8 replies to this topic

[phpforfun]

hey guys, so I have a script I made a while ago, I just noticed it has something wrong.

The script gets subproducts out of a DB, lists them, and lets you update them. If the price of the subproduct is not in the right format, then it throws an error, here is the function I made to check the price

//function check price

function isprice($price){

	if(preg_match("/^\d+.\d\d$/", $price)) {

		return true;

	} else {

		return false;

	}

}

now what happens is, if you put the price as 1, it quits due to an error, if you put it as 1.00, then it continues, which is right... but for some rason, the script below will convert 1.00 to 1, this it throws an error later. I am so confused!! It wont include the decimal or anything after it. If anyone sees an issue with it, please let me know, might it be because its in an array? Im not sure, here is the code

<?php

if(empty($_GET['product'])){

	echo '<div align="center">Product ID not set</div>';

} else {

	$product = $_GET['product'];

	$sql = "SELECT * FROM `products` WHERE `id`='$product'";

	$mysql = mysql_query($sql);

	if(!$mysql) { die(mysql_error()); }

	$get = mysql_fetch_array($mysql);

	$id = $get['id'];

	if($id !== $product){

		echo '<div align="center">That is not a known product</div>';

	} else {

		if((!empty($_POST['spName'])) && (!empty($_POST['spDesc'])) && (!empty($_POST['spPrice']))){

			$spPrice = $_POST['spPrice'];

			$spName = $_POST['spName'];

			$spDesc = $_POST['spDesc'];

			if(isset($_POST['spChecked'])){

				$spChecked = $_POST['spChecked'];

			} else {

				$spChecked = 'no';

			}

				echo 'Adding Subproduct values..<br>';

				//clear any subproducts out that are for $product

				$sql1 = "DELETE FROM `subproducts` WHERE `product`='$product'";

				$mysql1 = mysql_query($sql1);

				if(!$mysql1){ die(mysql_error()); }

				//Clear done

				foreach($spName as $key => $value){

					if($spChecked[$key] == "yes"){

						$default = "yes";

					} else {

						$default = "no";

					}

					if(!isprice($spPrice[$key])){

						echo 'Error adding '.$spName[$key].' - Price not correct value ('.$spPrice[$key].'), SKIPPED<br>';

					} else {

						$sql = "INSERT INTO `subproducts` 

						(`name`, `desc`, `price`, `product`, `default`) 

						VALUES 

						('$spName[$key]', '$spDesc[$key]', '$spPrice[$key]', '$product', '$default')";

						$mysql = mysql_query($sql);

						if(!$mysql){

							echo "There was an error!". mysql_error()."<br>";

						} else {

							echo 'Added '.$spName[$key].'<br>';	

						}

					}

				}

				echo "..done";

		} else {

		$sql="SELECT * FROM `computers`";

		$result = mysql_query($sql);

		$rows = mysql_num_rows($result);

		echo '<script language="javascript">

		fields = 0;

		function addProduct() {

		if (fields != 100000000) {

		document.getElementById(\'text\').innerHTML += \'<div align="center"><table width="95%" border="0" cellspacing="0" cellpadding="2"  style="border-bottom-style:solid; border-bottom-color:#333333; border-bottom-width:thin; border-top-style:solid; border-top-color:#333333; border-top-width:thin"><tr><td >Name</td><td ><input name="spName[]" type="text" id="spName" style="width:100%"/></td><td >Price</td><td >$<input name="spPrice[]" type="text" id="spPrice" size="4" value="00.00" /></td></tr><tr><td>Description</td><td><input name="spDesc[]" type="text" style="width:100%" id="spDesc" /></td><td colspan="2">Check by default   <input name="spChecked[]" type="radio" value="yes" /></td></tr></table></div>\';

		fields += 1;

		} else {

		document.getElementById(\'text\').innerHTML += "<br />Only 100000000 upload fields allowed.";

		document.form.add.disabled=true;

		}

		}

		</script>';

		echo '

