Posts by broj1

I tested this with the textarea. If I enter linebreaks they are sent with POST as %0D%0A which is "\r\n" I guess. The nl2br() function adds <br> tags and newlines display nicely in HTML.

Is the source of the message a textarea?

Maybe you should chek out how the message looks when sent to server. Is it comming from a textarea? I suggest you put this temporary debug code before line 3:

die($_POST['msg']);

This will display what comes across and stop the script. You can examine the text and see how linebraks are being encoded or post the output here.

Yes, that would be better. GET is recommended only for retrieval of resources from the server and allows a limited set of characters, characters that are not allowed should be encoded.

I don't see anything incorrect in headers. But since the message is appended to the URI (by GET method) how are linebreaks encoded? Normal linebreaks are not allowed in the URI.

I would expect in html formated mail <br> tag would produce a line break. This can't be the case in your message ($msg) since you are stripping all the tags. Maybe you should do it this way:

$msg = strip_tags( $_GET['msg'], '<br>' );

provided that $_GET['msg'] already contains html breaks (please test if this removes also <br/> and <br /> tags).

[ EDIT ] please disregard my post since i missinterpreted it. You are already using nlb2br() function. Sory.

The $_POST array doesn't contain a name element. The reason is in that the name input field has not been submitted yet. Include a check such as:

<?php
if(isset($_POST['name']) && !empty($_POST['name'])) {
    $name1=$_POST['name'];
    echo "<br> Your name is $name1 . Thanks for using our system.";
}
?>

Even better would be to check for form submission:

<?php
if(isset($_POST['submit']) && isset($_POST['name']) && !empty($_POST['name'])) {
    $name1=$_POST['name'];
    echo "<br> Your name is $name1 . Thanks for using our system.";
}
?>

In order this to work you should add a name attribute to the submit button:

<input type="button" onclick="formSubmit()" name="submit" value="Submit" />

What API do you use?

No problem. Happy coding.

Here is corrected code. I added $totalsArray array in couple of places.

<?php 
session_start(); 

// uncomment this for you to work
// include('db_connect.php'); 
// $username = $_SESSION['username']; 

// --------------------------------------------
// IGNORE THIS - IT IS MY STUFF
include('../dbconnect.php');
$link = dbConnect(array('driver' => 'mysql'));
include('../../html/lib/func.php');
$username = 'davinci'; 
// --------------------------------------------

$user = mysql_fetch_assoc(mysql_query("select user_id from tbllogin where username = '{$username}'")); 

// get favourite retailers
$qRet  = "SELECT tblfav_ret.ret_id, tblretailer.ret_name, tblretailer.user_id AS ret_admin_id ";
$qRet .= "FROM tblfav_ret ";
$qRet .= "JOIN tblretailer ON tblfav_ret.ret_id=tblretailer.ret_id ";
$qRet .= "WHERE tblfav_ret.user_id = '{$user['user_id']}' ";
$qRet .= "ORDER BY tblretailer.ret_id";
$retRes = mysql_query($qRet);

// array with data about favourite retailers (id and name)
// used for table heading
$favRetailerArray = array();

// array with retailer user_ids (called ret_admin_id to avoid confusion)
$favRetailerAdminArray = array();

// create arraya with retailer data and retailer admin IDs (to map to retailers later)
while($retRow = mysql_fetch_assoc($retRes)) {

    $ret_id = $retRow['ret_id'];
    $favRetailerArray[$ret_id] = $retRow['ret_name'];
    $favRetailerAdminArray[] = $retRow['ret_admin_id'];
}

// make a string that will be an IN condition for SQL statement for prices
$retAdminIdList = implode(',', $favRetailerAdminArray);

// start HTML table
echo "<table bgcolor='grey' width='80%' border=1>";

// HTML table header
echo "<th>Name</th>";
foreach($favRetailerArray as $ret_name) {

    echo "<th>$ret_name</th>";
}
echo "</tr>";

// initialize totals array
for($i = 0; $i < count($favRetailerAdminArray); $i++) {
    $totalsArray[$i] = 0;
}

// query for getting products of favourite retailers (without any prices)
$qFav  = "SELECT tblfavourites.prod_id, tblproduct.prod_name, tblretailer.user_id as ret_admin_id  ";
$qFav .= "FROM tblfavourites ";
$qFav .= "JOIN tblproduct ON tblproduct.prod_id=tblfavourites.prod_id "; …

Ups. Give me couple of minutes.

