Posts by broj1

Where is the information about the logged-in user stored? Let's assume that is stored in the session in the $_SESSION['loggedin_username'] variable. Now while fetching rows you have to check whether the fetched username equals to the logged-in username. So the code would be something like:

<?php
include('includes/setting.php');
$for=mysql_query('SELECT * FROM commentsss');
while($fores=mysql_fetch_array($for)){
echo "<table width='85%' border='1' align='center'>
  <tr>
    <td width='126' rowspan='2'><p><strong><br><br><br><br>Username</strong>: ".$fores['username']."</p><strong><br>Email:</strong> <p>".$fores['email']."</p></td>
    <td height='121' colspan='2'><h2>Title: ".$fores['heading']."</h2></td>
    <td width='126' rowspan='2'>";
    // Here you check the username from the database with the logged-in username
    // and disply the links if they match
    if($fores['username'] == $_SESSION['loggedin_username']) {
        echo "<h4><br><br><br><br><br><a href=\"editscommsss.php?post_id=".$fores['post_id']."&heading=".$fores['heading']."\">Edit</a> | <a href=\"deletecommsss.php?post_id=
        ".$fores['post_id']."&heading=".$fores['heading']."\">Delete</a></h4>";
    }
    echo "</td></tr>
  <tr>
    <td height='136' colspan='2'><strong>Comment:</strong><p>".$fores['comment']."</p></td>
    </tr>
  </table>";
}
?>

I didn't test this piece of code since obviously I do not have enough data. But you get the concept.

In general you:

1. check for existence of any input (in $_GET or $_POST)
2. clean existing input
3. display it in the corresponding form fields

For detailed answer you should post your existing code.

Newline in HTML is <br> tag (a break):

echo $row_selecttemptable['ArtistName'] . ' ,<br>' . $row_selecttemptable['NAMEOfTheDVD'];`

i want to know about php.net language?

php.net is actually a website (that incidentally tells you all about PHP).

Seems like you are new to this forum. Welcome and hope you will find it useful. And since your question is pretty general I suggest you read this article first which will give you some guidance on how to post. A well structured question guarantees quick response and a lot of hints to solve your problem.

The code on line 9 is wrong, it wont return what you expect. You could change your query a bit and ad AS to the substring expression in the query:

SELECT runners.raceid, SUBSTRING(runners.raceid,1,4) AS raceyear,...

and then change line 9 in the code to:

echo $row['raceyear'];

This is one of my sites, sounds similar.
http://www.decawrap.com/fabrics.php

Looks cool. Would you mind sharing with us what was your approach?

phpacademy - learning by watching videos, various PHP forums like Daniweb :-), Stackoverflow, a good book on PHP, the documentation on the PHP.net site (comprehensive, free, but sometimes harder to get through it) and a lot of experimenting - set up LAMP or XAMP and go for it.

And do not forget other companion technologies: mysql, javascript, jquery, html, css etc. Happy coding in 2014.

I am just guessing (given the information I have) that on line 84 (and in other places) you are checking the session for existing username (logged-in user):

if (empty($_SESSION['MM_Username']))
{
    echo ("<h4>please log in before adding to shopping Cart</h4>");
}

If you want to enable guests to do the shopping, then you have to change the code for the empty username case:

if (empty($_SESSION['MM_Username']))
{
    // do whatever you intend to do only for guests
    // the rest of the code is equal as for logged-in users
}

i never did php lesson in classroom or any programmation lesson just introduction in programation

If this is true then it is a question if you are ready to program an online shop. Such a project demands quite a lot of skill and experience. Not that I want to put you off but keep in mind that you can get in trouble with your client if things do not work well and secure. Copying some code without understanding it will not help you.

It works? The results might be unpredictable.

In line 9 the id in $_SESSION['id'] is not existing. So better check for existence before using it:

if(isset($_SESSION['id'])) {
    switch($_SESSION['id']) {
    ...

}

You will need a secure application in any case if you intend to script online shop. To answer your question it is difficult since I do not know what functionalities exactly you would like. But in general if you use cookies to manage stuff realted to shopping cart, security is lower since cookies are on the client side and can be easily faked. Using sessions is safe. In reality you use a combination of both.

By default sessions store session data in the file system. You can change that so that session data is stored in the database which might be even safer. See this article.

Sory we could not find a solution for your problem. I think it was just a bit of missunderstanding. Maybe you should try to rephrase the question and post it again as a new thread so other people can jump in.

