can smebody plz check my code.on line 111 im checkin if my query has been executed succesfully or not.my query does get executed succesfully,the data goes into the db bt the error message gets displayed i.e "error adding data" although it should display "data added succesfully".ca n some1 tel me wot i've done wrong?
[code=php]
<?php
require_once "../inc/functions.php";
//require_once "../inc/vars.inc.php";
sessionCheck();
session_start() ;
$old_sessionid = session_id(); //i've added these lines
session_regener ate_id(); //i've added these lines
$new_sessionid = session_id(); //i've added these lines
function cleanInput($inp ut) {
$search = array(
'@<\s*script[^>]*?>.*?<\s*/\s*script\s*>@s i', // Strip out javascript
'@<\s*[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<\s*style[^>]*?>.*?<\s*/\s*style\s*>@si U', // Strip style tags properly
'@<![\s\S]*?–[ \t\n\r]*>@',
'/<img[^>]+\>/i' // Strip multi-line comments
);
$output = preg_replace($s earch, '', $input);
return $output;
}
// ’slashing
function sanitize($input ) {
if (is_array($inpu t)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
} else {
$input = @trim($input);
if (get_magic_quot es_gpc()) {
$input = stripslashes($i nput);
}
$input = cleanInput($inp ut);
$output = mysql_real_esca pe_string($inpu t);
}
return $output;
}
function chk_text($str) {
return ( preg_match("/[`|~|!|@|#|$|%|^ |*|=|+|{|}|[|]|:|;|<|>]/", $var) ? true : ( strpos($var, "?") === false ? false : true ) );
}
if($_POST['submit']){
$district = escape($_POST['dis']);
$taluka = escape($_POST['tal']);
$village = escape(trim($_P OST['village']));
$address= escape(trim($_P OST['addr']));
$errCnt = 0;
echo "$district" ;
echo "$taluka";
echo "$village";
echo "$address";
if(!$district)
{$msg[]="please select a district";
$errCnt++;
}
if(!$taluka)
{$msg[]="please select a taluka";
$errCnt++;
}
/*if($district != '1' || $district != '2'){
$msg[]="please select a district";
$errCnt++;
}
if($taluka == "Select one")
{
$msg[]="please select a taluka";
$errCnt++;
}*/
if(!$village){
$msg[] = "Village is required<br />";
$errCnt++;}
else
if(preg_match("/[`|~|!|@|#|$|%|^ |*|=|+|{|}|[|]|:|;|<|>]/", $village))
{
$msg[] = "No special characters allowed in name<br />";
$errCnt++;
}
if(!$address){
$msg[] = "Address is required";
$errCnt++;}
else
if(preg_match("/[`|~|!|@|#|$|%|^ |*|=|+|{|}|[|]|:|;|<|>]/", $address))
{
$msg[] = "No special characters allowed in address<br />";
$errCnt++;
}
$sub_id="select subcat_id from subcat where type='".$taluka ."'";
$execute=caseQu ery($sub_id);
$reslt = mysql_fetch_row ($execute);
$sub=$reslt[0];
echo "$sub";
if($errCnt == 0){
$sql = 'INSERT INTO `subcat2` (
`cat_id` ,
`subcat_id` ,
`type` ,
`vil_name` ,
`vil_addr`
)
VALUES (
"'.$district.'" ,"'.$sub.'", "'.$taluka.'"," '.$village.'" ,"'.$address .'"
)';
$dist = caseInsertQuery ($sql);
if($dist)
{
$ms= "data added succesfully";
}
else
{
$ms= "error adding data";
}
}
else
{
$msgs = addslashes(@imp lode("<br>",$ms g));
}
}
?>
<?php include_once "admin_template s/case_header.php "; ?>
<html>
<head>
<!-- <title>Multip le drop down list box from plus2net</title>
<link type="text/css" rel="stylesheet " href="../../gpp/inc/jscalender/css/jscal2.css" />
<link type="text/css" rel="stylesheet " href="../../gpp/inc/jscalender/css/border-radius.css" />
<link id="skin-win2k" title="Win 2K" type="text/css" rel="alternate stylesheet" href="../../gpp/inc/jscalender/css/win2k/win2k.css" />
<link id="skinhelper-compact" type="text/css" rel="alternate stylesheet" href="../../gpp/inc/jscalender/css/reduce-spacing.css" />
<script src="../../gpp/inc/jscalender/js/jscal2.js"></script>
<script src="../../gpp/inc/jscalender/js/lang/en.js"></script>
-->
<SCRIPT>
function frmSubmit(){
var error='';
var dis = document.getEle mentById('dis') .value;
var tal = document.getEle mentById('tal') .value;
var vil = document.getEle mentById('villa ge').value;
var addr = document.getEle mentById('addr' ).value;
if(dis != 1 || dis != 2){
error += "district is Required \n";}
else
if(dis==1)
{
if(tal=="Select one")
{
error += "Select taluka \n";
}
}
else if(dis==2)
{
if(tal=="Select one")
{
error += "Select taluka \n";
}
}
if(!vil){
error += "Panchayat Name is Required \n";
}
if(!addr){
error += "Address is Required \n";
}
if(error) {
alert(error);
}else{
srch_frm.submit ();
}
}
</script>
<SCRIPT language=JavaSc ript>
function reload(form)
{
var val=form.dis.op tions[form.dis.option s.selectedIndex].value;
self.location=' master.php?dis= ' + val ;
}
</script>
</head>
<body>
<?
