Posts by broj1

Just looking at your code: why do you not check for existence of $_POST array elements before assigning them to variables like in $Fristname = $_POST ['FristName'];? This code should return an error. Also what is the purpose of the condition on line 13 if(is_array($Project))? Is any of the code missing?

The solution would be somewhere alog the following lines (untested). Write a javascript function, something like:

function submitTheForm() {
    // assign the form to a variable
    var theForm = document.getElementById('FormMake')
    // assign a selected option to a variable (0 -> first option)
    var selectedOption = document.getElementById('SelectMake').selectedIndex;
    // if any option but the first (index = 0) is selected submit the form
    if(selectedOption > 0) {
        theForm.submit();
    }
}

You will need to give your form and select ID attributes and call the above function on onchange event:

<form id="FormMake" onchange="submitTheForm()" method=...>
    <select id="SelectMake" name="SelectMake" onchange="this.form.submit()">
        <option value="make">Make</option>
        <option value="toyota">Toyota</option>
        <option value="honda">Honda</option>
    </select>
</form>

This is what I could quickly come up with. Hope it works OK for you.

Sorry, I do not understand the question? Have you tried to change the name attributes for all checkboxes to an array (just adding [] to existing names)?

Change the name attribute to an array

<input type="checkbox" name="Project[]" value="... />

and all the checked checkboxes should be in $_POST['Project'] which will be an array, too.

// e.g. you can get a list of project (a string) by imploding the array
$Project = implode(', ', $_POST ['Project']);

Sorry, my mistake, it should be die(print_r($_POST, 1)); but never mind. If you do not have submit button then you have to submit on change of the select element (drop down). Just add a onchange event:

<select name="SelectMake" onchange="this.form.submit()">
    <option value="make">Make</option>
    <option value="toyota">Toyota</option>
    <option value="honda">Honda</option>
</select>

But it might be good to have a submit button for those who do not have javascript or disabled it.

What is the output of your code (any error messages) and how does it differ from what you expect?

Put this code in the first line and post here the output:

die($_POST);

Openoffice has been in the Apache incubator for long time now. The availability of languages is very poor which to me indicates the state of the package. Most Linux distributions switched to libreoffice soon after oracle got rid of openoffice. Also many developers switched to OSF. I am not sure if openoffice will ever catch up.

// assuming you use method=post in your form
if(isset($_POST['SelectMake'])) {

    $make = mysql_real_escape_string($_POST['SelectMake']);

    $query = "SELECT * FROM cars WHERE make=$make";
    ...
}

Is it that the FTP server is running on RedHat Linux?

Have you tried connecting with an ordinary FTP client to test whether user exists and the password is set OK? Do you get a warning form PHP (frp_login should issue a warning if returns false).

This is because mysql_query() function returns an ID for a resource, not a result. To get the result use mysql_fetch_assoc() or mysql_fetch_row():

$res = mysql_query($sql);
$row = mysql_fetch_assoc($res);
$PINDEX=$row['PREF'];

There are a couple of ways of implementing this. The usual way (from my point of view) is:

On the beginning you check for existence of $_POST['submit'], which signals that the form was submitted. Then you check if image description exists and is valid. You sanitize/escape it and send it to the database. Then you can either display the same page or redirect to other page (i.e back).

if(isset($_POST['submit'])) {

    if(isset($_POST['image_des']) and !empty(isset($_POST['image_des'])) {

        // escape the description text and insert it into database
        // ...
    }
}

The more complex way is using Ajax but it is a question whether you need this.

OK, no worries, just finish your work first and get back once you have time. I am pretty busy at the moment, too.

OK, no problem. Meanwhile I was a bit curious how this could be done and came up with the code below. It uses test data in an array (which I assume you cache in a file or in include script). There is a show_links() function in the code that might interest you to see how I implemented it. The code is commented so have a look and see if it helps you. Mind you, I tested the code but I can not promise it is bugs free.

