Jump to content

nicholasolsen

Members
  • Posts

    29
  • Joined

  • Last visited

    Never

Everything posted by nicholasolsen

  1. This is a great post for all of the beginners in PHP to learn from. To sum it all up in a few words first: NEVER USER COOKIE TO VALIDATE A USER. Why? Because the end-user easily can edit the cookies on their computer, and therefore tamper with your website without authorization. Cookies should only be used to register for how long a user want to be logged in. Because of this Im not going to comment and correct your code; but instead guide you on the right path: SESSION. When a user is logging in on your website, make a session that register that the user is logged in. Google "PHP SESSION tutorial" and you will find a lot of interesting information to read on the bed. Good luck, and if you wonder about anything else - dont be afraid to PM.
  2. You are looking for the "include"-function in PHP. By making a .php file for all of the columns (except from the content) you can easily include the columns into all of the different pages. This will save you a lot of time editing, since you only have to edit ONE file instead of TWELVE. Example for index.php: include('page_header.php'); // THIS INCLUDES THE HEADER include('page_column_left.php'); // THIS INCLUDES THE LEFT COLUMN // HERE YOU CAN WRITE THE CONTENT OF THE CURRENT PAGE (UNIQUE ON EACH DIFFERENT PAGE) include('page_column_right.php'); // THIS INCLUDES THE RIGHT COLUMN include('page_footer.php'); // THIS INCLUDES THE FOOTER Redo this for all of your pages basically, and you have saved some odd hours of updating. Note: Use a database instead if you know how to use one. Faster, easier and more convenient. Good luck!
  3. You could pass the vars through the URL, then use the GET method to retrieve the data on the next page. Your current redirection: header("Location: $success"); Replace it with: header("Location: $success&var1=$var1&var2=$var2&var3=$var3"); On the next page, use the following code to retrieve the data: $var1 = $_GET['var1']; $var2 = $_GET['var2']; $var3 = $_GET['var3']; Note: When using the GET method to retrieve data, make sure you write a security-script that kills the load if the vars are "unknown". You should therefore only have a set of keywords allowed per var. Example: if (isset($_GET)) { if ($var1 == "allowedKeyword") { echo "This is allowed"; exit(); } if ($var2 == "allowedKeyword") { echo "This is allowed too"; exit(); } if ($var3 == "allowedKeyword") { echo "This is allowed toooo!"; exit(); } else { echo "One or more of the variables are tempered with, and therefore the script has been killed."; } }
  4. The simple answer to your q: Your query was: $query = mysql_query("SELECT * FROM users WHERE fname LIKE '%$find%' OR lname LIKE '%$find%'"); Instead you could use this: $query = mysql_query("SELECT * FROM users WHERE fname LIKE '%$find%' AND lname LIKE '%$find%'"); This searches the table for First Name = Roger AND Last Name = Smith.
  5. You could try to use the explode function. Example that would do the trick: $find = $_POST/GET['name_from_search']; // EDIT THIS $find_string = explode(' ',$find); $first_name = $find_string[0]; $last_name = $find_string[1]; $query = mysql_query("SELECT * FROM users WHERE fname LIKE '$first_name%' AND lname LIKE '$last_name%' OR fname LIKE '$last_name%' AND lname LIKE '$first_name%' "); What you did wrong was not using the AND syntax in your query. Instead you used OR. If you use the query I wrote above the search will search the two columns for all combinations. The reason I did the fname = $last_name is because some search "Smith Roger" instead of "Roger Smith". The query i wrote will give the same result in both instances. Hope it helps
  6. The user should not be able to visually see the login page after the user has actually logged in, so the F5 example your mentioned wont be a concern. When the user is logged in, simply use header to redirect them to the index or whereever. If the user has entered wrong details (email / pw), simply show redirect them to the login form once more...... header('Location:www.url.com'); To sum up: Keep the login form and php login code in the same file, dont split them... Easier to keep track of in one simple file.
  7. I figured out what the problem was. It was a variable that didnt recieve its value on a different page, and therefore the value didnt show up in the mysql table.. Thanks for the reply fife.
  8. If someone could take a look at the code i entered above i would really appreciate it. Thanks
  9. Your website opened perfectly on my macbook,.. Took less than 0,2 sec to load all the data. Maybe its your DSL thats too slow.. Im having 2,4mbit download rate right now and thats not super fast so say at least. If you use dial-up (dont think you do, but just to mention it) or anything like this it might take several seconds to load the website for YOU, but not for anyone else.
  10. List more information about the tables your using.. This line of code doesnt tell me a lot of whats going on. In norwegian: Legg ut informasjon om hvordan sql tabellene ser ut. Vanskelig å skjønne noe ut i fra hva du nevnte. Hvis du ikke finner svar kan du sende meg en PM så skal jeg gjøre mitt beste.
  11. List the code to give us a better understanding of your situation, so we can give you a better answer. Thanks
