QuickOldCar
Staff Alumni-
Posts
2,972 -
Joined
-
Last visited
-
Days Won
28
Everything posted by QuickOldCar
-
Also.... Place this section before your form, are trying to use all variables that do not exist yet. <?php //getting the text information and saving in local variables if(isset($_POST['update'])){ if(isset($_POST['id']) && is_numeric($_POST['id'])){ $id=$_POST['id']; } $user_firstName =mysqli_real_escape_string($conn,$_POST['user_firstName']); $user_lastName =mysqli_real_escape_string($conn,$_POST['user_lastName']); $user_company =mysqli_real_escape_string($conn,$_POST['user_company']); $user_discipline =mysqli_real_escape_string($conn,$_POST['user_discipline']); $user_email =mysqli_real_escape_string($conn,$_POST['user_email']); $user_loginName =mysqli_real_escape_string($conn,$_POST['user_loginName']); $user_pass =mysqli_real_escape_string($conn,$_POST['user_pass']); $email_alerts =mysqli_real_escape_string($conn,$_POST['email_alerts']); $update = "UPDATE hsa_users SET `user_firstName`='$user_firstName', `user_lastName`='$user_lastName', `user_company`='$user_company', `user_discipline`='$user_discipline', `user_email`='$user_email', `user_loginName`='$user_loginName', `user_pass`='$user_pass', `email_alerts`='$email_alerts' WHERE id=$id"; $run_update = mysqli_query($conn, $update); if($run_update){ echo "<script>alert('User has been successfully updated.')</script>"; echo "<script>window.open('admin_userlist.php','_self')</script>"; } } ?>
-
Besides what other posters said... Initially you get the id from a $_GET['id'] That's fine but when you post the form is not being passed because now using POST and not included in the action, the query does not know where to update to a specific id. Pass the id into the update form a hidden type. <input type="hidden" name="id" value="<?php echo $id;?>"/> Now add the $id back in the update submit check if(isset($_POST['update'])){ if(isset($_POST['id']) && is_numeric($_POST['id'])){ $id=$_POST['id']; } //.....rest of code You may as well change the GET id one to $id , when query runs you return the $row['id'] anyway if(isset($_GET['id']) && is_numeric($_GET['id'])){ $id=$_GET['id']; $sql = "select * from hsa_users where id='$id'";
-
If I find my recursive directories and files script using glob will post it here. Could take a long time to find it.
-
It's ok if new to this, is just this script not the best. Using glob() much better. Horrible the way doing if/else directories and files, not defining the directory location for each file. if(is_file("./".$namehref)){ $download = "download='./$namehref' target='_blank'"; }else{ $download = ''; } // Output echo (" <tr class='$class'> <td><a href='./$namehref' $download>$namehref</a></td> <td>$extn</td> <td sorttable_customkey='$sizekey'>$size</td> <td sorttable_customkey='$timekey'>$modtime</td> </tr>");
-
I was being lazy and not want to go scour your code and figure out what you want to link to. The place where you say want a download button is where. <a href="<?php echo $file;?>" download="<?php echo $file;?>">Download</a> $file being that files variable, use w/e variable you use in your script.
-
To make it easy can do a form with action leading to the file or as href and set the download attribute <form method="get" action="<?php echo $file;?>"> <button type="submit">Download</button> </form> or <a href="<?php echo $file;?>" download="<?php echo $file;?>">Download</a>
-
Need to follow some of the suggestions posted and post back the new code Some things to look at $erfahrung=$_POST['file'];//yeah that's the file upload $sql="INSERT INTO $tbl_name(name, Geburtstag, Staat, Permit, Kontaktdetails, Gemeinde, Beruf, Erfahrung) VALUES('$name', '$geburtstag', '$staat', '$permit', '$contact', '$gemeinde', '$beruf', '$erfahrung')"; OK, so $erfahrung must be set to NULL in mysql if inserts go through later on other script (which as mentioned should all be same page or pass the values with get or something) $sql="INSERT INTO worker3(Erfahrung) VALUES('$final_file')"; This is trying to insert new one and missing other values most likely needed, if now want to add that image an additional query would need to use UPDATE and set the value a specific column WHERE id='mysql_id' You need to know where to insert it such as it's id in mysql, something unique. The best thing you can do is insert to mysql at the end after everything is checked and is no errors. And it's better to save the location of the file and not as a blob. If you still want to update that image into the same as above query use mysql_insert_id() to get that AUTO_INCREMENT id from mysql
-
My bad...I had an A-Za-z0-9-_ originally for a pattern and replaced the number and letter ranges with a \w All would need is \w- so the underscore was extra The dashes and underscores are included in the length check strlen(trim($_POST['username'])) >= 5 ab_de passes server side validation because excluding the - and _ is still all letters and numbers, then a minimum 5 characters checked on the actual post value I personally only allow letters,numbers,dash and underscore to keep them url friendly because people do some crazy names with all sorts of odd characters otherwise. Glad you like it.