// *** Test data ***

// test array containing the results
$test_results = array();

// generate some test data
for($test = 1; $test <= 4348; $test++) {

    $test_results[$test] = "This is test result No. $test";
}

// *** End of test data ***

// check if current page is in $_GET array; if not, set it to the first page
if(isset($_GET['current_page'])) {

    $current_page = (int) $_GET['current_page'];

} else {

    $current_page = 1;
}

// how many results to display in one page
$results_per_page = 10;

// how many links to display in one page
$links_per_page = 10;

// how many items in the result
$total_results = count($test_results);

// how many total pages needed to display all the results
$total_pages = floor($total_results / $results_per_page) + 1;

/**
 * Show the links based on the current page and other parameters
 *
 * @param   int current page No.
 * @param   int number of result displayed on one page
 * @param   int number of links displayed on …

I also do not understand the logic of the for loop. Why do you change the counter $i? It messes up the logic of the for loop.

The following is just a blind attempt since I have no information about what some variables keep (see comments in the code):

    $display_current = 10;
    $display_next = 10;
    echo $pagination['Links']['First'];
    echo ' ';
    echo $pagination['Links']['<'];
    echo ' ';

    // I am assuming that $display_current holds the first link in the 
    // currently displayed set of links and $display_next holds the
    // number of currently displayed links; 
    // if I am wrong tell me what values these variables contain

    // first three dots are displayed only when the current page is greater
    // than 10
    if($display_current > 10) {

        // display the three dots; but I have no clue where the link
        // should point (see questions in my previous post)
        echo ' ... ';
    }

    for ($i = 1; $i <= $display_current; $i++)
    {
        if ($display_current >= $_GET['current_page'])
        {
            if (isset($pagination['Links'][$i]))
            {
                echo $pagination['Links'][$i];
                echo ' ';
            }
        }
        else
        {
            $i = $display_current;
            $display_current = $i + $display_next;
        }
    }

    // calculate the number of the first link in the next set of pages
    $next_link = $display_current + $display_next + 1;

    // last three dots are displayed only when there are still any pages left
    // (the element for the $next_link exists)
    if(isset($pagination['Links'][$next_link])) {

        // display the three dots; but I have no clue where the link
        // should point (see questions in my previous post)
        echo ' ... ';
    }

    echo $pagination['Links']['>'];
    echo ' ';
    echo $pagination['Links']['Last'];

You are welcome. If this is it (no more questions) please mark as solved.

Sorry but still do not understand few things:

• where does each link point to? It should be echoed as a link (<a href="somepage">1</a>), but that is not the case in your code. Is it the same page and the value of the Links array is just a key of the big result array?
• why do you not want to read only the number of records to be displayed on one page? What happens if you have 10000 records? Do you keep such big array in the memory? Where do you store the result (cached array) when user clicks on one of the libks and a new page with results is displayed?

It is hard to say without seeing the complete code. The trouble is I am leaving now and wont be back before Sunday night. If you do not solve it by then I'll be happy to help.

One more question: do you read your recors from the database? If yes then you do not need to keep hundreds of links in an array, only 10 is enough sicnce you read only the number of record you wish to display at once using LIMIT SQL clause. See Pear Pager and Pager_Wrapper code it might help you: http://www.alberton.info/pear_pager_tutorials.html.

OK, I get it. The dots are there only when there are more sets of pages. And if you click on them they get you to the next / previous set of pages. Is that correct?

And also what do $display_current and $display_next represent? Do you have the total number of pages, too?

OK. Please mark the thread as solved.

This is just an idea (not tested) of how would I do it (I am actually using a PEAR Pager package which is excellent for this task):

If your current page is $current then your first key is (floor($current/10)*10) +1 and the last key is first key + 9 (hopefuly there is simplest way to calculate this).

