Posts by cereal

Hello,

you can use sessions to restrict the access only to authenticated users, see:

• http://php.net/manual/en/book.session.php
• http://php.net/manual/en/session.security.php

@mohammad

Hello, please provide more information (e.g. are you using CodeIgniter?) and your current code, also open your own thread.

Hello,

I have not tested but check this module, it seems interesting:

• https://www.npmjs.com/package/simplecrawler
• https://github.com/cgiffard/node-simplecrawler

Turns out they don't support custom flags, they only support those listed here:

string (59) "* FLAGS (\Seen \Answered \Flagged \Deleted \Draft $MDNSent)"

When custom flags are enabled then there is also this flag \* and it seems they do not support any \Junk flag, otherwise it would be very simple to manage this issue:

. STORE 1 -FLAGS \Junk

I think, however, I can solve it by using their Contacts API: by adding the sender as a contact, then the following messages should arrive in the Inbox, unless I set an override, which is a filter to send messages to specific folders, but this is limited to 1000 contacts:

• https://msdn.microsoft.com/en-us/office/office365/api/contacts-rest-operations
• https://msdn.microsoft.com/en-us/office/office365/api/complex-types-for-mail-contacts-calendar#InferenceClassificationOverrideResource

If it works I will update with a test script.

Hi,

see example #4 in the PHP documentation for the mail() function:

• http://php.net/manual/en/function.mail.php

however, there are some libraries that can help when you want to add other features, like sending through an SMTP server. Check PHPMailer:

• https://github.com/PHPMailer/PHPMailer

Hello,

on Hotmail/Outlook webmail, when I receive an email message in the spam folder (formally Junk), I can mark the message as Not Junk. The server will then start to deliver the messages from that source, directly into the Inbox, working like a whitelist.

Is it possible to do the same through the IMAP commands? I have been testing for a while, but I haven't find a solution. Moving the messages from Junk to Inbox does not solve, because the following messages will end again in the Junk folder. At this point this seems appropriate. I have tried to display the flags, to see if it were marked as spam, but it does not seem so.

Here's the test script to show the message flags in the Junk folder:

<?php

/**
 * @see http://busylog.net/telnet-imap-commands-note/
 * @see http://stackoverflow.com/a/6994157
 * @see https://github.com/vlucas/phpdotenv
 * @see https://github.com/raveren/kint
 */

require_once './vendor/autoload.php';
use \Dotenv\Dotenv as Dotenv;

$dotenv   = (new Dotenv(__DIR__))->load();
$server   = 'ssl://imap-mail.outlook.com';
$port     = 993;
$login    = $_ENV['IMAP_EMAIL'];
$password = $_ENV['IMAP_PASSW'];
$mailbox  = 'Junk';
$response = [];
$timeout  = 10;
$i = 0;

function fsockread($fp)
{
    $result = [];

    while(substr($str = fgets($fp), 0, 1) == '*')
        $result[] = substr($str, 0, -2);

    $result[] = substr($str, 0, -2);
    return $result;
}

$fp = @fsockopen($server, $port, $errno, $errstr, $timeout);

if(TRUE === is_resource($fp))
{
    # sign in
    fwrite($fp, sprintf(". LOGIN %s %s\r\n", $login, $password));

    $response[] = fsockread($fp);

    # select mailbox
    fwrite($fp, sprintf(". SELECT %s\r\n", $mailbox));

    $select = fsockread($fp);
    $total  = abs(filter_var($select[0], FILTER_SANITIZE_NUMBER_INT));
    $response[] = $select;

    do {

        $i++; …

In addition: if 2FA is enable the script will need an application password.
See: https://support.google.com/mail/answer/185833?hl=en

Hi,

you can convert the XLS to a CSV file and then import. Some forks of MySQL allow connection to outer data sources, through ODBC, so you can open an XLS or an MDB file and query it through the database interface, from there then you can copy it very fast.

See:

• https://mariadb.com/kb/en/mariadb/connect-table-types-odbc-table-type-accessing-tables-from-other-dbms/#retrieving-data-from-a-spreadsheet

About the multiple languages, could you show an example? Thank you.

Hi,

the file does not get into the database or it is just corrupted? A blob type column of which size? If you are using, say BLOB, then it can store only 65kb, the query will work but a big image will return corrupted. Also it could be an issue with the max_allowed_packet, this limits the size of the data that can be sent throught a query.

