_error($db));

And now for the display code:

<tr valign="top">
<td class="alt2">Application Permissions</td>
<td class="alt2"><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr valign="top"><td>
<div id="ctrl_user[membergroupids]" class="smallfont">
<?
   while($i = mysqli_fetch_array($get_perms)){

$pname = $i[pname];
$id = $i[id];
?>
    <div>
<input type="checkbox" tabindex="1" name="permsA_<? echo $id;?>" value="1" <? if($permissionid[$id] == '1') {echo ' checked="checked" ';}?> /><?echo htmlspecialchars($pname);?></div>
<? } ?>     
</tr>
</table>
开发者_JAVA技巧<br />
</td>
</tr>

<tr valign="top">
<td class="alt1">User Departments</td>
<td class="alt1"><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr valign="top"><td><div id="ctrl_user[membergroupids]" class="smallfont">
<?
$get_depts = mysqli_query($db,"SELECT * FROM `tbl_depts` ORDER BY `id` ASC")or die(mysqli_error($db));
while($i = mysqli_fetch_array($get_depts)){

$dname = $i[name];
$id = $i[id];
?>      
    <div><input type="checkbox" tabindex="1" name="dept_<? echo $id ;?>" value="1" <? if($deptid[$id] == '1') {echo ' checked="checked" ';}?> /><?echo htmlspecialchars($dname);?></div>
<? } ?> 
 </tr>
</table>
<br />
</td>
</tr>

Thanks!


A couple standard debugging techniques and comments:

  • comment out presentational code. It just obscures things.
  • print_r($var) immediately after each $var that isn't behaving. Start at the immediate problem and backtrack from there.
  • don't use php short tags (<?). They are deprecated.
  • echo out your SQL queries so you can see if they look the way you expect them to.

There is nothing immediately obvious in the giant pile of code you posted. Clean out the non-crucial stuff and you (and we) will more easily see what's going on.

0

精彩评论

暂无评论...
验证码 换一张
取 消