www.webdeveloper.com
Page 2 of 2 FirstFirst 12
Results 16 to 29 of 29

Thread: Can't use function return value in write context

  1. #16
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    This could be part of the problem:
    PHP Code:
    function cleanup_input ($value ""$presrve ""$allowed_tags "")

        {
        
        Global 
    $continue;
            
        if(empty(
    $preserve))
            {
            
    $value strip_tags($value$allowed_tags);
            }
        
    $value htmlspecialchars($value);
        return 
    $value;
        } 
    You've got 2 spellings for "$preserve".

    EDIT: Why are you using "global $continue". It's not being bused for anything in this function.

  2. #17
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Change to:
    PHP Code:
    function cleanup_input ($value=""$preserve=""$allowed_tags="") {
      if(
    $preserve == "") {
        
    $value strip_tags($value$allowed_tags);
      }
      return 
    htmlspecialchars($value);


  3. #18
    Join Date
    Jul 2006
    Posts
    249
    Quote Originally Posted by NightShift58
    Why are you using "global $continue". It's not being bused for anything in this function.
    You know, just in case.... Honestly, I don't know why that's there, considering a $continue variable isn't used in the entire site....



    I've modified the cleanup_input function as sugguested but still get an error:


    PHP Code:
    I've Failed You For The Last Time:
    # Script Name: /RVM/registration/register2.php
    # Include File: /home/rahl/public_html/RVM/include/functions.php
    # errorno=1064
    # error=You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '
    1' at line 1
    # query= 1

    Array
    (
        [0] => Array
            (
                [file] => /home/rahl/public_html/RVM/include/functions.php
                [line] => 217
                [function] => safe_query
                [args] => Array
                    (
                        [0] => 1
                    )

            )

        [1] => Array
            (
                [file] => /home/rahl/public_html/RVM/registration/register2.php
                [line] => 29
                [function] => form_validator_names
                [args] => Array
                    (
                        [0] => Dr.
                        [1] => Lastname
                        [2] => Nick
                        [3] => 23456
                    )

            )


    Last edited by lightnb; 02-26-2007 at 01:34 PM.

  4. #19
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Try this:
    PHP Code:
    function safe_query ($query="") {
      echo 
    "<hr>$query<hr>";
      
    $result FALSE;
      if (!empty(
    $query)) {
        
    $result = @mysql_query($query);
        if (!
    $result) {
          echo 
    "I've Failed You:<br>";
          echo 
    "<li>Script Name: " $_SERVER['PHP_SELF'];
          echo 
    "<li>Include File: " __FILE__;
          echo 
    "<li>errorno=" mysql_errno();
          echo 
    "<li>error="   mysql_error();
          echo 
    "<li>query= "  $query;
          echo 
    "<pre>";
          
    print_r(debug_backtrace());
          echo 
    "</pre>";
          exit;
        }
      }
      return 
    $result;


  5. #20
    Join Date
    Jul 2006
    Posts
    249
    Code:
    1
    is the contents of the query it lists at the top of the screen.

    Somehow it's getting a value of 1 from somewhere.

  6. #21
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Where else besides form_validator() is safe_query being used?

  7. #22
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    PHP Code:
    <?php

    echo true// 1

    ?>
    My guess is the query is being converted to a boolean by something in the chain.

  8. #23
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    Quote Originally Posted by lightnb
    Code:
    	if(empty($error))
    		{
    		$query = mysql_query("UPDATE Users SET title='$title',last_name='$l_name',first_name='$f_name',zip='$zip' WHERE handle='$user_name'") 
    		or die(mysql_error());  
    		
    		safe_query($query);
    I don't understand what is going on here. Anyway I was right about a boolean. It is an UPDATE query and mysql_query is returning true. Then for some reason you are running that boolean as if it were another query. Also what is the point having that function if you never use the return value for anything.

  9. #24
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Yes, that's what's happening but it's not clear to me where- based on the posted snippets.

  10. #25
    Join Date
    Dec 2006
    Location
    Escaz˙ (Costa Rica) and Mallorca (Spain)
    Posts
    3,234
    Quote Originally Posted by bokeh
    I don't understand what is going on here. Anyway I was right about a boolean. It is an UPDATE ...
    Where did you find this snippet?

    EDIT: Found it... Didn't see it before... Should be:
    PHP Code:
    if(empty($error)) {
            
    $query "UPDATE Users SET title='$title',last_name='$l_name',first_name='$f_name',zip='$zip' WHERE handle='$user_name'";
            
    $result safe_query($query); 
    EDIT: Based on Bokeh's observation...
    Last edited by NightShift58; 02-26-2007 at 04:12 PM.

  11. #26
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    Quote Originally Posted by NightShift58
    PHP Code:
    safe_query($query); 
    Yeah, but you also need to pick up the return value and do something with it.

  12. #27
    Join Date
    Jul 2006
    Posts
    249

    Smile

    Thanks guys! That fixed the query problem. It now reads:

    PHP Code:
    UPDATE Users SET title='Ms.',last_name='dsfad',first_name='dfasf',zip='23456' WHERE handle='' 
    It doesn't seem to be passing the user name from page one correctly though.

    When I type the user name in registration1.php and it fowards to the next page, it shows up in the header as "....php?user_name=doofus", and I can get it using HTTP_GET_VARS[] and display it back to the user, (as in "Thank you, Doofus for completing page one!") but once the submit button is pressed on the second page, it seems to 'forget' the username. Maybe it needs to be put into a hidden form field?


