Dream.In.Code > Programming Help > PHP

Welcome to Dream.In.Code
	Getting PHP Help is Easy! Join 132,360 PHP Programmers for FREE! Get instant access to thousands of PHP experts, tutorials, code snippets, and more! There are 1,259 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a PHP Expert

need someone to take a look at my php script...

2 Pages

1 2 >

Reply to this topic

Start new topic

need someone to take a look at my php script...

hockey97	2 Oct, 2008 - 04:01 PM Post #1
New D.I.C Head Joined: 25 Sep, 2008 Posts: 35	HI, I applied to a company and took a test. I then was told I got rejected but they won't tell me why. the test was confusing. I had to in php make a html form with inputboxes that would input the persons first name , last name, and phone number. This is code one. they then asked for code part 2 to then display what was just inputted into the database here is the code: CODE <?php //Database Connection $msdb = mysql_connect("localhost", "root", ""); mysql_select_db("test", $msdb) or die(mysql_error()); /* GENERAL INFORMATION: Below is the current table structure for 'members': ===== ID: id (autoincrement) First Name Last Name Phone Number ===== PUT YOUR NAME HERE PLEASE:my name PART 1: ------- * Below, write the PHP code to insert a first name, last name, and phone number into the 'members' table. Use an HTML form to collect this information, then store it to the 'members' table. // / if (!isset($_POST["submit"])) { echo "<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/test.css\"/><form action=\"test.php\" method=\"POST\">"; echo "<table>"; echo "<tr>"; echo "<td id=\"first\" width=\"50%\">First Name:</td><td width=\"50%\"><input id=\"one\" name=\"firstname\" size=\"18\" type=\"text\" />"; echo "</tr>"; echo "<tr>"; echo "<td id=\"last\" width=\"50%\">Last Name:</td><td width=\"50%\"><input id=\"two\"name=\"lastname\" size=\"18\" type=\"text\" />"; echo "</tr>"; echo "<tr>"; echo "<td id=\"phone\"width=\"50%\">Phone Number:</td><td width=\"50%\"><input id=\"three\" name=\"phone_number\" size=\"18\" type=\"text\" />"; echo "</tr>"; echo "<tr>"; echo "<td colspan=\"2\"><input id=\"submit\" type=\"submit\" name=\"submit\" value=\"submit\"</td>"; echo "</tr>"; echo "</table>"; echo "</form><img id=\"output\" src=\"lightblue.jpg\">";} if(isset($_POST["submit"])){ $first_name=$_POST["firstname"]; $last_name=$_POST["lastname"]; $phone_number=$_POST["phone_number"]; $q = mysql_query("SELECT FROM members WHERE firstname ='$first_name' AND phone = '$phone_number'"); $r = mysql_num_rows($q); if($r==0){ $q2=mysql_query("INSERT INTO `members` (firstname,lastname,phone) VALUES ('$first_name','$last_name','$phone_number')");} /Part one that I made shows first a html fourm where you can input the first name and last name and phone number. Then once the person clicks the submit button it will then store that info into the mysql database.Also $q2 this would run only if the record dosen't exist in the database./ /* PART 2: ------- * Below, write the PHP code to retrieve the previously inserted record from the 'tests' table and display it in the browser./ $q3 = mysql_query("SELECT FROM `members` WHERE firstname ='$first_name' AND phone = '$phone_number'") or die (mysql_error()); $row = mysql_fetch_assoc($q3); $first_name2=$row["firstname"]; $last_name2=$row["lastname"]; $phone_number2=$row["phone"]; echo"<html><title>Output</title><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/test.css\"/></head><a id=\"first\">First Name: $first_name2</a><br> <a id=\"last\">Last Name: $last_name2</a><br> <a id=\"phone\">Phone Number: $phone_number2</a> <img id=\"output\"src=\"lightblue.jpg\"></html>";} /This code would print out to the screen with html. It would only show the record that was just inserted(meaning part 1 code)/ ?> I got confused on what field they are using in the members table. the file above is what they gave me I just added the codes except for the mysql connect I didn't do that they did. The file above say's the fields are First name, Last name, Phone Number. How ever they gave me an sql file which I will show below. This sql files shows that the field names are firstname, lastname, phone . I used the sql fields thinking this was correct. here is the file: SQL -- phpMyAdmin SQL Dump -- version 2.8.0.3 -- [url=http://www.phpmyadmin.net]http://www.phpmyadmin.net[/url] -- -- Host: localhost -- Generation Time: Jan 17, 2007 at 05:24 PM -- Server version: 4.0.26 -- PHP Version: 4.4.2 -- -- Database: `test` -- -- -------------------------------------------------------- -- -- Table structure for table `members` -- CREATE TABLE `members` ( `id` int(11) NOT NULL auto_increment, `firstname` varchar(50) default NULL, `lastname` varchar(50) default NULL, `phone` varchar(50) default NULL, PRIMARY KEY (`id`), UNIQUE KEY `id` (`id`), UNIQUE KEY `firstname_2` (`firstname`), UNIQUE KEY `lastname` (`lastname`), KEY `firstname` (`firstname`) ) TYPE=MyISAM AUTO_INCREMENT=14 ; -- -- Dumping data for table `members` -- INSERT INTO `members` (`id`, `firstname`, `lastname`, `phone`) VALUES (3, 'moo', 'moo', 'moo'), (4, 'mooo', 'moooo', 'moooo'), (5, 'jjj', 'jjj', 'jjj'), (6, 'hh', 'h', 'hhh'), (7, 'ggg', 'gg', 'gggg'), (8, '', '', ''), (9, 'uity', 'uityuit', 'iuty'), (10, 'hhh', 'hh', 'hhh'), (11, 'll', 'll', 'lll'), (12, 'jimmy', 'dickinson', '123234142'), (13, 'jjjj', 'jjjjjjjj', 'jjj'); Is there anything else that is wrong??? This post has been edited by hockey97: 2 Oct, 2008 - 04:10 PM
	This Post Was Helpful! ^New!