@$dis=$_GET['dis'];
if(strlen($dis) > 0 and !is_numeric($di s)){
echo "Data Error";
exit;
}
$quer2=caseQuer y("SELECT DISTINCT dis_name,dis_id FROM district order by dis_name");
if(isset($dis) and strlen($dis) > 0){
$quer=caseQuery ("SELECT DISTINCT tal_name FROM taluka where dis_id=$dis order by tal_name");
}else{$quer=cas eQuery("SELECT DISTINCT tal_name FROM taluka order by tal_name"); }
?>
<form action="master. php" name="srch_frm" method="post">
<fieldset style="width:20 px">
<legend ><b> Search File</b></legend>
<table width="328" border="1">
<tr width="320">
<td >District:</td>
<td>
<?php
echo "<select name='dis' onchange=\"relo ad(this.form)\" ><option value=''>Select one</option>";
while($noticia2 = mysql_fetch_arr ay($quer2)) {
if($noticia2['dis_id']==@$dis){echo "<option selected value='$noticia 2[dis_id]'>$noticia2[dis_name]</option>"."<BR>" ;}
else{echo "<option value='$noticia 2[dis_id]'>$noticia2[dis_name]</option>";}
}
echo "</select>";
?>
</td>
</tr>
<tr>
<td>Taluka:</td>
<td>
<?php
echo "<select name='tal' ><option value=''>Select one</option>";
while($noticia = mysql_fetch_arr ay($quer)) {
echo "<option value='$noticia[tal_name]'>$noticia[tal_name]</option>";
}
echo "</select>";
?>
</td>
</tr>
<td>Panchayat Name:</td>
<td><input name="village" id="village" type="text" size="15" value="<?=$_POS T['village']?>" /></td>
</tr>
<td>Panchayat Address :</td>
<td><input name="addr" id="addr" type="text" size="15" value="<?=$_POS T['addr']?>" /></td>
</tr>
</table>
<input name="submit" type="submit" value="submit" >
<input name="cancel" value="Cancel" type="reset" onClick="reload (this.form)">
</fieldset>
</form>
<?php
echo "$msgs";
echo "$ms";
//onclick="frmSub mit()"
?>
</body>
</html>
[/code]
[code=php]
<?php
require_once "../inc/functions.php";
//require_once "../inc/vars.inc.php";
sessionCheck();
session_start() ;
$old_sessionid = session_id(); //i've added these lines
session_regener ate_id(); //i've added these lines
$new_sessionid = session_id(); //i've added these lines
function cleanInput($inp ut) {
$search = array(
'@<\s*script[^>]*?>.*?<\s*/\s*script\s*>@s i', // Strip out javascript
'@<\s*[\/\!]*?[^<>]*?>@si', // Strip out HTML tags
'@<\s*style[^>]*?>.*?<\s*/\s*style\s*>@si U', // Strip style tags properly
'@<![\s\S]*?–[ \t\n\r]*>@',
'/<img[^>]+\>/i' // Strip multi-line comments
);
$output = preg_replace($s earch, '', $input);
return $output;
}
// ’slashing
function sanitize($input ) {
if (is_array($inpu t)) {
foreach($input as $var=>$val) {
$output[$var] = sanitize($val);
}
} else {
$input = @trim($input);
if (get_magic_quot es_gpc()) {
$input = stripslashes($i nput);
}
$input = cleanInput($inp ut);
$output = mysql_real_esca pe_string($inpu t);
}
return $output;
}
function chk_text($str) {
return ( preg_match("/[`|~|!|@|#|$|%|^ |*|=|+|{|}|[|]|:|;|<|>]/", $var) ? true : ( strpos($var, "?") === false ? false : true ) );
}
if($_POST['submit']){
$district = escape($_POST['dis']);
$taluka = escape($_POST['tal']);
$village = escape(trim($_P OST['village']));
$address= escape(trim($_P OST['addr']));
$errCnt = 0;
echo "$district" ;
echo "$taluka";
echo "$village";
echo "$address";
if(!$district)
{$msg[]="please select a district";
$errCnt++;
}
if(!$taluka)
{$msg[]="please select a taluka";
$errCnt++;
}
/*if($district != '1' || $district != '2'){
$msg[]="please select a district";
$errCnt++;
}
if($taluka == "Select one")
{
$msg[]="please select a taluka";
$errCnt++;
}*/
if(!$village){
$msg[] = "Village is required<br />";
$errCnt++;}
else
if(preg_match("/[`|~|!|@|#|$|%|^ |*|=|+|{|}|[|]|:|;|<|>]/", $village))
{
$msg[] = "No special characters allowed in name<br />";
$errCnt++;
}
if(!$address){
$msg[] = "Address is required";
$errCnt++;}
else
if(preg_match("/[`|~|!|@|#|$|%|^ |*|=|+|{|}|[|]|:|;|<|>]/", $address))
{
$msg[] = "No special characters allowed in address<br />";
$errCnt++;
}
$sub_id="select subcat_id from subcat where type='".$taluka ."'";
$execute=caseQu ery($sub_id);
$reslt = mysql_fetch_row ($execute);
$sub=$reslt[0];
echo "$sub";
if($errCnt == 0){
$sql = 'INSERT INTO `subcat2` (
`cat_id` ,
`subcat_id` ,
`type` ,
`vil_name` ,
`vil_addr`
)
VALUES (
"'.$district.'" ,"'.$sub.'", "'.$taluka.'"," '.$village.'" ,"'.$address .'"