Sory, my mistake in the last while loop. The logic is complicated due to using user_id in retprod table for establishing the relation. It would be far more simple if relation would be made as noted in my previous posts. Here is the corrected code. It is hard to test it thoroughly, I hope it works OK.

<?php 
session_start(); 

// uncomment this for you to work
// include('db_connect.php'); 
// $username = $_SESSION['username']; 

// --------------------------------------------
// IGNORE THIS - IT IS MY STUFF
include('../dbconnect.php');
$link = dbConnect(array('driver' => 'mysql'));
include('../../html/lib/func.php');
$username = 'davinci'; 
// --------------------------------------------

$user = mysql_fetch_assoc(mysql_query("select user_id from tbllogin where username = '{$username}'")); 

// get favourite retailers
$qRet  = "SELECT tblfav_ret.ret_id, tblretailer.ret_name, tblretailer.user_id AS ret_admin_id ";
$qRet .= "FROM tblfav_ret ";
$qRet .= "JOIN tblretailer ON tblfav_ret.ret_id=tblretailer.ret_id ";
$qRet .= "WHERE tblfav_ret.user_id = '{$user['user_id']}' ";
$qRet .= "ORDER BY tblretailer.ret_id";
$retRes = mysql_query($qRet);

// array with data about favourite retailers (id and name)
// used for table heading
$favRetailerArray = array();

// array with retailer user_ids (called ret_admin_id to avoid confusion)
$favRetailerAdminArray = array();

// create arraya with retailer data and retailer admin IDs (to map to retailers later)
while($retRow = mysql_fetch_assoc($retRes)) {

    $ret_id = $retRow['ret_id'];
    $favRetailerArray[$ret_id] = $retRow['ret_name'];
    $favRetailerAdminArray[] = $retRow['ret_admin_id'];
}

// make a string that will be an IN condition for SQL statement for prices
$retAdminIdList = implode(',', $favRetailerAdminArray);

// start HTML table
echo "<table bgcolor='grey' width='80%' border=0>";

// HTML table header
echo "<th>Name</th>";
foreach($favRetailerArray as $ret_name) {

    echo "<th>$ret_name</th>";
}
echo "</tr>";

// query for …

Can you post the contents of the tables (in SQL format) so I can test it here (I had to change the data in your previous tables to have useful data for testing).

Does it work OK if you do not change the ret_admin_id to user_id?

OK. The way I got arround this is I did not get all the data in one query but broke it down to separate queries. The thing is you do not know the number of columens (retailers) in advance so it is easier to do it step by step. I hope this roughly is what you wanted. You can improve code a bit (check for values etc.). See also comments in the code. I also removed styles and some table attributes for clarity and did not use aliases in queries (a, b, c... do not tell much but add to confusion).

session_start(); 

// uncomment this for you to work
// include('db_connect.php'); 
// $username = $_SESSION['username']; 

// --------------------------------------------
// IGNORE THIS - IT IS MY STUFF
include('../dbconnect.php');
$link = dbConnect(array('driver' => 'mysql'));
include('../../html/lib/func.php');
$username = 'davinci'; 
// --------------------------------------------

$user = mysql_fetch_assoc(mysql_query("select user_id from tbllogin where username = '{$username}'")); 

// get favourite retailers
$qRet  = "SELECT tblfav_ret.ret_id, tblretailer.ret_name, tblretailer.user_id AS ret_admin_id ";
$qRet .= "FROM tblfav_ret ";
$qRet .= "JOIN tblretailer ON tblfav_ret.ret_id=tblretailer.ret_id ";
$qRet .= "WHERE tblfav_ret.user_id = '{$user['user_id']}' ";
$qRet .= "ORDER BY tblretailer.ret_id";
$retRes = mysql_query($qRet);

// array with data about favourite retailers (id and name)
// used for table heading
$favRetailerArray = array();

// array with retailer user_ids (called ret_admin_id to avoid confusion)
$favRetailerAdminArray = array();

// create arraya with retailer data and retailer admin IDs (to map to retailers later)
while($retRow = mysql_fetch_assoc($retRes)) {

    $ret_id = $retRow['ret_id'];
    $favRetailerArray[$ret_id] = $retRow['ret_name'];
    $favRetailerAdminArray[] = $retRow['ret_admin_id'];
}

// make a …

Yes, I understand that and that is not a big issue if you are careful.

The problem for me is the relation between the user_id (the retailer admin) and the prod_id. The relation should be between the ret_id and the prod_id. The table tblretprod should have fields: id, ret_id, prod_id, prod_price, enabled.

So the user_id field in the tblretprod table is the ID of administrator and not the regular user. This field name is a bit misleading, I would change it to admin_id or ret_user_id or somthing similar. And the key for each retailer's price is that same user_id which is a bit odd since the price belongs to retailer so the retailer->price relation is more obvious (i.e. what happens when you change the administrator and his ID?). I would change this if I were you.

Anyway I will try with the way data is structured now. I hope I can post something this afternoon.

One thing I can't figure out. I am missing a table with prices of products for each retailer (prod_id->ret_id->prod_price relation). I preusme the user wants to find out prices for chosen products at different retailers.

The tblretprod table holds the prices for different users. I can't figure out the relation here.

More questions:

• what exactly is user_id (is it a customer of different retailers, can one user belong to many retailers)?
• what is the purpose of the table tblfavourites and what of the table tblfav_ret?
• why is product price in separate table and why is same product price different for each user?

If I understood the thing, you want this:

• a logged in user has some favourite retailers and wants to compare prices for one (or more) products
• the data in separate tables should be joined for that user and all of his favourite retailers and comparison made for the number of favourite retailers found (it can be 0 or more)

If this is incorrect let me know what exactly is the purpose. The first thing we have to get the query right.

I am leaving in 2 hrs and wont be back until Sunday night.

I also need tblfav_ret, tblfavourites and tblretprod table structures and data (actually all the tables that are included in queries).

please note that under retailer 2 and retailer 3, price set by retailer 2 shoudl be displayed for products and price for retailer 3 should be displayed for products
i think i mistyped it there in the pdf attachment for table structure

I'll take this into account.

OK, thnx for now. I'll have a look and let you know if I need something else.

This seems like different requirement that the one you posted in your first post.

In order to test I need the data (I can't make up all this data since I might missinterpret it and it takes too much time). So please send an export of those tables and some data in SQL format. You can do this in phpmyadmin (select a table and go to Export). If there is sensitive data in the table (real usernames, passwords etc.) anonymize them.

Please clarify what the output should be by faking a few rows of the output table (like above, but complete structure).

Sory for asking for so much information but only this way I can understand the problem.

Post the latest version of the code. Also helpful would be structure of the tables and some example data.

I hope your query returns also prices for each of the retailers (it is not evident from the sql statement since you are using SELECT *). So in the while loop you can calculate running sum for all the prices. Once the while loop is finished the running sums will be totals.

// initialize running sums
$total1 = 0;
$total2 = 0;
$total3 = 0;
$total4 = 0;

while($row = mysql_fetch_assoc($query)){ 
    extract($row);  

    // add prices to running sums (I made up names here)
    $total1 += $row['prod_price1'];
    $total2 += $row['prod_price2'];
    $total3 += $row['prod_price3'];
    $total4 += $row['prod_price4'];

    echo "<tr>"; 
    echo "<td style='text-align: center;'>".$row['prod_name']."</td>"; 
    echo "<td style='text-align: center;'>".$row['ret_name']."</td>"; 
    echo "<td style='text-align: center;'>".$row['prod_price']."</td>"; 
    echo "</tr>"; 
}

// add the totals row
echo '<tfoot><tr><th scope="row">Total per month</th>';
echo "<td>$total1</td>";
echo "<td>$total2</td>";
echo "<td>$total3</td>";
echo "<td>$total4</td>";
echo '</tr></tfoot>';
...

Might be not exactly in line with your code but you get the idea.

In huge sites relational databases might not be efficient solution anymore, especially if data is not tightly structured. I read something about NoSQL that approaches the problem more horizontaly but I am realy a noob here so I won't comment on that much :-)

Make a column called parents and list every parent in some order of inheritance which is sane to you, as a comma delimited list of IDs

This might break normalization rules.

Maybe you check for the existence of the object first (to be on the safe side):

function upList() {

if(!isset($wpdb) || !method_exists($wpdb, 'query')) {
    die('Error accessing database');
}

    global $wpdb;
    $wpdb->query(
    ...

or send the object as an argument (no need to use global keyword):

function upList($wpdb) {

    $wpdb->query(
    ...

Well, this still does not answer why the DB object has not been initialized...

