Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 6 of 6
  1. #1
    Senior Member rosland's Avatar
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    1,944
    Member #
    2096
    Don't know if this could be of interest, but I was struggling a bit with this myself, before I came up with workable solution.

    As there might be a more elegant solution to this, I post my own to get 'addons'.

    ---------

    Well, here's the problem:

    I'm part time administrating a small private network, where all of us commuters share the bills. As people pay money to a designated account, they can update their "payinfo" on a designated password protected web spot.

    Their updates are logged, but not marked as "confirmed" until I (the local whip) have confirmd their payment through other resources.

    As this is a loosely organized endevour, there are no big overhead software (ála banking) to keep track of different transactions. I wanted, as a service, to let each contributer check his own balance, and to submit new payments.

    As an administrator of the local network, I would like to have immediate access to new unconfirmed and confirmed payments, for statistical purposes, and to enable general access to that information within our group.

    To solve the problem, I've made two tables. One that keeps personal information (name, email, etc) and one that keeps track of payments.
    If I want to list the account balance or any individuals record, I can do that through som simple queries. The individuals have access to their own payments and balance, and the ability to update any new payment they make (though it will be listed as unconfirmed until I can get a confirmation from the bank).

    I made my "admin panel" so that I can list all types of different statistics regarding overall and individual pay. I have also a seperate dynamically generated table where all new unconfirmed payment entries are listed, with names and dates.

    I wanted to generate (through script) a table where the unconfirmed details where presented with a radio button in the end of each transaction. If the transaction was confirmed, then I would mark that transaction (or a number of transactions, lets say 5 out of fifteen) and press "submit". When pressing submit, I would immediately get the same page presented again, but now with the newly confirmed transactions moved up to the "confirmed" section, and the still unconfirmed left alone in the "unconfirmed" section.

    I managed to solve this, and it works great (the whole script resides on one page). The big problem was the processing of the POST data, as there are many unknowns.
    When I generate the "unconfirmed" table, there can be between 0 and endless rows.
    As the script draws the table, everything is encapsulated in a form, and each row is given a unique identifier for the radiobutton I select to click (to confirm a payment).
    When I press submit, a lot of POST data is sent back to the script. As I don't know beforehand which rows I can confirm as paid, the variable names for the rows I've marked are unknown.

    So how do I go about extracting the unknown variables?
    Here's how:

    when I generate the tables (based on a handful of queries) I include an iterator in the "while" loop that adds a number to each "<input type>" radio button. As you all know, a variable name can't start with a number, so I add a prefix to it. In this case a single letter:
    PHP Code:
    <td><input name='B".$count."' value='".$row[0]."' type=\"radio\" value=\"radiobutton\"></td> 
    Notice the "B.$count". This will be the variable name of that form line.

    If I have 10 rows in the produced table, then the $count variable will hold the line count for the particular row in that table, while the value will be the specific (ID-)number from that particular unconfirmed payment in the payments table. That means that the produced HTML might contain input field names like:

    B1=23
    B2=25
    B3=17
    B4=37
    etc

    If I mark off B1 and B4, then I have to make a script that checks for B1 through lets say B200, to see if any of them hold values.
    I'm not interested in any variable names other than B1 and B4 in this example, so I have to make a script that checks and dumps all variable names that are empty.

    The ONLY way to achieve this (to my knowledge) is through utilizing variable-variables.

    For those of you unfamiliar with the concept, it goes like this:
    PHP Code:
    $var="this is the original variable"//Variable 'var' is set with a value
    $hey="var"//a new variable 'hey' holds the name 'var'

    $a=${$hey}; //the variable 'a' is given the value of the variablename contained within the value of 'hey'

    echo $a// will output 'this is the original variable' 
    In short, I know what the variablenames will look like in my POST data, but I don't kow what they will be called. Since I can't make a statement like:

    if($_POST['B23']) {...} as I don't know if that POST variable exist. I can't hardcode it anyway, as it's dynamic.

    if($_POST['${$B.$i}']){set...} works dynamically, but is illegal.

    I have to convert all received POST data to variables.

    The easiest way to do this, is by using the PHP buildt-in-function import_request_variables("P");

    This will convert all "request,post,cookie" variables into a global scope. You specify what type of data you're looking for. In the above example I use "P", which is short for POST data. You can also add an optional prefix for your vaiables.

    EX:
    $_POST['money']

    You could rename that automatically to $pay_money by writing this:
    import_request_variables("P", "pay_" );
    Then the original POST variable name would be globally available as $pay_money!

    You need to have the variables available as globals before you can pull any variable-variable stunts on them.

    Here's the processing script:
    PHP Code:
    if($_POST['Submit'])//if you ticked off radiobuttons and pressed submit
    {
        
    import_request_variables("P"); // globalize all POST data
        
    for($j=1$j<100$j++) // make a random number iterate that covers all likely updates
        
    {
            
    $var="B".$j;    //known variable name variant
            
    $a[$j]=${$var}; //Array holding potential value
            
    if($a[$j]) {$b++; $c[$b]=$a[$j];} else {continue;} //test to see if constructed variable holds a value or not
        
    }
        for(
    $i=1$i<=$b$i++) //$b is the number of valid variables
        
    {
            
    $sql "UPDATE payment SET confirmed='Y' WHERE id=".$c[$i];
            
    mysql_query($sql) or die("Error no ".mysql_errno()."<br> Error: ".mysql_error());
        } 



    And lo and behold, it works sweetly!
    S. Rosland

  2.  

