select record to insert php

Someone please tell what's wrong. It no wurk.

<HTML>
<body bgcolor="#ccffff">
<FORM name=Form action="rateselect.php" method=post>
<B><center>
Set tax rate <SELECT name=taxrate>
<OPTION value=0.0000 selected>0.0%
<OPTION value=0.02900>2.9%
<OPTION value=0.04000>4.0%
<OPTION value=0.04225>4.225%
<OPTION value=0.04500>4.5%
<OPTION value=0.04700>4.7%
<OPTION value=0.05000>5.0%
<OPTION value=0.05300>5.3%
<OPTION value=0.05500>5.5%
<OPTION value=0.05600>5.6%
<OPTION value=0.05750>5.75%
<OPTION value=0.06000>6.0%
<OPTION value=0.06250>6.25%
<OPTION value=0.06500>6.5%
<OPTION value=0.06850>6.85%
<OPTION value=0.06875>6.875%
<OPTION value=0.07000>7.0%
<OPTION value=0.08250>8.25%
</OPTION></SELECT><p>
<CENTER>
<INPUT type=image height=24 alt="submit button" width=129 src="rollsubmit.gif"
        border=0>
</CENTER>
</FORM></B></BODY></HTML>

HTML:

<?php
if (isset( $_POST['taxrate']) )
{
$taxrate=$_POST['taxrate'];
}
mysql_connect("localhost","root","");
mysql_select_db('numbersdb') or die( "Unable to select database");
print $_POST['taxrate'];
$query = "
INSERT INTO numbdata (taxrate)
VALUES('$taxrate')";
echo "data inserted</font><br /><br />";
$stat = mysql_query($query) or die('Query failed: ' . mysql_error());
mysql_close();
?>

PHP:

 

Jeezus. How can this atrocity to HTML exist in 2013?
First off, create a single file with the code, or provide some sort of error message. Does it simply not insert a row into the database? Do you get an error message? How about using proper escaping and enclosing?

 

Here's a working example, everything in one file - you will of course need to separate into two files if that is needed.

<?php
   $taxrate = (isset($_POST['taxrate'])) ? $_POST['taxrate'] : "";

   mysql_connect("localhost","root","");
   mysql_select_db('numbersdb') or die( "Unable to select database");
     
   $query = "INSERT INTO numbdata (taxrate) VALUES('$taxrate')";
   
   if (isset($_POST['submit_taxrate']) && $taxrate != '0.0000') {
   mysql_query($query) or die('Query failed: ' . mysql_error());
   echo "Taxrate submitted";
   }
   mysql_close();

       $rates = array(
               1 => array( 1 => '0.00000', 2 => '0.0'),
               2 => array( 1 => '0.02900', 2 => '2.9'),
               3 => array( 1 => '0.04000', 2 => '4.0'),
               4 => array( 1 => '0.04225', 2 => '4.225'),
               5 => array( 1 => '0.04500', 2 => '4.5'),
               6 => array( 1 => '0.04700', 2 => '4.7'),
               7 => array( 1 => '0.05000', 2 => '5.0'),
               8 => array( 1 => '0.05300', 2 => '5.3'),
               9 => array( 1 => '0.05500', 2 => '5.5'),
               10 => array( 1 => '0.05600', 2 => '5.6'),
               11 => array( 1 => '0.05750', 2 => '5.75'),
               12 => array( 1 => '0.06000', 2 => '6.0'),
               13 => array( 1 => '0.06250', 2 => '6.25'),
               14 => array( 1 => '0.06500', 2 => '6.5'),
               15 => array( 1 => '0.06850', 2 => '6.8'),
               16 => array( 1 => '0.06875', 2 => '6.875'),
               17 => array( 1 => '0.07000', 2 => '7.0'),
               18 => array( 1 => '0.08250', 2 => '8.25')
         );

?>

<!DOCTYPE html 5>
<html>
<head>
   <title>Select taxrate</title>
   <style type="text/css">
     body {
       background-color: #cff;
     }
   </style>
</head>
<body>
<form name="taxform" action="#" method="post">
   <label>Set tax rate:</label>
   <select name="taxrate">
     <?php
       foreach($rates as $key => $value) { ?>
       <option value="<?php echo $value[1]; ?>"><?php echo $value[2]; ?>%</option>
       <?php } ?>
   </select>

   <input type="submit" value="Submit taxrate" name="submit_taxrate">
</form>
</body>
</html>

PHP:

 

Or, if you prefer an echo-version, instead of escaping in and out of PHP, you can exchange the foreach-statement with this:

foreach($rates as $key => $value) {
   echo '<option value="'.$value[1].'">'.$value[2].'%</option>';
}

PHP:

 

Wow... just wow... is this part of geocities' source code? How'd you get hold of this? Are they selling leaked floppy disks on craigslist?