$first_key =  (floor($current/10) * 10) + 1;
$last_key = $first_key + 9;

Display the links to pages:

// link to the first page
$links = '<a href="page_1.php">First</a>';

// calculate previous page
$prev = $current > 1 ? ($current - 1) : 1;

// link to the previous page with the less than coded for html
$links .= "<a href=\"page_{$prev}.php\">&lt;</a>";

// three dots
$links .= ' ... ';

// links to the current set of pages
for($i = $first_key; $i <= $last_key; $i++) {

    if($i == $current) {

        // do not create a link since it is the current page
        $links .= "<span class=\"current-page\">$i</span> ";

    } else {

        // create a link to that page
        $links .= "<a href=\"page_{$i}.php\">$i </a>";
    }
}

//     // three dots
$links .= ' ... ';

// links to the next page and the last page
// ...

Since this function returns false in case of error you can use it this way:

$post = mysql_real_escape_string($_POST['post']) or die('ERROR: ' . mysql_error());

If there is an error you will get some description about it. But as MarPlo stated above the link to the database has to be established first, since mysql_real_escape_string function relies on it.

One more issue: are your queries returning values for all the fields? You are not checking that in your (with isset() function). This is not a good practice. If some field is not returned (since it not exists) your query can break.

Initialize a variable that will hold the error message:

$error_msg = '';

On the beginning it will be an empty string. When checking form fields and if all are empty (or invalid values) assign an error message to the $error_msg variable. At hte end of the script (or anywhere else) place a condition that will display a div tand the contents of the $error_msg.

if($error_msg != '') {
    echo "<div class="error-msg">$error_msg</div>";
}

Put the php block that generates required data at the top or before the form div (this won't change the appearenca of the page).

Which input does not print (identify it by name attribute)? The first input is the type of "hidden" and won't print which is what is expected. Other input fields show up normaly.

OK, looks like I like to talk to myself :-). Well I had too much time and set a database, tables and put some records in. I also had few little errors in my posted code. The following is now tested code that works just fine, no duplicate rows.

<?php

// initialize the variable that will show the records found
$result = '';

// check if the form was submitted
if(isset($_POST['submit'])) {

    // Please note: validating, sanitizing and escaping of input was
    // omitted in this example for clarity; please do not forget
    // to make the production version of the script secure

    // start the select query that will read from all three tables
    // the types of JOIN are just an example, use the join types
    // that suit your requrements
    $qry  = 'SELECT * FROM project AS prj ';
    $qry .= 'JOIN technology AS thn ON prj.project_id=thn.project_id ';
    $qry .= 'JOIN financing AS fin ON prj.project_id=fin.project_id ';

    // conditional operator in a SELECT statement
    // (it will be WHERE for first condition and will change to AND
    // for every next condition)
    $operator = 'WHERE';

    // check if project type was submited to be searched for
    if(isset($_POST['project_type']) and $_POST['project_type'] != '0') {

        // add the search string to the SQL statement
        $qry .= "$operator project_type='{$_POST['project_type']}' ";

        // change the operator from WHERE to AND
        $operator = 'AND';
    }

    // check if technologies were submited to be searched for
    if(isset($_POST['technology']) and $_POST['technology'] != '') {

        // remove spaces …

I found another error in my code, sorry. All text fields in the query have to be quoted (oh, silly me). So put the quotes arround them like this:

// check if project type was submited to be searched for
if(isset($_POST['project_type']) and $_POST['project_type'] != '') {

    // add the search string to the SQL statement
    $qry .= "$operator project_type='{$_POST['project_type']}' ";

    // change the operator from WHERE to AND
    $operator = 'AND';
}

and so on (on lines 24, 40 and 67 of my first post).

Just spotted another quirk: you want to search by a project type but project type is not defined in your porject table. I included it in my sample code above but since it is not in the table it should either go out of the code or define it as a field in the project table.

The problem I guess is probably in the query which is not exactly correct (the join types maybe) and returns duplicate rows. You can try the following query without WHERE conditions:

SELECT * FROM project_table AS prj  
JOIN technology_table AS thn ON prj.project_id=thn.project_id 
JOIN financing_table AS fin ON prj.project_id=fin.project_id

and if returns duplicate rows the query has to be tuned (maybe using GROUP BY or DISTINCT).

