Posts by broj1

OK, so if you do not intend to carry on in this thread, please mark it as solved.

I was away until just now. OK, so you will try it other way. My suggestion is that you first outline the logic with comments like:

// check if the user is authorised, if not, redirect

// if first question read the first question, correct answer and possible answers
// otherwise read the next question, correct answer and possible answers

// if user submitted the answer to the previous question store the answer

// compare the answers    
// if the answer was wrong notify the user

// display the page

// ...

Once you have logic done start coding. It will be easier that way and to upgrade logic later. And separate the logic and the html output as much as possible.

OK, you posted while I was checking your previous code.

now i want to check which question is right and which is wrong

Well, everything depends on what you want to do. If the question is wrong, should it stay on the same question or move to the next? Where do you want to keep the answers, in a database or in session (they will get lost once the user logs out)? It is good to have some sort of a blueprint before you start coding.

when i write echo $query it says undefined variable

Ups, I just realized that you do not use $query to store the query (as I suggested) but you pass it as a string to mysql_query. Well, I have to live right now but I'll come back tonight. In meanwhile you can assign a query to a variable and echo it:

instead of:

$result = mysql_query("SELECT * FROM courses WHERE (id=".$cid.")");

do:

$query = "SELECT * FROM courses WHERE (id=".$cid.")";
echo $query;
$result = mysql_query($query);

The $result does not show your query, echoing it is pretty much useless. It holds the resource - a special PHP type. So please do as I suggested in my last post. Echo the queries and test them in phpmyadmin.

and then if i go back to previous page from browser it shows nothing...is that because of sessions?

It could be true, I am not sure I should do a test. There are other mechanisms you could use instead of sessions to transfer the current id: a hidden field, a querystring or even a cookie. But session is the most secure way since the visitor can not change the values and skip to other questions.

And also I noticed that the query for last id on line 108 is wron. It shoult be ordered in descending order (DESC) to get the last id.

$result1 = mysql_query("SELECT id FROM questions WHERE (evaluationid=".$evaluationid.") ORDER BY id DESC LIMIT 1 ");

One thing you can do is quickly debug the query. Put this code on line 71 (and remuve the echo $result code):

echo $query;

This will display your query on each new page and you can check in phpmyadmin whether the values are correct. You can do this for all queries and other values a s well.

I do not have time to test your code right away (hopefully I can do it tonight at home). First thing I can't find is session_start() which should be on the beginning of the script. You must add it in order to usesessions.

Yes, you are right. The questions are getting displayed on the same page. This is set in the action attribute of the form:

<form  action='start-course-evaluation-action.php' method='post'>

and could as well be:

<form  action='#' method='post'>

and the above code should be part of this script. You have to add logic to evaluate and/or save the answers to the current question (probbably save them permamnently in a database or temporary in a session upon each submit). The logic should be somewhere on the beginning of the script.

Assuming that id is an integer and autoincremented by the DB then the id fields probably increase with every new question and you can use this approach:

Whenever you read and display the question save the id in the session. If there is no id in the session you are displaying the first question otherwise you just go for the next question. Also save the id of the last question so you know when to stop. The rest is documended in the code below (it should be a part of start-course-evaluation-action.php script):

// start the session
session_start();

// if this is the first run of your script
// the id has not been stored in the session yet
if(!isset($_SESSION['current_id'])) {

    // this query will select the question with
    // the lowest id, presumably the first one
    $query = 'SELECT * FROM questions ORDER BY id ASC LIMIT 1';

    // read the row, display the question as in the form as above
    // the form can have action set to self (#)
    ...

    // store the current id in the session
    $_SESSION['current_id'] = $row['id']

    // read the last id so you know when to stop
    $query = 'SELECT id FROM questions ORDER BY id DESC LIMIT 1';
    ...

    // store the last id in the session
    $_SESSION['last_id'] = $row['id'];

// if current id exists in the session you can go and display the next qestion
} else {

    // this query will read the question just after the current id
    // …

Use header function at the end. But be careful, no HTML or any other output should be sent before the header function in order for it to work:

header('location:yourpage.php');

I haven't tested the deleting itself. Judging by example here the filename is enough if the file is in the same directory as the script. You can try both versions (without and with the path) and see if they work. If you have troubles I can do a test but not before tomorrow night (it is just past midnight here now |-)).

