Posts by broj1

Yes. You can use a variable to prepare a string for the subject. Please note that subject must satisfy RFC 2047. See the PHP mail documentation.

@cereal, thnx, I was not aware of that.

Also, the method name in $this->__('Email Me') does not seem to be valid or is my knowledge of PHP a bit shaky?

Also the query

SELECT * FROM username 

looks suspicious. Usually it looks like:

"SELECT * FROM users WHERE username='" . mysqli_real_escape_string($username) . "' AND password='" . yourHashFunction($password) . "'";

Regarding the parse error you are getting, first correct the code as per diafol's post and then if you still get the error post the whole script.

Line 7: change it to (add the $ sign):

if ($username && $password)

Hopefully you use prepared statements or do some sanitizing of input variables before using them in queries/urls/html/mail/script.

The form in the code for contact.html you posted above lacks the action attribute. It should be:

<form name="sentMessage" id="contactForm" novalidate action="contact_me.php">

If I add the action atribute, the form correctly posts to the contact_me.php script but I get No arguments Provided! error message (even I filled in all fields). This is because your form fields lack name attributes. Just add them to every form field and make it same as the ID attributes:

<input type="text" class="form-control" id="name" name="name" placeholder="Full Name" required data-validation-required-message="Please enter your name.">
...

In your previous post these errors were not present and everything worked.

Sorry, I was wrong. The form page does not need to have a php extension since there is no php code in it. All the code is in the contact_me-php script. There must be an error somewhere else. I will have a chance to look at it tomorrow. Sorry again for misleading you (it was not on purpose).

So rename the contact.html to contact.php. Otherwise it wont work.

Yes, any script that has php code should have a php extension. And remove the return statements.

There is no form in this script. What is the purpose here?

The code is basically OK except for the return statements. Why do you use them? Are the PHP scripts being called using the include/require statements? And make sure your first script has the .php extension (not the .html).

Have you tried it? It works with the above two dimensional array.

Or use recursion, maybe sometnihg like this (not thoroughly tested, just to show the concept):

function findMax($array, $curMax) {
    foreach($array as $val) {
        if(is_array($val)) {
            $curMax = findMax($val, $curMax);
        } else {
            if($curMax < $val) {
                $curMax = $val;
            }
        }
    }
    return $curMax;
}

// Usage
arr[0][0] = 53;
$arr[0][1] = 99;
$arr[0][2] = 36;
$arr[0][4] = 2;
$arr[1] = 9;
$arr[2] = 6;
$arr[3] = 39;
$arr[4][0] = 19;
$arr[4][1] = 59;
$arr[4][2] = 4;
$arr[5] = 56;
$arr[6] = 50;
$arr[7] = 8;
$arr[8] = 53;
$arr[9] = 37;
$arr[10] = 151;

$max = 0;

echo 'Max is: ' . findMax($arr, $max);

Just a note @toxicandy: !== is also a valid syntax. In PHP you can use three comparison operators in place of two which means you want to compare both values and types. See this link. So line

if($pass1 !== $pass2)

essentially says: if $pass1 is not equal to $pass2 and/or $pass1 is not the of same type as $pass2 then...

Consider the following code:

$pass1 = 1234;
$pass2 = '1234';
if($pass1 !== $pass2) // returns true
if($pass1 != $pass2) // returns false

But form fields always return strings so above test is a bit pointless.

Depending on what your password requirements are and what your approach is. Once you hash a password the hash will contain only database safe characters. I would expect you do not need so much a filter but a password quality checker.

There seem to be no syntax errors. Why do you assume there is an error? Do you get any messages? Is the result not what you expected? What is different from what you expected?

Split on what condition? Give an example of a session variable you have and how would you like to have it split.

As Lau_1 pointed out you had a double quote missing at the end of the query.

