Having problems with new php script, deleteing data

starview
starview used Ask the Experts™
on
For some reason when I run this search script it seems to work great, but it deleteall of the data from the database.
<html>
<head></head> 
<body> 


<?php /*I moved the PHP script here into the <body> tag since i want the output to go into the <body></body> of the page.*/
$connect=mysql_connect("localhost","xxxxxx","xxxxxxxx"); // Establish a connection  
mysql_select_db('xxxxxxx',$connect); // Name of your DB  
 
if(!$connect) // If connection not established  
print 'Could not connect to the database'; // Show an error  
 
if(isset($_GET['inpname'])) // If it's submitted
{  
	$inp = strClean($_GET['inpname']); // Clean my input  
	
	if( strlen($inp)>1 ) {
		$query="SELECT `dance_name`, `rhythm`, `phase`, `choreographer`, `pdf_file` FROM `cue_sheets` WHERE `dance_name` LIKE '%".$inp."%' "; // mySql query  
		 
		$r = mysql_query($query) or die(mysql_error()); // If query fail, let me know the error  
	
		if(mysql_affected_rows()===0) // If no match found  
			echo $inp." is not in our database."; // Let me know it is'nt found in the table  
		else  
		{  
			echo "<p>".$inp." was successfully searched.</p>
				<table class='results'><tr>
				<td>Dance Name</td><td>Rhythm</td><td>Phase</td><td>Choreographer</td><td>PDF File</td>
				</tr>\r\n";
			while ($row=mysql_fetch_array($r)) // Loop through the query results 
			{	// ****** mysql_fetch_array() makes an array for each row, the array "key" is the column name, so it is
				// ****** easy to get each columns data by just using the column title name.
				echo "<tr>\r\n";
					echo "<td>".$row['dance_name']."</td>\r\n";
					echo "<td>".$row['rhythm']."</td>\r\n";
					echo "<td>".$row['phase']."</td>\r\n";
					echo "<td>".$row['choreographer']."</td>\r\n";
					echo "<td><a href='".$row['pdf_file']."'>".$row['pdf_file']."</a></td>\r\n";
					
					/* //this bit of the code is what you requested originally in your question.
									
					echo "dance_name = ".$row['dance_name'];
					echo "rhythm = ".$row['rhythm'];
					echo "phase = ".$row['phase'];
					echo "choreography = ".$row['choreographer'];
					echo "pdf_file = ".$row['pdf_file'];
					
					/**/
					
				echo "</tr>\r\n";
			}
			echo "</table>\r\n";
		 
		} // End of the else statement
	} else {
		echo "<p>No text was entered into the search field.</p>";
	}
} // End of the if statement  
 
function strClean($str) // Clean my input  
{  
	return mysql_real_escape_string(strip_tags(trim($str)));  
} 
?> 

<form name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get"> 
<input name="inpname" type="text"> 
<input type="submit" name="search" value="Search"> 
</form> 

</body>
</html>

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Use mysql_close() to close the mysql connection at the end of the code where mysql is being used. (http://php.net/manual/en/function.mysql-close.php)

Like in the snippet:
<html> 
<head></head>  
<body>  
 
 
<?php /*I moved the PHP script here into the <body> tag since i want the output to go into the <body></body> of the page.*/ 
$connect=mysql_connect("localhost","xxxxxx","xxxxxxxx"); // Establish a connection   
mysql_select_db('xxxxxxx',$connect); // Name of your DB   
  
if(!$connect) // If connection not established   
print 'Could not connect to the database'; // Show an error   
  
if(isset($_GET['inpname'])) // If it's submitted 
{   
        $inp = strClean($_GET['inpname']); // Clean my input   
         
        if( strlen($inp)>1 ) { 
                $query="SELECT `dance_name`, `rhythm`, `phase`, `choreographer`, `pdf_file` FROM `cue_sheets` WHERE `dance_name` LIKE '%".$inp."%' "; // mySql query   
                  
                $r = mysql_query($query) or die(mysql_error()); // If query fail, let me know the error   
         
                if(mysql_affected_rows()===0) // If no match found   
                        echo $inp." is not in our database."; // Let me know it is'nt found in the table   
                else   
                {   
                        echo "<p>".$inp." was successfully searched.</p> 
                                <table class='results'><tr> 
                                <td>Dance Name</td><td>Rhythm</td><td>Phase</td><td>Choreographer</td><td>PDF File</td> 
                                </tr>\r\n"; 
                        while ($row=mysql_fetch_array($r)) // Loop through the query results  
                        {       // ****** mysql_fetch_array() makes an array for each row, the array "key" is the column name, so it is 
                                // ****** easy to get each columns data by just using the column title name. 
                                echo "<tr>\r\n"; 
                                        echo "<td>".$row['dance_name']."</td>\r\n"; 
                                        echo "<td>".$row['rhythm']."</td>\r\n"; 
                                        echo "<td>".$row['phase']."</td>\r\n"; 
                                        echo "<td>".$row['choreographer']."</td>\r\n"; 
                                        echo "<td><a href='".$row['pdf_file']."'>".$row['pdf_file']."</a></td>\r\n"; 
                                         
