Form built with DW form wizard doesn't work

Helen_W_Lee · March 1, 2012, 6:47am

I’m still struggling trying to get my forms to behave. I thought I had it solved with the offlist help of one of the form members but even the form which worked with his help is now broken. I’ve started from scratch, using the DW form wizard and not touching it AT ALL, just uploading it to the server and filling it out. When I hit send I get the same CGI error as before. When I look in the url bar the name of the form has been duplicated. When I view the source code, sure enough, the name of the form is duplicated.

As far as I can figure (with the help of our server tech support) this is the offending code - generated by DW!! - and I think it’s the first 3 lines which are causing the problem:

$editFormAction = $_SERVER[‘PHP_SELF’];
if (isset($_SERVER[‘QUERY_STRING’])) {
$editFormAction .= “?” . htmlentities($_SERVER[‘QUERY_STRING’]);
}

if ((isset($_POST[“MM_insert”])) && ($_POST[“MM_insert”] == “form1”)) {
$insertSQL = sprintf(“INSERT INTO groomers (shopName, groomPropName, groomStreet, groomCity, groomProvince, groomCountry, groomPhone, groomEmail, groomWebsite, groomListing, groomPic, groomShow_Hide) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)”,
GetSQLValueString($_POST[‘shopName’], “text”),
GetSQLValueString($_POST[‘groomPropName’], “text”),
GetSQLValueString($_POST[‘groomStreet’], “text”),
GetSQLValueString($_POST[‘groomCity’], “text”),
GetSQLValueString($_POST[‘groomProvince’], “text”),
GetSQLValueString($_POST[‘groomCountry’], “text”),
GetSQLValueString($_POST[‘groomPhone’], “text”),
GetSQLValueString($_POST[‘groomEmail’], “text”),
GetSQLValueString($_POST[‘groomWebsite’], “text”),
GetSQLValueString($_POST[‘groomListing’], “text”),
GetSQLValueString($_POST[‘groomPic’], “text”),
GetSQLValueString($_POST[‘groomShow_Hide’], “text”));

mysql_select_db($database_db9568, $db9568);
$Result1 = mysql_query($insertSQL, $db9568) or die(mysql_error());

$insertGoTo = “CRcart/directory_list_logo.php”;
if (isset($_SERVER[‘QUERY_STRING’])) {
$insertGoTo .= (strpos($insertGoTo, ‘?’)) ? “&” : “?”;
$insertGoTo .= $_SERVER[‘QUERY_STRING’];
}
header(sprintf(“Location: %s”, $insertGoTo));

Why on earth would a DW wizard generate code which throws up a CGI error?! The exact error is: CGI Error - The specified CGI application misbehaved by not returning a complete set of HTTP headers.

In case it helps, this is the form action line: <form action=“<?php echo $editFormAction; ?>” method=“post” name=“form1” id=“form1”>

JamesKenny · March 1, 2012, 10:51am

The first thre lines are just setting the path of the document your posting to, in this case it self, a whole lot of code to submit to itself if you ask me. Your problem sounds more like the differnece between cgi php, and cli php. Yes the are different and they behave very differently.

cgi is typically used in production servers

DW will always over inflate your code (try aptana)

as far as your code with out more i couldnt be certain but try

$editFormAction = $_SERVER[‘PHP_SELF’];

if ((isset($_POST[“MM_insert”])) && ($_POST[“MM_insert”] == “form1”)) {
$insertSQL = sprintf(“INSERT INTO groomers (shopName, groomPropName, groomStreet, groomCity, groomProvince, groomCountry, groomPhone, groomEmail, groomWebsite, groomListing, groomPic, groomShow_Hide) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)”,
GetSQLValueString($_POST[‘shopName’], “text”),
GetSQLValueString($_POST[‘groomPropName’], “text”),
GetSQLValueString($_POST[‘groomStreet’], “text”),
GetSQLValueString($_POST[‘groomCity’], “text”),
GetSQLValueString($_POST[‘groomProvince’], “text”),
GetSQLValueString($_POST[‘groomCountry’], “text”),
GetSQLValueString($_POST[‘groomPhone’], “text”),
GetSQLValueString($_POST[‘groomEmail’], “text”),
GetSQLValueString($_POST[‘groomWebsite’], “text”),
GetSQLValueString($_POST[‘groomListing’], “text”),
GetSQLValueString($_POST[‘groomPic’], “text”),
GetSQLValueString($_POST[‘groomShow_Hide’], “text”));

