Posts by nav33n

1. I would never use form element's names like, Y M D, ie., with spaces. Try,

<input id="dmy" name="dmy" type="text" />

And in the php script,

$date = mysql_real_escape_string($_POST['dmy']);

mysql_real_escape_string escapes all the escape characters and prevent sql injections.
Also, Instead of executing the query directly, you can put it in a variable and then pass it to mysql_query. Its easier to print a variable to know what is the query you are passing to mysql_query. Ie.,

$date = $_POST['dmy'];
$query = "SELECT * FROM bookings WHERE startdate='$date'";
echo $query;
$result = mysql_query($query);

Execute the query on backend (phpmyadmin) and see if it return any rows. If it doesn't, then,
1. You either don't have any records for that date (OR)
2. You have a different date format in the table (or while passing it in the query)

Hmm.. It has to! Did you use error console to see the error message ? If you can post your complete code, we could see where you are going wrong.

You forgot to remove with(form) :)

Edit: For testing purpose, you can use error console in mozilla firefox to know where the error is.

What is with(form) ? Are you calling a function called with which is declared somewhere else ?
Also, agreement.value.checked wouldn't work because,

• The syntax is not correct
• It will say agreement is not defined!

Try this.

function validate(form) {
  if(!(form.agreement.checked)) {
	  alert("Please commit the agreement to continue.");
	  form.agreement.focus();
	  return false;
  } else return true;
}

Same thing for your second question. conPerP1.value should be form.conPerP1.value .

You can use @ before mysql statements to supress the warning and error messages. @mysql_connect(...)

if($conn_server = true) {

This is a comparison operator and you are comparing if the value of $conn_server is "true". So, you should use == instead of =.
Apart from that, I don't see anything wrong with your code which could cause an error.

And if you are a windows user, check this link, especially the reply from a user called 'savbill'. :)

Where are you selecting the id ? I can't understand your code. You need to post your complete code using code tags and explain your problem in detail.

<form> tag should be above <select> tag. <select> tag can't have value attribute. And always use

echo "<option value='".$nt['test_id']."'>".$nt['test_name']."</option>";

instead of

echo "<option value=$nt[test_id]>$nt[test_name]</option>";

(Thats the clean way of writing it).
P.S. Don't use @ before your queries. It will supress the errors and you wont be able to find out what's wrong!

When I try to view this it gives Apache and PHP up but it is not showing list of users as expected neither giving any error message.
When I try to connect to mysql using loging root and password root it get connected but through PHP it is not working.

If it is not getting connected through php, it will throw an error. Check your php.ini file about error reporting.
If its value is not

error_reporting = E_ALL & ~E_NOTICE

change it. This means, Show all errors except notices.
I tested the script and its fine. But its outdated. Nobody uses session_register nowadays. If you want to register a session variable, you just use $_SESSION = "value";
Quoting from Php.net

Warning
This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.

Good luck!

Hi everyone,

I am creating a student timetable. I have the table done in html and I now need to input the values in the database.

I was trying to use something along the lines of

if(day = 'Monday' && time = '9') {
echo(subject);
}

i keep getting an error of undefined day and time. I also tried

if(sem1week1.day = 'Monday' && sem1week1.time = '9') {
echo(subject);
}

I got the same error except it was undefined sem1week1.day

appreciate any help

Please post your code and explain your problem in detail. Use [code] tags to wrap your code.

You are welcome! :)

escape single quotes and forward slashes by using mysql_real_escape_string. This will prevent sql injections as well.
Ie.,

$leavetype = mysql_real_escape_string($leavetype);
$fullday = mysql_real_escape_string($fullday);
// and so on...

Well to help answer the questions of why the action= will go to test.php?action=test only when method=post is that when method=get, the parameters in the form overwrite the parameters specified in the action=. However, when using method=post, there are no parameters that can possibly overwrite the action= since it is posting them. So basically it is a browser problem and not a server problem.

Hmm! That answer looks convincing. I guess you are right.

No i am talking about Get method in this case..... when use POST method then it cant

Umm! Let me clear the misunderstanding. This works. The form method is POST and action = test.php?action=test.

<?php
echo $_GET['action'];
?>
<html>
<body>
<form action="test.php?action=test" method="post">
<input type="submit" value="Test"/>
</form>
</body>
</html>

But this doesn't work. The form method is get and action is test.php?action=test.

<?php
echo $_GET['action'];
?>
<html>
<body>
<form action="test.php?action=test" method="get">
<input type="submit" value="Test"/>
</form>
</body>
</html>

My question is, why doesn't GET method go to the action test.php?action=test ?

this will give you the value of objects exist in your form not the value of action "test.php?action=test"

But when you use post method, how could it get the action value from form action along with other form elements ?