Now, it is hard to tell which double quote is causing the error. I prefer to write queries in a bit cleaner form, using single quotes for mysql string values and double quotes for PHP string. This way you can omit all the concatenations and use variables within double quotes. Like this:

$query = "INSERT INTO booking SET 
    Firstname = '$Firstname', 
    address1 = '$address1', 
    days = '$days', 
    months = '$months', 
    bookingtime = '$bookingtime', 
    address2 = '$address2', 
    lastname = '$lastname', 
    cdays = '$cdays', 
    cmonths = '$cmonths', 
    duration = '$duration', 
    datefrom = '$datefrom', 
    dteCallTimeTo = '$to', 
    meettype = '$meettype', 
    county = '$county', 
    cnumber = '$cnumber', 
    fee = '$fee', 
    pcode = '$pcode', 
    comments = '$comments', 
    user_id = $userid";

Now debugging is much easier. You can also display the query and test it. Put this temporary debug code on line 2 above (just before the insert statement):

die($query);

This will display the query and stop the script. You can inspect the displayed query and/or paste it into phpmyadmin to test it. You can also post it here.

You use to as the field name but to is also a mysql reserved word. So if you realy want to use it for a field name, enclose it in backticks like this:

..., `to` = "' .$to. ...

Better practice is to completely avoid using keywords for field names. And keep this link handy:

https://dev.mysql.com/doc/refman/5.1/en/keywords.html

And drop the ** deprecated mysql** extension. It is ages old, unsuported and on it's way to become history soon. Use PDO or at least mysqli and youur future as a web developer will be brighter.

Yes, the code is OK and should display the description when hovered over image (even if the image was not displayed due to incorrect path). Check out the css code for the title attribute and the imageObject class - even though it is unlikely that the css is set up the way it hides the title.

The code above works fine for me. Can you please post the generated HTML for your image (right click in the browser -> View page source).

Just give the title attribute a correct value to display the description. In your case line 7 would be:

echo '<div class="imageObject"><img src="ressources/images/objects/', $P_Element, '.jpg" width="150" height="150" hspace=0 vspace=0 title="', $T_Description, '"/></div>';

provided that the $T_Description variable contains the actual description.

Depends on how you display the icon. One way of doing it is using a CSS background property:

div.ofsomeclass {
    background-color: #FFFFFF
    background-image: url("some/location/marker-green.png");
    background-repeat: no-repeat;
    background-position: letf top;
}

Now define the hover pseudo class:

div.ofsomeclass:hover {
    background-image: url("some/location/marker-blue.png");
}

Should work OK in modern browsers (not IE6/IE7).

There are also other ways, like swaping images using jquery (i.e. see http://stackoverflow.com/questions/17507870/jquery-image-changing-on-hover).

In my opinion and experience the answer is yes. I know of one organization that uses xampp on a windows server for an intranet app that serves say a hundred users and they are all happy about that.

You have to be aware of a possible decreased performance with large number of simultaneous users but this is more or less my guess based on what I read on the Internet over the years.

I recommend you do a bit of security hardening before putting the thing in production. You may want to read this article and search for more info.

An alternative is setting up a Ubuntu (or similar Linux) server and put your app on that. It might be a more robust solution. Pros: more optimized, better performance, better security. Cons: it's Linux and if you are new to it it might be a bit overwhelming.

The query looks OK now. Have you tested it in phpmyadmin?

Insert this simple debug code after line 115:

die($q);

It will display the query as it has been constructed and stop the script. Now you can inspect the query and paste it into phpmyadmin to check it if it works. You can post it here also.

You took the complex path to assemble the query. There are simpler ways that make things more readable and help you avoid errors. Try using double quotes:

$q = "insert into users (`username`, `password`, `url`, `name`, `email`, `address`, `mobile`, `ip`, `dob`) values ('$username', '$password', '$url', '$name', '$email', '$address', '$mobile', '$ip', '$dob')';

Just noticed. The above example will work only if you have OR operators. To take into account other operators the explode will not work. A function can be prepared for that.

