[development] Id is not passing

Carl Wiedemann carl.wiedemann at gmail.com
Tue Jan 11 17:37:05 UTC 2011


First, your update query is not safe from SQL injection. Please learn how to
use db_query properly
http://api.drupal.org/api/drupal/includes--database.pgsql.inc/function/db_query/6

Second, you have a typo -- should be '_doctor' not '_doctors' in your
_submit() function.

Default values are clearly explained here
http://api.drupal.org/api/drupal/developer--topics--forms_api_reference.html/6#default_value

Please *read the documentation* and try to solve your own PHP bugs before
posting to this list in the future.


On Mon, Jan 10, 2011 at 2:26 AM, mahesh gajabar <mahesh143an at gmail.com>wrote:

> Hi
> I have wrote a module for despalying my database table data into html
> format table. I have delete and edit button infront of every button. delete
> function is working fine. Code is as below
>
>
>
> *<?php*
>
> *function doctor_menu() {*
> *  $items = array();*
> * *
> *  $items['doctor'] = array(*
> *    'title' => t('Doctors'),*
> *    'page callback' => 'doctors_list',*
> *    'access arguments' => array('access doctor'),*
> *    'type' => MENU_NORMAL_ITEM,*
> *  );*
> * *
> *  $items['doctor/delete/%doctor_user'] = array(*
> *    'title' => t('Delete doctor'),*
> *    'page callback' => 'drupal_get_form',*
> *    'page arguments' => array('doctor_delete_confirm', 2),*
> *    'access arguments' => array('access doctor'),*
> *    'type' => MENU_CALLBACK,*
> *  );*
> * *
> * $items['doctor/edit/form'] = array(*
> *    'title' => t('doctor'),*
> *    'page callback' => 'drupal_get_form',*
> *    'page arguments' => array('doctor_page',2),*
> *    'access arguments' => array('access doctor'),*
> *    'type' => MENU_NORMAL_ITEM,*
> *  );*
>
> *$items['doctor/edit/%doctor_user'] = array(*
> *    'title' => t('Edit Form'),*
> *    'page callback' => 'drupal_get_form',*
> *    'page arguments' => array('doctor_edit_confirm', 2),*
> *   'access arguments' => array('access doctor'),*
> *    'type' => MENU_NORMAL_ITEM,*
> *  );*
> *  return $items;*
> *}*
>
> *function doctors_list() {*
> *    $header = array(t('Doctor Name'), t('Gender'),  t('Status'),
> t('Action'));*
> * *
> *    $query = "SELECT * FROM {doctor}";*
> *    $rs = db_query($query);*
> * *
> *    $row = array();*
> * *
> *    if ($rs) {*
> *        while ($data = db_fetch_object($rs)) {*
> *            $gender = $data->gender;*
> *            $status = $data->status ;*
> *            $row[] = array(stripslashes(ucwords($data->firstname)) . ' '
> . stripslashes(ucwords($data->lastname)), $gender, $status, *
> *            "<a href='doctor/edit/{$data->doctorid}'>" . t('Edit') .
> "</a> | <a href='doctor/delete/{$data->doctorid}'>" . t('Delete') . "</a>");
> *
> *        }*
> *    }*
> * *
> *    $str .= theme_table($header, $row);*
> * *
> *    return $str;*
> *}*
> *function doctor_user_load($doctorid) {*
> *    $query = "SELECT * FROM {doctor} WHERE doctorid = %d";*
> *    $rs = db_query($query, $doctorid);*
> * *
> *    if ($rs) {*
> *        while ($data = db_fetch_object($rs)) {*
> *            return $data;*
> *        }*
> *    }*
> * *
> *    return FALSE;*
> *}*
>
>
> *function doctor_delete_confirm(&$form_state, $doctor) {*
> *    $form['_doctor'] = array(*
> *        '#type' => 'value',*
> *        '#value' => $doctor,*
> *    );*
> * *
> *    return confirm_form($form,*
> *        t('Are you sure you want to delete this doctor?'),*
> *        isset($_GET['destination']) ? $_GET['destination'] : "doctor",*
> *        t('This action cannot be undone.'),*
> *        t('Delete'),*
> *        t('Cancel'));*
> *}*
>
> *function doctor_delete_confirm_submit($form, &$form_state) {*
> *    $form_values = $form_state['values'];*
> * *
> *    if ($form_state['values']['confirm']) {*
> *        $doctor = $form_state['values']['_doctor'];*
> *                                      *
> *                                     $query = "DELETE  FROM {doctor}
> where doctorid=$doctor->doctorid";*
> *                       $rs = db_query($query);*
> * *