Register for Free to Make These Ads Go Away!

William_Wilson	2 Oct, 2008 - 04:19 PM Post #2
lost in compilation Joined: 23 Dec, 2005 Posts: 3,969 Thanked 15 times Dream Kudos: 3275 Expert In: Java, C, Javascript My Contributions	from what i see, you are not taking advantage of php's diverse usage. There is no reason to echo each line individually.. heck why echo it at all? you can switch out of php, write some html then go back into php as needed. They may not like the use of mysql, they would probably prefer mysqli. you can connect to a db in the same line you connect with username and password. You probably should have used an OO approach to the table, since you created a connection object. While of lesser importance they the style of putting } on the end of a code line is bad practice, it should be on a line by itself. you missed a field on your insert sql as well. lastly your insert code applies after displaying the information, so it would notice there are no records and add your insert, what if there are records? your info will not be inserted, and on top of that the new info will not be displayed. There should be a better way to insert it. pretty sure the proper sql statement should include the word values: "INSERT INTO `members` VALUES( If i have pointed out problems in code you did not write, feel free to point that out. I've yet to get a company to let me take a test or give me an interview. It's hard to prove I'm qualified when they never let you get that far. This post has been edited by William_Wilson**: 2 Oct, 2008 - 04:24 PM
	This Post Was Helpful! ^New!

hockey97	2 Oct, 2008 - 04:34 PM Post #3
New D.I.C Head Joined: 25 Sep, 2008 Posts: 35	well the mysql connection I didn't created the IT admin at the company gave this. $msdb = mysql_connect("localhost", "root", ""); mysql_select_db("test", $msdb) or die(mysql_error()); anything after part1 and part2 is the code I made. they gave me also that sql file which I didn't make they did it was to show the table code in sql. I don't understand what your saying about the : "lastly your insert code applies after displaying the information, so it would notice there are no records and add your insert, what if there are records? your info will not be inserted, and on top of that the new info will not be displayed./ My code checks if there is a row before it inserts the input of the user. If one is already in the database then it won't insert anything but still will display the info since it's already in the database. Whats the OO approach??? what is mysqli??? never heard of it. the test is about php and mysql. Ok looks like I know why they rejected me. I put test.php instead of index.php I forgot to change it. I made a test.php file to test the code on my mysql server. Are they really that picky on echo??? I know I can get out of ?> and back into php but I notice if you use headers to redirect the person you get a conflict with that way. This post has been edited by hockey97: 2 Oct, 2008 - 04:45 PM
	This Post Was Helpful! ^New!

