Posts by nav33n

1st query is correct and the 2nd is wrong. What does mysql_affected_rows print ? Did you also check in phpmyadmin ? Does it update any record ? Umm.. for a change, try using == instead of === . Lets see how it goes..

:-S Check if all the variables are set properly, echo the query and execute it in phpmyadmin/mysql console ! Tell us if it still updates in phpmyadmin/mysql console.
I executed the first 2 queries and I noticed the difference.
The query

$q="UPDATE login SET password='".SHA1($newPassword)."' WHERE id='$loginID' AND password='".SHA1($oldPassword)."'";

prints this.

UPDATE login SET password='9b2f1fe6da132ed153cd613cb453dca9285af4b9' WHERE id='10' AND password='2fc535a9fd9760b71e76f92dff31ea719625b652'

Whereas, this query,

$q="UPDATE login SET password='".SHA1('$newPassword')."' WHERE id='$loginID' AND password='".SHA1('$oldPassword')."'";

prints this.

UPDATE login SET password='a4c20b3df57a6a1b409d16274aafd91b35447cee' WHERE id='10' AND password='6ce6bf140f3611ce3133244a69b10a76bb412a47'

In both the cases, I have declared the variables,

$newPassword = "thisismynewpassword";
$oldPassword = "thisismyoldpassword";

Edit: You could also try using mysql_affected_rows to see how many rows were really affected!

Dang! Stupid me.. A variable inside ' ' is considered as string.. :icon_rolleyes:

This should fix it.

$q="UPDATE login SET password='".SHA1($newPassword)."' WHERE id='$loginID' AND password='".SHA1($oldPassword)."'";

password column is of datatype varchar (I think). Try this.

$q="UPDATE login SET password='".SHA1('$newPassword')."' WHERE id='$loginID' AND password='".SHA1('$oldPassword')."'";

First, query the table and get all the details of that particular bookingID and then display it. You can also give an option for the user saying something like, "Are you sure want to delete ?" :) Have a hidden variable in your form to hold the bookingID. If he clicks yes, then, delete the record. If he clicks no, then redirect him to some other page. Many users might give a second thought before deleting :)
And about making your report look better, well, add some style to it.
Its 2 in the morning and I ll probably hit the sack!

<?php
// open database connection code and then my code as follows

//$id = mysql_insert_id();  << This line wouldn't work ie., $id will be null because there isn't any insert statement before this function call. 

//$sql="INSERT INTO clients (clientID, firstname, surname, address1, address2, town,  postcode,  telephone, email, cardno, expirydate) VALUES ($id,'$_POST[firstname]','$_POST[surname]','$_POST[address1]','$_POST[address2]','$_POST[town]', '$_POST[postcode]','$_POST[telephone]','$_POST[email]','$_POST[cardno]','$_POST[expirydate]')";
//since clientID is an autoincrement field, you don't need to mention it. Use this query instead.
$sql="INSERT INTO clients (firstname, surname, address1, address2, town,  postcode,  telephone, email, cardno, expirydate) VALUES ('$_POST[firstname]','$_POST[surname]','$_POST[address1]','$_POST[address2]','$_POST[town]', '$_POST[postcode]','$_POST[telephone]','$_POST[email]','$_POST[cardno]','$_POST[expirydate]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
$last_insert_client_id = mysql_insert_id();
//get previous insert statement's clientID

//$sql="INSERT INTO bookings (bookingID, clientID, roomID, startdate, enddate, adults, children, roomtype,  requirements) VALUES ($id, LAST_INSERT_ID(),'NULL','$_POST[startdate]','$_POST[enddate]','$_POST[adults]','$_POST[children]','$_POST[roomtype]', '$_POST[requirements]')";
$sql="INSERT INTO bookings (clientID, roomID, startdate, enddate, adults, children, roomtype,  requirements) VALUES ('$last_insert_client_id','NULL','$_POST[startdate]','$_POST[enddate]','$_POST[adults]','$_POST[children]','$_POST[roomtype]', '$_POST[requirements]')";

if (!mysql_query($sql,$con))
  {
  die('Error: ' . mysql_error());
  }
  $last_insert_booking_id = mysql_insert_id();
  //last insert statement's bookingID
  //$result = mysql_query("SELECT * FROM clients WHERE clientID=LAST_INSERT_ID()");
	//this also wouldn't work because LAST_INSERT_ID will give you the last inserted id of booking table.. Instead use this
	$result = mysql_query("SELECT * FROM clients WHERE clientID='$last_insert_client_id'");
	
  //$result = mysql_query("SELECT * FROM bookings WHERE bookingID=LAST_INSERT_ID()");
  //This will work but it will override the value stored in the variable $result. You should use a different variable. 
  $result1 = mysql_query("SELECT * FROM bookings WHERE bookingID='$last_insert_booking_id'");

echo "<table border='1'>
<tr>
<th>ID</th>
<th>Firstname</th>
<th>Lastname</th>
<th>address1</th>
<th>address2</th>
<th>town</th>
<th>postcode</th>
<th>telephone</th>
<th>email</th>
<th>Arrival</th>
<th>Departure</th>
<th>Adults</th>
<th>children</th>
<th>Room Type</th>
<th>Requirements</th>

</tr>";

while($row = mysql_fetch_array($result))
  {
  echo "<tr>";
  echo "<td>" . $row['clientID'] . "</td>"; …

$q="SELECT id FROM login WHERE username='$username'";
$sql=mysql_query($q);
if (@mysql_num_rows($sql)==1) {
$arr=mysql_fetch_array($sql);
$id=$arr["id"];
}

:-/

mysql_real_escape_string

Because the result resouce contains 'no rows' and then goes to the function to preform the mysql_num_rows it cannot(due to having no rows - I dont know why) and then goes to the or die statement and throws the "Error".

No. result resource simply wouldn't know if it returns "No rows" or "Rows". Does the above function work for you ? If it doesn't, then, I am sorry, I don't know what else to say.

What exactly is the error message :-/

The function is fine. The only place where you can go wrong is while passing the argument to the function. Make sure $a is a valid result resource.

function getRows($result_resource) {
 return mysql_num_rows($result_resource);
}
$query = "select * from table where column='somevalue'";
$result = mysql_query($query);
$totalRows = getRows($result);
echo $totalRows;

Oh, btw, If your query isn't a valid one, ie., if the table or the column doesn't exist, it will return an error ! :)

Cheers!
Nav

:D So, its fixed now ?

Hmmm... Actually I think I know what may be the problem I think because I am calling the mysql_num_rows from a function then directly?

May be. Are you passing this result resource to the function ? If you post relevant code, it would be very helpful !

You got it all wrong. $b doesn't return any rows. It just return result resource, which can be used in
* mysql_num_rows to know how many rows were returned.
* mysql_fetch_array/mysql_fetch_assoc/mysql_fetch_row/mysql_fetch_object to get the values of the rows .

I can't explain you any better :( Post all the relevant code here. And please use code tags.

Well, You can do it in quite easily. Before redirecting them to the page where they book a room, use $last_inserted_mysql_id = mysql_insert_id(); to get their clientID.
After getting their clientID, you can direct them to "Book a room" page along with their clientID or save the clientID to a session variable and use it in your booking table.

There's no reason you can't change "TEXTAREA" to "textarea" in the code.

You are absolutely right ! :icon_lol:

IE will still report the tag in upper case, however, if queried. Note that if you use a transitional DOCTYPE the case shouldn't be an issue for validation.

Hmm! I didn't know that..

Where are you inserting the value to client table ?

last_insert_id() in mysql or mysql_insert_id() in php gets the value of the autoincrement field from the last insert query.
Eg.

//using mysql's LAST_INSERT_ID()
// considering clientID as auto increment - primary key
$add_to_client_query = "insert into client (name,age) values ('test','20')";
mysql_query($add_to_client_query);
$add_to_booking_query = "insert into booking (busname, totalseats,clientID) values ('Air bus','30',LAST_INSERT_ID())";
mysql_query($add_to_booking_query);

//using php's mysql_insert_id()
// considering clientID as auto increment - primary key
$add_to_client_query = "insert into client (name,age) values ('test','20')";
mysql_query($add_to_client_query);
$last_inserted_mysql_id = mysql_insert_id();
$add_to_booking_query = "insert into booking (busname, totalseats,clientID) values ('Air bus','30','$last_inserted_mysql_id)";
mysql_query($add_to_booking_query);

I hope thats clear ?

Cheers!