The reason is that you cannot pass url variables through the action= but I am not sure if it is the same with the post method though.

It works fine with post method.

<?php
echo $_GET['action'];
?>
<html>
<body>
<form action="test.php?action=test" method="post">
<input type="submit" value="Test"/>
</form>
</body>
</html>

Is there any technical explanation for this ?

thanks for help. my file has all executable permissions like 755 and i have linux server but how i can apply corn job on my file. just tell me this in easiest way

Did you check the link Look here to see how to setup your own crontab ? You can add a line (or cronjob) in crontab file. This crontab file executes the cronjob at the specified time.

If you have a linux server, then maybe this could help.
http://www.modwest.com/help/kb5-125.html

I just re-checked my code to see why that is and it seems for forms with XSS injection the feature needed adding (very simular to the SQL injection feature) however I have a problem with a preg_match_all statement I use. The following is the preg match all statement and it just returns empty arrays even though theoratically it should match the form. Could anybody help me debug the following code to return the form if the form contains the word 'user' or the word 'password'.

<?
preg_match_all('/\<form(.*)(user|password)(.*)\<\/form\>/i',file_get_contents('http://xss-login.appjet.net/'),$forms);

//display the result
echo '<xmp>';
print_r($forms);
echo '</xmp>';
?>

I have tried many variations of this code with no luck.
Thanks for the help.

You mean like this ?

preg_match_all('/\<form(.*)(user|password)(.*)\<\/form\>/is',file_get_contents('http://xss-login.appjet.net/'),$forms);

In all the queries, change my_db to user. :) Then I guess it should work fine!

Ah! :'( Yes !!!

Okay! The query looks good. Are you sure the table name is correct ? Because I noticed your database and table have the same name! :-/ If it is correct, execute this query in phpmyadmin or mysql console and see if it throws any error!

Okay! Add echo $realUser_query; before $realUser_result = mysql_query($realUser_query); and tell us what it prints.

if(!$con)
        {
        die('Could not connect: ' . mysql_error());
        }
mysql_select_db("my_db", $con);
$user = mysql_real_escape_string($_POST['user']); //request posted data and sanitise it using mysql_real_escape_string
$pass = mysql_real_escape_string($_POST['pass']);
$realUser_query = "SELECT Username FROM my_db WHERE Username = '$user'"; // create the query
$realUser_result = mysql_query($realUser_query); //execute the query and assign result resource to $realUser_result
if(mysql_num_rows($realUser_result) > 0 ) { //if the returned results is more than 0
	$usernamerow = mysql_fetch_array($realUser_result); //fetch the returned result to $usernamerow
	$realUser = $usernamerow['Username']; //assign Username to $realUser
}
if($user != $realUser) {
        echo "No Such User";
} else {
        $realPass_query = "SELECT Password FROM my_db WHERE Username = '$user'";
        $realPass_result = mysql_query($realPass_query);
        if(mysql_num_rows($realPass_result) > 0 ) {
        	$passrow = mysql_fetch_array($realPass_result);
        	$realPass = $passrow['Password'];
				}
        if($pass != $realPass)
                {
                echo "Incorrect password";
                }
        elseif($pass == $realPass)
                echo "Welcome!";

        }

Try this out! I have added comments for you to understand.

Can you post your code here ? And don't echo $realUser, echo $realUser_q.

First, I'd like to say I really appreciate the replies. I have tried single quotes, no error is given, but nothing is stored in $realUser. What does _q at the end of the variable do?

If nothing is stored, then maybe $user is empty. Try this and let us know what it prints.

$realUser_q = "SELECT Username FROM my_db WHERE Username = '$user'";
echo $realUser_q;
$realUser_r = mysql_query($realUser_q) or die(mysql_error());

And as for your second question, _q don't do anything. Its just another variable.

Looking at your query, I guess $user is a string. So

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = $user ") or die(mysql_error());

will generate an error. You have to put single quotes around $user. ie.,

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = '$user'") or die(mysql_error());

You don't need single quotes if you are querying with integers. ie.,

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Userid = $userid ") or die(mysql_error());

Hope thats clear!

Pretty straight forward. You are having <?=$options?> in echo.
End the echo statement then echo $options.
Example,

echo'<form action=\"insert_interest.php\" method=\"POST\">

		<h4>Select which course you would like to register your interest in</h4>
		
		<h5>Option 1</h5>
		   <select name=\"radio\">
				  <OPTION VALUE=0>Please select an option';
				  echo $options;
		   echo '</select>
		<h5>Option 2</h5>
		(only select more options if needed)<br />
		<br />
			<select name="radio1">
				<OPTION VALUE=0>Please select an option';
				echo $options;
//and so on...

