Posts by broj1

First check if your SMTP server is running and is correctly set up.

Is it only that you do not want to to have a submit button or do you not want to reload the page?

In first case you can use onchange event of the select (dropdown).

echo '<select name="room" id ="rooms" onChange="this.submit()">';

The form wil get submitted once you select an option and you do not need a submit button.

In you do not want to reload the page then use Ajax as AHarrisGsy suggested. Ajax is simple to use if you use jQuery. See this link.

WHere do you keep the list of URL's? If it is a file or an array then do a while or foreach or for loop reading the urls, getting the value and add values to the insert query:

// your URLs (in an array in this example)
$url_list = array(
    'http://asx.com.au/asx/markets/priceLookup.do?by=asxCodes&asxCodes=ONT', 
    'http://...',
    'http://...',
);

// count of URLs
$url_count = count($url_list);

// temporary counter
$i = 0;

// start the query
$query = 'INSERT INTO ASX_PRICES (ASX_CODE, ASX_PRICE, DATE) VALUES ';

foreach($url_list as $url) {

    $ch = curl_init($url);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    $var = curl_exec($ch);
    curl_close($ch);
    $first = stripos($var, '<th scope="row" class="row"><a href="' . $url . '"', 0) ;
    $second = stripos($var,'<td class="change indicator" nowrap>', 0);
    echo substr($var, $first, $second - $first);
    echo "<br />";

    // get the ASX_CODE and ASX_PRICE from the substring above (maybe using a regex)
    // and add to insert query
    $ASX_CODE = ...
    $ASX_PRICE = ...

    // get the date (wherever it comes from)
    $date = ...

    // add to the query
    $query .= "('$ASX_CODE', '$ASX_PRICE', $date)";

    // increase the counter
    $i++;

    // if it is not the last value, add the comma
    if($i < $count - 1) {

        $query = ', ';
    }
}

Not sure if I got what is your intention but I hope it helps.

A few notes here:

1. You mix GET and POST method. From URL it seems like your intention is to use GET, from the code it seems like you wanted to use POST; it is nothing wrong with mixing methods but do not do it if not realy needed since it is harder to control
2. It is recommended to avoid $_REQUEST combined array. It is again not wrong if you use it but only if it is necessary and are careful. $_REQUEST contains data from $_GET, $_POST and $_COOKIE arrays and it might happen that you have same keys in them thus overwriting values.
3. It is not recommended to use GET method for deleting. It is semantically wrong but more importantly the deleting URL gets cached and can do damage later on (intentionally or unintentionally).
4. Escape values before using them in a query.

szabizs correctly spotted the error and suggested solution to existing code. I usually have to add my raving about security since this is my field of work :-) (and I had to learn it a hard way).

First start the table and add a header row:

<table >
<tr><th>Product ID</th><th>Items</th><th>Price</th><th>Date</th><th>Action</th></tr>

Then add the rows with data:

<?php
while($row = mysql_fetch_array($sql)){

    $id = $row["id"];
    $product_name = $row["name"];
    $details = $row["details"];
    $size = $row["size"];
    $price = $row["price"];
    $quantity = $row["quantity"];
    $date_added = strftime("%b %d, %Y", strtotime($row["date_added"]));

    echo "<tr>";
    echo "<td>$id</td>";
    echo "<td>$product_name</td>";
    echo "<td>$price</td>";
    echo "<td>$date_added</td>";
    echo "<td><a href='inventory_edit.php?pid=$id'>edit</a> • ";
    echo "<a href='inventory_list.php?deleteid=$id'>delete</a></td>";
    echo "</tr>";
}
?>

</table>

I think the $nomineeid => $voted, $p_vote part in line 10 is not valid syntax.

foreach (array_combine($cLists, $Votes, $Votes_p) as $nomineeid => $voted, $p_vote){

The foreach construct is defined as

foreach (array_expression as $key => $value)

so in your case PHP expects a ) instead of a , after $voted. What do you actually want to achieve?

Escape the values in the query using your databases's escape function. If you use mysqli the function is mysqli_real_escape_string (or mysqli::real_escape_string if you do it OOP way).

$query = "UPDATE room SET floor='" . mysql_real_escape_string($room->floor) . "' where id=room->id";

Before posting the pages I asked you in my post above try the corrected code. The difference is ony in that the code is wrapped withing jquery ready() method (and of course IIM's correction has been applied).

<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<script type="text/javascript">
    $(document).ready(function() {
         // URL to open
        var myUrl = '';
        // set URL depending on screen size (800 here is just an example)
        if (screen.width <= 800) {
            myUrl = 'mySmallResolutionPage.php';
        } else {
            myUrl = 'myBigResolutionPage.php';
        }
        // load appropriate script into contentsDiv div
        $('#contentsDiv').load(myUrl);
    });
</script>

<!-- generated contents will get loaded here -->
<div id="contentsDiv"></div>

Please note that the php scripts have to return only the body of html, the index.php shall contain the <html></html>, <head></head> and <body></body> tags and appropriate stuff.

Itmeans that there is no value for the $Y variable which is basicaly the $_POST["Y"] variable. In other words posted data does not exist and the query inserts empty string (which is probably what you do not want). Where is it supposed to come form?

Good practice is to check for for submittion or existence first:

<?php
include "dbConfig.php";
if(isset($_POST["Y"])) {
    // you can escape here
    $Y=mysql_rel_escape_string($_POST["Y"]);
    // use escaped value
    $query="INSERT into tbl_subjectsenrolled (SubjectID) values ('$Y')";
    mysql_query($query) or die (mysql_error());
}
?>

You should pass your getLink function connection parameters since it can not access variables out of it's scope:

 function getLink($serverName,,$userName,$userPassword,$nameOfDataBase){
    $link=@mysqli_connect($serverName,$userName,$userPassword,$nameOfDataBase);
    if(!$link){
        echo "connection Error".mysqli_connect_errno();
    }
    return $link;
}

You can store the value in a hidden input field in the form which will then be picked up when form is submitted.

<input type="hidden" id="hidden-date" />

And in the javascript I guess you change line 21 to:

document.getElementById('hidden-date').value = document.getElementById('time').innerHTML;

Onre of the things pixelsoul did in his post above is he separated html and php code to get more clarity. I also highly recommend this approach. If you mix html and php too much it is harder to spot the errors in the code.

Now, no matter which approach you take, if things still do not work please post a few rows of questions and answers tables, preferably as an SQL insert file. You can do this from phpmyadmin by selecting a table, chosing a Export menu and exporting with default options.

I think it's got to do with the fact that Joomla is written following the MVC pattern. All the processing and database access is done somewhere behind (model / controller) and the result is displayed thorugh single index.php page (affected also by a template). On their site they say: Joomla! is always accessed through a single point of entry: index.php (see http://docs.joomla.org/Developing_a_Model-View-Controller_Component/1.5/Introduction).

Where do you get the list of questions to be displayed? In any case it is probably an array of question ID's which you have to iterate through.

// array of question IDs to be displayed
// I just made them up for this example
$q_id_arr = array(1,2,3,4,5);

// loop through the array of question IDs
foreach($q_id_arr as $q_id) {

    // select the question
    $query_q = "SELECT q_qstn_no, q_text FROM question WHERE q_id='$q_id'";

    // read the question and display it
    ...

    // select the possible answers
    $query_a = "SELECT a_id, a_text, a_value FROM answer WHERE answer.q_id='$q_id'";

    // read and display the possible answers and radio buttons etc
    ...

}

And change the query for inserting answers so you do not insert into autoincremented field (once you have many records you wont be able to assure unique values yourself):

INSERT INTO `answer` (``q_id`, `a_text`, `a_value`) VALUES
(1, 'Data', 1),
(1, 'System data', 0),
...

On line 8 you should probaly have a space before WHERE

$query_update .= " WHERE `item_id`=".$_POST["item_id"];

and the comma on line 7 should not be there (before the WHERE):

$query_update .= "`item_avai`='".$_POST["item.avai"]."'";

The easiest way to check is to insert a debug code between lines 8 and 9:

die($query_update);

which will display the query and stop the script. You can copy the query into phpmyadmin and test it there.

The first while loop has no code since you did not use any curly brackets. Is this suppose to be like that? Or would be more correct like this:

while (osc_has_categories ()) {

    // check category id and name inside while loop is ok!
    echo osc_category_id(), ": ", osc_category_name() ;

    echo "<p>results:</p>" ;

    // query_items inside the while loop after category is changed.
    // note: "studio" -             show results from "studio" BUT everywhere, 
    // note: osc_category_name() -  show ALL results from ALL categories AND everywhere,
    // note: "$osc_category_name" - show ALL results from ALL categories AND everywhere,

    osc_query_item ("studio") ;

    // check if items present
    while ( osc_has_custom_items() ) { 

        // echo result
        echo osc_item_title () ; 
    } 

    // reset query
    osc_reset_custom_items () ;
}

1. It assigns a value to $username variable, using EscapeCharacters() method of a $secure object (it is an example of object oriented PHP) to escape characters. $secure is an object derived from some class that is obviously designed to deal with user (form) input at login. There must be an instantiation code $secure = new ... somewhere prior to this code. The main goal of escaping characters is rendering safe some characters, that would make possible attacking or corrupting the data in the database. In mysql (and some other databases) the most dangerous characters are ' and ; so after escaping they become \' and \; and can not be used in injected queries. Google for SQL injection attack.
2. It does the same with the input value for a password (escaping).
3. It also hashes the value for password in order to store the hash in the database. Hashing is converting string into some value for later comparison. Everytime you hash a same string you get the same hash. You can not go the other direction i.e. you can not get the password form hashed string. This means you have a password hash in the database, not knowing what the password is, but you can always check if entered password is correct (so only user knows the password).

You use mysqldump program to export database into a SQL file, something like:

mysqldump -u USER -p DATABASE > FILENAME.sql

then use mysql client to import SQL file into another database:

mysql -u USER -p DATABASE < FILENAME.sql

This was taken from this link.

EDIT: I just noticed that you said you use Xamp. I think these two programs should be available in xamp but I am not 100% sure.

And an excellent resource for web apps security is OWASP and their Top 10 cheat sheet. Go through their list.

OK, so first read all the keywords from the C_Search (I hope it is not too many of them) and use the resulting array to build your search query:

// first part of the main query (with dummy WHERE operator so you can then use AND operators)
$query = "select * from C_Info WHERE 1";

// query the keywords
$res1 = mysql_query("select keyword from C_Search");

// loop through rows and add conditions to the main query
while ($keyword_row = mysql_fetch_assoc($res1)) {
    $query .= " AND C_Description like '%{$keyword_row['keyword']}%'"";
}

$res2 = mysql_query($query);
...

Well, something like that, I haven't tested it. If it does not work OK, we'll go into detail

You can save values in a txt file, JSON format would be a good one. You can use json_encode and json_decode functions. Instead of JSON you can just serialize data into a txt file.

Line 47:

$stmt->bind_param("ssi", $category, $title, $director, $year, $id);

You have declared only three types but you have five parameters. Try:

$stmt->bind_param("sssii", $category, $title, $director, $year, $id);

And change the line 54 to

die("ERROR: could not prepare SQL statement.");

so the script is stopped if error occurs (now you immediately get redirected to index).

You can create radio buttons with PHP. Put categories in an array, cycle through it, add code for radio buttons and check if current category matches the one from the DB:

<?php
// array of categories (you can always edit it and the radio buttons will change)
$categoriesArr = array('Action', 'Comedy', 'Drama', 'Horror', 'Thriller');

// add radio buttons via php and add checked attribute for the selected categpry
foreach($categoriesArr as $cat) {

    echo '<input type="radio" name="category" value="' . $cat  . '"';

    if($cat == $category) {

        echo ' checked="checked"';
    }

    echo ' />' . $cat;
}
?>

The code above should replace the code on lines 112 to 116.

Looks like the else statement on line 54 hasn't got a closing curly bracket. I you put one say on line 73 the error is gone. Double check though if that is the intended place for it.

There is another issue with your code. If a user enters spaces or ampersands or < or > or similar unwanted characters in the input box you should not pass that to the URL unencoded so use at least encodeURIComponent function before sending data to ajax.

$.ajax({

    type: "POST",
    url: "edit.php",
    data: encodeURIComponent(dataString),
    success: function(){
    $('.success').fadeIn(200).show();
    $('.error').fadeOut(200).hide();
    }
}); 

On the PHP side decode it back (i.e. using urldecode) and escape it properly to avoid attacks to your database or browser.

There are other small errors in the code as well so this is now the correct code (slightly reformated):

<script type="text/javascript">
$(function() {

    $(".editname").click(function() {

        var recordId = $(this).attr('id');
        var name = $('#tx_id-' + recordId).val();

        // tried to put # and nothing works
        var dataString = 'name='+ name + '&id=' + recordId ;

        if(name=='' || recordId=='' ) {

            $('.success').fadeOut(200).hide();
            $('.error').fadeOut(200).show();

        } else {

            $.ajax({

                type: "POST",
                url: "edit.php",
                data: dataString,
                success: function(){

                    $('.success').fadeIn(200).show();
                    $('.error').fadeOut(200).hide();
                }
            });    
        }

        return false;
    });    
});
</script>

The errors were in brackets, and the ID of input was misspelled (txt_id instead of tx_id).

On line 5 you are assigning the same value to $result over and over again.

$result = mysql_query("SELECT * FROM tag WHERE point='$pagename'");

so while($row = mysql_fetch_array($result)) condition is always true (it is always first row of the table). I would remove line 5.

The $result on line 9n is also causing trouble. What is the goal here? Maybe you post the database structure.

The trouble is in your first line:

// index.php
<?php
session_start();
ob_start();
?>

You use php comment outside of <?php ?> block so it is not treated as php code but as html code. That means that you send html before calling session_start() and ob_start() which is incorrect since both functions have to be started before ANY output is sent. Simply remove the first line or put it within a <?php ?> block.

<?php
// index.php
session_start();
ob_start();
?>

$query = "SELECT SUM(quanitity) FROM `tablename` GROUP BY `year`";

Backquotes might also be important if you use names that are same as mysql keywords.

You are returning only the name in a message not alsoo the lastname. Add lastname also and separate the name and lastname so you can distinguish them when returned from ajax cal, maybe with comma:

    ...
    while($nt=mysql_fetch_array($t)) { error_reporting(0);
        $msg.= $nt[name] . ',' . $nt[lastname];
    }
}
echo $msg;

On html page insert the name and lastname:

// split the returned string into array of name and lastname
nameAndLastnameArray = value=httpxml.responseText.split(',');

// insert name into appropriate box
document.getElementById("displayDiv1").value=nameAndLastnameArray[0];

// insert lastame into appropriate box
document.getElementById("displayDiv2").value=nameAndLastnameArray[1];

Are you sure the second and third SELECT keywords have to be there. Would this be OK:

$bquery="SELECT * FROM rt_booking WHERE rt_unit_id='".$_POST['unit_id']."' 
AND (UNIX_TIMESTAMP(str_to_date(rt_start_date,'%Y-%m-%d'))>=".$my11." 
OR UNIX_TIMESTAMP(str_to_date(rt_end_date,'%Y-%m-%d'))<=".$my22.")";

I quickly put together this recursion function.

function assoc2indexedMulti($arr) {

    // initialize destination indexed array
    $indArr = array();

    // loop through source
    foreach($arr as $val) {

        // if the element is array call the recursion
        if(is_array($val)) {

            $indArr[] = assoc2indexedMulti($val);

        // else add the value to destination array
        } else {

            $indArr[] = $val;
        }
    }

    return $indArr;
}

Tested it on a small array, I hope it works OK on your array. If the array is large it might be an issue since it doubles the memory requirement.

The query itself looks OK. Please double check if table name is file_records, and field names are also spelled correctly. Please paste the displayed query into the SQL tab of phpmyadmin and test if it works OK. And do not to remove the die() line.

Also change line 67 to include a check:

if(!mysql_select_db($MySql_databasename,$dbconn)) {
    die("Could not select database");
}

Do similar checks when connecting to the database and when performing queries. And temporary remove the @ form the mysql_query command on line 68 so you can see possible error messages.

I have actually used PEAR a lot but it was on Linux machine. The Windows part of installation instruction is http://pear.php.net/manual/en/installation.getting.php . I had no problems installing it and using it in Linux nd I think it should work equally fine in windows.

BTW if you are just after one or two PEAR packages you can always download it/them into some directora that is in the path and use it/them. But you loose the luxury of automatic updating, some of hierarchy etc.