See:

• http://dev.mysql.com/doc/refman/5.7/en/blob.html
• http://dev.mysql.com/doc/refman/5.7/en/packet-too-large.html

Did you check if the $_FILES array gets populated? Could you share the upload form? It could be something simple, like the enctype.

Hi,

I have an idea for this. You could write a sequencer function, to keep track of the count. You need InnoDB tables to do this, transactions and a function:

DROP FUNCTION IF EXISTS `seq`;
DELIMITER //
CREATE FUNCTION seq(`pID` INT UNSIGNED, `lID` INT UNSIGNED) RETURNS INT
DETERMINISTIC
READS SQL DATA
BEGIN
    DECLARE `n` INT UNSIGNED;
    select MAX(CAST(SUBSTRING_INDEX(`meta_key`, '_', -1) AS UNSIGNED)) INTO `n` FROM `tableY` WHERE `post_id` = `pID`;
    UPDATE `tableY` SET `meta_key` = CONCAT('multiple_', last_insert_id(`n` + 1)) WHERE `post_id`=`pID` AND `meta_id` = `lID`;
    RETURN last_insert_id();
END
//
DELIMITER ;

The table structure is like you described:

CREATE TABLE IF NOT EXISTS `tableY`(
    `meta_id` INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
    `post_id` INT UNSIGNED NOT NULL,
    `meta_key` VARCHAR(100) NOT NULL DEFAULT 'multiple',
    `meta_value` INT UNSIGNED DEFAULT 0
) ENGINE = InnoDB;

And here's a short example of the usage in SQL:

-- enable the transaction
START TRANSACTION;

-- insert
INSERT INTO `tableY` (`post_id`, `meta_key`, `meta_value`) VALUES(7209, 'multiple', 3);

-- run the sequencer, this will update the inserted row
SELECT seq(7209, LAST_INSERT_ID());

-- save the insert/update
COMMIT;

And so on: after each insert statement, you run the seq() function with the post_id value as first argument and the LAST_INSERT_ID() as second, so that it will update only the current insert.

Here are other inserts:

START TRANSACTION;
INSERT INTO `tableY` (`post_id`, `meta_key`, `meta_value`) VALUES(7209, 'multiple', 31);
SELECT seq(7209, LAST_INSERT_ID());
COMMIT;

START TRANSACTION;
INSERT INTO `tableY` (`post_id`, `meta_key`, `meta_value`) VALUES(7209, 'multiple', 313);
SELECT seq(7209, LAST_INSERT_ID());
COMMIT;

-- This runs on post_id 7210 …

Hi,

you have to fetch results, see the following thread for details, it seems the same issue:

• https://www.daniweb.com/programming/web-development/threads/504502/only-first-sql-row-is-getting-understood

Did you fix it?

In practice, you have to change these lines:

if (isset($play)) {$play="yes";} else {$play="NO";}
if (isset($work)) {$work="yes";} else {$work="NO";}
if (isset($movies)) {$movies="yes";} else {$movies="NO";}
if (isset($other)) {$other="yes";} else {$other="NO";}

to something like this:

$play = filter_input(INPUT_POST, 'Play', FILTER_VALIDATE_BOOLEAN);
if(TRUE === is_null($play) || FALSE === $play) $play = 'NO';

Repeat the same for the other variables.

By submitting a form, if a checkbox is not checked then it is not sent with the request. It means that you have to verify two things:

• if it was sent
• if the submitted value is valid

Whenever the FILTER_VALIDATE_BOOLEAN filter receives one of these values:

• 1
• true
• on
• yes

it will return it, otherwise: if the checkbox was not checked it will return NULL; if the value was not conform, it will return FALSE.

So, instead of using:

<input type="checkbox" name="Play" value="1">

Write:

<input type="checkbox" name="Play" value="Yes">

And if the filter validates successfully, then the value of $play will be Yes automatically, otherwise it will fall to the value assigned by the the IF statement:

if(TRUE === is_null($play) || FALSE === $play) $play = 'NO';

Consider also that the input names are case sensitive, so it must reflect what is defined in the input name attribute. I.e. validate for Play rather than play.

If you still not resolve, provide your last codes and the error information.