The checkbox names should have values equal to filenames so you get the array of filenames to delete in $_POST:

echo "<tr>
    <td width='400'> $file </td>
    <td > <input type='checkbox' name='formImage[]' value='$file' />&nbsp;<br /> </td>
    <td> <img src='{$handle}/{$file}' style='width:50px; height:50px;' />
    </tr>";

I optimized the code for deleting a bit:

if(isset($_POST['formImage']) && !empty($_POST['formImage'])) {

    foreach($_POST['formImage'] as $filename) {

        // check first if file exists
        if(file_exists($filename)) {

            // delete it only if it exists
            unlink($filename);

        } else {

            // if it doesnt exist display an error message
            echo "Could not delete file $filename}<br />";
        }
    }
}

Sory to missled you in my previous post. It was because I was replying on two similar posts and have mixed things up.

Sorry, I lead you on the wrong track. The $_POST array contains only the values (1) of the checked checkboxes. Give me a minute to study your code, I'll be back.

What is actualy in the $_POST array and consequently in the $a? Could you put ththe following debug line in and post the result?

if(isset($_POST['formImage']) && !empty($_POST['formImage'])) {
    //DEBUG
    die(print_r($_POST, 1));

    ...

Use is_numeric function.

if(is_numeric($string)) {
    $float = (float) $string;
}

It could be that the first snippet is playing up. Why do you have two for loops, if only one would do? And sticka an if(file_exists($a[$i])) check before deleting:

if(isset($_POST['formImage']) && !empty($_POST['formImage'])) {
    $a = $_POST['formImage'];
    $N = count($a);
    for($i=0; $i < $N; $i++){
        // check first if file exists
        if(file_exists($a[$i])) {
            // delete it only if it exists
            unlink($a[$i]);
        } else {
            // if it doesnt exist display an error message
            echo "Could not delete file {$a[$i]}<br />";
        }
    }
}

Can you post the snippet of code that causes troubles?

Or to make sure file exists:

for($i=0; $i < $N; $i++){
    echo($a[$i] . " ");
    if(file_exists($a[$i])) {
        unlink($a[$i]);
    } else {
        echo "Could not delete file {$a[$i]}<br />";
    }
}

To delete files from the filesystem you have to use unlink command:

for($i=0; $i < $N; $i++){
    echo($a[$i] . " ");
    unlink($a[$i]);
}

You might have to construct the path to the files first, if the file is not in the current directory. Also permissions have to be correct to delete.

if(isset($_POST['formImage']) && !empty($_POST['formImage'])) {

    // do what you like with it
}

What has the action attribute of your form been set to? If form posts to the same page (#) then set the action to the page name without the querystring, something like:

$action = parse_url(__FILE__, PHP_URL_PATH);
echo "<form action='$action'>";
...

I would do it simple way without regular expressions which are not very efficient:

$allowed = array('Indiana', 'Ohio');

if(!in_array(allowed)) {
    $errors .= "You have entered the wrong state."; 
}

And also make sure the directory you try to write into is writable by the web server process owner (apache or httpd or something else). If you are on Windows make sure you set the path correcty (maybe you have to use backslashes and maybe they have to be escaped)

Have you tried with a simple test:

$html2pdf->writeHTML('<p>THIS IS A TEST</p>');
$pdf->Output('/xampp/htdocs/campion/css2/test.pdf','F');

Can you state what exactly is not working. Do you get any error messages? You can test the output method by trying a simple html like:

require_once(dirname(__FILE__).'/../html2pdf.class.php');
try {
    $html2pdf = new HTML2PDF(); // you can use the default parms
    $html2pdf->setDefaultFont('Arial');
    $html2pdf->writeHTML('<p>THIS IS A TEST</p>');
    //$html2pdf->Output('monthly.pdf');
    //$pdf->Output('../css2/monthly.pdf','D');
    $pdf->Output('/xampp/htdocs/campion/css2/monthly.pdf','F');
    //$html2pdf->Output('C:/xampp/htdocs/campion/css2/monthly.pdf','I');
}
catch(HTML2PDF_exception $e) {
    echo $e;
}

to try to narrow down the possible causes for errors.