First I have to correct myself, sorry. The $_POST array elements should be enclosed in curly brackets whenever they are in a double quoted string. So this is the correct code (changes only in lines 24 and 51):

// check if the form was submitted
if(isset($_POST['Submit'])) {

    // Please note: validating, sanitizing and escaping of input was
    // omitted in this example for clarity; please do not forget
    // to make the production version of the script secure

    // start the select query that will read from all three tables
    // the types of JOIN are just an example, use the join types
    // that suit your requrements
    $qry  = 'SELECT * FROM project_table AS prj ';
    $qry .= 'JOIN technology_table AS thn ON prj.project_id=thn.project_id ';
    $qry .= 'JOIN financing_table AS fin ON prj.project_id=fin.project_id ';

    // conditional operator in a SELECT statement
    // (it will be WHERE for first condition and will change to AND
    // for every next condition)
    $operator = 'WHERE';

    // check if project type was submited to be searched for
    if(isset($_POST['project_type']) and $_POST['project_type'] != '') {

        // add the search string to the SQL statement
        $qry .= "$operator project_type={$_POST['project_type']} ";

        // change the operator from WHERE to AND
        $operator = 'AND';
    }

    // check if technologies were submited to be searched for
    if(isset($_POST['technologies']) and $_POST['technologies'] != '') {

        // remove spaces that might follow commas
        $tecnologies = str_replace(', ', ',', $_POST['technologies']);

        // explode the string to an array (where commas are)
        // and add the elements …

The following is a simple example of how to build a SELECT query based on the values typed in a search form. Please note security stuff has ben omitted for clarity. Do not forget to apply security checks. See comments in the code.

// check if the form was submitted
if(isset($_POST['Submit'])) {

    // Please note: validating, sanitizing and escaping of input was
    // omitted in this example for clarity; please do not forget
    // to make the production version of the script secure

    // start the select query that will read from all three tables
    // the types of JOIN are just an example, use the join types
    // that suit your requrements
    $qry  = 'SELECT * FROM project_table AS prj ';
    $qry .= 'JOIN technology_table AS thn ON prj.project_id=thn.project_id ';
    $qry .= 'JOIN financing_table AS fin ON prj.project_id=fin.project_id ';

    // conditional operator in a SELECT statement
    // (it will be WHERE for first condition and will change to AND
    // for every next condition)
    $operator = 'WHERE';

    // check if project type was submited to be searched for
    if(isset($_POST['project_type']) and $_POST['project_type'] != '') {

        // add the search string to the SQL statement
        $qry .= "$operator project_type=$_POST['project_type'] ";

        // change the operator from WHERE to AND
        $operator = 'AND';
    }

    // check if technologies were submited to be searched for
    if(isset($_POST['technologies']) and $_POST['technologies'] != '') {

        // remove spaces that might follow commas
        $tecnologies = str_replace(', ', ',', $_POST['technologies']);

        // explode the string to an array (where commas are) …

That is a completely different thing. This could be due to wrong credentials that are defined as constants in the above script in lines 19 to 34. Have you set them correctly?

The code you posted has no syntax errors. It contains definitions of constants and each definition is preceded with explanation within comment marks (mostly phpdoc /** */comment marks are used). Are you getting the same error as described above? Can you copy the whole error message and post it here?

The above link is not working. Can you post the code here?

http://www.w3schools.com/ is a great resource for a beginner. For filtering input values see http://www.w3schools.com/php/php_filter.asp.

The /** on the end is probbably the missing one from the beginning. Just move it from the last row to the first row and insert a newline immediately after it. /** is a beginning of a comment that can be used for documentation purposes. See http://www.phpdoc.de/ or http://phpdoc.org/

Have you downloaded correct versions of PHP and Apache binaries (VC6 is apparently for Apache, V9 fo IIS)? Have you installed everything in correct order?

You can also echo your query before submitting it. Put this on line 14 of the php file:

die($sql);

Now you can examine your query and test it in phpmyadmin.

I have only now read your original post thoroughly, sorry.

