PDA

View Full Version : [SOLVED] problem in passing param to query



Czapla
4 Mar 2010, 5:29 AM
Here is my Edit button



text: 'Edit',
method: 'POST',
iconCls: 'accept',
handler: function() {
var selectedRecord = viewAssets.getSelectionModel().getSelected(); //let me get record for you
if (selectedRecord) {
assetsTab1.getForm().load({url:'patterns/logic/sql.php?action=get&srt_srtid='+ selectedRecord.get('srt_srtid')}); //pass params to query
assetsWindow.show();
}
else {return false}
}
},


Here is the saving button


buttons: [{
text: 'Save',
method: 'POST',
handler: function () {
assetsTab1.getForm().submit({

waitMsg: 'Zapisuje',
success: function () {
Ext.MessageBox.alert ('Info','Saved');
//but how pass a params from action=get to action=edit
assets_data.load({params:{start:0,limit:40}});
assetsWindow.hide();
assetsTab1.getForm().reset();
assets_data.reload();
},
failure: function () {
Ext.MessageBox.alert ('Info','Oops, an error has occurred.' );
}
});
}





if($_GET["action"] == "get") { // if action=get from Edit button

$srt_srtid = isset($_REQUEST['srt_srtid']) ? $_REQUEST['srt_srtid'] : 0; // checking what id was passed if NOT return record autoincrement

$query = "select * from srodki where srt_srtid = '".$srt_srtid."'";
$result = mysql_query($query);

$data = array();

while ($row=mysql_fetch_object($result)) {
$data [] = $row;
}

echo '({"results":'.json_encode($data).'})';
}
else if($_GET["action"]=="edit") { // action=edit [saving all data to to properly id] - ACCTUALY IS NOT!

$srt_srtid = isset($_REQUEST['srt_srtid']) ? $_REQUEST['srt_srtid'] : 0;

$query = "replace into srodki set srt_nazwa = '".$_POST["srt_nazwa"]."',srt_kod='".$_POST["srt_kod"]."', srt_nrinw='".$_POST["srt_nrinw"]."', srt_miejsceuzyt='".$_POST["srt_miejsceuzyt"]."', srt_dokobcy='".$_POST["srt_dokobcy"]."', srt_datauzyt='".$_POST["srt_datauzyt"]."', srt_datazak='".$_POST["srt_datazak"]."' WHERE srt_srtid = '".$srt_srtid."' " ;
$result = mysql_query($query);
}


How can i pass a param from action=get to action=edit?

steffenk
4 Mar 2010, 5:34 AM
you can't change action, it's the form action (GET/POST)

btw - your code is dangerous, SQL-injection is possible very easy.
Also you shouldn't build the json array manually sample:


echo json_encode(array(
'length' => count($data),
'results' => $data
));

Czapla
4 Mar 2010, 5:54 AM
:))
I made typo it should by

How can i pass a param from action=get to action=edit?
ye i know about SQL injection, im still on early developing phase

The form action is edit, action get only loading records from DB to my fields.

If i comment WHERE srt_srtid = '".$srt_srtid." in query
and i press save button [with edit action] it won't pass me id from get action, instead it will create new record in my grid.
It's normal behavior REPLACE clause. So i wanna do
if id = 0 - new record
if id > 0 - edit old record

i think i should change action edit to save it will be more understable

How can i fix it?

Zdeno
4 Mar 2010, 6:42 AM
Dont know what assets_data is but can you access it like:

assets_data.params.action = 'edit';
assets_data.params.action = 'get';

but i think you need to have action param set:

assets_data.load({params:{start:0,limit:40, action: 'get' }});

Just if you press button, check id and switch action param. But it is my mind only... i just changing content of treepanel this way.

Mike Robinson
4 Mar 2010, 7:41 AM
AJAX requests have "parameters," so all you need to do is to include them there. ExtJS will handle encoding them correctly.

Parameters appear in this way not only on Ajax.Request, but also with Stores. Stores have a "baseParams" property which is merged into every request, and specific "load()" calls et al have a parameters-hash also.

You don't need to monkey around with string concatenations. (Let ExtJS do it.)

fay
4 Mar 2010, 10:02 AM
There are a couple of problems with what you are doing:

Note 1. Editing.