Use the Output method with appropriate parameters depending on what you want:

http://wiki.spipu.net/doku.php?id=html2pdf:en:v4:output

This is how I would do it:

<?php
if (@$_GET['action'] == "Save") {
    if(
        @$_GET[idnum]==null   || 
        @$_GET[fname]==null   || 
        @$_GET[lname]==null   ||
        @$_GET[midin]==null   ||
        @$_GET[gender]==null  ||
        @$_GET[bdate]==null   ||
        @$_GET[course]==null  ||
        @$_GET[year]==null    ||
        @$_GET[address]==null ||
        @$_GET[cnum]==null
    ) {

        echo "<font size=5><center>Fill-Up First the Provided Information<br>
        <button type=button onclick=history.back();>Back</button></center></font>";

    } else {

        // first check whether a combination of first name / last name
        // already exists in the students table

        // very important: escape the values before sending the query to the database
        $fname = mysql_real-escape_str($_GET['fname']);
        $lname = mysql_real-escape_str($_GET['lname']);
        $check_qry = "SELECT COUNT(*) FROM students WHERE fname='$fname' AND lname='$lname'";

        // send the query to the database
        $result = mysql_query($check_qry);

        // get the number of rows returned
        $num_rows = mysql_num_rows($result);

        // if number of rows equals 1 or more than the combination of 
        // first name and last name already exists in the table
        if($num_rows >= 1) {

            echo "The person $fname $lname already exists in the database!";

        // if number of rows equals 0, do the insert query
        } else {

            // security first: escape all the values before inserting them in database
            $idnum    = mysql_real_escape_string($_GET['idnum']);
            $midin    = mysql_real_escape_string($_GET['midin']);
            $gender   = mysql_real_escape_string($_GET['gender']);
            $bdate    = mysql_real_escape_string($_GET['bdate']);
            $course   = mysql_real_escape_string($_GET['course']);
            $year     = mysql_real_escape_string($_GET['year']);
            $addressm = mysql_real_escape_string($_GET['address']);
            $cnum     = mysql_real_escape_string($_GET['cnum']);

            // prepare the insert query
            $ins_qry  = 'INSERT INTO students ';
            $ins_qry .= '(idnum,fname,lname,midin,gender,';
            $ins_qry .= 'bdate,course,year,address,cnum) ';
            $ins_qry .= 'VALUES ';
            $ins_qry .= "('$idnum','$fname','$lname','$midin','$gender',";
            $ins_qry .= "'$bdate','$course','$year','$addressm','$cnum')";

            // execute the query
            @$result = mysql_query($ins_qry);

            echo "<font size=5><center>Record Successfully Added<br>
                <button type=button onclick=history.back();>Back</button>
                </center></font>";
         }
    } …

In the last code you posted there are lines that you never posted before. Now seeing this my code dees not fit into your code since it is duplicating the functionality. If this is your last version then I will have a look at it tonight when I have some time (other post are welcome).

In that case first check whether the firstname/lastname pair already exist:

$fname = mysql_real-escape_str($_GET['fname']);
$lname = mysql_real-escape_str($_GET['lname']);

$check_qry = "SELECT COUNT(*) FROM students WHERE fname='$fname' AND lname='$lname'";

If this query returns 1 (or more) rows the firstname/lastname pair is not unique.

Please post here what is the output of the first die() statement.

Make the ID of a record in your students table autoincrement and use it as a primary key. If this is not an option, check for existence of the record first with SELECT COUNT(*).

A note on security: do not use $_GET array values directly in your insert query since you are asking for SQL injection. Validate, sanitize and escape them first.

Put this in the beginning of your script:

<?php
// if values exist in $_POST, insert them in the database
if(isset($_POST['product_id']) && isset($_POST['country_id'])) {

    // uncomment this to inspect the $_POST array
    // it should contain product_id and an array of country_ids
    // die(print_r($_POST, 1))

    // product ID
    $product_id = $_POST['product_id'];
    // begin the query
    $query = 'INSERT INTO countries_product (coutry_id, product_id) VALUES ';
    // add coutry ID's
    foreach($_POST['country_id'] as $country_id) {
        $query = "($country_id, $product_id),";
    }
    // remove trailing comma from the query
    $query = rtrim($query, ',');

    // uncomment this to debug the query
    // you can copy the displayed query in phpmyadmin
    // die($query);

    // execute the query (I presume the db connection is already established)
    mysql_query($query);
}
?>

This is the processing part. It will only when the form has been submitted and will run the update query. You have two die commands in the code. Uncomment the first one to see whether the $_POST array contains valid values. Uncomment the second one to display the generated qury to see if it is OK. You can post the output of both commands here if you have more troubles.

