Posts by broj1

This is what PHP manual says about the $_SERVER['HTTP_REFERER'] (see the link in my post):

'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

Thanx for this tip. However note that $_SERVER['HTTP_REFERER'] is not always 100% reliable.

First check whether the data in the table is OK (maybe you have multiple same inserts).

The query in the getv.php seems to be missing the name field, since you refer to it in the while loop:

$query = mysql_query("SELECT image, name FROM upload WHERE `category` = '$category'");

Unfortunately it is not enough just change mysql_* commands to mysqli_*. There are minor differences. For example mysql_query takes first parameter the query and optional second the link while mysqli_query takes the first parameter link (must be present) and second the query. I suggest you check the syntax of each command on php.net. And be aware that mysqli_* has and object oriented API as well as procedural. You probably want to start with procedural.

So in your case:

<?php
   include 'connect.php'; // assuming that link identifier is stored in $link
   //populate form dropdown box
   $op = '';
   $r = mysqli_query($link, "SELECT cat_id, category FROM categories ORDER BY cat_id");
   if (mysqli_num_rows($r)){
      while ($d = mysqli_fetch_assoc($r)){
         $op .= "\n\t<option value='{$d['cat_id']}'>{$d['category']}</option>";
      }
   }
?>

(headers_send()) wasn't working for me.
gave an error(white page)

If you only get a blank page when in error then first turn on error reporting and display of errors in php.ini. This would have helped in first place.

Also make sure function.php script does not send output too early.

Line 48 is incorrect:

if(headers_send)

It should be:

if((headers_sent())

See headers_sent function reference.

First remove all the echo statements in the code since they send output too early. Some of them are not needed at all (since they are positioned after the redirection should happen). If this does not work check teh included scripts (or post them here). If you post the database connection script here, do not forget to remove password and other confidential data.

So can you remove the output before the header function? If not sure, post the scripts.

You make sure no HTML output has been sent before any header() function. You can achieve that in several ways:

1. make sure no html is before header() functions
2. make sure no single space (or whitespace chars) is outside <?php ?> tags before header() functions
3. make sure no HTML output or white space is in included files function before header() functions

If sending an output before header() functions can not be avoided, use output buffering.

Then let's try if headers have already been sent:

if(headers_sent()) {
    die('Headers have already been sent, you can not send them again.');
}

if($status == 1) {
die('location: index.php?user='.$user.'');
//header('location: index.php?user='.$user.'');
} else {}

so if i see this correctly i have to print somethign for the value to become 1 and not stay empty or whatever.

No, this was just a test. It might be that the location header is not getting the correct address or maybe some output has been sent before it (which prevents header for being sent). Remove the above debug code and try this:

if($status == 1) {
    die('location: index.php?user='.$user.'');
    //header('location: index.php?user='.$user.'');
} else {}

and check if the correct location string has been constructed and displayed.

Are you sure the query returns 1? Test it with some code like:

if($status == 1) {
    die('Status is obviously 1');
    // header('location: index.php?user='.$user.'');
} else {
    die('Status is actually ' . print_r($status, 1));
}

Add backtick (above tab key & near to 1 key) symbol in all your queries where, field names are declared Ex: Ref attachment Eg. 1

@mrvijayakumar: great thinking :-). The queries (lines 17 and 27) contain a field named status which is a mysql keyword therefore it has to be enclosed with backticks.

So, line 17:

$result=mysql_query("UPDATE `tblproduct` SET `status`='inactive' WHERE `prod_id`='$prod_id'");

and line 27:

$result=mysql_query("SELECT * FROM `tblproduct` where `prod_id`='$prod_id' AND `status` = 'active'") or die(mysql_error());

A backtick on my keyboard is on alphanumeric 7 key (AltGr + 7 -> Space).

The isset() function returns TRUE or FALSE. You probably wanted it this way:

if(isset($_GET['_rp']) && $_GET['_rp'] == 1)
...
elseif(isset($_GET['_rp']) && $_GET['_rp'] == 2)
...

If you resize your window width below about 970 px the horizontal scrollbar appears. This is usually set using min-width css property on container div element.

What was displayed after the code I gave you in my last post (please post the output here)?

die("UPDATE tblproduct SET status='inactive' WHERE prod_id='".$prod_id."';");

You can make this code a bit simpler:

die("UPDATE tblproduct SET status='inactive' WHERE prod_id='$prod_id'");

Put this temporary debug code on line 14.

die("UPDATE tblproduct SET status='inactive' WHERE prod_id='".$prod_id."';");

It will display the query and stop the script. Now copy the query in phpmyadmin and test it.