                                        /* //this bit of the code is what you requested originally in your question. 
                                                                         
                                        echo "dance_name = ".$row['dance_name']; 
                                        echo "rhythm = ".$row['rhythm']; 
                                        echo "phase = ".$row['phase']; 
                                        echo "choreography = ".$row['choreographer']; 
                                        echo "pdf_file = ".$row['pdf_file']; 
                                         
                                        /**/ 
                                         
                                echo "</tr>\r\n"; 
                        } 
                        echo "</table>\r\n"; 
                  
                } // End of the else statement 
        } else { 
                echo "<p>No text was entered into the search field.</p>"; 
        } 
} // End of the if statement   

function strClean($str) // Clean my input   
{   
        return mysql_real_escape_string(strip_tags(trim($str)));   
}

mysql_close($connect);  //close the connection with the MySQL server.
?>  
 
<form name="form" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">  
<input name="inpname" type="text">  
<input type="submit" name="search" value="Search">  
</form>  
 
</body> 
</html>

Open in new window

It doesnt make sense how it could delete all the data in your mysql tables :S :S Maybe it just looks like it because PHP is keeping that MySQL session active without mysql_close()ing it in the end.
Hi,

At what point does it delete all the data from the db?  I have tried running your code and it works fine for me.  Have you checked your database table in phpMyAdmin to see if the data is still there?

Thanks,

John
OWASP: Threats Fundamentals

Learn the top ten threats that are present in modern web-application development and how to protect your business from them.

Author

Commented:
I don't know what happen, after I ran the script and told you it was working great I tried to run it again and it kept saying no such file.
So I went in to the database and looked and there was no data listed under the field names. The field names and table was still there.
I put the data back in if you want to try and run it to see what happen, please do, if it happens again I will re enter it, it is only a test area.

http://www.starviewconnection.net/search-test.php

If you want to re enter more data you can do that to if needed.
http://www.starviewconnection.net/index.php


Thank you
Very weird.... Is it possible that someone was just deleting the entries using that second page to annoy you?

I tried updating and adding new items, then I tried repeatedly searching on the search form for them. But it all works fine. And nothing got deleted :S That is very odd.

Author

Commented:
I added the close line as you asked.
You might have ran the script after i etered the new data.
starview, I am getting mysql errors on the search page, you need to change the username and password from xxxxxxxx to the real ones for your mysql server

Author

Commented:
No one has access to it anyway I hope not. I will give it a try.

Author

Commented:
oops

Author

Commented:
Changed, sorry about that
Ive been spamming the search for awhile now and still no mistakes, its not deleting anything for me yet. Hmmm. When you did this "I don't know what happen, after I ran the script and told you it was working great I tried to run it again and it kept saying no such file." how much time did you spend inbetween it working and then you trying a new search again?

Author

Commented:
Maybe about and hour.

My wife is calling I have to go to church, I will try it later serveral time after church.
Thank you for checking this out, maybe that Use mysql_close() to close the mysql connection at the end of the code added did the job, I wish I new more about php/mysql than I do But Iam learning.

Thank you for all the help you have given
See you later
Most Valuable Expert 2011
Top Expert 2016

Commented:
Line 22 in the script is wrong.  Please try something more like the code snippet

                if(mysql_affected_rows()===0) // If no match found  

if (mysql_num_rows($r) == 0) // If no match found

Open in new window

Most Valuable Expert 2011
Top Expert 2016

Commented:
Line 30 in the script is wrong.  Use this function instead;

                        while ($row=mysql_fetch_array($r)) // Loop through the query results

while ($row=mysql_fetch_assoc($r)) // Loop through the query results

Open in new window

Most Valuable Expert 2011
Top Expert 2016
Commented:
Throughout the script you have a repeated construct with the \r\n end of lines.  Suggest you change those to use the predefined constant PHP_EOL.

Now all that said, this script is not changing your data base at all.  It may not produce any output - there are a variety of conditions that could cause that symptom, but it did not delete anything from your data base.

How did you come to believe that the script had changed your data base?

Author

Commented:
Will when I ran the script and then I went back to run it there was nothing there, I checked the database and there was no data there, so the data had to be deleted sometime between the time I ran the first script to that time I ran the script again. So it may me think it was the script that delete the data, unless someone hack my system and delete it.
Most Valuable Expert 2011
Top Expert 2016

Commented:
My usual question would be, "Are you able to recreate the failure?"

Something else happened, but it was not this script that deleted the data.

Author

Commented:
I don't, but I will try, Sir

Author

Commented:
I think I have found the problem why data was deleted.
I didnot realize that in my test area I had added delete in my add file script and also I used index.php as the script, so any one could have used the url for the test website and could have delete the files.

Everything is working fine as far as I can tell now.
I will wait a while and then try again

thank you
Most Valuable Expert 2011
Top Expert 2016

Commented:
I'll bet you have found the problem!

Cheers, ~Ray

Author

Commented:
Thank you, all is well
starview, that is probably it lol.

Good luck making the rest of the website!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial