Posts by broj1

OK, I am getting the picture. Let's make it step by step. Below is the code to display a form with three checkboxes and a submit button. If the form gets submited the script will read the events from selected tables and display those events. You can adapt this code to suit your requirements. Please note that I have changed the names of tables from table to calendar to make things clear and to avoid possible mistakes (I think it is not a good idea to use general terms or reserved words for variable names). See explanations in comments.

<?php
// if form was submitted and if array with calendar names exists and is not empty
if(isset($_POST['calendar']) && !empty($_POST['calendar']))
{
    // connect to the database
    $con = mysql_connect("","","");
    if (!$con)
    {
        die('Could not connect: ' . mysql_error());
    }
    mysql_select_db("", $con);

    // process selected tables (calendars)
    // - read events from each calendar
    // - display events for that calendar
    foreach($_POST['calendar'] as $calendar)
    {
        // query to read events from one calendar
        $q_select = "SELECT * FROM $calendar ";
        $result = mysql_query($q_select);

        // display calendar name
        echo "<h3>$calendar</h3>";

        // list of events (i.e from three columns, separated with a <br />
        // but you could display this in a html table)
        while($row = mysql_fetch_row($result))
        {
            echo "<p>{$row[0]}<br />{$row[1]}<br />{$row[2]}</p>";
        }
    }
}
?>

<form method="post" action="#">
<input type="checkbox" name="calendar[]" value="calendar_A" checked="checked"/>Calendar A<br />
<input type="checkbox" name="calendar[]" value="calendar_B"/>Calendar B<br />
<input type="checkbox" name="calendar[]" value="calendar_C"/>Calendar C<br />
<input type="submit" name="submit" value="Submit">
</form>

Where should the variable $one_table be drawn from? Does it somehow come from the form?

This is only my assumption since I still do not exactly understand what you want to do: in my previous post I gave you three posibilities to get the table names. For the example in that post I chose the last possibility - the user enters table names in the form, separated by space. So you end up with a string of table names and spaces between them. You use explode function to convert this string into an array. The array of table names is then processed in a foreach loop where $one_table represents the current table name when you loop through the array of table names (see http://php.net/manual/en/control-structures.foreach.php). The array can contain one or more table names.

In the insert function, I am hoping that $table_name will become a table such that I can enter it into this statement "SELECT FROM table_name". Does this happen on the previous step?

Really hard to answer since I do not understand how you want to use the table names.

In the VALUES '$categories', should it read something like this? - VALUES ('{$_POST['columnA']}', '{$_POST['columnB']}', '{$_POST['columnC']}')";

I do not know what the role of categories is here. Maybe you describe the whole concept, what you want to achieve, what is the expected input, the table structures etc. Only after realy understanding what you want to do I can give you useful …

If you want to let users create their own tables you must use input form fields (one for each table or one for many tables separated by some character such as space or colon). Then you have to store all table names in an array which you will use in foreach loop:

• if you use checkboxes, then $_POST[checkbox_name] will already return an array
• if you use an input form field you get each table name as a string and you have to build an array yourself
• if you use one checkbox for table names separated by a space or colon (or other character) then you use explode function to create an array

If you let users choose their table names can be dangerous since they can unknowingly use mysql keywords. You can avoid that adding a prefix to each table. You might also make sure that different users do not use same names for table names.

The loop for inserting would be something like

<?php
// first check if the form was submitted
// and if it was process the queries
if(isset($_POST['Submit'])) {

    // check if any table names were entered
    if(isset($_POST['table']) and $_POST['table'] != '') {

        // security first: escape the string to avoid SQL injections
        $tables_string = mysql_real_scape_string($_POST['table']);

        // prefix for tables
        $prefix = 'usrtbl_';

        // create tables array (table names are separated by spaces in this example)
        $tables_array = explode(' ', $tables_string);

        // proces tables
        // the data for the fields is in the $categories variable …

How would you like to query the checked tables? Would you like to JOIN them or query each separately? What is the srtucture of tables? Are they the same? Sory for putting questions instad of answering :-)

First, do not think of yourself so negatively, mate. No-one is perfect and we all have our weaknesses as far as programming (and everything else) goes.

Your question is a bit unclear. What is the code that works and what is the code that does not work? Your queries above are incorrect as they are. What is the point of the foreach loop when you do not use $value anywhere?

INSERT INTO table (table) VALUES $categories

What is the purpose of this query? Do you have a column named 'table'? What is the table name?

$query = "SELECT () FROM table"

Something is missing in the above insert statement. And a semicolon is missing too.

Maybe you post it so the thread is complete. And if this is it please mark it as solved. Cheers.

Just looking at your code: why do you not check for existence of $_POST array elements before assigning them to variables like in $Fristname = $_POST ['FristName'];? This code should return an error. Also what is the purpose of the condition on line 13 if(is_array($Project))? Is any of the code missing?

Sorry, I do not understand the question? Have you tried to change the name attributes for all checkboxes to an array (just adding [] to existing names)?

Change the name attribute to an array

<input type="checkbox" name="Project[]" value="... />

and all the checked checkboxes should be in $_POST['Project'] which will be an array, too.

// e.g. you can get a list of project (a string) by imploding the array
$Project = implode(', ', $_POST ['Project']);

This is because mysql_query() function returns an ID for a resource, not a result. To get the result use mysql_fetch_assoc() or mysql_fetch_row():

$res = mysql_query($sql);
$row = mysql_fetch_assoc($res);
$PINDEX=$row['PREF'];

OK, no worries, just finish your work first and get back once you have time. I am pretty busy at the moment, too.

OK, no problem. Meanwhile I was a bit curious how this could be done and came up with the code below. It uses test data in an array (which I assume you cache in a file or in include script). There is a show_links() function in the code that might interest you to see how I implemented it. The code is commented so have a look and see if it helps you. Mind you, I tested the code but I can not promise it is bugs free.

// *** Test data ***

// test array containing the results
$test_results = array();

// generate some test data
for($test = 1; $test <= 4348; $test++) {

    $test_results[$test] = "This is test result No. $test";
}

// *** End of test data ***

// check if current page is in $_GET array; if not, set it to the first page
if(isset($_GET['current_page'])) {

    $current_page = (int) $_GET['current_page'];

} else {

    $current_page = 1;
}

// how many results to display in one page
$results_per_page = 10;

// how many links to display in one page
$links_per_page = 10;

// how many items in the result
$total_results = count($test_results);

// how many total pages needed to display all the results
$total_pages = floor($total_results / $results_per_page) + 1;

/**
 * Show the links based on the current page and other parameters
 *
 * @param   int current page No.
 * @param   int number of result displayed on one page
 * @param   int number of links displayed on …

I also do not understand the logic of the for loop. Why do you change the counter $i? It messes up the logic of the for loop.

The following is just a blind attempt since I have no information about what some variables keep (see comments in the code):

    $display_current = 10;
    $display_next = 10;
    echo $pagination['Links']['First'];
    echo ' ';
    echo $pagination['Links']['<'];
    echo ' ';

    // I am assuming that $display_current holds the first link in the 
    // currently displayed set of links and $display_next holds the
    // number of currently displayed links; 
    // if I am wrong tell me what values these variables contain

    // first three dots are displayed only when the current page is greater
    // than 10
    if($display_current > 10) {

        // display the three dots; but I have no clue where the link
        // should point (see questions in my previous post)
        echo ' ... ';
    }

    for ($i = 1; $i <= $display_current; $i++)
    {
        if ($display_current >= $_GET['current_page'])
        {
            if (isset($pagination['Links'][$i]))
            {
                echo $pagination['Links'][$i];
                echo ' ';
            }
        }
        else
        {
            $i = $display_current;
            $display_current = $i + $display_next;
        }
    }

    // calculate the number of the first link in the next set of pages
    $next_link = $display_current + $display_next + 1;

    // last three dots are displayed only when there are still any pages left
    // (the element for the $next_link exists)
    if(isset($pagination['Links'][$next_link])) {

        // display the three dots; but I have no clue where the link
        // should point (see questions in my previous post)
        echo ' ... ';
    }

    echo $pagination['Links']['>'];
    echo ' ';
    echo $pagination['Links']['Last'];

Sorry but still do not understand few things:

• where does each link point to? It should be echoed as a link (<a href="somepage">1</a>), but that is not the case in your code. Is it the same page and the value of the Links array is just a key of the big result array?
• why do you not want to read only the number of records to be displayed on one page? What happens if you have 10000 records? Do you keep such big array in the memory? Where do you store the result (cached array) when user clicks on one of the libks and a new page with results is displayed?

