broj1 356 Humble servant Featured Poster

Initialize $login_ok on the beginning (after session_start):

$login_ok = false;
broj1 356 Humble servant Featured Poster

Can you post the contents of the tables (in SQL format) so I can test it here (I had to change the data in your previous tables to have useful data for testing).

broj1 356 Humble servant Featured Poster

This is strange. It works fine for me. Can you put this code on the very beginning of the lgin.php:

die(print_r($_POST, 1));

This will display contents of the $_POST array and stop the script.

broj1 356 Humble servant Featured Poster

Does it work OK if you do not change the ret_admin_id to user_id?

broj1 356 Humble servant Featured Poster

It could be that $_GET['id'] does not exist. To make sure it exists, do a check:

if(isset($_GET['id'])) {
    $id = intval($_GET['id']);
} else {
    // do something to handle the error
}

It would help much if you posted the exact error message (error message text including variable names, line number etc).

Ups, I just figured out that you did not send the query at all. Well, above still applies.

broj1 356 Humble servant Featured Poster

OK. The way I got arround this is I did not get all the data in one query but broke it down to separate queries. The thing is you do not know the number of columens (retailers) in advance so it is easier to do it step by step. I hope this roughly is what you wanted. You can improve code a bit (check for values etc.). See also comments in the code. I also removed styles and some table attributes for clarity and did not use aliases in queries (a, b, c... do not tell much but add to confusion).

session_start(); 

// uncomment this for you to work
// include('db_connect.php'); 
// $username = $_SESSION['username']; 

// --------------------------------------------
// IGNORE THIS - IT IS MY STUFF
include('../dbconnect.php');
$link = dbConnect(array('driver' => 'mysql'));
include('../../html/lib/func.php');
$username = 'davinci'; 
// --------------------------------------------

$user = mysql_fetch_assoc(mysql_query("select user_id from tbllogin where username = '{$username}'")); 

// get favourite retailers
$qRet  = "SELECT tblfav_ret.ret_id, tblretailer.ret_name, tblretailer.user_id AS ret_admin_id ";
$qRet .= "FROM tblfav_ret ";
$qRet .= "JOIN tblretailer ON tblfav_ret.ret_id=tblretailer.ret_id ";
$qRet .= "WHERE tblfav_ret.user_id = '{$user['user_id']}' ";
$qRet .= "ORDER BY tblretailer.ret_id";
$retRes = mysql_query($qRet);

// array with data about favourite retailers (id and name)
// used for table heading
$favRetailerArray = array();

// array with retailer user_ids (called ret_admin_id to avoid confusion)
$favRetailerAdminArray = array();

// create arraya with retailer data and retailer admin IDs (to map to retailers later)
while($retRow = mysql_fetch_assoc($retRes)) {

    $ret_id = $retRow['ret_id'];
    $favRetailerArray[$ret_id] = $retRow['ret_name'];
    $favRetailerAdminArray[] = $retRow['ret_admin_id'];
}

// make a …
broj1 356 Humble servant Featured Poster

Yes, I understand that and that is not a big issue if you are careful.

The problem for me is the relation between the user_id (the retailer admin) and the prod_id. The relation should be between the ret_id and the prod_id. The table tblretprod should have fields: id, ret_id, prod_id, prod_price, enabled.

broj1 356 Humble servant Featured Poster

So the user_id field in the tblretprod table is the ID of administrator and not the regular user. This field name is a bit misleading, I would change it to admin_id or ret_user_id or somthing similar. And the key for each retailer's price is that same user_id which is a bit odd since the price belongs to retailer so the retailer->price relation is more obvious (i.e. what happens when you change the administrator and his ID?). I would change this if I were you.

Anyway I will try with the way data is structured now. I hope I can post something this afternoon.

broj1 356 Humble servant Featured Poster

One thing I can't figure out. I am missing a table with prices of products for each retailer (prod_id->ret_id->prod_price relation). I preusme the user wants to find out prices for chosen products at different retailers.

The tblretprod table holds the prices for different users. I can't figure out the relation here.

broj1 356 Humble servant Featured Poster

More questions:

  • what exactly is user_id (is it a customer of different retailers, can one user belong to many retailers)?
  • what is the purpose of the table tblfavourites and what of the table tblfav_ret?
  • why is product price in separate table and why is same product price different for each user?

If I understood the thing, you want this:

  • a logged in user has some favourite retailers and wants to compare prices for one (or more) products
  • the data in separate tables should be joined for that user and all of his favourite retailers and comparison made for the number of favourite retailers found (it can be 0 or more)

If this is incorrect let me know what exactly is the purpose. The first thing we have to get the query right.

I am leaving in 2 hrs and wont be back until Sunday night.

broj1 356 Humble servant Featured Poster

I also need tblfav_ret, tblfavourites and tblretprod table structures and data (actually all the tables that are included in queries).

please note that under retailer 2 and retailer 3, price set by retailer 2 shoudl be displayed for products and price for retailer 3 should be displayed for products
i think i mistyped it there in the pdf attachment for table structure

I'll take this into account.

broj1 356 Humble servant Featured Poster

OK, thnx for now. I'll have a look and let you know if I need something else.

broj1 356 Humble servant Featured Poster

This seems like different requirement that the one you posted in your first post.

In order to test I need the data (I can't make up all this data since I might missinterpret it and it takes too much time). So please send an export of those tables and some data in SQL format. You can do this in phpmyadmin (select a table and go to Export). If there is sensitive data in the table (real usernames, passwords etc.) anonymize them.

Please clarify what the output should be by faking a few rows of the output table (like above, but complete structure).

Sory for asking for so much information but only this way I can understand the problem.

broj1 356 Humble servant Featured Poster

Post the latest version of the code. Also helpful would be structure of the tables and some example data.

broj1 356 Humble servant Featured Poster

I hope your query returns also prices for each of the retailers (it is not evident from the sql statement since you are using SELECT *). So in the while loop you can calculate running sum for all the prices. Once the while loop is finished the running sums will be totals.

// initialize running sums
$total1 = 0;
$total2 = 0;
$total3 = 0;
$total4 = 0;

while($row = mysql_fetch_assoc($query)){ 
    extract($row);  

    // add prices to running sums (I made up names here)
    $total1 += $row['prod_price1'];
    $total2 += $row['prod_price2'];
    $total3 += $row['prod_price3'];
    $total4 += $row['prod_price4'];

    echo "<tr>"; 
    echo "<td style='text-align: center;'>".$row['prod_name']."</td>"; 
    echo "<td style='text-align: center;'>".$row['ret_name']."</td>"; 
    echo "<td style='text-align: center;'>".$row['prod_price']."</td>"; 
    echo "</tr>"; 
}

// add the totals row
echo '<tfoot><tr><th scope="row">Total per month</th>';
echo "<td>$total1</td>";
echo "<td>$total2</td>";
echo "<td>$total3</td>";
echo "<td>$total4</td>";
echo '</tr></tfoot>';
...

Might be not exactly in line with your code but you get the idea.

broj1 356 Humble servant Featured Poster

Both methods are simple to use. There is no reason not to use the more optimized one.

Agree.

broj1 356 Humble servant Featured Poster

EvolutionFallen's approach has one advantage. The result already contains the data for the user in question so if you need it you do not have to shoot another query. The * in the query should be replaced with the fields you really need.

Atli's approach is slightly more optimized but I believe the difference is negligible.

And yes, try to avoid using mysql extension since it is going to be deprecated in PHP 5.5. You can replace all occurences of mysql with mysqli and everything will work just fine. But PDO in my opinion is what you should go for ASAP.

broj1 356 Humble servant Featured Poster

In huge sites relational databases might not be efficient solution anymore, especially if data is not tightly structured. I read something about NoSQL that approaches the problem more horizontaly but I am realy a noob here so I won't comment on that much :-)

broj1 356 Humble servant Featured Poster

Make a column called parents and list every parent in some order of inheritance which is sane to you, as a comma delimited list of IDs

This might break normalization rules.

broj1 356 Humble servant Featured Poster

Maybe you check for the existence of the object first (to be on the safe side):

function upList() {

if(!isset($wpdb) || !method_exists($wpdb, 'query')) {
    die('Error accessing database');
}

    global $wpdb;
    $wpdb->query(
    ...

or send the object as an argument (no need to use global keyword):

function upList($wpdb) {

    $wpdb->query(
    ...

Well, this still does not answer why the DB object has not been initialized...

broj1 356 Humble servant Featured Poster

The way I would approach this is exactly what you suggested - a good old traditional tree structure saved in a relational database (which mysql is). Relational databases are good at processing this kind of data, all the rest depends on the way the site would be used. If a user selects a city there are a few queries (or one nested query) to get the parents and the data the user is interested in. I think performance-wise this can be handled without problems.

The problem could only be if you have a really busy site (i.e. millions of users - like Facebook, Google etc.). In that case maybe other options are to be looked at. Maybe NoSQL database but I am really not an expert on that topic so I might wait for other opinions to pop up.

broj1 356 Humble servant Featured Poster

It says that $wpdb is not an object so you can not address a method of it. Has $wpdb been initialized as a database object somewhere?

broj1 356 Humble servant Featured Poster

What will be the purpose of the site?

broj1 356 Humble servant Featured Poster

You are actually missing one parenthesis in line 13. This is the correct code:

} elseif(isset($_POST['submit_add'])) {

(sorry, my mistake in the code example).

broj1 356 Humble servant Featured Poster

Yes, if it returns the scriptname (I think it depends on globals on setting). You can also use $_SERVER['PHP_SELF'].

broj1 356 Humble servant Featured Poster

Use three different names for submit buttons. Then in the processing part of the code check which submit button has been pressed:

if(isset($_POST['submit_delete'])) {
    //code for deleting 
} elseif(isset($_POST['submit_add']) {
    // code for adding
} elseif(isset($_POST['submit_update']) {
    // code for updating
}
broj1 356 Humble servant Featured Poster

The first two scripts have the same filename. Is that a typo?

One suggestion:

In the registration processing script you check for the validity and existence of username, password and email. If any of these data doesn't exist or is invalid you stop the script using die() displaying some message. Better user experience would be redirecting the user back to registration form, filling-in the existing data and highlighting the field with the error. This way user can correct the missing or incorrect input and carry on with the registration with minimum effort.

broj1 356 Humble servant Featured Poster

Do you have any errors? If yes, post them.

broj1 356 Humble servant Featured Poster

The likely cause of the error is missing POST data. You are nicely doing a check on the beginning:

if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))

but you forgot the starting curly bracket after the statement:

if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email'])) 
{ ...

You can also use simple debugging techniques my means of inserting die() statements at suspicious points of code. In your case yiou can check what the query looks like with POST data:

// first construct the query
//(no need to concatenate, just use the variable within the double quoted string)
$query = "SELECT username FROM usersystem WHERE username = '$username'";

// now check if the query was constructed as expected
// this will display the query and stop the execution
// you can copy the displayed query in phpmyadmin and test it
// when all working, comment the die() line
die($query);

// from now on use the query
//Check to see if username exists
$sql = mysql_query($query);
if (mysql_num_rows($sql)>0)
{
die ("Username taken.");
} 
broj1 356 Humble servant Featured Poster

I used Datatables a lot in my previous project and it covered all I needed (sorting, filtering, pagination, ajax, formatting, theming, language customization, sorting by date in many formats, sorting IP addresses etc.). I highly recommend it.

broj1 356 Humble servant Featured Poster

The old site realy was a dinosaur but I got so used to it that now am getting a bit lost :-) (since it was always my prime source of information). Anyway, facelift is welcome but this is one of the sites where contents is king.

And BTW the php logo is still very eightysh, they should redesign that :-))

broj1 356 Humble servant Featured Poster

Can you still post the output of the above query.

broj1 356 Humble servant Featured Poster

Can you post the code of the previous page (the one with the table that triggers insertion).

broj1 356 Humble servant Featured Poster

On line 17 you have a query:

$sql1 = mysql_query("select * from tblproduct where prod_id='$prod_id'");

The $prod_id that you are using in the query has not ben defined anywhere before.

I think the $prod_id should be assigned from POST. It should get into POST through a hidden field or through the add button.

broj1 356 Humble servant Featured Poster

The key info here is the product ID which is supposed to be stored in $_prod_id. But where do you get the value of $prod_id from (you use it in the query on line 17)?

broj1 356 Humble servant Featured Poster

Test this query in phpMyAdmin (or other mysql client you prefer to use):

select * from mailList LIMIT 20

Paste the output here.

broj1 356 Humble servant Featured Poster

You should initialize the $note variable each time in the loop:

$note = '';
$note .= "<p>Hi ".$row['owner']." <br /><br />";
$note .="";

or shorter

$note = "<p>Hi ".$row['owner']." <br /><br />";
$note .="";    
broj1 356 Humble servant Featured Poster

Dp you mean $row['owner'] value is always the same? Can you post the whole while loop.

broj1 356 Humble servant Featured Poster

Good editors support at least syntax coloring / highlighting for popular tools (PHP, Javascript, CSS, SQL, configuration files), indent code, suggest syntax, check parentheses, support various character sets, organize files etc. I use Notepad++ on Windows and KWrite on Linux.

IDEs are a step forward by also helping you to organize projects, teams, versions etc but tend to be more complex. I use Eclipse and Netbeans (both on Windows and Linux).

All above is open source and cost 0.

broj1 356 Humble servant Featured Poster

The PHP manual will answer most of your questions. This is what it says for mail function:

bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )

$to - Receiver, or receivers of the mail
$subject - Subject of the email to be sent
$message - Message to be sent
$additional_headers (optional) -  String to be inserted at the end of the email header. This is typically used to add extra headers (From, Cc, and Bcc). Multiple extra headers should be separated with a CRLF (\r\n). 

In the manual there are useful examples. In your case have a look at the example #2:

<?php
$to      = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
    'Reply-To: webmaster@example.com' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);
?>

So the answers to your questions are.

Q1: The $sender="***********"; code is meant for setting a sender envelope header which tells the server who is the sender. It should be used in $additional_parameters part using the -f switch something like:

mail($to, $subject, $message, $headers, "-f$sender");

Please consult the PHP manual for correct syntax.

Q2: The lines

$mail_from="From:$email n";
$mail_from .="Content-Type: text/html; charset=utf-8 n";

set the From: header and the Content-Type header (as part of additional headers). The From and the sender might be the same but this is not necessary. The From should be present otherwise the server might complain. …

broj1 356 Humble servant Featured Poster

Writing into a text file could be problematic if you have more than one concurent writing attempt (e.g. two users trigger an error at the same time). With database logging the DB server takes care of queing writes. Also the contents of text files tends to be more clumsy to review, filter or sort. Also when text files grow in size significantly, writing and reading might get slower. I use text files for logging only DB connection errors (where logging into DB would not work).

I think mysqli_real_escape_string function does it's job (which is escaping) but escaping is often not enough. So use other techniques like whitelisting (or blacklisting), string lenght checking etc.

broj1 356 Humble servant Featured Poster

No worries, mate. I hope you are using an IDE that highlights errors which helps finding them. I copied your code to Eclipse and it complained about curly brackets immediately. And welcome to the Daniweb forum. I hope it will be of good help when you have problems you can't solve yourself.

broj1 356 Humble servant Featured Poster

This is not the whole code. What is before the forst curly bracket? At the above snippet the closing curly bracket is a stray one.

broj1 356 Humble servant Featured Poster

Thanks for the recommendation. I have read many books about PHP but none about team development, which is where I have lack of experience.

broj1 356 Humble servant Featured Poster

You will usually get the selected ID upon submiting the form. The selected value will be stored in either $_GET or $_POST global array, depending on the method, defined in the <form> tag. So in your code you have to check for submission of the form using this pattern:

if(isset($_POST['submit']))

or if you do not have a submit button using some other method (it might be in the openOffersDialog javascripot function).

Then before using a value you have to check for existence of it, again with isset():

 <div id="content">
<?php if(isset($_POST['id']) && $_POST['id']=="volvo"){ ?>
This is popupbox of Volvo
<?php } elseif(isset($_POST['id']) && $_POST['id']=="saab"){ ?>
This is popupbox of Saab
<?php } elseif(isset($_POST['id']) && $_POST['id']=="vw"){ ?>
...

This is just showing how the principle goes. You might need to adapt it to your needs.

AND: security aspect has not been taken into account in the above code. You have to check for the validity of submitted data. How to check it depends on the context where the data will be used. If you intend to put it into HTML (display it on the page), you at least have to use htmlspecialchars() function to replace dangerous characters with their HTML entities. If you want to stick the data in the database, you have to escape it.

broj1 356 Humble servant Featured Poster

Also check if all input values exist. You are using these values in queries and if user did not enter all of them you will get strange results.

// check if anything was entered (you might apply other checks and validations)
if(isset($_POST['firstName']) && !empty($_POST['firstName'])) {
    // if yes, trim the entry (user might not be aware that he entered some spaces) 
    // and escape it (security against injections is very very important)
    $first = mysql_real_escape_string(trim($_POST['firstName']));
} else {
    // display an error message
    die('Error: You must enter first name!');
}
// do that or all fields
...

Your last query might be wrong (missing some single quotes). I would do it this way (easier to debug):

 $insQuery = "INSERT INTO phplogin VALUES('$first', '$last', '$user', '$pass', '$email')";
 $query = mysql_query($insQuer);
broj1 356 Humble servant Featured Poster

The code seems to be correct. Is there a javascript library or special CSS that you are using to change display of the span from none to something else?

broj1 356 Humble servant Featured Poster

@naui95: he does not want to use the img tag.

broj1 356 Humble servant Featured Poster

You are missing an anchor text and closing tag for anchor element. Also enclose the string in double quotes to parse the variables. Consenquently you have to escape double quotes that surround html attribute values:

echo "<div><a href=\"uploads/$image\">$image</a></div>";

or use single quotes for enclosing html attribute values:

echo "<div><a href='uploads/$image'>$image</a></div>";
broj1 356 Humble servant Featured Poster

Your insert query syntax is a bit strange. The basic syntax would be:

INSERT INTO tablename (field1, field2,...) VALUES (value1, value2, ...)

so in your case

 $q1 = "INSERT INTO job_employer_info
(ename,
epass,
CompanyName,
CompanyCountry,
CompanyState,
CompanyZip,
CompanyCity,
CompanyAddress,
CompanyPhone,
CompanyPhone2,
CompanyEmail)
VALUES(
'$ename',
'$epass',
'$CompanyName',
'$CompanyCountry',
'$CompanyState',
'$CompanyZip',
'$CompanyCity',
'$CompanyAddress',
'$CompanyPhone',
'$CompanyPhone2',
'$CompanyEmail')";