I found this example. http://www.quirksmode.org/dom/cms.html
But again, he uses 'TEXTAREA' and not 'textarea' :-/

Using the example given in the website,

<html>
<body>
<head>
<script type="text/javascript">
var editing  = false;

if (document.getElementById && document.createElement) {
	var butt = document.createElement('BUTTON');
	var buttext = document.createTextNode('Ready!');
	butt.appendChild(buttext);
	butt.onclick = saveEdit;
}

function catchIt(e) {
	if (editing) return;
	if (!document.getElementById || !document.createElement) return;
	if (!e) var obj = window.event.srcElement;
	else var obj = e.target;
	while (obj.nodeType != 1) {
		obj = obj.parentNode;
	}
	if (obj.tagName == 'TEXTAREA' || obj.tagName == 'A') return;
	while (obj.nodeName != 'P' && obj.nodeName != 'HTML') {
		obj = obj.parentNode;
	}
	if (obj.nodeName == 'HTML') return;
	var x = obj.innerHTML;
	var y = document.createElement('TEXTAREA');
	var z = obj.parentNode;
	z.insertBefore(y,obj);
	z.insertBefore(butt,obj);
	z.removeChild(obj);
	y.value = x;
	y.focus();
	editing = true;
}

function saveEdit() {
	var area = document.getElementsByTagName('TEXTAREA')[0];
	var y = document.createElement('P');
	var z = area.parentNode;
	y.innerHTML = area.value;
	z.insertBefore(y,area);
	z.removeChild(area);
	z.removeChild(document.getElementsByTagName('button')[0]);
	editing = false;
}

document.onclick = catchIt;
</script>
</head>
<p> This is a test! </p>
</body>
</html>

In every page you use session variables, you should have session_start(). :)

Great! Cheers :)

Yeah. Try it out. :)

In the table there is no value of c and hence nothing is returned
What is the value of $b?

$b will still hold a result resource. Check Return values here..
http://in.php.net/function.mysql-query

Do you get any error ? And, you don't have session_start(); in this script :-/

Hi there! The issue is with innerHTML! Check this link..
http://www.developer-x.com/content/innerhtml/

You are doing it wrong.. $result = mysql_query($query); This will execute the query and return the result resource. You have to then use mysql_fetch_array (mysql_fetch_row/mysql_fetch_assoc/mysql_fetch_object) !

Read it here.. http://in.php.net/function.mysql-query

$query = "SELECT * FROM item WHERE item_id = '1'";
$result = mysql_query($query);
$row = mysql_fetch_array($result); //if it returns only 1 row else use while loop
$image_path = $row['image_path'];
echo "<img src ='".$image_path."'>";
?>

When adding the data to the table, use nl2br function (if you are using php).

Maybe we could have a competition of the most secure and fastest hash mechinism.

Unless we have an extremely talented hacker who can decypher hashes in minutes (or hours), we wont be able to know which is the most secure hashing mechanism. IMO, All these above posted functions are secure :)

What if the client has disabled javascript ?

You can do this in php itself ! Why do you want to rely on javascript ?

Umm.. I am not sure actually! :-/

Answer is Yes to both the questions.

<html>
<body>
<form name='test' method='post'>
<input type='text' id='name' name='name'>
<input type='text' id='age' name='age'>
</form>
<?php
 $value = 1;
 if($value == 1) {
 	echo "<script>document.getElementById('age').focus();</script>";
 	echo "<script>document.getElementById('name').disabled=true;</script></script>";
 }
?>
</body>
</html>

You can! But you will just be adding unnecessary overload to your CPU ! I think you can use cwarn23's function. Its neat !

Hmm.. one question though.. The table will store random strings and their hashes.. I guess it would be more efficient if a dictionary (like the ones used in Brute force) with all the commonly used words are also stored..

Do you mean this ?

http://www.daniweb.com/code/snippet130.html

Although there may be no dehasher on the market that doesn't stop you from making one. But it does require about 2 petabytes of hardrive space (2048TB or 2097152GB). I have created a dehasher that simply records every key combination and its hash into a mysql database then when dehashing, just simply do a reverse lookup by searching for the recorded hash and original word when the entry was generated. Just let me know if you would like the script.

Woah ! Something like a keylogger ? Is it in php or java/vb.net ?

But am I assuming how the hash method works, is correct?
(use any string to encrypt a variable to produce a unique 8 character string?)