Remove the ) at thr end of the statement. Correct version is:

$userUpdateSQL = "UPDATE `database`.`table` SET usecolum='$hash' WHERE usercolum='$hash'";

I made a mistake and you copied it blindly :-)

You have to UPDATE the USER record with the newly created hash. So if you post the user table structure, I can suggest a query. But the query in general will look something like:

$userUpdateSQL = "UPDATE usertable SET user_hash='$hash' WHERE usr_id='$currentUser'");
$Result = mysql_query($userUpdateSQL, $marketbase) or die(mysql_error());

OK. Try to write some code and if doesn't work, post it here and we will have a look at it.

No. On line 171 you have to write code for inserting newly generated hast into the database. How you prepare the query depends on the structure of the users table.

Make sure that you use correct variable name for the users current
hash value read form the database. I used $row['user_hash'] just to show you the principle. Replace that with your own variable name.

On line 171 you have to add your code to insert the new hash into the user record.

There might be some errors in your script(s), but your web server is not telling you about them since most probably the display of errors is turned off. Change the following settings in your php.ini:

error_reporting=E_ALL
display_errors=On

and restart your web server.

The errors could be in the included inc/config.php or are there simply because maybe $_POST elements do not exist. You can avoid the later by wrapping the code in an if check:

if(isset($_POST['username']) && isset($_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];
    $md5 = md5($password);
    ...
}

I would use jquery and either hover or on method. The later is preferred since it gives more controls over event handling.

Can you post the whole code?

How did you test it? I tested it so that i set up cookie expire time to 5 seconds and it worked.

@broj1 sorry, I didn't saw your answer, bye!

No worries, mate. Two answers are better than one :-)

Your condition is wrong since it checks if either submit is set (which always is after submitting) or $service_name has some text. The condition is always true and the values are inserted (if they do not exist). The correct condition would be using && (and):

if($submit=='submit' && strlen($service_name) > 0 && strlen($service_content > 0)) {
    ...
}

or a bit simpler one (without using slow-performing strlen):

if($submit=='submit' && $service_name != '' && $service_content != '') {
    ...
}

And I have to take your attention to two more things not related to your question but quite important:

1. do not insert user input you received from a web form directly into database without cleaning it first! Bad guys (and gals) might enter a nasty sql into an input or textarea fields and you will transfer that politely and directly to your database server. It is called an sql injection. To fight against it you have to at least clean the user input by disabling characters that are potentionally dangerous (especially the ' which is the pandora's box opener). You do that by escaping user input string using mysql_real_escape_string function. You can add to that some black / white listing and other checking and validating methods.

   mysql_query("insert into tblservices(service_name, service_content) values ('" . mysql_real_escape_string($service_name) . "', "' . mysql_real_escape_string($service_content) . "')") or die(mysql_error());

2. You use mysql extension to handle database related stuff. This extension is old and is about to be kicked out of this world. …

i don't know to - set cookies and check if it exist or (expired)

You were close. But if you set cookie in one line and check for it in next it wont work since cookies are sent in header so by the time you set it the script does not know about it yet. The cookie will be sent in the next page request (if not expired). So I guess the correct order would be:

// initial hash is read from the database
$hash = $row['user_hash'];

// if cookie expired or hash not existing in the database row for that user
if(!isset($_COOKIE['MM_username']) or empty($row['user_hash'])) {
    // cookie expiration time is now + 30 days (in seconds)
    $cookieExpireTime = time() + 30 * 24 * 60 * 60;
    // compute new hash from unique string (to get different hash)
    // I used output of the time function you can also user random value
    $hash = md5(time());
    // store new hash into the user record
    // ...
    // set new cookie to expire in 30 days
    setcookie('MM_username', 'dummy cookie', $cookieExpireTime);
}
// use the hash
// ...

in my website i use [MM_username] for loged in user so it = to user email
i think i must not use it again with cookie right???

Do you mean you use MM_username as an associative index in some array already? You can use the same index in other arrays also, but it might lead to confusion in …

To get the same hash use the same string for 30 days. There are many ways to accomplish this. One of them could be:

Initially:
- store the initial string for hashing in the users record in database
- set the cookie that expires in 30 days

Everytime you need a hash:
- check whether the cookie exists (has not expired)
- if yes use the string from the user record and hash it
- if no set new cookie with expiration 30 days, generate new string in user record in database and hash that string

Alternatively you can store a hash in the user record or store the date in the user record instead of the cookie (a cross-browser / cross-computer solution)

You are welcome. Hopefully you used the diafol's solution since it caters for multibyte strings. Quite important if you plan to deal with non-english language characters.

Happy coding in 2014.

