Jump to content

frank_solo

Members
 View Profile  See their activity

  • Posts

    109

  • Joined

  • Last visited

 Content Type 

Everything posted by frank_solo

  1. frank_solo
    I have the same problem. Thanks for the help but I now get this error: Notice: SELECT * FROM `apartments` WHERE county = 'Queens' AND rooms = '2' AND rent >= 1000order by `date_created` DESC has encountered an errror You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'by `date_created` DESC' at line 1 on line 287 It happen when I either field is empty
  2. frank_solo
    Thanks for your help Jcbones but I get this error: Fatal error: Call to undefined function emtpy() on line 12
  3. frank_solo
    I'm sorry to sound dumb but without doing so much of the work can you explain a little further about if($county){ if($rentmin && $rentmax ){ } if ($rentmin && !$rentmax){ } Do I put a value in "{ }" Or just simply write it like this: if($county){ if($rentmin && $rentmax ){ } if ($rentmin && !$rentmax){ } $sql = "SELECT * FROM `apartments`, `county` = '".mysql_real_escape_string($county)."', `rooms` = '".mysql_real_escape_string($rooms)."', `MIN(rent)` '".mysql_real_escape_string($rentmin)."', `MAX(rent)` '".mysql_real_escape_string($rentmax)."' order by `date_created` DESC"; }else{ $sql = "SELECT * FROM `apartments`"; } Thanks
  4. frank_solo
    I have a form to search through apartments but if one field (rent) is not filled the php script cannot process the search. Is there a way that I can have the script just search the minimum rent or maximum rent if those fields are not filled in? In other words could I make it say if blank put in 0 for minimum rent? The HTML Form: <form method="post" action="searchapts.php"> <table width="372" border="0" class="apttable"> <tr> <td width="66" style="color: #000">Borough:</td> <td colspan="2"><select name="county" id="county"> <option selected="selected">Bronx</option> <option>Brooklyn</option> <option>Manhattan</option> <option>Queens</option> <option>Staten Island</option> <option>---------------</option> <option>Nassau</option> <option>Suffolk</option> </select></td> </tr> <tr> <td style="color: #000">Beds:</td> <td colspan="2"><select name="type" id="type"> <option>0 Bed</option> <option>1 Bed</option> <option>2 Bed</option> <option>3 Bed</option> <option>4 Bed</option> <option>5 Bed</option> </select></td> </tr> <tr> <td style="color: #000">Rent:</td> <td width="151" style="color: #000"><span id="AptRentMin"> <span id="sprytextfield3"> <input name="min_price" type="text" id="min_price" value="" size="7" maxlength="7" /> <span class="textfieldRequiredMsg">Required.</span></span>(Min)</td> <td width="141" style="color: #000"><span id="AptRentMax"> <span id="sprytextfield4"> <input name="max_price" type="text" id="max_price" value="" size="7" maxlength="7" /> <span class="textfieldRequiredMsg">Required.</span></span>(Max)</td> </tr> <tr> <td style="color: #000"><input name="Search" id="Search" value="Search" type="submit" /></td> <td> </td> <td> </td> </tr> </table> </form> The PHP Script: <?php if ($_POST){ $county = $_POST['county']; $rooms = $_POST['type']; $rentmin = $_POST['rent_min']; $rentmax = $_POST['rent_max']; } $dbase = mysql_connect ( 'localhost', '', '' ); mysql_select_db ( '', $dbase ); if($county){ $sql = "SELECT * FROM `apartments`, `county` = '".mysql_real_escape_string($county)."', `rooms` = '".mysql_real_escape_string($rooms)."', `MIN(rent)` '".mysql_real_escape_string($rentmin)."', `MAX(rent)` '".mysql_real_escape_string($rentmax)."' order by `date_created` DESC"; }else{ $sql = "SELECT * FROM `apartments`"; } $res = mysql_query($sql, $dbase); if ( mysql_num_rows($res) > 0 ) { echo "<strong>Click Headers to Sort</strong>"; echo "<table border='0' align='center' bgcolor='#999969' cellpadding='3' bordercolor='#000000' table class='sortable' table id='results'> <tr> <th> Title </th> <th> Borough </th> <th> Town </th> <th> Phone </th> <th> Rooms </th> <th> Bath </th> <th> Fees </th> <th> Rent </th> </tr>"; while($row = mysql_fetch_assoc($res)) { echo "<tr> <td bgcolor='#FFFFFF' style='color: #000' align='center'> <a href='classified/searchapts/index.php?id=".$row['id']."'>" . $row['title'] . "</a></td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['county'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['town'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['phone'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['rooms'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['bath'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['feeornofee'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['rent'] . "</td> </tr>"; } echo "</table>"; print_r($apts); } else { echo "<p> </p><p> </p> No Results <br /><p> </p><FORM><INPUT TYPE='button' VALUE='Go Back' onClick='history.go(-1);return true;'></FORM> and Refine Your Search <p> </p><p> </p>"; } ?>
