开发者

Not able to echo variables

问答 作者:

Why am I not able to echo those things like adm_no, adm_dt, etc.?

require_once("lib/connection.php");
$adm_no = $_POST['adm_no'];
if (!$adm_no == "intval") echo "You Entered wrong Admission no Recheack Admission no";
exit();
$clas = $_POST['clas'];
$query = "SELECT * FROM $clas WHERE adm_no = $adm_no";
$result = mysql_query($query);
//searchs the query in db.
while ($result1 = mysql_fetch_array($result)) {
    $adm_no = $result1['adm_no'];
    $adm_dt = $result1['adm_dt'];
    $name = $r开发者_JAVA技巧esult1['name'];
    $dob = $result1['dob'];
    $f_name = $result1['f_name'];
    $f_office = $result1['f_office'];
    $f_o_no = $result1['f_o_no'];
    $m_name = $result1['m_name'];
    $m_office = $result1['m_office'];
    $addr = $result1['addr'];
};


echo "Admission no = ";
$adm_no;
echo " <p>Admission Date  </p>";
echo "   <p>Name  </p>";
echo "  <p>Class </p>";
echo "  <p>D.O.B    </p>";
echo "  <p>Father s name    </p>";
echo "  <p>Office address    </p>";
echo "  <p>Office No   </p>";
echo "  <p>Mother s name   </p>";
echo "  <p>Office Address     </p>";
echo "  <p>Address      </p>";
echo "  <p>Phone no   </p>";

You have a syntax error

echo "Admission no = " ;$adm_no ;

Should be

echo "Admission no = " ; 
echo $adm_no ;

or

echo "Admission no = " . $adm_no ;

Well, the following does print a string and then does nothing with the variable:

echo "Admission no = " ;$adm_no ;

You where probably going for:

echo "Admission no = " . $adm_no;

Apart from that, are you aware that the print logic is only evaluated once after the while loop has iterated all the results (if more than one). That is, the variables will hold the values of the last record only.

Here is the problem your exit(); is executing every time even if the input $adm_no is okay.

Change this 

if (!$adm_no=="intval") 
      echo "You Entered wrong Admission no Recheack Admission no" ;
      exit();

to

if (!$adm_no=="intval") 
{
      echo "You Entered wrong Admission no Recheack Admission no" ;
      exit(); 
}

As I told you in the previous (deleted) question, you have an SQL-injection hole.
Here's how to fix it.

Change this code:

Not able to echo variables

Coding horror

$adm_no = $_POST['adm_no']; 
if (!$adm_no == "intval") 
  echo "You Entered wrong Admission no Recheack Admission no"; 
exit(); 
$clas = $_POST['clas']; 
$query = "SELECT * FROM $clas WHERE adm_no = $adm_no";

Into this code, which is not exposed to SQL-injection dangers 

$adm_no = mysql_real_escape_string($_POST['adm_no']); 
if (!$adm_no == "intval") { 
  echo "You Entered wrong Admission no Recheack Admission no"; exit(); 
}
$allowed_tables = array('table1', 'table2'); 
$clas = $_POST['clas']; 
if (in_array($clas, $allowed_tables)) 
{     
  $query = "SELECT * FROM `$clas` WHERE adm_no = '$adm_no'";    
}

I know that the If will only accept integers, but the if in your previous question was commented out, therefor it comes and goes, so always escape your inputs before injecting them into your query!

Note how the if in your code does not work because you forgot to enclose the body after the then in brackets {}, causing the exit(); to always be executed.

For more info on SQL-injection see: How does the SQL injection from the "Bobby Tables" XKCD comic work?
And for info on why mysql-real-escape_string or PDO doesn't work with dynamic table names
see: How to prevent SQL injection with dynamic tablenames?
And: Sample code to fix this particular SQL-injection hole

XSS hole
To fix a possible XSS hole, don't do

Not able to echo variables

Coding horror

echo "Admission no = ".$adm_no;

But do this instead:

echo "Admission no = ".htmlspecialchars($adm_no);

In your case it seems that $adm_no can only hold an integer, but I don't have the table definition so I cannot be sure of that. It's best to be on the safe side and always escape dynamic output using htmlspecialchars.

See: What are the best practices for avoiding xss attacks in a PHP site

Statement 1: echo "Admission no = " ;

Statement 2: $adm_no ;

You aren't echoing the variables.

You should probably have something like:

<p>Admission no = <?php echo htmlspecialchars($adm_no); ?></p>

  1. The way you assign the variables in the loop doesn't make any sense: if your SQL query returns more than 1 row, your code will simply replace the values. You probably want to echo the results inside the loop.

  2. There is a syntax error here: echo "Admission no = " ;$adm_no ;.. it should be echo "Admission no = ".$adm_no;

  3. When you are echoing the results, you are not actually echoing the variables: echo " <p>Admission Date: $adm_dt </p>";

Because echo accepts parameters as comma-separated list, like

echo $one, "two"

Using comma is also possible, but better just use heredoc syntax which support variable substitution, if you need to output large chunk of text with newlines

echo <<<HEREDOC
Your text with $variables or {$variables} here
with newlines and other nifty plaintext formatting
HEREDOC;

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9