    Also, I'm wondering if there's not a more secure way to do this (even if it's a bit more complex). My fear is that a malicious user could change the "?user_name=john" line, and use the second registration page to change people's information. (since the record is modified based on the posted username)

    How else would it work? Session variables or cookies?

    Thanks again for everything,

    Nick
    Last edited by lightnb; 02-26-2007 at 10:07 PM.

  13. #28
    Join Date
    Jan 2005
    Location
    Alicante (Spain)
    Posts
    7,742
    This is probably happening because your form uses the POST method.

  14. #29
    Join Date
    Jul 2006
    Posts
    249
    I've switched to session variables to handle all of the passing of information from one page to another, and I have *most* everything working.

    I'm having trouble with my email confirmation page now, and I can't figure out why. It changes the database corectly, but it isn't printing the error or confirmation method.

    I've been working on it for a couple hours now and I can get the message to print under the table, but not inside it!


    This is the confirmation page:

    PHP Code:
    <?PHP
    session_start
    ( );
    $location_ID ="RVM Email Confirmation"// Set the location variable 

    // Include the registration forms functions page
    Require('../registration/registration_forms.php');

    // Include Database connection information 
    Require('../include/SQL_connect.php');

    // Include the shared registration functions
    Require('../include/functions.php');


    // get the confirmation code
    $code $HTTP_GET_VARS["confirmation_code"];

    check_confirmation_code($code);

    //$_SESSION["return_message"] = check_confirmation_code($code);



    ?>
    and this is the function that goes with it:

    PHP Code:
    function check_confirmation_code($code)
        {
        
    $query "SELECT * FROM Users WHERE confirmation_code = '$code'";
        
    $result safe_query($query);
        if (
    mysql_num_rows($result) > 1)
            {
            
    $return_message "AAAAAAAAHHHHHHHHHHHHHH!!!!!!!!!!!!!!!!!!!!!!!<br/> Something has gone teribly wrong. Please email technical support,
            or <a href='../registration/dc_request.php' class='inline_link'>request a new confirmation code here</a>."
    ;
            
            
    // draw the page
            
    registration_email_confirmation();    
            
            }
            elseif (
    mysql_num_rows($result) < 1)
            {
            
    $return_message "I'm sorry, but the confirmation code you have entered isn't valid.<br/>Please be sure you are using the
            code provided in your confirmation email, and that you are doing so within 24 hours of receiving it.
            If you need to, you may <a href='../registration/dc_request.php' class='inline_link'>request a new confirmation code here</a>."
    ;
        
            
    // draw the page
            
    registration_email_confirmation();    
            
            }
            elseif (
    mysql_num_rows($result) == 1)
            {
            
            
    $row mysql_fetch_array$result );
                    
            
    session_register("l_name");
            
    $_SESSION["l_name"] = $row['last_name'];
            
            
    session_register("title");
            
    $_SESSION["title"] = $row['title'];
            
            
    session_register("user_name");
            
    $_SESSION["user_name"] = $row['handle'];
            
                    
    session_register("email");
            
    $_SESSION["email"] = $row['email'];
            
            
    session_register("confirmation_code");
            
    $_SESSION["confirmation_code"] = $row['confirmation_code'];
            
            
    $return_message "Thank you, ".$_SESSION["title"]."&nbsp;".$_SESSION["l_name"].".<br/><br/><br/>
            You are now registered under the username: "
    .$_SESSION["user_name"]." Using the email address: ".$_SESSION["email"]."
            <br/><br/> From here, you can <a href='../interface/user_home.php' class='inline_link'>go to your homepage</a>.... more options when I acctually code somewhere to go."
    ;
            
            
    $query "UPDATE Users SET confirmation_code='0',confirmed='1' WHERE confirmation_code='".$_SESSION["confirmation_code"]."'";
            
    $result safe_query($query);
            
            
    // draw the page
            
    registration_email_confirmation();
            
            }
        
        } 

    and this is the function that prints the HTML, and *should* be printing out the $return_message variable inside of it:



    PHP Code:
    function registration_email_confirmation()
        {
        
        
    // Include the header information

        
    global $return_message;

        Require(
    '../include/header.php');
        
        echo 
    "
        
    <table align='center' background='http://www.rahlentertainment.com/RVM/Images/registration/register_generic.jpg' border='0' width='778px' height='379px'>

    <! ROW ONE >

        <tr height='75px'>
            <td>
            
            </td>
        </tr>
        
    <! ROW TWO >

        <tr height='35px'>
            <td>
            <Table border='0'>
                <tr>
                    <td width='240px'>
                    
                    </td>
                    <td width='450px' align='left'>
                    </td>
                    <td>
                    </td>
                </tr>
            </table>
            </td>
        </tr>

    <!ROW THREE>
        <tr height='120px' valign='top'>
            <td>
                <table width='522px' align='right'>
                    <tr>
                        <td>
                        <div class='form_instructions'>
                        "
    .$return_message."
                        </div>
                        </td>
                    </tr>
                </table>
            </td>
        </tr>

    <! ROW FOUR >

        <tr height='89'>
            <td>
            
            </td>
        </tr>
        
    <! ROW FIVE >

        <tr>
            <td>
            <table border='0'>
                <tr>
                    <td width='131'>
                    
                    </td>
                    <td>
                    <a href='#' class='small_text_links'>Terms of Use</a>
                    </td>
                    <td width='346px'>
                    </td>
                    <td>
                    <a href='#' class='small_text_links'>Privacy Policy</a>
                    </td>
                </tr>
            </table>
            </td>
        </tr>
    </table>
        "
    ;
        
        } 
    Last edited by lightnb; 02-27-2007 at 09:58 AM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles