Initialize $login_ok on the beginning (after session_start):
$login_ok = false;
Initialize $login_ok on the beginning (after session_start):
$login_ok = false;
Can you post the contents of the tables (in SQL format) so I can test it here (I had to change the data in your previous tables to have useful data for testing).
This is strange. It works fine for me. Can you put this code on the very beginning of the lgin.php:
die(print_r($_POST, 1));
This will display contents of the $_POST array and stop the script.
Does it work OK if you do not change the ret_admin_id to user_id?
It could be that $_GET['id'] does not exist. To make sure it exists, do a check:
if(isset($_GET['id'])) {
$id = intval($_GET['id']);
} else {
// do something to handle the error
}
It would help much if you posted the exact error message (error message text including variable names, line number etc).
Ups, I just figured out that you did not send the query at all. Well, above still applies.
OK. The way I got arround this is I did not get all the data in one query but broke it down to separate queries. The thing is you do not know the number of columens (retailers) in advance so it is easier to do it step by step. I hope this roughly is what you wanted. You can improve code a bit (check for values etc.). See also comments in the code. I also removed styles and some table attributes for clarity and did not use aliases in queries (a, b, c... do not tell much but add to confusion).
session_start();
// uncomment this for you to work
// include('db_connect.php');
// $username = $_SESSION['username'];
// --------------------------------------------
// IGNORE THIS - IT IS MY STUFF
include('../dbconnect.php');
$link = dbConnect(array('driver' => 'mysql'));
include('../../html/lib/func.php');
$username = 'davinci';
// --------------------------------------------
$user = mysql_fetch_assoc(mysql_query("select user_id from tbllogin where username = '{$username}'"));
// get favourite retailers
$qRet = "SELECT tblfav_ret.ret_id, tblretailer.ret_name, tblretailer.user_id AS ret_admin_id ";
$qRet .= "FROM tblfav_ret ";
$qRet .= "JOIN tblretailer ON tblfav_ret.ret_id=tblretailer.ret_id ";
$qRet .= "WHERE tblfav_ret.user_id = '{$user['user_id']}' ";
$qRet .= "ORDER BY tblretailer.ret_id";
$retRes = mysql_query($qRet);
// array with data about favourite retailers (id and name)
// used for table heading
$favRetailerArray = array();
// array with retailer user_ids (called ret_admin_id to avoid confusion)
$favRetailerAdminArray = array();
// create arraya with retailer data and retailer admin IDs (to map to retailers later)
while($retRow = mysql_fetch_assoc($retRes)) {
$ret_id = $retRow['ret_id'];
$favRetailerArray[$ret_id] = $retRow['ret_name'];
$favRetailerAdminArray[] = $retRow['ret_admin_id'];
}
// make a …
Yes, I understand that and that is not a big issue if you are careful.
The problem for me is the relation between the user_id
(the retailer admin) and the prod_id
. The relation should be between the ret_id
and the prod_id
. The table tblretprod
should have fields: id
, ret_id
, prod_id
, prod_price
, enabled
.
So the user_id field in the tblretprod table is the ID of administrator and not the regular user. This field name is a bit misleading, I would change it to admin_id or ret_user_id or somthing similar. And the key for each retailer's price is that same user_id which is a bit odd since the price belongs to retailer so the retailer->price relation is more obvious (i.e. what happens when you change the administrator and his ID?). I would change this if I were you.
Anyway I will try with the way data is structured now. I hope I can post something this afternoon.
One thing I can't figure out. I am missing a table with prices of products for each retailer (prod_id->ret_id->prod_price relation). I preusme the user wants to find out prices for chosen products at different retailers.
The tblretprod table holds the prices for different users. I can't figure out the relation here.
More questions:
If I understood the thing, you want this:
If this is incorrect let me know what exactly is the purpose. The first thing we have to get the query right.
I am leaving in 2 hrs and wont be back until Sunday night.
I also need tblfav_ret, tblfavourites and tblretprod table structures and data (actually all the tables that are included in queries).
please note that under retailer 2 and retailer 3, price set by retailer 2 shoudl be displayed for products and price for retailer 3 should be displayed for products
i think i mistyped it there in the pdf attachment for table structure
I'll take this into account.
OK, thnx for now. I'll have a look and let you know if I need something else.
This seems like different requirement that the one you posted in your first post.
In order to test I need the data (I can't make up all this data since I might missinterpret it and it takes too much time). So please send an export of those tables and some data in SQL format. You can do this in phpmyadmin (select a table and go to Export). If there is sensitive data in the table (real usernames, passwords etc.) anonymize them.
Please clarify what the output should be by faking a few rows of the output table (like above, but complete structure).
Sory for asking for so much information but only this way I can understand the problem.
Post the latest version of the code. Also helpful would be structure of the tables and some example data.
I hope your query returns also prices for each of the retailers (it is not evident from the sql statement since you are using SELECT *
). So in the while loop you can calculate running sum for all the prices. Once the while loop is finished the running sums will be totals.
// initialize running sums
$total1 = 0;
$total2 = 0;
$total3 = 0;
$total4 = 0;
while($row = mysql_fetch_assoc($query)){
extract($row);
// add prices to running sums (I made up names here)
$total1 += $row['prod_price1'];
$total2 += $row['prod_price2'];
$total3 += $row['prod_price3'];
$total4 += $row['prod_price4'];
echo "<tr>";
echo "<td style='text-align: center;'>".$row['prod_name']."</td>";
echo "<td style='text-align: center;'>".$row['ret_name']."</td>";
echo "<td style='text-align: center;'>".$row['prod_price']."</td>";
echo "</tr>";
}
// add the totals row
echo '<tfoot><tr><th scope="row">Total per month</th>';
echo "<td>$total1</td>";
echo "<td>$total2</td>";
echo "<td>$total3</td>";
echo "<td>$total4</td>";
echo '</tr></tfoot>';
...
Might be not exactly in line with your code but you get the idea.
Both methods are simple to use. There is no reason not to use the more optimized one.
Agree.
EvolutionFallen's approach has one advantage. The result already contains the data for the user in question so if you need it you do not have to shoot another query. The *
in the query should be replaced with the fields you really need.
Atli's approach is slightly more optimized but I believe the difference is negligible.
And yes, try to avoid using mysql extension since it is going to be deprecated in PHP 5.5. You can replace all occurences of mysql
with mysqli
and everything will work just fine. But PDO in my opinion is what you should go for ASAP.
Make a column called parents and list every parent in some order of inheritance which is sane to you, as a comma delimited list of IDs
This might break normalization rules.
Maybe you check for the existence of the object first (to be on the safe side):
function upList() {
if(!isset($wpdb) || !method_exists($wpdb, 'query')) {
die('Error accessing database');
}
global $wpdb;
$wpdb->query(
...
or send the object as an argument (no need to use global keyword):
function upList($wpdb) {
$wpdb->query(
...
Well, this still does not answer why the DB object has not been initialized...
The way I would approach this is exactly what you suggested - a good old traditional tree structure saved in a relational database (which mysql is). Relational databases are good at processing this kind of data, all the rest depends on the way the site would be used. If a user selects a city there are a few queries (or one nested query) to get the parents and the data the user is interested in. I think performance-wise this can be handled without problems.
The problem could only be if you have a really busy site (i.e. millions of users - like Facebook, Google etc.). In that case maybe other options are to be looked at. Maybe NoSQL database but I am really not an expert on that topic so I might wait for other opinions to pop up.
It says that $wpdb is not an object so you can not address a method of it. Has $wpdb been initialized as a database object somewhere?
What will be the purpose of the site?
You are actually missing one parenthesis in line 13. This is the correct code:
} elseif(isset($_POST['submit_add'])) {
(sorry, my mistake in the code example).
Yes, if it returns the scriptname (I think it depends on globals on setting). You can also use $_SERVER['PHP_SELF'].
Use three different names for submit buttons. Then in the processing part of the code check which submit button has been pressed:
if(isset($_POST['submit_delete'])) {
//code for deleting
} elseif(isset($_POST['submit_add']) {
// code for adding
} elseif(isset($_POST['submit_update']) {
// code for updating
}
The first two scripts have the same filename. Is that a typo?
One suggestion:
In the registration processing script you check for the validity and existence of username, password and email. If any of these data doesn't exist or is invalid you stop the script using die() displaying some message. Better user experience would be redirecting the user back to registration form, filling-in the existing data and highlighting the field with the error. This way user can correct the missing or incorrect input and carry on with the registration with minimum effort.
Do you have any errors? If yes, post them.
The likely cause of the error is missing POST data. You are nicely doing a check on the beginning:
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))
but you forgot the starting curly bracket after the statement:
if (isset($_POST['username']) && isset($_POST['password']) && isset($_POST['email']))
{ ...
You can also use simple debugging techniques my means of inserting die() statements at suspicious points of code. In your case yiou can check what the query looks like with POST data:
// first construct the query
//(no need to concatenate, just use the variable within the double quoted string)
$query = "SELECT username FROM usersystem WHERE username = '$username'";
// now check if the query was constructed as expected
// this will display the query and stop the execution
// you can copy the displayed query in phpmyadmin and test it
// when all working, comment the die() line
die($query);
// from now on use the query
//Check to see if username exists
$sql = mysql_query($query);
if (mysql_num_rows($sql)>0)
{
die ("Username taken.");
}
I used Datatables a lot in my previous project and it covered all I needed (sorting, filtering, pagination, ajax, formatting, theming, language customization, sorting by date in many formats, sorting IP addresses etc.). I highly recommend it.
The old site realy was a dinosaur but I got so used to it that now am getting a bit lost :-) (since it was always my prime source of information). Anyway, facelift is welcome but this is one of the sites where contents is king.
And BTW the php logo is still very eightysh, they should redesign that :-))
Can you still post the output of the above query.
Can you post the code of the previous page (the one with the table that triggers insertion).
On line 17 you have a query:
$sql1 = mysql_query("select * from tblproduct where prod_id='$prod_id'");
The $prod_id
that you are using in the query has not ben defined anywhere before.
I think the $prod_id should be assigned from POST. It should get into POST through a hidden field or through the add button.
The key info here is the product ID which is supposed to be stored in $_prod_id. But where do you get the value of $prod_id from (you use it in the query on line 17)?
Test this query in phpMyAdmin (or other mysql client you prefer to use):
select * from mailList LIMIT 20
Paste the output here.
You should initialize the $note variable each time in the loop:
$note = '';
$note .= "<p>Hi ".$row['owner']." <br /><br />";
$note .="";
or shorter
$note = "<p>Hi ".$row['owner']." <br /><br />";
$note .="";
Dp you mean $row['owner'] value is always the same? Can you post the whole while loop.
Good editors support at least syntax coloring / highlighting for popular tools (PHP, Javascript, CSS, SQL, configuration files), indent code, suggest syntax, check parentheses, support various character sets, organize files etc. I use Notepad++ on Windows and KWrite on Linux.
IDEs are a step forward by also helping you to organize projects, teams, versions etc but tend to be more complex. I use Eclipse and Netbeans (both on Windows and Linux).
All above is open source and cost 0.
The PHP manual will answer most of your questions. This is what it says for mail function:
bool mail ( string $to , string $subject , string $message [, string $additional_headers [, string $additional_parameters ]] )
$to - Receiver, or receivers of the mail
$subject - Subject of the email to be sent
$message - Message to be sent
$additional_headers (optional) - String to be inserted at the end of the email header. This is typically used to add extra headers (From, Cc, and Bcc). Multiple extra headers should be separated with a CRLF (\r\n).
In the manual there are useful examples. In your case have a look at the example #2:
<?php
$to = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
'Reply-To: webmaster@example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
?>
So the answers to your questions are.
Q1: The $sender="***********";
code is meant for setting a sender envelope header which tells the server who is the sender. It should be used in $additional_parameters part using the -f switch something like:
mail($to, $subject, $message, $headers, "-f$sender");
Please consult the PHP manual for correct syntax.
Q2: The lines
$mail_from="From:$email n";
$mail_from .="Content-Type: text/html; charset=utf-8 n";
set the From: header and the Content-Type header (as part of additional headers). The From and the sender might be the same but this is not necessary. The From should be present otherwise the server might complain. …
Writing into a text file could be problematic if you have more than one concurent writing attempt (e.g. two users trigger an error at the same time). With database logging the DB server takes care of queing writes. Also the contents of text files tends to be more clumsy to review, filter or sort. Also when text files grow in size significantly, writing and reading might get slower. I use text files for logging only DB connection errors (where logging into DB would not work).
I think mysqli_real_escape_string function does it's job (which is escaping) but escaping is often not enough. So use other techniques like whitelisting (or blacklisting), string lenght checking etc.
No worries, mate. I hope you are using an IDE that highlights errors which helps finding them. I copied your code to Eclipse and it complained about curly brackets immediately. And welcome to the Daniweb forum. I hope it will be of good help when you have problems you can't solve yourself.
This is not the whole code. What is before the forst curly bracket? At the above snippet the closing curly bracket is a stray one.
Thanks for the recommendation. I have read many books about PHP but none about team development, which is where I have lack of experience.
You will usually get the selected ID upon submiting the form. The selected value will be stored in either $_GET or $_POST global array, depending on the method, defined in the <form> tag. So in your code you have to check for submission of the form using this pattern:
if(isset($_POST['submit']))
or if you do not have a submit button using some other method (it might be in the openOffersDialog javascripot function).
Then before using a value you have to check for existence of it, again with isset():
<div id="content">
<?php if(isset($_POST['id']) && $_POST['id']=="volvo"){ ?>
This is popupbox of Volvo
<?php } elseif(isset($_POST['id']) && $_POST['id']=="saab"){ ?>
This is popupbox of Saab
<?php } elseif(isset($_POST['id']) && $_POST['id']=="vw"){ ?>
...
This is just showing how the principle goes. You might need to adapt it to your needs.
AND: security aspect has not been taken into account in the above code. You have to check for the validity of submitted data. How to check it depends on the context where the data will be used. If you intend to put it into HTML (display it on the page), you at least have to use htmlspecialchars() function to replace dangerous characters with their HTML entities. If you want to stick the data in the database, you have to escape it.
Also check if all input values exist. You are using these values in queries and if user did not enter all of them you will get strange results.
// check if anything was entered (you might apply other checks and validations)
if(isset($_POST['firstName']) && !empty($_POST['firstName'])) {
// if yes, trim the entry (user might not be aware that he entered some spaces)
// and escape it (security against injections is very very important)
$first = mysql_real_escape_string(trim($_POST['firstName']));
} else {
// display an error message
die('Error: You must enter first name!');
}
// do that or all fields
...
Your last query might be wrong (missing some single quotes). I would do it this way (easier to debug):
$insQuery = "INSERT INTO phplogin VALUES('$first', '$last', '$user', '$pass', '$email')";
$query = mysql_query($insQuer);
The code seems to be correct. Is there a javascript library or special CSS that you are using to change display of the span from none to something else?
@naui95: he does not want to use the img tag.
You are missing an anchor text and closing tag for anchor element. Also enclose the string in double quotes to parse the variables. Consenquently you have to escape double quotes that surround html attribute values:
echo "<div><a href=\"uploads/$image\">$image</a></div>";
or use single quotes for enclosing html attribute values:
echo "<div><a href='uploads/$image'>$image</a></div>";
Your insert query syntax is a bit strange. The basic syntax would be:
INSERT INTO tablename (field1, field2,...) VALUES (value1, value2, ...)
so in your case
$q1 = "INSERT INTO job_employer_info
(ename,
epass,
CompanyName,
CompanyCountry,
CompanyState,
CompanyZip,
CompanyCity,
CompanyAddress,
CompanyPhone,
CompanyPhone2,
CompanyEmail)
VALUES(
'$ename',
'$epass',
'$CompanyName',
'$CompanyCountry',
'$CompanyState',
'$CompanyZip',
'$CompanyCity',
'$CompanyAddress',
'$CompanyPhone',
'$CompanyPhone2',
'$CompanyEmail')";