When the form is submitted you have to first check whether all values are present at all. If there is a value missing your query will break if you do not shoot an error message or provide a default value:

// check the existence of each field
if(isset($_POST[first_name]) && !empty($_POST[first_name])) {
    $first_name = trim(mysql_real_escape_string($_POST[first_name]));
} else {
    // prepare an erro message
    error_msg[] = 'You must provide your first name!';
    // or provide a default value
    $first_name = 'Nameless';
}
// do this for every input field of the form
...

@memomk
In php code I found only one repeating error which is in the $sql string construction - namely $_POST array elements should be enclosed in curly braces:

$sql="INSERT INTO survey (first_name, last_name, phone, resolved, knowledge, friendly, quickness, referral, comments)
VALUES
('{$_POST[first_name]}','{$_POST[last_name]}','{$_POST[phone]}','{$POST[resolved]}','{$POST[knowledge]}','{$POST[friendly]}','{$POST[quickness]}','{$POST[referral]}','{$POST[comments]}')";

which is what I have already noted in my post above. What other syntax errors are there?

Or you can try require instead of include. it is the same as include only that require throws an error (while include emits only warning).

<?php require 'includes/head.php'; ?>

or

<?php require_once 'includes/head.php'; ?>

Storing posted values in variables is not neccessary by itself but it helps clarity of your code. Compare the following two statements:

// $_POST array elements used 
$sql="INSERT INTO survey (first_name, last_name, ...)
VALUES
('{$_POST[first_name]}','{$_POST[last_name]}', ...);

// variables used
$sql="INSERT INTO survey (first_name, last_name, ...)
VALUES
('$first_name','$last_name', ...);    

The second version is far more readable and easier to debug (please note that you should wrap array elements in curly braces to get them parsed within double quotes since they are composite variables).

Far more important thing is to validate and sanitize the values you get from the user (through $_POST, $_GET, $_COOKIE arrays). The fact is that you can not trust the user input (you will hear this countless times in web development world). The user can input erroneus data and unintentionally break your application. Or even worse the user can intentionally input malicious data in your web form and do damage to your database and you / your client. A simple example is when user enters specially crafted SQL code in your name field and if you do not check it first you will include that SQL code in your query and send it to your database. i.e the malicious code can expose all your users and passwords or allow login without a password. So it is a really good idea to check whether values are what they are supposed to be and sanitize them (by casting integers, escaping strings, using php filters etc.)

So it is a …

And before inserting them, check the values and/or escape them.

$firstname = trim(mysql_real_escape_string($_POST['firstname']));
...

If they are numeric check if they are equal:

if(is_numeric($lastfour) && is_numeric($cnumber) && ($lastfour != $cnumber)) {
    // they are not equal
} elseif(strcmp($lastfour, $cnumber) != 0) {
    // they are not equal
} else {
    // they might be equal
}

To use session mechanism start each script with:

session_start();

Store the link in the $_SESSION array from the while loop this way:

$_SESSION['link'][] = "<a href=test.php>$pid</a>";

You can also use $pid as an index for the array:

$_SESSION['link'][$pid] = "<a href=test.php>$pid</a>";

Then in the test.php page just use the array $_SESSION['link'] the way you wish.

But be aware of the server memory use. Like if you retrieve 100.000 records you will create an array with 100.000 elements in the session array which will probably be not good. In that case it is better to read the records from the database in the test.php page.

Another remark: the value for the href attribute should be in quotes so better change it like this (i used double quotes which have to be escaped):

$_SESSION['link'][] = "<a href=\"test.php\">$pid</a>";

Are your include files OK? Are they wrapped nicely with the <?php ?> tags.

I am quite used to code this way and it looks pretty clean to me. This code snippet actually appears on so many pages that became quite familiar. Or the other even more popular one:

$result = mysql_query($query) or die();

A lot of people use this.

One such practical use of the above precedence can be found in the examples section of the manual (see the last example):

$page = (int) @$_GET['page'] or $page = 1;

It would probably not work with || (not tested).

I don't think this is a bug. I think it was made this way with some purpose (maybe sometimes you need assignment before a comparison - I haven't had such a case yet).

But I agree that users are not warned enough about the difference between AND and && and other precedence issues. I found one warning in comments of users.