(a) I'm not sure why your "method: 'POST'" is where it is.
(b) If you want to POST to your php, do not append the params to the url - use the params option!
(c) Add in success and failure handlers for expected/unexpected results.
(d) Do not try this until you've fixed up your PHP - see Note 2 below.


// ...
text: 'Edit',
// method: 'POST', //NOTE: Remove this. It serves no purpose here.
iconCls: 'accept',
handler: function()
{
var selectedRecord = viewAssets.getSelectionModel().getSelected();
if (selectedRecord)
{
assetsTab1.getForm().load({
url:'patterns/logic/sql.php',
method: 'POST',
params: {action: 'get', srt_srtid: selectedRecord.get('srt_srtid')},
success: function(form, action)
{
if (action.result.success == true)
{
assetsWindow.show();
}
else
{
// Add in your own error message here.
}
},
failure: function(form, action)
{
// Add in your own error message here.
}
});
}
else
{
return false;
}
}
},
// ...


Note 2. SQL.PHP

(a) You are using the $_GET function instead of $_POST
(b) The JSON in your $result variable is not properly formatted for loading into a form.


<?php
$srt_srtid = isset($_REQUEST['srt_srtid']) ? $_REQUEST['srt_srtid'] : 0;
$result = '({success: false, msg: "Record '.$srt_srtid.' not found."})';

if($_POST["action"] == "get")
{
// Add in your logic here for retrieving the data associated with $srt_srtid

$tmpData = json_encode($data);
$tmpData = substr($tmpData, 1, strlen($tmpData) - 2); // strip the [ and ]
$tmpData = str_replace("\\/","/",'{success:true,data:'.$tmpData.'}'); // unescape the slashes

$result = $tmpData;
}

echo $result;
?>

FYI: The tmpData stuff from above is from here (http://www.extjs.com/forum/showthread.php?t=20172).


Note 3. Saving

(a) Again, your "method: 'POST'" is in the wrong place.
(b) Use the params option to pass in the "action" and "srt_srtid" values.
(c) Do not try this until you've fixed up your PHP - see Note 4 below.


handler: function () {
assetsTab1.getForm().submit({
url:'patterns/logic/sql.php',
params: {action: 'edit', srt_srtid: however_you_are_getting_srtid_here},
waitMsg: 'Zapisuje',
success: function ()
{
// ...
},
failure: function ()
{
// ...
}
});

Note 4. SQL.PHP:

(a) Use $_POST not $_GET


else if($_POST["action"]=="edit")

Czapla
5 Mar 2010, 7:57 AM
after fays modification and changed GET to POST i'm getting error
It's on the lines where i changed $_GET to $_POST


<br />
<b>Notice</b>: Undefined variable: action in <b>C:\wamp\www\srodki\patterns\logic\sql.php</b> on line <b>5</b><br />
<br />
<b>Notice</b>: Undefined variable: action in <b>C:\wamp\www\srodki\patterns\logic\sql.php</b> on line <b>19</b><br />
<br />
<b>Notice</b>: Undefined variable: action in <b>C:\wamp\www\srodki\patterns\logic\sql.php</b> on line <b>23</b><br />

problem caused by params... im so confused...

V
NULL

Zdeno
5 Mar 2010, 8:00 AM
What does var_dump($_POST) say?

fay
5 Mar 2010, 8:14 AM
Post your updated sql.php

Czapla
5 Mar 2010, 8:18 AM
if($_POST["action"]=="get") {
//if($_GET["action"]=="get") {

$srt_srtid = isset($_REQUEST['srt_srtid']) ? $_REQUEST['srt_srtid'] : 0;

$query = "select * from srodki where srt_srtid = '".$srt_srtid."'";
$result = mysql_query($query);

$data = array();

while ($row=mysql_fetch_object($result)) {
$data [] = $row;

$tmpData = json_encode($data);
$tmpData = substr($tmpData, 1, strlen($tmpData) - 2); // strip the [ and ]
$tmpData = str_replace("\\/","/",'{success:true,data:'.$tmpData.'}'); // unescape the slashes

$result = $tmpData;
}
echo $result;
}
else if($_POST["action"]=="edit") {
//else if($_GET["action"]=="edit") {

