Posts by broj1

This is what PHP recommends:

http://si1.php.net/manual/en/faq.passwords.php

One possibility for the cause of the error could be on the return line of the login function (which obviously returns false):

return(mysql_result($query, 0) === 1) ? $user_id : false;

mysql_result() function returns string so you should compare it to 1 (an integer) with == operator. If you want to use === operator then you should compare it to '1' (a string).

So either:

return(mysql_result($query, 0) == 1) ? $user_id : false;

or:

return(mysql_result($query, 0) === '1') ? $user_id : false;

I have not tested this so I do not claim I am 100% right.

@radhakrishna.p

print("<option value=\"$idCat\">$cat</option>"); is completely valid code (if you meant line 14 above).

Also you have errors in HTML code:

• closing </select> tag should be after line 33 and not on line 37
• </td></tr> is missing before line 34
• etc ...

You editor should warn you about the html errors (if it is not notepad). Or you can have look at the source in Firefox (rigt click on page and select View page source). The errors should be marked red.

Please correct the html errors first since they render elements incorrectly.

I have just noticed that the question is mentioning cookies. Well the principle is the same as using session.

Anyway, it was just nice to do a little brain exercise.

Also check all the queries in phpmayadmin whether they return the correct values for select elements:

SELECT category from Category order by category
SELECT collection from collection order by collection
SELECT metal from MetalType order by metal
SELECT stone from stone order by stone

Have you selected all fields when testing?

One of the reasons might be the enctype attribute on line 1. Can you change it to application/x-www-form-urlencoded (which is default for forms) or just omit it (since it is default). The multipart/form-data value is used for file upload. It does not encode the url characters.

And correct the code on line 83 to:

<input type="number" name="price" />

as AleMonteiro suggested in his post above.

To add a new fibonacci number on each refresh you should store each previous and current value in a session.

session_start();

// on the beginning you have 0 and 1
if(!isset($_SESSION['previous']) || !isset($_SESSION['current'])) {

    $_SESSION['previous'] = 0;
    $_SESSION['current'] = 1;

    echo $_SESSION['previous'];
    echo ' ';
    echo $_SESSION['current'];

} else {

    $current = $_SESSION['previous'] + $_SESSION['current'];

    echo $current;

    $_SESSION['previous'] = $_SESSION['current'];
    $_SESSION['current'] = $current;
}

Or maybe is better to make sure users fill-in/select all fields before submitting a form. In this case you have to do javascript checking in the page with the form and checking and validating on the processing page.

You can also do it with less code using ternary operator:

$mod = isset($_POST['model'] ? mysqli_real_escape_string($_POST['model']) : '';

In the above output the values for category, collection and stone are missing (not set) and that is why the query can not get constructed correctly on line 55. The good practice is to check for existance of values of $_POST array before assigning them to variables. At the same time at least escape the values so you do not get SQL injection attack.

if(isset($_POST['model'])) {
    $mod = mysqli_real_escape_string($_POST['model']); // example for mysql
} else {
    $mod = '';
}
...

On lines 23 to 30 you assign $_POST values to variables but then you do not use those variables in the query on line 55. Is there any reason for that?

We have to check first whether all the values are in the $_POST. Can you please stick this code on line 21 and post the result:

die(print_r($_POST, 1));

Another thing, I'm guessing, but I don't hink <input type="(float)number" name="price" /> is a valid markup

It definately isn't. This is HTML code and HTML does not have a cast function and casting number attribute is not logical anyway. It must be a typo.

The number attribute is HTML5 feature, it did not exist in (X)HTML 4.x.

Please post the insert_validation.php script also since the values should be accessible there (assuming that the queries return expected values).

The code on lines 16 to 20 is a bit suspicious:

if (!isset($_GET['Page']))
{
    //Instruction if $_POST['value']doesnt exist
    $_GET['Page']="%";
}

$_GET['Page'] is supposed to be an integer, isn't it? In some circumstances the $Page variable could be assigned a value of % and the query would fail since $Page_Start and $Per_Page wont get calculated correctly:

$strSQL .=" order by pro_id ASC LIMIT $Page_Start , $Per_Page";

Try it this way (escaping double quotes for javascript arguments):

<?php
echo"
<button type='submit' onmousedown='func(\"$item_id_g\");'>test</button>
";
?>

or this way (escaping double quotes for html attributes):

<?php
echo"
<button type=\"submit\" onmousedown=\"func('$item_id_g');\">test</button>
";
?>

And there is a small glitch in the code. The database connection part of the code should be moved on top. Sorry about that.

Well, that is what above vode doeas. See first 12 lines.