  3. #2
    Senior Member
    Join Date
    Aug 2003
    Posts
    444
    Member #
    2801
    I had an identical problem and solved it in a more dynamic way:

    1. Tag all potential inputs with a prefix (like you did) but using a more unique key (more than just a single letter). In the case of the code below, my tag is 'eon'. Note that the variable names (i.e., field form names) are important, so in eon1234, the 1234 bit is important to me and that's what I want to process. In your case, it could be a transaction ID.

    2. Iterate through the $_POST (in my case $_GET, but same thing...) and look for all values that begin with your tag.

    3. Done

    Here is my code:

    PHP Code:
           foreach ($_GET as $g=>$v){
        if(
    strpos($g"eon") === 0){
                    
    // that's one, add it to an array or do something to it.
            
    }
        } 
    This gets around the problem if hard-coding any numbers in loops or anything like that.

    Also note, that you should check the ID you get back using this method! This is a very easy method to hack, so have server side checks that make sure everything is legit. In my case, the 1234 bit is checked many times before it is even added to the array of things to process.

    Hope this helps.
    eKstreme
    eKstreme.com - Free website tools!
    fontfox - free fonts Hand-picked quality fonts.

  4. #3
    Senior Member visualAd's Avatar
    Join Date
    Jan 2003
    Location
    Slough, UK
    Posts
    201
    Member #
    434
    A variable name cannot start with a number. But an array index can and POST variables are loaded into the array $_POST and their indexes are that of the name field so it is perfectly OK to user a number as the variable name.

    In my opinion you need to rethink the problem. Does this table just contain the the radio button or does it contain of <input> fields?

    I would recommend you use an array to do it. Give the radio buttons the names "to_be_confirmed[]" and give it the value of the record id:
    PHP Code:
    <td><input name="to_be_confirmed[]" value="<?php echo($row[0]) ?>" type="radio"></td>
    When you press the submit button the array $_POST['to_be_confirmed'] will contain only the ID / ID's (you could use chackboxexs too - to confirm multiple records ) of the rows you need to confirm and you just need to loop through that.

  5. #4
    Senior Member rosland's Avatar
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    1,944
    Member #
    2096
    Thanks for your inputs guys.

    I'll have a look at it later

    The page in question, is in a password protected folder, and is additionally session protected to me only.
    The only input on the page are the radiobuttons (no input fields), wouldn't matter though, as only I can access the page.
    S. Rosland

  6. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    444
    Member #
    2801
    I forgot to mention that I use checkboxes too. visualAd's post reminded me
    eKstreme
    eKstreme.com - Free website tools!
    fontfox - free fonts Hand-picked quality fonts.

  7. #6
    Senior Member rosland's Avatar
    Join Date
    Jul 2003
    Location
    Norway
    Posts
    1,944
    Member #
    2096
    Quote Originally Posted by visualAd
    ...you could use chackboxexs too - to confirm multiple records ) of the rows you need to confirm and you just need to loop through that.
    Checkboxes or radiobuttons, doesn't really matter!
    If you give each radiobutton a different name (as in my example), it works the same way. It will just be a layout issue.
    I can obviously select multiple radio buttons within that group, and submit a series of checked radiobuttons in one go. That's why I have to iterate through a series of potential names, to weed out the empty ones.

    However, your array model was new to me. I hadn't considered that all POST values are actually stored in one array! If I had realized that, I could have approached the problem differently!

    The immediate problem was that when I used an array name like "to_be_confirmed", all the radiobuttons were given the same name, and hence I could only select one of them at a time, which gave me a useless script when building on the same code.

    The point was to be able to tick off 5 to 10 records that I had confirmed, and update them in one go (as my script did).

    However, I tried your array suggestion, and it works excellently! (I really appreciate that. It didn't occur to me at the time of writing :classic

    I will rewrite my script to use the POST array instead. It will make it far less verbose, and I can skip the empty value check (which is taking up a few lines in my code).
    (Obviously I will have to use checkboxes with the array model )

    Thanks for your suggestions! (likewise to you eKstreme!)
    ________________


    Note:
    I know that security and injections are a big issue. In this case they're not. This is NOT a transactional database, it's an inhouse project with a few trusted collegues in a confined usergroup. The tables themselves does not hold any real values, nor do they pretend to be any sort of real backup for the actual transactions taking place.
    It is made "for fun" to enable our 'members' to have a quick look at their own money transfer status.

    The 'trusted' users can do nothing beyond submitting numerical data in their own name. The values entered (in the user interface) gives them only the alternative of selecting their own name from a drop down list, and writing a number in a text field.
    The text field is then properly escaped and checked against a "is_numeric()" line. If it contains anything beyond numbers, they're given a textual warning that the field must only contain numbers.

    The resulting database will then auto timestamp their input, and store the supplied value.
    When I log into the admin end of it, I can list all entries (including proposterous entries), and check the numbers and dates against my designated bank account-transcript, and confirm the REAL transactions.

    The result is that my fellow collegues can check their monthly payments and total sum, against another built-in statistical function.
    S. Rosland


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 10:52 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com