		<div align="center"><input type="button" value="Add SubProduct Field" onclick="addProduct()"></div><strong>NOTE:</strong> Please add all subproducts you are going to utilize

		first before you start to fill them in. Once you add a new field, it will clear all the other fields!<br><br>

		<form action="" method="POST">

		<div id="text">'; //Break to get existing sub products

		$sql2 = "SELECT * FROM `subproducts` WHERE `product`='$id' ORDER BY `price`";

		$result2 = mysql_query($sql2);

		$rows2 = mysql_num_rows($result2);

		for($i2=0;$i2<$rows2;$i2++){

			$spName = mysql_result($result2, $i2, 'name');

			$spPrice = mysql_result($result2, $i2, 'price');

			$spDesc = mysql_result($result2, $i2, 'desc');

			$spDefault = mysql_result($result2, $i2, 'default');

			echo '<div align="center"><table width="95%" border="0" cellspacing="0" cellpadding="2"  style="border-bottom-style:solid; border-bottom-color:#333333; border-bottom-width:thin; border-top-style:solid; border-top-color:#333333; border-top-width:thin"><tr><td >Name</td><td ><input name="spName[]" type="text" value= "'.$spName.'"id="spName" style="width:100%"/></td><td >Price</td><td >$<input name="spPrice[]" type="text" id="spPrice" size="4" value="'.$spPrice.'" /></td></tr><tr><td>Description</td><td><input name="spDesc[]" type="text" style="width:100%" id="spDesc" value="'.$spDesc.'" /></td><td colspan="2">Check by default   <input name="spChecked[]" type="radio" value="yes" ';

			if($spDefault == "yes"){

				echo 'checked="checked"';

			}

			echo '/></td></tr></table></div>';

		}


		//unbreak

		echo '</div> 

		<br>

		<input type="submit" value="Save">

		</form>';

		}

	}

}

?>

[John]

I remember writing that regular expression. Can you narrow down the error to a particular segment of code? From the sounds of it, you don't know the difference between an int and a double/float, and as a result, you are treating the double as an int which causes the decimal to be truncated.

[Brandon W]

I can't seem to find where your script is going wrong. But maybe what John has said might fix it. But there is one thing I would like to ask your personal opinion on.

With your part of the script that echos the Javascript. I realised you did;

echo ' ';

Then every occurance of " ' " throughout the echo you will need to use "\" to escape it. My question is, why did you do this? I am just asking for your personal opinion.

[phpforfun]

John said:

I remember writing that regular expression. Can you narrow down the error to a particular segment of code? From the sounds of it, you don't know the difference between an int and a double/float, and as a result, you are treating the double as an int which causes the decimal to be truncated.

Sounded like the right answer, I was using int, but I changed it to double, still doesnt work

Brandon W said:

I can't seem to find where your script is going wrong. But maybe what John has said might fix it. But there is one thing I would like to ask your personal opinion on.

With your part of the script that echos the Javascript. I realised you did;

echo ' ';

Then every occurance of " ' " throughout the echo you will need to use "\" to escape it. My question is, why did you do this? I am just asking for your personal opinion.

Basically, are you asking why I used single quotes instead of double quotes, to echo JS?

[phpforfun]

Fixed, changed it to Decimal(10,2) and it works now

[John]

phpforfun said:

Fixed, changed it to Decimal(10,2) and it works now

What exactly did you change?

[ReekenX]

I think your problem with database table, right?

[phpforfun]

John said:

What exactly did you change?

The mysql table column

ReekenX said:

I think your problem with database table, right?

Correct.

Instead of int, its now decimal, and the length/values is set to 10,2. I looked to see how WHMCS did it, thats what they did for all price fields. My guess is it means it can look like this:

Quote

1000000000.00

[John]

So in essence, I was right. Similar to the problem when your *integers* (varchars) were *not* being sorted properly.

And by the way, Decimal(10,2), means that you can have ten total bits, with two of them being after the decimal point. 99999999.99 is the largest number you can store.