Pass and receive variable values in PHP in Wordpress

Navigation
0

Cordial greeting. I'm new to this programming and I'm doing a page in wordpress that performs a query in SQL Server and sends the data to a table.

By clicking on the "Consult" button, the page is redirected to a 404 because it does not process or send the variable value. Also in the SQL query it returns a Warning because it is unknown the value of the name variable

This is the code I'm using.

accept

Hello and thanks for the answers.

I suppose I must validate first so that the first time you load the page, make the query, but even if I put the validation at the beginning, it generates a warning:

Warning: mssql_query (): message: Incorrect syntax near the keyword 'order'. (severity 15) in /var/www/html/intraser/wp-content/plugins/exec-php/includes/runtime.php(42): eval () 'd code on line 89

And clicking on consult continues redirecting to a 404. Effectively I need the result of the query to load it on the same page in an HTML table to be able to export to an XLS later.

I send the code again waiting for some other idea about what is happening. Thanks again for collaborating. 

<?php if(isset($_POST['name'])){ $name = $_POST['name']; } ?>
<div>

    <form method="post" action="<?php echo htmlentities($_SERVER['PHP_SELF']) ?>">
       <div>
            Seleccione periodo: 
            <select name="name">
                <option value="0" selected>Haga clic aquí</option>
                <option value="1" <?php if($_POST['name']=='1') echo 'selected="selected" ';?>> ENERO</option>
                <option value="2"  <?php if($_POST['name']=='2') echo 'selected="selected" ';?>>FEBRERO</option>
                <option value="3"  <?php if($_POST['name']=='3') echo 'selected="selected" ';?>>MARZO</option>
                <option value="4"  <?php if($_POST['name']=='4') echo 'selected="selected" ';?>>ABRIL</option>
                <option value="5"  <?php if($_POST['name']=='5') echo 'selected="selected" ';?>>MAYO</option>
                <option value="6"  <?php if($_POST['name']=='6') echo 'selected="selected" ';?>>JUNIO</option>
                <option value="7"  <?php if($_POST['name']=='7') echo 'selected="selected" ';?>>JULIO</option>
                <option value="8"  <?php if($_POST['name']=='8') echo 'selected="selected" ';?>>AGOSTO</option>
                <option value="9"  <?php if($_POST['name']=='9') echo 'selected="selected" ';?>>SEPTIEMBRE</option>
                <option value="10"  <?php if($_POST['name']=='10') echo 'selected="selected" ';?>>OCTUBRE</option>
                <option value="11"  <?php if($_POST['name']=='11') echo 'selected="selected" ';?>>NOVIEMBRE</option>
                <option value="12"  <?php if($_POST['name']=='12') echo 'selected="selected" ';?>>DICIEMBRE</option>
            </select>
            <input type="submit" name="submit" value="Consultar">
            <input type="button" onclick=" generateexcel('testTable') " value="Exportar a Excel">
        </div>
     </form>
</div>



<?php



echo "<table class='peq' id='testTable'>";

echo "<tr>";

 echo "<th class='peq'>Codigo</th>";

echo "<th class='peq'>Apellidos</th>";

echo "<th class='peq'>Nombres</th>";

echo "<th class='peq'>Fecha_nacimiento</th>";

echo "<th class='peq'>Direccion_domicilio</th>";

echo "<th class='peq'>Ciudad</th>";

echo "</tr>";

$name = $_POST['name'];


ini_set('mssql.charset', 'UTF-8');



$msconnect=mssql_connect("ECOSOL","logfuncionario","F3s3r2017_");

$msdb=mssql_select_db("solido",$msconnect);

$msquery = "Select 
    asociados.codigo, 
    asociados.nombre, 
    asociados.apellido, 
    (CONVERT (char(10),asociados.fecha_nacimiento, 103)) as fecha_nacimiento, 
    asociados.direccion, 
    asociados.ciudad
    from (
            SELECT 
              CAST(CAST(sys_maenit.CODIGOTER AS float(53)) AS decimal(10, 0))as codigo,
              sys_maenit.APELLIDO AS apellido, 
              sys_maenit.NOMBRE AS nombre, 
              sys_maenit.DIRECCION AS direccion, 
              sys_ciudad57.NOMBRE_CIUDAD AS ciudad, 
              sys_maenit.FECNACEM as fecha_nacimiento,
              sys_maenit.empresa as empresa
           FROM (solido.dbo.sys_maenit 
              CROSS JOIN solido.dbo.sys_ciudad57)
           WHERE (
              (sys_maenit.ESTADO = 'A') AND 
              (sys_maenit.CLASE = '5') AND 
              (sys_maenit.DPTO_CIUDAD = sys_ciudad57.CIUDAD))
            ) as asociados
    where asociados.empresa != '0099'
    and month(asociados.fecha_nacimiento)=".$name." order by day(asociados.fecha_nacimiento);";

$msresults= mssql_query($msquery);
while ($row = mssql_fetch_array($msresults)){

echo "<tr>";
echo "<td class='peq'>$row[0]</td>";
echo "<td class='peq'>$row[1]</td>";
echo "<td class='peq'>$row[2]</td>";
echo "<td class='peq'>$row[3]</td>";
echo "<td class='peq'>$row[4]</td>";
echo "<td class='peq'>$row[5]</td>";



echo "</tr>";

}
echo "</table>";
?>

Thank you for your kind cooperation

    
asked by reymagnus 21.02.2017 в 03:07
source

2 answers

1

If when sending the form you receive a 404 error, page not found, I understand that something in your server prevents the call from reaching the script again, it may be some redirection or some characteristic of your configuration that makes the value of $ _SERVER ['PHP_SELF'] does not correspond to the URI.

In any case, using echo $_SERVER['PHP_SELF']; is not recommended because it is open to xss attacks. You can leave the value of 'action' blank action='' (recommended in this case) or use echo htmlentities($_SERVER['PHP_SELF']) .

Since when sending the form you do not get back to the page, I understand that the SQL error you receive when you open the page for the first time, when you have not yet passed any value to $name .

You should frame the query in a if that verifies that a value has been received in $_POST and check that the variable $name has an acceptable value. Since you do not use integers like '1,2' but '01, 02 ', you can use a regular expression ^\d{numero minimo,numero máximo}$ something like that for 00 up to 999 \d{2,3} . This way you will know if the query fails or not when you are passing it an acceptable value.

And remember to validate and filter what you receive in the $ _POST variable for security, use something like link

Note: The connection data to the database, user and password at least, seem real. It would be better to change them for something generic type 'user', 'password' before publishing them here

    
answered by 21.02.2017 в 11:37
0
  

To complete Jok Montoya's answer with a brief explanation of what PHP_SELF does.

It gives 404 error for this instruction:

  

$ _ SERVER ['PHP_SELF']

What does $ _SERVER ['PHP_SELF'] do?

What the super global variable does with the PHP_SELF instruction is to reload the page again, in this case you have it in the form. 

<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

On many occasions the form is told to send the data to another page, as in this example: 

<form method="post" action="visualizardatos.php">

Where are you telling the data to send them to: visualdatos.php. But in your code you are saying that the data sends them back to the same page by reloading it.

The first thing the server reads is that it reloads the page with the empty "name" value, which causes the page error not found.

At the beginning you should evaluate that "name" contains something. You can do it with the instruction isset , for example if(isset($_POST["name"]){...} and from there include the sentences to your queries and the rest of the code.

    
answered by 21.02.2017 в 12:12
UpdatePanel Instance Unexpected behavior using Angular Material