Slam

Ok, thanks for replies.

So instead of redirect when section isn't set I should echo nothing?? like so: if (!isset($_GET['username']) || empty($_GET['username']) || ($username_exists === false)){ header('Location: /'); exit(); } // echo content related to $_GET['username'] if (!isset($_GET['section']) || empty($_GET['section']) || ($_GET['section'] !== 'bio')){ echo ''; } // echo some content related to $_GET['section'] It works like this, but now user can type whatever he wants after this url www.example.com/user.php?username=joe& But is it safe??

Hi, I have a problem with multiple variables in url when I try to echo out content based on variable from url. First things first. When I have url like www.example.com/user.php?username=joe (assuming that joe exists in DB) I do: if (!isset($_GET['username']) || empty($_GET['username']) || ($username_exists === false)){ header('Location: /'); exit(); } // echo content related to $_GET['username'] and it's working fine, but if I have url like www.example.com/user.php?username=joe&section=bio I tried if (!isset($_GET['username']) || empty($_GET['username']) || ($username_exists === false)){ header('Location: /'); exit(); } // echo content related to $_GET['username'] if (!isset($_GET['section']) || empty($_GET['section']) || ($_GET['section'] !== 'bio')){ header('Location: /'); exit(); } // echo some content related to $_GET['section'] and result of that code is (when the url is): www.example.com/user.php?username=joe&section=bio // true, echos out $_GET['username'] and $_GET['section'] www.example.com/user.php?username=joe&section=otherbio // true, redirect www.example.com/user.php?username=joe&section= // true, redirect www.example.com/user.php?username=joe&madeupsection // true, redirect www.example.com/user.php?username=joe& // true, redirect www.example.com/user.php?username=joe // I thought that this wil echo out only content related to $_GET['username'], but I get redirect, and that redirect comes from $_GET['section'] Even though username is correct I get redirect because $_GET['section'] is not set, am I right? So how can I echo out content related to $_GET['username'] when $_GET['section'] is not set or empty or !==bio ??

I tried this but still "Notice: Undefined index: user_id" public function login($login, $password){ global $db; $query = $db->prepare("SELECT COUNT(`user_id`) as `count`, `user_id` FROM `users` WHERE `username` = :user AND `password` = :pass OR `email` = :user AND `password` = :pass"); $query->bindValue(':user', $login); $query->bindValue(':pass', $password); $query->execute(); $result = $query->fetchColumn(); if ($result) { $this->uid = $result['user_id']; } return $result; } and login $user = new User; $log_in = $user->login($login, $password); if($log_in) { $_SESSION['user_id'] = $user->uid; header('Location: account.php'); exit(); }

1. I do have session_start(); 2. Still "Notice: Undefined index: user_id" 3. I tried public function login($login, $password){ global $db; $query = $db->prepare("SELECT COUNT(*) FROM users WHERE username = :user AND password = :pass OR email = :user AND password = :pass"); $query->bindValue(':user', $login); $query->bindValue(':pass', $password); $query->execute(); $result = $query->fetchColumn(); return $result; } $user = new User; $log_in = $user->login($login, $password); if($log_in) { $_SESSION['user_id'] = $log_in; header('Location: account.php'); exit(); } but still "Notice: Undefined index: user_id" when I try echo out user info.

Hey, I'm trying to echo out user info based on user $_SESSION['user_id'], but session is not set, it says "Undefined index: user_id". Login works, but user_id is not set. Class class User { public $uid = ""; public function userInfo($user_id) { global $db; $query = $db->prepare("SELECT `user_id`, `username`, `email` FROM `users` WHERE `user_id` = :id"); $query->bindValue(':id', $user_id); $query->execute(); return $query->fetch(); } public function login($login, $password){ global $db; $query = $db->prepare("SELECT COUNT(*) FROM `users` WHERE `username` = :user AND `password` = :pass OR `email` = :user AND `password` = :pass"); $query->bindValue(':user', $login); $query->bindValue(':pass', $password); $query->execute(); $result = (bool) $query->fetchColumn(0); if($result) { $this->uid = $result['user_id']; } return $result; } } Login <?php if (isset($_POST['login'], $_POST['password'])) { $login = $_POST['login']; $password = sha1($_POST['password']); $errors = array(); if (empty($login) || empty($password)) { $errors[] = 'All fields required!'; } else { $user = new User; $log_in = $user->login($login, $password); if ($log_in) { $_SESSION['user_id'] = $user->uid; header('Location: account.php'); exit(); } else { $errors[] = 'Username/Email or password incorrect!'; } } if (!empty($errors)){ foreach ($errors as $error) { echo '<div id="error"><strong>', $error, '</strong></div><br />'; } } } ?> Account page $user_id = $_SESSION['user_id']; $user = new User; $data = $user->userInfo($user_id); echo $data['username'],'<br />'; echo $data['email'],'<br />'; echo '<pre>'; print_r($_SESSION['user_id']); echo '</pre>'; if(isset($_SESSION['user_id'])){ $user_id = $_SESSION['user_id']; $data = $user->userInfo($user_id); echo '<pre>'; print_r($data); echo '</pre>'; echo $data['username'],'<br />'; }else { echo 'bla'; }

