Posts by ryantroop

using select you are not affecting any rows.

You should use mysql_num_rows() on line 22 instead, and you want it == 1 (because each username should only have 1 assciated password, and if you are getting more than 1 you're in trouble.

Also, sanitize your variables (learn about mysql_real_escape_string())

heh, sorry I wasnt more clear.

by doing:

names = ['first_name', 'last_name']

You are making names be a list with 2 strings, "first_name" and "last_name".

In your particular case, you can either populate the list by manually:

staff_first = raw_input("First Name: ")
staff_last = raw_input("Last Name: ")

names = [staff_first, staff_last]

or, you can simply use the object staff_first and staff_last, which I will show you at the end.

Now, on to your problem - you forgot to close the whole query with a closing parentheses.

cursor.execute("""INSERT INTO staff (FIRST_NAME, LAST_NAME) VALUES (r{0}, r{1})""".format(*names))

Notice the 2 extra parentheses added after r{1} and (*names)

If you don't want to use the unpacking method, you can simply call the items by name -

 cursor.execute("""INSERT INTO staff (FIRST_NAME, LAST_NAME) VALUES (r{0}, r{1})""".format(staff_first, staff_last))

Hope that helps.

Ryan

Another vote for PEAR. Simple and straight forward.

because of this very awkward (to me) behavior, I much prefer .format()

you could easily have done:

cursor.execute("""INSERT INTO staff (FIRST_NAME, LAST_NAME) VALUES (r{}, r{})""".format(first_name, second_name)

You can even format by place holder, if you have a list, tuple, or parsed dictionary:

names = ['firstname', 'lastname']

cursor.execute("""INSERT INTO staff (FIRST_NAME, LAST_NAME) VALUES (r{0}, r{1}""".format(*names)

the r should keep quotation marks in place when doing sql inserts. (it makes it a "raw" string)

I would recommend you turn off all your error suppressions (@) and see if you raise any errors...

Line 1 is missing a closing ;

While I can't say it's improper, I have never seen a while loop in PHP using

while($mycontingency):
...
endwhile;

I would encourage you to use

while($mycontingency) {
...
}

EDIT: I just looked on the PHP Manual and while($foo): is totally acceptable, just not very PHP-ish as few statements follow this design. You can happily ignore the above.

line 21 you are basically saying suppress all errors but if there is an error print the error but supress the error. Not sure you are using error suppression correctly...

As to your problem...

I have had problems where queries do not run properly if they are not closed with a semi-colon.

So, try changing it to
mysql_query("DELETE FROM training_tickets WHERE transaction='$transaction' LIMIT 1;") or die ("Could not delete: ".mysql_error());

Lastly, for the sake of "true" RBDM, you should never delete any items from your database. Instead, you should add another column called "deleted" and make it a datetime, and when you run your selects you should check that datetime <= 0, and when you want to delete the item you should set datetime to "now()"

looks like a spelling/case error with your DB columns. As above, make sure that 'ID' is the actual name of the column, and not something like 'userID' or something similar.

You don't need to stripslashes if you're using real_escape_string().

Don't give idiots who try to hack your page more room to get a right answer. Treat slashes as an invalid character.

If you really want to add an extra layer of security, you should look into preg_match().

ok.. so if Im following along with you right ->
You're pulling stock numbers from a database.
Those stock numbers are individually posted on your page for ordering purposes.

If that is correct, you have two options.

Do the math in the database
"SELECT col1, col2, (SELECT SUM(col1, col2)) as total FROM mytable WHERE boxcolor='whatever';"

Do the math after the database

while($data = mysql_fetch_object($result)) {
$total = $data->col1 + $data->col2;

}

Is that what you're looking for?

Ryan

Youre welcome :)

The first paragraph here will help get you started:
http://docs.python.org/py3k/library/turtle.html

This will help understand triangles:
http://www.freemathhelp.com/feliz-angles-triangle.html

The key part is understanding that all triangles will have a total of 180* as the sum of all angles. That means, given your 3 inputs, if they don't add up to 180* then it's not a triangle.

You have a lot of choices on how to start. A better way for us to help you is to start writing some code, and when you have trouble or get stuck, then ask. Homework is meant for you to learn, not for people on a message board to do it for you.

Nothing wrong with using both.

What is the problem you are having?

Sorry, not sure why that happened.. if you copy and pasted directly I missed two parentheses.

should be:

if(isset($_POST['key'])){
$key = $_POST['key'];
$sql = "SELECT * FROM user WHERE name like '%$key%';";
....
}

if(isset($_POST['key']{
$key = $_POST['key'];
$sql = "SELECT * FROM user WHEN name LIKE '{%$key%}'";
....

you probably dont even need the {} and you may want to escape $key before you pop it in your query.

would need to see the code to see what you are trying to accomplish.

Ok.. so this is a basic structure that should get you going in the right direction (I hope).

<?php
$usr = 'sqlusr';
$pw = 'sqlpw';
$host = 'sqlhost';

$db = mysql_connect($host, $usr, $pw);
mysql_select_db('dbname');

$nordem = $_POST['nordem'];
$nordem = mysql_real_escape_string($nordem);

$query = "SELECT * FROM entrada WHERE nodem_n = '$nordem';";
$result = mysql_query($query);

while ($data = mysql_fetch_object($data)) {
?>
<table><form action='mypage.php' method='post'>
<tr>
 <td>Field 1</td><td>Field 2</td><td>Field 3</td>
</tr>
<tr>
 <td><? $data->col1; ?></td><td><? $data->col2; ?></td><td><? $data->col3; ?></td>
</tr>
<tr>
 <td><input type='submit' value='submit'></td><td><input type='hidden' name='id' value='<? $data->id; ?>'></td>
</tr>
</form>
</table>
<?
}
?>

Now, lets assume that there is only 1 entry, we should only get 1 form back. This is completely bare bones, and has no functionality other than sending a blank post to mypage.php.

For reference.. instead of making an array, I made an object called $data. Inside data, all the columns are stored by keyname. So, $data->id will give the value of the id column in your sql table.

Now, we can further configure our form, to make our default value of a text field.. so lets say we were doing 'Field 1' value...

on the next row, the first <td></td> we would put

<td><input type='textbox' name='whatever' value='<? data->whatever ?>'></td>

Then, when we hit submit, we now have a POST value of 'whatever' being sent to our mypage.php

Then, on mypage.php we can do something with it.

<? if(isset($_POST['whatever']){
//run some program/do sql query or update or whatever
}
?>

That's it... you will notice …

ok, first - no matter how many <? ?> you have on your page, you only need to connect once. Ideally in the original <?php .... ?> pair, but it persists on the page as a whole, regardless of embedded HTML.

line 68, 69, 71 - You are doing the same operation twice, and in fact you are ignoring data.
$num = mysql_num_rows($query); // this is meant to check the number of rows returned. That's it!

so if by calling that, and then checking if(!$result) {} you essentially just asked if anything was there, assign that number to $num. If something is there, then do something. And then you forget about $num.

it is usually used as:

$result = mysql_query($query);
$num = mysql_num_rows($result);
if ($num > 0) { //run my script } else { //oops! No data! }

Now, as for the rest of what you have going on.. I think you need to be a little more clear.

Are you having trouble with your data displaying properly? Or is it not updating properly with the 2nd page?

without knowing the context of DEBUG CODE it's hard to say exactly what it is... it is either a build it command for developers to see particular errors, or it's a left over from when they were actually debugging... hard to say.

You would do well to understand what SESSIONS are COOKIES are, and how to use them. Basically, as you are using them, a permission file is a php page that can be accessed when the user is logged in, and their session data is available to the server.

Sessions are pretty simple.

To start them, you simply add:
session_start(); to the top of any page where a user will need to have persistent data available to the page.

As for logins, you can do a form/whatever flavor of validation you want, and then after you call session_start(); you can populate sessions as you would any array.

session_start()
$_SESSION['user'] = "LastMitch";

Now, any time that a user accesses a page on my server, from my http root, as long as there is a session_start() as the first line (some rules are meant to be broken) of PHP code on the page (preferrably before any code, even HTML), I can access my global (that's what $_ is for) variable $_SESSION[].

To destroy, or end a session, you can either close your browser and it should end automatically. Or, you can manually do it by unsetting/destroying the session.

if($_GET['end_session'] == "True") {
session_unset(); //remove all session data, but leave persistence
unset($_SESSION['user']); //alternatively we can unset a specific variable in the array.
session_destroy(); //in either case, we want to remove persistence, and end the session completely.
}

In the particular snippet above, it is saying:

    if(!$_SESSION[""]) {      //if no session …

If it were me doing this, it wouldn't be too terribly different, it would just be shorter and a bit more readable. On top of that, I would sanitize my queries and control type setting from the user, so that someone couldnt pass '$10000' when theyre supposed to be putting in their address. Also, allowing $_POST to be placed directly in your query allows hackers/stupid people to send a query to either get all info from your table, or worse destroy your table. I also don't know how your SQL tables were set up, nor what permissions you allow for the user.

That said, your whole project could be done with a single PHP page. There is no need to spread it out over so many, but I understand that compartmentalizing the way you are helps to keep references and purpose to each page. That's a style issue more than a "this is the best way."

Lastly, I would probably break up all these into functions and import the repetetive connection data as necessary. For future reference, look into how .htaccess is configured with PHP (so you can create a protected directory), and how you can store passwords, database names, encryption keys, functions, and other includes that you don't want made available to the public, in a directory that is not accessable from outside the server or root FTP access.

As for the problem you are encountering --
I've personally never encountered the error you are getting. Google seems …

The first lines are nothing major. If you can configure your server to disable error reporting, they will go away. Again, it comes down to your code being "ugly" and the parser is very unhappy with you. (Unless someone else knows something I dont).

The second problem... which file is update.php?

It seems you have a bad query somewhere else...

It will come with practice...

I think youre doing it right... first, get it working the way you want. Then we can work on refactoring your code and making it "pretty." It's hard when you are plopped into advanced (heck, Im not even that advanced) code, without knowing the basics of what it is doing.

Did you find the error in the place I said? Or is it somewhere else?

I still think you are using $_POST a bit...awkwardly...

I also think youre using MySQL very ineffeciently... you can make combined queries, I feel, for much of what you are doing.

However, line 28 is the only query that matches your error. On line 27 and 28, your comma is being placed improperly, I think... to double check, change line 31 to:

mysql_query($sql2a) or die("THIS IS MY ERROR!");

If you get that message, then you need to change your iteration, and make it happen one step earlier.

Ryan

I learned something new, that co.cc is a free domain holder... I guess I didn't understand the question.

Sorry.

unless you're talking about country codes, in which case you need to register your domain with a country code (there are probably some limitations.. like.. you have to find a server in that country to host your data)

Like, in your example, co.nz would be new zeland
http://www.godaddy.com/domains/searchresults.aspx?ci=54814
(assuming their links are persisten)

Otherwise, check out godaddy for more info.

Ugh.. lets try again.. just did a long explanation, hit delete, and I lost the page... fun fun...

I shall shorten it...

iterate over your post instead of calling them directly...

mysql_connect('localhost', 'foo', 'bar');

$expected = array('check', 'lote', 'val' ....);
$inserts = array();
foreach($_POST as $key => $value) {
    if(in_array($key, $expected)) {
           if(is.... ) {                 // you have a ton of choices here. Check data 
              $inserts[$key] = mysql_real_escape_string($value);    //type, check from
                                              //inside an array... is_numeric,
               }                            //is_string....) look here for more
           }                         //http://php.net/manual/en/function.is-numeric.php
                                           //alternatively, you can run a preg_match()
      }

$sql2a = "update table entrada set ";
$i = 0;
$count = count($inserts);
foreach($inserts as $k => $v) {
$i++;
if($i < $count) {
$sql2a .= "$k = '$v', ";
}
else {
$sql2a .="$k = '$v' ";
}

$sql2a .= "WHERE ......";

$result = mysql_query($sql2a);

So... that's my suggestion... I think I got that right...

Keep in mind, that when you run your type check you can do multiple ifs, or if you are less caring about what type of data goes in jsut run if(is_foo() || is_bar() ) {} or something similar...

Ryan

If the database doesnt have an ID column then why are you referring to it?

Also, Im pretty sure that you may want to identify something to delete (unless you want to delete the entire row).

You also have your POST names set up rather strange...

99.$checkbox = $_POST['checkbox']; //from name="checkbox[]"
100.            $countCheck = count($_POST['checkbox']);

In PHP, $_POST['checkbox'] is different than $_POST['checkbox[]']

So the code I had your change is working properly, $_POST['checkbox'] is currently empty because your form is not assigning it a value.

for($i=0;$i<$countCheck;$i++)
103.            {
104.                $del_id  = $checkbox[$i];
105.                $sql = "delete FROM table WHERE id = $del_id";
106.                $result = mysql_query($sql, $con);
107.            }

You need to put single quotes around $del_id on line 105.

Change it to $sql= "delete FROM table WHERE id = '$del_id'";

However, I would seriously encourage you to reconsider letting this SQL line pass into your database. For one, for table accuracy, you should not really ever delete anything from a database unless space is a serious issue. Second, this line is rediculously hackable and exploitable.

I know it sounds silly.. but it's happened to me before that I didn't put a semi-colon at the end of my sql query, and it failed since SQL was waiting for a new command...

Try:

$queryget = mysql_query("SELECT * FROM image WHERE user_id = '$user_id_s';");

If that doesnt work, change it to

  $queryget = mysql_query("SELECT * FROM image WHERE user_id = '$user_id_s';") or die (mysql_error());

and see where it is failing.