Posts by AndrisP

In nyour code if case in line 32 allways true because actually you check if exist array which defined inside self if case.
Get file extension e.g.

$ext = pathinfo($_FILES["images"]["name"], PATHINFO_EXTENSION);

and then check if in array e.g.

if(!in_array(strtolower($ext), $allowed)){
    die("Not a gif/jpeg/png");
}

Use send_long_datahttp://php.net/manual/en/mysqli-stmt.send-long-data.php for blob upload in to the DB and use prepared statement to prevent from SQL injection.

1. Do not need make new connection in line 30 - use existing
2. If you want to post multiple "room" define field name as array <select name="room[]"> or <select name="room[$i]">
3. Set option value e.g. <option value="$rname">$rname</option>

4. I recommend you use filter_input(INPUT_POST, 'room') instead of $_POST['room'] e.g.

   $room = filter_input(INPUT_POST, 'room', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY);

5. use prepared statement instead of lines 8-13, e.g.

   $room = filter_input(INPUT_POST, 'room', FILTER_SANITIZE_STRING, FILTER_REQUIRE_ARRAY);
   $sql="INSERT INTO users(speaker) VALUES (?)";
   $stmt = $MySQLiconn->prepare($sql);
   foreach($room as $row){
           $stmt->bind_param("s",$row);
           $stmt->execute();
   }

Your method are wrong for BLOBs - read this manual

That's not what I'm looking for - its for install script

Would you think something like this?

<!DOCTYPE html>
<head>
    <script type="text/javascript">
    function donation(){
        this.dnts = [1,2,3,4,5,6,7,8,9,10];
        this.cost = [50,500,5000];
        this.unit = ['hours', 'days', 'months'];
        this.selected = [0,0];
        this.init = function(){
            this.dn = document.getElementById('dn');
            this.sm = document.getElementById('sm');
            this.rs = document.getElementById('rs');
            this.dn.innerHTML="";
            for(var i in this.dnts){
                this.dn.innerHTML += '<option>'+(this.dnts[i])+'</option>';
            }
            this.sm.innerHTML="";
            for(var i in this.cost){
                this.sm.innerHTML += '<option>$'+(this.cost[i])+'</option>';
            }
            this.rs.innerHTML="";
            for(var c in this.cost){
                for(var d in this.dnts){
                    this.rs.innerHTML += '<option>'+(Number(c)===1?this.dnts[d]*3:this.dnts[d])+' '+(this.unit[c])+'</option>';
                }
            }
        }
        this.update = function(fromResult){
            if(fromResult){
                this.dn.selectedIndex = this.rs.selectedIndex % 10;
                this.sm.selectedIndex = Math.floor(this.rs.selectedIndex / 10);
            }
            else {
                this.rs.selectedIndex = this.dn.selectedIndex + (this.sm.selectedIndex*10);
            }
        }
    }
    var dnt = new donation;
    </script>
</head>
<body onload="dnt.init();">
<div>
<span style="font-size:11px; font-family:arial;">
<select id="dn" onchange="dnt.update();">
</select> 
donation(s) of
<select id="sm" onchange="dnt.update();">
</select> 
= 
<select id="rs" onchange="dnt.update(1);">
</select> 
of gym time.</span>
</div>
</body>
</html>

Its a reserved keyword in MySQL. Read this https://dev.mysql.com/doc/refman/5.5/en/keywords.html

It should work similar. But column name date is not good - add prefix or use it inside backticks

Line 2 replace _init__ to __init__

when you set header("Content-Type:text/plain"); or use it inside pre echo '<pre>'.$content.'</pre>;` then it should be work fine

Make foreign key constraints with clause on delete cascade on the tables 2 and 3 referenced to table 1 and dont use join for deleting.

I suggest you use function filter_input()

$edit = filter_input(INPUT_GET,  'edit', FILTER_VALIDATE_INT);
$delete = filter_input(INPUT_GET,  'delete', FILTER_VALIDATE_INT);
$brand = filter_input(INPUT_POST,  'brand', FILTER_SANITIZE_STRING);
if($edit !== NULL){
    $sql = ....
}
if($delete !== NULL){
    $sql = ....
}
if(isset($_POST['add_submit']) && $brand !== NULL){
    $sql = ....
}

and bind variables after prepare SQL statement!

Why don't you use theloadXML function and then handle it through the DOM object? http://php.net/manual/en/domdocument.loadxml.php

Another way - format date in to the db, e.g.

