elite311

Thank you for all the help so far, I have been reading tutorials and manuals all afternoon to try and figure out I'm doing wrong. I am really stuck on this one. I added in the $res = $db->query($sql) or die($db->error); Like you had suggested but I still get an error, looks basically the same as before Fatal error: Call to a member function query() on a non-object This is what my code looks like, am I doing something wrong with me $db connection to the database? everything else is working but just not the drop down box, on the drop down box line is where I'm getting the fatal error showing up. <?php session_start(); if($_SESSION['loggedin'] == TRUE) if($_SESSION['auth_lvl'] > { //loggedin already }else{ //not logged in yet header("Location: index.php"); } include('admin/includes/config.php'); include('admin/includes/database.class.php'); include('admin/includes/functions.php'); // Configure new database object $db = new Database($db_host, $db_username, $db_password, $db_database, $db_table_prefix); $db -> connect(); $menuresult = $db->fetch_all_array("SELECT * FROM menu ORDER BY disporder ASC"); $userinforesult = $db->fetch_all_array("SELECT realfirst, reallast FROM users WHERE username = '".$_GET['id']."' LIMIT 1"); $users = $db->fetch_all_array("SELECT users.id, users.username, users.password, users.realfirst, users.reallast, users.dept, users.flag, auth.auth_level, auth.descrip, auth.id FROM users LEFT JOIN auth ON users.flag = auth.auth_level WHERE users.id = '".$_GET['id']."'"); function auth_level_options ($db, $user_level) { $sql = "SELECT auth_level, descrip FROM auth ORDER BY auth_level"; $res = $db->query($sql) or die($db->error); $opts = "<select name='flag>"; while (list($level,$desc) = $res->fetch_row()) { $sel = $level == $user_level ? 'selected="selected"' : ''; $opts .= "<option value='$level' $sel>$desc</option>"; } $opts .= "</select>\n"; return $opts; } if(isset($_POST['updateit'])) { // Protect against injection $username = mysql_real_escape_string($_POST[username]); $password = md5(mysql_real_escape_string($_POST['password'])); $flag = mysql_real_escape_string($_POST[flag]); $realfirst = mysql_real_escape_string($_POST[realfirst]); $reallast = mysql_real_escape_string($_POST[reallast]); $dept = mysql_real_escape_string($_POST[dept]); $db->query("UPDATE users SET username = '$username', password = '$password', flag = '$flag', realfirst = '$realfirst', reallast = '$reallast', dept = '$dept' WHERE id = '".$_POST['id']."'"); header("Location: admin.php?updated=1"); exit(); } ?> And I have added this to the form where I want the dropdown box <tr> <td width="19%" align="right" valign="top">Access Level :</td> <td width="1%" align="left"> </td> <td width="80%" align="left" valign="top"> <?php echo auth_level_options($dbconn, $current_user_level);?> </td> </tr>

Thanks so much for the help! I'm getting the following error on this line though, am I right that the error is caused because the $desc variable hasn't been defined? Fatal error: Call to a member function fetch_row() on a non-object while (list($level,$desc) = $res->fetch_row()) { Sorry still trying to learn php and mysql.

Hello, I have been trying to figure this for a while now and reading the tutorials are not helping, I think I'm a little over my head on this one and was hoping someone could help me out with this issue. I am making a User Edit page and would like to have the access level part of the form show the users access current access level thats set in the database when the page loads, and if it needs to be changed you can press the dropdown box and select a new access level. I can't figure out how to show the current access level as default and populate the drop down box with the other access levels in my table. My Tables look like this Users table (users): --------------------------------------------------------------------------------------------------- | id | username | password | flag | realfirst | reallast | dept | --------------------------------------------------------------------------------------------------- 1 loderd 9 test guy Service Auth Table (auth): -------------------------------------------- | id | auth_level | descrip | -------------------------------------------- 1 1 Service Tech 2 2 Office Staff 3 9 Super Admin My SQL Query looks like this $users = $db->fetch_all_array("SELECT users.id, users.username, users.password, users.realfirst, users.reallast, users.dept, users.flag, auth.auth_level, auth.descrip, auth.id FROM users LEFT JOIN auth ON users.flag = auth.auth_level WHERE users.id = '".$_GET['id']."'"); I can't seem to figure out how I can do this for the Access Level dropdown box. <tr> <td width="19%" align="right" valign="top">Access Level :</td> <td width="1%" align="left"> </td> <td width="80%" align="left" valign="top"> <?php echo "<select name='flag' id='flag'>"; foreach ($users as $row){ if($row[auth_level]==$row[auth_level]){ echo "<option value=$row[auth_level] selected>$row[auth_level] - $row[descrip]</option>"; }else{ echo "<option value=$row[auth_level]>$row[auth_level] - $row[descrip]</option>"; } } echo "</select>"; ?> </td> </tr> Any help would be greatly appreciated

Thanks for the help!

