|
Bug causing mysql errors - cause detected I was seeing several mysql errors... 4 from one guy, and 1 from another. Here is the error message for each one: Quote:
Quote:
That \ "escapes" the next character (the ending quote) and causes the mysql error. Ok, I showed the sql statements, and the errors, and the reason. Wanna know how it actually happened??? Well, of course you do! Even though it's supposed to be numbers only, the seller put .... At Buyer's Expense in the shipping field. I'm guessing that the code saw the single quote and escaped it it with a "\" ... then it looks like it removed everything EXCEPT the \ ....and the end result was..... shipping="\" and that was what was trying to be saved in the sql statement. So.... the qwik solution is..... ????? . |
I would need the full errors. Your first is not showing an error of the query I really need the full context of these errors. I mean shipping does not have a / in it anywhere so thats why I need to know more info. |
Quote:
Entering Buyer's Expense in shipping... In uploadproduct.php, Quote:
But since you asked for it.... here is the full error message: Quote:
. |
well you cant put that in a field for an integer I can explicitly set that string to INT |
Quote:
$shipping = stripslashes($shipping); and be done with it |
Well you can do that I am going to go the other way and make sure it can only be an INT. Your not going to be able to store anything but an interger in that field. It is a floating point mysql field. |
Quote:
|
Just make the typecast lines in uploadproduct this Code: Content visible to verified customers only. |
better solution than my stripslashes... probably wanna change "reserve" to INT too and then again the same thing in editproduct too |
yep indeed |
Quote:
I am a professional coder in C# and I'm constantly amazed at some of my code: "crap, how long has that bug been there and... why hasn't someone said something before now??" in some of my projects. |
yeah thats how it goes if no one reports it you aint gonna find it. |
Quote:
Since it is now typecast as an INT, the conversion of the $ sets the value to ZERO, which in turn, sets the price to "Best Offer". Yeah, I know... tell the seller to follow instructions but after having to change a dozen of these myself, I think it needs to be coded to handle issues like this - they are going to happen. . |
okay but we already run a stripslashes on the line thats what the typecast feature is. You can certainly add extra stripslashes lines like you say in there but you know its still not going to record a string as I stated before. A float field is still an INT field in a way |
See love the morning and coffee. The code is doing what it is suppose to do. See we code it as a string and and it passes through the typecast function which adds the slash because going into mysql you need that. Now we issue an ereg_replace line that removes everything except the actual number. So I dont know why you think setting it to an INT does not work the end result is we pass an integer to the database. You input $199.50 It passes through the code it is returned as 19950. That inturn is used in the query and you end up with 199.50 stored in the database since its a 2point floating field. The problem is when you use a non interger in that line what is left after the regex is \. You cant enter a string value into a float field. You can use a striipslash sure and the variable comes back empty thats fine. I choose this in uploadproduct.php because it lets me backwards remember why I just posted this. You will see there are no stripslash or addslash lines thrown throughout our code as there is a function which properly does this. ;) Code: Content visible to verified customers only. |
1 Attachment(s) Quote:
|
Quote:
Thats not in the code that I downloaded: Quote:
$price = str_replace("\", "", $price); $shipping = str_replace("\", "", $shipping); |
As stated those lines you would add after changing the typecast lines back to string You can download the build and upload editproduct and uploadproduct php files |
Quote:
And even if you do add the two lines, you still get a "Best Offer" when someone enters something like "$1,111". Never mind about this stuff... you really get defensive on this stuff. I thought I was helping by showing you things that needed attention.... like showing "Delete Ad?" when you really meant "Delete Comment"... or showing "Delete Image" when you really meant "Delete Ad", and... never mind. . |
http://www.photopost.com/forum/1254834-post15.html ;) I said I choose to add those lines and I made them bold so you know they are new at any rate feel free to download the code again. |
| All times are GMT -5. The time now is 01:47 PM. |
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.2.0