The way I would approach this is exactly what you suggested - a good old traditional tree structure saved in a relational database (which mysql is). Relational databases are good at processing this kind of data, all the rest depends on the way the site would be used. If a user selects a city there are a few queries (or one nested query) to get the parents and the data the user is interested in. I think performance-wise this can be handled without problems.

The problem could only be if you have a really busy site (i.e. millions of users - like Facebook, Google etc.). In that case maybe other options are to be looked at. Maybe NoSQL database but I am really not an expert on that topic so I might wait for other opinions to pop up.

It says that $wpdb is not an object so you can not address a method of it. Has $wpdb been initialized as a database object somewhere?

You are actually missing one parenthesis in line 13. This is the correct code:

} elseif(isset($_POST['submit_add'])) {

(sorry, my mistake in the code example).

Yes, if it returns the scriptname (I think it depends on globals on setting). You can also use $_SERVER['PHP_SELF'].

Use three different names for submit buttons. Then in the processing part of the code check which submit button has been pressed:

if(isset($_POST['submit_delete'])) {
    //code for deleting 
} elseif(isset($_POST['submit_add']) {
    // code for adding
} elseif(isset($_POST['submit_update']) {
    // code for updating
}

Can you post the code of the previous page (the one with the table that triggers insertion).

On line 17 you have a query:

$sql1 = mysql_query("select * from tblproduct where prod_id='$prod_id'");

The $prod_id that you are using in the query has not ben defined anywhere before.

I think the $prod_id should be assigned from POST. It should get into POST through a hidden field or through the add button.

The key info here is the product ID which is supposed to be stored in $_prod_id. But where do you get the value of $prod_id from (you use it in the query on line 17)?

You will usually get the selected ID upon submiting the form. The selected value will be stored in either $_GET or $_POST global array, depending on the method, defined in the <form> tag. So in your code you have to check for submission of the form using this pattern:

if(isset($_POST['submit']))

or if you do not have a submit button using some other method (it might be in the openOffersDialog javascripot function).

Then before using a value you have to check for existence of it, again with isset():

 <div id="content">
<?php if(isset($_POST['id']) && $_POST['id']=="volvo"){ ?>
This is popupbox of Volvo
<?php } elseif(isset($_POST['id']) && $_POST['id']=="saab"){ ?>
This is popupbox of Saab
<?php } elseif(isset($_POST['id']) && $_POST['id']=="vw"){ ?>
...

This is just showing how the principle goes. You might need to adapt it to your needs.

AND: security aspect has not been taken into account in the above code. You have to check for the validity of submitted data. How to check it depends on the context where the data will be used. If you intend to put it into HTML (display it on the page), you at least have to use htmlspecialchars() function to replace dangerous characters with their HTML entities. If you want to stick the data in the database, you have to escape it.

Your insert query syntax is a bit strange. The basic syntax would be:

INSERT INTO tablename (field1, field2,...) VALUES (value1, value2, ...)

so in your case

 $q1 = "INSERT INTO job_employer_info
(ename,
epass,
CompanyName,
CompanyCountry,
CompanyState,
CompanyZip,
CompanyCity,
CompanyAddress,
CompanyPhone,
CompanyPhone2,
CompanyEmail)
VALUES(
'$ename',
'$epass',
'$CompanyName',
'$CompanyCountry',
'$CompanyState',
'$CompanyZip',
'$CompanyCity',
'$CompanyAddress',
'$CompanyPhone',
'$CompanyPhone2',
'$CompanyEmail')";

Now, if I got it, then you have the number of comments for each post already in the $post['total_comments'] element. In this case you do not need the gather_comments function. Just use the $post['total_comments']:

<h4 style="text-decoration: none;">(<?php echo $post['total_comments']; ?> 
<?php
if($post['total_comments'] == 1) {
echo 'comment';
} else {
echo 'comments';
?>

Correct me if I am wrong.

I already have questions that prevent me from carrying on :-)

In your html file there is code on line 34:

$posts = get_posts();

but function get_posts() is not defined in the comments.inc.php file. Is that OK? Can you post the code for this function. The reason for asking is that this function creates a $post array which is supposed to contain a 'total_comments' element (see line 44). If you already have total comments in the array you can use that for singular/plural logic.

Also, where do you get the $pid on line 44.

Line 22:

mysqli_fetch_assoc($ChangeDownloadSQL){

You should terminate it with ;

The form data is being sent to the database only when you execute a query. So after collecting the data first check the dates and only if within the range, connect to the database and execute the query.

if($sDate < $enDate && $sDate > $exDate) {

    // connect to the database and execute the query
    ...