Hi,

according to FPDF manual the Output() arguments must be reversed, instead of:

$pdf->Output('newpdf.pdf', 'D');

Do:

$pdf->Output('D', 'newpdf.pdf');

Documentation:

• http://www.fpdf.org/en/doc/output.htm

Also, if you want to force the download, then change the Content-Disposition header to attachment.

Hi,

it seems you're trying to access the variables, sent by the POST request, through the register_globals directive, which initialize new variables basing on what is sent to the script, which was a very dangerous practice and has been removed from PHP 5.4. If you're using a previous version, leave it off and use $_POST or better use filter_input().

See:

• http://php.net/manual/en/security.globals.php
• http://php.net/manual/en/function.filter-input.php

I have different results here: under the All my conversations tab I have only the messages of the last two months, starting from the switch. All previous messages never showed.

Hi,

try the CHECK() constraint, for example:

CREATE TABLE test (
    number SMALLINT CHECK(number BETWEEN 0 AND 65535)
);

When you try to insert something out of that range, it will raise an error. See also:

• https://www.sqlite.org/lang_createtable.html#constraints

Hi,

can you describe the problem?

@TexWiller sorry, I explain you why I asked if the database is in the OP location and not in the web server: in that case he would have to setup a TSL certificate between the client (in the web server) and the database in his network, otherwise the connection could be spoofed. In this case is not even a big deal because it would be in read-only (and that's why I asked if he was able to create new users).

Answering from "here", without knowing the setup of the OP is not always simple. By having more information maybe I can suggest a better solution. That's all.

If you have doubts or something else to say to me, reply here and I'll send you a private message, as I think you, with the new rules, you cannot start it. Thank you.

I have some questions to ask here:

• is the database in your location?
• can the database accept remote connections?
• can you define which IPs are allowed to connect the database?
• can you create database users?

In reference to the last, if you can create new users, then create a readonly user for the website, so that even if user and password are spotted, no one gains write privileges. Then use a user with write privileges to update.

See:

• http://dev.mysql.com/doc/refman/5.7/en/grant.html
• http://dev.mysql.com/doc/refman/5.7/en/security.html

Hi, the target directory must be an internal path, not the domain as defined here:

$target_dir = "http://www.XXXXXX.com/uploads/";

Start by changing that.

Hi,

in the first line (drop ...) is missing the separator (the semi-colon in this case), so all the following falls into a syntax error.

Hi,

I don't know LUA, but I'm sure there are some functions that allow to execute system commands, check the documentation and the wiki of the LUA page, as test I used a library developed to simplify this task, read:

• https://github.com/zserge/luash
• http://zserge.com/blog/luash.html
• https://www.lua.org/manual/5.1/manual.html

An example:

require('sh')
local cmd = tostring(php('./a.php'))
print(cmd)

Where the PHP script is:

<?php

    print 'Hello' . PHP_EOL;

Bye!

// ops! I just saw your reply Diafol! :D

Hi,

can you share the error with us? Also: are you using MySQLi or PDO? The former returns boolean TRUE for successful inserts, the latter instead will return an object and your IF statement would fail because you're using the identical comparison operator === rather than the equal comparison operator ==.

See:

• http://php.net/manual/en/language.operators.comparison.php
• http://php.net/manual/en/pdo.query.php
• http://php.net/manual/en/mysqli.query.php

@rproffitt The cron program is indeed a daemon, but the scripts listed in the cron table (crontab) are usually not daemons: once executed they quit and will ran again at the defined time in the crontab. Cron has 1 minute limitation, it does not execute immediately, so once you send the job, for example: by altering a database table value, or by using a lock file, it will start in the next valid minute.

Cron will, also, start a new instance of the script, with a different PID, when the time is reached again, so you can end having uncontrolled multiple instances of the same script running on the same batches, if the rows are not signed as in one of the current queues.

Obviously one could list multiple scripts in the crontab to do the same work and speed the execution, but again these processes will be concurrent in the query requests and each script will have to lock the database and sort which rows to process.

IMHO this is where work queues softwares come handy and solves most of these issues. In this case the worker script is usually a daemon that waits to process a job. The client instead it can be a simple PHP script that receives the request from a form (or even by cron) and submits the jobs to the job server. It's a very different approach.

