Posts by broj1

The order of applying styles is something like:

1. the browser default styles
2. the styles in external css files (if exist) override browser default styles
3. the styles in head head override previous two (if either exist)
4. the inline declaration overrides any other (if any exist)
5. the @important modifier overrides most if not all of others

szabizs gave you excellent example in his post above. I am merely adapting it to your code:

} else {

    // counter for rows
    $currentRow = 1;

    while ($myrow = mysql_fetch_array($pnts)) {
        $sql = "SELECT * FROM `Player` WHERE `PlayerID` = " . $myrow["PlayerID"];
        //echo $sql;
        $playerar = mysql_query($sql);
            if ($playerfetch = mysql_fetch_array($playerar)) {
            $fullname = $playerfetch["FirstName"] . " " . $playerfetch["LastName"];
        }

        // define style depending on which row we are in
        $style = $currentRow <= 6 ? 'border: 1px solid green;' : 'border: 1px solid black;';

        // print the row using appropriate style for cells (or you can use it for rows)
        printf('<tr><td align="center" style="$style">%s</td><td align="center" style="$style">%s</td></tr>', $fullname, $myrow["TotalPoints"]);

        $currentRow++;
    }
}

Is the problen a layout or the appearance of the form elements? I think you should experiment using css / tables. I also guess the outcome might depend on browser used.

First, I need the result of the function to first print out the results like so:

For this use the implode function:

echo implode(',', getArrayUsers($id));

The second part of the question I do not quite understand. Can you reword it?

Can you comment out the die statement on line 16 and insert this debug code after line 20 (in the beginning of the while loop):

if($vrow['added_on'] <= 0) {

    die($vrow, 1));
}

This will output the value of the $vrow in a case where $vrow['added_on'] equals 0 or less than 0. You have to investigate that row then. Please post the result here if you do not manage to debug the error yourself.

Enclose the datepicker in div tags with id (i.e. datepicker-wrap) and assign a function to a onclick event of the radio button

function toggleVisibility(id) {

    var element = documentGetElementByID(id);
    element.style.visibility = element.style.visibility == 'hidden' ? 'visible' : 'hidden';
}

Or you can use jQuery toggle method.

Can you post the whole code.

The simplest way of doing it would be using separate rules for printing using print media type.

Do you do any checking on dates that come from the form i.e. are the dates in correct format or is date2 >= date1 etc? I suggest you put the debug code just after the SQL statement:

$vquery="SELECT * FROM rt_transaction WHERE added_on>=Unix_Timestamp(".$date1.") AND added_on<=Unix_Timestamp(".$date2.") AND rt_owner_id='".$_POST['owner']."'";

// DEBUG
die($vquery);

This code will display the query and stop the script. Please test the displayed query in phpmyadmin or mysql client (assuming you use mysql) or post it here.

What is the query that reads the values from the database? Does the value exist in the added_on column? Does any data for the query come from a form?

To restate the above answers: the method $rtTransaction->getAddedOn() presumably returns a unix timestamp which you want to convert to human readable date. If the displayed date is 1970-01-01 then the $rtTransaction->getAddedOn() method has returned 0 which is a timestamp that translates to 1970-01-01. As said above: investigate the $rtTransaction->getAddedOn() since the error is quite possibly there. You can also post the method here.

1353658977 seem to be date in unix timestamp which converts to Fri, 23 Nov 2012 08:22:57 GMT. If you get 1970-01-01 something must be wrong since the unix timestamp for this date is 0. If $rtTransaction->getAddedOn() returns timestamp then it ovbiously returns 0.

How can i use WHERE clause to get result.I required in a project

What is the SQL now, what are conditions?

How can i get result between two date from database where date is in unix timestamp

// result in seconds
$difference = $date2 - $date1

Convert seconds to whatever you want.