I hope this is what you want (see comments in the code):

// test data
$mainArray = array(
    '823584X80X998.NAOK' => array('question_properties' => array('qid' => 998,  'name' => 'F8')),
    '823584X80X1001.NAOK' => array('question_properties' => array('qid' => 1001, 'name' => 'F10'))
);
// $string = '((823584X80X998.NAOK == "1"))';
$string = '((823584X80X1001.NAOK == "1" or 823584X80X1001.NAOK == "2" or 823584X80X1001.NAOK == "3"))';

// get rid of the (( and ))
$string = str_replace(array('(', ')'), '', $string);
// explode if there are any ORs
$tempArray1 = explode(' or ', $string);
// save values (1, 2, 3)
$savedValues = array();
foreach($tempArray1 as $val1) {
    $tempArray2 = explode('==', $val1);
    // this will be the key for searching in the main array
    $searchKey = trim($tempArray2[0]);
    // ad a value to the saved values array
    $savedValues[] = $tempArray2[1];
}
// to check if OR has to be echoed
$savedValuesCount = count($savedValues);
if(array_key_exists($searchKey, $mainArray)) {
    echo "((";
    foreach($savedValues as $key2 => $savedVal) {
        // echo replacement
        echo $mainArray[$searchKey]['question_properties']['name'] . '==' . $savedVal . '';
        // echo OR if needed
        if($key2 < $savedValuesCount -1) {
            echo ' or ';
        }
    }
    echo '))';
} else {
    // in case key does not exist
    echo "Search key $searchKey does not exist in the main array";
}

Just to clarify - the string can actualy be one of the values below:

$stringExample = '((823584X80X998.NAOK == "1"))';
$stringExample = '((823584X80X1001.NAOK == "1" or 823584X80X1001.NAOK == "2" or 823584X80X1001.NAOK == "3"))';

If that is true, you have to:
- get rid of all the parentheses
- explode by OR operators
- explode each by == operators
- save values on the right of the == operators
- figure out the value of the key
- find that key in the array and get the name value
- assemble and echo the thing

Please confirm if I understood the question correctly.

You can get some user agent strings here.

Noone noticed that little glitch :-). The checkbox value attribute is what gets carried over in request. The text that you want displayed next to the checkbox is just a HTML (not the value attribute).

Enclose each row (and ID and a delete button) within form tags and add a hidden input that holds the value. You will have as many forms as there rows. When you delete (submit), the value in the hidden input field will get over to the next script. And you do not need a name attribute in the list item element.

<h1>YOUR COURSES</h1>
<ol>
<?php
$con=mysqli_connect("localhost","FYP","123","FYP");
$sql= mysqli_query($con, "SELECT C_Code FROM F_COURSES WHERE F_ID=".$_SESSION['userid']);
while($row = mysqli_fetch_array($sql)){

    // I added a little bit of a styling to the form to display correctly
    echo "<li><form method='post' action='delete.php' style='display:inline;'>" . $row['C_Code'] . "<input type='submit' value='Delete'>";

    // this line adds a hidden input
    echo "<input name='course' type='hidden' value='" . $row['C_Code'] . "'></form></li>";
}
?>
</ol>

I hope having a form inside a list item element isn't bad coding. But I've seen that arround.

Have you tried a full path, like:

$pdf->Image('a.jpg',20,65,20,0,'','http://yoursite.com/yourpath/searchstudentavailability.php');

Sort result rows by timestamp. See comments in the code for the rest:

// initialize current timestamp to 0;
$currentTimestamp = 0;

// initialize current array that will hold the result
$resultArr = array();

// loop through the result 
// (this example is for PDO, change to whatever driver you use)
while($row = $stm->fetch()) {

    // save current row in a temp array
    $currentRow = array($row['room'], $row['device'], $row['value']);

    // check if you have new timestamp
    // if yes,initialize second dimension array for that TS
    // and save the current TS
    if($row['Timestamp'] != $currentTimestamp) {
        $currentTimestamp = $row['Timestamp'];
        $resultArr[$currentTimestamp] = array();
    }

    // add a temp row to the array
    $resultArr[$currentTimestamp][] = $currentRow;
}

The code is not tested, it is just a concept. You can also add some error checking.

