Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Drummin

  1. Here's my take on your code. <?php include "connection.php"; session_start(); $msg=""; //We only one solid isset field in the form to trigger validation. if (isset($_POST['username'])){ if (empty($_POST['username'])){$msg .= "empty uname <br/>";} if (empty($_POST['oldpass'])){$msg .= "empty oldy <br/>";} if (empty($_POST['pass1'])){$msg .= "empty pass1 <br/>";} if (empty($_POST['pass2'])){$msg .= "empty pass2 <br/>";} if(trim($_POST['pass1']) != trim($_POST['pass2'])){ $msg .= "Passwords do not match"; } if (empty($msg)){ $user = mysql_real_escape_string(trim($_POST['username'])); $oldpass= mysql_real_escape_string(trim($_POST['oldpass'])); $pass1 = mysql_real_escape_string(trim($_POST['pass1'])); $pass2 = mysql_real_escape_string(trim($_POST['pass2'])); //It's much more reliable to update a record based on an id rather than a username, so grab id in query. $sql="SELECT id FROM user WHERE username='$user' and password='$oldpass'"; $result= mysql_query($sql); if (mysql_num_rows($result)){ $row = mysql_fetch_row($result); $sql=mysql_query("UPDATE user SET password='$pass2' where id='{$row[0]}'"); $msg .="Congrats you have successfully changed your password."; } //Unless you're planning a running seperate checks for username and password, pass general message to user. else{ $msg .="The Username and Password conbination does not Exist";} } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Change Password</title> <style type="text/css"> .wrapper{ float:left; width:350px; } .left{ float:left; text-align:right; width:50%; } .right{ float:right; width:50%; } .full{ float:left; width:100%; } .clear{ clear:both; } .error{ color:red; text-align:center; } </style> </head> <body> <form method="post" action=""> <div class="wrapper"> <div class="full error"><?php echo $msg; ?></div><div class="clear"></div> <div class="left">Username: </div><div class="right"><input type="text" name="username" /></div> <div class="clear"></div> <div class="left">Old password: </div><div class="right"><input type="password" name="oldpass" /></div> <div class="clear"></div> <div class="left">New password: </div><div class="right"><input type="password" name="pass1" /></div> <div class="clear"></div> <div class="left">Confirm New password: </div><div class="right"><input type="password" name="pass2" /></div> <div class="clear"></div> <div class="full"><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'" /> </div> </div> </form> </body> </html>
  2. That should work, although I would normally include a processing page at the top of a display page above <html>, so B.php would be included to top of A.php.
  3. A little JS should do the job. Just style the link as a button. http://www.javascript-coder.com/files/form-submit/javascript-form-submit-example.html You could also use an image if you wish. http://www.webdevelopersnotes.com/tips/html/using_an_image_as_a_submit_button.php3
  4. If I understand you, then you're using the same page, and thus you don't need a header location. Processing is done before page is rendered so deleted records are remove when processing is done and then new query to show records is made.
  5. Understand that when using foreach you are getting the KEY and Value when you use foreach ($_POST['need_delete'] as $id => $value) ...and as you know array keys start with 0 (zero) for the first record, 1 for the next record etc. So when defining the value with => $value, that turns the variable after "as" ($id) into the key or zero for the first record. Array keys and values can be very useful if say you were updating other information in the record as the array keys would be the same for user_id[], name[], status[] etc. In this case though, we just need the value or the record id so by not defining the value with => $value, $id becomes the value.
