Posts by Will Gresham

No, check line 28 of his sendemail.php script:

$attn = $_POST['attn'];

Also, he has been echoing the attn value and it is printing the correct item.

You could try using an IF rather than a switch:

if($attn == "webmaster") {
$to_email = "erich.krauz@rgl-e.com";
} elseif($attn == "info") {
$to_email = "krauz2@hotmail.com";
} else {
$to_email = "erich.krauz@rgl-e.com";
}

My bad, put the values on the case statements in the switch in '':

switch($_POST['attn']) {
case 'webmaster':
$to_email = "erich.krauz@rgl-e.com";
break;
case 'info':
$to_email = "krauz2@hotmail.com";
break;
default:
$to_email = "erich.krauz@rgl-e.com";
}
mail($to_email, $subject, $message, $from);

You could also use switch($attn) {

That's correct, if it was defined outside the functions.php page before the file was called it would be available to the functions, but if it is within the same file then it will not be usable by the functions in that file.

Take a look here for more info on this.

Add or die(mysql_error()); to the end of the SQL querys causing the problem:

mysql_query("SOME QUERY")or die(mysql_error());

and let us know what that reports.

What happens if you put the following into the PHP script:

echo $_POST['attn'];

wrap the switch and mail functions with /* and */ to prevent them running:

/*
switch($_POST['attn']) {

case webmaster:$to_email = "erich.krauz@rgl-e.com";
break;
case info:$to_email = "krauz2@hotmail.com";
break;
default:
$to_email = "erich.krauz@rgl-e.com";
}
mail($to_email, $subject, $message, $from);
*/
echo $_POST['attn'];

Also, I just noticed you previously had $attn = $_POST; so you would be able to replace $_POST with $attn in the switch statement.

Thats the one

take out the space between the " and values in the form. so " webmaster " becomes "webmaster" you follow?

Does the script in your last posts work? As this seems to be correct.

Make sure you put your code in code-tags so that it displays correctly

Also, yes I am based in the UK, but I work nightshift as tech support in the US department of a PC company

Try de-capitalizing the W in webmaster, that was meant to be lower case

In contact1.php, change the 'value' for each of the <option> tags in the select to a single word in lower case to make it easire, for example, webmaster, info, tech and rgl like so:

<select name="attn" size="1">
<option value="webmaster">Webmaster </option>
 <option value="info">General Info </option>
</select>

Then in the other file put:

switch($_POST['attn']) {
case Webmaster:
$to_email = "erich.krauz@rgl-e.com";
break;
case info:
$to_email = "krauz2@hotmail.com";
break;
default:
$to_email = "krauz2@hotmail.com";
}
mail($to_email, $subject, $message, $from);

It would also be a good idea to handle any errors thrown by the mail function like so:

@$send_email = mail($to_email, $subject, $message, $from);
if($send_email) {
echo "E-Mail sent successfully";
} else {
echo "The E-Mail was not sent.";
}

Ok, im looking though you're code at the moment, one thing I have noticed is that this line is at the top of the file:

$conf = mysql_fetch_array(mysql_query("SELECT * FROM config WHERE id = 1"));

It may as well be removed since it will not be available within the function without declaring it as a global within each function it is required.

As for the SQL queries, try putting the coluumn names in backticks ` example:

$conf = mysql_fetch_array(mysql_query("SELECT * FROM `config` WHERE `id` = 1"));

You will need to take the POST value for the drop-down and use that as the E-Mail to address in the mail function, preferably, use names without an @ or domain.com and use PHP to assign an email:

switch($_POST['attn']) {
case name1:
$to_email = "name1@domain.com";
break;
case name2:
$to_email = "name2@domain.com";
break;
default:
$to_email = "Address if email not selected";
}

Don't put the E-Mail address in the field on the form as this can be edited client-side and may compromise your script.

I deleted the bracket all together- now it's just this: Parse error: syntax error, unexpected $end in /home/a5957980/public_html/includes/functions.php on line 247

.... By doing this, you are including all the code following where the bracket should be in the same function which may well result in further errors when the current one is fixed.

If you put this bracket back and then post the other errors as there are obviously multiple problems through the script if you are getting errors and removing a required } to hide these is not solving the problem, just masking it..

Which functions are being called from this script? and what are the values being passed to the functions when the errors occur.