CTphpnwb	2 Oct, 2008 - 04:47 PM Post #4
D.I.C Regular Joined: 8 Aug, 2008 Posts: 331 Thanked 19 times My Contributions	Here's a simpler approach: CODE <?php if(isset($_POST['submit'])) { $first_name=$_POST['firstname']; $last_name=$_POST['lastname']; $phone_number=$_POST['phone_number']; $q = mysql_query("SELECT * FROM members WHERE firstname ='$first_name' AND lastname = '$last_name' AND phone = '$phone_number'"); if (!mysql_fetch_assoc($q)) { mysql_query("INSERT INTO members (firstname,lastname,phone) VALUES ('$first_name','$last_name','$phone_number')"); } } ?> <form action="<?php echo $php_self ?>" method="post"> First Name: <input type="text" size= 15 name="firstname" value="<?php echo $_POST['firstname'] ?>" /> Last Name: <input type="text" size= 20 name="lastname" value="<?php echo $_POST['lastname'] ?>" /><br> Phone: <input type="text" size= 50 name="phone_number" value="<?php echo $_POST['phone_number'] ?>" /><br> <input type="submit" value="Submit" /> </form> I haven't tested it, so there's probably an error or two. The important thing is that it is more straight forward and readable, even if it has errors. Code needs to be changed from time to time, and if it's a headache reading it, making changes will be even worse. Oh, and I think the fact that you used an html table may have made them think that you didn't know the difference between an html table and a database table. That would really hurt you. This post has been edited by CTphpnwb: 2 Oct, 2008 - 04:52 PM
	This Post Was Helpful! ^New!

pr4y	2 Oct, 2008 - 05:29 PM Post #5
D.I.C Head Joined: 19 Sep, 2008 Posts: 62 Dream Kudos: 50 My Contributions	first thing I noticed is that the code is sloppy. If they are looking for a PHP coder, even if that code worked fine, its unorganized and not very efficient. for example, you use echo"<html here>"; over like 20 lines... any experienced PHP coder would close the PHP script with ?> and then include any HTML that needs be inserted. when you are using PHP to echo HTML and need to include variables in the HTML output... you should ALWAYS do so in the following format: php <a href="page.php?value=<?php echo $something ?>">URL</a> also, your post methods are a bit strange. most of the time unless you have specific reasons not to, there is some sort of a process.php that handles all the form inputs, so that there is no PHP actually necessary in the form script itself. just my 2 cents, as it looks like other people have explained quite a bit... i didn't bother reading as chances are they've already helped you... but like i said, this is just my 2 cents. This post has been edited by pr4y: 2 Oct, 2008 - 05:34 PM
	This Post Was Helpful! ^New!

William_Wilson	2 Oct, 2008 - 05:32 PM Post #6
lost in compilation Joined: 23 Dec, 2005 Posts: 3,969 Thanked 15 times Dream Kudos: 3275 Expert In: Java, C, Javascript My Contributions	A couple things i made comments on seem to be ok, I didn't sleep much last night, so I must have misread it. mysqli is an updated mysql interface for php, it's odd that they made you use mysql, but perhaps that was to make it more user friendly. OO stands for object oriented, but don't worry about it since they wrote that part for you. picky? As psycho has shown, it's about ease of understanding. His code is much easier to understand is just elegant as far as coders are concerned. You have to think when you write something that you may not be the person updating it at some point in the future, so it needs to be easily interpreted and as efficient as possible.. especially in a job test. Having to echo each line is a performance hit, although it isn't a big one, it still exists and could be the difference between 1000 happy customers and laggy experience under load.
	This Post Was Helpful! ^New!

hockey97	3 Oct, 2008 - 03:39 PM Post #7
New D.I.C Head Joined: 25 Sep, 2008 Posts: 35	Ok, I just started to bug the company for a reply. They gave me this " First, there were no security measures. This is the biggest reason, mostly because we don’t necessarily ask you to add those measure, however, the PHP manager wants programmers to know that security is very important and should always add those measures even if they’re not asked to. The second reason is because the code didn’t allow for duplicate measures. The last reason is that the code simply did not work. This is the reason why I was rejected. I still don't understand what they mean duplicate measures??? I does duplicate measures mean they wanted to have 2 or more of the same record? or to prevent it?? in my code I designed it to not allow to submit the same info the database has this would avoid a duplicate record.
	This Post Was Helpful! ^New!