} else {

    // do something else, i.e. redirect
    ...
}

Can you post the whole code you have. i will test it in my environment.

You do not get any errors? What is your php.ini setting for error_reporting and display_errors? It should be set to on for development:

display_errors = on

You can temporary turn error reporting in the script by including this code on the very beginning:

error_reporting(E_ALL);

OK, then we have to debug the function.

1. It is advisable to include error checking with mysql functions (mysql_query, mysqli_fetch_row...). You have to decide how to handle the errors (i.e. the function returning false, stoping the script, custom error messages...).
2. INclude the checking of the argument value
3. You can temporary echo the query using die and test it in phpmyadmin
4. You can echo the resulting row using a combination of die and print_r functions

So considering above, the function should look like:

function gather_comments ($pid){

    // check the argument
    if(is_numeric($pid)) && $pid > 0) {
        $pid = (int)$pid;
    } else {
        return false;
    }

    $sql = "SELECT COUNT(*) FROM `comments` WHERE `post_id`= $pid";

    // DEBUG
    // this is for debugging only, comment it out in production
    // this will display the SQL statement; copy it to phpmyadmin for testing
    die($sql);

    // query the database
    $res = mysql_query($sql);

    // include error checking when queryinig the database
    if(!$res) {

        // DEBUG
        // this is for debugging only, comment it out in production
        die(mysql_error());

        // if error when querying then return false
        return false;
    }

    // fetch the row
    $row = mysqli_fetch_row($res);

    // DEBUG
    // this is for debugging only, comment it out in production
    // this will display what the $row array contains and stop the script
    // the $row array should have only one element ($row[0]) - the count of found comments
    die(print_r($row, 1));        

    // include error checking when fetching the row
    if(!isset($row) || empty($row)) {

        // DEBUG
        // this …

Your function is not returning the number of comments but the resource (a special PHP type) for the query. And also the query has to be changed to:

$sql = "SELECT COUNT(*) FROM `comments` WHERE `post_id`= {$pid}";

The function should be something like:

function gather_comments ($pid){
    $pid = (int)$pid;
    $sql = "SELECT COUNT(*) FROM `comments` WHERE `post_id`= {$pid}";

    $res = mysql_query($sql);
    $row = mysqli_fetch_row($res)
    $comments = $row[0];

    return $comments;
}

The logic for displaying singular or plural should be simple:

// call the function only once so you do not shoor too many queries
$commentsCount = gather_comments($pid);

if($commentsCount == 1) {
    echo 'comment';
} else {
    echo 'comments;
}

If you retrieve comments earlier in the script (i.e. for displaying) the function is not necessary since you can just count the retrieved comments.

Then you might want to use a rich text editor like TinyMCE. It converts your textareas (or other elements) to WYSIWYG editor so users can draw tables, use lists, change fonts, colors etc.

The <textarea> tag should be be ended with </textarea> end tag. Anything between these two tags gets displayed, but as a plain text. I believe the html code (the table in your case) will be displayed just as plain text and not formatted as a table.

Have you taken into account the fact that the same visitor will have different session ID on each visit (on each session)?

But this only add the last entry to the database!

In your last version the query is outside both foreach loops so it gets run only once with the last assigned values. Put the query inside the inner loop and also apply the sanitizing (mysql_real_escape_string function), like suggested in above posts (take security seriously).

It is a good practice to assign a query to a string before running it - this is how you can echo it and test it in phpmyadmin:

$query = "INSERT INTO links  VALUES (...)";
...

// temporary debug code will display the query and stop the script
// you can now examine the query and copy it into phpmyadmin for testing
die($query);

// run the query
mysql_query($query);

You can do multiple insertion with one query:

if (isset($_POST['submit'])){

    // start the query
    $query = 'INSERT INTO links  VALUES ';

    // get number of elements in the array containing links
    $linksCount = count($_POST['alink']);

    // step through the array containing links
    for($i = 0; $i < $linksCount; $i++) {

        // add to the query if value exists
        if (($_POST['alink'] != '') {

            // escape the values (do not omit this!!)
            $alink = mysql_real_escape_string($_POST['alink']);
            $aname = mysql_real_escape_string($_POST['aname']);

            $query = "('', '$alink', '$aname'), ";
        }
    }

    // remove the trailing comma from the end of query
    $query = rtrim($query, ',');

    // run the query
    mysql_query($query);
}

And switch to newer mysqli as soon as you can :-)