You're welcome ;)

This part is not correct:


$rows = [];
$rows[] = [
    'user_id' => $user_id,
    'name' => $_POST['name'],
    'email' => $_POST['email'],
    'role' => $_POST['role']

Your loop does:

while(1 < count($name))

It's like writing:

while(1 < count([]))

the print_r($stmt->debugDumpParams()); but it didn't display anything.

It will never run because $name, as array, is empty. Do:

$name  = $_POST['name'];
$email = $_POST['email'];
$role  = $_POST['role'];

each variable will be an array. I'm keeping this simple, here instead of $_POST you should use filter_input_array(), but this can be refined when you get the script to work. You can, also, remove the $rows initialization and assignement, unless you don't need it for something else.


Just a note!

I was just curious to learn why anyone would bother using the long version if the short version can do the same job. file_get_contents() using a URL is not guaranteed to work in all situations, as it depends on a configuration setting to allow it to use HTTP (which is sometimes disabled for security reasons) ...

It happens because allow_url_fopen is set to false, in case curl is not available you can also use sockets or fsockopen() & co.

Also, file_get_contents() allows more complex requests, in fact, it can make POST requests, by using the resource context parameter. The same can be done by file(), readfile(), fopen() and in general by all functions that support streams, an example:


$url = "https://www.apple.com/";

// Resource context
$rc["http"]["method"] = "GET";
$rc["http"]["header"] = "Accept-language: en\r\n";
$rc["http"]["follow_location"] = 1; // 1 = yes, 0 = no
$rc["http"]["timeout"] = 10; // seconds

$context = stream_context_create($rc);

$fp = fopen($url, "r", FALSE, $context);

while( ! feof($fp))
    print fread($fp, 4096);


$name is defined? If not the loop will not run:

while($i < count($name))
    $stmt->execute([':user_id' => $user_id, ':name' => $name[$i], ':email' => $email[$i], ':role' => $role[$i]]);

Also, you could add debugDumpParams() to see what looks like the prepared statement:

while($i < count($name))
    $stmt->execute([':user_id' => $user_id, ':name' => $name[$i], ':email' => $email[$i], ':role' => $role[$i]]);

This will stop the execution after the first loop and will show the contents of the query. If it does not help paste the result here and also the code.

Votes + Comments
Big hyand for debugDumpParams

There is a missing $ in $email[$i] and $role[$i].

Then you are passing three arguments to the execute() method: one array and then email and role with a syntax that would probably send some warnings.

$this cannot be used in this context, use $stmt.

In the prepare() method, the syntax to define the placeholder is not correct, the format is :keyword, not : keyword, nor =: keyword and not even = : keyword. And it is missing the last column: role.

The query has also another issue, a bracket: (, I think here you were trying to mix the two available syntaxes for inserts in MySQL:

INSERT INTO table (column, column) VALUES('', '');
INSERT INTO table SET column = '', column = '';

The first is the standard, the second is a peculiarity of MySQL.

To recap:

$stmt = $pdo->prepare("INSERT INTO `contact` (`user_id`, `name`, `email`, `role`) VALUES (:user_id, :name, :email, :role)");

while($i < count($name))
    $stmt->execute([':user_id' => $user_id, ':name' => $name[$i], ':email' => $email[$i], ':role' => $role[$i]]);

However there is still an issue. In the form there are some checkbox, by default if none are selected, the checkboxes will not be set by the browser and so the POST array will miss them. So, if your forms has fields for two identities (Person1, Person2) and you select only Teacher for Person2, you will get role[0] => Teacher. Value, that according to the loop, will be associated to Person1, not to Person2, as expected.

To avoid this, you have ...



what is the size of the array? There are few errors:

  1. a syntax error: you are missing a comma between user_id and dateTime;
  2. dateTime, it does not matter the case, is a reserved word, so use backticks.

Also you could move prepare() outside the loop and use placeholders:

$stmt = $dbh->prepare("INSERT INTO `worksheet` SET `user_id` = :user_id, `dateTime` = NOW(), `indicator` = :indicator");

And set an array into execute() to define the values of each loop:

$stmt->execute([':user_id' => $user_id, ':indicator' => $indicator[$i]]);

You should move the header() outside the loop, too, but after, otherwise you keep setting it at each iteration. Right after that set exit, to stop the execution and make the server redirect. To recap:

$stmt = $dbh->prepare("INSERT INTO `worksheet` SET `user_id` = :user_id, `dateTime` = NOW(), `indicator` = :indicator");

while($i < count($indicator))
    $this->execute([':user_id' => $user_id, ':indicator' => $indicator[$i]]);

header('Location: form-page2.php');

See if these changes, in particular the syntax error, makes a difference. Otherwise, as you defined the exception mode, set a try catch block to see if PDO sends an exception.


