Posts by broj1

Create the javascript using PHP (see the comments in the code):

// suppose this is the rows array you get form the database
$rows = array(

    array(
        'sort' => 'sort1',
        'url' => 'url1',
        'details' => 'detail1',
        'image' => 'image1'
    ),

    array(
        'sort' => 'sort2',
        'url' => 'url2',
        'details' => 'detail2',
        'image' => 'image2'
    ),

    array(
        'sort' => 'sort3',
        'url' => 'url3',
        'details' => 'detail3',
        'image' => 'image3'
    ),
);


// prepare a string for items array in javascript code
// you will use it below in $javascript
$items_string = '';

foreach($rows as $raw) {

    // assign variables so everything is more readable
    // you can also check for values of returned rows here
    $sort = $raw['sort'];
    $url = $raw['url'];
    $details = $raw['details'];
    $image = $raw['image'];

    // compose th string
    $items_string .= "items[$sort]=\"<a href='$url' target='_blank'>";
    $items_string .= "<img alt='$details' src='$image' ";
    $items_string .= "height='60' width='468' border='0'/></a>\";";
}

// compose javascript code using heredoc syntax
// see http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc
$javascript = <<<JSCODE

<script type="text/javascript">

    var howOften = 12;
    var current = 0;
    var ns6 = document.getElementById&&!document.all;

    var items = new Array();
        $items_string

    function rotater() {
        document.getElementById("placeholder").innerHTML = items[current];
        current = (current==items.length-1) ? 0 : current + 1;
        setTimeout("rotater()",howOften*1000);
    }

    function rotater() {
        if(document.layers) {
            document.placeholderlayer.document.write(items[current]);
            document.placeholderlayer.document.close();
        }
        if(ns6)document.getElementById("placeholderdiv").innerHTML=items[current]
            if(document.all)
                placeholderdiv.innerHTML=items[current];

        current = (current==items.length-1) ? 0 : current + 1;
        setTimeout("rotater()",howOften*1000);
    }
    window.onload=rotater;
    //-->
    </script>
JSCODE;

// echo the javascript code on appropriate place in your html or php

echo $javascript;

If you do not like heredoc syntax you can compose …

And also check for existence of $_POST values before using them in a query:

if(isset($_POST['bot']) && isset($_POST['mt']) && isset($_POST['eot'])) {

    $query = "...";
} else {

    // handle the error as you see fit
    die('Not all the values were supplied');
}

The way you use foreach looks strange to me.

foreach($_POST['bot'] as $bot && $_POST['mt'] as $mt && $_POST['eot'] as $eot) {
    $insert = ""INSERT INTO marks(beginning_of_term,mid_term,end_of_term) VALUES($bot,$mt,$eot);
    $execute_insert = mysql_query($insert);
}

The PHP manual says:

foreach (array_expression as $value)
    statement
foreach (array_expression as $key => $value)
    statement

$_POST['bot'] as $bot && $_POST['mt'] as $mt && $_POST['eot'] as $eot) does not seem to be an expression that returns an array (or am I wrong?).

And the insert statement has two double quotes on the beginning and none at the end.

$insert = ""INSERT...

Maybe you correct these errors first and then post your error messages.

In the database each user should have a group number (or you should have some other mechanism in place to distinguish groups). Then on the login page you redirect a user to the page for his group using using switch statement and header('location:mygroup.php').

switch($userGroup) {

    case 1:
        header('location:group1.php');
        break;

    case 2:
        header('location:group2.php');
        break;

    ....

    default:
        header('location:logout.php');
}

$_FILES['photo_file'] does not exist for some reason. Good practice is to check for existance first:

if(!isset($_FILES['photo_file'])) {

    // handle the wrror the way you see fit
    die('Error uploading the file');
}

// code for normal processing

a and t are format characters in the date function. If you want to use them as text (literally) you must escape each of them.

is it best to just use procedural code then?

