Posts by broj1

OK after some thinking, the reason is that = operator has higher precedence than AND and lower precedence than && (see http://www.php.net/manual/en/language.operators.precedence.php). So it pays to be careful with this. To be safe put the whole expresion on the right into parentheses:

$all_confirmed = ((count($changed_coefs_ids) == 0) AND (!$payout_too_big));
$all_confirmed = ((count($changed_coefs_ids) == 0) && (!$payout_too_big));

According to the PHP manual the only difference between && and AND is that && is higher in precedence and gets evaluated before AND, otherwise hey do the same thing (logical comparison). This should not affect your example since you use parentheses and ! has higher precedence anyway. Can you post the exact values that get you different results since this is interesting question for me, too.

As I said in my previous post if you do not want to get to the authenticated page by clicking back/forward buttons you have to unset or change session variable that is used for checking the valid login on the unauthenticated page and check for validity on all autheticated pages (and redirecting if not valid authentication). That has not been done in your scripts.

Browser saves pages in cache and when you click back button it loads page from cache if it is there and has not been changed otherwise it requests it from the server again.

Regarding your problem: could you post the code for both login and home page.

OK, I think I understand now. Forget about my previous post.

On your login page you first set the sesion value that signals unsuccessful login:

$_SESSION['logged_in'] == 'failure';

When user logs in successfuly you assign a success value to a session.

$_SESSION['logged_in'] == 'success';

On each page where user should be logged in check for the session login value and if not OK redirect to login page:

if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] != 'success') {

    header('location:login.php');
}

When user gets back to login page his session value becomes failure and if he clicks back or forward buutton to get to the authenticated page he will get redirected to the login page.

You have a problem with the browsing history not the cache (the cache just speeds up loading of pages by saving what you visited).

My opinion is that it is not a good idea to change the behaviour of browser back and forward buttons since user expects clicking on them will bring them back / forward. But yes, it can be done. You can save a successful login in session and when successful login exists redirect user using header();

On login.php page:

session_start();

// if user has already logged in redirect them to home.php
if(isset($_SESSION['logged_in'] && $_SESSION['logged_in'] == 'success')) {

    header('location:home.php')
}

// do the usual login page stuff like a form, a username checking etc
// ...

// when user supplies correct username and password, 
// set the session variable and redirect to home.php
$_SESSION['logged_in'] = 'success';
header('location:home.php')

You could use return statement to return true on success and false on failure. This way you can test the method when calling it from somewhere else like:

$we = new Whatever;

if($we->say_hello('Jack')) {
    // do something like log success
    // ...
} else {
    // do something else like log failure
    // ...
}

The say_hello() function can be changed to:

public function say_hello($name)
{
    if($name != '')
    {
        $this->set_my_name($name);
        echo 'Hello ' . $this->myname;
        return true;
    } else {
        return false;
    }
}

Maybe not the best example but you get the idea. Returning anything is not mandatory of course.

It shouldn't according to what you posted. Can you post the whole index.php.

In simplified form your index.php should look like:

<?php
    if($country == 'PK')
    {
        header('Location: http://www.mysite.in/block.php');
    }
?>

<html>
....
....
<h1>ALLOWED</h1>

</html>

and visitors from countries other than PK should se the ALLOWED title

header('Location: http://www.mysite.in/index.php');

I don't think you need the second redirection (to the index.php) at all. If the visitor is from the banned country (such as 'PK') they will be redirected by first redirection. other visitors will just stay at the index.php.

Two things come to my mind:

Check if the allow_url_fopen in php.ini is set (see http://www.php.net/manual/en/filesystem.configuration.php#ini.allow-url-fopen).

If you are on Windows make sure backslashes are escaped or use forward slashes (see http://php.net/manual/en/function.fopen.php).

Try if apache web server is running. Go to your web root directory and create a simple index.htm file with the following contents:

<html><head>HTML test</head><body><p>Hello html world</p></body></html>

Open it in your browser and check if web server is running OK.