There is a small error in the code above. The second php block should be:

<?php 
// check if the second form was submitted
// if yes, then read all the submitted checkbox values from the database
// and write them to another table (or whatever else you wish)
if(isset($_POST['submit-player'])) {

    // die(print_r($_POST, 1));
    // first delete the 'submit-player' element from the $_POST array
    // so you have only checkboxes values there
    unset($_POST['submit-player']);

    // carry out reading and inserting only if there are any checkboxes
    if(!empty($_POST)) {

        // store all the values from the $_POST in a string
        $cb_str = implode(',', $_POST);
        die($cb_str);
        // read all the selected values from the player table
        $query = "SELECT * FROM player WHERE pid IN ($cb_str)";

        // read the data into an array
        ...

        // now write the data to another table
        ...
    }    
}
?>

This is my version here. See the comments in the code:

<?php 
// check if the second form was submitted
// if yes, then read all the submitted checkbox values from the database
// and write them to another table (or whatever else you wish)
if(isset($_POST['submit-player'])) {

    // die(print_r($_POST, 1));
    // first delete the 'submit-player' element from the $_POST array
    // so you have only checkboxes values there
    unset($_POST['submit-player']);

    // carry out insert only if there are any checkboxes
    if(!empty($_POST)) {

        // store all the values from the $_POST in a string
        $cb_str = implode(',', $_POST);
        die($cb_str);
        // read all the selected values from the player table
        $query = "SELECT * FROM player WHERE pid IN ($cb_str)";
    }

    // now write the data to another table
    ...

}
?>

<form action="index.php?site=site6" method="post">
    <label for="acivity" class="contact">Activity:</label>
    <select id="cdpid" name="cdpid">                   
        <?php  
        /*   
         * Commented out since I use my own code to connect
         * 
         *                            
            require('db.php');
            mysql_select_db($sqldb, $conn);
            error_reporting(E_ALL);
            ini_set("display_errors", "off");
            ini_set("display_startip_errors", "off");
            */

            $sql1 = "SELECT pid FROM activity";
            $cdresult = mysql_query($sql1);

            while ($cdrow=mysql_fetch_array($cdresult)) {
                echo "<option>".$cdrow["pid"]."</option>";
            }                           
        ?>
    </select>
    <br /><br />          
    <label for="name" class="contact">Name:</label><input name="name" type="text" size="30" maxlength="30"><br />
    <label for="city" class="contact">City:</label><input name="city" type="text" size="30" maxlength="40"><br />
    <label for="age" class="contact">Age:</label>         

            <?php
                //Year
                echo "\n<select name=\"y\">\n";
                for($i=1980;$i<=2012;$i++) {
                    echo "\t<option value=\"". $i ."\">". $i ."</option>\n"; }
                    echo "</select>\n<br />";
            ?><br />

            <input type="submit" name="submit-activity" value="Search">
            <input type="reset" value="Delete">

            </form><br /><br />

            <h2>Playerlist</h2>
            <div id = "Players">
                <form action="index.php?site=site6" method="post">
                    <?php
                        $name = $_POST['name']; 
                        $city = $_POST['city']; 
                        $y = $_POST['y']; 

                        // …

Is the pid from player table same as pid from activity table or not?

Your field names are a bit ambigous. date is definately not a good name for a field since it is same as the mysql date function.

I am still working on this but there are already few errors:

• on line 9 you misspelled the name of the table (it is activity not acivity)
• a </div> tag is missing somewhere at the end but that is not cruicial
• on line 46 you are missing a style attribute but again not cruicial

I was trying to make up some data for testing but I am not sure what the structure is. Please post structure and some data from the activity and player tables. eg. you can do this by running the following queries in phpmyadmin:

DESCRIBE activity;
SELECT * FROM activity LIMIT 10;
DESCRIBE player;
SELECT * FROM player LIMIT 10;

OK, I have prepared a conceptual answer to your question. I hope this is what you are after. See the comments in the code.

// if the form has been submitted, set the session
if(isset($_POST['submit'])) {

    // reset the previous values
    $_SESSION['quiz'] = array();

    // get rid of the submit element in the $_POST
    // so you are left with only radio buttons values
    unset($_POST['submit']);

    // assign the values of the radio buttons to the $_SESSION['quiz'] array
    $_SESSION['quiz'] = $_POST;
}

// connect to database (use your connection code)
require_once 'dbconnect.php';
$link = dbConnect();

// initialize an array for randomly selected question IDs
$qid_arr = array();

// select random question IDs
$qquery = "SELECT `qid`, `question` FROM `test` ORDER BY RAND() LIMIT 5";
$qresult = mysqli_query($link, $qquery) or die("cannot query DB");

// form
echo '<form method="post" action="#">';

// table
echo '<table border="0">';

