hoponhiggo
-
Posts
146 -
Joined
-
Last visited
Posts posted by hoponhiggo
-
-
Thanks for your responses. I have read through the suggested tutorial, and while it provides some great advice on security, it doesnt really help me implement any of them.
My main concern at the minute is for my users password and SQL injections.
Can anybody advise on how to apply a hash and SALT to my code, or point me in the direction of a good tutorial ( i did read a tutorial before, but there where a load of comments at the bottom saying it was flawed)
-
Thats brilliant, Thanks
How could i give users the options to apply the filter?
I was thinking
echo <div>A<a href='members.php?filter=a</a>B<a href='members.php?filter=B</a></div>
Would this work?
-
Hi Guys
Ok, so, i started to try and teach myself how to build a website early this year. I started with a small project, following a load of online tutorials, picking up bits of HTML, PHP and MYSQL on the way. The problem is, the small project has developed into a massive one, and one that i want to continue with and push forward.
However alot of the early tutorials i followed seriously lack security.
Since using this forums (which has been a saviour) i have become aware of the massive security risks my site and users data could be open too.
If i post the code of my log in and sign up page (both on same page) would somebody be kind enough to point out its major flaws and suggest some fixes?
Note: alot of the code at the top has been generated by dreamweaver...
<?php require_once('Connections/example.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['Username'])) { $loginUsername=$_POST['Username']; $password=$_POST['Password']; $MM_fldUserAuthorization = ""; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "loginsignup.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_example, $example); $LoginRS__query=sprintf("SELECT username, password, uid FROM users WHERE username=%s AND password=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $example) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { if(isset($_POST['checkcookie'])){ setcookie("cookname", $loginUsername, time()+60*60*24*100, "/"); setcookie("cookpass", $password, time()+60*60*24*100, "/"); } $loginStrGroup = ""; $pullID = mysql_fetch_assoc($LoginRS); $usrID = $pullID['uid']; if (PHP_VERSION >= 5.1) {session_regenerate_id(true);} else {session_regenerate_id();} //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; $_SESSION['MM_userid'] = $usrID; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess ); } else { header("Location: ". $MM_redirectLoginFailed ); } } ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if(isset($_POST['username'])){ if($_POST['username'] == ""){ //username empty die("You must enter a username"); } } else { //username not set } if(isset($_POST['password'])){ if($_POST['password'] == ""){ //username empty die("You must enter a password"); } } else { //password not set } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) { $insertSQL = sprintf("INSERT INTO users (username, password, email, fname, sname) VALUES (%s, %s, %s, %s, %s)", GetSQLValueString($_POST['username'], "text"), GetSQLValueString($_POST['password'], "text"), GetSQLValueString($_POST['email'], "text"), GetSQLValueString($_POST['fname'], "text"), GetSQLValueString($_POST['sname'], "text")); mysql_select_db($database_example, $example); $Result1 = mysql_query($insertSQL, $example) or die(mysql_error()); $insertGoTo = "loginsignup.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } //send mail $to = $_POST['email']; $subject = "Welcome to ..."; $message = " <html> <head> <title>Welcome to ...</title> </head> <body> <p>Thank you for registering</p> <p>Hoponhiggo (admin)</p> </body> </html> "; // To send HTML mail, the Content-type header must be set $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; $headers .= 'From: example@hoponhiggo.co.uk' . "\r\n"; preg_match('/^([0-9a-zA-Z]([-\.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})$/i'); mail($to,$subject,$message,$headers); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>login and signup</title> <script type="text/javascript" src="http://ajax.googleapis.com/ ajax/libs/jquery/1.5/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function() { $(".tab").click(function() { var X=$(this).attr('id'); if(X=='signup') { $("#login").removeClass('select'); $("#signup").addClass('select'); $("#loginbox").slideUp(); $("#signupbox").slideDown(); } else { $("#signup").removeClass('select'); $("#login").addClass('select'); $("#signupbox").slideUp(); $("#loginbox").slideDown(); } }); }); </script> <script lanuage="javascript" script type="text/javascript"> // Example: // alert( readCookie("myCookie") ); function readCookie(name) { var cookieValue = ""; var search = name + "="; if(document.cookie.length > 0) { offset = document.cookie.indexOf(search); if (offset != -1) { offset += search.length; end = document.cookie.indexOf(";", offset); if (end == -1) end = document.cookie.length; cookieValue = unescape(document.cookie.substring(offset, end)) } } return cookieValue; } function remember() { if(readcookie("cookname")){ document.getElementById("username").value=readcookie ("cookname"); document.getElementById("password").value=readcookie ("cookpass"); } } </script> <link href="css/pwnedbookv4.