A problem could lie in the select element in the code below:

while ($cat_row = @mysql_fetch_object($cat_rs)) {?>
<option value= '1' <?php echo $cat_row->country_id; ?> > <?php echo $cat_row->country_name; ?> </option>
<!-- <option>UAE</option>
<option>KSA</option>

where statement <option value= '1' should be only <option value= (omitting '1' which is read from $cat_row->country_id). Please check the generated HTML source in a browser (right button -> view source, or something similar). If there are errors in HTML, they would be hihlighted (at least in Firefox).

Sometimes it is easier if html and php is not mixed too much. I would code it this way (so code for options gets echoed in one statement and you can easily spot errors):

while ($cat_row = @mysql_fetch_object($cat_rs)) {
    echo "<option value='$cat_row->country_id'>$cat_row->country_name</option>";
}

If HTML code is allright the error could be in the processing part of your script which is not in the posted code above. it would be good idea to test for the values of $_POST and the query before it is submitted.

// if values exist in $_POST (or $_GET if you use it)
if(isset($_POST['product_id']) && isset($_POST['country_id'])) {

    // product ID
    $product_id = $_POST['product_id'];

    // begin the query
    $query = 'INSERT INTO countries_product (coutry_id, product_id) VALUES ';

    // add coutry ID's
    foreach($_POST['country_id'] as $country_id) {

        $query = "($country_id, $product_id),";
    }

    // remove trailing comma from the query
    $query = rtrim($query, ',')

    // execute the query
    ...
}

Add a bit of security checks to this. If IDs are integers it is good to cast them to integers to avoid SQL injection attacks.

$product_id = (int) $_POST['product_id'];

or use is_numeric checks

if(isset($_POST['product_id']) && is_numeric($_POST['product_id']) && isset($_POST['country_id']) && is_numeric($_POST['country_id']) ) {
    ...
}

Have you tested what are the values are in the $_GET? Are they comming from a form or you construct a URL + query string some other way? You should always check for posted values:

if(isset($_GET['file']) && isset($_GET['image'])) {
    $file = $_GET['file'];
    $image = $_GET['image'];
} else {
    // handle error as apprpriate for your app
    // i.e die...
    die('Error: File or image missing!');
}

You should not if you put the above statement in the action page. Which is your action page? Is it the same page as the form or is it a separate page? You have to check for the $_POST to find a bug. Maybe you post the whole script.

$bots is an array of beginning of term marks copied from $_POST['bot'], which is an array of beginning of term marks returned from your form. $bots serves as a parameter for the foreach loop and is expected to contain the same numnber of marks as the arrays $mts and $eots.

In case $bots is not set (does not exist) you get the above error. To figure out the value of $_POST (used for $bots) put this debug code in the beginning of your action page:

die(print_r($_POST, 1));

and post here the output. This command will output the contents of $_POST array after submitting the marks and stop the script.

OK, I get it. You want to sum the total price for a product coe and a selected date, I guess. The query should be something like:

$query = "SELECT *, SUM(total_price) AS sum_total_price FROM order WHERE date = '$date' GROUP BY product_code ";

As you can see you can get the result just by preparing appropriate query. You might want to ask also in a mysql forum here on DW if you need more complex queries.