// display randomly selected questions 
while($qrow = mysqli_fetch_assoc($qresult)) {

    // code for textbox containig question
    $tb = '<input type="text" value="' . $qrow['question'] . '" />';

    // select optional answers for this question from the database
    $aquery = "SELECT `option`, `answer` FROM opt_answers WHERE qid={$qrow['qid']}";
    $aresult = mysqli_query($link, $aquery) or die("cannot query DB");

    // start the html table row
    echo "<tr><td>$tb</td></tr>";

    // ad a question and optional answers
    while($arow = mysqli_fetch_assoc($aresult)) {

        // name atribute for checkbox
        $cb_name = 'question-' . $qrow['qid'];

        // code for radio button
        // checkbox group name is question-1 for 1st question etc
        // checkbox value equals the letter of the optional answer
        $cb = …

In order to help you please post the structure of the tables with questions and answers.

To make sure I understand your question correctly:

• you display 5 random questions from a database + several optional answers for each question (like a quiz where you chose one or more answers for each question)
• then you want to store the chosen answers in session

Please confirm that this is what you want. And post the structure of the test table.

Why do you want to store the checked answers in the session? Do you intend to use them on many pages? If you want to display the results there is usually no need to store the answers in session. If you want to keep the results for longer it might be better to store the answers in database.

You have some errors in your code:
- missing $ character at variable names for $i, $qid
- if qid is not a variable but rather an associative index it should be always enclosed within quotes
- the name of the $_SESSION array is misspelled (it is not $_SEESION)

The code won't work until you fix those errors.

LastMitch, how come you dug up all these 7 years old threads all of a sudden :-) It is actually nice that someone cares to offer help to all the forgotten questions but I think this old stuff should be somehow marked as dead by admins.

Do not despair, I am here to help you out :-)

I hope you have corrected the code according to the post by pzuurveen above. Now, what are the action and method attributes of your form? Depending on that you will either check for existence of $_GET / $_POST array on the same page or on another page. Say you use POST:

if(isset($_POST)) {

    // validate and sanitize the the values
    // and process them (launch the insert query)

} else {

    // do something else (warn the user...)
}

If you post more of your code we can help you in more detail.

If you use mysql, see http://php.net/manual/en/mysqli.construct.php. You might want to think about using a conectivity layer that enables you to change backend. The example is MDB2 fro PEAR framework. See http://pear.php.net/package/MDB2/

it does print eg 2012-12-09 03:34:25. but i cant seem to store in database

What is the format of the field you want to store the value into?

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'time())' at line 4

PHP functions can not be parsed within a double quoted string (as far as I know). Assign a value to a variable first and then use this variable in a query.

$temp_time = date('Y-m-d H:i:s',time());

$sql = mysql_query("INSERT INTO item
(image_user_name, image_folder_name, main_category, sub_category, price, description, features, key_words, sold, item_add_date)
VALUES('$image_user_name_p', '$image_folder_name','$main_category_p','$sub_category_p',
'$price_p','$description_p','$feature_p','$key_word_p', '0' , '$temp_time')")
or die(mysql_error()); //date() //date,timestamp

Maybe there are characters in the directory names that are not allowed. Have you checked that? You can also post the output of the following select statement (the first 10 records):

'SELECT field1, field2 FROM Table LIMIT 10;

In your code above the closing curly brace (belonging to the while loop) is missing.

Anyway, you can test it in such a way that instead of creating folders just echo the commands

while($row = mysql_fetch_array($result))
{
    echo "{$row['field1']}-{$row['field2']}-info<br />";
}

and check (or post) the output.

mysql_query returns a resource on success or false on error. It seems that it returned false so an error must have happened when issuing a query. The error should be caught by the second part of the statement: or die(mysql_error(), but for soem reason it does not. You can add this code just after the line 5 to check for the error:

if(!result) {die( mysql_error()); }

which is essentialy what the or part should do.

The double quotes are causing trouble since everything betwen the opening and the closing double quote is a string (array elements do not get parsed correctly and also no concatenation takes place). You can do it the way gavinflud suggested. On the other hand if you wish to use double quotes you have to enclose $row elements in curly braces to get them parsed correctly:

$dirPath = "{$row['field1']}-{$row['field2']}-info";

I don't even know what PHP is

If you are not kidding :-): PHP is a server side scripting language that does a bit of processing before spitting out a html page (with a .php extension). This is how scripting enabled web server can add some logic to the displayed page (show results form a database query and so on) which is not possible in html only web site. Similar technology in the windows world are ASP.net and ASP.

