Posts by broj1

Show us the rest of the code. From this snippet it is impossible to tell what is wrong. Could be html tags mismatch.

Videos: https://phpacademy.org/.

And of course php.net. It might take some time to get used to it but at the end of the day it is a wealth of information. Everything is there.

You can do it all in Javascript if you do not need server processing. In this case just write a function to convert number to words and fire it on keyup event.

Now, if you need to process numbers on a server (as it seems from your post) then you will have to use ajax to fire requests on keyup.

In both cases jquery might help you so you do not have to write too much code and it will work in most browsers correctly. For ajax solution take a look at jquery post function.

Something like:

<?php

// set styles the way you want
if($time < 8) {
    $tdStyle='background-color:green;';
} else {
    $tdStyle='background-color:red;';
}

while($row=mysql_fetch_array($result))
{    
    echo "</td><td style=\"$tdStyle\">";        
    echo $row['full_name'];        
    echo "</td><td style=\"$tdStyle\">";        
    echo $row['section'];        
    echo "</td><td style=\"$tdStyle\">";        
    echo $row['time'];        
    echo "</td><td style=\"$tdStyle\">";        
    echo $row['reason'];        
    echo "</td></tr>";
}
echo "</table>";  
?>

Please note the escaped double quotes so you can use them directly in a double quoted string.

If you post the whole script we might get a bit closer to the resolution of your problem.

Can you post the whole script. Maybe there is a html output before header function, in which case the redirection won't work.

I also noticed I had an error in my line of code (missing quote). The correct code is:

header("Location: $insertGoTo");

Please correct and also reply on my question above.

So what does the line die($insertGoTo); display?

So according to the following condition:

if($res1['baned_c2'] != NULL) { $res2 = $res1['baned_c2']; } else { $res2 = "NONE"; }

the baned_c2 field contains no value and no value is selected in your drop down. That contradicts with what you said:

$res2 returnes only the first leather of the name from the DB
In the DB its ALGERIA and i only get A

Your HTML is also structured against the rules (atribute values should be enclosed in quotes at least). This might not be the cause but if you structure it right the some chance for errors is eliminated. Correct way would be:

echo '<form action="p_settings_ban_s.php">';
echo '<select name="country">';
echo '<option value="">NONE</option>';

    $query1 = mysql_query("SELECT DISTINCT country_name FROM country_list ORDER BY country_name ASC");
while($row1 = mysql_fetch_assoc($query1)) {
    if($row1['country_name'] == $res1)
    { 
        echo '<option selected value="' . $row1['country_name'] . '">' . $row1['country_name'] . "</option>"; }
    else
    { 
        echo '<option value="' . $row1['country_name'] . '">' . $row1['country_name'] . "</option>"; }
    }
    echo "</select>";
    ...

As far as I can see $res2 does not depend on $query2. Can you put this temporary debug code just after line 38 and post the result here:

die($row2['country_name'] . ' ' . $res2);

Check out if the $insertGoTo variable has same value in both cases. Put this temporary line of code just before line 16:

die($insertGoTo);

Now see if the same value is displayed on the localhost and the web hosting server.

And also: you can simplify the header function like this:

header("Location: $insertGoTo);

BTW: the line 6 in the above code should be:

for($x = 0; $x < count($array); $x += 4) {

and line 8 should be:

$query .= "('" . $array[$x] . "','" . $array[$x + 1] . "','" . $array[$x + 2] . "','" . $array[$x + 3] . "'),";

I was typing too fast :-)

Something like (not tested):

// check if the number of fields is multiple of 4
if(count($array) % 4 == 0) {
    // start building the query
    $query = 'INSERT INTO yourdatabase (`field1`, `field2`, `field3`, `field4`) VALUES ';
    // add values to the query
    for($x = 0; $x < $count($array); $x += 4) {
        // add a set of four values to the query
        $query .= "('{$array[$x]}','{$array[$x + 1]}','{$array[$x + 2]}','{$array[$x + 3]}'),";
    }
    // get rid of the last comma in the query
    $query = rtrim($query, ',');
    // run the query
    ....
}

Maybe this link can help a bit:

http://stackoverflow.com/questions/3740845/php-session-without-cookies

But keep in mind there are security issues with this.

There are at least 2 reasons:

1. The mysql extension is deprecated in the current version of PHP and will be removed in future (see http://si1.php.net/manual/en/intro.mysql.php). For now using it causes warnings (I think), in future it will fire errors.

2. Newer extensions support more mysql functionalities that add to security, such as prepared statements which greatly prevent sql injection attacks.

But, in my opinion it is also worth looking at PDO. It has a advantage over mysqli in that it is an abstraction layer, that is, it supports several databases. This might make your life easier if you swap database in a future.