I am not sure whether writing banned IP addresses in htaccess file is a good idea. You will need approprite rights to write into it and the file will grow with users visiting your site which might affect performance. Also maintaing the list (i.e removing duplicate entries) in the htaccess file might be a nightmare.

I would store IPs in a database and do a check everytime a visitor comes. If the IP is the database already, show one part of the contents (or redirect as jbeartrav suggested) otherwise show another part.

// check in the database if the IP is banned
if($banned === true) {

    echo 'You are not allowed to visit';
    exit();
}

// if not banned just display the normal contents and write the IP in the database

Mind you, relying on IP to ban people is not very reliable method anyway. IP's can change so you never know whether it is the same person with particular IP.

Check for existence of image in the DB table and if exists asign it to $logo variable otherwise assign a placeholder to $logo variable. Then display whatever is in the $logo.

<?php 
if(isset($row_getListing['image'])) {
    $logo = $row_getListing['image']; 
} else {
    $logo = 'placeholder.jpg'; 
}
?>

<div id="logo"><img src="images/<?php echo $logo; ?>" width="114" height="57" /></div>

Try using htmlspecialchars function which will replace < and > with their html codes.

if ($content !== false) {
    echo htmlspecialchars($content);
}

AHarrisGsy is right, upvote for that. I'll just to simplyfy it a little bit:

if(isset($_SESSION['SESSION_NAME'])) {
    echo '<a href = "/Logout.php" > Logout </a>';
} else {
    echo '<a href = "/Login.php" > Login </a>';
}

Do have any links or examples that show how mysqli_num_rows() & mysqli_fetch_assoc() works in OOP style.

There are good examples on php.net (see the Examples section after the definitions):

Class initialization
http://www.php.net/manual/en/mysqli.construct.php

Querying (includes code for class initialization)
http://www.php.net/manual/en/mysqli.query.php

Getting number of rows (includes code for class initialization and querying)
http://www.php.net/manual/en/mysqli-result.num-rows.php

php.net site at first look seems to be a bit unfriendly to new users due to a lot of technical information. But once you get used to it you find it the best resource for PHP. Always have look at the examples section and See also section. User comment can be interesting, too.

Considering the above, the Posts class should be something like:

class Posts {

    private $db;

    public function __construct($mysqli) {

        include 'dbConnMysqli.php';
        $conn = new dbConnMySqli;
        $this->db = $conn->getmysqliObject();
    }

    public function getPosts(){

        $query = "SELECT * FROM posts";
        $sql = $this->db->query($query);
        $result = $sql->fetch_assoc();
        $row = $result->num_rows;
        return $result;
    }
}

There are many questions here, I hope I manage to follow the main track :-). I will do it in couple of posts so we stay organized (in other words: you can not swallow a whole watermellon, you have to cut it in pieces).

I think foo_mysqli class is unnecessary here for two reasons: 1. you are not really adding anything to the mysqli class (which is a purpose of extending an existing class) but that would be okay; 2. you are not using it anywhere, you are using mysqli class in other scripts.

I am not saying that you should not do it this way. You can extend mysqli but then try to add some useful functionality to it like various ways of handling errors (display the errors during development, log the errors in production, provide default connection parameters etc). The following is the class I use for connecting and you can use it as an example (see the comments in it):

/**
 * This class establishes a connection to Mysql database using mysqli extension
 */
class dbConnMySqli
{
    // connection parameters
    protected $host = '';
    protected $user = '';
    protected $pass = '';
    protected $db = '';

    // mysqli object
    protected $mysqliObj = null;

    /**
     * Initialize connection parameters if set
     * 
     * @param string host
     * @param string $db_user
     * @param string $db_pass
     * @param string $db_name
     */
    public function __construct(
        $db_host = null, 
        $db_user = null, 
        $db_pass = null, 
        $db_name = null
    )
    {
        if($db_host && …

You changed the mysql connection function from OOP mode to procedural mode. The OOP mode initialized a mysqli object which has methods you can call. But the procedural mode does not initialize the object so you can not call it's methods (i.e the query method). Why did you do that?. The OOP mode is preferred (from my point of view).