In the last two posts above there are bracets missing. So the correct code is:

if(isset($_GET['submit']) && isset($_GET['test'])) {

    $y=$_GET['test'];
}

Form values get into the $_GET array after submitting the form. So you first check for the value if it exists:

if(isset($_GET['test']) {

    $y=$_GET['test'];
}

or you might want to check whether the form has been submitted:

if(isset($_GET['submit']) && isset($_GET['test']) {

    $y=$_GET['test'];
}

the code i am using for the above comments table is in whcih i am getting user id from user table

I am sorry, I do not quite understand above explanation. Could you please try to describe in more detail. What is on the page with comments, what is on the page that does the processing, what is in $_GET['pid'] and $pid=$_GET['cid'] (which is not being used anyway), why do you not check for form submition (like if(isset($_POST['submit']))) etc.

And as diafol said, pay attention to cleanning input.

The textarea that is used for commenting should have a name attribute that has image ID in it (say image ID is 6, textarea name is comm-6). Then when you check for submition get the ID from the textarea name, something like:

if(isset($_POST['submit'])) {

    // loopthrough $_POSTarray and search for the element with key that starts with comm
    foreach($_POST as $key => $value) {

        // if key starts with 'comm'
        if(substr($key, 0, 5) == 'comm') {

            // then image ID is the second part of the key
            $image_id = substr($key, 4);

            // comment text
            $comment = $value;
        }
    }

    // the query to store the comment ()
    $q = 'INSERT INTO comeents (user_id, image_id, comments) VALUES ($user_id, $image_id, $comments);';

}

I do not know the code so this is just a concept, but you get it.

Or you can do it in one query (provided that $_POST['checkbox'] contains IDs to delete):

// if delete was clicked and some checkboxes were checked
if(
    isset($_POST['delete']) && 
    isset($_POST['checkbox']) && 
    !empty($_POST['checkbox'])
){
    // string of IDs to be deleted (separated by ,)
    $id_list = implode(',', $_POST['checkbox']);

    $sql = "DELETE FROM $tbl_name WHERE id IN ($id_list)'";
    $result = mysql_query($sql);
}

foreach ($data1 as $in1 => $h1)
{
    // temporary array for inner loop, needed for sorting
    $count_arr_temp = array();

    foreach ($data2 as $in2 => $h2)
    {
        $match = array_unique(array_intersect($h1, $h2));
        // put count data in a temporary array
        $count_arr_temp[] = count($match);
    }

    // sort temporary array
    rsort($count_arr_temp);

    // didplay sorted elements
    foreach($count_arr_temp as $count) {

        echo $count;
    }

    // add the delimiter
    echo '||';
}

Other way of checking it is placing this code on line 34:

die("UPDATE staff SET  enabled='$status',name='$name', password='$password', email='$email' , department='$department' WHERE id='$id'");

which will echo your query and halt the sript. Now you can examine the query and/or test it in phpmyadmin.

Your code seems to be allright. There are two things that come to my mind.

First one is to check whether the first block of the if executes at all since maybe you are doing too little of checking of the $_POST values - namely you are not checking for the existence of elements (using isset). I would do it this way:

if(isset($_POST['name']) && 
   !empty($_POST['name']) && 
   isset($_POST['email']) && 
   !empty($_POST['email']) && 
   isset($_POST['comments']) && 
   !empty($_POST['comments'])

You can also test this with placing this code on line 15:

die('Howdy');

and see if it shows up.

The second thing to check is whether your mail server works. You can try that by sending a simple test mail in a debug script which would be something like:

<?php
    if(mail(youremail@email.com , 'Mail test' , 'Testing mail')) {
        echo 'Looks like it is  working';
    } else {
        echo 'Something has gone wrong';
    }
?>

I agree with what diafol said:

You shouldn't have a column for each product

You can have a product table with product ID and product name fields and a user table with user ID and other user data then a product_user table with product ID and user ID to store the orders (or whatever you wish to store). This would be a typical example of one to many relationship (one product has many users that bought it). It is easier to maintain, easier to extend/scale, easier to generate PHP code (just loop through products table) and is inline with requirements for database normalization.

Not sure if this exactly the essence of your app but I hope it helps. This link might be helpful:

http://www.deeptraining.com/litwin/dbdesign/FundamentalsOfRelationalDatabaseDesign.aspx

@Squidge

You got me for few seconds :-)

Change the function this way:

function display(){

    return $this->teamName;
}

You need to refer to the object->property; this refers to the current object.

broj1 is wrong you CAN have inputs with the same name however when you do you need to use the sytanx name="samename[]

You can not have the same names for IDs. Using an array is not the same names since each element is separate. If you do not use an array the $_POST will contain only one entry.

In your code above there is no checkboc with the name user_id. In addition to that all the checkboxes have same name attribute (options3) which can not work. You have to give each checkbox unique name attribute (which should be equal to corresponding database field name).