mysql_select_db($database_db9568, $db9568);
$Result1 = mysql_query($insertSQL, $db9568) or die(mysql_error());

$insertGoTo = “CRcart/directory_list_logo.php”;
if (isset($_SERVER[‘QUERY_STRING’])) {
$insertGoTo .= (strpos($insertGoTo, ‘?’)) ? “&” : “?”;
$insertGoTo .= $_SERVER[‘QUERY_STRING’];
}
header(sprintf(“Location: %s”, $insertGoTo));

JamesKenny · March 1, 2012, 10:54am

This is a little odd to me:

$editFormAction .= “?” . htmlentities($_SERVER[‘QUERY_STRING’]);

why add url vars to the form action and then get them from post too?

it just seems like a pretty dumb thing to do when you know what values your expecting

JamesKenny · March 1, 2012, 10:57am

lol wtf is?

header(sprintf(“Location: %s”, $insertGoTo)); you can an sql query from the header?

SpikeZ · March 1, 2012, 11:29am

Hi, I have added some quotes into the code to explain what does what and why.
DW is an OK tool but can over complicate things!


<?php


/* This sets the form's action, where it is directing the form data too
 * in this case - its back to itself $_SERVER['PHP_SELF']
 **/
$editFormAction = $_SERVER['PHP_SELF'];


/* Checks the incoming url to see if any query string has been passed to it.
 * eg: www.mysite.com/action.php?name=Spike 
 * anything after the ? is the query string
 * this is taken and added to the form action IN CASE IT IS NEEDED LATER
 **/
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}


/* if the form has been sent, check for the MM_insert field
 * (Should be in the <form> and a <hidden> field
 */


if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {


/* run the query using a FORMATTED string
 * GetSQLValueString is a DW created function that checks the value being sent to it
 * and gets rid of any nasties
 **/
$insertSQL = sprintf("INSERT INTO groomers (shopName, groomPropName, groomStreet, groomCity, groomProvince, groomCountry, groomPhone, groomEmail, groomWebsite, groomListing, groomPic, groomShow_Hide) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['shopName'], "text"),
GetSQLValueString($_POST['groomPropName'], "text"),
GetSQLValueString($_POST['groomStreet'], "text"),
GetSQLValueString($_POST['groomCity'], "text"),
GetSQLValueString($_POST['groomProvince'], "text"),
GetSQLValueString($_POST['groomCountry'], "text"),
GetSQLValueString($_POST['groomPhone'], "text"),
GetSQLValueString($_POST['groomEmail'], "text"),
GetSQLValueString($_POST['groomWebsite'], "text"),
GetSQLValueString($_POST['groomListing'], "text"),
GetSQLValueString($_POST['groomPic'], "text"),
GetSQLValueString($_POST['groomShow_Hide'], "text"));


/* select the datatbase */
mysql_select_db($database_db9568, $db9568);


/* run the query */
$Result1 = mysql_query($insertSQL, $db9568) or die(mysql_error());


/* where to go to AFTER the query has been run */
$insertGoTo = "CRcart/directory_list_logo.php";


/* as before with the query string. If it exists, append it to the $insertToGo variable
 * So if your page was 
 * www.mysite.com/action.php?name=Spike 
 * and the next page the script is going to is
 * CRcart/directory_list_logo.php
 * it would become 
 * CRcart/directory_list_logo.php?name=Spike
 * If you are not worried about appending query strings - you can safely delete the following threee lines.
 **/
 
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}


/* redirect the user based on the variable created above.
 **/
header(sprintf("Location: %s", $insertGoTo));


/* this could also be acheived by simply using:


header("Location: CRcart/directory_list_logo.php");
exit();


*/


?>

JamesKenny · March 1, 2012, 3:13pm

HA!
I seriously always thought sprintf was an inno db query string, and my use of inno db is limited considering I mostly develop on unix. I do use inno for certain application and or table structures but only when its required. Thats my first encounter with concentating strings using sprintf.

reading http://php.net/manual/en/function.sprintf.php it looks like more php shortcode and i don’t really see much benefeit in adding yet another syntax into the library. I’ll wait on that one until it becomes an issue

Helen_W_Lee · March 1, 2012, 6:43pm

So I’m learning! I am VERY new to working with php - only 3-4 weeks - so am afraid to fiddle with things too much. That’s why when the lynda.com tutorial told me to use the Form Wizard I figured that would be the way to go.

So that would be if I wanted it to carry some information forward to another form? That type of thing?

That actually reminds me of another question I have but I won’t complicate this thread with that one! :>)

What do you mean by “nasties”? :>)

I’m pretty sure I’m not appending any query strings but as I said above, I’m so new to this I’m not really sure. :>)

Thanks for all that spikeZ - much appreciated. I think I understand most of it. :>) Do you think that removing the 3 lines you mention above would solve my problem - where the form is doubling the path name? That seems to be what is messing the whole thing up.

Thanks also to JamesKenny for all your comments. Do either of you know a better way for a newbie to build a record insertion form than using the DW wizard? I did look at the DW5 manual pdf but I’ve never had much luck with Adobe’s manuals - they aren’t simple enough for a beginner. I do have years of html coding behind me but the php stuff has thrown me for a loop. Is there a REALLY SIMPLE, step by step tutorial online anywhere that I could use to start from scratch to build a form like this?

Helen_W_Lee · March 1, 2012, 6:53pm

A few minutes later … I removed the 3 lines you suggested and changed the header(sprintf… line to your suggested header line and the same thing happens: the form throws up the cgi error and the url it’s trying to go to is still http://caninereview.ca/directory_groomer_form.php/directory_groomer_form.php?

What on EARTH is making it duplicate the page like that? Aside from the fact that it’s not supposed to go back to itself, it’s supposed to go to CRcart/directory_list_logo.php.

This is SO frustrating. What makes it worse is that all the forms were working just fine before I asked the server people to activate ZendFramework. I originally thought it was using ZendMail which broke the form but obviously that wasn’t the problem because this form isn’t using ANY kind of e-mail commands. It’s just a bare bones “let’s see if this works first before adding to it” form. (It was the same lynda.com tutorial which told me to use ZendFramework, by the way, and I didn’t know at that time about using the mail() coding in php.)

Do you think I should ask the server people to DE-activate Zend Framework to see if the forms go back to working?

Helen_W_Lee · March 1, 2012, 7:12pm

A few minutes even later. :>) I bit the bullet and tried building a rudimentary (2 fields) form using the manual pdf. DW generated EXACTLY the same code as it did with the Wizard (don’t ask why I thought it might be different - I don’t know! <LOL>) and the form produced exactly the same result.

I guess I do need a tutorial from somewhere other than DW. JamesKenny - what is aptana?

Helen_W_Lee · March 1, 2012, 9:16pm

OK - I found a tutorial for building a form and inserting the content into the db. It works but with a glitch. The tutorial has me build the form on a page by itself, with the form action set to go to an insert.php page. Then the insert.php page is all php coding and works just fine, even sending me an e-mail upon inserting the record.