All my other scripts (mysqli and procedural) worked like this:
So, why didn't it tonight ?
Why it only worked with oop style ?
if(TRUE === $conn->query($sql))
Is it because most part of the script is oop ?

No, it happens because $sql is a string, you could either do:


Or procedural:

$sql = mysqli_query($conn, "INSERT QUERY HERE");

With the procedural then your IF statement would work fine:


as the result of the query is assigned to the $sql variable. In my example I just skipped the assignement to a new variable an ran the query directly in the statement. It's the same.

it is not actually dumping just the url I am visiting but more. Infact, it's logging other links on my visited page.
Is it because the browser called those links to load the images (even though I did not click them) ?

Yes, the proxy is rewriting all the urls, so the browser is going to request them through the proxy script, it's the same list that you get through the Network tab of the Developer Tools.

and one link twice ?

It happens because there is a redirect with status code 301 or 302, then it reloads the page with status code 200, so the script log its boths.

If you were in my position, how would you code it so the img or video links (that are residing on the visited page) ...


I, even tried taking out the single quotes from the VALUES in the INSERT command. Like so:
$sql = "INSERT INTO users(browsings) VALUES($url)";

Single quotes are necessary as $url is a string, so:

$sql = "INSERT INTO users(browsings) VALUES('$url')";

$sql is a string too, it has not been submitted to mysqli_query() yet, so, instead of:



if(TRUE === $conn->query($sql))

Those sites you are viewing do not host your http://localhost:80/proxy/test.php? links nor precede it but your proxy itself does it.
Now, as you can see the proxy is preceding "http://localhost:80/proxy/test.php?" in order to proxify your chosen url. But my idea is, instead of getting it to precede "http://localhost:80/proxy/test.php?", why don't we get it to precede "http://localhost:80/proxy/tracker.php?" instead.
Now, can you figure-out which part of the code to replace with what to get the script to start logging ?

Sorry, but tracker.php what should do? It's the same code of test.php? Then just rename the file. If it's different and you want to send people from script A (test.php) to script B (tracker.php), you just need a form whose action points to script B, but then what is the role of the proxy here? Once you are on the tracker script, the proxy won't work anymore as the execution is completed. If you want to mix the proxy with the tracker then rename test.php to tracker.php and include your tracking code inside this file.

I have already suggested where you can place the tracking code.

Also consider that you don't need a form to initialize the proxy script, just append a link to the file name with a ? and it will work fine. Anyway, see if you get other replies. Bye.



in addition to Andris, the first 16 lines are useless, because it makes a request to google and it does not use it. Line 21 ($url) is not used by the following code, so curl sends a request to the homepage not to the search. Even by changing that, to run the query and set an additional fake user agent, it will hit against a robot check:

    To discuss automated access to Amazon data please contact api-services-support@amazon.com.
    For information about migrating to our APIs refer to our Marketplace APIs at https://developer.amazonservices.com/ref=rm_c_sv, or our Product Advertising API at https://affiliate-program.amazon.com/gp/advertising/api/detail/main.html/ref=rm_c_ac for advertising use cases.

or status code 503 from CloudFront. Why? Try running the link you want to access through the command line curl:

curl -s -D - https://www.amazon.com/s/field-keywords=movies+2017 -o /dev/null

You get:

HTTP/1.1 301 Moved Permanently
Location: https://www.amazon.com/movies-2017/s?ie=UTF8&page=1&rh=i%3Aaps%2Ck%3Amovies%2B2017

which means you have to add a curl option to follow redirects. Would now work? Yes, but it probably won't return results because this part of the pattern ._AC_US_160_.jpg, in the preg match expression, is not pointing to what is currently returned by Amazon results page. So, you can:

  • open the source page and verify what is in use and hard code the change
  • or modify the pattern to be more flexible to code changes

in your current code it returns what is in the scr and in srcset attributes, so you can get an extended list of links for each entry and you could apply another ...



in practice you want to log the $url variable. Between line 202 and 246 the scripts initialize the variable, verifies if the url format is valid and finally it attemps to contact the server. Now you have to decide at which step you want to log, for example if you want separate logging for successful and failed requests do it after line 246, i.e. after this line:

$response = makeRequest($url);

and use the responseInfo index returned in the $response array to log the differences.



read the notice and the warning:

Notice: Use of undefined constant RETURNTRANSFER - assumed 'RETURNTRANSFER' in C:\xampp\htdocs\test\curl.php on line 27

Warning: curl_setopt() expects parameter 2 to be integer, string given in C:\xampp\htdocs\test\curl.php on line 27

The notice tells you that RETURNTRANSFER is not defined. The PHP engine in this case makes an assumption: you probably meant to use it as a string, so it dress the constant with quotes and serve it to the code.