// for this to use you need a mysqli object
$sql = $mysqli->query("SELECT * FROM posts") or die("Problem with query");

If you do not have a mysqli object (i.e. you do it procedural style), your connection function has to return the link.

function myDbObj(){

    // this does not have to be global
    global $mysqli;

    //connect to server and select database
    $link = mysqli_connect('host', 'user', 'password', 'db');

    //if the connection fails, stop script execution
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();

    // otherwise return the link
    } else {
        return $link;
    }
}

Then you shoot the query:

$result = mysqli_query($link, "SELECT * FROM posts")

Haven't tested the code, see it here: http://www.php.net/manual/en/mysqli.query.php.

IS there a nice and easy way to re-draw said tables, based on the output,

There is nice and easy way if you do not mind reloading the page. Just send the new values using a form and GET or POST method.

If you do now want to reload the page you can use ayax but that is not that easy anymore. You should be familiar with ajax for this.

OK, so put back the dot you removed and declare the $partner_block variable before the while loop (so you can later append to it):

$partner_block = '';
while($partner = mysql_fetch_array( $partners ))
{
    $partner_id = $partner['id'];
    $partner_name = $partner['name'];
    ## Now, let's assign the partner inside the option form tags.
    ## the partner named bundagle and somewhere should be now inside the option tags.
    $partner_block .= '<OPTION value="'.$partner_id.'">'.$partner_name.'</OPTION>';
} ## end while loop

If the variable has not been declared yet, you can not append to it. You can asign to it (with asigning you declare the variable). So just remove the dot (appending operator):

$partner_block = '<OPTION value="'.$partner_id.'">'.$partner_name.'</OPTION>';

That will remove the error in line 22 but I do not know if that is all that is needed for your code to work correctly. Tell us how it goes.

You are appending a string to a variable $partner_block that is not defined anywhere else (at least not in the code you posted):

$partner_block .= '<OPTION value="'.$partner_id.'">'.$partner_name.'</OPTION>';

There are two small glitches:

1. if there are no results in the list yet, you get a small div displayed anyway.
2. if you have three characters and delete one, two or three, the list won't update

That is why I corrected the javascript code to the following:

$(document).ready(function() {

    $('.dropdown').hide();

    $('.autosuggest').keyup(function (e) {

        // we also have to check if user is deleting entries
        // in that case less than 3 characters also trigger suggestion
        isDelete = false;

        // if delete or backspace were pressed, 
        // less than 3 characters also trigger suggestion
        if( e.which == 8 || e.which == 46) {

            isDelete = true;;
        }

        var search_term = $(this).attr('value');

        // if search term does not exist or
        // if it is less than 3 chars and user hasn't deleted any chars
        // then hide the list
        if(
            search_term.length == 0 || 
            (search_term.length < 3 && isDelete == false)
        ) {

            $('.dropdown').hide();

        } else {

            $('.dropdown').show();
        }


        // check if we have at least 3 characters or user is deleting characters
        if(search_term.length >= 3 || isDelete == true) {

            // read the values of the select elements (drop downs)
            // read the value of category
            var category=$('#category').attr('value');

            // this is the conditions you will post over to the searchApp.php script
            // assembled here for clarity
            var conditions = {

                'search_term' : search_term,
                'category' : category
            };

            // alert(conditions.toSource());

            // post the conditions over to the searchApp.php script
            $.post('ajax/searchApp.php', conditions, function(data) {

                //alert(data);
                $('.result').html(data);
                /*
                // you can …

But I still have some questions, if you don't mind me. I know you are probably tired of me at this point.

No, I am quite happy to help if I can. But the problem is that I haven't used dojo in my life so I do not have a clue about how it works. You have to figure out what is the format of data that dojo chart of selected type expects and you then have to provide data in that format.

I would suggest you close this thread and start a fresh new one so others can contribute (I doubt many people are following this thread since it is so long). You give it a good title like How to create a Dojo StackedBar so Dojo gurus can jump in (hope there are any).

So you are saying that the dropdown div is pushing the content down to make room for autosuggestions? If yes, post the CSS for the dropdown class.

You have done it OK, only a double quote (as part of html attribute value) is missing after 240.

echo('<embed src="flash/' . rand(1, 5) . '.swf" type="application/x-shockwave-flash" width="320" height="240"></embed>');