When you use values from forms in your query best practices are:

• check for existence of values
• validate entered values for correct type/value

• escape the values to prevent entering bad characters (like ')

  // check if there is a value in the request
  if(isset($_REQUEST['tid']) && !empty($_REQUEST['tid'])) {

      // cast to integer if you are expecting integer
      // escape if you are expecting string
      // $tenantID = (int) $_REQUEST['tid'];
      $tenantID = mysql_real_escape_string($_REQUEST['tid']);
  
      // then use the value in query
      $query_recTenantID = "SELECT * FROM md_tenant WHERE tenantID = ".$tenantID;
  
      // display the rows
      ...
  

  }

This has nothing to do with a type of for loop you use. The best thing to do is to use a CSS. To get table positioned in the midle just set left and right margins to auto:

echo "<table border='1' style='margin: 0 auto;' ><tr><th>Payment</th><th>Date of payment</th><th>Payment</th><th>Date of payment</th><th>Payment</th><th>Date of payment</th><th>Payment</th><th>Date of payment</th></tr>";

while ($row = mysql_fetch_array($result)){
    echo "<tr>";
    for($i=1;$i<9;$i++){
        echo "<td>".$row[$i]."</td>";
    }
    echo '<td><a href="apagar.php?id_dados='.$row['id_despesa_casa'].'">DELETE</A>';
    echo '<td><a href="editar.php?id_dados='.$row['id_despesa_casa'].'">EDIT</A>';
    echo "</tr>";
}
echo "</table>";

You could also do it in an external stylesheet which is usually recommended.

Unformated in what way? What is the result you would like to achieve?

Your approach is completely OK, I think most of people do it this way. You start a html table, display a header row and then loop through the resultset from a mysql query and display each row, adding a delete and edit links. The only thing that could be done in a safer way is the for loop which would be better if it was done with a foreach loop:

while ($row = mysql_fetch_array($result)){
    echo "<tr>";
    foreach($row as $field){
        echo "<td>".$field."</td>";
    }
    echo '<td><a href="apagar.php?id_dados='.$row['id_despesa_casa'].'">DELETE</A>';
    echo '<td><a href="editar.php?id_dados='.$row['id_despesa_casa'].'">EDIT</A>';
    echo "</tr>";
}

Why is the foreach loop safer? Well, mainly because you do not have to worry about how many fields you have in one row. The foreach will loop through all of them. When you use a for loop you have to know the number of fields so you can set the iterration count (from 1 to 8 in your case) which can lead to errors.

Please help me in understanding (action="?op=login") part

This means that the form will be submitted to the same page with the query string op=login appended to the URI. So if the page with the form is http://www.mydomain/login.php the action goes to http://www.mydomain/login.php?op=login, which in turn means that $_GET array will contain an 'op' element after the form submition

$_GET['op'] = 'login';

which you can test for and use in your code (which is actuall done on line 5).

Once you query the database you can retrieve a row in either:

• an array (associative: using mysql_fetch_assoc or enumerated using mysql_fetch_row or both using mysql_fetch_array) where keys are field names (or filed index) and values are the values you queried:

  $myArray['username'] = 'broj1';
  $myArray['password'] = 'IamNotTellingIt';

or

• an object (using mysql_fetch_object) where property names are field names and propertiy values are the values you queried

  $myObject->username = 'broj1';
  $myObject->password = 'IamNotTellingIt';

So which one you use is just a matter of what you prefer to process when you use the values. I personally use the array functions.

Just a side note: mysql extension is becomming obsolete and will not be supported sometime in future. It is wise to start using the mysqli (improved) extension which has more features. So the above functions would be mysqli_fetch_assoc, mysqli_fetch_row, mysqli_fetch_array, mysqli_fetch_object.

mysqli_fetch_assoc function returns only one row. You use a while loop to go through all the rows (10 in your case) but the way you implemented your function this is not happening. If you want to use this function to return all results, you have to read all the rows within the function an return the array of rows not only one row (hopefuly you wont get to big resultsets).

And what does the sanitize function do? Does it work correctly?

