Thread: PHP/Javascript help!

Hi,

I'm not sure if I understand you correctly, but I've looked at the code and I don't see any problems off hand, it should calculate no problem.

Javascript is not needed.

Here's how it works:

1. A user submits the form
2. The form submits to itself (<form action=""></form>)
3. The page reloads
4. PHP checks to see if the form has been submitted (if (isset($_POST['submit'])) {...)
5. If the form has been submitted, some pretty standard vvalidation is done on the user input to check for errors
6. If there were no errors, the calculation is performed based on the values the user entered in the form along with some hardcoded factors
7. The results are saved to a database.

I don't see anything here for displaying the results. To display the results, you would have to echo the variables from the calculation (<?php echo $TotalWaterUsed; ?>) in the appropriate location in the source code.

Sorry for being so vague about the display but If I saw the full php source code I could pinpoint the problem for you.

By the way, there is a security concern in your source code. On your mysql query you are using addslashes on $_POST variables. This is a big no-no. You should be using mysql_real_escape_string(), its slightly more secure.

addslashes can be tricked by injecting the hexadecimal character 0xbf27, addslashes coverts this to 0xbf5c27 which is a legal muti byte character followed by a single quote... now I understand that this may be over your head, don't be worried, just replace "addslashes" with "mysql_real_escape_string" provided your database connection is open or persistent.

Thanks for your reply allstar. Like I said my knowledge of php is very limited so alot of what you said is over my head

You said all the code looks fine but where do I place this code? I am in the process of remaking the form from scratch which is the easy part. Then I need to work out how to calculate using the details above.

You said you would like to see the full php source code, where would I find this? Should it not be in the above code I was sent by client?

Thanks again for your help

Yeah, sorry for getting technical, but there will be others reading this post too so its nice to share the knowledge anyway!

Ok, I'll try to break it down.

1. Go to the url that contains the form in your browser
2. Copy the source code
3. Save it as whatever.php
4. Above your opening <html> tag insert the code you received via email within <?php and ?> tags.
5. there will be some variables available once the form is posted (like $TotalWaterSaved, $TotalKwattsSaved, $TotalCo2Saved etc... )
6. You will have to edit the source code of the file to echo your php variables (see the attached screenshot) the variable names are pretty self explanatory so you should be able to figure out where to echo them!
7. I presume you don't have a testing server so comment out the mysql_query line and upload the file to some obscure location on your web server (like http:// www. cleaning .ie /calculator-test.php)
8. Go to the url in your browser and test
9. Works now?!

Let us know how you get on.

Here's a nice little place to pickup the basics of php PHP Tutorial - Introduction

Cheers dude, your a legend. Ill give that a shot.

Just couple of things:

1. So I save whatever page Im putting the calculator on as a php file & the rest as .html?
   
2. Is the whole thing self contained then in that php file? ie I dont need an external php file to run the script?
   
3. I understand what you mean by echoing variables but how come when I look at the source code of the site (through the browser as I have no access to files) there is no php code or variables in it?

Sorry if im being thick!

thanks for the help

LOL!

I almost fell off my chair when I read that!

1. The whole thing has to be saved as a php file.
2. It's just one file, no external php scripts needed.
3. PHP is a server side scripting language. Your web server will read the php code and then parse it (covert and display) as html, but it will still have a .php extension

Sorry but that was funny! Why are you taking on php work if you don't know it!

I knew that, just double checking!

Hey, its all learning. I like a challenge.

Thanks for the help.

Well fair play, keep it up, thats how I started off too, just said what the hell and took a dive in the deep end.

Keep it up, you'll get there eventually.

Here's a nice series of articles to help you learn php

Also make sure to set up your own development server on your local machine using something like Xampp

Then you can test your php files on your local computer (open a browser and type http://localhost) without having to upload to a server everytime.

Cheers man, yeah im using MAMP (on a mac)

Just one more dumb question:

You said to comment out 'mysql_query'. Where do I find this? its not in the code they emailed.

Edit: sorry for being annoying but I did those steps & its showing up blank in the browser?

Thanks again man

Hi,

It was

$q="INSERT INTO calculator (email, location, rate, urinals) VALUES ('".addslashes($_POST['email'])."', '".addslashes($_POST['ccprices'])."', ".addslashes($ccprices).", ".addslashes($_POST['urinals']).")";

But now that I look at it, thats just building the query string. No need to comment it out.

Just pm or email me with the full source code, I'll tell you why its coming up blank