It is hard to say without seeing the complete code. The trouble is I am leaving now and wont be back before Sunday night. If you do not solve it by then I'll be happy to help.

One more question: do you read your recors from the database? If yes then you do not need to keep hundreds of links in an array, only 10 is enough sicnce you read only the number of record you wish to display at once using LIMIT SQL clause. See Pear Pager and Pager_Wrapper code it might help you: http://www.alberton.info/pear_pager_tutorials.html.

OK, I get it. The dots are there only when there are more sets of pages. And if you click on them they get you to the next / previous set of pages. Is that correct?

And also what do $display_current and $display_next represent? Do you have the total number of pages, too?

OK. Please mark the thread as solved.

This is just an idea (not tested) of how would I do it (I am actually using a PEAR Pager package which is excellent for this task):

If your current page is $current then your first key is (floor($current/10)*10) +1 and the last key is first key + 9 (hopefuly there is simplest way to calculate this).

$first_key =  (floor($current/10) * 10) + 1;
$last_key = $first_key + 9;

Display the links to pages:

// link to the first page
$links = '<a href="page_1.php">First</a>';

// calculate previous page
$prev = $current > 1 ? ($current - 1) : 1;

// link to the previous page with the less than coded for html
$links .= "<a href=\"page_{$prev}.php\">&lt;</a>";

// three dots
$links .= ' ... ';

// links to the current set of pages
for($i = $first_key; $i <= $last_key; $i++) {

    if($i == $current) {

        // do not create a link since it is the current page
        $links .= "<span class=\"current-page\">$i</span> ";

    } else {

        // create a link to that page
        $links .= "<a href=\"page_{$i}.php\">$i </a>";
    }
}

//     // three dots
$links .= ' ... ';

// links to the next page and the last page
// ...

One more issue: are your queries returning values for all the fields? You are not checking that in your (with isset() function). This is not a good practice. If some field is not returned (since it not exists) your query can break.

Initialize a variable that will hold the error message:

$error_msg = '';

On the beginning it will be an empty string. When checking form fields and if all are empty (or invalid values) assign an error message to the $error_msg variable. At hte end of the script (or anywhere else) place a condition that will display a div tand the contents of the $error_msg.

if($error_msg != '') {
    echo "<div class="error-msg">$error_msg</div>";
}

Put the php block that generates required data at the top or before the form div (this won't change the appearenca of the page).

Which input does not print (identify it by name attribute)? The first input is the type of "hidden" and won't print which is what is expected. Other input fields show up normaly.

OK, looks like I like to talk to myself :-). Well I had too much time and set a database, tables and put some records in. I also had few little errors in my posted code. The following is now tested code that works just fine, no duplicate rows.

<?php

// initialize the variable that will show the records found
$result = '';

// check if the form was submitted
if(isset($_POST['submit'])) {

    // Please note: validating, sanitizing and escaping of input was
    // omitted in this example for clarity; please do not forget
    // to make the production version of the script secure

    // start the select query that will read from all three tables
    // the types of JOIN are just an example, use the join types
    // that suit your requrements
    $qry  = 'SELECT * FROM project AS prj ';
    $qry .= 'JOIN technology AS thn ON prj.project_id=thn.project_id ';
    $qry .= 'JOIN financing AS fin ON prj.project_id=fin.project_id ';

    // conditional operator in a SELECT statement
    // (it will be WHERE for first condition and will change to AND
    // for every next condition)
    $operator = 'WHERE';

    // check if project type was submited to be searched for
    if(isset($_POST['project_type']) and $_POST['project_type'] != '0') {

        // add the search string to the SQL statement
        $qry .= "$operator project_type='{$_POST['project_type']}' ";

        // change the operator from WHERE to AND
        $operator = 'AND';
    }

    // check if technologies were submited to be searched for
    if(isset($_POST['technology']) and $_POST['technology'] != '') {

        // remove spaces …

I found another error in my code, sorry. All text fields in the query have to be quoted (oh, silly me). So put the quotes arround them like this:

// check if project type was submited to be searched for
if(isset($_POST['project_type']) and $_POST['project_type'] != '') {

    // add the search string to the SQL statement
    $qry .= "$operator project_type='{$_POST['project_type']}' ";

    // change the operator from WHERE to AND
    $operator = 'AND';
}

and so on (on lines 24, 40 and 67 of my first post).

