ginerjm

You don't need to test assignments. Mainly things that are outside of your control such as querying (done by the db server) or a prepare that may not like your query statement, or a query itself that fails to run properly. Of the fetch that may not find anything to fetch.

How about simply testing the result and putting out an error message and then either quitting or working around it with your script? if (!$row = $stmt->fetch()) { echo "No rows returned from query - try again"; exit(); } // continue on with the row of data This works since (per the manual) the fetch will either return a result or false, and results are always a 'true' value.

Walk him thru it and see/hear what he is doing. If he is that much of a noob he probably needs a bit of coaching. And FWIW - this is no longer 'new technology'. Perhaps your login script is not clear or not very helpful or not handling user-errors properly. Have you tested your code against user errors of all kinds? Have you discussed this with another user to see what problem they are having?

- one doesn't need to user limit 0,1 if only querying for one row. Change to limit 1. - you should verify that everything is performing properly instead of just assuming. Do a test on the prepare, on the execute and the number of rows returned before trying to use the query results. Good practice at all times. Look at examples in the manual. - Another good practice - put your session_start at the beginning of your script. That way it's there and you don't have to worry about it. - If you are only looking to get back 1 row no need to do a fetchall. Change to fetch . - if($row = $stmt->fetch(PDO::FETCH_ASSOC)) - handle the error messages instead of just continuing with your script. - save a function call by simply adding your messages to the error array - $arr[] = 'new message'; The rest seems to me to be secure, but I have yet to use the password verify (or password_hash) so I don't know if that is proper.

Issues loggin in? That means so many things. First thing would be the code that is gathering the credentials and authorizing them before posting whatever tokens you are using to the SESSION vars. Another question would be - Are these 10% all using the same browser or simply a few users who have difficulty following instructions?

Looks good. Well Done! Update: Except for the check on the function's incoming object. You check if it is a dir yet your mainstream logic doesn't call rrmdir if it isnt a dir.

At the same time look into using PDO instead of MYSQLI. Much easier to use. Here is a brief example: $pdo = (connection statement); // do this ONCE before beginning db operations $q = 'select col1, col2, col3 from mytable where col1 = :arg1'; $qst = $pdo->prepare($q); // define the parms $parms = array( ':arg1'=>$val1 ); if (!$qst->execute($parms)) { (handle an error condition) } else { while($row = $qst->fetch()) { (handle each row of the results) } } There is very good info on setting up the connection logic in the manual as well as all of the available functions but what I have showed you is enough to do most exercises.

I don't see the attempt to convert string to date. The only uses of strtotime have been commented out so I don't see at all how you even get a value for it in your query which is another question.

Don't get your very last comment. Inputs or textarea - the alignment is up to you in either case. You are using tables so alignment should not be an issue.

"in a series of pages" or "not in a series of pages". Whatever does that mean?? What are "general codes"? What do you mean that "fonts (are) defined in the header? Are you talking CSS here? And how are fonts executed? So many things you are trying to say but are using the wrong words I think. Perhaps if you showed us a semblance of your code we might begin to see something....

I agree with Pixeel. Why add 'var' to a name that is already known as a 'variable'? Also using underscores to break up var names is a nice practice since it makes them much clearer to see when you are browsing thru lots and lots of code in a hurry. An example would be 'prosecutor_fax' for instance. Stay away from upper and lower cases though. UPDATE: Just noticed. You are showing a lot of data in 3 tables (or a multiple of 3) all wrapped in a form with a submit button, but what is it for? You have no inputs so there will NEVER be any POST data other than the submit button's name and value. You asked yourself why the 'id' doesn't show up. Well - that is why. You are using a submit button which generates a POST (per your form tag) so you need an input tag somewhere to get that id to be sent.

I am totally confused by your code here. You have what looks like a query attempt using a unique syntax that is not mysqli but never use the results (if there are any). You then run the same query twice but never use the 2nd set of results, so why bother? Here is a cleaned up version of your code that may be easier to decipher, or at least easier to read that may help you code better in the future. I really don't see why you are building 3 html tables either. <!DOCTYPE html> <head> <link rel="stylesheet" href="css/main-forcourtdirectory.css"> </head> <?php $dbhost = 'localhost' ; $username = 'root' ; $password = '' ; $conn = mysqli_connect("$dbhost", "$username", "$password"); if (!$conn) { die('Could not connect: ' . mysqli_error()); } mysqli_select_db($conn, "courtdirectory"); $varprosecutor = $varprosecutoraddress = $varprosecutorphone = $varprosecutorfax = $varprosecutornotes = ""; $varprosecutorErr = $varprosecutoraddressErr = $varprosecutorphoneErr = $varprosecutorfaxErr = $varprosecutornotesErr = ""; $varmyid = $varipaddress = $formerror = $success = ""; if ($_SERVER["REQUEST_METHOD"] == "POST") { echo "WHY DOES THE ID NUMBER NOT SHOW UP HERE WHEN THE UPDATE BUTTON IS CLICKED: " .$_GET['id']. "<br>"; } else { if (isset($_GET['id'])) { $myid = $_GET['id']; $varmyid = $myid; } echo "I CAN GET THE ID NUMBER FROM THE COURTDIRECTORY.PHP PAGE: " .$myid. "<br>"; echo "I CAN SET THIS VARIABLE TO THE THE ID NUMBER: " .$varmyid. "<br>"; echo "<body>"; // WHY DO THIS AGAIN??? if (isset($_GET['id'])) { $myid = $_GET['id']; } $bulletinsQuery = "SELECT * FROM courtdirectory"; // WHAT IS THIS LINE SUPPOSED TO BE??? // WHAT IS THIS LINE SUPPOSED TO BE??? // WHAT IS THIS LINE SUPPOSED TO BE??? $bulletins = $conn->query($bulletinsQuery); // WHY DO THIS A 3RD TIME??? if (isset($_GET['id'])) { $myid = $_GET['id']; } echo "<form action= " .$_SERVER['PHP_SELF']. " method='post'>"; echo "<table class='courtdirectorytable'> <tbody> <tr> <th class='county'>County</th> <th class='city'>City</th> <th class='court'>Court</th> <th class='judge'>Judge</th> <th class='address'>Address</th> <th class='phone'>Phone</th> <th class='fax'>Fax</th> <th class='notes'>Court Notes</th> </tr>"; // Query 1 $sql2 = "SELECT * FROM courtdirectory WHERE courtdirectory.id = '$myid'"; $retval2 = mysqli_query($conn, $sql2); // did this query run successful??? // Query 2 $result2 = mysqli_query($conn, "SELECT * FROM courtdirectory WHERE courtdirectory.id = '$myid'") or die("Error: " . mysqli_error($conn)); // begin loop on query 1 while($row = mysqli_fetch_array($retval2, MYSQLI_ASSOC)) { $varprosecutor = $row['prosecutor']; $varprosecutoraddress = str_replace(',', '&#13;&#10;', $row['prosecutoraddress1']); $varprosecutorphone = $row['prosecutorphone']; $varprosecutorfax = $row['prosecutorfax']; $varprosecutornotes = $row['prosecutornotes']; $varprosecutornotes = str_replace(['<br/>','</br>','<br />'], '&#13;&#10;', $row['prosecutornotes']); // Data from query 1 echo "<tr> <td class='county'>{$row['county']}</td> <td class='city'>{$row['city']}</td> <td class='court'>{$row['court']}</td> <td class='judge'>{$row['judge']}</td> <td class='address'>{$row['address']}</td> <td class='phone'>{$row['phone']}</td> <td class='fax'>{$row['fax']}</td> <td class='notes'>{$row['notes']}</td> </tr> </tbody> </table> <!-- ******************* END query 1 data results table --> </br> <!-- ******************* START A 2ND TABLE --> <table class='courtdirectorytable'> <tbody> <tr> <th class='prosecutor'>Prosecutor</th> <th class='prosecutoraddress'>Prosecutor Address</th> <th class='prosecutorphone'>Prosecutor Phone</th> <th class='prosecutorfax'>Prosecutor Fax</th> <th class='prosecutornotes'>Prosecutor Notes</th> </tr> <!-- OUTPUT MORE DATA FROM THE SAME QUERY 1 ROW --> <!-- OUTPUT MORE DATA FROM THE SAME QUERY 1 ROW --> <!-- OUTPUT MORE DATA FROM THE SAME QUERY 1 ROW --> <tr> <td class='prosecutor'> <textarea class='prosecutor' value='$varprosecutor'>$varprosecutor</textarea> </td> <td class='prosecutoraddress'> <textarea class='prosecutoraddress' value='$varprosecutoraddress'>$varprosecutoraddress</textarea> </td> <td class='prosecutorphone'> <textarea class='prosecutorphone' value='$varprosecutorphone'>$varprosecutorphone</textarea> </td> <td class='prosecutorfax'> <textarea class='prosecutorfax' value='$varprosecutorfax'>$varprosecutorfax</textarea> </td> <td class='prosecutornotes'> <textarea class='prosecutornotes' value='$varprosecutornotes'>$varprosecutornotes</textarea> </td> </tr> </tbody> </table> <!-- end table 2 --> <!-- start a 3rd table --> <table class='submitbutton'> <tbody> <tr> <td class='submitbutton'> <button type='submit' class='courtdirectory-submit' name='submit' tabindex='6' data-submit='...Sendng'>Update</button> </td> </tr> </tbody> </table>"; // end table 3 } echo "</form>"; echo "</body>"; } echo "</html>"; exit(); See my comments embedded in this code. Also - if your query generates more than one row then you will build those 3 tables multiple times and have them all embedded inside your single form. That's going to make any POST data pretty unpredictable.

Do you have some php code to show us how far you are? Do use the <> icon for the code when you post it here.

If this latest effort is related to the beginnings of this topic I have to ask this: Why create a set of folders and files in those folders from the root? Why not just create one project folder underneath the root and from there create all of your folders and files so that when you get to this point, all you have to do is delete that one project folder? Much, much easier cleanup process.

Perhaps you can show us a little more code so we can see how this bit fits into a working script. As I said - you never show us how this is implemented at all.

Update. Just did a little testing and surprisingly PHP doesn't error out if you use too many args in a call, only when you use too few args. Another learning moment.

I can't believe you don't get an error with that recursive call using 2 arguments. AND - how does it do anything when you never call it? At least not in the code you are sharing with us.

I would like to see how you call the removeDirectory function. And where is the "$leave_files function" defined? Plus - in your recursive call you are using 2 arguments the function is only defined for one. Is that a new thing in php 8 perhaps? Are you getting any errors from this code? Do you have error checking turned on?

Which would be a tremendously lucky event, no?

Not sure what is supposed to happen so I did a bit of reorganization of your code to help understand it better. $store_path = './'; // save to folder above current $name = date('ydhis'); // use a name of yyddhhmmss if(!is_dir($store_path . $name)) { mkdir($store_path.$name); // make a new dir above current using current time echo "Dir $store_path$name has been created<br>"; } else echo "Dir $store_path$name already exists<br>"; // dir already exists. How? $filename = $store_path . 'starttoken.php'; if (copy('tokenmaster/starttoken.php', $filename)) echo "Copy to $filename was successful<br>"; else { echo "Copy to $filename failed<br>"; exit(); } $date = new DateTime(); $newname = "./tokendone" . $date->format('ydhis') . ".php"; if(rename($filename, $newname)) echo "Rename of $filename to $newname was successful<br>"; else echo "Rename of $filename failed<br>"; $savename = $store_path.$name.'/'.$filename; echo "Attempting to save some data to $savename<br>"; if(file_put_contents($savename, $yourcontent) === false) echo "Save to $savename failed<br>"; else echo "Save to $savename succeeded<br>"; exit(); Run this and see what messages you get.

By the time I cleaned up the code I seem to have forgotten how it began and lost focus on what was being shown. Yes - a horribly mis-arranged block of code that Mac_gyver has seen more clearly than I. Kudos to him! #abadon - may I ask what your second post is all about? Looks like a screenshot of a PHPadmin table browse window which has nothing to do with the question.

Maybe a td tag inside the inner foreach loop instead of a tr tag?

Your cleaned up code, such as it is: <label>Title</label <input class="form-control" type="text" name="title"; <label>Аuthor</label> <input class="form-control" type="text" name="author"> <br> <div style="padding-left: 10px;"> <button type="submit" name="save">save</button> </div> <?php include 'config.php'; if(isset($_POST['save'])) { if($link->connect_error) { die('Connect failed: '.$link->connect_error); } else { $stmt = $link->prepare("insert into user_books(user_name_books, user_name_author, user_year, user_ISBAN) value(?, ?, ?, ?)"); $stmt->bind_param("ssss", $title, $author, $year, $isban); $execval = $stmt->execute(); if(!isset($title) || trim($title) == '') { echo 'You did not fill out the required fields title'; } else { if(!isset($author) || trim($author) == '') { echo " You did not fill out the required fields author"; } else { if(!isset($year) || trim($year) == '') { echo 'You did not fill out the required fields year'; } else { if(!isset($isban) || trim($isban)=='') { echo 'You did not fill out the required fields isban'; } else { header("Location: homeUserFinish.php"); } } You are showing us how you are handling the received POST data. The only thing is where do all of the fields you are editing come from since you don't show us? It seems that if you don't have any POST data you don't do any of these checks so that is one hole. And since you are asking about the 'save' process, it would be helpful if you showed us THAT code from your other script instead of this one.

Well - I knew I didn't understand but from the writings I thought this was a sharing of individual sessions and that was what I was discussing. Still not sure what it is you are doing but you are making it sound less dangerous.

I'm glad (and surprised) that someone understands what the OP is attempting (succeeding?) to do here. Makes no sense at all to me and surprises me that one can manage to tap into someone else's session values despite PHP's design to hopefully not allow that. Why not use a db with a well-identified record key so that the data in it can be safely/properly shared without all of the concern for breaking PHP's built in security scheme? Just sharing the db between domains is a surprise in itself but I guess if the user has setup his domains to point to the same db server that problem is non-existent.