The warning is just curl_setopt() complaining because, by consequence of the PHP engine assumption, received a string, when it was expecting an integer. So, have you checked if, among curl constants, there is something like RETURNTRANSFER?


Almost done. You need to set the TO header, in this case it can be the SMTP username or another email address of yours:


Line 17 will probably need to be set to TRUE:

$mail->SMTPAuth = true;

Otherwise it will not attempt to authenticate, you can set it to FALSE if the SMTP does not require the authentication or if you are using the POP-before-SMTP auth method, see their example:



look at the WHERE clause, you have:

WHERE (qbcd_user_email.address = '.patrick.kershner@gmail.com.')

So is going to search an email address with a leading and trailing dot, due to:

WHERE (qbcd_user_email.address = '.$email.')

Since you are using double quotes to enclose the query, you don't need the concatenation operator ., just change it to:

WHERE (qbcd_user_email.address = '$email')

This fixes the query, but read this thread about prepared statements:

It will help you to build safer queries.



you cannot do this with plain HTML. You need javascript: you could use AJAX to submit the two forms, but you are going to generate two separated requests, with two separated responses from the server(s). Which means the second could return before the first is completed. Or one could fail, due to timeout or other issues. To solve these scenarios you could use the Promise API:

In practice the requests are performed asynchronously, and each will generate a promise, i.e. an object that represents a successful response or a failure. This can be done also in server side, see:

Can you explain why you want to keep them separated?

Votes + Comments
Promises, promises :) These multiple-form submits never add up for me.

No, the password is not anymore involved. You could change the password for the daniweb@ account and still be able to access without altering the key, because SSH is going to use another authentication method (via asymmetric cryptography). See:

For example: if you have 10 servers to connect, by copying the public key on each, you won't need to remember the password of each host. The same key will give you the access everywhere.

Instead, the equivalent of your Windows command, in *nix environments is a script like this:

#!/usr/bin/env bash
sshpass -f <(printf '%s\n' YOUR_PASSWORD) ssh daniweb@

To execute ./dani.sh. But it requires sshpass, which on Mac is available through HomeBrew: https://brew.sh/


The ssh-keygen command generates keys for ssh, these are stored into your profile, under the ~/.ssh/ directory. Through scp you are copying your local ~/.ssh/*.pub files (the public keys) into the ~/.ssh/autorized_keys file of your remote home directory account, i.e. into daniweb@

To get information about the commands simply prepend man command:

man ssh-keygen
man scp

It returns the documentation for the commands. By using this approach, only trusted keys will be allowed to connect the host and you can disable the SSH password access, avoiding brute-force attacks.



you set up admin@web.com in the FROM header, but the authentication is failing. Is this the account that is authenticating to the SMTP server? From the log it seems you are using GMail SMTP.

Can you explain how this script would work? From who (client email address) to who (website email address)? Or reverse? Or client to client? I ask it, because you may need to set the sender in the REPLY-TO header and the authenticating email address in the FROM header:

$mail->Username = "smtp_username"; # authentication
$mail->From     = "smtp_username"; # from
$mail->AddReplyTo($row["email"]);  # reply-to

This because the script acts like a mail carrier (technically an SMTP Relay), which gets the message and sends it through his SMTP server.


Ops! My fault, I confused error_log() with file_put_contents() syntax :D

Sorry, please replace the error log line with:

error_log(sprintf("(%s) %s\r\n", $level, $message), 3, $log_file);

And it should work fine.

Any idea where to get the smtp username and password?

Those would, usually, be the email address and the related password. In case of Gmail, however, you should generate and use an application password.



in order to send an email through SMTP you need to setup the connection correctly, right now you are pointing the host to localhost instead of something like smtp.domain.tld and the port to 25, which is not correct if connecting through tsl or ssl, it may be port 465, 587 or 993 or something completely different, depending on the host configuration. Also you have to set $mail->isSMTP();. You can raise the debug level to 4 and add a debug function to get more information:

// Debug
$log_file = sprintf(__DIR__ . '/mail-%s.txt', (new \DateTime)->format('Ymd'));

$mail->SMTPDebug   = 4;
$mail->Debugoutput = function($message, $level) use($log_file) {
            error_log($log_file, sprintf('(%u) %s', $level, $message));
            return ;

The Debugoutput closure will create, in the same path of the script, a log file named mail-20170504.txt with the flow of the connection between the client (the script) and the SMTP server, from there you should be able to see the server response and why it fails to complete the request. If you need help with the debug, you can attach the log file to the forum, but remember to remove passwords and other details you want to keep private.



Those are definitions of the same function (hcf), the first line is defining a default in case the second argument is 0, in that case returns the first argument (a). Why? Because if you run mod 1 0 you get an exception:

*** Exception: divide by zero

In haskell there are partial and total functions, mod is partial, as it returns an error in case the argument is not a valid value. By defining the default for 0 you cover that error. See: