Posts by minitauros

A couple of things:

• session_register() appears to be a deprecated function. You don't need to use it. Using only
  $_SESSION['key'] = 'value';
  will suffice if you run a PHP version from less than a long time ago ;).

• Should you not start a session using session_start() in the first line of your script, so that your session actually works?

• About the following code:

  ob_start();
  include('../../../page_title.php');
  ob_end_clean();

  Any output in the file that you are including here will not get printed. Why are you using output buffering here, anyway? :)

• What happens if you remove the @ from your mysql_connect() function? Does an error get printed to your screen?

• Why are you even using the define() function to define your database connection info? As you seem to already have them placed inside variables. Why don't you just use your $account_user vars and alike?

True, I'd also recommend using PDO/mysqli instead of just mysql :)

In PHP (using mysql), fetching one result:

<?php
$q = "SELECT `download` FROM `images` WHERE `owner_un`='$owner' AND `url`='$url' LIMIT 1";
$rq = mysql_query($q);
$fetch = mysql_fetch_assoc($rq);

echo '<p>Result: ' . $fetch['download'] . '</p>';

Fetching all results:

<?php
$q = "SELECT `download` FROM `images` WHERE `owner_un`='$owner' AND `url`='$url' LIMIT 1";
$rq = mysql_query($q);

while($fetch = mysql_fetch_assoc($rq))
{
    echo '<p>Result: ' . $fetch['download'] . '</p>';
}

You seem indeed to be using the output buffer while there is nothing you are buffering for output :). What an output buffer does is, shortly explained, this:

Instead of writing your output to the screen, it buffers it. It allows you to set headers and do other stuff in the meanwhile, and when everything you needed to do before outputting stuff to your the has been done, you flush the output buffer and output what's inside it to the screen. In your scenario there is nothing to be buffered before your headers are set, so you probably don't need those output buffers and can remove them if you want.

Well "6135" is not really something we can work with, I think :). Is there anything else that shows? Any errors? Something like: Fatal error: .... on line 132 of file index.php

So are you getting an error or are you not getting an error? And if you are getting an error, what is the error you are getting? =)

Well what it says is that you have not defined $id. $id is empty, and therefore you get an error and your script is not working. If you do not define $id in a way such as this:

$id = 'yourvalue';

Then it will be undefined and you will not be able to work with it. PHP cannot check your <div>'s id. You should use Javascript for that :). Does this answer your question?

Haha no problem of course, you are not to blame :). Stuff like this happens all the time, that's what makes it so damn handy to have a community at your disposal to help you out when you can't seem to figure out the problem by yourself.

Is there anything else you need help with?

Then contact.php should be the file that contains the code to insert stuff into your database. Is that the case here?

Well if you are not getting any POST data, there must be something else going on. Could you verify that your <form>'s method property is set to "post"? E.g.: <form method="post" ...>

Then, the action property of your <form> element must be set to the location of the file in which you process your data and insert the record into your database. If the form is then submitted, it sends its data via POST to that file. If that process succeeds, you should not see "array(0) {}" on the next page, but an array filled with data.

So, example:

Page form.php:

<form action="newpage.php" method="post"> (Rest of your HTML)

Page newpage.php:

<?php
// A lot of stuff happens.

// Let's see if the form has successfully been submitted, did we get any data?
echo '<pre>'; var_dump($_POST); echo '</pre>';

// More of your own PHP.

And what happens if you put this somewhere at the top of your document? (After your session_start(); call, if you use that)

echo '<pre>'; var_dump($_POST); echo '</pre>';

Do you see any $_POST values on your screen when the file is loaded?

So I suppose this script is not working:

//  usable constants  
define('DB_NAME', 'yyy_ContactForm');
define('DB_USER', 'xxx');
define('DB_PASSWORD', 'zzz');
define('DB_HOST', 'localhost');

$link = mysql_connect (DB_HOST, DB_USER, DB_PASSWORD);

if(!$link) {
    die('Could not connect: ' .mysql_error());
}

$db_selected = mysql_select_db(DB_NAME,$link);

if(!$db_selected) {
    die('Can\'t use' . DB_NAME . ':' .mysql_error());
}

//echo 'Connected successfully';

/* $fullname = $_POST['fullname'];
$email = $_POST['email'];
$comment = $_POST['comment']; */

$fullname = mysql_real_escape_string ($_POST['fullname']);
$email = mysql_real_escape_string ($_POST['email']);
$comment = mysql_real_escape_string ($_POST['comment']);

/*~~~~  $error = array(); 
if($_POST[$fullname, $email, $comment] == '') { 
    $error[] = ''; 
}  ~~~~*/

$sql = "INSERT INTO admin_table (fullname, email, comment) VALUES ('$fullname', 
'$email', '$comment')";

if (!mysql_query($sql)) {
    die('Error: ' . mysql_error());
}

mysql_close();

Have you checked if any $_POST values are actually submitted to the file in which the code above resides? In other words: are you 100% sure that your $_POST values have been set when you insert them into your database? You could check by, for example, adding the following line:

echo $sql;

underneath this line:

$sql = "INSERT INTO admin_table (fullname, email, comment) VALUES ('$fullname', '$email', '$comment')";

and then see if the values are actually in your query.

Could you post some code from where the insertion into the database happens?

Yes it works now? :)

Aaaah I think I understand what the problem is now. I thought nothing was displaying at all :). Try this if you will:

require("conn.php");
$sql = "select * from pemohon where kp_baru='$kp';";
$result = mysql_query($sql);

$has_results = false; // To be validated below.

while($row = mysql_fetch_array($result))
{
    // If the loop can be executed at least once, it means that results have been found.
    $has_results = true;

    // Display the row.
    echo $row['kp_baru'];
}

if(!$has_results)
{
    // The while loop has never been executed. No results were found.
    echo "No KP tiada didalam pangkalan data.";
}

Did you check if $expiryMonth, $expiryDay and $expiryYear actually have values when you use them in the mktime() function? Also, if you don't have any arguments at all to pass to mktime(), you ought to use time() instead, which returns the current timestamp just as mktime(), but that's just strict standards for as far as I know :p.

Then have you checked if there is something wrong with conn.php? Also make sure your error reporting is turned on. In the first line of your root script, put this line to do that:

error_reporting(E_ALL ^ E_NOTICE);

What happens if you replace your mysql_result() functions by a more commonly used mysql_fetch_assoc()? E.g. replace

 $Query = "SELECT * FROM database.tablename WHERE eventDay=1";
$Result = mysql_query ($Query, $Link) or die (mysql_error($Link));
//ON Debugging - code stops here resulting in Resource ID #3 - suggesting there is a problem
with the $Result. However, please check the following code to see if there are errors (if poss).
$Rows=mysql_num_rows($Result) or die (mysql_error($Rows));
$loop=0;
while ($loop<$Rows){
    //Add all variables to the output loop.
    $eventVisible=mysql_result($Result,$loop,"eventVisible");
    $eventDay=mysql_result($Result,$loop,"eventDay");
    $eventImagePath=mysql_result($Result,$loop,"eventImagePath");
    $eventTitle=mysql_result($Result,$loop,"eventTitle");
    $eventInfo=mysql_result($Result,$loop,"eventInfo");
    $expiryYear=mysql_result($Result,$loop,"expiryYear");
    $expiryMonth=mysql_result($Result,$loop,"expiryMonth");
    $expiryDay=mysql_result($Result,$loop,"expiryDay");
    //Print out the values into a table
}

by

$q = 'SELECT * FROM database.tablename WHERE eventDay=1';
$r = mysql_query($q) or exit(mysql_error());
$number_of_results = mysql_num_rows($r);

while($fetch = mysql_fetch_assoc($r))
{
    //* Looping through results

    $eventVisible = $fetch['eventVisible'];
    $eventDay = $fetch['eventDay'];
    // And so on
}

Weeeh you gave me minus kudos instead of plus haha ^^. Yea I ran into stuff like that all the time, but of all those things, some turn into a goldmine of time saving material, which makes it all worth trying :).

Well good luck with that, then. Sounds weird indeed, but luckily most of the times when you run into a weirdass problem, it's just one really ini mini minor thingy that has been typed incorrectly, which you find out after hours and hours of searching :p.

So with the script you just provided you are still getting no results, nor do any errors get displayed?

So does your "OR die(...)" function get triggered, or does it pass that? Maybe your query did not return any results?

Yes and you could var_dump() your query statements to see if they contain all required data. E.g.:

var_dump("UPDATE magazine_tmp SET arth7='$arthro7', author7='$author7', title7='$title7', checked7='ok' where year='$year' and month='$month'");

Why are there two exactly the same lines like this:

$query = $con->prepare("INSERT INTOkzn_upcoming(meet_name,location,start_date) VALUES (?, ?, ?)");

? :) One on line 14 and one on 37, while you seem to be only using one. Could you try removing one ;)? Not sure if it will matter but just to be sure.

Pfew, I'm no expert on working with csv files, but I'd say try:

if (($handle = fopen("../uploads/KZNCal.csv", "r")) !== FALSE) {
    while (($data = fgetcsv($handle, 1000, ";")) !== FALSE) {
    $Cal[] = $data;
    }
    fclose($data);
}

// Check if $Cal is what you need it to be:
echo '<pre>'; print_r($Cal); echo '</pre>';

Checking if $Cal is what you need it to be, and:

$i = 1;
foreach ($Cal as $Key => $Event) {
    echo '<p>$i: ' . $i . '</p>';
    $i++;

    // code
}

And:

$i = 1;

foreach ($Calendar as $Key => $Meet) {
    echo '<p>$i: ' . $i . '</p>';
    $i++;

    // code
}

Checking how many times your loops are executed.

Did you try:

1. var_dump()-ing your query statement?
2. var_dump()-ing the result object of your query?
3. var_dump()-ing all input to your query, to see if your query is actually executed the way you expect it to be?

:)

That is because a DELETE query will always return TRUE if it could be executed, and it can be executed, even if no rows are affected by it.

If you want to count the number of rows affected (the number of rows deleted), which would tell you if anything has actually been deleted, you can use the following:

if (filter_var($email, FILTER_VALIDATE_EMAIL)) 
{
    $r = mysql_query("DELETE FROM maillist WHERE email = '$mail'");

    if($r)
    {
        $affected_rows = mysql_affected_rows();

        if($affected_rows)
        {
            echo '<script type="text/javascript"> alert("Email Address Has Been Deleted") </script>';
        }
        else
        {
            echo '<script type="text/javascript"> alert("Email Does Not Exist In Database") </script>';
        }

    }
    else 
    {
        // Query could not be executed.
    }
}
else 
{
    echo '<script type="text/javascript"> alert("This Is Not A Valid Email Address!") </script>';
}

I used mysql_affected_rows() to count the number of rows affected by your query.

It won't matter, but remember that you cannot just use PHP inside your HTML then. You would have to use, for example:

<input type="text" name="username" value="<?php echo $username; ?>">

If you wanted to set the value of that input field to $username.

Sorry facaroll, even though you are saying some good stuff there, I think this is way too complicated for someone who is just starting with PHP. Nothing personal! I just think it takes some more time and explanation for a starting PHPer to even understand what you just said, let alone be able to use it.

Masterhacker, in case you need some more explanation: data escaping is done to prevent attacks on your website. For example if you do not check the value of a user-inputted variable, like a username, you might end up crying, for someone could then write 'username"'; // Wow I now have access to your PHP! Let's insert a virus. (Ok that's really simplified, but with the right characters, he would be able to gain access to your script and do harmfull stuff. If you want to learn more about this, search Google for: escaping user input, SQL injections, PHP security, that kind of stuff :).

Finally, you could consider not allowing duplicate usernames, so that you won't have to go over the trouble of appending numbers to family names, as facaroll proposed.

I am guessing the same ;). You could try putting the following at the start of your code:

echo '<br>$_REQUEST:<br><pre>';
var_dump($_REQUEST);
echo '</pre>';
echo '<br>$_POST:<br><pre>';
var_dump($_POST);
echo '</pre>';
echo '<br>$_GET:<br><pre>';
var_dump($_GET);
echo '</pre>';

And see if it returns what you want. If not, your forms are not working properly. You could also add this to your forms:

<form ... method="post">

And then read out your data using $_POST instead of $_REQUEST.

And one last thing. If you have a lot of lines of HTML, it might be easier to read by just typing it in HTML, not in PHP, by "pausing" the PHP lines. For example:

<?php
// PHP Code here, a lot of HTML is coming up.
// Close PHP for a second:
?>

<HTML>
blabalbla
a lot of HTML

<?php
// Phew, that was a lot of HTML. Continue writing PHP.

Ah great! Writing your own forum can be a challenging task, I'm sure you will learn much from it :). There are thousands of PHP tutorials on the internet, even on writing a login script/module etc., so I would really recommend you use Google a lot and ask questions if you get stuck on someting. The idea behind your login is good, although is is done differently in PHP. You don't have to generate unique pages for each user. You can just ask PHP, on one page that will then work for ALL your users: "Hey, what's the current user's ID?" and then ask your database "Give to me all the data you have on the user with this ID: x". And put that on the page. That's the beauty of it :).

That will work, but how will you create each unique file? By hand or? ;)

Here's a quick setup on a basic login script:

1. Create a database table containing user login data (user_id, username, password (encrypted if you wish!)).
2. Create a login script, that matches the submitted login data against the data stored in your database.
3. If the login is successful, you can redirect the user to his personal page, which could be unique_page.php?user_id=1. Also you could "remember" that he is logged in by setting a session value, so that the user won't have to login every time he loads a new page.
4. On unique_page.php, you can check if a user_id has been given in the URL, and if it has, you can retrieve the user's data.
5. Write a login checker on each page, which checks if the login is still valid.

Something like that. I think doing a quick Google search might help you out a lot :). Are you new to PHP?

First of all, using $_REQUEST may pose some danger to security, because if I would now go to your PHP file's location and put "?submit=true&email=somedangerousvirus" in the link, I would gain access to writing a file to your server.

Then, why would your file writing not be working? Did you check if your script passes your if() statement? You can check by adding a simple line, for example:

if(isset($_REQUEST['submit']))
{
    echo 'We\'ve passed the if() statement!';

    // Rest of code
}

Also, there is an easier way of "just" writing a file, which might also suit your needs: file_put_contents(). Parameters: $file_name, $data. E.g.:

file_put_contents('file.txt', 'Hello!');

Also, I think that this line:

fwrite($file, "$email");

is now literally writing "$email" to your file, instead of the contents of $email. Not sure though, as I always use single quotes (') instead of double.

Glad to see your problem solved ^^.

Yes that's probably, as I just mentioned, because you don't close your line 9 with a semicolon (";"). Try removing the semicolon from inside your quotes in the following line:
$sql="select image from images where id='$_GET[id]';";

Which would make it become:
$sql="select image from images where id='$_GET[id]'";

Then add the mysql_real_escape_string() functionality, like this:
$sql="select image from images where id='" . mysql_real_escape_string($_GET[id]) . "'";

And then place a semicolon at the end of the following line:
$row = mysql_fetch_array($result)

Which would make it become:
$row = mysql_fetch_array($result);

$sql="select image from images where id='$_GET[id]';";

I think you should remove the first semicolon in that line and place it after the following line:

$row = mysql_fetch_array($result)

Next question: What is the error you are getting? :)

Also, if you are using PHP's mysql functions to connect to your database, you might want to consider properly escaping external input to your database, like $_GET['id']. I would replace that by mysql_real_escape_string($_GET['id']) for starters. You can read more about the function here.

Glad to hear a miracle has happened :p

So when you inspect your URL on page, what does it look like? I mean this url:

"manage-products-2.php?prod_id='.$row[0].'"

Does it look like, for example, manage-products-2.php?prod_id=5 ? In other words: is the prod_id really given?

What is strange though is that your whole $_GET is empty, because even if your prod_id would be empty, you should still get "prod_id = null" when you var_dump() your $_GET. Does the URL on your manage-products-2.php page look as it should? I mean, when you load the page in your browser, does the link include the "prod_id=x" part?

Well if your $_GET is empty, it is usually because there is something wrong with the URL that was used to load your page. Does your URL contain all the key=value pairs you need? (E.g. prod_id=1&name=dhani etc.)

Did you:

1. Check if you started a session in both files, using session_start()?
2. Validate that each $row actually contains the values you expect it to contain? You can use var_dump($row), for example, to output a row (or print_r($row)).
3. On your second page - manage-products2.php - you could check if $_SESSION and $_GET contain any values, by using those same var_dump() and/or print_r() functions.