Whether to use procedural or object oriented style is a a question of a debate. They both have pros and cons. I personally use OOP style since I found it easier to maintain and scale code. It took me some time though to get experience to design classes correctly so they do not have to be redesigned too often. I personally recommend OOP style.

and mysqli is replacing mysql?

mysqli is newer version (mysql improved) and is recommended. It supports newer mysql db servers (4.1.3 and above) and has more features (prepared statements, transactions...). mysqli supports bot procedural style and OOP style of using it's functions.

http://www.php.net/manual/en/book.mysqli.php

There are many examples of how to use it on php.net site like this one:

http://php.net/manual/en/mysqli.query.php

To display row(s) you should add a variant of a fetch statement:

$tables = mysql_fetch_row($result);
echo print_r(tables, 1);

http://www.php.net/manual/en/function.mysql-fetch-array.php
http://www.php.net/manual/en/function.mysql-fetch-assoc.php
http://www.php.net/manual/en/function.mysql-fetch-field.php
http://www.php.net/manual/en/function.mysql-fetch-object.php
http://www.php.net/manual/en/function.mysql-fetch-row.php

Also mysqli is newer extension and is recommended to be used instead of mysql you use.

http://www.php.net/manual/en/book.mysqli.php

They couldn't if things are done properly. But if you forgot to end session or employ some session timeout and things like that a user of your application could leave computer unlocked or users might access your app from the public computer (i.e cyber caffe) and leave it before logging out. It is quite unlikely that this would happen but your task is to make sure your application is as secure as possible.

Web app security is a broad subject. In your case you want to prevent logged in user deleting the records that do not belong to them. Or maybe unauthorised user finding an url like delete.php?id=3 in the browser history and changing IDs by hand or programatically to delete all your records. You avoid that by using POST method (to some extent) and by checking for valid session and user credentials in delete.php. But that is basic stuff.

You might want to google for sql injection and xss (cross site scripting) which are two of most common attacks and still apparently up to 80% sites could be vulnerable to them (I cant remember the source of this information).

Do not expect to understand everything immediatelly since it is a lot of infrmation to digest. But avoiding those common attacks is not hard if you follow good practices:

• validate, filter and escape the input data that goes to the database (i.e from forms or cookies) using PHP or custom functions (trim, PHP filter functions, mysql_real_escape_string function)
• validate, filter and escape the input data that goes back to the html context using PHP or custom functions (trim, PHP filter functions, htnlspecialchars and strip_tags functions).

Links:
http://en.wikipedia.org/wiki/SQL_injection
http://en.wikipedia.org/wiki/Cross-site_scripting
http://php.net/manual/en/book.filter.php
http://php.net/manual/en/function.mysql-real-escape-string.php
http://php.net/manual/en/function.htmlspecialchars.php
http://php.net/manual/en/function.strip-tags.php

A lot of reading for this weekend :-)

A suggestion regarding security: for operations that modify database rows (e.g. delete) it is a bit safer to use POST method instead of encoding IDs in the query string. The user could change the id of the records easily to delete other records.

if(isset($_SESSION['username']) && $_SESSION['username'] == $post['username']) {
    echo '<form method='post' action='delete.php'>'
    echo "<input type='submit' name='{$post['id']}' value='Delete' />";
    echo '</form>';
    ...
}

Mind you, POST data can be easily forged, too, so it is important to check for the username also in the delete.php and edit.php scripts and employ other security measures.

Each post has to be associated with the user ID (the ID of the user that authored it). I presume user ID is also stored in the session. So when you display posts you check each post to whom it belongs and if it belongs to currently logged-in user also display delete button.

I am not familiar with FormMail but maybe this link helps:

http://www.scriptarchive.com/readme/formmail.html#email

In line 215 it uses PHP's internal mail function to send mail. There it sets in additional headers the From: addres using $post['email'] which some server reuire (I guess). But I think PHP's mail function sends mail using sendmail and not SMTP so maybe somewhere there could also be the cause for a trouble (well, eventualy sendmail goes to SMTP anyway).

A note on security in web apps:

You never stick request variables directly to your database! You always first sanitize them. You expect user to enter their username in the username field but they might enter evil SQL code instead which will go directly to your query and potentialy do a lot of damage to the data in the database. Google for SQL injection attack to learn more.