I try keep it handy: I'm on linux, I've only installed PHP (+ libraries) and the databases, I'm not using Apache or Nginx for development, not if I don't have to deal with their modules, I just use the built-in PHP server which is enough for testing:

• http://php.net/manual/en/features.commandline.webserver.php

Yes and the folder is on Read Only i change it and keeps going back to Read Only state.

Here you may want to change the ownership of the folder to avoid the change, but I'm not sure this won't break WAMP :D so, yes, consider the switch to XAAMP or wait for other suggestions.

You mean the config file of WampServer?

With software I was referring to WampServer, with config file to the php.ini, sorry.

Hello all!

@spluskhan you can do that, but by increasing the number of bills to process, the script may crash for timeout or for memory issues, for this reason you were requested to provide more details.

To keep it simple: you can start the bill generation process by pressing a form button, but you need to delegate the work to another script that runs in background and process the request asynchronously. You have to define a queue, and process it by a batch, eg 100 bills at time.

With cronjob you can create a script that consumes the queue at regular intervals, the minimum is 1 minute. It means that if the script is able to generate 100 PDF in 1 minute, then, you can generate 1000 bills in 10 minutes. But you have to log somewhere (perhaps the database) which rows are in the queue, which have been executed successfully and also the failures, so that you can repeat the failed job and don't miss any bill.

With cronjob you may not have timeout issues, because the script will quit when it finishes and it will start a new process when the cron tab is executed, but you have less control and possibly more latency.

For this task I would prefer using a daemon: a script that waits to get a job (the bill generation) and that when it finishes it starts another one, without quitting. If your server is able to process multiple requests, then you can add …

Hi,

so it's like the parse_url() function, correct?

So the file is restored to the original? As I wrote I don't know about WAMP setups, it could be the software that keeps the file in memory, stop the programm, not only the server, edit the config file and start it again. Check also if the file is in read mode and make it writable.

Do you mean like a shell execution?

Check the documentation of the connect function, you can fix it by yourself ;)

Not tested, could be the encoding? Try, for example, to add ;charset=utf-8 to the content type header.

Hi,

it happens because in <140/90 mmHg OR <130/80 mmHg) there is the < character that has a special meaning in the HTML parsing. Example:

<?php

$html = '<p>Hello < 140 / 32 World</p>';
$dom  = new DomDocument();
$dom->loadHTML($html);

print $dom->saveHTML();

It returns <p>Hello </p> (I've stripped the rest of the HTML).

To solve you could strip all the tags, or replace them with placeholders, see Textile for example, convert to HTML entities all the special characters and then inject them back in the page.

But it's not worth if this has to be done frequently. In my opinion you should:

• save questions and answers into a database;
• apply an encoding (UTF-8 for example) to these strings: in the database, in the server so that requests and responses are treated the same, and in the HTML page, so that the browser will display them correctly;
• use a template to generate the pages: so that you have to change only one file;
• use approriate tags: titles and lists instead of paragraphs everywhere;
• use external styles to change the appearance of the elements

or, if semantically relevant, you could just modify the template to add tags like strong, but operate on a template instead of altering multiple static files.

Fix this part of the code:

foreach ($_FILES['audioaud']['name'] as $name => $value)
{
    $filename = stripslashes($_FILES['audioaud']['name'][$name]);

the first argument of the foreach should be an array, you're submitting a string, unless you're uploading multiple arrays and you set the name attribute to array, so instead of:

<input type="file" name="audioaud" id="audioaud">

you shall write:

<input type="file" name="audioaud[]" id="audioaud">

only by applying this change you get arrays:

Array
(
    [name] => Array
        (
            [0] => foo.txt
            [1] => bar.txt
        )

    [type] => Array
        (
            [0] => text/plain
            [1] => text/plain
        )
...

Otherwise you get strings and the loop is not required. To simplify the testing part, add a debugger, a good choice for SlimPHP is Kint, check it here:

• https://github.com/raveren/kint

Docs:

• http://php.net/manual/en/features.file-upload.multiple.php
• http://php.net/manual/en/features.file-upload.post-method.php

Are they more than one php.ini files on a wamp server?

I don't know about WAMP setups, on linux yes: there are different config files for each extension and SAPI, for example when using PHP-FPM you can create separated pools to start an app with a different user & group.