Line 217 should be

}
elseif ($numrows > 1)
{

not

}
	else
	if ($numrows > 1)
	{

Ill keep checking but I thinks thats the only other error.

Also, I can see no use for this elseif as it does exactly the same as the else below it.

I cant see a problem at line 18, but line 47:

$conf = mysql_fetch_array(mysql_query("SELECT * FROM config WHERE id = 1")

does not have an ; on the end and there is a missing ).

Theres the problem, the line above the comment telling you not to edit, line 32, does not have an " or ; on the end and that is whats causing the problem here.

change

$mainText = "Welcome to Surfanatiks........you visit, you get 75% of those back!<br><br>

to

$mainText = "Welcome to Surfanatiks........you visit, you get 75% of those back!<br><br>";

The best way would be to obfuscate the code prior to uploading it to the server PC, by doing this there is no alterations needed to the operating system/accounts. Also, look at http://www.raizlabs.com/software/phpobfuscator/ since this one would probably require little change to your source code to get this working. Providing the server is running PHP5 this would be the easiest option.

as far as "It would be better if you put your code in code tag. Easier to look through."

I don't know what that means. This is how it is in the script.

.... Read the rules of the forum before posting, the code tags are explained in the paragraph at the top of the PHP forum main page which also links to this page you should read the last paragraph on there which details the repercussions of not using code tags.

Also, you would have been asked to provide the code since problems can't be seen in the code you posted, it is possible PHP is reporting a line other than the one it appears to be which could be above or below what you quoted.

First, php.net is a great place to start to learn about the functions and can be alot quicker than asking here ;)

One thing i will say, is never, ever use $_POST, $_GET, $_QUERY...etc directly in SQL queries or the like (you're asking for trouble if you do), always sanitize them first, if the value should only contain numbers, check this first and put them into their own variables. REGEX is ideal for this sort of job.

Always test your applications and try to find security holes in them, or ask a friend to do this as well before publishing it.

htmlspecialchars() will take characters like & and < and > and convert them to their HTML entities, such as &amp; &lt; &gt
in doing this, it means that people cant put HTML into the database and at best mess your styles, at worst add javascript which could well be malicious.
You can do this on either the input or the output, but since most times I assume you will be displaying to a HTML page it makes little difference, only when printing to plain text will it be better to do it on output..

mysql_real_escape_string() would be better to use over addslashes(), they do basically the same thing though, take a look here
stripslashes() will obviously remove any escaped characters from the strings, so this would be needed otherwise all the " and ' would show as \" …

Try to use some standard in your coding, rather than some caps and some lower case, for example SQL commands in caps and value in lower case, makes it easier to read

You would do well to add an error handle to the end of the SQL query to see if it is actually fetching any data from the db:

$var = mysql_query(some query)or die(mysql_error());

No problem, make sure you mark finished topics as solved :)

I have broken up the code with the required changes as below:

<?php
$m = (!$m) ? date("m",mktime()) : "$m";
$y = (!$y) ? date("Y",mktime()) : "$y";

Changes Here

if (isset($_POST['Submit7']))

{
$eventdate = $_POST['eventdate'];
$stime = $_POST['stime'];
$location = $_POST['locate'];
$mdescription = $_POST['description'];

header('location:next.php');
exit();
}

Remove reset code

?>
<html>
<table>
<tr>
<!-- calling the function to draw the calendar -->
<td valign="top"><?php cal($_GET['m'],$_GET['y']); ?></td>
<td width="25" nowrap><br /></td>
<td> </td>
<td>
<!-- the second column of the table starts here -->
<!-- -->
<form name="me" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST">
<table cellpadding="0" cellspacing="0" border="0" bgcolor="#000000"><tr><td>
<table cellpadding="4" cellspacing="1" border="0 "bgcolor="#FFFFFF">
<tr><td colspan="2" bgcolor="#3399FF"><font size="+1" color="#FFFFFF"><b>Request Form</b></font></td></tr>
<tr><td><b>Date for Event: </b></td><td><input type="text" name="eventdate" value="" size="12"> <font size="2">dd/mm/yyyy</font></td></tr>
<tr>
<td><b>Start Time:</b></td>
<td><input type="text" name="stime"> 24 Hour Format ie.1125 </td>
</tr>
<tr>
<td><b>Location:</b></td>
<td><input type="text" name="locate">20 Characters</td>
</tr>
<tr>
<td><b> Description:</b></td>
<td><textarea name="descrption"></textarea></td>
</tr>
<tr>
<td colspan="2" bgcolor="#3399FF"><div align="center">

Changes Here

<input type="reset" name="Submit6" value="Reset"> &nbsp; &nbsp; &nbsp; &nbsp;
<input type="submit" name="Submit7" value="Next">

</td>
</tr>
</table></form>
</table>
</blockquote>
</body>
</html>

This should do what you want.