Sory, I didn't mean to push you into mysqli so quickly, since it was not the reason for your particular trouble. It is only a good idea to switch since mysql is going to be abandoned soon. But back to the insert problem.

Have you tried the die() solution form my first post? Please post the output here.

Use HTML5 video tag.

Have you corrected the missing $ in line 1 of your code (as JorgeM suggested). You might have overlooked it since the error wasn't explicitly mentioned (just guessing).

Also you can examine the contents $_GET array by adding this code in the beginning of the script:

die(print_r($_GET, 1));

I would check whether the $IdArray exists and is not empty:

$query = "SELECT * FROM test WHERE user = '$user'";
if(isset($IdArray) && !empty($IdArray)) {
    $ids = implode(',', $IdArray);
    $query .= " AND id IN ($ids)";
}
...

And, maybe you should post the $IdArray here (using print_r($IdArray)). Just to check the structure.

Now, another thing which is being repeated quite often: do clean the input that users enter in your form to avoid nasty things like sql injection. At least escape:

$post_username = mysql_real_escape_string($_POST['username']);
$post_useremail = mysql_real_escape_string($_POST['useremail']);

Even better, check if values contain expected data, blacklist characters, check for lenghts etc. And switch to pdo or mysqli, drop the mysql db extension.

Test the sql staement by inserting this temporary debug code right after line 19:

die($sql);

This will display the insert query and stop the script. Now you can inspect the query or test it in phpmyadmin. You can also post it here.

Also use error checking:

$result = mysql_query($sql, $db) or die('ERROR!'); 

You are welcome. If this is it please mark it as solved. Happy coding.

Other issues:

1. never trust user input since not everyone will enter email address; some nasty boys might enter a bad query instead (it is called a sql injection), therefore escape the input:

   $email = mysql_real_escape_string($_POST["users_email"]);
   $pass = mysql_real_escape_string($_POST["users_pass"]);

2. before querying check whether user submitted the form at all and data exist:

   if(isset($_POST["users_email"])) {
   $email = mysql_real_escape_string($_POST["users_email"]);
   } else {
   // handle the error
   ...
   }

3. use some error checking upon querying:

   $result = mysql_query("SELECT users_email, users_pass FROM login WHERE users_email = $email") or die('ERROR');

4. avoid mysql extension, move to mysqli or PDO as soon as you can.

Put $email in single quotes since it is expected to be a string:

$result = mysql_query("SELECT users_email, users_pass FROM login WHERE users_email = '$email'");

Learning PHP and web technologies by watching videos:

https://phpacademy.org/

A lot of good already made PHP classes (if you decide to go OOP), ready to use or learn by examining the code:

http://www.phpclasses.org/

And good old PHP manual, a wealth of first hand information:

http://www.php.net/manual/en/

Well, then maybe it's got to do something with the command itself and the redirections you use. Have you tried it without the 2>&1 part or executing each part of the command sepparately (now I am guessing :-)?

Have you tried to add a second argument that will hold the output of the command:

$command = "/usr/bin/lftp -u username,password ftp.website.com -e 'set ftp:ssl-allow off; put /var/www/folder/file.zip; bye'" . " 2>&1";
exec($command, $output);
print_r($output);

if you split this big function to a small separate function it will be simple to detecte and correct errors

I think 203428's suggestion is excelent. Your function is doing a lot of small tasks that can be split into smaller functions. That would make the code much more readable and easier to debug. For example code between lines 55 and 65:

//check age group
if ($age = "b") {
    $agegroup = "18-23";
} else if ($age = "c") {
    $agegroup = "24-30";
} else if ($age = "d") {
    $agegroup = "31-40";
} else if ($age = "e") {
    $agegroup = "40-1000";
}
$agegroups = explode("-", $agegroup);

could be made into a function (or method of a class):

function getAgeGroupArray($age) {

    if ($age = "b") {
        $agegroup = "18-23";
    } else if ($age = "c") {
        $agegroup = "24-30";
    } else if ($age = "d") {
        $agegroup = "31-40";
    } else if ($age = "e") {
        $agegroup = "40-1000";
    }
    return explode("-", $agegroup);    
}

or more concise form (you can stick to the above form if you wish :-):

function getAgeGroupArray($age) {

    switch($age) {
        case 'b': return array('18', '23'); break;
        case 'c': return array('24', '30'); break;
        case 'd': return array('31', '40'); break;
        case 'e': return array('41', '1000'); break;
    }    
}

Now just call the function in the code:

$agegroups = getAgeGroupArray($age);

You can do this with other tasks like deleting a record etc.