  6. Modified version to compare. <?php $host = 'localhost'; // Host name $username = 'root'; // Mysql username $password = ''; // Mysql password $db_name = 'imail'; // Database name $tbl_name = 'messages'; // Table name - DO NOT TOUCH // Connect to server and select databse. mysql_connect($host, $username, $password) or die('cannot connect'); mysql_select_db($db_name) or die('cannot select DB'); // Check if delete button active, start this if (isset($_POST['delete'])) { foreach ($_POST['need_delete'] as $id) { $sql = "DELETE FROM `$tbl_name` WHERE `msgid`='$id'"; mysql_query($sql); } header('Location: shoutcron.php'); exit(); } // If you are expecting to use header location above, this has to happen before anything is sent to browser so <html> tag needs to be here. ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>My page</title> </head> <body> <?php $sql = 'SELECT * FROM `'.$tbl_name.'`'; $result = mysql_query($sql); ?> <table width="653" border="0" cellspacing="1" cellpadding="0"> <tr> <td width="651"> <form name="form1" method="post" action=""> <table width="694" border="0" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC"> <tr> <td width="57" bgcolor="#FFFFFF"> </td> <td colspan="4" bgcolor="#FFFFFF"><strong>Delete multiple rows in mysql</strong> </td> </tr> <tr> <td align="center" bgcolor="#FFFFFF">#</td> <td width="57" align="center" bgcolor="#FFFFFF"><strong>MsgId</strong></td> <td width="176" align="center" bgcolor="#FFFFFF"><strong>Username</strong></td> <td width="216" align="center" bgcolor="#FFFFFF"><strong>Message</strong></td> <td width="152" align="center" bgcolor="#FFFFFF"><strong>Subject</strong></td> </tr> <?php while ($rows = mysql_fetch_array($result)){ ?> <tr> <td align="center" bgcolor="#FFFFFF"><input name="need_delete[]" type="checkbox" value="<?php echo $rows['msgid']; ?>"></td> <td bgcolor="#FFFFFF"><?php echo $rows['msgid']; ?></td> <td bgcolor="#FFFFFF"><?php echo htmlspecialchars($rows['username']); ?></td> <td bgcolor="#FFFFFF"><?php echo htmlspecialchars($rows['message']); ?></td> <td bgcolor="#FFFFFF"><?php echo htmlspecialchars($rows['subject']); ?></td> </tr> <?php } ?> <tr> <td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit" id="delete" value="Delete"></td> </tr> </table> </form> </td> </tr> </table> </body> </html>
  7. I would agree that processing/validation should be done above <html> on the same page however I would use a empty action line in the form, eg. <form action="" method="post"> I WOULD NOT USE $_SERVER["PHP_SELF"] http://www.google.com/search?q=%24_SERVER%27PHP_SELF%27+xss+vulnerability&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a
  8. Move all processing above <html> tag so processing is done before page loads should fix the refresh issue.
  9. Here's to options, one hard coded, the other generated. <?php //example result $row['class']="5"; echo '<tr><td width="20%">Class:</td><td><select name="class">'; echo "<option value=\"1\"" . ($row['class']=="1" ? ' selected="selected"' : '') . ">All</option>"; echo "<option value=\"2\"" . ($row['class']=="2" ? ' selected="selected"' : '') . ">Alchemist</option>"; echo "<option value=\"3\"" . ($row['class']=="3" ? ' selected="selected"' : '') . ">Assassin</option>"; echo "<option value=\"4\"" . ($row['class']=="4" ? ' selected="selected"' : '') . ">Dark Arts</option>"; echo "<option value=\"5\"" . ($row['class']=="5" ? ' selected="selected"' : '') . ">Dark Paladin</option>"; echo "<option value=\"6\"" . ($row['class']=="6" ? ' selected="selected"' : '') . ">Entertainer</option>"; echo "<option value=\"7\"" . ($row['class']=="7" ? ' selected="selected"' : '') . ">Hunter</option>"; echo "<option value=\"8\"" . ($row['class']=="8" ? ' selected="selected"' : '') . ">Mage</option>"; echo "<option value=\"9\"" . ($row['class']=="9" ? ' selected="selected"' : '') . ">Monk</option>"; echo "<option value=\"10\"" . ($row['class']=="10" ? ' selected="selected"' : '') . ">Paladin</option>"; echo "<option value=\"11\"" . ($row['class']=="11" ? ' selected="selected"' : '') . ">Pirate</option>"; echo "<option value=\"12\"" . ($row['class']=="12" ? ' selected="selected"' : '') . ">Priest</option>"; echo "<option value=\"13\"" . ($row['class']=="13" ? ' selected="selected"' : '') . ">Psion</option>"; echo "<option value=\"14\"" . ($row['class']=="14" ? ' selected="selected"' : '') . ">Scholar</option>"; echo "<option value=\"15\"" . ($row['class']=="15" ? ' selected="selected"' : '') . ">Thief</option>"; echo "<option value=\"16\"" . ($row['class']=="16" ? ' selected="selected"' : '') . ">Warlock</option>"; echo "<option value=\"17\"" . ($row['class']=="17" ? ' selected="selected"' : '') . ">Warrior</option>"; echo "</select></td></tr>"; ?> Better option <?php //example result $row['class']="2"; $classes=array("Select","All","Alchemist","Assassin","Dark Arts","Dark Paladin","Entertainer","Hunter","Mage","Monk","Paladin","Pirate","Priest","Psion","Scholar","Thief","Warlock","Warrior"); echo "<tr><td width=\"20%\">Class:</td><td><select name=\"class\">"; foreach ($classes as $k => $v){ echo "<option value=\"$k\"" . ($row['class']=="$k" ? ' selected="selected"' : '') . ">$v</option>"; } echo "</select></td></tr>"; ?>
  10. Ya, the onchange="this.form.submit()" needs to be in your select line. And within form tags, so as a stand-alone it would be echo '<form action="" method="post">'; echo '<select name="siege_list" id="siege_list" onchange="this.form.submit()">'; foreach($name as $key => $value) { echo '<option value="' . $value['name'] . '" ' . ($value['name'] == $current1 ['name'] ? 'selected="selected"' : '') . '> ' . $value['name'] . '</options>'; } echo '</select>'; echo '</form>';
  11. You're over complicating things. Just require login to post to topic. <form method="post" action=""> <?php if (isset($_SESSION['logged_in'])) { echo '<textarea name="reply_body" cols="75" rows="10" style="resize:none; onKeyUp="limitText(this.form.reply_body,this.form.countdown,5000); onKeyDown="limitText(this.form.reply_body,this.form.countdown,5000);">Enter your reply here...</textarea><br><br><font size="1">(Maximum characters: 5000)<br> You have <input readonly type="text" name="countdown" size="3" value="5000"> characters left.</font><br>'; } ?> <input type='submit' name='reply_to_thread' value="Reply"> <?php if (isset($_POST['reply_to_thread']) && !isset($_SESSION['logged_in'])) { echo 'You need to be logged in!'; } ?> </form>
  12. Looks like you're missing the dollar sign. $entrantQuery = "SELECT entrantID FROM entrants WHERE Game = $idT"; $entrantResult = mysql_query($entrantQuery); $entrantRow = mysql_fetch_row($entrantResult); EDIT-You beat me to it.
  13. Looks like you need to bracket you statement. if ($errorstring!=""){ echo "Please fill out the following fields:<br>$errorstring"; } else { $sql = "INSERT INTO student (sno, cname, sname, init, fname, title, msname, dob, sex, lang, idno, telh, telw, cel, fax, email, address ) VALUES ('', '$cname', '$sname', '$init', '$fname', '$title', '$msname', '$dob', '$sex','$lang', '$idno', '$telh', '$telw', '$$cell', '$fax', '$email', '$address')"; mysql_query($sql) or die('Error:' . mysql_error()); }
  14. The GROUP BY and ORDER BY would be used when you query the array. So you insert the values into your DB with one action(form etc) then to view you query the DB and you can sort the results any way you wish. Using a simple $_GET you can change the order the query is sorted. Something like this. $id=$_GET['id']; //I assume you're calling the table with some value IF ($_GET['groupby'])} $sortby="GROUP BY $_GET[groupby]"; } IF ($_GET['orderby'])} $sortby="ORDER BY $_GET[orderby]"; } $showtable = mysql_query("SELECT * FROM mytable WHERE ID='$id' $sortby"); WHILE($shwtable = mysql_fetch_array($showtable)){ echo "Add table showing here"; }
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.