The proper way wuld be at least escaping values of $_POST (or $_GET or $_COOKIE...) using MySql mysql_real_escape_string() function to render possible entered quotes and the like useless:

$username = mysql_real_escape_string($_POST[username]);
$pwd = mysql_real_escape_string($_POST[pwd]);
$mail = mysql_real_escape_string($_POST[mail]);
$Address = mysql_real_escape_string($_POST[Address]);
$Phone = mysql_real_escape_string($_POST[Phone]);

// query now uses escaped values and is also more readable
$sql="INSERT INTO users (username,password,mail,address,phone) VALUES ('$username','$pwd','$mail','$Address','Phone')";

http://www.w3schools.com/php/func_mysql_real_escape_string.asp

Another way is using prepared statements:

http://blog.ulf-wendel.de/2011/using-mysql-prepared-statements-with-php-mysqli/

Hmm, at the moment PHP.net server does not work so I cant paste links to there. Anyway, have look at it too, it is wealth of information.

Also while developing scripts it is useful to have error reporting switched on so instead of a blank screen you get some useful information. You can do this either in your script (each of them):

ini_set('display_errors',1); 
error_reporting(E_ALL);

or in the php.ini file if you have access to it:

error_reporting = E_ALL

Other options are in the manual:

http://php.net/manual/en/function.error-reporting.php

Once your scripts go to production turn error reporting off and log errors in a log file.

If videos.videoname is a string you should enclose $search in quotes (line 14):

WHERE videos.videoname='$search'

Have you tried to debug the code by inserting echo, die or print_r debug statements like:

// in line 2 to check the value sent over
die($_POST['search']) 

// or between lines 20 and 21 to check the values of row
die(print_r($row, 1)); 

// or between lines 9 and 10 to get the query and paste it to phpmyadmin
die("SELECT videos.videoname, videos.id_video FROM videos WHERE videos.videoname=$search");

This topic seems to be quite popular these days. Have a look at this thread:

http://www.daniweb.com/web-development/php/threads/432815/fetch-result-in-my-drop-down-list#post1862915

Regarding the checkboxes (or tick boxes, as you call them):

when processing the posted values you have to check for an existence of a value of each checkbox. If the check box was not clicked, the value does not exist in the $_POST array.

if(isset($_POST['disabilities'])) {
    $disabilities = 'Yes';
} else {
    $disabilities = 'No';
}

Hope this helps.

Also see this link: http://www.html-form-guide.com/php-form/php-form-checkbox.html

If you want to use a php variable in html enclose it within the <?php ?> tags and echo it:

onclick="showRemarks(' <?php echo $activityid; ?>');" id="remarksadd"></img>

@estinah
Please start a new thread for your question. Post the code there you have so far.

Sory, I ommitted files directive for simplicity (but should have not :-). Will this work for you (provided that the path to index.php is correct):

<files index.php>
    order deny,allow
    deny from all
    allow from [your IP]
</files>

Hope this works for you:

order deny,allow
deny from all
allow from [your IP]

http://httpd.apache.org/docs/2.2/howto/access.html

Echo the problematic query that the second code generates and post it. Also enclose field names within backticks since there might be a possibility that the generated field name is a mysql keyword.

Please post the code of the page that causes above problem.

Maybe not a direct answer to your question but you could use a mysqli_fetch_object function which stores result in an object instead of in an array. In PHP (v 5.something I guess) object are by default passed by reference so you do not have to wory about that. Has somebody else any more experience on that?

First row has first five columns with rowspan=2 and last column with colspan=4. Second row has only the last four cells.

<tr>
<td rowspan="2">col 1</td>
<td rowspan="2">col 2</td>
<td rowspan="2">col 3</td>
<td rowspan="2">col 4</td>
<td rowspan="2">col 5</td>
<td colspan="4">Qualification</td>
</tr>

<tr>
<td>Ed</td>
<td>Tr</td>
<td>Ex</td>
<td>El</td>
</tr>

Where do you get stuck? The principle is: construct appropriate query to retrieve rows from the table and then use data of each row to build option elements:

// query
$q = 'SELECT id, title FROM movies';

// connection and querrying stuff
...