After many attempts it finally works. Working code $user_id = $_SESSION['user_id']; foreach($_POST['selected'] as $key => $selected) { if(is_array($selected)) { echo 'Group:' . $key . '<br/>'; foreach($selected as $selected_group) { echo 'Selected:' . $selected_group . '<br/>'; } } else { echo 'Group:' . $key . '<br/>Selected value:' . $selected . '<br/>'; } $query = "INSERT INTO `selection` VALUES ('$key', '$user_id', '$selected')"; mysql_query($query); }

No, I think I need something like in this post http://forums.phpfreaks.com/topic/245143-php-mysql-multiple-rows-insert/?do=findComment&comment=1259415 but how to adjust to my situation??

Hey, I'm trying to insert dynamically generated radio buttons form to the db, but this code below inserts always first group(id) with always selected value 1. How can I insert all groups(ids) with proper value?? Here's what I have. Table radio_form `radio_form` (`name_id`, `name1`, `name2`) (1, 'Nike', 'Addidas'), (2, 'Google', 'Bing'), (3, 'Apple', 'Microsoft'), (4, 'Coca-Cola', 'Pepsi'), (5, 'Snowboard', 'Ski'), (6, 'Car', 'Bike'), (7, 'Futbol', 'Rugby'), (8, 'Hot', 'Cold'); Form page (hidden input to insert id of the group to the db) <?php if (isset($_POST['hide_id'], $_POST['selected'])) { $name_id = $_POST['hide_id']; $item_select = $_POST['selected']; $errors = array(); if (empty($_POST['selected'])) { $errors[] = 'All fields required!'; } if (!empty($errors)){ foreach ($errors as $error) { echo '<div id="error">', $error, '</div><br />'; } } else { $name_id = (int)$_POST['hide_id']; $user_id = $_SESSION['user_id']; $item_select = (int)$_POST['selected']; $query = "INSERT INTO `selection` VALUES ('$name_id', '$user_id', '$item_select')"; mysql_query($query); echo "<br />OK<br />"; /*header('Location: index.php'); exit();*/ } } ?> <form action="" method="POST" id="go" name="go"> <?php $items = get_items(); foreach($items as $item){ echo $item['name_id']; ?> <label for ="<?php echo $item['name1']; ?>"> <input type ="hidden" name="hide_id[<?php echo $item['name_id']; ?>]" value="<?php echo $item['name_id']; ?>"> <?php echo $item['name1']; ?> <input type ="radio" id="<?php echo $item['name1']; ?>" name="selected[<?php echo $item['name_id']; ?>]" value="1" /> </label> <input type ="radio" id="<?php echo $item['name2']; ?>" checked name="selected[<?php echo $item['name_id']; ?>]" value="2" /> <label for ="<?php echo $item['name2']; ?>"> <?php echo $item['name2']; ?> </label><br /> <?php } ?> <br /><br /> <button type ="submit" id="send" name="send">Send</button> </form> print_r($_POST); Array ( [hide_id] => Array ( [1] => 1 [2] => 2 [3] => 3 [4] => 4 [5] => 5 [6] => 6 [7] => 7 [8] => 8 ) [selected] => Array ( [1] => 2 [2] => 2 [3] => 1 [4] => 2 [5] => 2 [6] => 1 [7] => 1 [8] => 2 ) [send] => )