Next you can test if PHP works. Create a test.php with the following in it:

<?php phpinfo()?>

Open it in a browser and you should see a lot of tables with heaps of information about your installation. If not, something is definetely wrong.

Another error (and probably the main reason to not working) is in line 7 of your code:

if ($txtEmail != '')

$txtEmail has probably not been declared yet. You probably meant $POST['txtEmail'].

You can also save the original search query (or results) into the session ($_SESSION array) and use the values in the other script.

See http://www.php.net/manual/en/book.session.php

Sorry to keep you waiting so long for reply, I've been away.

You have an error in your SQL statement. The associative indexes of the $_POST array have to be enclosed in quotes and in addition to that $_POST elements have to be enclosed in curly braces since they are composite variables. So the correct syntax for the query would be:

$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('{$_POST['txtEmail']}','{$_POST['txtPassword']}','{$_POST['txtRePassword']}','{$_POST['txtFirstName']}','{$_POST['txtLastName']}','{$_POST['cboNationality']}','{$_POST['cboGender']}')";

But there is a better and safer way. Firstly it is a very bad idea to include values form POST directly to your query without cleaning them first. Someone can input a SQL injection code in one of your textboxes and run her query with bad intentions on your database. So you better clean the values first (at least escape them using i.e. mysql_real_escape_string - http://php.net/manual/en/function.mysql-real-escape-string.php). Secondly using quotes and curly braces as above is correct but can lead to errors. So better, safer and cleaner approach would be:

// clean values, I used trim and mysql_real_escape_string,
// you can also use filters or your functions, also depending on values
$txtEmail = mysql_real_escape_string(trim($_POST['txtEmail']), $con);
$txtPassword = mysql_real_escape_string(trim($_POST['txtPassword']), $con);
$txtRePassword = mysql_real_escape_string(trim($_POST['txtRePassword']), $con);
$txtFirstName = mysql_real_escape_string(trim($_POST['txtFirstName']), $con);
$txtLastName = mysql_real_escape_string(trim($_POST['txtLastName']), $con);
$cboNationality = mysql_real_escape_string(trim($_POST['cboNationality']), $con);
$cboGender = mysql_real_escape_string(trim($_POST['cboGender']), $con);

// use clean values in the query
$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('$txtEmail','$txtPassword','$txtRePassword','$txtFirstName','$txtLastName','$cboNationality','$cboGender')";

I do not understand why you run the query if the field is blank. What is the $sql query? Maybe you should negate the condition (if $_POST['txtEmail'] is not empty then...):

if(!empty($_POST['txtEmail']))

You actually have to tell what to achieve or maybe post the whole script.

Yes, but is there must be some html output before calling the file above. Can you post the file that calls the above php code.

Syntacticaly code is OK. What error do you get? What do you want to achieve?

Is there any HTML code before your php tag? No html or any other output can be sent before header() function (not even a space - check for those).

The reason for windows being attacked more is because of the large amount of people using windows, and i wonder why all these people use windows more than linux?

Many more people use windows, that is a fact, but the reason is not the quality. The reason is Microsoft is a company that works forf profit (which is OK, since all companies exist for profit) and to maximize profit they do heavy marketing and selling and not always playing fair game here. They are even able to blackmail government agencies who are big buyers. So when a lot of people have windows at work they are used to it and buy it also for home. MS even manages to get many computer manufacturers to preinstall windows on their machines so many people just buy windows without even realizing there is a choice (same goes for ms office very often).

Linux on the other hand is not marketed that way (at least not as the desktop OS). There is some marketing there from various packagers (Ubuntu, Fedora...) but it hard to beat MS and it's agressive approach. As far as servers go Linux does not have to be marketed much since most sysadmins know whatto chose.

@mamdouh ramadan
Your corrections are OK but there is a less complicated way of doing it (without escaping and concatenation). Just use single quotes and no concatenation of strings (as in my previous post):

echo '<td><input name="txtf" type="text"></td>';
echo '<td><input name="txtf1" type="text" /></td>';
echo '<td><input name="txtf2" type="text" /></td></tr>';

It is easier to debug and maintain.

@Shougat
I dont know if you are familiar with many ways of quoting strings. In case you are not, see this link:

http://php.net/manual/en/language.types.string.php

When you are familiar with all this stuff about strings it helps a lot :-)

I tested the code and it returns city ID OK. The only thing I added was onchage event for the second select element:

 echo '<select name="city" class="text" onChange="this.form.submit();">

in the findcity.php so the second select also submits the form (but you might have a submit button for that).

In the beginning of the request.php I put this code to test:

if(isset($_POST['city'])) {

    $str  = '****************************************<br />';
    $str .= "{$_POST['city']}<br />";
    $str .= '****************************************<br />';

    die($str);
}

http://www.w3schools.com/ says on their front page: Learn to create websites. It is a good starting point. You will have to learn at least:

HTML: http://www.w3schools.com/html/default.asp
CSS: http://www.w3schools.com/css/default.asp

In addition to that it is good to know:
Server scripting, like PHP: http://www.w3schools.com/php/default.asp
Client scripting, like Javascript: http://www.w3schools.com/js/default.asp
Databases and SQL: http://www.w3schools.com/sql/default.asp

Later on you can move on to:
Ajax: http://www.w3schools.com/ajax/default.asp
Javscript libraries like jQuery: http://www.w3schools.com/jquery/default.asp
DOM: http://www.w3schools.com/htmldom/default.asp
etc...

findcity.php only creates a html code for a select element with appropriate ID and city names and javascript inserts this select element into the request.php page so request.php page should have a city ID in $_POST (or $_GET) array. What do you get if you print_var($_POST) after submitting the form?

I am not sure whether I am on the same line but number of simultaneous connections probaly depends on the web server you are using and how it is configured. If you are using Apache maybe this is the starting point:

http://httpd.apache.org/docs/2.2/mod/mpm_common.html#maxclients

Interestingly there is a Web socket protocol but I am completely unfamiliar with it and can be of no help :-)

http://en.wikipedia.org/wiki/WebSocket

The code has errors. You are missing quotes arround strings in lines 6 and 7:

echo "<td>" . '<input name="txtf1" type="text" />' . "</td>";
echo "<td>" . '<input name="txtf2" type="text" />' . "</td>";

Since you do not know whether you are getting all the fields from the database as you would expect it is a good practice to first check for the existence of values first. And you can actually join some echo statements into one. Here is the optimized version:

while($row = mysql_fetch_array($result))
{
    // if $row['ID'] is set assign it to a variable
    // otherwise assign a default value to the variable
    if(isset($row['ID'])) {
        $id = $row['ID'];        
    } else {
        $id = 'Error: No ID!';
    }

    // use the variable directly in double quoted string
    echo "<tr><td>$id</td>";
    // use single quotes elsewhere so you can use double quotes for html attributes
    echo '<td><input name="txtf" type="text"></td>';
    echo '<td><input name="txtf1" type="text" /></td>';
    echo '<td><input name="txtf2" type="text" /></td></tr>';
}

problem is when i try to get city id to register.php page..

I am not sure whether I understand what the problem is. Do you actualy want to know how to get the city ID once the user selects the city from the second select element? This is just a classic: check the request array. Somewhere In the beginning of the register.php page put something like:

// check if the form was submitted
// use $_GET if the method was get, use $_POST if the method was post
if(isset($_GET['submit']) && isset($_GET['city'])) {
    // do whatever you want when the user has submitted the city ID
    // ...
    // then redirect to some other page
    header('location:somewhere.php');
}

// if the form was not submitted just do the usual script
// ...

The ajax call will return the code for the select element and place it in the div which has the id=citydiv. Maybe you should check whether the ajax call generates the corect html code for select element. You can try this by inserting the following after the line 34 in the ajax functions code above:

alert(req.responseText);

It is a bit of a primitive way to debug but sometimes it helps. Also have a look at the javascript error console (in Firefox) whether there are any errors.

I am leaving now and won't be able to do more extensive testing of your codefor next 4 hours or so. If your problem does not get solved until then I'll be back.