// start the html code for select element (drop down)
echo '<select name="movies">';

// add options from the database (mysql used here)
while($row = fetch_assoc($mysql_result)) {

    echo '<option value="' . $row['id'] . '">' . $row['title'] . '</option>';
}

// end the html code for select element
echo '</select>';

Post the code you have so far.

Hard to say. If you have one app and one database you have only one database connection but I am not sure whether this is better or worse. As far as scripts go I guess with caching you'd be better of with one app than with many apps but I have a feeling that the difference would be very small. Please note I am only guessing since I have'n got the experience to compare. I hope some other folks with more mileage will contribute to this topic.

Sory I am a bit tigt on time at the moment (trying to meet the deadline). I changed the function to two functions - one that draws the menu and one that draws the submenu below:

// function to draw menu (top and left)
function draw_menu($script, $items, $div_id) {

    // start the list for the menu
    $menu = "<ul>";

    // loop through the array with menus and submenus
    foreach($items as $url => $val) {

        $text = $val['text'];

        if($script == $url) {

            // if the item in the array is the current page, highlight it
            $menu .= '<li><a style="font-color:#eb0089" href="#nogo">*** '. $text . ' ***</a></li>';

        } else {

            // else display it as usual link
            $menu .= '<li><a href="' . $url . '">' . $text . '</a></li>';
        }
    }

    // end the list 
    $menu .= '</ul>';

    return $menu;
}

// function to draw submenu below the main menu on left side
function draw_sub_menu($script, $items) {

    // find the correct submenu items to draw
    foreach($items as $url => $val) {

        // if the current page is on the top level (index.php, book.php...)
        if($script == $url) {

            if(isset($val['submenu']) && !empty($val['submenu'])) {

                $submenu = draw_menu($script, $val['submenu']);

                return $submenu;

            } else {

                return '';
            }
        }

        // if the current page is not on the top level, examine each submenu entry
        if(isset($val['submenu']) && !empty($val['submenu'])) {

            if($script == $val['submenu']['url']) {

                $submenu = draw_menu($script, $val['submenu']);

                return $submenu;
            }
        }
    }

    // if no submenus were drawn return empty string
    return '';
}

To use tese functions …

The array and function above are not useful for any situation so when you change requirements (like you did) the array and/or the function have to be adapted to suit the requirements.

My personal opinion: If you have say 100 instances of the same application that could be a nightmare to maintain (bug fixes, upgrades...). You would be better of having one app (and one database) but you have to be careful to make each user's data and login secure. So particularly the database part and access to it has to be thought out well.

No, I don't think new thread is neccessary. I was away for a couple of days that's why a silence form me :-);

So if I get it right you want the same behaviour as before only that the submenus of a selectem menu appear below the main menus on the left side. I think the php code is something similar to the above snippets only that that the PHP generates divs as well and you then position the divs using CSS.

echo "<div id='submenus'>";

    // the code for submenus

echo "</div>";

I am pretty rusty as far as CSS is concerned so I hope you will manage that part yourself or some more skilled folks will add their posts (or maybe you as in a Web design forum here on DW).

I got around the problem with casting the initial calculation to string and then casting the second as integer

Thnx diafol, that works, I'll actually use your hack :-).

In noticed some similar behaviour with fmod() but just have no time to play arround with it just now.

The error appears to happen even when casting to integer:

for($i = 0; $i <= 1; $i += 0.1) {

    $cast_to_int = (int) ($i * 10);

    // result of an expression
    $result = $cast_to_int % 10;

    // display $i, the expression and the result of the expression
    echo "i: $i  =>> $cast_to_int % 10 = $result <br />";
}

Seems like one has to be careful when using floats in some exressions.

@iamthwee: thanks for the link.

I will leave this thread open for a couple of days so other can comment then I will mark it as solved.

What is the correct way of printing it?