You're welcome. About the first warning see also:

• http://php.net/manual/en/ini.core.php#ini.always-populate-raw-post-data

but the audio file still doesnt been uploaded.

Can you show the script?

Hi,

remove the ; from this line:

always_populate_raw_post_data = -1

semi-colons, in the PHP configuration files, are used to comment lines and exclude them from the parsing.

//Edit
And remember to reload the server.

the browser display "Cannot Select Database".

ok, it's the same issue: add the $conn parameter to the mysqli_select_db() function, see:

• http://php.net/manual/en/mysqli.select-db.php

If you read the documentation carefully, you will see that the MySQLi extension supports procedural and object styles, depending on what you use, the number of parameters will change.

Good for you, bye! :)

Hi Zelrick,

line 21: $mypassword=$_POST['pwd'[; wrong closing bracket, fix that and the script seems fine, for me.

Have you tried to print something before the rest of the script executes? Put the following on the top of the script and send the request through the form:

die('date: ' . date('Y-m-d H:i:s'));

You should, at least, see the output of this line. If it does not work, repeat the same line under a new file, then request it directly from the browser (to test a GET request) and then point the form to the new file to test a POST request. If it's not the PHP configuration and the login.php file is not corrupted by some invisible character, then it could be Apache: POST requests can be disabled, but usually not in the default configuration.

In my firefox browser, I type this.. localhost/portal/Test/login.html
I think I set my localhost as /var/www/html

Apache, with the default configuration, uses two log files: one for the errors and one for the access requests. From there you can see if the form is submitted and how the server answers to the request.

You can find these files under /var/log/apache2/ or check the /etc/apache2/apache2.conf file to get the correct location.

The PHP log file is usually under /var/log/ too. See if it returns something useful.

From here I cannot do much more. For this reason too I suggested you to use the built-in server: at least you don't have to deal with web …

Is the Apache access log registering the requests? Are you accessing the form page from the server or through file:///?

There are some errors at lines 25, 27, 31 and 33 of the login.php file:

$myusername = mysqli_real_escape_string($myusername);
$password = mysqli_real_escape_string($mypassword);
$result = mysqli_query($sql,$conn);
$conn = mysqli_num_rows($result);

Add the connection parameter to the escape functions, reverse the parameters in the query function and, in the last line, change $conn with $count:

$myusername = mysqli_real_escape_string($conn, $myusername);
$password = mysqli_real_escape_string($conn, $mypassword);
$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);

You should enable error reporting by adding this on top of your scripts:

error_reporting(E_ALL);

Docs to read:

• http://php.net/manual/en/mysqli.real-escape-string.php
• http://php.net/manual/en/function.error-reporting.php

Hi,

look I will not fix that query as it would be wrong in any case. Use prepared statements.

Example with PDO:

$query = "INSERT INTO `history` (`user`, `login`, `logout`, `duration`, `user_ip`, `user_lo`) VALUES (:user, :date, :date, 1, :ip, 'myplace')";

Then use bindParam():

$stmt = $conn->prepare($query);
$stmt->bindParam(':user', $muser);
$stmt->bindParam(':ip', $_SERVER['REMOTE_ADDR']);
$stmt->bindParam(':date', date('Y-m-d H:i:s'));

if($stmt->execute() === TRUE) echo 'success';
else echo 'fail';

Instead of the :date placeholder, if you're using MySQL, you could simply use the NOW() function. Docs: http://php.net/manual/en/pdostatement.bindparam.php

When I was trying to undo what I done everything has been not working lol

it happens :) that's a good reason to use virtual machines, so the base system is not altered by changes.

Anyway, if yours is a development box, you have PHP >= 5.4 and you don't have to test specific web server modules, then you can use the PHP built-in server, open a terminal and run:

php -S localhost:8000 -t /var/www/website001/

then you can access the website by browsing on http://localhost:8000/index.php

The -t feature, used to define the docroot, is optional, you can just browse to the website directory (eg cd /path/) and start the server:

php -S localhost:8000

If you want to start another concurrent server just change the port and go on. Important:

The web server runs a only one single-threaded process, so PHP applications will stall if a request is blocked.