One more thing. Just because the values come from a select menu, and the average user doesn't know how to modify them, it doesn't mean the input shouldn't be escaped properly. Although, by the look of this, I don't expect the rest of the site to be any more secure. If someone wants to hack his site, there will be other ways in.

 

The only change I would make to the above solution to make it secure:

<?php
$taxrate = (isset($_POST['taxrate'])) ? (float)  $_POST['taxrate'] : "";

PHP:

 

He didn't really ask for security, and I wasn't really interested in providing more than a working example of what he provided. But yes, there should of course be some security implemented. He's using mysql anyway, so security is obviously not his main priority

 

Thanks so much PoPSiCLe & PHP. I programmed for years b4 the PC in several languages but now while
my wife reads and does Sudoku I still build guitars and play with programming to slow the progress of
dementia. I guess there will always be rude & hostile as well as the helpful and I'm too old to give a
damn. Again, thanks so much to all. Now I have a new project, changing the insert code to update.
Peace!

 

Same reason people are DUMB enough to see merit in HTML 5 -- nobody has bothered to extract their cranium from 1997's rectum; in fact most people writing HTML, writing tutorials and writing books on the subject have it wedged so far up there we need an orthodontist to help with the extraction.

You know what I keep saying about how HTML 5's core audience are the people still writing HTML 3.2 and until recently just slapping 4 tranny on it? Well, see the code the OP posted. Tags, attributes and inconsistent/willy-nilly closings that are the worst of decade and a half old practices.

 

The point is: if you already write proper html 4 strict, there's no reason NOT using html 5 - no bothersome doctypes, availability of html 5 functions IF you need them / wanna use them, etc. Ditching Flash to go with HTML 5 video, for instance - provides video for iPads/iPhones as well... since they don't support flash. I don't see how that's a wrong thing.

 

Oh yes, that extra twenty characters that you can usually just copy/paste is SO the end of the world, especially since it provides *SHOCK* VERSIONING. OH noes, not that. (admittedly I still bitch about the full blown URI to the spec -- but that's no reason to abandon having VERSIONS). In case you couldn't tell, not a fan of the "living document" idiocy.

Assuming ANY of them have a legitimate reason to exist... Which I don't think they do... much less the new loosened structural rules making validation effectively pointless. It's why the bragging about better error handling pisses me off -- but I'm one of the weirdo's who thinks browsers should stop dead in their tracks on errors -- god forbid people writing markup be expected to write valid code; no, let's just encourage everyone to sleaze things out any old way!

Something that should have been done with OBJECT, since VIDEO is redundant to OBJECT just as APPLET, EMBED, IMG, IFRAME, etc, etc... There is NO reason the 'new' codecs/containers couldn't simply have been added to the existing tag -- but no, let's have a new tag to force vendor lock-in, then brag about "no reliance on plugins" as a feature; about as good a feature as FF 2.x's memory leak in my opinion, and on the whole setting things back to the worst of the pre-flash codec wars between media player, realplayer and quicktime. (Always the laugh flash one when it wasn't even a contender at the start!)... and why? Because apple wants to dictate what people dumb enough to waste money on their hardware can and cannot use, and the sour grapes of the vorbis re-re's and their 'also ran' flosstard BS? Interesting that once again they prompt a change for no good reason, then still lose the race.

... because of course, supporting one video format (flash) is SO much harder than supporting four.... Re-introducing redundancies HTML 4 was trying to get rid of is SO much simpler... Letting people sleaze by making mistakes and loosening the rules so that semantics is meaningless makes it SO much more accessible.

I think not. HTML 5 "the future?" -- looks like 1997 to me.

 

It's not that Apple didn't want to use Flash, it's that Flash is just an unstable son of a bitch, and I would love to see it die as soon as possible. If one tab with Flash in it crashes, all other tabs using Flash crash too. How is that nice?

Apple asked Adobe multiple times to show them a properly working version, but they failed to do so.

http://www.apple.com/hotnews/thoughts-on-flash/

 

I've called bullshit on that from day one -- perhaps because on windows or mac I've never actually had one crash... or because all along plugins were SUPPOSED to be sandboxed, and FINALLY Chrome did it while everyone else (including Safari) is still playing catchup to OBJECT's entire point.

It has always struck me more as Apple's sour grapes over quicktime being stillborn on anything other than their own platform... and really the same complaint from Apple about flash stability can be used against them in terms of quicktime on anything other than MacOS.

... and of course, crashing the whole browser because the codec/player is built into the browser is going to be SUCH an improvement.

-- and even so, there's still no reason the in-built browser codec/container support couldn't have been added to OBJECT, instead of creating new redundant tags for no good reason, making a steaming pile of **** "specification" (and I'm using the term specification VERY loosely here) more complex than need be.