Another desperate try: have you tried to echo the query in the login function:

function login($username, $password)
{
    $user_id = user_id_from_username($username);
    $username = sanitize($username);
    $password = SHA1($password);
    $query = mysql_query("SELECT COUNT(user_id) FROM users WHERE userName = '$username' AND password = '$password'");

    // DEBUG
    die($query);

    return(mysql_result($query, 0) === 1) ? $user_id : false;
}

Does the query look OK (is user_id correct, is $password actually a hash)? Does the output query work OK in phpmyadmin if you copy it there?

I am not sure if this is important: sha1() function should be in lowercase. Can you try

$password = sha1($password);

This is what PHP recommends:

http://si1.php.net/manual/en/faq.passwords.php

One possibility for the cause of the error could be on the return line of the login function (which obviously returns false):

return(mysql_result($query, 0) === 1) ? $user_id : false;

mysql_result() function returns string so you should compare it to 1 (an integer) with == operator. If you want to use === operator then you should compare it to '1' (a string).

So either:

return(mysql_result($query, 0) == 1) ? $user_id : false;

or:

return(mysql_result($query, 0) === '1') ? $user_id : false;

I have not tested this so I do not claim I am 100% right.

@radhakrishna.p

print("<option value=\"$idCat\">$cat</option>"); is completely valid code (if you meant line 14 above).

Also you have errors in HTML code:

• closing </select> tag should be after line 33 and not on line 37
• </td></tr> is missing before line 34
• etc ...

You editor should warn you about the html errors (if it is not notepad). Or you can have look at the source in Firefox (rigt click on page and select View page source). The errors should be marked red.

Please correct the html errors first since they render elements incorrectly.

Also check all the queries in phpmayadmin whether they return the correct values for select elements:

SELECT category from Category order by category
SELECT collection from collection order by collection
SELECT metal from MetalType order by metal
SELECT stone from stone order by stone

Have you selected all fields when testing?

One of the reasons might be the enctype attribute on line 1. Can you change it to application/x-www-form-urlencoded (which is default for forms) or just omit it (since it is default). The multipart/form-data value is used for file upload. It does not encode the url characters.

And correct the code on line 83 to:

<input type="number" name="price" />

as AleMonteiro suggested in his post above.

Or maybe is better to make sure users fill-in/select all fields before submitting a form. In this case you have to do javascript checking in the page with the form and checking and validating on the processing page.

You can also do it with less code using ternary operator:

$mod = isset($_POST['model'] ? mysqli_real_escape_string($_POST['model']) : '';

In the above output the values for category, collection and stone are missing (not set) and that is why the query can not get constructed correctly on line 55. The good practice is to check for existance of values of $_POST array before assigning them to variables. At the same time at least escape the values so you do not get SQL injection attack.

if(isset($_POST['model'])) {
    $mod = mysqli_real_escape_string($_POST['model']); // example for mysql
} else {
    $mod = '';
}
...

On lines 23 to 30 you assign $_POST values to variables but then you do not use those variables in the query on line 55. Is there any reason for that?

We have to check first whether all the values are in the $_POST. Can you please stick this code on line 21 and post the result:

die(print_r($_POST, 1));

Another thing, I'm guessing, but I don't hink <input type="(float)number" name="price" /> is a valid markup

It definately isn't. This is HTML code and HTML does not have a cast function and casting number attribute is not logical anyway. It must be a typo.

The number attribute is HTML5 feature, it did not exist in (X)HTML 4.x.

Please post the insert_validation.php script also since the values should be accessible there (assuming that the queries return expected values).

foreach ($data1 as $in1 => $h1)
{
    // temporary array for inner loop, needed for sorting
    $count_arr_temp = array();

    foreach ($data2 as $in2 => $h2)
    {
        $match = array_unique(array_intersect($h1, $h2));
        // put count data in a temporary array
        $count_arr_temp[] = count($match);
    }

    // sort temporary array
    rsort($count_arr_temp);

    // didplay sorted elements
    foreach($count_arr_temp as $count) {

        echo $count;
    }

    // add the delimiter
    echo '||';
}

Other way of checking it is placing this code on line 34:

die("UPDATE staff SET  enabled='$status',name='$name', password='$password', email='$email' , department='$department' WHERE id='$id'");

which will echo your query and halt the sript. Now you can examine the query and/or test it in phpmyadmin.