Just spotted another quirk: you want to search by a project type but project type is not defined in your porject table. I included it in my sample code above but since it is not in the table it should either go out of the code or define it as a field in the project table.

The problem I guess is probably in the query which is not exactly correct (the join types maybe) and returns duplicate rows. You can try the following query without WHERE conditions:

SELECT * FROM project_table AS prj  
JOIN technology_table AS thn ON prj.project_id=thn.project_id 
JOIN financing_table AS fin ON prj.project_id=fin.project_id

and if returns duplicate rows the query has to be tuned (maybe using GROUP BY or DISTINCT).

First I have to correct myself, sorry. The $_POST array elements should be enclosed in curly brackets whenever they are in a double quoted string. So this is the correct code (changes only in lines 24 and 51):

// check if the form was submitted
if(isset($_POST['Submit'])) {

    // Please note: validating, sanitizing and escaping of input was
    // omitted in this example for clarity; please do not forget
    // to make the production version of the script secure

    // start the select query that will read from all three tables
    // the types of JOIN are just an example, use the join types
    // that suit your requrements
    $qry  = 'SELECT * FROM project_table AS prj ';
    $qry .= 'JOIN technology_table AS thn ON prj.project_id=thn.project_id ';
    $qry .= 'JOIN financing_table AS fin ON prj.project_id=fin.project_id ';

    // conditional operator in a SELECT statement
    // (it will be WHERE for first condition and will change to AND
    // for every next condition)
    $operator = 'WHERE';

    // check if project type was submited to be searched for
    if(isset($_POST['project_type']) and $_POST['project_type'] != '') {

        // add the search string to the SQL statement
        $qry .= "$operator project_type={$_POST['project_type']} ";

        // change the operator from WHERE to AND
        $operator = 'AND';
    }

    // check if technologies were submited to be searched for
    if(isset($_POST['technologies']) and $_POST['technologies'] != '') {

        // remove spaces that might follow commas
        $tecnologies = str_replace(', ', ',', $_POST['technologies']);

        // explode the string to an array (where commas are)
        // and add the elements …

The following is a simple example of how to build a SELECT query based on the values typed in a search form. Please note security stuff has ben omitted for clarity. Do not forget to apply security checks. See comments in the code.

// check if the form was submitted
if(isset($_POST['Submit'])) {

    // Please note: validating, sanitizing and escaping of input was
    // omitted in this example for clarity; please do not forget
    // to make the production version of the script secure

    // start the select query that will read from all three tables
    // the types of JOIN are just an example, use the join types
    // that suit your requrements
    $qry  = 'SELECT * FROM project_table AS prj ';
    $qry .= 'JOIN technology_table AS thn ON prj.project_id=thn.project_id ';
    $qry .= 'JOIN financing_table AS fin ON prj.project_id=fin.project_id ';

    // conditional operator in a SELECT statement
    // (it will be WHERE for first condition and will change to AND
    // for every next condition)
    $operator = 'WHERE';

    // check if project type was submited to be searched for
    if(isset($_POST['project_type']) and $_POST['project_type'] != '') {

        // add the search string to the SQL statement
        $qry .= "$operator project_type=$_POST['project_type'] ";

        // change the operator from WHERE to AND
        $operator = 'AND';
    }

    // check if technologies were submited to be searched for
    if(isset($_POST['technologies']) and $_POST['technologies'] != '') {

        // remove spaces that might follow commas
        $tecnologies = str_replace(', ', ',', $_POST['technologies']);

        // explode the string to an array (where commas are) …

That is a completely different thing. This could be due to wrong credentials that are defined as constants in the above script in lines 19 to 34. Have you set them correctly?

The code you posted has no syntax errors. It contains definitions of constants and each definition is preceded with explanation within comment marks (mostly phpdoc /** */comment marks are used). Are you getting the same error as described above? Can you copy the whole error message and post it here?