  5. frank_solo
    Cool Thanks
  6. frank_solo
    P E R F E C T batwimp Now if I wanted to also add square footage can I do something like this: if ($_POST){ $county = $_POST['county']; $rooms = $_POST['type']; $MIN = $_POST['min_price']; $MAX = $_POST['max_price']; $MINSQ = $_POST['min_square']; $MAXSQ = $_POST['max_square']; } $dbase = mysql_connect ( 'localhost', 'genesis_frank', '5150vh' ); mysql_select_db ( 'genesis_apts', $dbase ); if($county){ $sql = "SELECT * FROM `apartments` WHERE `county` = '".mysql_real_escape_string($county)."' AND `rooms` = '".mysql_real_escape_string($rooms)."' AND `rent` BETWEEN ".mysql_real_escape_string($MIN)." AND ".mysql_real_escape_string($MAX)." ".mysql_real_escape_string($MINSQ)." AND ".mysql_real_escape_string($MAXSQ)." order by `date_created` DESC";
  7. frank_solo
    Sorry I gave you the wrong html form it is this <form method="post" action="searchapts.php"> Borough: <label for="county" /> <select name="county" id="county"> <option selected="selected">Bronx</option> <option>Brooklyn</option> <option>Manhattan</option> <option>Queens</option> <option>Staten Island</option> <option>---------------</option> <option>Nassau</option> <option>Suffolk</option> </select> <br /> Rooms: <label for="type" /> <select name="type" id="type"> <option>0 Bed</option> <option>1 Bed</option> <option>2 Bed</option> <option>3 Bed</option> <option>4 Bed</option> <option>5 Bed</option> </select> <br /> Rent: <label for="rent" /> <input name="min_price" type="text" id="min_price" size="7" maxlength="7" /> (Min) <input name="max_price" type="text" id="max_price" size="7" maxlength="7" /> (Max)<br /> <input name="Search" id="Search" value="Search" type="submit" /> </form> The error is this : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= '1000' AND `rent` = '3000' order by `date_created` DESC' at line 1 So I should remove the "=" after rooms?
  8. frank_solo
    I get this error Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource
  9. frank_solo
    Having trouble making this work. I have a form that should search the min and max ranges of the rent of apartments. Can anyone please help me with the php script. I think I'm using the MIN and MAX functions incorrectly. Thanks The Form: <form method="post" action="searchapts.php"> Borough: <label for="county" /> <select name="county" id="county"> <option selected="selected">Bronx</option> <option>Brooklyn</option> <option>Manhattan</option> <option>Queens</option> <option>Staten Island</option> <option>---------------</option> <option>Nassau</option> <option>Suffolk</option> </select> <br /> Rooms: <label for="type" /> <select name="type" id="type"> <option>0 Bed</option> <option>1 Bed</option> <option>2 Bed</option> <option>3 Bed</option> <option>4 Bed</option> <option>5 Bed</option> </select> <br /> Rent: <label for="rent" /> <select name="rent" id="rent"> <option value="1000" selected="selected">Less than $1000</option> <option value="1500">$1000 - $1500</option> <option value="2000">$1500 - $2000</option> <option value="2500">$2000 - $2500</option> <option value="3000">$2500 - $3000</option> <option value="3500">$3000 - $3500</option> <option value="4000">$3500 - $4000</option> <option value="4500">$4000 - $4500</option> <option value="5000">$4500 - $5000</option> <option value="5500">$5000 - $5500</option> <option value="6000">$5500 - $6000</option> <option value="6500">$6000 - $6500</option> <option value="7000">$6500 - $7000</option> <option value="7500">$7000 - $7500</option> <option value="8000">$7500 - $8000</option> <option value="8500">$8000 - $8500</option> <option value="9000">$8500 - $9000</option> <option value="9500">$9000 - $9500</option> <option value="10000">$9500 - $10000</option> <option value="10500">$10000 - $10500</option> <option value="11000">$10500 - $11000</option> <option value="11500">$11000 - $11500</option> <option value="12000">$11500 - $12000</option> <option value="12500">$12000 - $12500</option> <option value="13000">$12500 - $13000</option> <option value="13500">$13000 - $13500</option> <option value="14000">$13500 - $14000</option> <option value="14500">$14000 - $14500</option> <option value="15000">$14500 - $15000</option> <option value="15500">$15000 - $15500</option> <option value="16000">$15500 - $16000</option> <option value="16500">$16000 - $16500</option> <option value="17000">$16500 - $17000</option> <option value="17500">$17000 - $17500</option> <option value="18000">$17500 - $18000</option> <option value="18500">$18000 - $18500</option> <option value="19000">$18500 - $19000</option> <option value="19500">$19000 - $19500</option> <option value="20000">$19500 - $20000</option> <option value="25000">$20000 - $25000</option> <option value="30000">$25000 - $30000</option> </select> <br /> <input name="Search" id="Search" value="Search" type="submit" /> </form> The Script: <?php if ($_POST){ $county = $_POST['county']; $rooms = $_POST['type']; $MIN = $_POST['min_price']; $MAX = $_POST['max_price']; } $dbase = mysql_connect ( 'localhost', '', '' ); mysql_select_db ( 'apts', $dbase ); if($county){ $sql = "SELECT * FROM `apartments` WHERE `county` = '".mysql_real_escape_string($county)."' AND `rooms` = '".mysql_real_escape_string($rooms)."' BETWEEN `rent` = '".mysql_real_escape_string($MIN)."' AND `rent` = '".mysql_real_escape_string($MAX)."' order by `date_created` DESC"; }else{ $sql = "SELECT * FROM `apartments`"; } $res = mysql_query($sql, $dbase); if ( mysql_num_rows($res) > 0 ) { echo "<strong>Click Headers to Sort</strong>"; echo "<table border='0' align='center' bgcolor='#999969' cellpadding='3' bordercolor='#000000' table class='sortable' table id='results'> <tr> <th> Title </th> <th> Borough </th> <th> Town </th> <th> Phone </th> <th> Rooms </th> <th> Bath </th> <th> Fees </th> <th> Rent </th> </tr>"; while($row = mysql_fetch_assoc($res)) { echo "<tr> <td bgcolor='#FFFFFF' style='color: #000' align='center'> <a href='classified/searchapts/index.php?id=".$row['id']."'>" . $row['title'] . "</a></td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['county'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['town'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['phone'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['rooms'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['bath'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['feeornofee'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['rent'] . "</td> </tr>"; } echo "</table>"; print_r($apts); } else { echo "<p> </p><p> </p> No Results <br /><p> </p><FORM><INPUT TYPE='button' VALUE='Go Back' onClick='history.go(-1);return true;'></FORM> and Refine Your Search <p> </p><p> </p>"; } ?> Thanks
  10. frank_solo
    Thanks for the reply thorpe but after the posting I've decided to put a contact form instead.
  11. frank_solo
    I'm using this php code and would like to know if there is a way to hide the email? echo "Email: <span style='color:#00F'><a href='mailto:".$result['email']."?subject=".$result['title']."'>".$result['email']."</span></a>";
  12. frank_solo
    Amazing mjdamato! It works like a charm!
  13. frank_solo
    Thanks for the quick reply but I still get that broken image.
  14. frank_solo
    How do I do I prevent a broken image icon if there is no image? Here is my code: <?php if ($_POST){ $county = $_POST['county']; } $con = mysql_connect("localhost","",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("", $con); $imageLocation = $row['imageurl1']; $result = mysql_query("SELECT * FROM places WHERE `county` = '".mysql_real_escape_string($county)."' order by `date_created` DESC"); if ( mysql_num_rows($result) > 0 ) { echo "<strong>Click Headers to Sort</strong>"; echo "<table border='0' align='center' bgcolor='#999969' cellpadding='3' bordercolor='#000000' table class='sortable' table id='results'> <tr> <th> Title </th> <th> Borough </th> <th> Town </th> <th> Phone </th> <th> Rooms </th> <th> Bath </th> <th> Fees </th> <th> Rent </th> <th> Image </th> </tr>"; while($row = mysql_fetch_array($result)) { echo "<tr> <td bgcolor='#FFFFFF' style='color: #000' align='center'> <a href='classified/places/index.php?id=".$row['id']."'