There is another error in the SQL statement that is actually preventing the script to execute:

$query = "SELECT * FROM table WHERE state LIKE :search OR city LIKE :search";

If you want to use table as the table name in mysql you have to enclose it in backticks since table is also a mysql reserved word. It is actualy best to avoid using reserved words for table and column names. So the query should be:

$query = "SELECT * FROM `table` WHERE state LIKE :search OR city LIKE :search";

the way you set it up $row would have been equal to the individual fields not the records
$records in your case would have been a individual row because you used fetch instead of fetchAll

@jstfsklh211
That is simply not true. Both fetch() and fetchAll() return a row, but with fetch() you have to use the PDO::FETCH_ASSOC constant which I did. Please see:

http://php.net/manual/en/pdostatement.fetch.php
http://php.net/manual/en/pdostatement.fetchall.php

I have tested the case before I posted.

this would fail with no idex set $row['state']

@jstfsklh211
But there is an index 'state', see the query (was that a reason for downvote?). Anyway, the aim was to point out that the row ($record) was never read.

Also there is a small error in my and consequentely (probably) also in jstfsklh211's post. It is $stmt not $sth. Cause: copying from php.net example :-)

Is the generated HTML valid i.e without serious errors. Have you inspected the code (right click in the browser -> View page source). It maybe a dumb guess but the first that comes to my mind.

Edit: Just noticed that $records is not defined. Correct the code to something like:

$HTML = '';
foreach(($records = $sth->fetch(PDO::FETCH_ASSOC)) as $row) {
    $HTML.='<div>';
    $HTML.= $row['State'];
    $HTML.='</div><br/>';
}

Where do you initialize the $HTML variable so you can concatenate to it?

// initialize $HTML
$HTML = '';
foreach($records as $row) {
    $HTML.='<div>';
    $HTML.= $row['State'];
    $HTML.='</div><br/>';
}

Also the PDO::PARAM_INT value in the binding part should be PDO::PARAM_STR, since you are actually binding a string type.

$query = "SELECT * FROM table WHERE state LIKE :search OR city LIKE :search LIMIT $start, $records_per_page";
$stmt = $dbh->prepare($query);
$stmt->bindValue(':search', '%' . $var1 . '%', PDO::PARAM_STR);

OK. Please mark s solved.

->setCellValue('B'.$rowNumber,'=HYPERLINK($row->prodoto)')

I think you should use double quotes so $row->prodoto gets parsed (and also enclose the variable in curly braces to be on the safe side):

->setCellValue('B'.$rowNumber,"=HYPERLINK({$row->prodoto})")

By looking at your query you want to display all the questions from the questions table. Am I correct? In this case you have to rearrange code a little bit. First start the form, then start the table, then loop through rows using a while loop and in each iterration display a row and at the end close the table and the form. Something like (see comments in the code):

// first start the form
echo '<form method="post" action="#">';

// then start the table
echo "<table>";

// db connection
...

// query the database
$sql = mysqli_query($con, "SELECT `question`, `question_type` FROM  `questions`");

// loop through result - each db row is one table row
// note the curly bracket for a loop block
 while ($row = mysqli_fetch_assoc($sql)) {

    if ($row['question_type'] == 1) {
        $type = "radio";   
    } else {
        $type ="checkbox";
    }

    // start table row and cell
    echo '<tr><td>';

    // input element
    echo '<input type="'. $type .'" value= "' . $row['question'] . '">';

    // end table cell and row
    echo '</td></tr>';

} // <-- note the end of the while loop

// end the table
echo '</table>';

// end the form
echo '</form>';

// close connection
mysqli_close($con);
?> 

In your code you were missing the curly brackets alltogether to enclose the block of code to loop through.

BTW: if the type is either a checkbox or radio, shouldn't the question be displayed in a label element not as the value?

Also if you use radio, it is usually …

Uncaught exception 'PHPExcel_Calculation_Exception' with message 'Worksheet!B12 -> Formula Error: Unexpected operator '>'' in /web/ì/admin/Classes/PHPExcel/Cell.php:300

It seems that PHPExcel tries to calculate the value in the cell and it can't since there is an invalid operator in there. Can you post what the value of $row->prodoto is when it throws the error.

Did my answer from your other thread not help you? I have provided a tested working example there.

The if statement has an error. Instead of assignment operator = you should use comparison operator ==, like:

if ($row['question_type'] == 1)

In the form html code you are missing some quotes (altough this should not be critical):

echo '<td>'. '<input type="'.$type.'" value= "'.$row['question'] . '" </td>';

As I said I would use the approach I posted in my previous post. There are many things in your code that I think are redundant, like

/*** check if the users is already logged in ***/
if(isset( $_SESSION['user_id'] ))
{
    $message = 'Users is already logged in';
}

If the user is already logged in just redirect them to their page.

/*** check the username is the correct length ***/
elseif (strlen( $_POST['username']) > 20 || strlen($_POST['username']) < 4)
{
    $message = 'incorrect length';
}
/*** check the password is the correct length ***/
elseif (strlen( $_POST['password']) > 20 || strlen($_POST['password']) < 4)
{
    $message = 'incorrect length';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
/*** if there is no match ***/
    $message = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
/*** if there is no match ***/
    $message = "Password must be alpha numeric";
}

Why do you have to do all these checks above? Just check if username and password are correct.

For redirection based on groupe you can use this short code:

$redirections = array(
    1 => 'acceuil.html',
    2 => 'acceuil2.html',
    3 => 'acceuil3.html'
)

...
header("Location: {$redirections[$groupe]}");

You can scale your application by changing or adding groups and the script will still work without a lot of maintenance; you will only have to update the $redirections array.

 /*** …

There are still some errors that somehow sneaked into my code :-). This is what happens when there is no time to test. These are the errors:

// wrong
$conn->setAttribute(PDO::ATTlR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// correct
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

// wrong
$conn->exec($sql);
// correct
$stmt->execute();

So this part of code should be (tested, and it works):

$servername = "localhost";
$dbname = "test";
$dbusername = "test";
$dbpassword = "";

try {
    // You initialize the connection here using OOP style
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $dbusername, $dbpassword);
    // here you say that you will use exception mode for
    // error handling this is basically the try/catch block
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
    // the SQL statement uses placeholders for values
    // that will be replaced with values of variabes;
    // the colon (:) is denoting the placeholders
    $sql = "INSERT INTO Posts (Title, Author, Content)
            VALUES (:title, :author, :content)";
    // prepare a statement (that is why it is named $stmt)
    $stmt = $conn->prepare($sql);
    // bind real values to placeholders
    // e.g. placeholder named :title receives a value of $title etc
    $stmt->bindParam(':title', $title, PDO::PARAM_STR);
    $stmt->bindParam(':author', $author, PDO::PARAM_STR);
    $stmt->bindParam(':content', $content, PDO::PARAM_STR);
    // now execute the prepared statement
    $stmt->execute();
    // if exception happens (basically if error occurs) handle it
} catch(PDOException $e) {
    echo $sql . "<br>" . $e->getMessage();
}

Sory for the errors in my posts. Speed does not always help.

Cool. Please mark the tread solved. Happy coding :-)

OK, seems this error is since empty can not be used this way. You can use the if block that I posted in my previous post if you wish (recommended).

And yes, you should add the prepare line before binding. Hopefuly all will work OK. Anyway, if you get errors post them here.