The above link is not working. Can you post the code here?

http://www.w3schools.com/ is a great resource for a beginner. For filtering input values see http://www.w3schools.com/php/php_filter.asp.

The /** on the end is probbably the missing one from the beginning. Just move it from the last row to the first row and insert a newline immediately after it. /** is a beginning of a comment that can be used for documentation purposes. See http://www.phpdoc.de/ or http://phpdoc.org/

You can also echo your query before submitting it. Put this on line 14 of the php file:

die($sql);

Now you can examine your query and test it in phpmyadmin.

I have only now read your original post thoroughly, sorry.

When the form is submitted you have to first check whether all values are present at all. If there is a value missing your query will break if you do not shoot an error message or provide a default value:

// check the existence of each field
if(isset($_POST[first_name]) && !empty($_POST[first_name])) {
    $first_name = trim(mysql_real_escape_string($_POST[first_name]));
} else {
    // prepare an erro message
    error_msg[] = 'You must provide your first name!';
    // or provide a default value
    $first_name = 'Nameless';
}
// do this for every input field of the form
...

@memomk
In php code I found only one repeating error which is in the $sql string construction - namely $_POST array elements should be enclosed in curly braces:

$sql="INSERT INTO survey (first_name, last_name, phone, resolved, knowledge, friendly, quickness, referral, comments)
VALUES
('{$_POST[first_name]}','{$_POST[last_name]}','{$_POST[phone]}','{$POST[resolved]}','{$POST[knowledge]}','{$POST[friendly]}','{$POST[quickness]}','{$POST[referral]}','{$POST[comments]}')";

which is what I have already noted in my post above. What other syntax errors are there?

Or you can try require instead of include. it is the same as include only that require throws an error (while include emits only warning).

<?php require 'includes/head.php'; ?>

or

<?php require_once 'includes/head.php'; ?>

Storing posted values in variables is not neccessary by itself but it helps clarity of your code. Compare the following two statements:

// $_POST array elements used 
$sql="INSERT INTO survey (first_name, last_name, ...)
VALUES
('{$_POST[first_name]}','{$_POST[last_name]}', ...);

// variables used
$sql="INSERT INTO survey (first_name, last_name, ...)
VALUES
('$first_name','$last_name', ...);    

The second version is far more readable and easier to debug (please note that you should wrap array elements in curly braces to get them parsed within double quotes since they are composite variables).

Far more important thing is to validate and sanitize the values you get from the user (through $_POST, $_GET, $_COOKIE arrays). The fact is that you can not trust the user input (you will hear this countless times in web development world). The user can input erroneus data and unintentionally break your application. Or even worse the user can intentionally input malicious data in your web form and do damage to your database and you / your client. A simple example is when user enters specially crafted SQL code in your name field and if you do not check it first you will include that SQL code in your query and send it to your database. i.e the malicious code can expose all your users and passwords or allow login without a password. So it is a really good idea to check whether values are what they are supposed to be and sanitize them (by casting integers, escaping strings, using php filters etc.)

So it is a …

And before inserting them, check the values and/or escape them.

$firstname = trim(mysql_real_escape_string($_POST['firstname']));
...

Are your include files OK? Are they wrapped nicely with the <?php ?> tags.

It shouldn't according to what you posted. Can you post the whole index.php.

In simplified form your index.php should look like:

<?php
    if($country == 'PK')
    {
        header('Location: http://www.mysite.in/block.php');
    }
?>

<html>
....
....
<h1>ALLOWED</h1>

</html>

and visitors from countries other than PK should se the ALLOWED title

header('Location: http://www.mysite.in/index.php');

I don't think you need the second redirection (to the index.php) at all. If the visitor is from the banned country (such as 'PK') they will be redirected by first redirection. other visitors will just stay at the index.php.

Another error (and probably the main reason to not working) is in line 7 of your code:

if ($txtEmail != '')

$txtEmail has probably not been declared yet. You probably meant $POST['txtEmail'].

Sorry to keep you waiting so long for reply, I've been away.