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="header"> <div align="center"><img src="Images/Banner1.gif" width="252" height="140" alt="pwnedbokv4!" /> </div> </div> <div style="margin:40px"> <div id="container"> <div id="tabbox"> <a href="#" id="signup" class="tab signup">Signup</a> <a href="#" id="login" class="tab select">Login</a> </div> <div id="panel"> <div id="loginbox"><h1>Login</h1> <form action="<?php echo $loginFormAction; ?>" method="POST" name="login"> <p align="center"> <label for="Username">Username</label> <input type="text" name="Username" id="Username" /> </p> <p align="center"> <label for="Password">Password</label> <input type="password" name="Password" id="Password" /> </p> <p align="center"> <label for="RememberMe">Remember Me</label> <input name="RememberMe" type="checkbox" onclick="if (this.checked) (remember())" value="Remember Me" /> </p> <p align="center"> <input type="submit" name="Submit" id="Submit" value="Submit" /> </p> </form> </div> <div id="signupbox"><h1>Signup</h1> <form action="<?php echo $editFormAction; ?>" method="post" enctype="multipart/form-data" name="form1" id="form1"> <table align="center"> <tr valign="baseline"> <td nowrap="nowrap" align="right">Username:</td> <td><input type="text" name="username" value="" size="32" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Password:</td> <td><input type="password" name="password" value="" size="32" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">First Name:</td> <td><input type="text" name="fname" value="" size="32" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Surname:</td> <td><input type="text" name="sname" value="" size="32" /></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right">Email:</td> <td><input type="text" name="email" value="" size="32" /></td> </tr> <tr valign="baseline"> <?php //define a maxim size for the uploaded images in Kb define ("MAX_SIZE","100"); //This function reads the extension of the file. It is used to determine if the file is an image by checking the extension. function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } //This variable is used as a flag. The value is initialized with 0 (meaning no error found) //and it will be changed to 1 if an errro occures. //If the error occures the file will not be uploaded. $errors=0; //checks if the form has been submitted if(isset($_POST['Submit'])) { if($_POST['Submit'] == ""){ // submit empty die ("you must include a picture"); } //reads the name of the file the user submitted for uploading $image=$_FILES['image']['name']; //if it is not empty if ($image) { //get the original name of the file from the clients machine $filename = stripslashes($_FILES['image']['name']); //get the extension of the file in a lower case format $extension = getExtension($filename); $extension = strtolower($extension); //if it is not a known extension, we will suppose it is an error and will not upload the file, //otherwise we will do more tests if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) { //print error message echo '<h1>Unknown extension!</h1>'; $errors=1; } else { //get the size of the image in bytes //$_FILES['image']['tmp_name'] is the temporary filename of the file //in which the uploaded file was stored on the server $size=filesize($_FILES['image']['tmp_name']); //compare the size with the maxim size we defined and print error if bigger if ($size > MAX_SIZE*1024) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; } //we will give an unique name, for example the time in unix time format $image_name=time().'.'.$extension; //the new name will be containing the full path where will be stored (images folder) $newname="prof_pics/".$image_name; //Writes the information to the database mysql_query("UPDATE users SET prof_pic = '$image_name' WHERE username = '$username'"); //we verify if the image has been uploaded, and print error instead $copied = copy($_FILES['image']['tmp_name'], $newname); if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; }}}} ?> <td nowrap="nowrap" align="right">Picture:</td> <td> <input type="file" name="image"></td> </tr> <tr valign="baseline"> <td nowrap="nowrap" align="right"> </td> <td><input name="Submit" type="submit" id="Submit" value="Submit" /></td> </tr> </table> <input type="hidden" name="MM_insert" value="form1" /> </form> </div> </div> </div> <div id="textcontainer"> <div class="h1">Welcome to ...!</div> <div class="h2"></div> </div> </div> </div> </body> </html>None of the tutorials i followed mentioned SALT or MD5 or Validation or anything.
I know this is a big subject and a big ask, so thank you in advance!