Not quite

$_POST is the item to use for the if statement.

What this does is gets the value for the field in the form which is named in quotes.

You don't need anything but <input type="submit" name="Submit7" value="Next" /> for the submit button, the method=post is defined by the <form> tag.

All you need for the if statement is the code I posted earlier, if (isset($_POST['Submit7'])) { this says 'If Submit7 has been pressed, run the following code'.

Make sure you put your code in code tags.

if (($_SERVER['REQUEST_METHOD'] == "POST") || ($_SERVER['Submit7'] == "Next"))
{
$eventdate = $_POST['eventdate'];
$stime = $_POST['stime'];
$location = $_POST['locate'];
$mdescription = $_POST['description'];

header('location:next.php');
exit();
}

Would it not be better to replace the IF statement with

if (isset($_POST['Submit7'])) {

This will check whether the submit button has been clicked, also I don't believe $_SERVER can be used to check form fields, check http://uk3.php.net/manual/en/reserved.variables.server.php.

Also, can I ask why you aren't using the reset button in HMTL? <input type="reset"> as this will clear all fields in the form.

Are you storing this in the database as a timestamp, date, or string?

One way to convert it is when you fetch the date from the table convert it to the correct format:

$split_date=explode("/", $date_var);
$date=$split_date[2] . "/" . $split_date[1] . "/" . $split_date[0];

Depending on which format you store the date as in the database there may be easier ways of doing this.

One way to do this would be to include an if statement and a counter for example,

$counter=0
while(sql_statement) {
$id=$row['id'];
$date=$row['date'];

$sentby=$row['sender'];
$comment=$row[comment];

if($counter==4) {
echo "<br />";

// reset the counter
$counter = 0;
}
echo"sent by: $sentby Comment:$comment  date sent:$date";
$counter++;
}

This is fairly simple, use the RAND function in the SQL query:

$sql = "SELECT * FROM tablename WHERE somefield='something' ORDER BY RAND() LIMIT 10";

I would have thought this goes in the HTML/CSS forum here
Although I would suggest running the page through a validator (http://validator.w3.org/) first since there are multiple problems on all pages.

Simply use the HTML a tag to make it a hyperlink

<a title="link_title" href="link_here"><? echo $rows['topic'];?></a>

In the database you also need to have the unique identifier for the row and make the link something like mypage.php?topicid=ID where ID is the identifier.

Do you have a re-direct on the logout.php script? If you do comment this out and run the code to see if the cookies are being deleted at all, its possible depending on how your script works that it is re-creating the cookies when the user is re-directed.

The code is not browser defendant since PHP is a server side language not client side.

Personally I use the following code to delete cookies, but it does exactly the same as the previous examples:

$past = time() - 3600;
	setcookie('cookie_name', null, $past);

In the httpd.conf file you should have a line similar to DirectoryIndex index.html Change this to DirectoryIndex index.php

Not sure exactly how variable variables work, but the PHP manual about them is here

The best way to do this would probably be an array:

$abc=array("value1","value2");

for($i = 0; $i < 2; $i++) {
echo $abc[$i];
}

<?php
error_reporting(E_ALL);
// Show simple format of the records so person can choose the reference name/number
// this is then passed to the next page, for all details

$host = "localhost"; 
$user = "xxx"; 
$pass = "xxx"; 
$db = "phonebook"; 

//Connecting to MYSQL
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");

//Select the database we want to use
mysql_select_db($db) or die ("Could not find database");

// Get all records in all columns from table and put it in $result.
$query = "SELECT * FROM people ORDER BY fname ASC"; 

// execute query 
$result = mysql_query($query) or die ("Error in query: $query. ".mysql_error()); 

// Get all records in all columns from table and put it in $result.