Try to find out whether the findcity.php, which is supposed to return HTML code for a select element, works OK. I would put the following on the line 10 of the findcity.php:

die($query);

which will display the query instead of the select element. Now you can test the query in phpmyadmin.

If the query is OK then you can additionally check what the query returns by placing this in line 17:

die($row[0] . ' ' . $row[1]);

which should display city ID and city name.

I'm not using xamp but as far as I know xamp includes phpmyadmin which you can use to export / import databases or tables. In phpmyadmin go to home icon (on the far top left) select the database to export and from the top menu in the right pane select export. You do not need to change any options just export to SQL format.

To import got ot the phpmyadmin on another computer, click the home icon and then select the import from menu in the right pane. Browse to find the file you exported previously and this is it.

My advice is to use TCPDF library for converting to PDF. There are plenty of excelent examples on their website which is www.tcpdf.org. The library is open source and maintained.

Use mysql_real_escape_string (provided that you use mySql):

$safe_short_description = mysql_real_escape_string("PG for Girls/Ladies/Women in Kasmiri Rd, heart of the Agra city with fully furnished, 2/3 times homely food and all basic amenities.");
$safe_long_description = mysql_real_escape_string("PG's for Girls/Ladies/Women in Kasmiri Rd, heart of the Agra city - Neat, clean & beautiful, PG's for girls/working ladies/women. Fully furnished with TV, refrigerators, geysers and all basic amenities; with We have well designed Girls & Boys PG?s in Kasmiri Rd, Agra with spacious rooms, adequate RO water supply, near bus stand, safe and secure, very well ventilated, environment around is quite peaceful, good location and more. With and without meals, single, double and triple sharing. Available in wide range rent according facilities and amenities.4 hrs power back up; completely homely environment with We have well designed Girls & Boys PG?s in Kasmiri Rd, Agra with spacious rooms, adequate RO water supply, near bus stand, safe and secure, very well ventilated, environment around is quite peaceful, good location and more. With and without meals, single, double and triple sharing. Available in wide range rent according facilities and amenities./3 times homely food.");

Your update syntax seem to be wrong, this is correct:

$query = "UPDATE onlinepg 
SET short_description='$safe_short_description', long_description='$safe_long_description'
WHERE pg_id=2002";

or do you want to do and insert maybe:

$query = "INSERT INTO onlinepg (short_description, long_description)
VALUES ('$safe_short_description', '$safe_long_description')";

Please note that mysql connection has to be established before using mysql_real_escape_string.

isset() function returns either true or false. If the checked variable is NULL or is not set , isset() returns false. That is what the PHP manual claims.

Maybe you should post the last version of your code. It would be easier to try to find the bug.

A further impovement would be to use Ajax for sorting the data but only if you have significant amount of other content on the page. When changing sort order or field to sort by, using Ajax, only the sorted data would be refreshed not the whole page. If you have only the booklist data on the page it is not worth bothering with Ajax.

If you are familiar with jQuery, I guess Ajax is quite simple to implement. See http://api.jquery.com/jQuery.ajax/.

I havent noticed ardav has already replied with more detailed example some minutes before me so do not pay too much attention to my reply :-)

If I understand correctly: you want to construct an SQL statement depending on a field to be sorted on and the sort direction (ASC, DESC)?

If the above is true then the simplest option is to have the field to be sorted on and the sort direction in a querystring (using a form with method="get" - I hope you know how to do this).

Then just check whether both values have been passed and construct a query:

// if field to sort and sort order have been set
if(isset($_GET['sortfield']) and isset($_GET['sortdir']) {
    // assign querystring values to variables
    // all the security stuff is omitted here for simplicity
    // but do not to forget to check for correct values yourself!!!
    $sortfield = $_GET['sortfield']; 
    $sortdir = $_GET['sortdir']
} else {
    // prepare default values
    $sortfield = 'Category';
    $sortdir = 'ASC';
}
$query = "SELECT Category, ID, Arthur FROM booklist ORDER BY $sortfield $sortdir"
// do connecting to the db, reading from the table, displaying results etc
// ...