What is actualy your goal? Not knowing PHP and messing arround with login (or any other) scripts will get you in trouble sooner or later. If you want to build or maintain a web application the first prerequisite is to know the language and be familiar with technologies used otherwise you might be in for a trouble. Unpurposely you could expose confidential data or make damage to the customer or users.

You should use POST method for that:

<form method="post" action="process.php">
    <input type="password" name="pass">
    <input type="submit" name="submit" value="Submit password">
</form>

And this is an example of a process.php

<?php
// check if password is set and matches criteria
if(isset($_POST['pass']) && $_POST['pass'] != '') {

    // escape the value to avoid most sql injection attacks
    // use your database driver's function
    // I am using mysqli in this example
    $password = mysqli_real_escape_string($_POST['pass']);

    // hash the pasword using a function of your choice
    $hashedPassword = ...

    // store the hashed password
    $query = "INSERT INTO users (hashedpassword) VALUES ($hashedPassword)";
    ...

    // let the user know
    echo "The password has been stored.";

} else {
    // if password is not set or does not match the criteria notify the user.
    die("Please go back and enter correct password");
}
?>

This is just a basic example. Many things can be improved.

I do not garanteeu that the code below will work. It is meant to show where to put the changes. See the comments in the changed code.

<?php

session_start();

include "../adminheader.php";
include "../config.php";
include "../style.php";

$ID = $_POST['Adminid'];
$Password = $_POST['Password'];

// errorchecking first:

if (empty($Password)) {
   echo "Password field is empty, please click your browsers 'back' button.";
   exit;
   }

if (empty($ID)) {
   echo "Admin id field is empty, please click your browsers 'back' button.";
   exit;
   }

if(($Password != $adminpw) || ($ID != $adminid))
  {
    echo "Error. Wrong Admin Login.";
    exit;
  } else {

    // --------------------
    // this bit has changed
    // --------------------

    // I am guessing this since I do not know the logic
    $_SESSION["alogin"] = $somevariable; 

    // maybe this one goes into $_SESSION["alogin"]
    // if yes put if before the above line
    $alogin = true; 

    // this redirects to rhe target page
    // I called it someAdminPage.php, you have to name it by it's real name
    header("Location: someAdminPage.php"); // I am guessing this

    // this preventively stops the script
    exit();
  }

include "../footer.php";
?>

On each click of a button the form gets submitted with only one value. You'd be better off putting checkboxes next to each image (and only one submit button) and then check the array of checked ckeckboxes to produce the IN condition. Just an idea.

Your query is designed to read the data only for one customer with the current $CustomerID. You have to change the query to read all (or selected set of) customers. But how would you display the invoices then (say for a few hundred of customers)??

I tested this with the textarea. If I enter linebreaks they are sent with POST as %0D%0A which is "\r\n" I guess. The nl2br() function adds <br> tags and newlines display nicely in HTML.

Is the source of the message a textarea?

Maybe you should chek out how the message looks when sent to server. Is it comming from a textarea? I suggest you put this temporary debug code before line 3:

die($_POST['msg']);

This will display what comes across and stop the script. You can examine the text and see how linebraks are being encoded or post the output here.

Yes, that would be better. GET is recommended only for retrieval of resources from the server and allows a limited set of characters, characters that are not allowed should be encoded.

I don't see anything incorrect in headers. But since the message is appended to the URI (by GET method) how are linebreaks encoded? Normal linebreaks are not allowed in the URI.

I would expect in html formated mail <br> tag would produce a line break. This can't be the case in your message ($msg) since you are stripping all the tags. Maybe you should do it this way:

$msg = strip_tags( $_GET['msg'], '<br>' );

provided that $_GET['msg'] already contains html breaks (please test if this removes also <br/> and <br /> tags).

[ EDIT ] please disregard my post since i missinterpreted it. You are already using nlb2br() function. Sory.

Another one is jQplot, open source and free for commercial use. I quite liked it.

Simple and effective bar chart can also be accomplished just by using tables or divs and a bit of css. I have done it once in a small project and it looked quite cute.

Have you changed the code in the loginnow.php file?

Upon successful insertion you might want to initialize $_POST with this code on line 43 (provided that you do not need the values anymore):

$_POST = array();

Then the correct check would be:

if(isset($_POST) && !empty($_POST))

The check you use in your code (if($_POST != '')) is incorrect - $_POST is an array not a string.

The most proper way of doing it would be checking / validating / escaping the $_POST values before inserting them into database (or use prepared statement).

If pasword and ID are OK then the code between lines 31 and 34 should execute:

$_SESSION["alogin"];
$alogin = true;
//header("Location: index.php");
echo '<META HTTP-EQUIV="Refresh" Content="0;URL=index.php">';

Successful login would (presumably) redirect you to some admin page. On successful login your code attempts redirection to index.php. Is this the admin page or the login page? Additionaly line $_SESSION["alogin"]; does nothing useful. I think this session variable should be assigned some value.

I would suggest you figure out what is the target page for successful login and change the above lines to something like:

$_SESSION["alogin"] = $somevariable; // I am guessing this
$alogin = true;
header("Location: someAdminPage.php"); // I am guessing this
exit();

One approach would be to read the contents of the table in a giant string, hash that string and store the hash. Later you can repeat the procedure and compare the computed hash with the stored hash. But there are few considerations:

• the string that you read rows into, should not be too big not to exceed the memory and time limits of the server
• the contents of all the fields in the table should be convertible to string uniquely (what happens with the binary data, true/false etc?)

Maybe there is a better method (maybe hashing the MYD file). Anyway, what is the purpose of that?

For a start post a file that contains the login form. If you see an action attribute in the form tag and if it points to some other php file, post code in that file. For example if this is the form tag code:

<form method="post" action="process_form.php">

post the code from the process_form.php file.

A simple tutorial:
http://www.tutorialspoint.com/php/php_get_post.htm

Noce explanation on W3schools:
http://www.w3schools.com/tags/ref_httpmethods.asp

A technical specification as a part of of the HTTP protocol:
http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html

And all this leads to:
http://en.wikipedia.org/wiki/Representational_state_transfer#About
and
http://www.ibm.com/developerworks/webservices/library/ws-restful/

In simplified terms: use GET to retrieve data from the server, use POST to send data to the server, when you are familiar with the thing, read about the REST (the last two links). I am not expert on the later so maybe others will tell more.

The $_POST array doesn't contain a name element. The reason is in that the name input field has not been submitted yet. Include a check such as:

<?php
if(isset($_POST['name']) && !empty($_POST['name'])) {
    $name1=$_POST['name'];
    echo "<br> Your name is $name1 . Thanks for using our system.";
}
?>

Even better would be to check for form submission:

<?php
if(isset($_POST['submit']) && isset($_POST['name']) && !empty($_POST['name'])) {
    $name1=$_POST['name'];
    echo "<br> Your name is $name1 . Thanks for using our system.";
}
?>

In order this to work you should add a name attribute to the submit button:

<input type="button" onclick="formSubmit()" name="submit" value="Submit" />

Posting the existing code might help solving the problem.

Shuldn't it be:

header('location: ../admin.php'); // 1 folder up
header('location: ../../admin.php'); // 2 folders up

But HTTP 1.1 requires an absolute URI for the Location field so I am not sure if the above is OK to be used. Anyone knows more about that?

mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in LINE:...

This means that mysqli_fetch_assoc() returned FALSE which it does on error. To find out the error you can also add this temporary debug line after line 15:

die($sql);

which will display the constructed query and stop the script. Now copy the displayed script to phpmyadmin and test it there. The above Atli's advice still applies, of course.

There are two ID's so use a form that includes table name:

WHERE table1.id = '".$q."'

Put the where clause before the ORDER clause (and after the JOIN clauses).

And remove the comma after the table3.file_name.

What API do you use?

Do you have any code yet?

If you are learning to use ajax it might be right time to look at jquery also. jquery has nice support for ajax and will save you from using xmlhttp object directly making sure you cover all browsers and have the code right.

Of course, all above about safe querying still applies.

No problem. Happy coding.

Here is corrected code. I added $totalsArray array in couple of places.

<?php 
session_start(); 

// uncomment this for you to work
// include('db_connect.php'); 
// $username = $_SESSION['username']; 

// --------------------------------------------
// IGNORE THIS - IT IS MY STUFF
include('../dbconnect.php');
$link = dbConnect(array('driver' => 'mysql'));
include('../../html/lib/func.php');
$username = 'davinci'; 
// --------------------------------------------

$user = mysql_fetch_assoc(mysql_query("select user_id from tbllogin where username = '{$username}'")); 

// get favourite retailers
$qRet  = "SELECT tblfav_ret.ret_id, tblretailer.ret_name, tblretailer.user_id AS ret_admin_id ";
$qRet .= "FROM tblfav_ret ";
$qRet .= "JOIN tblretailer ON tblfav_ret.ret_id=tblretailer.ret_id ";
$qRet .= "WHERE tblfav_ret.user_id = '{$user['user_id']}' ";
$qRet .= "ORDER BY tblretailer.ret_id";
$retRes = mysql_query($qRet);

// array with data about favourite retailers (id and name)
// used for table heading
$favRetailerArray = array();

// array with retailer user_ids (called ret_admin_id to avoid confusion)
$favRetailerAdminArray = array();

// create arraya with retailer data and retailer admin IDs (to map to retailers later)
while($retRow = mysql_fetch_assoc($retRes)) {

    $ret_id = $retRow['ret_id'];
    $favRetailerArray[$ret_id] = $retRow['ret_name'];
    $favRetailerAdminArray[] = $retRow['ret_admin_id'];
}

// make a string that will be an IN condition for SQL statement for prices
$retAdminIdList = implode(',', $favRetailerAdminArray);

// start HTML table
echo "<table bgcolor='grey' width='80%' border=1>";

// HTML table header
echo "<th>Name</th>";
foreach($favRetailerArray as $ret_name) {

    echo "<th>$ret_name</th>";
}
echo "</tr>";

// initialize totals array
for($i = 0; $i < count($favRetailerAdminArray); $i++) {
    $totalsArray[$i] = 0;
}

// query for getting products of favourite retailers (without any prices)
$qFav  = "SELECT tblfavourites.prod_id, tblproduct.prod_name, tblretailer.user_id as ret_admin_id  ";
$qFav .= "FROM tblfavourites ";
$qFav .= "JOIN tblproduct ON tblproduct.prod_id=tblfavourites.prod_id "; …

Ups. Give me couple of minutes.

An older post but it might help:

http://www.daniweb.com/web-development/php/threads/124300/how-to-php-export-to-excel

Sory, my mistake in the last while loop. The logic is complicated due to using user_id in retprod table for establishing the relation. It would be far more simple if relation would be made as noted in my previous posts. Here is the corrected code. It is hard to test it thoroughly, I hope it works OK.

<?php 
session_start(); 

// uncomment this for you to work
// include('db_connect.php'); 
// $username = $_SESSION['username']; 

// --------------------------------------------
// IGNORE THIS - IT IS MY STUFF
include('../dbconnect.php');
$link = dbConnect(array('driver' => 'mysql'));
include('../../html/lib/func.php');
$username = 'davinci'; 
// --------------------------------------------

$user = mysql_fetch_assoc(mysql_query("select user_id from tbllogin where username = '{$username}'")); 

// get favourite retailers
$qRet  = "SELECT tblfav_ret.ret_id, tblretailer.ret_name, tblretailer.user_id AS ret_admin_id ";
$qRet .= "FROM tblfav_ret ";
$qRet .= "JOIN tblretailer ON tblfav_ret.ret_id=tblretailer.ret_id ";
$qRet .= "WHERE tblfav_ret.user_id = '{$user['user_id']}' ";
$qRet .= "ORDER BY tblretailer.ret_id";
$retRes = mysql_query($qRet);

// array with data about favourite retailers (id and name)
// used for table heading
$favRetailerArray = array();

// array with retailer user_ids (called ret_admin_id to avoid confusion)
$favRetailerAdminArray = array();

// create arraya with retailer data and retailer admin IDs (to map to retailers later)
while($retRow = mysql_fetch_assoc($retRes)) {

    $ret_id = $retRow['ret_id'];
    $favRetailerArray[$ret_id] = $retRow['ret_name'];
    $favRetailerAdminArray[] = $retRow['ret_admin_id'];
}

// make a string that will be an IN condition for SQL statement for prices
$retAdminIdList = implode(',', $favRetailerAdminArray);

// start HTML table
echo "<table bgcolor='grey' width='80%' border=0>";

// HTML table header
echo "<th>Name</th>";
foreach($favRetailerArray as $ret_name) {

    echo "<th>$ret_name</th>";
}
echo "</tr>";

// query for …

And what happens after that?