Yep. Thats correct. In this case, the algorithm convert it to 8 character string.

I am good OmniX! How are you ?

I don't think there is any decrypting script/function which you can download. They have mentioned how there can be a collision between 2 different strings giving out the same hash ! I tried to read some more about the same, but, everything is going right over my head :(
http://www.mscs.dal.ca/~selinger/md5collision/
http://www.unixwiz.net/techtips/iguide-crypto-hashes.html

Thank you for creating this thread.. I can spend the rest of the evening reading these links ;)

I just love this question. In my opinion, it is best to use more than one hash so that it is harder to crack. And so that those online database chrackers can't store your hash, include the whirlpool hash. So below is a function I have made for a much better hash:

function truehash($hashzzz) {
return hash('crc32b',hash('whirlpool',$hashzzz));
}

The function above will be really hard to crack as it uses oppisite types of output. One of the advantages with the function above is that crc32b is short (less data recorded) and whirlpool is long (containing more data). And since a whirlpool hash is 128 characters long, I doubt anybody will have a giant database of the whirlpool conversions. Of course you could use all of the hashes in the function but may make take a bit of cpu.
Any other comments?

Thats a very nice function. I wish I could give you more rep today :)

Check this link.. http://www.hudzilla.org/phpbook/read.php/17_3_7
I also read here that md5 can generate collision (and is not safe anymore!). Someone also mentions (in the 2nd link) that whirlpool (as mentioned by cwarn23) is a good replacement! SHA1 isn't a safe encryption method too! :S Hmm.. I should stop using SHA1 !

if($filename!="NULL" || $filename!="FALSE" || $filename!="")

This must be

if($filename!=NULL && $filename!=FALSE && $filename!="")

In your example, you are checking if variable filename value is NULL or FALSE (which is wrong). And, you should use logical operator "and" instead of "or".

Take a closer look at my script. Line 25. In my post I solved a way around the last appended | symbol by using the following line:

I was just giving him an example how the result would look like! I just copy pasted the error messages and I forgot to take the last "|" from it.

http://localhost/careers.php?error=Name%20is%20a%20required%20field%20please%20complete%20and%20submit%20it%20again.|Email%20is%20a%20required%20field%20please%20complete%20and%20submit%20it%20again.

This is exactly how it looks like (if there are 2 errors).

No it wont! cwarn23 is appending a "|" after every error message. So, if there are 2 errors, the query string would look like,

Name is a required field please complete and submit it again.| Please fill in a correct email address|

I personally don't prefer doing it this way since the query string look quite long and bad. Maybe using a session array variable is a better choice.
Whenever there is an error, add it to a variable, then make that a session variable. After displaying respective error message, unset the session variable.

Great :) Congrats!

Then use <p> instead :-/ It would be very helpful if you show us the output !

As I said in my earlier post, \n is just a delimiter. How do you know it contains 20 lines of of data ? How are you separating the lines ? Using \n or by using <br> ?
Try this simple example.

$query = "select content from blogs limit 1";
$result = mysql_query($query);
$row = mysql_fetch_array($result,MYSQL_ASSOC);
print htmlentities($row['content']);
?>

If the lines are separated by <br> tag, use that as a delimiter.
Btw, I use mysql_assoc to get only the associative indices. I can use mysql_assoc instead, but I like using mysql_fetch_array. :)
Check Return Values in this link for more details.
http://in.php.net/mysql_fetch_array

Use single quote in your query ' instead of ". The second argument \n is a delimiter. If you are storing the values in a table with <br> try giving that instead of \n. I tested at my localhost and it works without any problem.

<?php
$con = mysql_connect("localhost","root");
mysql_select_db("test");
$blog="select id,SUBSTRING_INDEX(question, '\n', 5 ) from quiz_questions limit 1";
$result = mysql_query($blog) or die (mysql_error());
$row = mysql_fetch_array($result,MYSQL_ASSOC);
print "<pre>";
print_r($row);
print "</pre>";
?>

:) Get a good editor with syntax highlighting.. That way you will know where you are going wrong!

Check mysql function substring_index

Eg.

SELECT SUBSTRING_INDEX(columnname, "\n", 10 )
FROM table

No probs! Btw, foreach is useful when you have irregular array indexes.
eg.

$array[3]=30; $array[10]=10; $array[11]=10;