It is not evident from your code where the $price is getting echoed. This should work:

$result = mysql_query("SELECT * FROM `order` where date = '$date' ");

        $price = $row['total_price'] + $row['total_price'];

        echo "Double price is $price<br />";
}

as long as $row['total_price'] exists and has some value;

@Bachov Varghese
Your solution is more elegant, good stuff. The query could be made in one go as well:

if($_POST['add_marks'] ==1)
{
    include('includes/connect.php');
    $bots =$_POST['bot'];
    $mts=$_POST['mt'];
    $eots=$_POST['eot'];

    $insert = "INSERT INTO marks(beginning_of_term,mid_term,end_of_term) VALUES ";

    foreach($bots as $key=>$bot)
    {
        $insert .= "('$bot','$mts[$key]','$eots[$key]'),";
    }

    insert = rtrim(insert, ',');

    $execute_insert = mysql_query($insert);
}

I am not sure if I understand th question correctly:
- on a webpage you have a table of students with their name, reg. no, cals etc and three input fields do BOT, MOT and EOT marks
- you get student data (except for marks) from the students table
- input fields are initialy empty
- someone fills in the values for marks and you want to insert those marks into the marks table

If this is correct then first thing you have to enclose the whole table in form tags:

<form method="post" action="proces.php">

Then you have to correct the name attributes for input fields. They have to be unique and tied to a student. You can use regNo field for that. Also add a hidden field in each row that will hold the regNo:

<?php
    // construct the name attributes for the current row
    $bot_name = 'bot-' . $rows['regNo'];
    $mt_name = 'mt-' . $rows['regNo'];
    $eot_name = 'eot-' . $rows['regNo'];

// the name for the hidden field with the regNo
    $reg_name = 'reg-' . $rows['regNo'];
?>

<!-- This is one row of a table -->

<tr bgcolor="<?php echo $bg; ?>">
<td><?php echo $rows['firstName']." ".$rows['lastName']." ".$rows['otherName']; ?></td>
<td><?php echo $rows['regNo']; ?></td>
<td><?php echo $rows['class']." ".$rows['stream']; ?></td>
<td><div align="center"><input type="text" name="<?php echo $bot_name; ?>" size="10" />
<input type="hidden" name="<?php echo $reg_name; ?>" value="<?php echo $rows['regNo']; ?>" /></div></td>
<td><div align="center"><input type="text" name="<?php echo $mt_name; ?>" size="10" /></div></td>
<td><div align="center"><input type="text" name="<?php echo $eot_name; ?>" size="10" />
</div></td>
</tr> …

And also check for existence of $_POST values before using them in a query:

if(isset($_POST['bot']) && isset($_POST['mt']) && isset($_POST['eot'])) {

    $query = "...";
} else {

    // handle the error as you see fit
    die('Not all the values were supplied');
}

The way you use foreach looks strange to me.

foreach($_POST['bot'] as $bot && $_POST['mt'] as $mt && $_POST['eot'] as $eot) {
    $insert = ""INSERT INTO marks(beginning_of_term,mid_term,end_of_term) VALUES($bot,$mt,$eot);
    $execute_insert = mysql_query($insert);
}

The PHP manual says:

foreach (array_expression as $value)
    statement
foreach (array_expression as $key => $value)
    statement

$_POST['bot'] as $bot && $_POST['mt'] as $mt && $_POST['eot'] as $eot) does not seem to be an expression that returns an array (or am I wrong?).

And the insert statement has two double quotes on the beginning and none at the end.

$insert = ""INSERT...

Maybe you correct these errors first and then post your error messages.

$_FILES['photo_file'] does not exist for some reason. Good practice is to check for existance first:

if(!isset($_FILES['photo_file'])) {

    // handle the wrror the way you see fit
    die('Error uploading the file');
}

// code for normal processing

a and t are format characters in the date function. If you want to use them as text (literally) you must escape each of them.

If you want to use a php variable in html enclose it within the <?php ?> tags and echo it:

onclick="showRemarks(' <?php echo $activityid; ?>');" id="remarksadd"></img>

Sory, I ommitted files directive for simplicity (but should have not :-). Will this work for you (provided that the path to index.php is correct):

<files index.php>
    order deny,allow
    deny from all
    allow from [your IP]
</files>

Hope this works for you:

order deny,allow
deny from all
allow from [your IP]

http://httpd.apache.org/docs/2.2/howto/access.html

First row has first five columns with rowspan=2 and last column with colspan=4. Second row has only the last four cells.

<tr>
<td rowspan="2">col 1</td>
<td rowspan="2">col 2</td>
<td rowspan="2">col 3</td>
<td rowspan="2">col 4</td>
<td rowspan="2">col 5</td>
<td colspan="4">Qualification</td>
</tr>

<tr>
<td>Ed</td>
<td>Tr</td>
<td>Ex</td>
<td>El</td>
</tr>