William_Wilson	3 Oct, 2008 - 03:41 PM Post #8
lost in compilation Joined: 23 Dec, 2005 Posts: 3,969 Thanked 15 times Dream Kudos: 3275 Expert In: Java, C, Javascript My Contributions	security is big and I understand that. duplicates, they likely would have liked a notification if the entry already existed allowing the user to enter different information or an automatic addition to duplicates, not just preventing the addition. This post has been edited by William_Wilson: 3 Oct, 2008 - 03:44 PM
	This Post Was Helpful! ^New!

JackOfAllTrades	3 Oct, 2008 - 05:23 PM Post #9
D.I.C Addict Joined: 23 Aug, 2008 Posts: 502 Thanked 44 times Dream Kudos: 25 My Contributions	First thing I noticed it that the code is just waiting for a SQL injection attack, as you don't sanitize any of your inputs.
	This Post Was Helpful! ^New!

hockey97	3 Oct, 2008 - 05:47 PM Post #10
New D.I.C Head Joined: 25 Sep, 2008 Posts: 35	QUOTE(William_Wilson @ 3 Oct, 2008 - 04:41 PM) security is big and I understand that. duplicates, they likely would have liked a notification if the entry already existed allowing the user to enter different information or an automatic addition to duplicates, not just preventing the addition. So they want me to in some way Show the user that the information is already in the database and to ask the user to put in some other data? so it's not just about not allowing duplicated data in a database?? Thanks for the help. I am trying to get a job into this field so I need all the help I can get to become professional.
	This Post Was Helpful! ^New!

hockey97	6 Oct, 2008 - 11:48 AM Post #11
New D.I.C Head Joined: 25 Sep, 2008 Posts: 35	I still don't understand what they mean by code didn’t allow for duplicate measures. I want to know if this means like they didn't want me to just not add duplicate information into the database but to also alert the user that the information already exist in the database or add the data but make some way to note to separate the records of each other. I want to get this straight to help with getting a job in the future applied jobs I might go for. This one they already got the test and I was rejected. This was the first test I ever took and also first professional job I applied for . So I am new at what programmers are expected to show in a job interview.
	This Post Was Helpful! ^New!

hockey97	9 Oct, 2008 - 09:47 AM Post #12
New D.I.C Head Joined: 25 Sep, 2008 Posts: 35	Ok, I think I know what they are asking for. They want me to allow duplication in the mysql database. How can you do this?? what they wanted me to do is to allow the same information to be submitted. So I just took off the if statements and tried the code out and I still find that it won't make a new record that would hold the same information as other records. here is the code I have CODE $q = mysql_query("SELECT * FROM members WHERE firstname ='$first_name' AND phone = '$phone_number'"); $r = mysql_num_rows($q); $q2=mysql_query("INSERT INTO `members` (firstname,lastname,phone) VALUES ('$first_name','$last_name','$phone_number')");} if($r==1){echo"<html><head><link rel=\"stylesheet\" type=\"text/css\" href=\"/test.css\"/><a id=\"error\">You entered information that is already in the database. This created a duplicate record</a><a id=\"back\"href=\"test.php\">Click here to go back to form</a></html>";} This post has been edited by hockey97: 9 Oct, 2008 - 09:54 AM
	This Post Was Helpful! ^New!

2 Pages

1 2 >

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 11/22/08 04:56AM

Invision Power Board v2.1.7 © 2008 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Forum Index: Programming Help | C and C++ | Visual Basic | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | PHP Tutorials | Linux Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Live PHP Help!

PHP Tutorials

Reference Sheets

PHP Snippets

Bye Bye Ads

Free DIC T-Shirt

T-Shirt Example

Related Sites

Monthly Drawing

Partners

Top Contributors

Top 10 Kudos This Month