$stmt = $conn->prepare("SELECT DATE_FORMAT(`your_date_column`, '%W %M %D') FROM tbl ORDER BY id DESC");

More MySQL date formating info here here

order by
    if(
        substr(`ord_column`, 1, 2)='A ',
        substr(`ord_column`, 3),
        if(
            substr(`ord_column`, 1, 4)='The ',
            substr(`ord_column`, 5),
            `ord_column`
            )
        )

or mutch readable (result will be same)

order by
    case
        when substr(`ord_column`, 1, 2)='A ' then substr(`ord_column`, 3)
        when substr(`ord_column`, 1, 4)='The ' then substr(`ord_column`, 5)
        else `ord_column`
    end

In to the line 5 you are trying to handle $row but it not defined in this step

function two_dim_array_to_html_table($arr, $header){
    $ret = "<table border='1'>\n";
    $ret .= "\t<tr>\n";
    foreach($arr[0] as $key => $val){ // use set of $key only but $val do not use
        $ret .= "\t\t<th>".$header[$key]."</th>\n";
        }
    $ret .= "\t</tr>\n";
    foreach($arr as $row){
        $ret .= "\t<tr>\n";
        foreach($row as $column){
            $ret .= "\t\t<td>".$column."</td>\n";
            }
        $ret .= "\t</tr>\n";
        }
    $ret .= "<table>\n";
    return $ret;
    }

Mark thread as solved

Try this

<?php

define('DBhost', 'localhost');
define('DBname', 'trackerdb');
define('DBport', 3306);
define('DBuser', 'root');
define('DBpswd', '');

$message = array(
    'error' => array(),
    'warning' => array(),
    'info' => array()
);
$bgcol = array(
    'error' => '#FFDDDD',
    'warning' => '#FFFFDD',
    'info' => '#DDFFDD'
);

function check_date(&$message, $value, $per){
    if($value == "" || $value === NULL){
        if(isset($_POST[$per])){ // empty variable is set in form
            $message['warning'][] = "Date ".$per." is not set";
            } // else without message (form not submited)
        return NULL;
        }
    elseif(preg_match('/^[0-9]{4}\-[0-9]{2}\-[0-9]{2}$/', $value)){
        return $value;
    }
    $message['error'][] = "Invalid date: ".$value;
    return NULL;
}

$date_args = array(
    'from' => array(
        'filter'    => FILTER_CALLBACK,
        'options'   => (function($value) use(&$message){
            return check_date($message, $value, "from");
        })
    ),
    'to' => array(
        'filter'    => FILTER_CALLBACK,
        'options'   => (function($value) use(&$message){
            return check_date($message, $value, "to");
        })
    )
);

$update_args = array(
    'id' => array(
        'filter' => FILTER_VALIDATE_INT,
        'flags' => FILTER_REQUIRE_ARRAY
    ),
    'changeid' => array(
        'filter' => FILTER_FLAG_NO_ENCODE_QUOTES,
        'flags' => FILTER_REQUIRE_ARRAY
    ),
    'taskid' => array(
        'filter' => FILTER_FLAG_NO_ENCODE_QUOTES,
        'flags' => FILTER_REQUIRE_ARRAY
    ),
    'summary' => array(
        'filter' => FILTER_FLAG_NO_ENCODE_QUOTES,
        'flags' => FILTER_REQUIRE_ARRAY
    ),
    'type' => array(
        'filter' => FILTER_FLAG_NO_ENCODE_QUOTES,
        'flags' => FILTER_REQUIRE_ARRAY
    ),
    'reviewed_approved_by' => array(
        'filter' => FILTER_FLAG_NO_ENCODE_QUOTES,
        'flags' => FILTER_REQUIRE_ARRAY
    ),
    'scheduled_start_date' => array(
        'filter' => FILTER_FLAG_NO_ENCODE_QUOTES,
        'flags' => FILTER_REQUIRE_ARRAY
    ),
    'implemented_by' => array(
        'filter' => FILTER_FLAG_NO_ENCODE_QUOTES,
        'flags' => FILTER_REQUIRE_ARRAY
    )
);

$update = filter_input_array(INPUT_POST, $update_args);
$date = filter_input_array(INPUT_POST, $date_args);

$dsn = 'mysql:dbname='.DBname.';host='.DBhost.';port='.DBport;
try {
    $conn = new PDO($dsn, DBuser, DBpswd);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    if(isset($update['id']) && is_array($update['id']) && !empty($update['id'])){
        $sql = "UPDATE `crqtracker`
            SET `changeid` = :bv_changeid
            ,`taskid` = :bv_taskid
            ,`summary` = :bv_summary
            ,`type` …

<?php
$content = 'This content has two images
<img src="/images/img1.jpg" alt="Image 1" />
<img src="/images/img2.jpg" alt="Image 2" />';

$content = preg_replace('/\<img src="([^\"]+)" alt="([^\"]+)" \/>/',
    '<a href="\\1" data-fancybox="image-popup" data-caption="\\2">
        <img src="\\1" alt="\\2" />
    </a>', $content);

header("Content-type:text/plain;charset=utf-8");
print_r($content);
?>

decrease max-width

Define in css float:left; sizes max-width and max-height
use it class instead of style="float:left;"

$A need to incremented after endif; but print whatever

<?php
    $A=0;
    while ($auction = $result->fetch_assoc()):
        if ($A%3==0): ?><br/><?php endif;
        $A++;
        ?>
        <div style="float:left;">
            <h4><?=$auction['item_name']?></h4>
            <img src="<?=$auction['item_image']?>" class="img-responsive">
            <span id="countdown" class="timer">how</span>
            <button class="c-button" name='bid'>Bid Now!</button>
        </div><?php
    endwhile;
?>

Check your post variables print_r($_POST)

To prevent from SQL injection bind variables after oci_prepare read http://php.net/manual/en/function.oci-bind-by-name.php

Maybe browser show cached images. Try generate different file names to output image

Sorry comma missing in my previous post

<?php
prepare("Insert into flood_light (
    Name,
    Brand,
    Quantity,
    Detail,
    Unit,
    Color,
    Material,
    Image)
VALUES(?,?,?,?,?,?,?,?) on duplicate key update
set Name = VALUES(Name)
,Brand = VALUES(Brand)
,Quantity = VALUES(Quantity)
,Detail = VALUES(Detail)
,Unit = VALUES(Unit)
,Color = VALUES(Color)
,Material = VALUES(Material)"); 
execute(
    [$name,
    $brand,
    $quantity,
    $detail,
    $unit,
    $color,
    $material,
    $image]
);

line 13 should be print(self.question)
and similar mistake in the line 22

Invalid column name phone number. You can use space separated column name inside bockqoutes e.g. CREATE TABLE BUILDING(bname VarChar2(30) PRIMARY KEY, address VarChar2(30), "phone number" Number(15));

1. Password should be crypted!
2. Use filter_input() function e.g. $username = filter_input(INPUT_POST, "username");
3. Check if($username !== NULL && $password !== NULL){ ... } before query
4. Do not put user input parameters directly to SQL query! - Use prepared statement: prepare(), bind_param(), execute()
5. For precise string comparison use like binary instead of =

Do you really want to multiply the date difference by salary?
Everything else can be done more extensively without subqueries and without case when using simple IFNULL() function

SELECT EmpId, Emp_Name, Salary , Start_date , End_date ,
    DATEDIFF(
        IFNULL(End_date, DATE_ADD(Start_Date, INTERVAL 30 DAY))
        ,Start_Date
    ), Salary/30 as 'Total_Salary' from Employees

I think that so many subqueries will make slow SQL execution. Use left join and build PHP object from query results.

It seems ok. Save it in the DB as view. I'm notice in this select you can not order shops and can not order devices. Can order by employee name only.

You need set foreign key (on delete cascade) constraints also. It will prevent to zombie entries in the table “employees_shops”.

If you can not set unique names for employees edit procedure - change input parameter p_name varchar to p_id int and pass "id" directly

Yes unique key constraint will not allow duplicate entries when you call procedure edit_relation many times with the same input parameters (input ignore into .....). Table employees field name and table shops field shop also should be unique otherwise selects inside procedure can return many results and its raise error.
Replace in your PHP lines 43, 44

$stmt = $this->db->prepare("CALL edit_relation(?,?,true)");
$stmt->execute(array($user, $shop));

MySQL:

select date_format(now(), '%d-%m-%Y');

PostgreSQL:

select to_char(now(), 'dd-mm-yyyy');

OracleSQL:

select to_char(sysdate, 'dd-mm-yyyy') from dual;

Clause from dual in Oracle is required, in MySQL is optional, in PG SQL not usable - raise error

Please do not write duplicate topics https://www.daniweb.com/programming/web-development/threads/508505/insert-values-in-database

You can create stored procedure for convenient use add or delete relations in the table shop_employees eg

delimiter $$
create procedure `edit_relation`(in p_name varchar(9), in p_shop varchar(9), in p_add boolean)
begin
    declare e_id int;
    declare s_id int;
    select t.`id` into e_id from `employees` t where t.`name` like p_name;
    select t.`shop_id` into s_id from `shops` t where t.`shop` like p_shop;
    case when p_add then
        insert ignore into `shop_employees`(`employee_id`,`shop_id`)
        values (e_id, s_id);
    else
        delete from `shop_employees`
        where `employee_id` = e_id and `shop_id` = s_id;
    end case;
end; $$
delimiter ;

and then call edit_relation('user1','shop1',true) for add relation
or call edit_relation('user1','shop1',false) for delete relation.
I recommend set on the "shop_employees" table

unique key (`employee_id`, `shop_id`)

if it is not yet

Show your table creat SQL code. I do not know what primary or unique keys is set to the table. Example if unique key is person_id