The glitch is that it inserts TWO records into the database, not just one. The first record is completely blank and the second contains the form contents. Now I can go in and delete all the blank records but that could become a pain in the you-know-what, so hopefully someone can tell me what’s causing that. :>) Here’s all the code on the insert.php page (I’ve incorporated some of spikeZ’s suggestions from earlier):

<?php
$con = mysql_connect(““,”“,”***”);
if (!$con)
{
die('Could not connect: ’ . mysql_error());
}

mysql_select_db(“*****”, $con);

$sql=“INSERT INTO groomers (shopName, groomPropName, groomStreet, groomCity, groomProvince, groomCountry, groomPhone, groomEmail, groomWebsite, groomListing)
VALUES
(‘$_POST[shopName]’,‘$_POST[groomPropName]’,‘$_POST[groomStreet]’,‘$_POST[groomCity]’,‘$_POST[groomProvince]’,‘$_POST[groomCountry]’,‘$_POST[groomPhone]’,‘$_POST[groomEmail]’,‘$_POST[groomWebsite]’,‘$_POST[groomListing]’)”;

if (!mysql_query($sql,$con))
{
die('Error: ’ . mysql_error());
}

$to = “webmaster@caninereview.ca”;
$subject = “New listing in groomers directory”;
$message = "There’s a new listing for " . $_POST[‘shopName’];
$from = $_POST[‘groomEmail’];
$headers = “From:” . $from;
mail($to,$subject,$message,$headers);

header(“Location: CRcart/directory_list_logo.php”);
exit();

mysql_close($con)
?>

SpikeZ · March 1, 2012, 9:58pm

Hi Helen and awesome effort on the learning, very refreshing to see people willing to have a go!

OK, to address some of the things you brought up earlier.

Yes but its so rare that you would want to do it that way but DW chucks it in there anyway!

fire away

Unfortunately not everyone wants to play by the rules and can easily manipulate your form to delete your entire database
Scary and sadly true. Look up “MySQL Injection”.
In your script I have added the value mysql_real_escape_string($value) which helps strip out any basic attempts to alter the query using POST’ed values.

Now, your new script.

You want to check if the POST form has been sent before processing. If nothing has been sent then script will run anyway and insert blank lines which is what you are getting.
This is why DW adds the MM_insert field to the form and then checks for that value in the script before doing anything else.

Once the form has been sent, you need to take the POST values and assign them to basic variables. Then you dont use the user submitted data and can run all manner of cleaning and sanitizing functions over it before saving it in your database.




if(isset($_POST['hidden_value'])) {
    $shopname = mysql_real_escape_string($_POST['shopName']);
    $groomPropName = mysql_real_escape_string($_POST['groomPropName']);
    $groomStreet = mysql_real_escape_string($_POST['groomStreet']);
    $groomCity = mysql_real_escape_string($_POST['groomCity']);
    $groomProvince = mysql_real_escape_string($_POST['groomProvince']);
    $groomCountry = mysql_real_escape_string($_POST['groomCountry']);
    $groomPhone = mysql_real_escape_string($_POST['groomPhone']);
    $groomEmail = mysql_real_escape_string($_POST['groomEmail']);
    $groomWebsite = mysql_real_escape_string($_POST['groomWebsite']);
    $groomListing = mysql_real_escape_string($_POST['groomListing']);
        
    $sql="
        INSERT INTO
            groomers (
          shopName
        , groomPropName
        , groomStreet
        , groomCity
        , groomProvince
        , groomCountry
        , groomPhone
        , groomEmail
        , groomWebsite
        , groomListing
        ) VALUES (
         '". $shopName ."'
        ,'". $groomPropName ."'
        ,'". $groomStreet ."'
        ,'". $groomCity ."'
        ,'". $groomProvince ."'
        ,'". $groomCountry ."'
        ,'". $groomPhone ."'
        ,'". $groomEmail ."'
        ,'". $groomWebsite ."'
        ,'". $groomListing ."'
        )";
    
    if (!mysql_query($sql,$con))
    {
    die('Error: ' . mysql_error());
    }
        
    $to = "webmaster@caninereview.ca";
    $subject = "New listing in groomers directory";
    $message = "There's a new listing for " . $_POST['shopName'];
    $from = $_POST['groomEmail'];
    $headers = "From:" . $from;
    mail($to,$subject,$message,$headers);
    
    header("Location: CRcart/directory_list_logo.php");
    exit();
}

Try this code and see what happens.

