0

I have a php page that contains a button that is suppose to export MySql data to excel. Before exporting the user on the page selects "To" and "From" dates. I have placed a check() javascript function that verifies when the user has selected both the dates.

The problem statement is that on the button click the download begins without checking the dates. Please help. Here's the code. 

<?  
include("adminlogin.php");

include("classes/tc_calendar.php");

$myCalendar = new tc_calendar("stdt", true, false);
$myCalendar->setIcon("images/iconCalendar.gif");
$myCalendar->setPath("./");
$myCalendar->setYearInterval(2000, 2015);
$myCalendar->dateAllow('2000-01-01', '2015-12-31');
$myCalendar->setDateFormat('j F Y');
//$myCalendar->setHeight(350);    
//$myCalendar->autoSubmit(true, "form1");

$myCalendar2 = new tc_calendar("enddt", true, false);
$myCalendar2->setIcon("images/iconCalendar.gif");
$myCalendar2->setPath("./");
$myCalendar2->setYearInterval(2000, 2015);
$myCalendar2->dateAllow('2000-01-01', '2015-12-31');
$myCalendar2->setDateFormat('j F Y');
//$myCalendar2->setHeight(350);   
//$myCalendar2->autoSubmit(true, "form1");

$stdt1=$_POST['stdt'];
$enddt1=$_POST['enddt'];
echo "dates are";
echo $stdt1;
echo $enddt1;

// function to download report
function export_excel_csv()
{
    $init_sql = "select distinct(proj_id) from timeshiftentry_master where dt>='$stdt1' and dt<='$enddt1'";
    $init_res=mysql_query($init_sql);

    //header info for browser
    $filename = "WP_List_" . date('Ymd') . ".xls";
    header("Content-Type: application/vnd.ms-excel; name='excel'");
    header("Content-Disposition: attachment; filename=\"$filename\"");
    header("Pragma: no-cache");
    header("Expires: 0");

    /*******Start of Formatting for Excel*******/
    //define separator (defines columns in excel & tabs in word)    
    $sep = "\t"; //tabbed character
    ob_end_clean();

    //start of printing column names as names of MySQL fields
    /*for ($i = 0; $i < mysql_num_fields($result); $i++) 
    {
        if($i == 0)
        {
            echo "S. No." . "\t";
        }
        echo mysql_field_name($result,$i) . "\t";
    }
    echo "Employee Name" . "\t";
    echo "Hours Booked" . "\t";
    print("\n");*/

    $SerialNum = 0;
    while($init_row=mysql_fetch_array($init_res))
    {
        $sql = "SELECT * FROM project_master where proj_id='$init_row[0]'";
        //execute query
        $result = mysql_query($sql) or die (mysql_error());
        //end of printing column names
        //start while loop to get data
        while($row = mysql_fetch_array($result))
        {
            // get the emplyoee details 
            $projid=$row[0];
            $projnm=$row[1];
            $sql_emp="Select distinct(emp_no),emp_name from timeshiftentry_master where proj_id='$projnm' and  dt>='$stdt1' and dt<='$enddt1'";
            $res_emp=mysql_query($sql_emp);
            while($row_emp=mysql_fetch_array($res_emp))
            {
                $sql_hrs="select sum(wrkhrs) from timeshiftentry_master where proj_name='$projnm'  and emp_no='$row_emp[0]' and dt>='$stdt1' and dt<='$enddt1'";
                $res_hrs=mysql_query($sql_hrs);
                $row_hrs=mysql_fetch_array($res_hrs);
                if($row_hrs[0] >= 0)
                {
                    $SerialNum++;
                    // insert to excel
                    $schema_insert = "";
                    for($j=0; $j<mysql_num_fields($result);$j++)
                    {
                        if($j==0)
                        {
                            $schema_insert .= "$SerialNum".$sep;
                        }
                        if(!isset($row[$j]))
                            $schema_insert .= "NULL".$sep;
                        elseif ($row[$j] != "")
                            $schema_insert .= "$row[$j]".$sep;
                        else
                            $schema_insert .= "".$sep;
                    }
                    $schema_insert .= "$row_emp[1]".$sep;   
                    $schema_insert .= "$row_hrs[0]".$sep;
                    $schema_insert = str_replace($sep."$", "", $schema_insert);
                    $schema_insert = preg_replace("/\r\n|\n\r|\n|\r/", " ", $schema_insert);
                    $schema_insert .= "\t";

                    print(trim($schema_insert));
                    print "\n";
                    // inserted one row
                }
            }
        }
    }
    exit();
}