I have thought that maybe they are in the wrong places, but I do not know where to put them if they are in the wrong place

That depends on the logic (what you want to achieve). But at least one return statement is in wrong place. i.e if the code on line 159 would be moved to the place just after the line 166 the foreach loop could go through more iterations. But I do not know if this is what you want to achieve.

How do you call this function? And what is the purpose? As far as I understand it if applicant's rank is below 35 he/she gets deleted from the table. But how do you test for the return value (which is TRUE in case of deletion)? And why do you pass a certain applicant's ID, then query for applicants (I am guessing) and then loop through results?

And I just noticed it: in the if test on line 150 you return in any case (true or false) so the foreach loop gets thru only one time and is therefore not needed really. Maybe your return statements are in wrong places?

BTW: do not forget to correct lines 105 and 107 as pzuurveen suggested above?

Well, this function looks rather complex. This is valid, but quite hard to debug. But, let's try it anyway. Put this temporary debug code on line 149:

echo $applicants[$applicant_id_number] . '<br>';

This should presumably display somewhere all the values of the $applicants array used in the if test (if not, write a test script). You can inspect the values and try to understand why they do not get over 35. Please post the output here.

Ok, this is a bit different from the above code where you also insert.

Main page would be a list showing the most recent added movies...

For this page you create a query that reads the data for recently added movies. By data I mean all the fields that you want to show for each movie + a field that represents a key (like movie ID).

...each movie would have its own page and everything would be searchable

On each movie's page you select all the needed data from the database again using the key (like movie ID) and display it. There are many ways to implement the search from then.

Yo can also provide a form to add a movie if this is your intention but I would do it in a separate page. But this is up to you.

You do not have to read from the database since you already have all data about the added movie (which you want to display if I understood you). Just go like this:

<html>
<head>
<title><?php echo htmlspecialchars($_POST['Movie_Name']); ?></title>
<?php include_once("template_pageTop.php"); ?>
</head>
<body>
<p>Movie name: <?php echo htmlspecialchars($_POST['Movie_Name']); ?> <br>
<p>Poster: <?php echo htmlspecialchars($_POST['Poster']); ?> <br>
...
</p>

</body>
</html>

As you can see I have used the htmlspecialchars function to replace the dangerous tags that should not get into the html from the form (like <script> tag)

OK, once you have questions, come back. Happy coding.

OK, it is obvious. Change the code:

if(isset($GenreArray)) {
    $genres = serialize($GenreArray);
} else {
    $genres = ''; // this is in case user selects nothing (to be on the safe side)
}

to:

if(isset($_POST['Genre'])) {
    $genres = serialize($_POST['Genre']);
} else {
     $genres = ''; // this is in case user selects nothing (to be on the safe side)
}

$GenreArray is not existing in this code.

Can you post the code for the form (the whole html file). I will check it in my environment.

O this is the code in question:

if(isset($GenreArray)) {
    $genres = serialize($GenreArray);
} else {
    $genres = ''; // this is in case user selects nothing (to be on the safe side)
}

Put the debug code just before it:

die(print_r($GenreArray, 1));

and post what you get.

Have you selected any genres from the select dropdown?

As you can see the $_FILES['Poster'] is still an array. You have to change the code for the $Poster variable to:

$Poster = $_FILES['Poster']['name'];

or better also escape it (since it can contain quotes):

$Poster = mysql_real_escape_string($_FILES['Poster']['name']);

Once you do this you can remove the die statement (comment it out for now).

Sorry, my fault. The correct code is:

die(print_r($_FILES, 1));

Please post the output.

The third value in the query says 'Array'. The poster is supposed to be there, but it is an array that could not be converted to a string. In other words the code

$Poster = $_FILES['Poster'];

seems to be returning an array. Can you change the debug code (the die statement) to:

die($_FILES);

and post what you get displayed.

And another thing. The query gets also corrupted because of the single quote in the synopsis text (... Marion's relatives). You have to escape all the single quotes in the input fields for two reasons: first: they can corrupt your query (like in your example) and second: they enable the most dangerous attack - the SQL injection. To escape input use mysql_real_escape_string function like this:

$Synopsis = mysql_real_escape_string($_POST['Synopsis']);

The query will now look like this: ... Marion\'s relatives (see the escaped single quote). Use escaping on all fields.

OK, let's do some basic debugging. In order to do that you have to change the code slightly. First you have to assign a query to a variable (say $query) and then use this variable in a mysql_query command. But before using it we will display the query for inspection. Try this code:

    include_once('db.php');

    if($_SERVER['REQUEST_METHOD'] == 'POST'){ 
    $Movie_Name = $_POST['Movie_Name'];
    $Poster = $_FILES['Poster'];
    if(isset($GenreArray)) {
    $genres = serialize($GenreArray);
    } else {
     $genres = ''; // this is in case user selects nothing (to be on the safe side)
    }
    $IMDB_Rating = $_POST['IMDB_Rating'];
    $Quality = $_POST['Quality'];
    $Year = $_POST['Year'];
    $Trailer = $_POST['Trailer'];
    $Synopsis = $_POST['Synopsis'];
    }

    // the query
    $query = "INSERT INTO movieinfo VALUES ('','$Movie_Name','$Poster', '$genres', '$IMDB_Rating', '$Quality', '$Year', '$Trailer','$Synopsis')";

    // temporary debug code
    die($query);

    if (mysql_query ($query))
        echo "Successfull";
    else
        echo "Failed"; // you were missing a semocolon here !!!

This code will assemble the query, display it on the screen and stop. Please post the displayed query here.

The trouble is probably in the following statement on line 15:

if (mysql_query ("INSERT INTO movieinfo VALUES ('','$Movie_Name','$Poster', '$GenreArray', '$IMDB_Rating', '$Quality', '$Year', '$Trailer')"))

where you are trying to use the $GenreArray variable, which is of an array type instead of a string. I suppose you want to save genres as a comma separated string. In that case you have to implode the array $GenreArray using the comma as a glue before using it in a query:

if(isset($GenreArray)) {
    $genres = implode(',', $GenreArray);
} else {
    $genres = ''; // this is in case user selects nothing (to be on the safe side)
}

if (mysql_query ("INSERT INTO movieinfo VALUES ('','$Movie_Name','$Poster', '$genres', '$IMDB_Rating', '$Quality', '$Year', '$Trailer')"));

When you read the data back from the database use explode, to get an array.

The other option is to serialize the $GenreArray array before using it in a query.

if(isset($GenreArray)) {
    $genres = serialize($GenreArray);
} else {
    $genres = ''; // this is in case user selects nothing (to be on the safe side)
}

if (mysql_query ("INSERT INTO movieinfo VALUES ('','$Movie_Name','$Poster', '$genres', '$IMDB_Rating', '$Quality', '$Year', '$Trailer')"));

When you read data back from the database in this case use unserialize to get an array.

Salt actually increases the complexity of the hashed value and makes dictionary attacks more difficult. The salt should be known only to authorized users (or applications). If you use the default (pre-set) value in CakePHP it's almost like not using the salt since almost everyone knows it or can get hold of it.

Seems like you had a standalone mysql server installed before you installed xamp and the two do not want to work in parallel. If you do not need a standalone server remove it through the control panel (backup existing data). If you need it, do not start the one in the xamp. They might still conflict if run as services so experiment with ports. See also this article:

http://stackoverflow.com/questions/5096613/xampp-with-apache-and-mysql-already-installed

@203428:

why you put two * before checkdate var

probably just to indicate where the error occurs

start & end are date variable and $_POST[start] & $_POST[end] are just String so compare operation is not possible => result is always null;

If they are properly converted to mysql date format (line 6 and line 7) they can be compared in a query.

i php whene you try to concat var whith somthing else you must operator of concatination ". the dote" ".$_SESSION[user_id]."

What did you mean by that? There is no concatenation only comparison in the line you mentioned.

Seems like you are missing the quotes in the $_POST associative indexes. And in addition to that to get the $_POST array elements properly parsed withing the double quoted string enclose them within curly brackets.

$checkdate = "SELECT * FROM emp_status 
    WHERE user_id = '{$_SESSION['user_id']}' 
    AND ((start <= '{$_POST['start']}' AND end > '{$_POST['start']}')  
        OR (start < '{$_POST['end']}' AND end >= '{$_POST['end']}'))";

You are welcome :-)

You can create sessions on your server only, not on other servers. To create a session put the session_start() command on the beginning of your script. Then assign values to the $_SESSION array. On each script that contains a session_start command you can read and change these values. The values can be of most php types (integer, float, string, array...).

To backup a database you use mysqldump command on the db server. You must provide a root password (or dbuser password with appropriate access rights), :

mysqldump -u root -pdyourassword yourdbname > yourdbname_backup.sql

To do it from a php script use the system command:

$result = system('mysqldump -u root -pdyourassword yourdbname > somepath/yourdbname_backup.sql');
if(!result) {
    echo 'Something went wrong when trying to backup the db!';
}

Make sure the user that the web server runs under, has appropriate write access rights for the path where the backup is going to be writen to.

To enable users to download the file, provide the link to the backed up file (make sure that the file is in the publicly accessible folder).

You can also compress the file i.e. using gzip.

Also have a look at this post, too:

http://forums.devshed.com/php-development-5/php-script-download-mysql-dump-315780.html