On line 5 you are trying to write date object into the text file. It won't go. Also the third argument to the fwrite is optional string leght. I doubt you wanted to use it that way. Change line 5 to something like:

fwrite($file, $ip . ' ' . $dt->format('Y-m-d H:i:s') ."\n");

For one thing you are missing quotes arround associative index names. Since the array elements are complex variables you should also enclose them in curly braces to get them parsed properly in a double quoted string. Another issue is that you echo the if condition which is not right. Then you are missing a space before selected and the angle bracket after the selected goes to the next echo statement (otherwise it might get lost). See my attempt at the correct code:

echo "<option value=\"{$row['province']\""; 
if($_POST['prov'] == $row['province']) {
    echo ' selected="selected"'
}
echo ">{$row['province']}</option>";

Check what the $array content is. Is it an array of objetcs (this is how you reffer to each row)?

To check the contents of the array insert this temporary debug code after line 5 in the second code snippet:

die(print_r($array, 1));

This will display the contents of the $array variable and stop the script. Now you can inspect the elements displayed and try to debug it. You can also paste the output here for us to see.

So, if solved, please mark as solved. Happy coding in 2014!

You have a space in the src URL, just before the $photo variable:

echo "  ".$results['image']."<a href='http://www.mysite.org/br/s.php?id=$id'><img src='/cate/upload/ $photo' width='100%' height='100%'></a>"

Decide on how many characters you can display. Then change line 30 from:

<td ><?php echo $row['service_content']; ?></td>

to:

<td >
<?php 
$contentLength = strlen($row['service_content']);
// check if the length of the content exceeds max number of chars e.g. 120
if($contentLength > 120) {
    echo substr($row['service_content'], 0, 120) . '...';
} else {
    echo $row['service_content'];
}
?>
</td>

You are welcome. If that solves the problem, please mark it as solved. Happy coding in 2014.

Here is and example of a script that resets the password and mails new password to the user.

http://www.daveismyname.com/tutorials/php-tutorials/reset-password-script/

I prefer slightly different approach. When user forgets his password he is sent a temporary link to a form where he can create new password. You can find examples by googling a bit (i searched for php forgot password reminder script).

1.but the field total is empty when add value to quantity

Establish initial values and put them into the input fields.

1. the float don't work for per exemple 2.50 it give 2.5 but for 2.75 is work fine like usualy float.

Get rid of the toString() method since toFixed() already returns a string. Use number_format() in PHP part for the same purpose.

<?php 
// number of decimals
$NoOfDecimals = 2;
// initial values for quantity and total
$initialQuantity = 1;
$initialTotal = number_format($initialQuantity * $row_itemdetaille['price'], $NoOfDecimals);
?>
<form action="" method="post" name="formulaireajout" class="formulaireajout" id="formulaireajoutid">
<input name="price" type="text" id="pricefield" value="<?php echo $row_itemdetaille['price']; ?>" readonly>
<input name="quantity" type="number" min="1" max="20" value="<?php echo $initialQuantity;?>" id="quantityfield">
<input name="total" type="text" id="totalfield" value="<?php echo $initialTotal;?>" readonly>
</form>

<script type="text/javascript">
$("#quantityfield").change(function() {
var value = parseFloat(<?php echo $row_itemdetaille['price']; ?>);
var quantity = parseInt($("#quantityfield").val());
var total = value * quantity;
$("#totalfield").val(total.toFixed(<?php echo $NoOfDecimals;?>));
});
</script>
</body>

If you want to learn more about this google for cyclomatic complexity. See this article on Wikipedia.

You can either download it to your local (or any other) server or just include it from one of the CDNs (content delivery networks) which in my opinion is better method, since:
- it is always there for you, hosted on reliable server
- it is tuned for good performance (caching, availability...)

You can download jquery from here: http://jquery.com/download/. Choose the newest version if you do not have any legacy code. Download it to a directory that is readable by your web server and reference it in your scripts.

If you include it form the CDN just put the scriot tags in the head of html pointing to the jquery URL, like:

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>

See https://developers.google.com/speed/libraries/devguide.

Then put the code snippet from the above to the end of the html body - just before the closing </body> tag.

...
<script type="text/javascript">
    $("#quantityfield").change(function() {
        var value = parseFloat(<?php echo $row_itemdetaille['price']; ?>);
        var quantity = parseInt($("#quantityfield").val());
        var total = value * quantity;
        $("#totalfield").val(total.toString());
    });
</script>
</body>
</html>

Not exactly a PHP related question but anyway: do you have the ending </a> tag? Is your other HTML code OK?

// set the array with month names
$monthNames = array('January', 'February', ...);

// this is your date in a form of a string
$dateString = '2013-12-25';
// change it to an array
$dateArray = explode('-', $dateString);
// month is the second element (-1 to get the correct index)
$Month = $monthNames[$dateArray[1] - 1];
// the year is the first element 
$Year = $dateArray[0];

You should not echo any output before the header command. Remove line 56:

echo "<p class='red-info'> Record Saved! </p>";

so the headers can be sent. This command is pointless anyway since the page would get redirected.