one other thing is to take your database connections and put them in a separate file called something like connection.php. Then include that file wherever you are accessing the database,

connection.php


[COLOR=#464646]$con = mysql_connect("host","user","pass");[/COLOR]
[COLOR=#464646]if (!$con)[/COLOR]
[COLOR=#464646]{[/COLOR]
[COLOR=#464646]die('Could not connect: ' . mysql_error());[/COLOR]
[COLOR=#464646]}[/COLOR]

[COLOR=#464646]mysql_select_db("88888", $con);

Then where you want to use that connection:


include('connection.php');

[/COLOR]

Helen_W_Lee · March 1, 2012, 10:28pm

Thanks, spikeZ (or should I be calling you Mike?). I do have a background in databases and even took a BASIC programming course years (MANY years) ago, so this isn’t all totally foreign to me - just the php part. :>)

I did copy/paste all your code into my page but it doesn’t work at all now. A wild stab at guessing why is because the “hidden value” in: if(isset($_POST[‘hidden_value’])) isn’t set anywhere? Either that or I copied it into the wrong place. I put it in place of:

$sql=“INSERT INTO groomers (shopName, groomPropName, groomStreet, groomCity, groomProvince, groomCountry, groomPhone, groomEmail, groomWebsite, groomListing)
VALUES
(‘$_POST[shopName]’,‘$_POST[groomPropName]’,‘$_POST[groomStreet]’,‘$_POST[groomCity]’,‘$_POST[groomProvince]’,‘$_POST[groomCountry]’,‘$_POST[groomPhone]’,‘$_POST[groomEmail]’,‘$_POST[groomWebsite]’,‘$_POST[groomListing]’)”;

if (!mysql_query($sql,$con))
{
die('Error: ’ . mysql_error());
}

$to = “webmaster@caninereview.ca”;
$subject = “New listing in groomers directory”;
$message = "There’s a new listing for " . $_POST[‘shopName’];
$from = $_POST[‘groomEmail’];
$headers = “From:” . $from;
mail($to,$subject,$message,$headers);

header(“Location: CRcart/directory_list_logo.php”);
exit();

I left in the little bit following that - mysql_close($con)
?>

I’m not ignoring your other comments … well, I guess I am for now but because of the way my brain works (or rather, doesn’t work) I need to do one thing at a time. :>)

Thanks so much for the help!

SpikeZ · March 1, 2012, 10:47pm

Mike is fine

Exactly!

You need to add to your <form> a hidden field


<input type="hidden" name="[COLOR=#464646]hidden_value" value="1">

That will be checked by the script and only run when it finds it.

[/COLOR]

Helen_W_Lee · March 1, 2012, 11:01pm

Duh. I should have known that but wasn’t thinking. I did add the hidden field coding to the form page and then it worked, except I had to correct the shopname variable to shopName, as it originally didn’t pass the value through. Since my forte when I was taking the programming course was troubleshooting the crummy code I wrote, it wasn’t hard to fix that and now it works perfectly. Thanks so much Mike!

I’ll set up a new topic for the other question I had. Thanks also for the suggestion about including all the connection info in its own file. Since the DW tutorial I’ve been following has me setting up the connection somewhere in DW (can’t for the life of me remember where now!!) I have it in one line at the top of the page: <?php require_once(‘Connections/db9568.php’); ?> and for now will stick to that but if I have problems later, I’ll know a solution to try … assuming I can remember it. That’s my biggest problem - I figure I’m having a good day when I can remember my own name! (only partly kidding <G>)

Thanks again!

system · March 1, 2012, 11:10pm

Wow, just more proof the ONLY thing you can learn from Dreamweaver is how NOT to build a website… I mean, I’ve seen some STUPID malfing use of sprintF in my time, but … just… wow. I lack the words in polite company.