>" . $row['title'] . "</a></td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['county'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['town'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['phone'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['rooms'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['bath'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['feeornofee'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['rent'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'><img src=user/". $row['imageurl1'] ." width='50'></td> </tr>"; } echo "</table>"; print_r($apts); } else { echo "<p> </p><p> </p> No Results <br /><p> </p><FORM><INPUT TYPE='button' VALUE='Go Back' onClick='history.go(-1);return true;'></FORM> and Refine Your Search <p> </p><p> </p>"; } ?> Thanks in advance
  15. frank_solo
    This is a partial script but I can't get the hyperlink. It shows the whole code instead of just showing "link" as a link. $email=$_POST['email']; $password=$_POST['password1']; $username=$_POST['username']; $to=$email; // Your subject $subject="My Website - Your login info"; // From $header="from: Mywebsite<[email protected]>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; // Your message $message="This is your log in information: \r\n"; $message.=" Username: $username \r\n"; $message.=" Password: $password \r\n"; $message.="Click on <a href=\"http://www.mywebsite.com\">link</a> and login to start posting."; // send email $sentmail = mail($to,$subject,$message,$header);
  16. frank_solo
    Sorry for not responding quick enough but I'm just getting over a bad case of pneumonia. So this is the script I currently have where would I add it to the current script which is this: <?php include "dbaptsConfig.php"; include "searchaptsstyle.css"; // test id, you need to replace this with whatever id you want the result from $id = (int)$_GET['id']; $id = substr($id, 0,5); if($id < 1 || $id > 99999) exit; // what you want to ask the db $query = "SELECT * FROM `apartments` WHERE `id` = $id"; // actually asking the db $res = mysql_query($query, $ms); // recieving the answer from the db (you can only use this line if there is always only one result, otherwise will give error) $result = mysql_fetch_assoc($res); // if you uncomment the next line it prints out the whole result as an array (prints out the image as weird characters) // print_r($result); // print out specific information (not the whole array) echo "<div id='back'><div align='center'><FORM><INPUT TYPE='button' VALUE='BACK TO LIST' onClick='history.go(-1);return true;'></FORM></div>"; echo "<div id='table'><div align='left'><tr>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Provider's Phone Number: <span style='color:#00F'>".$result['phone']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Contact: <span style='color:#00F'>".$result['contact']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Office: <span style='color:#00F'>".$result['office']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Provider's E-Mail: <a href='mailto:".$result['email']."?subject=".$result['title']."'>".$result['email']."</a><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Provider: <span style='color:#00F'>".$result['service']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Borough: <span style='color:#00F'>".$result['county']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Town: <span style='color:#00F'>".$result['town']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Bedrooms: <span style='color:#00F'>".$result['rooms']."</span></td>"; echo "<td> </td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Bathrooms: <span style='color:#00F'>".$result['bath']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Pets: <span style='color:#00F'>".$result['pets']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Lease Type: <span style='color:#00F'>".$result['lease']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Square Footage: <span style='color:#00F'>".$result['square']."</span>ft<sup>2</sup><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Rent: $<span style='color:#00F'>".$result['rent']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Fees: <span style='color:#00F'>".$result['fees']."</span><br /></td>"; echo "<td bgcolor='#FFFFFF' style='color: #000' align='center'> Listed On: <span style='color:#00F'>".$result['date_created']."</span><br /></td>"; echo "<br/>"; echo "</tr></div>"; ?> </ If the update script is this: UPDATE `table` SET `views` = `views` + 1 WHERE `id` = '' Thanks