OK, this is tested jquery, nicely broken down so it can be easily understood :-)

$("#quantityfield").change(function() {
    var value = parseFloat(<?php echo $row_itemdetaille['price']; ?>);
    var quantity = parseInt($("#quantityfield").val());
    var total = value * quantity;
    $("#totalfield").val(total.toString());
});

Use javascript and on change event on the quantitiy input field that would triger a function. Something like (not tested):

<input name="quantity" type="number" min="1" max="20" value="1" id="quantityfield" onchange="updateQuantity();">
...
<script type="text/javascript">
function updateQuantity() {
    var quantity = document.getElementById("quantityfield").value;
    var price = <?php echo $row_itemdetaille['price']; ?>;
    document.getElementById("totalfield").value = quantity * price;
}
</script>

or jquery version (again not tested since it is getting quite late here)

$("#quantityfield").change(function() {
    $("#totalfield").val(
        $("#quantityfield").val() * <?php echo $row_itemdetaille['price']; ?>;
    )
});

A bit more code would help. Where do you echo it? Maybe it gets changed somewhere in the process?

contest[name]

the index should be enclosed in quotes:

contest['name']

and enclosed in curly braces if used in a double quoted string:

...id="contest-name" name="{contest['name']}" value="' ...

What was the problem with the layout? TCPDF is quite flexible and I did not have problems creating nice tables.

Maybe the simplest way would be to address the array element directly:

$eng['profile_permission'] = 'You belong to ' . $group . ' with a permission of ' . $permission .'';

or using double quotes:

$eng['profile_permission'] = "You belong to $group with a permission of $permission";

To recap the above two posts:

// check whether $_GET has any value and if the value is valid
// (you might use some more proper validation depending on the value of the movie ID)
if(isset($_GET['movie_id']) && !empty($_GET['movie_id'])) {
    $query = "SELECT movie_name,movie_year,movie_director,movie_leadactor,movie_type,movie_running_time,movie_cost,movie_takings FROM movie WHERE movie_id= " . mysql_real_escape_string($_GET['movie_id']);
    $result = mysql_query($query, $db) or die(mysql_error($db));
} else {
    echo 'The movie ID is missing!';
}

And please note: mysql extension is a bit old and is about to become a history. Switch to mysqli or even better, the PDO.

i don't understand. how does this solve my problem?

If number of affected rows equals 0 no rows were deleted. That might be the case if no rows matched $idURL.

But to check there are no other issues, use simple debugging technique - insert this code right after line 14:

die($query);

This will display the query as in its final form and stop the script. Now inspect the query or copy it to phpmyadmin and test it.

And take a note from the previous post: do clean the data received from the GET. And drop the mysql extension - switch to mysqli.

Just to alert admins that some spamming is just happenning in the PHP forum here on Daniweb. Please take a look.

If the array that is sent as a parameter to the $liquid->render() method has to have same form as teh $assigns array then you have to read the data from the database and put it into an array of the above mentioned form. The details depend on the table structures and on the query that reads the data.

Simply change the action attribute to the same page like:

<form method="post" action="#">

or:

<form method="post" action="<?php echo __FILE__; ?>">

The first PHP snippet should be on top of the script and should not echo the variable but just assign a value to it. You will echo it later in the appropriate place in the html.

// initialize the error message variable
$error_message = '';

if(isset($_POST['jansave']))
{
    $basic = $_POST['basic'];
    $epf = $_POST['epf'];

    if($basic&&$epf)
    {
        require "connect.php";
        $total=($basic + $epf);
        $query=("INSERT INTO january (basic,epf) VALUES ('$basic','$epf')");
        $result=mysql_query($query);
        if($result)
        {
            $message = "<b>Your Total Income is $dtotal</b>";
        }
        else
        {
            $message = "db sucks";
        }

    }
    else
    {
        $message = "<b>Please fill out the entire form.</b>";
    }
}

Now here comes your html where you can echo the message whatever it is:

<div class="rm">
<h3><?php echo $message; ?></h3>
</div>

I hope this is what you are after (at least this is what I understood from your post). If you still have problems post the complete sript(s) from top to bottom and mark exactly where you want to put the string. However, make sure all the variables you want to echo out do exist otherwise you will get the error.

And, while we are at it, do not insert user supplied values ($_POST[...]) into the database unescaped. You are risking an injection of malicious code into you db server.

Are you viewing this locally? Do you have a web server with php running? Is your script a PHP file?

In other words: PHP scripts should have a .php exstension (not .html) and should be run on a PHP enabled web server (could be localhost or a server embeded into your IDE).