INSERT INTO ".$DB_TABLE." (`person_id`, `distanta` , `durata` , `start` , `end` )
VALUES(? , ? , ? , ? , ?)
ON DUPLICATE KEY UPDATE
SET `distanta` = VALUES(`distanta`)
,`durata` = VALUES(`durata`)
,`start` = VALUES(`start`)
,`end` = VALUES(`end`);

select e.`name`, (
    select group_concat(
        (select s.`shop` from `shops` s
            where s.`shop_id` = t.`shop_id`)
    separator ' ') from `shop_employees` t
        where t.`employee_id` = e.`id`
) `shop list` from `employees` e;

... and paste here SQL error message

1. First step - check your input parameters, e.g. in line 10 put: print_r($_POST); exit();
2. Second step - allways use backticks for all parameter names - it will protect you from conflicts to MySQL reserved names and others (read @diafol comment)
3. Third step - I strongly recommend use PHP function filter_input() or filter_input_array() - it will help you to avoid from incorrect user input
4. Fourth step - I strongly recommend use prepared statement, then bind variables and then execute statement - it will protect you from MySQL injection

Try CURLOPT_RETURNTRANSFERinstead of RETURNTRANSFER http://php.net/manual/en/function.curl-setopt.php

It seems your trigger working fine

"Please help" is not subject of this topic!

I recommend you use filter_input() or filter_input_array() function e.g.

            $args = array(
                'member_registration_username' => array(
                    'filter'    => FILTER_SANITIZE_STRING
                    ),
                'member_registration_password' => array(
                    'filter'    => FILTER_SANITIZE_STRING
                    ),
                'member_registration_password_confirmation' => array(
                    'filter'    => FILTER_SANITIZE_STRING
                    ),
                'member_registration_forename' => array(
                    'filter'    => FILTER_SANITIZE_STRING
                    ),
                'member_registration_surname' => array(
                    'filter'    => FILTER_SANITIZE_STRING
                    ),
                'member_registration_gender' => array(
                    'filter'    => FILTER_SANITIZE_STRING
                    ),
                'member_registration_email' => array(
                    'filter'    => FILTER_VALIDATE_EMAIL
                    ),
                'member_registration_email_confirmation' => array(
                    'filter'    => FILTER_VALIDATE_EMAIL
                    )
                );
            $post = filter_input_array(INPUT_POST, $args);

"Map network drive" if you are windows user, or open network folder and then save bookmark if you are linux user.

You can define function

delimiter $$
create function not_max_of_division(
     p_product varchar(30)
    ,p_division varchar(30)
) returns boolean
begin
    declare v_max int;
    declare v_not_max boolean;
    select
        max(t.`sales`) into v_max
    from
        `sample` t
    where
        t.`Division` = p_division;
    select
        t.`sales` <> v_max into v_not_max
    from
        `sample` t
    where
        t.`product` = p_product;
    return v_not_max;
end $$
delimiter ;

and then

select t.* from `sample` t
where not_max_of_division(t.`product`, t.`Division`)
order by
     t.`Division` asc
    ,t.`sales` desc;

(do not need set sql_mode)

In to the subquery you can select max(sales) group by Division then select * from SAMPLE where product not in (subquery) eg

select
    t.*
from
    `sample` t
where
    t.`product` not in (
        select
            s.`product` from (
            select
                 m.`product`
                ,max(m.`sales`)
            from
                `sample` m
            group by m.`Division`
        ) s
    )
order by
     t.`Division` asc
    ,t.`sales` desc;

if your MySQL version is 5.7 then before this query set sql_mode

set sql_mode=(select replace(lower(@@sql_mode),'only_full_group_by',''));

You don't need use subqueries

select
     a.`p_ID`
    ,a.`p_fName`
    ,a.`p_mName`
    ,a.`p_lName`
    ,b.`a_ID`
    ,b.`a_street`
    ,b.`a_box`
    ,b.`a_city`
    ,c.`c_ID`
    ,c.`c_name`
    ,c.`c_city`
from `personTb` a
inner join `personAddress` b on b.`p_ID` = a.`p_ID`
inner join `personChurch` c on c.`p_ID` = a.`p_ID`
;

or

select
     concat_ws(' ', a.`p_fName`, a.`p_mName`, a.`p_lName`) as p_Name
    ,concat_ws(' ', b.`a_street`, b.`a_box`, b.`a_city`) as p_Address
    ,concat_ws(' ', c.`c_name`, c.`c_city`) as p_Church
from `personTb` a
inner join `personAddress` b on b.`p_ID` = a.`p_ID`
inner join `personChurch` c on c.`p_ID` = a.`p_ID`;

... and using MySQL keywords like "name" for column names or aliases is not good practice