Could you tell us the results of these tests? :)

There is a way to add a password to it but I've never done it with PHP. A short Google search resulted in this command to be used:

exec('zip -P pass file.zip file.txt');

pass = password
file.zip = target zip
file.txt = file to zip (maybe you can specify a folder if you want to zip multiple files? I have no idea, you'd have to try :))

Unzipping would go as follows:

exec('unzip -P password file.zip');

(From: http://stackoverflow.com/questions/7712960/opening-and-creating-password-protected-zip-files-with-php and http://www.talkphp.com/general/3380-exec-zip-php-not-working-expected.html)

Change this:

function browse($dir) {
    global $filenames;
    if ($handle = opendir($dir)) {
        while (false !== ($file = readdir($handle))) {
            if ($file != "." && $file != ".." && is_file($dir.'/'.$file)) {
                $filenames[] = $dir.'/'.$file;
            }
            else if ($file != "." && $file != ".." && is_dir($dir.'/'.$file)) {
                browse($dir.'/'.$file);
            }
        }
        closedir($handle);
    }
    return $filenames;
}

to this:

function browse($dir) 
{
    global $filenames;

    // Fill with names of files to exclude from your return array.
    $files_to_exclude = array(
        'file1.php'
    );

    if($handle = opendir($dir)) {
        while (false !== ($file = readdir($handle))) {
            if($file == '.' || $file == '..') {
                //* Skip currentt and previous directory.
                continue;
            }
            elseif(in_array($file, $files_to_exclude)) {
                //* The current file is to be excluded.
                continue;
            }

            if(is_file($dir . '/' . $file)) {
                $filenames[] = $dir . '/' . $file;
            }
            elseif(is_dir($dir . '/' . $file)) {
                browse($dir . '/' . $file);
            }
        }

        closedir($handle);
    }

    return $filenames;
}

And see if it works :).

Hm which error is being displayed right now, then? Not the same as before right? Sounded like you fixed that :). Is there a new one?

Maybe you could try and see what happens if you remove this check

mysql_num_rows($execute_get_record) == 0

from your file. So just fetch the results without checking if there are any. I don't usually use mysql_num_row, but maybe there's a problem with a comparison to 0 (I wouldn't know why but that's what I would try if I were you :))

Hmm well what do you get if you open your PHPMyAdmin and execute the following query?

SELECT * FROM Ordered_Cart_Items

If you do not get results, either your table may be empty or you might have miswritten your query.

If your server says

Warning: mysql_query() expects parameter 2 to be resource, string given in /nfs/c01/h12/mnt/3250/domains/zeta-clovis.sendairtime.com/html/support_mail/includes/find_order_records_function.php on line 37

about this line:

mysql_query($get_record_query,$connection)

then it means that $connection contains a string, while it should contain a resource, which means that your connect2DB2() function should be returning a resource (it should return the value of your mysql_connect() function). Did you check if it does? :) For there seems to be nothing wrong with your query.

And this is indeed what dorco and evolutionfallen already mentioned, sorry guys! Wasn't paying enough attention.

@minitauros, when I tried to echo the query, I got this message;
Resource id #14
Warning: mysql_query() expects parameter 2 to be resource, string given in /nfs/c01/h12/mnt/3250/domains/zeta-clovis.sendairtime.com/html/support_mail/includes/find_order_records_function.php on line 37

I meant echoing your query statement ^^. The command that you're giving to your MySQL. The query, like "SELECT FROM...". If you have that we can take a look and see if there's something wrong with it.

Also, what exactly is on line 37? Because in your starting post, on line 37 is:

$date_added = $returned_records['date_added'];

Which does not even look like a mysql_query() command :).

True that, hadn't even seen that the ^ was being used as delimiter ^^. Pritaeas, do you know which character you should use to match the start of a string if you use ^ as delimiter?

Hmmm if you want both to be valid, try:

'/^(\d{5})?([a-z.\-&\'",\/\\ ]+)(\d+)$/i'

This checks for:
Must start with a digit of length 5 (because of the {5} part) or no digits (because of the questionmark after the ")")
Must then be followed by one or more words
Must end in a number of any length, but with a minimum of one

The i after the last / sets the regex to be checked case-insensitive.
If you would like to change something in the first number, you could for example change {5} by {1,5} to define: a number with a length of 1 to 5.

Well there certainly seems to be no error on line 37 of the script you presented to us. Could you echo your query and post it here? (E.g. $query = [your query goes here]; echo $query; )