  17. frank_solo
    Not sure if I wrote this correctly but if anyone can just scan through this and let me know if it's fine. Thanks <?php $db_link=mysql_connect ("localhost", "", "") or die ('I cannot connect to the database because: ' . mysql_error()); mysql_select_db ("commercial"); $sql = "DELETE FROM `comm` WHERE `date_created` < DATE_SUB(NOW(),INTERVAL 14 DAY)"; $result2 = mysql_query($sql, $db_link); ?>
  18. frank_solo
    So I'm trying to make a counter that counts how many times a record on mysql database has been viewed. Not a hit counter for a webpage. In other words I have a page that displays the info of that record from the mysql database and within that page I would like to display the amount of times it has been viewed. Would anyone know where I can begin or send me to a good tutorial? Thanks
  19. frank_solo
    This worked perfectly and when I put <script>alert('test')</script> into the search I don't get a dialog box. I'm assuming this will work against xss injections. Thanks Pikachu2000 for your help!
  20. frank_solo
    Its this one: $row_num_links_main =mysql_num_rows ($numresults);
  21. frank_solo
    This the error and I'm getting no results. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/genesis/public_html/salessearch.php on line 305
  22. frank_solo
    Thanks Zachary1748 but I keep getting an error on this line: $row_num_links_main =mysql_num_rows ($numresults);
  23. frank_solo
    Ok so a few days ago I was alerted that my site was vulnerable to XSS injections in my search form. I modified the php script to prevent any malicious activity by adding this to it: "/\<(script).*\>.*\<\/(script)\>/isU", " ", But now anytime I put anything into the search form nothing is returned. Please advice. Here is the script in it's entirety. <?php mysql_connect ("localhost", "","") or die (mysql_error()); mysql_select_db (""); $search = mysql_real_escape_string(preg_replace('/[^\w\'\"\@\-\.\,\(\) ]/i', '', "/\<(script).*\>.*\<\/(script)\>/isU", " ", $_POST['search'])); $sql = mysql_query("SELECT * FROM sales WHERE contact LIKE '%$search%' OR phone LIKE '%$search%' OR office LIKE '%$search%' OR town LIKE '%$search%' OR cross_streets LIKE '%$search%' OR description LIKE '%$search%' OR email LIKE '%$search%' OR price LIKE '%$search%' order by `date_created`"); echo "<strong>Click Headers to Sort</strong>"; echo "<br/><strong>Your Results for: </strong>"; echo $_POST['search']; echo "<table border='0' align='center' bgcolor='#999969' cellpadding='3' bordercolor='#000000' table class='sortable' table id='results'> <tr> <th> Title </th> <th> Price </th> <th> Bed </th> <th> Bath </th> <th> Contact </th> <th> Office </th> <th> Phone </th> </tr>"; while ($row = mysql_fetch_array($sql)){ echo "<tr> <td bgcolor='#FFFFFF' style='color: #000' align='center'> <a href='classified/sales/index.php?id=".$row['id']."'>" . $row['title'] . "</a></td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>$" . $row['price'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['rooms'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['bath'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['contact'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['office'] . "</td> <td bgcolor='#FFFFFF' style='color: #000' align='center'>" . $row['phone'] . "</td> </tr>"; } echo "</table>"; print_r($apts) ?> Thanks
  24. frank_solo
    Thank you so much "The Little Guy" it worked like a charm.
  25. frank_solo
    I've been alerted that someone can attack my site using XSS. I have a search box on my site and I've tested it by simply writing "<script>alert('test')</script>" When I do this a pop-up box does come up displaying the word "Test" I have written a preg_replace previously but now I want to add something to it to prevent <script>. This was my original code $search = mysql_real_escape_string(preg_replace('/[^\w\'\"\@\-\.\,\(\) ]/i', '', " $_POST['search'])); This is what I thought might work but no luck $search = mysql_real_escape_string(preg_replace('/[^\w\'\"\@\-\.\,\(\) ]/i', '', "/<script[^>]*>.*<*script[^>]*>/i", $_POST['search'])); Could anyone please help and tell me how to modify the code to prevent javascript? Thanks
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.