> *        //doctor_delete($form_state['values'], $doctor->doctorid);
>     *
> * *
> *        drupal_set_message(t('Doctor has been deleted successfully.'));*
> *      }*
> * *
> *    drupal_goto("doctor");*
> *}*
>
> *function doctor_edit_confirm(&$form_state,$doctor){*
> * $form = array();*
> *$form['_doctor'] = array(*
> *        '#type' => 'value',*
> *        '#value' => $doctor,*
> *    );*
> * $form['firstname']=array(*
> *        '#title'=>t('First Name'),*
> *        '#type'=>'textfield',*
> *                                     //'#prefix'=>'<table
> class="formtable"><tr><td class="labeltext">First Name</td><td
> class="textbox">',*
> *        '#suffix'=>'</td></tr>',*
> *  );*
> *$form['lastname']=array(*
> *        '#title'=>t('Last Name'),*
> *        '#type'=>'textfield',*
> *                                     '#default_value' => $lastname,*
> *    );*
> *$form['gender']=array(*
> *        '#title'=>t('Gender'),*
> *        '#type'=>'radios',*
> *                                   *
> *                                   '#options' => array(t('male'),
> t('female')),*
> *                                     '#default_value' => male,*
> *    );*
> *$form['status']=array(*
> *        '#title'=>t('Status'),*
> *        '#type'=>'radios',*
> *                                     '#default_value' => active,*
> *                                     '#options' => array(t('active'),
> t('inactive')),*
> *                                      *
> *    );*
> *    *
> *return confirm_form($form,t(''),*
> *        isset($_GET['destination']) ? $_GET['destination'] : "doctor",*
> *        t(''),*
> *        t('Edit'),*
> *        t('Cancel'));*
> *}*
>
> *function doctor_edit_confirm_submit($form, &$form_state)*
> *{*
> *if ($form_state['values']['confirm']) {*
> *$doctor = $form_state['values']['_doctors'];*
> * $firstname = $form_state['values']['firstname'];*
> *    $lastname = $form_state['values']['lastname'];*
> *    $gender1= $form_state['values']['gender'];*
> *$gender =  $gender1 ? t('female') : t('male');*
> *    $status1 = $form_state['values']['status'];*
> *$status = $status1 ? t('inactive') : t('active');*
>
>
> *$query = "UPDATE  {doctor} SET firstname = '$firstname', lastname=
> '$lastname', gender = '$gender', status = '$status'  WHERE
> doctorid=$doctor->doctorid";*
> * $rs = db_query($query);        *
> *     *
> * }*
> *drupal_goto("doctor");*
> *}*
>
>
> when i put hardcoded value infront of doctorid like doctorid=2 then its
> getting edited after i click on edit button but when i paasing it using
> varible and clicking edit button then its showing following error where
> firstname ->anitha,lastname->abc are the values i enetering in form while
> editing.
>
> *user warning: You have an error in your SQL syntax; check the manual that
> corresponds to your MySQL server version for the right syntax to use near ''
> at line 1 query: UPDATE doctor SET firstname = 'anitha', lastname= 'abc',
> gender = 'female', status = 'inactive' WHERE doctorid= in
> D:\FR-Server\Apache2\htdocs\fr\sites\all\Modules\doctor\doctor.module on
> line 157.*
>
> my html table on drupal screen
> Doctor NameGenderStatusAction  Mahesh Gajabarmaleinactive Edit<http://localhost/fr/doctor/edit/1>|
> Delete <http://localhost/fr/doctor/delete/1> Anitha PatilfemaleactiveEdit<http://localhost/fr/doctor/edit/2>|
> Delete <http://localhost/fr/doctor/delete/2> Pavithra MfemaleactiveEdit<http://localhost/fr/doctor/edit/3>|
> Delete <http://localhost/fr/doctor/delete/3> Ravi MandayammaleactiveEdit<http://localhost/fr/doctor/edit/4>|
> Delete <http://localhost/fr/doctor/delete/4>
> edit form :
>
> First Name:
>
> Last Name:
>
> Gender:
>
> male
>
> female
>
> Status:
>
> active
>
> inactive
>
> Cancel <http://localhost/fr/doctor>
>
>
>
> Please help me how i can pass that doctorid and also help me for getting
> default values in form when i click edit button in table.
>
>
> *MAHESH GAJABAR
> Software Developer
> FrontalRain Technologies,Bengaluru*
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20110111/0b60997e/attachment.html 


More information about the development mailing list