/*if(!isset($_POST))
{
    export_excel_csv();
}*/

if($_SERVER['REQUEST_METHOD']=="POST")
{
    $chk1= $_POST['download'];

    if($chk1=='Download')
    {
        export_excel_csv();
    }
}
else
{

}

?> 

<script language="javascript">
<!--

function check()
{
    if(show)
    {
        if(document.f1.stdt.value=="0000-00-00")
        {
            alert("Please Enter Start Date")
            show=false;
            return false;
        }
        if(document.f1.enddt.value=="0000-00-00")
        {
            alert("Please Enter the End Date")
            show=false; 
            return false;
        }
        if(document.f1.stdt.value>document.f3.enddt.value)
        {
            alert("Dates not allowed.")
            show=false;
            return false;
        }
    }
    return true;
} 

//-->
</script>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

<title>Bombardier TSM System</title>

<style type="text/css">
<!--
.style1 {font-size: small}
.style2 {color: #FFFFFF}
.style3 {font-size: x-small}
-->
</style>

</head>

<body>

<form name="f1" method="POST" action="" onClick="return check()"> 

<script language="javascript" src="calendar.js"></script>

<br>

<table align="center" cellspacing="5">

<tr>
<th colspan="2"><font color="#993300" size="4">Download Hours Booking Report</font></th>
</tr>

<tr>
<td>&nbsp;</td>
</tr>

<tr>
<td align="right"><font color="#993300">From : </font></td>
<td><?$myCalendar->writeScript();?></td>
</tr>

<tr>
<td align="right"><font color="#993300">To : </font></td>
<td><?$myCalendar2->writeScript();?></td>
</tr>

<tr>
<td>&nbsp;</td>
</tr>

<tr>
<td colspan="2" align="center"><input type="submit" name="download" value="Download"  id="download" onclick="download=true"/></td
</tr>

</table>

<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>

<?include("footer.php");?>

</form>
</body>
</html>
Priyanka Bhatia
  • 97
  • 2
  • 10
  • 1
    You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin May 06 '13 at 12:08

2 Answers2

0

There are two problems

1) You have unnecessary html comment tag.

2) You are checking 'if' condition against undeclared variable show

here 

if(show)

hence your javascript is failing. It is like undefined variable show.

chandresh_cool
  • 11,753
  • 3
  • 30
  • 45
  • I made the stated changes. Issue that still persists is that on submit (i.e. "Download") the alert pops up [ please enter date...] and on "ok" the download page pops up too. Anything else that needs to be modified – Priyanka Bhatia May 06 '13 at 12:12
  • Do you any mail id or something where I can paste you the recommended code? – chandresh_cool May 06 '13 at 12:17
  • Thanks Chandresh, I got the solution, but I have another problem, if you can help. The dates set on the page are not being read. If you look at the below code snippet. The commented code does not read the dates but generates excel file(obviously blank), while the uncommented code is able to read the dates but excel not generated. Any help? – Priyanka Bhatia May 06 '13 at 12:26
  • Cool. Okay tell me what is it? If possible would definitely help – chandresh_cool May 06 '13 at 12:28
  • if(!isset($_POST)) { export_excel_csv(); } /*if($_SERVER['REQUEST_METHOD']=="POST") { $chk1= $_POST['download']; if($chk1=='Download') { export_excel_csv(); } } else { }*/ – Priyanka Bhatia May 06 '13 at 12:30
  • Try this if($_SERVER['REQUEST_METHOD']=="POST") { if(isset($_POST['download'])) { export_excel_csv(); } } else { } – chandresh_cool May 06 '13 at 12:49
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/29484/discussion-between-chandresh-cool-and-priyanka-bhatia) – chandresh_cool May 06 '13 at 12:53
0

You want to perform the check when the form is submitted, not clicked. 

<form name="f1" method="POST" action="" onClick="return check()">

should be

<form id="f1"   method="POST" action="" onsubmit="return check()">
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • I have been formatting the file for quite sometime and I just forgot that I had made this change. Thanks for bringing this into notice. – Priyanka Bhatia May 06 '13 at 12:20