)';
$dist = caseInsertQuery ($sql);
if($dist)
{
$ms= "data added succesfully";
}
else
{
$ms= "error adding data";
}
}
else
{
$msgs = addslashes(@imp lode("<br>",$ms g));
}
}
?>
<?php include_once "admin_template s/case_header.php "; ?>
<html>
<head>
<!-- <title>Multip le drop down list box from plus2net</title>
<link type="text/css" rel="stylesheet " href="../../gpp/inc/jscalender/css/jscal2.css" />
<link type="text/css" rel="stylesheet " href="../../gpp/inc/jscalender/css/border-radius.css" />
<link id="skin-win2k" title="Win 2K" type="text/css" rel="alternate stylesheet" href="../../gpp/inc/jscalender/css/win2k/win2k.css" />
<link id="skinhelper-compact" type="text/css" rel="alternate stylesheet" href="../../gpp/inc/jscalender/css/reduce-spacing.css" />
<script src="../../gpp/inc/jscalender/js/jscal2.js"></script>
<script src="../../gpp/inc/jscalender/js/lang/en.js"></script>
-->
<SCRIPT>
function frmSubmit(){
var error='';
var dis = document.getEle mentById('dis') .value;
var tal = document.getEle mentById('tal') .value;
var vil = document.getEle mentById('villa ge').value;
var addr = document.getEle mentById('addr' ).value;
if(dis != 1 || dis != 2){
error += "district is Required \n";}
else
if(dis==1)
{
if(tal=="Select one")
{
error += "Select taluka \n";
}
}
else if(dis==2)
{
if(tal=="Select one")
{
error += "Select taluka \n";
}
}
if(!vil){
error += "Panchayat Name is Required \n";
}
if(!addr){
error += "Address is Required \n";
}
if(error) {
alert(error);
}else{
srch_frm.submit ();
}
}
</script>
<SCRIPT language=JavaSc ript>
function reload(form)
{
var val=form.dis.op tions[form.dis.option s.selectedIndex].value;
self.location=' master.php?dis= ' + val ;
}
</script>
</head>
<body>
<?
@$dis=$_GET['dis'];
if(strlen($dis) > 0 and !is_numeric($di s)){
echo "Data Error";
exit;
}
$quer2=caseQuer y("SELECT DISTINCT dis_name,dis_id FROM district order by dis_name");
if(isset($dis) and strlen($dis) > 0){
$quer=caseQuery ("SELECT DISTINCT tal_name FROM taluka where dis_id=$dis order by tal_name");
}else{$quer=cas eQuery("SELECT DISTINCT tal_name FROM taluka order by tal_name"); }
?>
<form action="master. php" name="srch_frm" method="post">
<fieldset style="width:20 px">
<legend ><b> Search File</b></legend>
<table width="328" border="1">
<tr width="320">
<td >District:</td>
<td>
<?php
echo "<select name='dis' onchange=\"relo ad(this.form)\" ><option value=''>Select one</option>";
while($noticia2 = mysql_fetch_arr ay($quer2)) {
if($noticia2['dis_id']==@$dis){echo "<option selected value='$noticia 2[dis_id]'>$noticia2[dis_name]</option>"."<BR>" ;}
else{echo "<option value='$noticia 2[dis_id]'>$noticia2[dis_name]</option>";}
}
echo "</select>";
?>
</td>
</tr>
<tr>
<td>Taluka:</td>
<td>
<?php
echo "<select name='tal' ><option value=''>Select one</option>";
while($noticia = mysql_fetch_arr ay($quer)) {
echo "<option value='$noticia[tal_name]'>$noticia[tal_name]</option>";
}
echo "</select>";
?>
</td>
</tr>
<td>Panchayat Name:</td>
<td><input name="village" id="village" type="text" size="15" value="<?=$_POS T['village']?>" /></td>
</tr>
<td>Panchayat Address :</td>
<td><input name="addr" id="addr" type="text" size="15" value="<?=$_POS T['addr']?>" /></td>
</tr>
</table>
<input name="submit" type="submit" value="submit" >
<input name="cancel" value="Cancel" type="reset" onClick="reload (this.form)">
</fieldset>
</form>
<?php
echo "$msgs";
echo "$ms";
//onclick="frmSub mit()"
?>
</body>
</html>
[/code]
Comment