Hi folks. I have a strange thing happening here. I have a loop where counter gets incrememnted by 0.1 starting from 0 and up to 1. In each iterration I use the counter in an expression with modulo operator. I get incorrect result when the counter has values of 0.8 and 1. This is the code:

<?php
echo '<pre>';
for($i = 0; $i <= 1; $i += 0.1) {
    // result of an expression
    $result = ($i * 10) % 10;
    // display $i, the expression and the result of the expression
    // when $i equals 0.8 and 1 the result is incorrect!!!
    echo "i: $i  =>>  ($i * 10) % 10 = $result <br />";
}
echo '<pre>';
?>

and here is the output I get:

i: 0  =>>  (0 * 10) % 10 = 0 
i: 0.1  =>>  (0.1 * 10) % 10 = 1 
i: 0.2  =>>  (0.2 * 10) % 10 = 2 
i: 0.3  =>>  (0.3 * 10) % 10 = 3 
i: 0.4  =>>  (0.4 * 10) % 10 = 4 
i: 0.5  =>>  (0.5 * 10) % 10 = 5 
i: 0.6  =>>  (0.6 * 10) % 10 = 6 
i: 0.7  =>>  (0.7 * 10) % 10 = 7 
i: 0.8  =>>  (0.8 * 10) % 10 = 7 <-- this is incorrect
i: 0.9  =>>  (0.9 * 10) % 10 = 9 
i: 1  =>>  (1 * 10) % 10 = 9     <-- this is incorrect

Can anybody test this code and see if the result is the same. Any ideas why this?

Please explain a bit more. Do you mean to open submenus for all the menu entries by clicking on Selected projects? Is Selected projects page also a homepage?

Hard to say. You have a <section id="content"> but no #content in CSS but I doubt this is a problem. Try if you see the left menu without the CSS (comment out the link to the css style). If you can see the menu (as an ordinary bulletted list) than there is something in your CSS and try to tweak it. If nothing else helps post the whole scripts for menus, index and all CSS files.

In the index.php (and other pages like book.php...) the code should be sligtly different from above. The name of the current script should be read only once and on the very top of the script:

<?php
// the name of the current script
$script_name = end(explode('/',$_SERVER["SCRIPT_NAME"]));
?>

<!--this menu appears on the left and it is a vertical menu-->
<section id="left">
<?php
// include the menus
include('includes/left.php');
?>
</section>

<section id="content">
 <!--this menu appears on the top and it is an horizontal menu-->
 <!--top-->
<?php
// include the menus
include('includes/menu.php');
?>

But that really does not affect the functionality. The problem might be in your CSS where you style the sections. So maybe your left section is styled so it is not visible. Can you post the styles for #left and #content (and check whether you use correct IDs for the menu sections - the #content doesn't seem like a menu name). I can see both the menus OK (since I do not use any CSS).

Can you see it OK on my site? Copy the code exactly, make sure there are no errors. Also check your style definitions. You can post or PM your code that does not work so I can have a look.

I can see it. I copied the scripts to www.punkelj.si/DW/index.php. See for yourself (only Book design and index page actually work, the highlighted menu is marked with ***).

Here is my suggestion that uses some ideas from above:

Inthe include files for menus only have a structure for each menu (top and left) stored in a multidimensional array. Then create another file that holds the function to draw the menu (and possibly your other functions). Call a function that draw the menu from each included file. The array that holds the menu structure is slightly changed to include submenus. The function is recursive so it traverses the array and draws submenus if they exist.

The top menu script:

<?php

// include functions
include_once('includes/functions.php');

// array to hold top menu
$top_menu_items = array(

    'index.php' => array('text' => 'Home'),
    'about.php' => array('text' => 'About'),
    'news.php' => array('text' => 'News'),
    'contact.php' => array('text' => 'Contact'),
);

// call the function that draws the menu
echo draw_menu($script_name, $top_menu_items);
?>

The left menu script withsome entries having sumbenus (the logos entry has no sumbenu):

<?php

// include functions
include_once('includes/functions.php');

// array to hold left menu and submenu items
$left_menu_items = array(

    'book.php' => array(
        'text'    => 'Book Design',
        'submenu' => array('book1.php' => array('text' => 'Book submenu 1'),
                           'book2.php' => array('text' => 'Book submenu 2'),
                           'book3.php' => array('text' => 'Book submenu 3')
                       )
                   ),