  12. Sorry about that one. Youre absolutely right, it loads right away. Well, if it takes 4 sec to load its probably a lot of content (?). The include function doesnt cause any extra delay (or at least you wont be able to notice) so you might have to get used to waiting 4 sec. Or you can try to add your data to a SQL table, but i dont think that will load any faster. And since youre new to PHP/MySQL i wouldnt recommend taking on SQL yet. I dont know what the best solution is to be honest. Hopefully some other on this forum come up with a better answer for you! And again, sorry about the confusion on the first reply. Have a nice one
  13. As the OP was using $_SESSION (and most PHP installations these days do), session_unset() is not the correct function to use. Also, the session_destroy() manual page says that session_unset() is deprecated, and specifically instructs to use it only for code that does not use $_SESSION. Edit: I would also like to point out that these are the things you won't find easily by using google. However, it does the trick.
  14. if (isset($value)) { // value is set } else if (empty($value)) { // value is not set } Hope it helps :-)
  15. This is all off topic so drop it. I wouldnt say the answer i gave was wrong.. The q was how to unset all sessions, and the two functions i listed does exactly that, am i right? So go somewhere else being a smartypant, Mr. Smartypants :-) :-)
  16. I would, but if I change the variables in the form, wont that conflict with the first if statement and not show the items I want edited in the form? Sorry for my ignorance, but I do not understand what you are trying to point at. Thanks pointing at the last if(isset( ... in your script. at the bottom of the page before the closing php ?> compare your script with the one i edited and youll find it with ease
  17. Make sure you close off the last if-statement... Forgot the last } in my edit.. Hope it helps
  18. <?php @mysql_connect('localhost', 'root', '') or die("Could not connect to Mysql Server. " . mysql_error()); @mysql_select_db('tutorials') or die("Could not connect to Database. " . mysql_error()); if(isset($_GET['edit'])) { $id = $_GET['edit']; $query = "SELECT `username`, `password` FROM `users` WHERE `id` = '$id'"; $result = mysql_query($query); $row = mysql_fetch_array($result); $name = $row['username']; $password = $row['password']; } if(isset($_POST['edit'])) { $id = $_GET['edit']; $query = "UPDATE `users` SET `username` = '$name', `password` = '$password' WHERE `id` = '$id'"; mysql_query($query); ?> <form method="POST" action="" > <input type="text" name="name" value="<?php echo $name; ?>" /> First name <br /> <input type="text" name="password" value="<?php echo $password; ?>" /> Last name <br /> <input type="submit" name="edit" value="edit" /> </form> Note the edits done at the last if(isset($_POST[edit])) ....
  19. I'm pretty sure phpfreaks.com was meant for questions like this. Why would I sign up on phpfreaks if I could just google all the answers to my questions? Sorry if you took that little comment to harsh, but when i google unset sessions, PHP.net is the first hit with the correct answer. PHP.net has basically all the solutions to problems like this, because they are so basic and fundamental.
  20. Do it like this: // INSERT THIS AT THE VERY TOP OF THE PAGE $table_content = include('table/table.php'); // INSIDE THE TABLE RUN THE $table_content VARIABLE AND IT WONT LOOK WEIRD.... Just a quick explanation of why you can do it like this: By adding the variable at the very start of the page, the page will have to load all of its information before moving on the loading the table. This way the loading-time of the variable is kept outside the loading of the table surrounding the information. And now you know. If you didnt understand at first :-) Hope it helps
  21. session_unset(); session_destroy(); .................. google next time
  22. Give the code in example. Impossible to understand the situation without the code in on-screen. Tip of the day: NEVER EVER use GET to retrieve/view a file in your browser (if i understood your explanation, youre doing this). Unless you want to be hacked, of course.
  23. Just in case you havent checked this yet: 1. Check your junkfolder... Usually where email like this ends up in todays emailingsystems. 2. See if you webhost supports emails and if you need to specify any protocols when doing so. If its a free webhost most likely they wont support it. 3. Nothing to check, just a tip: Dont try to send emails via WAMP locally.. Its a mess. There is nothing wrong with the code.. Just tested it out on my server and it worked.
  24. I'm not sure what you are telling me to replace. Replace this line: $query = "SELECT COUNT(*) FROM totals WHERE date = '$date' AND username = '$username'"; With this: $query = "SELECT * FROM totals WHERE date = '$date' AND username = '$username'"; The only thing different is that I left the COUNT outside the query.. This function doesnt need to be embeded into the query since youre using num_rows to count the results in the end. Sorry, my mistake. Didnt see you updated the codesnippet. Replace this: $search = mysql_query("SELECT COUNT(*) FROM totals WHERE timeid ='l1' AND date = '3-16-2011'"); With this: $search = mysql_query("SELECT * FROM totals WHERE timeid ='l1' AND date = '3-16-2011'");
  25. I'm not sure what you are telling me to replace. Replace this line: $query = "SELECT COUNT(*) FROM totals WHERE date = '$date' AND username = '$username'"; With this: $query = "SELECT * FROM totals WHERE date = '$date' AND username = '$username'"; The only thing different is that I left the COUNT outside the query.. This function doesnt need to be embeded into the query since youre using num_rows to count the results in the end.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.