-
Sorry, not really getting this. Do you mean with the {$_GET['filter']}? Because im still getting a similar error. Im doing my best to learn PHP but its taking time lol
-
Hi
Tried changing the code as suggested, but when i try to run the query (...members.php?filter=a) i get an SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE username LIKE 'a%' ORDER BY username' at line 1
Any suggestions?
Updated code
else { //gets all the members from the database $getusers = ''; if(isset($_GET['filter'])){ $getusers = mysql_query("SELECT * FROM `users` ORDER BY username WHERE username LIKE 'a%' ORDER BY username") or die(mysql_error()); } else { $getusers = mysql_query("SELECT * FROM `users` ORDER BY username ASC") or die(mysql_error()); } //loops there name out while($user = mysql_fetch_array($getusers)) { $username = $user['username']; //to display image from source $dir = "prof_pics"; $pic="$dir/".$user['prof_pic']; $img="<img src=\"$pic\" width=\"88\" height=\"88\" align=\"center\"><br>"; echo "<div id='memcontainer'> <div id='mempic'>$img</div> <div id='memname'><a href='members.php?user=$user[username]'>$user[username]</a></div><br> <div class='addfriend'><a style='text-decoration:none' href='friendrequest.php?user=$user[username]'><font color='red'>Add as Friend</a></div> </div><br> "; } } echo "<center>"; ?> -
Hello
Im still really new to PHP and im trying to use some form validation for the first time.
i have just added
f(isset($_POST['username'])){ if($_POST['username'] == ""){ //username empty die("You must enter a username"); } } else { //username not set }to my script to ensure a registering user supplies a username. This works ok, exept that it prints the error message in a new blank page.
How can i adjust this so that the error message is printed next to the blank field in the existing page?
-
Hi All
How would i go about amending my code to only display records beginning with a selected letter?
Example...
A,B,C,D,E,F,G,....would be displayed at the top of the page (defaults to A)
These are hyperlinks to all records beginning with the selected character...
my current code (which displays all records) is
else { //gets all the members from the database $getusers = ''; if(isset($_GET['filter'])){ $getusers = mysql_query("SELECT * FROM `users` ORDER BY username ASC WHERE left(username, 1) == \"a\"") or die(mysql_error()); } else { $getusers = mysql_query("SELECT * FROM `users` ORDER BY username ASC") or die(mysql_error()); } //loops there name out while($user = mysql_fetch_array($getusers)) { $username = $user['username']; //to display image from source $dir = "prof_pics"; $sql = "SELECT prof_pic FROM users WHERE username = '$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0) die("Username not found in database."); $row = mysql_fetch_array($res); $pic="$dir/".$row['prof_pic']; $img="<img src=\"$pic\" width=\"88\" height=\"88\" align=\"center\"><br>"; echo "<div id='memcontainer'> <div id='mempic'>$img</div> <div id='memname'><a href='members.php?user=$user[username]'>$user[username]</a></div><br> <div class='addfriend'><a style='text-decoration:none' href='friendrequest.php?user=$user[username]'><font color='red'>Add as Friend</a></div> </div><br> "; } } echo "<center>"; ?> -
Hi
I have coded my page so it has a header, and then two 'container' divs side by side. This works fine on a larger screen res, but as soon as the res is lowered, the right div moves underneath the left div.
What am i doin wrong
Code below
body { font-family:Arial, Helvetica, sans-serif; font-size:12px; background-color:#333; } #container { width:350px; float:left; } #tabbox { height:40px } #panel { background-color:#FFF; height:300px; } .tab { background: #dedede; display: block; height: 40px; line-height: 40px; text-align: center; width: 80px; float: right; font-weight: bold; -webkit-border-top-left-radius: 4px; -webkit-border-top-right-radius: 4px; -moz-border-radius: 4px 4px 0px 0px; } a { color: #000; margin: 0; padding: 0; text-decoration: none; } .signup { margin-left:8px; } .select { background-color:#FFF; } #loginbox { height:300px; padding:10px; } #signupbox { height:300px; padding:10px; display:none; } #textcontainer { float:right; width:500px; color:white; margin-left:50px; margin-right:50px; } .h1 { font-size:16px; text-align:center; padding:10px; } .h2 { font-size:12px; text-align:center; padding:10px; } <body> <div id="header"> <div align="center"><img src="Images/Banner1.gif" width="252" height="140" alt="pwnedbokv4!" /> </div> </div> <div style="margin:40px"> <div id="container"> <div id="tabbox"> <a href="#" id="signup" class="tab signup">Signup</a> <a href="#" id="login" class="tab select">Login</a> </div> <div id="panel"> <div id="loginbox"><h1>Login</h1> <form> </form> </div> <div id="signupbox"><h1>Signup</h1> <form> </form> </div> </div> </div> <div id="textcontainer"> <div class="h1"></div> <div class="h2"></div> </div> </div> </body>#container and #textcontainer are the two divs in question
-
Hi Guys
I have tried and tried to make this work with my code, but it just doesnt work. Could somebody please take a look at my code and advise?
<table cellspacing="2" cellpadding="2"> <?php //gets all the members from the database $getusers = mysql_query("SELECT * FROM `users` ORDER BY username ASC") or die(mysql_error()); if($getusers && mysql_num_rows($result) > 0) { $i = 0; $max_columns = 2; //loops there name out while ( $user = mysql_fetch_array($getusers) ) { $username = $user['username']; // make the variables easy to deal with extract($row); // open row if counter is zero if($i == 0) if($user != "" && $user != null) echo "<td>$product</td>"; // increment counter - if counter = max columns, reset counter and close row if(++$i == $max_columns) { echo "</tr>"; $i=0; //to display image from source $dir = "prof_pics"; $sql = "SELECT prof_pic FROM users WHERE username = '$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0) die("Username not found in database."); $row = mysql_fetch_array($res); $pic="$dir/".$row['prof_pic']; $img="<img src=\"$pic\" width=\"88\" height=\"88\" align=\"center\"><br>"; { echo "<div id='memcontainer'> <div id='mempic'>$img</div> <div id='memname'><a href='members.php?user=$user[username]'>$user[username]</a></div><br> <div class='addfriend'><a style='text-decoration:none' href='friendrequest.php?user=$user[username]'><font color='red'>Add as Friend</a></div> </div><br> "; } } } } } // clean up table - makes your code valid! if($i < $max_columns) { for($j=$i; $j<$max_columns;$j++) echo "<td> </td>"; } ?> </tr> </table> echo "<center>"; ?>Thanks
-
Looks to me like you dont have enough closing curly braces. There seem to be a few in the top half of your code that arent being closed.
-
Thanks for all the help guys. Im gonna have a crack at this and see how i get on.
Phpsensei...Yeah that would be great. Any help or reference i can get will be useful. Thank you
-
I think he actualy wants the full contents of <div id='memcontainer'> to apear in two by x format, rather than 1 by x format as opposed to using a table in place of the memcontainer object.
What muddy said...
-
I already have a lot of the php and bits of html & css sorted. See image....
This loops out the records down the page.
What i want is for them to be side by side. Im not even sure using a table would be the best way to do this?
[attachment deleted by admin]
-
I still cant figure this out?
Surely this example only works if you have different sets of data for each column?
I have the same data, i just want it spread over two columns so they appear side by side on my page?
-
Ok, wrapped them up. Still no change. Any other ideas?
-
Not sure if this matters, but is the new server running the latest version of PHP?
-
I have changed the later part of the code to:
else{ //gets all the members from the database $getusers = mysql_query("SELECT * FROM `users` ORDER BY `uid` ASC") or die(mysql_error()); //loops there name out while ( $user = mysql_fetch_array($getusers) ) $username = $user[username]; //to display image from source again $dir = "prof_pics"; $sql = "SELECT prof_pic FROM users Where username = '$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0) die("Username not found in database."); $row = mysql_fetch_array($res); $pic="$dir/".$row['prof_pic']; $img="<img src=\"$pic\" width=\"88\" height=\"88\" align=\"center\"><br>"; { echo "<table><td><div id='memcontainer'> <div id='mempic'>$img</div> <div id='memname'><a href='members.php?user=$user[username]'>$user[username]</a></div></div><br></td> </table> ";Which is now only showing one record, and other info such as $user is missing?
-
Sorry, still getting my 'username not found in database' message.
I believe the problem is to do with my $username in the mysql query?
Full code below if anybody can help?