So I'm new to the javascript world and attempting my first project and I'm stumped and hoping someone can tell me what I'm doing wrong here. What I am trying to accomplish is: If the user wants to buy between 1-4 set the mark price to 5 per mark, if it's between 5-9 set the price to 10 per mark, if it's greater than 9 set the price to 15 per mark So when the user puts how many marks they want to buy into the additonal marks field and then picks how many courses they want the total will show up to reflect this. So they want to buy 3 marks for 2 courses ((3x5)x2) total is $30 Heres my code: <script language="javascript"> function calcVals(){ //set form to document.form1 form = document.form1; //get the fields val = form.AdditionalMarks; val1 = form.NumberOfCourses; //check the value and set the price if (val<=4) { var markprice=5; } else if (addnlmarks==5,6,7, { var markprice=10; } else if (addnlmarks>=9) { var markprice=15; } //multilpy all the fields up total = (val * markprice) * val1; //if there's a problem inform the user if (String(total) != 'NaN') { form.valTotal.value = total; } else { form.valTotal.value = 'ERROR'; } } </script> </head> <body> <form id="form1" name="form1" method="post" action="" > <H2>The Request</H2> <table border = "3"> <tr> <td> Id </td> <td> <input name = "Id" type = "text" size="10"> </td> </tr> <tr> <td> Course Number </td> <td> <input name = "CourseNumber" type = "text" size="10"> </td> </tr> <tr> <td> Description </td> <td> <input name = "Description" type = "text" size="20"> </td> </tr> <tr> <td> Distance Education </td> <td> <input name = "DistanceEducation" type = "checkbox" size="2"> </td> </tr> <tr> <td> Additional Marks </td> <td> <input name="AdditionalMarks" type="text" size="10"> </td> </tr> </table> <p> </p> Number of courses <input name="NumberOfCourses" type="text" size="5" value="0"> Total Cost <input name="valTotal" id="valTotal" readonly type="text" size="5" value="0"> <br> <p> </p> <p> </p> <input type = "button" value = "Go for It" onclick="calcVals()"> </form> I put the values in and nothing happens and I have not been able to figure out why. Any help would be greatly appreciated.

Thank you very much! worked perfect!

So the sql query Barand posted di just what I wanted and displays the "..." after the text but I'm still stuck on how to show a "more" button if there is more words. My current code looks like this: <p class="txt-2"><?php echo wordwrap($row['article1'], 46, "\n", true);?><a href="#" class="news-readmore-link"><?php echo $row['readmore']; ?></a></p> <div class="p14"><a href="#" class="btn-1">more <span></span></a></div> What I would like to do is only show the more button if there is more then 25 words like the "..." I'm not sure how to do this using php.

Barand - Thanks worked great! now I just need to figure out how to show the link button when it's greater than 25. Thanks guys, I suppose I could just use a COUNT instead of the SQL_CALC_FOUND_ROWS but I was thinking the table would never really get that large it would become an issue.

Hello, I have been working on my own news system and have got almost everything working perfect including limiting the amount of words shown on the main page. Problem is I'm not sure and haven't been able to figure out how to show "..." at the end if the output has more words than 25 and if it has more than 25 words show the readmore link. What I'm doing right now is counting 25 spaces in the article column of the query to limit the output to 25 words and display it as article1. Not sure if this is the best way or not just seemed the most logical way to me, however I'm having trouble figuring out how to show the "..." at the end of the output and the readmore link if it's more than 25 spaces. I'm counting the words like this in my query: $MySQL = 'SELECT SQL_CALC_FOUND_ROWS SUBSTRING_INDEX(article," ",25) AS article1, id, date, postedby FROM news ORDER BY date DESC LIMIT ' . (($pagination->get_page() - 1) * $records_per_page) . ', ' . $records_per_page . ''; Then displaying it like this: <?php echo wordwrap($row['article1'], 46, "\n", true);?> I'm not sure if I have posted this in the right section but hoping someone could help me figure this out. Thanks in advance

Are all the values you want to sum contained in the users table? or are you storing the users in 1 table and the values in other tables?

Thank you all for the replies it has helped a lot with my understanding, but Particularly thank you ChristianF for taking the time to explain all of that. I am defiantly going to read up on that sprintf function as well as due some reading on validating form input and error checking. Again thanks everyone for all the help so far, this is a great place for a beginner like myself to learn from people who really understand this stuff.

I'm a little confused, I'll do more reading on this though. As far as my script is now though it would protect against injection the way it is currently?

Yes just a number, I'm not sure I understand what you mean by cast it in as an int

I have done a bunch of reading and I just want to make sure I am doing this correctly to protect against injection. I'm hoping someone can confirm if this is the correct way to protect against injection. if(isset($_POST['updateit'])) { // Protect against injection $site = mysql_real_escape_string($_POST[job]); $avguse = mysql_real_escape_string($_POST[avguse]); $id = mysql_real_escape_string($_POST[id]); // Update database $db->query("UPDATE assets SET pmcount = '$avguse', updatedby = '{$_SESSION['username']}', updateddate = NOW() WHERE id = '$id'") or die(mysql_error()); // Redirect page header("Location: locationinfo.php?id=$site&updated=1"); exit(); }

I understand what you mean, the value might not be there even though it shows before the form is submitted. I have a lot of learning to do obviously, but your post made me think about a different solution and I managed to get it to work. Although its probably not the best way to do it, thank you 2 for helping I really appreciate it. On my form I added: <input type="hidden" name="job" value="<?php echo $assetinfo['currentjob'];?>" /> And I changed: $site = $assetresult[0]['currentjob']; to $site = $_POST['job'];