But it really seems everyone wants web development to be more complex than need be. More tags that are redundant to existing one, alleged semantics that add nothing that didn't already exist in STRICT, and undoing the entire progress of the past fifteen years.

 

hi guys looks like I got here just in time - is it " I know this, do u" or, no -" let's bash the noobie"?

 

How about "completely flabberghasted that this couldn't possibly be a nube, could it!?!" since it uses code that has is FIFTEEN YEARS out of date? You see code that old, it's hard to even expect it to BE a nube.

Of course, NOTHING posted here so far actually works as I would think it should... since it's possible to pass it broken values and I'd not expect you want it to show the form on a successful submit. I'd also separate it into multiple files so you aren't loading code that doesn't need to be in memory.

For the core, I'd do this:

<?php

$taxRateList = [
	0, 0.029, 0.04, 0.04225, 0.045, 0.047, 0.05, 0.053, 0.056,
	0.0575, 0.06, 0.0625, 0.065, 0.0685, 0.06875, 0.07, 0.0825
];

require_once('template.php');

if (isset($_POST['taxRate'])) {
	$value = substr($_POST['taxRate'], 0, -1);
	if (
		is_numeric($value) &&
		in_array($rate = $value / 100, $taxRateList)
	) {
		require('setRate.php');
	} else die('hacking attempt detected');
}

require('taxRateForm.php');
	
?>

Code (markup):

with the taxRateForm.php going like this:

<?php

template_header('Select Tax Rate');

echo '
	<form id="taxRate" action="rateSelect.php" method="post">
			<fieldset>
				<label for="taxRateValue">Set tax rate:</label>
				<select name="taxRate" id="taxRateValue">';
				
foreach ($taxRateList as $taxRate) echo '
					<option>',$taxRate * 100,'%</option>';
					
echo '
				</select><br />
				<input
					type="image"
					class="submit"
					src="rollSubmit.gif"
					alt="Submit"
					width="129" height="24"
				/>
			</fieldset>
		</form>';
		
template_footer();		
		
?>

Code (markup):

and the setRate.php being thus:

<?php

$db = new PDO(
	'mysql:dbname=numbersdb;hostname=localhost',
	'root',
	''
);

$db->prepare('
	INSERT INTO numbdata (
		taxrate
	) VALUES (
		:taxRate
	)
');

$db->execute(array(	':taxrate' => $rate ));

template_header('Tax Rate ' . (
	$outputRate = htmlspecialchars($_POST['taxRate'])
) . ' Set');

echo '
		<p>
			Rate successfully set to ',$outputRate, '
		</p>';
		
template_footer();

die;

?>

Code (markup):

The template.html including those two template_header and template_footer functions, and loading the CSS... since everything else being said in the markup has no business in the markup after 1997. CENTER, FONT, BORDER -- all relics of decades past.

I've uploaded a working copy (with the db access disabled) here:
http://www.cutcodedown.com/for_others/ataloss/rateSelect.php

As with all my examples the directory:
http://www.cutcodedown.com/for_others/ataloss/

is wide open for easy access to the bits and pieces, and I threw a .rar in there of the whole thing packed up for you, as well as .phps files to make code browsing easy.

It could still use a bit more security hole plugging and a better method of setting up the PDO/database connection (like getting the connection the **** out of global scope), but it's ok for now while 'learning'.

Hope this helps -- I know it's probably a lot to take in all at once.

 

DeathShadow, As I've posted b4, I just do this to delay dementia and yeah i'll be toying with 4 awhile. My older brother who just recently passed, gave me my newest HTML book, HTML 4. I've never seen a PHP book. Soon!

 

Actually, Popsycle's post gave much the same result - only with each submission, A record is inserted, my objective is to set the taxrate 4 use by subsequent programs - I didn't reply as I am trying to edit two parts -
$taxRateList = [
0, 0.029, 0.04,
<OPTION value=0.00000>0.00000 - ALASKA
<OPTION value=0.00056>0.00056 - Arizona
<OPTION value=0.06000>0.06000 - Arkansas
to show the taxrate/state in the dropdown. Again, Tanks

 

It is without a doubt, the most horribly piece of script I have ever seen, not sure if I should bookmark it for a gig. But, don't worry OP. You will get there in time, just please invest a minute day, to see what codding standards mean. For both PHP/HTML

 

If you're looking to have a dropdown of all the sales tax in the different states in the US, there are way easier ways to do this than manually. As a start, this page: http://en.wikipedia.org/wiki/Sales_taxes_in_the_United_States should give you enough info to get a hold of a complete tax chart, or make one yourself - then put it into a database-table, with taxrate and state and whatever else you think you need, and pull the values from that table in a loop. A LOT less code, and way easier to maintain.