<?php echo "<center>"; $username = $_GET[user]; //gets the user name and makes it safe if(isset($_GET['user'])) { //if there trying to view a profile //querys the db to find the username $getuser = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); //checks see if the username exists in the db $usernum = mysql_num_rows($getuser); //if it don't exist if($usernum == 0) { //don't exist echo ("User Not Found"); } //if it does exist then show there profile else{ $user = mysql_fetch_array($getuser); //to display image from source $dir = "prof_pics"; $sql = "SELECT prof_pic FROM users Where username = '$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0) die("Username not found in database."); $row = mysql_fetch_array($res); $pic="$dir/".$row['prof_pic']; $img="<img src=\"$pic\" width=\"88\" height=\"88\" align=\"center\"><br>"; echo " <b>$user[username]'s Profile</b><br><br> $img <br> Email: $user[email]<br> <a href='friendrequest.php?user=$user[username]'>Add as Friend</a> "; } }else{ //gets all the members from the database $getusers = mysql_query("SELECT * FROM `users` ORDER BY `uid` ASC") or die(mysql_error()); //to display image from source again $dir = "prof_pics"; $sql = "SELECT prof_pic FROM users Where username = '$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0) die("Username not found in database."); $row = mysql_fetch_array($res); $pic="$dir/".$row['prof_pic']; $img="<img src=\"$pic\" width=\"88\" height=\"88\" align=\"center\"><br>"; //loops there name out while ( $user = mysql_fetch_array($getusers) ) { echo "<table><td><div id='memcontainer'> <div id='mempic'>$img</div> <div id='memname'><a href='members.php?user=$user[username]'>$user[username]</a></div></div><br></td> </table> "; } } echo "<center>"; ?> -
$username = $_GET['user'];
if(isset($username)) {
i cant get this to work. based on my code above, where exactly would you put this?
-
i understand that i can add the <table></table> tags, but im not sure how i can set the amount of columns to 2?
-
Hi
I am learning both PHP an HTML and was wondering if i could ammend my code to display my 'member cards' in a table - two columns, unlimited rows?
The code in question is:
{ echo "<div id='memcontainer'> <div id='mempic'>$img</div> <div id='memname'><a href='members.php?user=$user[username]'>$user[username]</a></div></div><br> "; }each record is contained in the 'memcontainer' div
-
ah right. didnt realise i had to redefine the variable.
Does that mean i would also have to redefine the $username variable too?
//to display image from source again $dir = "prof_pics"; $sql = "SELECT prof_pic FROM users WHERE username = '$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0) die("Username not found in database."); $row = mysql_fetch_array($res); $pic="$dir/".$row['prof_pic']; $img="<img src=\"$pic\" width=\"88\" height=\"88\" align=\"center\"><br>"; -
Hello
I am using the code below, which is fine, but in the part of the code that follows the 'while' statement near the bottom, i want to use the $img variable for a second time in between the <div id='mempic'> tags, to display a picture but its not working. Can anybody tel me why?
<?php echo "<center>"; if(isset($_GET['user'])) { //if there trying to view a profile //gets the user name and makes it safe $username = $_GET[user]; //querys the db to find the username $getuser = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'"); //checks see if the username exists in the db $usernum = mysql_num_rows($getuser); //if it don't exist if($usernum == 0) { //don't exist echo ("User Not Found"); } //if it does exist then show there profile else{ $user = mysql_fetch_array($getuser); //to display image from source $dir = "prof_pics"; $sql = "SELECT prof_pic FROM users WHERE username = '$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0) die("Username not found in database."); $row = mysql_fetch_array($res); $pic="$dir/".$row['prof_pic']; $img="<img src=\"$pic\" width=\"88\" height=\"88\" align=\"center\"><br>"; echo " <b>$user[username]'s Profile</b><br><br> $img <br> Email: $user[email]<br> <a href='friendrequest.php?user=$user[username]'>Add as Friend</a> "; } }else{ //gets all the members from the database $getusers = mysql_query("SELECT * FROM `users` ORDER BY `uid` ASC") or die(mysql_error()); //loops there name out while ( $user = mysql_fetch_array($getusers)) { echo "<div id='memcontainer'> <div id='mempic'>$img</div> <div id='memname'><a href='members.php?user=$user[username]'>$user[username]</a></div></div><br> "; } } echo "<center>"; ?>The first instance of the $img works fine, but not the second one?
-
Ah
Thank you botth for your help. I think i get the jist of this now. I was looking at using and ' }else{' myself but couldnt get it to work
Massive security issues!
in PHP Coding Help
Posted
based on the code in the original post, where you would you put the first:
Wherever i try it, i get a fatal error: Fatal error: Call to undefined function Any random gobbldy-gook()
(ps. i do realise that i need to change "Any random gobbldy-gook"() to my own gobbldy-gook!)