In other words, sometimes it just crashes, so you have to kill the process. For more information use man php or php -h and read the online documentation:

• http://php.net/manual/en/features.commandline.webserver.php

If, instead, you still want to use NGINX then you have to install PHP-FPM (see apt-cache show php5-fpm) and configure the server to forward the scripts to the PHP daemon. Start from here:

• https://www.nginx.com/resources/wiki/start/topics/examples/phpfcgi/

Hi, have you tried PI MusicBox? http://www.pimusicbox.com/

Hi Dani!

You can see the response header and the request flow by adding:

curl_setopt($ch, CURLOPT_HEADER, TRUE);
curl_setopt($ch, CURLOPT_VERBOSE, TRUE);

I'm passying in Connection: keep-alive headers but they are not showing up in the $_SERVER dump.

It probably happens because you're submitting the headers as an indexed array, instead it should be:

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Connection: keep-alive',
    'Cache-Control: no-cache',
    'Accept: */*',
    'Accept-Encoding: gzip, deflate, sdch, br',
    'Accept-Language: en-US,en;q=0.8',
    'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36'
));

Bye!

@harsh_7

Hi, I'm not sure what the OP was trying to do but, in reference to result sets from databases, look at methods like bindColumn():

• http://php.net/manual/en/pdostatement.bindcolumn.php

the variable is initialized and tied to a column name, and will default to NULL if the result set is empty. Counting could also help, see the docs (& the comments for specific cases, like MySQL):

• http://php.net/manual/en/pdostatement.rowcount.php

Reverse:

• remove the short PHP tags <?;
• remove the shorthand = for echo as this string is already in a print construct;
• leave the curly brackets in order to parse the variable.

So:

echo "<form action='{$_SESSION['PHP_SELF']}' method='post'>";

Better (IMHO):

$form = '<form action="%s" method="%s">';
echo sprintf($form, $_SESSION['PHP_SELF'], 'POST');

@Cody_4
See also: https://php.net/manual/en/language.basic-syntax.phpmode.php

As alternative, if the dates are saved into a database table, you could use datediff() along with date_add() (to get the inclusive counting) and sum(), for example:

select sum(datediff(date_add(`to`, interval 1 day), `from`)) as `total` from `holidays` where `employee_id` = 1;

+-------+
| total |
+-------+
|    21 |
+-------+

Hi,

in the dbconnect.php file you have this line:

$conn = new mysql($servername, $username, $password);

which is wrong. In PHP there are three APIs that you can use: mysql, mysqli and PDO. The first is deprecated in PHP 5.* and removed from the latest version (7). I think here you want to use new mysqli() info here.

In the other files you are not using anymore the connection created by the dbconnect.php file, instead you're using the functions of the deprecated API: mysql_query() and so on. You have to convert your script to mysqli or PDO.

Read: http://php.net/manual/en/mysqlinfo.api.choosing.php

And once you decided which to use between mysqli or PDO learn, first of all, to use prepared statements:

• http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
• http://php.net/manual/en/pdo.prepared-statements.php

don't ignore this practice, it will help you to write safer scripts.

Ok, then you could use PDO to group the results into an array, the index key is defined by the first column listed in the SELECT statement, in your case it will be the town column.

Here's an example:

$conn = new PDO('mysql:host=localhost;dbname=my_db', 'username', 'password');
$stmt = $conn->prepare('SELECT `town`, `il`.* FROM `info_list` AS `il` ORDER BY `town`, `name` ASC');
$stmt->execute();
$rows = $stmt->fetchAll(PDO::FETCH_GROUP | PDO::FETCH_OBJ);

Then create a template for the list:

$list     = '';
$template = '<li>%s<ul>%s</ul></li>';

And loop the results:

foreach($rows as $town => $value)
{
    $li = '';
    foreach($value as $row)
        $li .= "<li>$row->name, $row->job</li>";

    $list .= sprintf($template, $town, $li);
}

Then into your HTML simply do:

<ul>
<?php echo $list; ?>
</ul>

More info here: http://php.net/manual/en/pdostatement.fetchall.php

Hi,

so you want to group the names under each town? For example:

<ul>
    <li>Town
        <ul>
            <li>Name X</li>
            <li>Name Y</li>
            <li>Name Z</li>
        </ul>
    </li>
    ...
</ul>

is this correct?

ErrorUnknown column 'created_at' in 'where clause'
How to overcome this

Replace with the appropriate columns, mine is an example, I don't know your table structure.