You have two else statements for one if statement which is syntactically incorrect:

if(($_SESSION['id']) && ($_SESSION['access_level'] == 1)) {

} else {

} else { // this second else on line 383 is incorrect

}

You can use elseif(another condition) if that is what you require.

Thanks. I guess I'll go back to a script that draws image which worked fine.

the <select> part it is echoing $one_date

This is due to my mistake. In line 32 double quotes should be used (to allow $one_date to be parsed):

echo ">$one_date</option>";

' selected="selected"'; part, could you explain this to me?

This is just a part of html syntax for select element. If an <option> has a selected="selected" attribute that option is selected. In the code above there is a foreach loop that creates <option> parts from an array (the $date_array in your case) for the select element. Within each iteration it checks whether the curent value of an array equals to the value read from the database. If it finds one the attribute selected="selected" is added to that option. Once it works OK have look at the HTML source in the browser.

See also http://www.w3schools.com/tags/tag_option.asp

Hi all

I would like to display several charts on a webpage. I have designed a class that would draw each chart using GD and based on data set by a public method. Unfortunately instead of charts being drawn I get an error message:

The image ... cannot be displayed because it contains errors

I have googled and checked similar threads here on DW but nothing helped. I think I do not have any output sent before headers (checked with if(headers_sent())) which is usually the cause for this error. Maybe my class is coded incorrectly. The same code works fine if put in an ordinary php file, but I would prefer to have a class for this purpose. If anybody coud have a look at the code and give me a hint I would really appreciate it.

The Chart class (simplified, but does not work):

<?php
class Chart
{
    // data for drawing the chart
    protected $chart_data = array();

    public function __construct() 
    {
    }

    public function set_chart_data($data) 
    {
        $this->chart_data = $data;
    }

    public function draw_chart() 
    {
        header("Content-type: image/png");

        $width = $this->chart_data['width'];
        $height = $this->chart_data['height'];

        // create image
        $image=imagecreatetruecolor($width, $height) 
            or die('Cannot iInitialize new GD image stream');;

        // define colors
        $fill_color=imagecolorallocate($image, 127, 127, 127);

        // draw a filled rectangle
        imagefilledrectangle($image, 0, 0, $width, $height, $fill_color);

        // output image and destroy it
        imagepng($image);
        imagedestroy($image);
    }
}
?>

And the php file to display the chart (simplified):

<?php
    require_once('Chart.php');
    $ch = new Chart;

    // set data for the chart
    $w = 250; …

I could not find any information on whether there are any restrictions for an option value attribute (<option value="any_restrictions_here?">) .I hope dots are permitted. I think browsers encode values to be safe for sending to a server.

A general answer:

1. read the record that the user is about to change
2. put each field value as a value of a html form field
3. for select html elements (drop down as you call it) put a set of option in an array, loop through that array and on each loop compare a value of the element with the value of the field. If they are the same, set selected attribute for that option.

A simple example just to get the idea:

// a query to get the fields
$qry = "SELECT * FROM table WHERE record_id=$ome_id";

// run the query
$result = mysql_query($qry) or die('Some error occured.');

// an array with fields of the querried row
$row = mysql_fetch_array( $result );

// start the form
echo '<form method="post" action="some_page.php">';

// an example of input text element with the value from database field
echo '<input type="text" name="input_name" value="' . $row['field1'] . '" />';

// an example of select element with values from a $dates_array and a selected
// option from database field
$dates_array = array('1.4.2012','2.4.2012','3.4.2012','4.4.2012','5.4.2012',);

// begin the select element
echo '<select name="date_select">';
// loop through the dates_array and add options
foreach($dates_array as $one_date) {
    // start the option tag
    echo '<option value="' . $one_date . '"';
    // if current element of the date_array equals to the date, read from the
    // database, add selected attribute
    if($one_date == $row['date_field']) {
        echo ' selected="selected"';
    }
    // end the option, add the text value for the drop down, end the option …

in_array function actualy works if you pass it an array as a needle (PHP 4.2 and above) :

$test_arr = array(
    0 => array('StudentID' => 123456789),
    1 => array('StudentID' => 001122334),
    2 => array('StudentID' => 010203040),
    3 => array('StudentID' => 987654321));

    if(in_array(array('StudentID' => 123456789), $test_arr)) {
        echo 'Found';
    } else {
        echo 'Not found';
    }

But this seems a bit clumsy to me. Why do you have such a structure of array and why is looping through array not an option?