You have an error in your SQL statement. The associative indexes of the $_POST array have to be enclosed in quotes and in addition to that $_POST elements have to be enclosed in curly braces since they are composite variables. So the correct syntax for the query would be:

$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('{$_POST['txtEmail']}','{$_POST['txtPassword']}','{$_POST['txtRePassword']}','{$_POST['txtFirstName']}','{$_POST['txtLastName']}','{$_POST['cboNationality']}','{$_POST['cboGender']}')";

But there is a better and safer way. Firstly it is a very bad idea to include values form POST directly to your query without cleaning them first. Someone can input a SQL injection code in one of your textboxes and run her query with bad intentions on your database. So you better clean the values first (at least escape them using i.e. mysql_real_escape_string - http://php.net/manual/en/function.mysql-real-escape-string.php). Secondly using quotes and curly braces as above is correct but can lead to errors. So better, safer and cleaner approach would be:

// clean values, I used trim and mysql_real_escape_string,
// you can also use filters or your functions, also depending on values
$txtEmail = mysql_real_escape_string(trim($_POST['txtEmail']), $con);
$txtPassword = mysql_real_escape_string(trim($_POST['txtPassword']), $con);
$txtRePassword = mysql_real_escape_string(trim($_POST['txtRePassword']), $con);
$txtFirstName = mysql_real_escape_string(trim($_POST['txtFirstName']), $con);
$txtLastName = mysql_real_escape_string(trim($_POST['txtLastName']), $con);
$cboNationality = mysql_real_escape_string(trim($_POST['cboNationality']), $con);
$cboGender = mysql_real_escape_string(trim($_POST['cboGender']), $con);

// use clean values in the query
$sql="INSERT INTO username (username, password, repassword, firstname, lastname, nationality, gender)
VALUES
('$txtEmail','$txtPassword','$txtRePassword','$txtFirstName','$txtLastName','$cboNationality','$cboGender')";

I do not understand why you run the query if the field is blank. What is the $sql query? Maybe you should negate the condition (if $_POST['txtEmail'] is not empty then...):

if(!empty($_POST['txtEmail']))

You actually have to tell what to achieve or maybe post the whole script.

Syntacticaly code is OK. What error do you get? What do you want to achieve?

Use mysql_real_escape_string (provided that you use mySql):

$safe_short_description = mysql_real_escape_string("PG for Girls/Ladies/Women in Kasmiri Rd, heart of the Agra city with fully furnished, 2/3 times homely food and all basic amenities.");
$safe_long_description = mysql_real_escape_string("PG's for Girls/Ladies/Women in Kasmiri Rd, heart of the Agra city - Neat, clean & beautiful, PG's for girls/working ladies/women. Fully furnished with TV, refrigerators, geysers and all basic amenities; with We have well designed Girls & Boys PG?s in Kasmiri Rd, Agra with spacious rooms, adequate RO water supply, near bus stand, safe and secure, very well ventilated, environment around is quite peaceful, good location and more. With and without meals, single, double and triple sharing. Available in wide range rent according facilities and amenities.4 hrs power back up; completely homely environment with We have well designed Girls & Boys PG?s in Kasmiri Rd, Agra with spacious rooms, adequate RO water supply, near bus stand, safe and secure, very well ventilated, environment around is quite peaceful, good location and more. With and without meals, single, double and triple sharing. Available in wide range rent according facilities and amenities./3 times homely food.");

Your update syntax seem to be wrong, this is correct:

$query = "UPDATE onlinepg 
SET short_description='$safe_short_description', long_description='$safe_long_description'
WHERE pg_id=2002";

or do you want to do and insert maybe:

$query = "INSERT INTO onlinepg (short_description, long_description)
VALUES ('$safe_short_description', '$safe_long_description')";

Please note that mysql connection has to be established before using mysql_real_escape_string.

isset() function returns either true or false. If the checked variable is NULL or is not set , isset() returns false. That is what the PHP manual claims.

Maybe you should post the last version of your code. It would be easier to try to find the bug.

A further impovement would be to use Ajax for sorting the data but only if you have significant amount of other content on the page. When changing sort order or field to sort by, using Ajax, only the sorted data would be refreshed not the whole page. If you have only the booklist data on the page it is not worth bothering with Ajax.

If you are familiar with jQuery, I guess Ajax is quite simple to implement. See http://api.jquery.com/jQuery.ajax/.