Yeah, pull ALL of the sprintF as a pointless, useless waste of processing time and memory and just build the strings.

Or join us in THIS century by switching everything to database interfaces MEANT for that type of processing; specifically mysqli or PDO. LOOKS like what’s ‘needed’ there is a prepare/bind/execute, not this mess of ‘data processing for nothing’.

Helen_W_Lee · March 1, 2012, 11:22pm

I hear you deathshadow60. I really don’t like DW at all (as a dyed in the wool GoLive user since forever) but since I’m going to be forced to upgrade my OS to Lion in order to keep my MobileMe e-mail address, etc., I’ve been forcing myself to use DW. Of course, the version of GL I’ve been using (CS2) doesn’t support database stuff so I’d have to use DW for that but I do miss all the other things GL can do which DW can’t. I had to get this database system up and running quickly, though, and since I’d never touched any php/mysql stuff before and knew that DW could handle it, I went that route and did get the system going and generating revenue. From here on in, though, I’ll try to find tutorials elsewhere, as I’m slowing getting my antique brain around the php stuff and it doesn’t scare me quite as much as it did a month ago. :>)

system · March 1, 2012, 11:44pm

Golive isn’t any better. “Generators” and “tools” that make code for you tend to vomit up broken useless code… just like the garbage WYSIWYG editors barf out HTML that isn’t worth a flying purple fish.

So… unrealistic expectations. Gotcha. Sucks when painted into a corner like that, more so when you’re trying to do it with off the shelf tools that don’t work, aren’t going to work, and on the whole are nothing more than overpriced scams.

Next time, do yourself a favor – take the time to learn PHP/SQL and code them directly with a text editor just like you should your HTML/CSS and avoid any stupid ‘wizards’ to make code for you. NEVER works, road to failure.

ESPECIALLY if it has the name “Adobe” on it.

JamesKenny · March 2, 2012, 12:54pm

I learned on DW3, and then went to gEdit and Terminal when I learned how bad my code really was. About a year or so ago I found Aptana, and I havent stopped using it since. It has some of the best of DW’s features, like rememebering your variable,function and or class names for auto complete, color highlighting,project management and the better basic stuff without all of the fluff that bogs down your machine. (and the code snippets are usually usable)

I think they have plugins from eclipse in order to mimic DW

In DW’s defence I do miss the built in html editor, and although you can edit aptana themes, DW had syntax highlighting and colors cornered

Its worth a look into if your like me and came from that environment, and are looking for “code” writer

Helen_W_Lee · March 2, 2012, 5:36pm

I was quite interested in your suggestion about aptana until I got to the word “themes”. I have too many sites I’ve built from scratch to use with a theme-based application, if that’s what it is. I prefer to do the design (such as it is) myself rather than use a theme or template. There are things about DW I like but I really miss, for example, being able to click on a file in the site list and choose the In/Out button to see what files are connected to my chosen one. Then there’s the whole site issue - DW is VERY clunky in this regard and not always accurate. GL has such a great site handling ability and I really don’t trust DW in that regard, so end up taking a lot of time to manually upload files. Although, having said that, in some instances it’s a lot faster to manually upload than to sit for what seems like minutes while DW grindingly slowly checks through all the files to see what’s changed … and then misses some. Or finds some which have not changed. I’m really not impressed. I suppose it’s possible DW CS5.5 is better than what I have (CS5) but I’m not prepared to spend any more money on it. I will go and take a look at Aptana, though - thanks for the suggestion!

SpikeZ · March 2, 2012, 6:04pm

DW and Aptana are development tools to produce sites, by themes James means the visual appearance of the program. Same as if you change the colour on OSX.

If I were in your position I would download either Aptana or Komodo Edit (free version) and get stuck into learning how to code properly from the start.
As DS60 so succinctly put it, the programs like DW aren’t the best way of doing it - they are just a way.