Bug causing mysql errors - cause detected

[ktmtalk]

Quote:

Originally Posted by ktmtalk

$shipping = str_replace("\", "", $shipping);

<?
$price = str_replace("\", "", $price);
?>

PHP Parse error: parse error in C:\inetpub\wwwroot\forum\pp_classifieds\test.php on line 2

[Chuck S]

Code:

Content visible to verified customers only.

Feel free to use just stripslash lines if you wish I am backing out the lines I suggested because it doesnt like trying to remove a slash that way. Stripslashes will work but this whole discussion is because someone is trying to not enter a numeric price in there.

[ktmtalk]

Quote:

Originally Posted by Chuck S

Code:

Content visible to verified customers only.

Feel free to use just stripslash lines if you wish I am backing out the lines I suggested because it doesnt like trying to remove a slash that way.

yep... that \ escapes the next character which in our case, is the double quote... leaving an open string.

Quote:

Stripslashes will work but this whole discussion is because someone is trying to not enter a numeric price in there.

yep... and it's gonna happen. The real problem is that non-numeric ($,) turns his price into a zero, which in turn, sets it to Best Offer.... and then the emails to me start.

[Chuck S]

No thats just not the case my friend. The code works as it is written. Maybe lets go back and explain this so there is no misunderstanding here. It numbers only. Inputting a dollar sign say $75.00 for price $10.00 for shipping works fine.

This is a brand new test site non public just to show you it works fine

Test Title - PhotoPost Classifieds

Looking back on this discussion the only thing I see is you said someone is trying to enter something other than a numeric price. Inputting a $ sign doesnt interfere with anything. The str_replace to remove $ is there for that very reason as a check so the variable is left say at

10.00 instead of the initial $10.00

Then the eregi_replace line makes sure the rest are numbers and removes the period so the variable is this

1000

Then the resulting variable is inputted into the database line so

shipping=''

That works fine because its stored in a float 2 mysql field which stores it as 10.00

The problem here is your user whomever is trying to input something other than a number say

Buyer's Expense

Now with the present code that might through an error because as noted your not suppose to do that. The shipping string would be properly typecast adding a slash near '

Now thats fine the code is doing what its suppose to do and those fields are set to STRING not INT as previously discussed so users can mess up and enter $.

But this is exactly why that eregi_replace line is there it removes the non numeric characters but can not remove the slash so your left with just a slash.

Using stripslashes which you said would work fine it would essentially negate the field and make it empty which results in

shipping=''

which again is proper. So really if your looking to modify the code from the default thats fine but to allow someone to enter something other than a price you need to modify your code and essentially also your mysql tables to say set that field to a varchar field not float field. This really goes back to what I initially said its an INT field stored in a float field.

The root of your problem is your users not entering a price but a string instead and thats going to always result in a best offer field because the field is empty. You can try it yourself just like I have. Enter a price for shipping of $10.00 it stores fine. You only get your issue if your user does not enter a price but makes up something non numeric in that field like buyer's expense.

I know this post was quite long but it should shed the ultimate light on the issue.

[ktmtalk]

Quote:

Originally Posted by Chuck S

No thats just not the case my friend. The code works as it is written. Maybe lets go back and explain this so there is no misunderstanding here. It numbers only. Inputting a dollar sign say $75.00 for price $10.00 for shipping works fine.

This is a brand new test site non public just to show you it works fine

Test Title - PhotoPost Classifieds

Looking back on this discussion the only thing I see is you said someone is trying to enter something other than a numeric price. Inputting a $ sign doesnt interfere with anything. The str_replace to remove $ is there for that very reason as a check so the variable is left say at

10.00 instead of the initial $10.00

Then the eregi_replace line makes sure the rest are numbers and removes the period so the variable is this

1000

Then the resulting variable is inputted into the database line so

shipping=''

That works fine because its stored in a float 2 mysql field which stores it as 10.00

The problem here is your user whomever is trying to input something other than a number say

Buyer's Expense

Now with the present code that might through an error because as noted your not suppose to do that. The shipping string would be properly typecast adding a slash near '

Now thats fine the code is doing what its suppose to do and those fields are set to STRING not INT as previously discussed so users can mess up and enter $.

But this is exactly why that eregi_replace line is there it removes the non numeric characters but can not remove the slash so your left with just a slash.

Using stripslashes which you said would work fine it would essentially negate the field and make it empty which results in

shipping=''

which again is proper. So really if your looking to modify the code from the default thats fine but to allow someone to enter something other than a price you need to modify your code and essentially also your mysql tables to say set that field to a varchar field not float field. This really goes back to what I initially said its an INT field stored in a float field.

The root of your problem is your users not entering a price but a string instead and thats going to always result in a best offer field because the field is empty. You can try it yourself just like I have. Enter a price for shipping of $10.00 it stores fine. You only get your issue if your user does not enter a price but makes up something non numeric in that field like buyer's expense.

I know this post was quite long but it should shed the ultimate light on the issue.

give me a qwik login so I can test your theory

[Chuck S]

My friend its not theory you can use your own site and test it with default files. Only thing else to do from default files would be possibly add stripslash lines which I did but above is fact this is just how it works.

Feel free to register a login if you wish at my site if you dont want to test on your own site. What I posted above is simple fact thats why I posted the link I did and showed you it works fine. A picture is worth a thousand words.

[ktmtalk]

Quote:

Originally Posted by Chuck S

My friend its not theory you can use your own site and test it with default files. Only thing else to do from default files would be possibly add stripslash lines which I did but above is fact this is just how it works.

Feel free to register a login if you wish at my site if you dont want to test on your own site. What I posted above is simple fact thats why I posted the link I did and showed you it works fine. A picture is worth a thousand words.

here's a picture for you.... not a user entering a string... it's ME entering $1,111... on my site.

Look at what I entered ($1,111), then look how it got converted to zero, resulting in Best Offer.

[Chuck S]

well thats not how the default code operates before this discussion so maybe you still have something inputted thats not suppose to be

Feel free to download the code so its not confused with your modified files and use editproduct and uploadproduct

Here is an actual ad posted with your example using the default code

Test Again - PhotoPost Classifieds