//$srt_srtid = isset($_REQUEST['srt_srtid']) ? $_REQUEST['srt_srtid'] : 0;

$query = "replace into srodki set srt_nazwa = '".$_POST["srt_nazwa"]."',srt_kod='".$_POST["srt_kod"]."', srt_nrinw='".$_POST["srt_nrinw"]."', srt_miejsceuzyt='".$_POST["srt_miejsceuzyt"]."', srt_dokobcy='".$_POST["srt_dokobcy"]."', srt_datauzyt='".$_POST["srt_datauzyt"]."', srt_datazak='".$_POST["srt_datazak"]."' " ;
$result = mysql_query($query);
}

fay
5 Mar 2010, 8:24 AM
Take two minutes and actually read your code...


$result = $tmpData;
}
echo $result;
}
else if($_POST["action"]=="edit") {

What is this? What do you think happens here? Did you just cut and paste my notes!?!

Zdeno
5 Mar 2010, 8:29 AM
Btw clear your input values first



switch ( strtolower( $_SERVER['REQUEST_METHOD'] ) ):
case 'get':
if ( array_key_exists( 'action', $_GET ) )
$action = $_GET['action'];
else
$action = '';
break;
case 'post':
if ( array_key_exists( 'action', $_POST ) )
$action = $_POST['action'];
else
$action = '';
break;
default:
echo '{ "success": false, "message" : "Sth is wrong" }';
die();
endswitch;

if ( !$action )
{
echo '{ "success": false, "message" : "Action is empty" }';
die();
}

if ( !in_array( $action, array( 'edit', 'get' ) ) )
{
echo '{ "success": false, "message" : "Action is must be edit or get" }';
die();
}

/**
* Here use whatever you want
**/

if ( $action == 'get' )
{
do_sth();
}
else
{
do_nothing();
}

fay
5 Mar 2010, 8:38 AM
I know next to nothing about php (http://www.w3schools.com/php/default.asp), but the following is valid.


<?php
$srt_srtid = isset($_REQUEST['srt_srtid']) ? $_REQUEST['srt_srtid'] : 0;
$result = '({success: false, msg: "Record '.$srt_srtid.' not found."})';

if($_POST["action"] == "get")
{
// do your "get" action

$tmpData = json_encode($data);
$tmpData = substr($tmpData, 1, strlen($tmpData) - 2); // strip the [ and ]
$tmpData = str_replace("\\/","/",'{success:true,data:'.$tmpData.'}'); // unescape the slashes

$result = $tmpData;
}
elseif ($_POST["action"] == "edit")
{
// do your "edit" action
}

echo $result;
?>


EDIT: I just spotted @Zdeno's reply which will allow your code to work with both GET and POST - that's much better.

Zdeno
5 Mar 2010, 9:07 AM
There is nothing wrong but the php dont know key 'action '. Thats why you see Notices. Btw json_encode output is json without "[,]" and with esaped slashes...



echo json_encode(array( 'success' => false, 'message' => 'zdeno\'s text of message' ));


Ouput


{"success" : false, "message" : "zdeno's text of message"}

Czapla
5 Mar 2010, 9:08 AM
Ye thats the point, even with fay's snippet how to configure params, still dosn't work...

btw.



$tmpData = json_encode($data);

$tmpData = substr($tmpData, 1, strlen($tmpData) - 2); // strip the [ and ]

$tmpData = str_replace("\\/","/",'{success:true,data:'.$tmpData.'}'); // unescape the slashes


Why should i convert the json array using conditional expressions, what actually it give me?
It is working without it or maybe its worked coz i used $_GET array and i parsed all params in url :), and $_POST need an another format?...

Zdeno
5 Mar 2010, 9:12 AM
Think you can change code to:



...
$dataFromDb // prolly array

$outputData = array();
$outputData['success'] = true;
$outputData['data'] = $dataFromDb;

echo json_encode( $outputData );
...

Czapla
6 Mar 2010, 5:14 AM
SOLVED - params work editing adding works

ty for yout help and patience, especially fay :)

CASE CLOSED

fay
6 Mar 2010, 9:43 AM
I'm glad my 1000th post is a "you're welcome" :)

Stick with it Czapla, it does get easier... I swear!