I agree with what diafol said:

You shouldn't have a column for each product

You can have a product table with product ID and product name fields and a user table with user ID and other user data then a product_user table with product ID and user ID to store the orders (or whatever you wish to store). This would be a typical example of one to many relationship (one product has many users that bought it). It is easier to maintain, easier to extend/scale, easier to generate PHP code (just loop through products table) and is inline with requirements for database normalization.

Not sure if this exactly the essence of your app but I hope it helps. This link might be helpful:

http://www.deeptraining.com/litwin/dbdesign/FundamentalsOfRelationalDatabaseDesign.aspx

broj1 is wrong you CAN have inputs with the same name however when you do you need to use the sytanx name="samename[]

You can not have the same names for IDs. Using an array is not the same names since each element is separate. If you do not use an array the $_POST will contain only one entry.

In your code above there is no checkboc with the name user_id. In addition to that all the checkboxes have same name attribute (options3) which can not work. You have to give each checkbox unique name attribute (which should be equal to corresponding database field name).

This error is probably comming from this:

$user_id=mysql_real_escape_string($_POST['user_id']); 

If so, the $_POST array probably does not contain an element with the key user_id. The reeasons could be:

you either have not checked the user ID checkbox. Solution: check for existence of the element in post:

if(isset($_POST['user_id'])) {
    // if user ID exists, asign it to the variable
    $user_id=mysql_real_escape_string($_POST['user_id']);
} else {
    // otherwise do whatever is appropriate
    echo 'User ID is missing';
}

or the user ID checkbox might have other name than user_id. Chek the script that contains the form.

It is actually a good idea to check for existence of all the $_POST array elements before using them.

OK. If it works (no more problems), please mark this as solved.

In addition to that:

Spaces in column names are allowed in mysql but are bad practice in my opnion. The same goes for associative array keys. To avoid possible errors and ensure portability my recommendation is: use undersoces or camelCase instead of spaces for db column names, array keys and variable names.

Variable names can not contain spaces.

$fmcg application=mysql_real_escape_string($_POST['fmcg application']); 

Replace spaces with underscores ($fmcg application -> $fmcg_application)

There are many tutorials out there but they might vary in completeness since they often omit some parts to emphasizes others. But your question is spot on. If I got it right you are asking about what to do with the posted values to use them securely.

The trim is actually a good function to get rid of extraneous spaces in before and after the actual text since the user might not be aware of them and they might cause some trouble. But more important is to escape and sanitize the data sent form the form.

The functions you will use depend on the context the value goes to. If you intend to store the value to a database, you tipically escape it (e.g. using mysqli_real_escape_string). If the value goes to the URL then you use urlencode function. If you stick the value into html use htmlspecialchars function etc.
You also have php filters you can use or filter_var.

And also you can also add your custom validating functions (e.g. for checking local phone numbers).

And the same goes for cookie values. Sanitize them before you use them.

You have to validate/sanitize input values whenever you either store them in a db or use them in javascript, HTML, CSS, email or any other possible context. If you forgot to do it you risk your app being compromited by SQL injection, XSS attack and similar. Sanitizing means basically escaping or replacing the characters that are unwanted in a particular context like:

• if you intend to store user entered data into database then most unwanted character is ' (single quote). If you forget to escape it the bad guy can enter code that will change your SQL statemnt in a way that you do not want.
• if you intend to use user entered data in your html then for example you do not want characters < and > and sometimes & get into html since they can be used to insert harmful client side script code into html
• etc...

See nice articles here and here and google for sql injection, XSS, html injection...

use mysql_real_escape_string() function to escape characters in all input fields. Not just to enable people to enter quotes but also to prevent evil people to enter harmfull code.

$title = mysql_real_escape_string($_POST['title']);
$content = mysql_real_escape_string($_POST['content']);
$creator = mysql_real_escape_string($_POST['creator']);

Mind you the connection to mysql has to be established in order to use this function. BTW: It is recommended to switch to mysqli extension.