-
Can't send email with php script in html form
QuickOldCar replied to Nikas_Zalias's topic in PHP Coding Help
Do you have a server with php installed? If doing it locally is many AMP stacks can choose from. https://en.wikipedia.org/wiki/List_of_Apache%E2%80%93MySQL%E2%80%93PHP_packages Popular ones are WAMP and XAMPP btw, this should be in the head section <link href="style.css" rel="stylesheet" type="text/css"> -
I know I mentioned this in the past, the main phpfreaks.com site is so crusty with old posts. It's not only the tutorials, news and blogs all 3+ years to ancient posts, but also http://www.linuxforum.com/ is dead too It depresses me to see that and the low visitors been having here a long time now. Am pretty sure if we got some recent posts up front would raise some peoples interests, some visitors may not even know the forums is the hot spot. This site is nothing how it's past self was with popularity.
-
You commented out $file_loc //$file_loc = $_FILES['file']['tmp_name']; if(move_uploaded_file($file_loc,$folder.$final_file))
-
Is most likely a class included within /template/header.php GetUpcomingJobs function connects via SOAP client and displays the included xls file. There is a network tool in most browsers within dom inspector, you can see what's being loaded and their locations. Firefox and Chrome is right click on page and Inspect Element, then select Network tab Internet explorer is pressing F12 or right click the cog/settings icon and select F12 Developer Tools
-
That depends on the advanced custom fields plugin, may have to add that function in the plugin.
-
Kinda odd to just allow wav files and not other audio, especially since a few can work in a html5 player. finfo_file() the only way to ensure the file is exactly the type mime_content_type() deprecated in newer php versions You would want to check the actual mime type of the file before you do the move. Can knock some checks out early just by looking for any allowed extensions //single type and file as you have if(end(explode(".", strtolower($_FILES['uploadedfile']['name']))) == "wav") { //check real mime type, if passes check if successful move } else { //toss an error or take any actions want } //multiple audio types $allowedExtensions = array("mp3","mp4","wav","ogg","flac","wma","wax"); if (in_array(end(explode(".", strtolower($_FILES['uploadedfile']['name']))),$allowedExtensions)){ //check real mime type, if passes check if successful move } else { //toss an error or take any actions want } If did both checks and turns out is actually different, may want to take a look at whoever is uploading it.
-
I think I mentioned in another post was not a good idea to do it this way. The server has to do a lot of work for each user and visitor each time. Not to mention their settings lost when session deleted or expires. Why not store each users menu in a database, then can fetch,sort,update with a query and do any order positions.
-
A few changed their names, welcome back to the forums.
-
Welcome back Bob. I think I hear something...maybe not.
-
Really...2500 rows then cut, all this data needs to be displayed all one time? It's hard for me to envision why you need to do this. Possibly unescaped encoding issue Have any examples of the data where it gets cut off?
-
Youtube is not the place to be learning, go to php.net I suggest you read everything there and also go through the functions and what they do, when to use them, otherwise you will never learn this. This is a register script just wrote another member, edit it for a login or at least look it over. http://forums.phpfreaks.com/topic/298136-anyone-willing-to-do-a-quick-security-review-or-a-registration-page/?p=1520717 When dealing with passwords should be using password_hash() and password_verify() An attempt to fix this code but should post the rest what you have as well or find a better tutorial with mysqli/pdo and uses password_hash. <?php if (isset($_POST['submit'])) { $errors = array(); if (isset($_POST['username']) && trim($_POST['username']) != '') { $username = trim($_POST['username']); } else { $username = ''; $errors[] = 'username'; } if (isset($_POST['password']) && trim($_POST['password']) != '') { $password = trim($_POST['password']); } else { $password = ''; $errors[] = 'password'; } if (empty($errors)) { $login = login($username, $password); if ($login === false) { $errors[] = "That username or password is incorrect. Please try again."; } else { $_SESSION['user_id'] = $login; //does login function return a name or id? header('Location: index.php'); exit(); } } if (!empty($errors)) { echo "Errors: " . implode($errors,", "); } } ?>
-
And the proper word is $_SESSION all uppercase
-
Data attributes are unlimited but do have limits due to system memory. You should consider these more like meta fields and output data normally. Strings have a limit of 2GB but the overall script execution also has a limit determined by your php.ini memory settings and also server resources. If you are having memory issues you may want to rethink how are fetching and displaying the data. json_decode() the json file and store data into a database Can read from saved json files directly like a cache but have to load the entire file each time and parse it.
-
A first time maybe!!