if (mysql_num_rows($result) > 0) {
  while($row=mysql_fetch_row($result)){
    echo "ID : $row[0] <br/>";
    echo "First Name : $row[1] <br/>";
    echo "Last Name : $row[2] <br/>";
    echo "Phone Number : $row[3] <br/>";
    echo "Extension : $row[4] <br/>";
    echo "Title : $row[5] <br/>";
    echo "Department : $row[6] <br/>";
    echo "Fax Number : $row[7] <hr>";
    // Add a link with a parameter(id) and it's value.
    echo '<a href="phoneupdate1.php?id='.$row[0].'">Update</a>';
  }
} else { 
  // no 
  // print status message 
  echo "No rows found!";
} 
//mysql_close();
?>

I have it working here: http://www.elvenblade.com/test/ with the code I posted in post 29

try changeing these <? echo $row[number]; ?> to these <?=$row[number]?> in the HTML form.

could the problem be on the first form, at the:

echo '<td><a href="phoneupdate1.php?id='.$row[0].'">Update</a></td><br/><hr>';

area? Maybe its not passing the id to the next form. Is there a way to test this?

No, that is right, $row[0] refers to the column id in the database, the easy way to check, click it and see if the correct number shows up in the URL on the next page :)

http://www.elvenblade.com/test/ - that is the script I posted in my previous message, it all seems to be working there.

make sure that the location in the header() redirect is correct.

what error do you get on submitting?

Right, I think this will sort it, I have run the script on my pc with no errors.

I have made a couple of changes to the script, these are in bold.

<?php
error_reporting(E_ALL);

$host = "localhost";
$user = "xxx";
$pass = "xxx";
$db = "phonebook";

//Connecting to MYSQL
[B]mysql_[/B]connect("$host","$user","$pass");
//Select the database we want to use
mysql_select_db($db) or die("Could not find database");


// ***** This part will process when you Click on "Submit" button *****
// Check, if you clicked "Submit" button
[B]if(isset($_POST['Submit'])){[/B]

// Get parameters from form.
$id=$_REQUEST['id'];
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$phone_num=$_POST['phone_num'];
$ext=$_POST['ext'];
$title=$_POST['title'];
$dept=$_POST['dept'];
$fax=$_POST['fax'];

// Do update statement.
mysql_query("UPDATE [B]people[/B] SET `fname`='$fname', `lname`='$lname', `phone_num`='$phone_num', `ext`='$ext', `title`='$title', `dept`='$dept', `fax`='$fax' where `id`='$id'")[B]or die(mysql_error());[/B]

// Re-direct this page to select.php.
header("location:phoneupdate.php");
exit;
}
// Check to see if the link from the previous page was clicked
if(isset($_REQUEST['id'])) {
  // Check that the id value in the URL is a number
  if(is_numeric($_REQUEST['id'])) {
    $id=$_REQUEST['id'];
    $result=mysql_query("SELECT * FROM people WHERE id = '$id'") or die(mysql_error);
    i[B]f(mysql_num_rows($result) > 0) {[/B]
      $row=mysql_fetch_row($result);
    } else {
      echo 'No Record';
    }
  }
}
// ************* End update part *************

// Close database connection.
mysql_close();
?>

<!-- END OF PHP CODES AND START HTML TAGS -->
<html>
<body>
[B]Reference: <?=$id?><BR>[/B]
<!-- set this form to POST method and target this form to itself ($PHP_SELF;)-->
<form id="form1" name="form1" method="post" action=[B]"<?=$_SERVER['PHP_SELF']?>?id=<?=$id?>">[/B]
<p>First Name :
<!-- name of this text field is "fname" -->
<input name="fname" type="text" id="fname" value="<? echo $row[1]; ?>"/>
<br />
Last Name :
<!-- name …

change

mysql_query("update phonebook set First Name='$fname', Last Name='$lname', Phone Number='$phone_num', Extension='$ext', Title='$title', Department='$dept', Fax='$fax' where id='$id'");

to

mysql_query("update phonebook set `fname`='$fname', `lname`='$lname', `phone_num`='$phone_num', `ext`='$ext', `title`='$title', `dept`='$dept', `fax`='$fax' where `id`='$id'");

this part of your code is incorrect, you don't have any POST data from the previous page so $_POST will return a null value, remove this:

// *** Select data to show on text fields in form. ***

// Get id parameter (GET method) from select.php
$id=$_POST['id'];

// Get records in all columns from table where column id equal in $id and put it in $result.
$result=mysql_query("select * from people where id='$id'");

// Split records in $result by table rows and put them in $row.
$row=mysql_fetch_assoc($result);

as it is basically duplicating this part (move this to below the comment stating the end of the update if you wish):

// Check to see if the link from the previous page was clicked
if(isset($_REQUEST['id'])) {
  // Check that the id value in the URL is a number
  if(is_numeric($_REQUEST['id'])) {
	$id=$_REQUEST['id'];
    mysql_query("SELECT * FROM people WHERE id = '$id'") or die(mysql_error);
    if(mysql_num_rows > 0) {
      $row=mysql_fetch_row($result);
    } else {
      echo 'No Record';
    }
  }
}

Also, can you list the column names from the database.

Whats the code you are actually using at the moment.

sorry, spotted another problem with my code, change

if(is_numeric($_REQUEST['id'])) {
    mysql_query("SELECT * FROM people WHERE id = `$id`") or die(mysql_error);

to

if(is_numeric($_REQUEST['id'])) {
    $id=$_REQUEST['id'];
    mysql_query("SELECT * FROM people WHERE id = `$id`") or die(mysql_error);

otherwise the script isnt being told which ID to get :)

In the SQL update query, put the field names in ``, also the names such as First Name and Last Name do not look correct, make sure that the names you use in the query are exactly what shows on the database (through phpmyadmin or similar)

The $_POST[] values are fine, they relate to the input fields on the form so that is not a problem.

Also, your SQL update query uses $id which has not been passed to the function from the form, change the form action from "<? echo $PHP_SELF; ?>" to "<? echo $PHP_SELF; ?>?id=$id" and change

// Get parameters from form.
$id=$_POST['id'];

to

// Get parameters from form.
$id=$_REQUEST['id'];

Above post edited, I missed the ; on the end on the mysql_fetch_row line which may be causing the problem

Your second page should look similar to this: I have highlighted the changes on bold text, also changed the form output details.

<?php
$record = $_POST['record'];
echo "Reference: $record<br><BR>";

$host = "localhost";
$user = "xxx";
$pass = "xxx";
$db = "phonebook";

//Connecting to MYSQL
MySQL_connect("$host","$user","$pass");

//Select the database we want to use
mysql_select_db($db) or die("Could not find database");

[B]// Check to see if the link from the previous page was clicked
if(isset($_REQUEST['id'])) {
  // Check that the id value in the URL is a number
  if(is_numeric($_REQUEST['id'])) {
    mysql_query("SELECT * FROM people WHERE id = `$id`") or die(mysql_error);
    if(mysql_num_rows > 0) {
      $row=mysql_fetch_row($result);
    } else {
      echo 'No Record';
    }
  }
}[/B]

// ***** This part will process when you Click on "Submit" button *****
// Check, if you clicked "Submit" button
if($_POST['Submit']){

// Get parameters from form.
$id=$_POST['id'];
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$phone_num=$_POST['phone_num'];
$ext=$_POST['ext'];
$title=$_POST['title'];
$dept=$_POST['dept'];

// Do update statement.
mysql_query("update phonebook set First Name='$fname', Last Name='$lname', Phone Number='$phone_num', Extension='$ext', Title='$title', Department='$dept' where id='$id'");

// Re-direct this page to select.php.
header("location:phoneupdate.php");
exit;
}
// ************* End update part *************

// *** Select data to show on text fields in form. ***

// Get id parameter (GET method) from select.php
$id=$_POST['id'];

// Get records in all columns from table where column id equal in $id and put it in $result.
$result=mysql_query("select * from people where id='$id'");

// Split records in $result by table rows and put them in $row.
$row=mysql_fetch_assoc($result);

// Close database connection.
mysql_close();
?>

<!-- END OF PHP CODES AND START …

If you make a single page (for example index.php) and include the language file depending on which language is wanted, this is a perfectly acceptable use of the define() function. as it will standardize the scripts.

If the register globals are set to off then you are going to have to use $_POST.

If register globals is on, turn it off, this is possibly the worst function ever, it encourages slack programming and security problems.