You will have to use the correct type of joins (LEFT JOIN, RIGHT JOIN) to retrieve records with empty values. Which type of JOIN depends on the structure of tables and where the empty values are. See this tutorial:

http://www.tizag.com/mysqlTutorial/mysqlleftjoin.php

Try this query: SELECT DISTINCT date FROM product_data.

Insert this code between lines 8 and 9 and post what is displayed:

echo('<pre>' . print_r($row, 1) . '</pre>');

This will display and array of values for each row. <pre> tags are just for nicer formatting. If each row is an array of expected values then your table should print correctly.

As far as I understand a user is entering data in a form and this data gets written to a CSV file. If there is comma (,) in entered text, the CSV file gets broken if it is not delimited. If you use double quotes as a delimiter this breaks when saved to a hidden input field which also uses double quotes for a value attribute. But it is hard to tell since no enough information has been given. That is why I asked HasNor in earlier post to upload the latest versions.

Another thing: in the req_reportCSV.php file you have to set the default timezone otherwise you will get warnings (which might be saved in your csv file). You can set the default timezone in php.ini using date.timezone directive:

date.timezone = "Europe/Amsterdam"

or temporary in the script using date_default_timezone_set() function:

date_default_timezone_set('Europe/Amsterdam');

This will save you trouble either now or in future (depending on PHP version you use).

See http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone
and http://www.php.net/manual/en/function.date-default-timezone-set.php.

I think I found what is the problem. When you have text fields in csv they are supposed to be enclosed in double quotes and that is what Biiim and I were suggesting you. But when you add double quotes to text fields, the hidden input <inputname="csv_output"...> breaks since it also contains double quotes therefore the row is carried over incomplete through POST to the req_reportCSV.php file (in your browser have a look at source code for the main file - you will see errors). The solution is to use single quotes for input attributes like <inputname='csv_output'...> or to use single quotes for text delimiter in csv file.

The following is the code I tested on. Since I did not bother to set up a database I had to make up some test data which you can see in the beginning of the code. The last array (row) of the test data contains commas and it causes no errors.

Remove the test data and uncoment your code to deal with the database. You have to decide which fields are text fields and just surround them with $txt_delim. There are some comments within the code. I hope this will help you.

<?php
// some test data, delete this and read data from your database
$test_data = array(
        array(

        'reqid' => 'reqid1',
        'misRefId' => 'misRefId1',
        'name' => 'name1',
        'date_req' => 'date_req1',
        'cat_name' => 'cat_name1',
        'priority' => 'priority1',
        'detail' => 'detail1',
        'modSAP' => 'modSAP1',
        'req_symptom' => 'req_symptom1',
        'approval' => 'approval1',
        'status' => 'status1', …

Biim is right. Reference was made correctly in your first post but was changed to wrong in your post 4 days ago.

If this has not been solved yet: can you post or upload:

• the latest version of the main script with the table
• the latest version of the req_reportCSV.php script

• the output of the following SQL command (5 rows for testing):

  SELECT r.reqid, r.misRefId, r.date_req, r.request_by, r.category, r.priority, r.detail, r.modSAP, r.req_symptom, r.approval, r.curPIC, r.status, r.dateclose, c.cat_id, c.cat_name, u.empNo, u.name
  FROM request r, user u, category c
  WHERE r.request_by=u.empNo AND r.category=c.cat_id
  ORDER BY r.reqid ASC
  LIMIT 5

I can test this tonight. I did not test anything before because it is a lot of data to make up.