So, what is the problem ? Did you check if register globals are on in php.ini ?

:) Look closely and find that 1 difference yourself!

$date = "2009-03-31";
echo date("Y-m-d", strtotime($date ."+n days" ));
//where n is the number of days to be added

Replace all occurance of " with ' in your message. :)

Could be many reasons.
1. php short tags may be disabled. Use <?php
2. Register globals may be disabled. Use $_POST instead of $form_element.
This is an example.

<?php
if(isset($_POST['submit'])) {
	foreach($_POST['checkbox'] as $checked) {
		//delete checked record
	}
}
?>
<html>
<body>
<form method='post'>
<input type='checkbox' name='checkbox[]' value='1' /> 1 <br />
<input type='checkbox' name='checkbox[]' value='2' /> 2 <br />
<input type='checkbox' name='checkbox[]' value='3' /> 3 <br />
<input type='checkbox' name='checkbox[]' value='4' /> 4 <br />
<input type='submit' name='submit' value='submit' />
</form>
</body>
</html>

Welcome to Daniweb BTW. Please read the guidelines on how to use [ code ] tags for better readability of your code.

Well, I don't have an example with me. But, Instead of having an xml, you can query the table, then have a select element where you can show all the matching values. Also have an onchange event for select so that when the user clicks an option, it is inserted to the textbox.

<select name='selecttag' multiple='10' onchange='document.getElementById('txt1').value=this.value;'>

You also need to hide the border of select element.

Try it in Firefox, open Error console and see whats going wrong.

I tried all the scripts and they work (on both IE and mozilla) ! What error are you getting exactly ?

You have to convert the dates to unixtimestamp using strtotime.

I agree with AD, it's damn hard to quit, I've been smoking 10+ years, but eventually I'll succeed.

I can understand how you feel! I started smoking 6 years ago and finding it very difficult to quit! I had quit for a week, but I didn't have enough will power to overcome the urge. :(
Even the *Smoking is injurious to health* sign on the packs too don't make much of a difference.

ps now im waiting for my fellow posters to attack me.

:angry: *Throws a hand grenade at sitas87*

echo $_SESSION;

You are echoing userid. Are you sure you thoroughly checked it ? :icon_rolleyes:

ok guys, i am persuaded, cheating is wrong, i gave an empty paper yesterday, and i am not gonna pass the class without understanding these hardware level cpu operations.
you won!

How did you finally come to the conclusion that cheating is wrong ? Why didn't you cheat ?
I am happy you realised cheating is wrong. Better late than never. :icon_rolleyes:

in turkish we have a saying for this : the panth would not stick to your ass unless your ass has been used to it.

:confused: :-/ What does that even mean ?

>they must have cleaned out all the old ones or started a new forum recently because I know it was fairly popular when I was using it 20 years ago.

you are really ancient :)

It seems like you are begging for trouble :)

I haven't used tomcat, but for apache, its http://localhost to access the root directory. You can find the config file httpd.conf in conf directory.

Every new question you ask, just seems to get creepier...

My feelings exactly !
Serkan, Are you planning to be Narue's secret stalker ? :S

Yeah! Use ad block plus (firefox addon) and block all the unwanted scripts/frames/images/ads/whatever! Life has been good since I started using ABP. :cool:

>might as well be the geek lounge where the rep points wouldn't affect me
Perhaps I should slap you with a Keep It Pleasant infraction. You're not invincible here either, slick. ;)

Ah! Narue, welcome to the Children's club! :P

What is the error ? I am still confused about what you want and what is the problem. Do you mean something like this ?

<?php
if(isset($_POST['submit'])) {
	$total = $_POST['field1']+$_POST['field2']+$_POST['field3']+$_POST['field4'];
	if($total % 4 == 0) {
		echo "$total Divisible by 4..";
	} else {
		echo "$total Not divisible by 4..";
	}
}
?>
<html>
<body>
	<form method='post' action='test.php'>
Field1:	<input type='text' name='field1'><br />
Field2:	<input type='text' name='field2'><br />
Field3:	<input type='text' name='field3'><br />
Field4:	<input type='text' name='field4'><br />
<input type='submit' name='submit' value='submit'>
	</form>
</body>
</html>

:-/ If this is not what you mean, you need to describe your question in detail with relevant code.

Maybe it got to do with

$date		=	$date15_year.'-'.$date15_month.' '.$date15_date;

No. That is just fine. Use print_r($_POST); to see what is getting posted and what is not.