    'identityDesign.php' => array(
        'text'    => 'Identity Design',
        'submenu' => array('identityDesign1.php' =>  array('text' => 'Identity design submenu 1'),
                           'identityDesign2.php' =>  array('text' => 'Identity design submenu 2')
                       )
                   ),

    'logos.php' =>  array(
        'text'    => 'Logos'),

    'packaging.php' =>  array(
        'text'    => 'Packaging',
        'submenu' => array('packaging1.php' =>  array('text' => 'Packaging submenu 1'),
                           'packaging2.php' …

Seems like $row['teacher_id'] and $row['comment'] haven't got a value. Insert the following after the line 19:

if(!isset($row['teacher_id']) or empty($row['teacher_id']) or !isset($row['comment']) or empty($row['comment'])) {
    die('<pre>' . print_r($row, 1) . '</pre>');
}

and post the output.

(the code above will check if any of the suspicious values do not exist and will display the array with values of $row variable at that time in preformated html).

You are welcome. If no more questions please mark this as solved. Happy coding.

Firstly: you are mixing double quotes for PHP strings with double quotes for html attributes. Escape the later.
Secondly: composite variables in a string should be enclosed in curly braces to get parsed correctly.

$mesaj="<li><a href=\"{$db_field['Image']}\" class=\"pirobox\" title=\"{$db_field['Titlu']}\"><img src=\"{$db_field['Image']}\"/></a><p>{$db_field['Content']}</p><div class=\"button\"><pre><a href=\"index.php\">Read More</a><a href=\"{$db_field['Download']}\">Download</a></pre></div></li>";

You are welcome. If this ends this discussion please mark it as solved.

It works here. It is probably the css statement for font color which should be color and not font-color (which is an old html equivalent).

$l_menu .= '<li><a style="color:#eb0089" href="#nogo">'. $text . ' </a></li>';

You are welcome. Just to remind you to mark the solved if there are no more questions.

This is how I would do it:

Each page can be identified by its script name so you do not need a name for it, just put a scriptname into variable first (this is not necessary for the menu pages):

$script_name = end(explode('/',$_SERVER["SCRIPT_NAME"]));

Then include the menus. The menus have using an associative array that holds scriptnames and texts that should be displayed. This improves scalability, since you just change the arrays. See the code below and se more info in comments.

Top menu:

<?php

// array of pages for the top menu
$top_menu_items = array(

    'index.php' => 'Home',
    'about.php' => 'About',
    'news.php' => 'News',
    'contact.php' => 'Contact',
);

// start the html string for menu
$t_menu = ' <ul id="list-nav">';

// add all the ittems from the $top_menu_items array
foreach($top_menu_items as $url => $text) {

    if($script_name == $url) {

        // if the item in the array is the current page, highlight it
        $t_menu .= '<li><a style="font-weight:bold" href="#nogo">'. $text . '</a></li>';

    } else {

        // else display it as usual link
        $t_menu .= '<li><a href="' . $url . '">' . $text . '</a></li>';
    }
}

$t_menu .= '</ul>';

echo $t_menu;
?>

Left menu (very similar):

<?php

// array of pages for the left menu
$left_menu_items = array(

    'book.php' => 'Book Design',
    'identityDesign.php' => 'Identity Design',
    'logos.php' => 'Logos',
    'packaging.php' => 'Packaging',
    'index.php' => 'Selected Projects',
);

// start the html string for menu
$l_menu = ' <ul>';

// add all the ittems from the $top_menu_items array
foreach($left_menu_items as …

I am just guessing while waiting for your reply :-)

I think that included menu scripts should not have constant definitions at all since they are not needed. Each page that links point to should have a variable $this_page set to its page name on the beginning of the script (before including menus) e.g.:

$this_page='BookDesign';

Then you include the menus and use the variable in the switch:

switch ($this_page) {
case 'BookDesign':
    $menuitem1 = '<a style="font-color:#eb0089" href="#nogo">Book Design</a>';
    break;
case 'IdentityDesign':
    $menuitem2 = '<a style="font-color:#eb0089" href="#nogo">Identity Design</a>';
    break;
...

PHP will not complain since the variable can have any value at any time (unlike constant).