Drummin

Well TOO LATE to Edit Last post. Try this one. include_once('connection.php'); $data = array(); $i = 0; $result1 = mysql_query("SELECT COUNT(*) FROM `Clicks` WHERE Aan = '0'"); $list1 = mysql_fetch_row($result1); if($list1[0]=='0') { mysql_query("UPDATE `Clicks` SET `Aan`= '0' WHERE `Aan`='1'"); } $result = mysql_query("SELECT * FROM `Clicks` WHERE Aan = '0' ORDER BY RAND() LIMIT 1"); while ($list = mysql_fetch_array($result,MYSQL_ASSOC)) { foreach ($list as $key => $value) { // Met htmlentities() voorkom je dat html wordt uitgevoert. $value = htmlentities($value); $data[$i][$key] = $value; } $i++; } mysql_free_result($result); $data = array_reverse($data); // Zet de nieuwste berichten bovenaan // in plaats van onderaan. $cnt = count($data); for($i = 0; $i < $cnt; ++$i) { $bericht = $data[$i]; echo(nl2br($bericht['bericht'])); // Met nl2br() worden alle enters in het // bericht omgezet naar <br/>. echo('</td></tr></table>'); $naarwie= $bericht['Email']; } mysql_query("UPDATE `Clicks` SET `Aan`= '1' WHERE `Email` = '$naarwie'"); //mysql_close($Verbinding); // Sluit de verbinding. // We hebben hem nu niet meer nodig.

A little different take on it. if(isset($price1) && isset($price2) && $update=="yes"){ mysql_query("UPDATE prices SET price1='$price1', price2='$price2', date='now())' WHERE id='$id'");

See how this works. include_once('connection.php'); $data = array(); $i = 0; $result1 = mysql_query("SELECT * FROM `Clicks` WHERE Aan = 0"); while ($list1 = mysql_fetch_array($result1,MYSQL_ASSOC)) { if (empty($list1) ){ mysql_query("UPDATE `Clicks` SET `Aan`= 0 WHERE `Aan` = 1"); } } $result = mysql_query("SELECT * FROM `Clicks` WHERE Aan = '0' ORDER BY RAND() LIMIT 1"); while ($list = mysql_fetch_array($result,MYSQL_ASSOC)) { foreach ($list as $key => $value) { // Met htmlentities() voorkom je dat html wordt uitgevoert. $value = htmlentities($value); $data[$i][$key] = $value; } $i++; } mysql_free_result($result); $data = array_reverse($data); // Zet de nieuwste berichten bovenaan // in plaats van onderaan. $cnt = count($data); for($i = 0; $i < $cnt; ++$i) { $bericht = $data[$i]; echo(nl2br($bericht['bericht'])); // Met nl2br() worden alle enters in het // bericht omgezet naar <br/>. echo('</td></tr></table>'); $naarwie= $bericht['Email']; } mysql_query("UPDATE `Clicks` SET `Aan`= '1' WHERE `Email` = '$naarwie'"); mysql_close($Verbinding); // Sluit de verbinding. // We hebben hem nu niet meer nodig.

That should be fine. You want to make sure you're not comparing variables with spaces to those that don't, and not complicating the problem by INSERTING values with spaces.

You do the md5 before INSERT as in my example.

How do you think $pmd= md5($pwd); will work with your $pmd validation code? AND as litebearer and I have pointed out mysql_real_escape_string should be done after connecting to the database and is only needed before query as in my examples. Also, if(mysql_num_rows(mysql_query($verify)) !== 0) Should be if(mysql_num_rows(mysql_query($verify)) != 0) ALSO Pikachu2000's post regarding trim() is valid and should be included for user input.

Can you post your latest version?

I've run the last code I posted on a test DB and each time it has performed as expected, saying name is already taken or inserting new values to DB if match is not found. Mind you, I don't have unique indexes on my DB except for the `id` field which is AUTO_INCREMENT.

Did you try as AyKay suggested if(mysql_num_rows(mysql_query($verify)) != 0) Or <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['fname']) && isset($_POST['lname'])&& isset($_POST['emailr']) && isset($_POST['user']) && isset($_POST['pass'])) { //Assignng variables $firstname = stripslashes($_POST['fname']); $lastname = stripslashes($_POST['lname']); $email = stripslashes($_POST['emailr']); $uname = stripslashes($_POST['user']); $pwd = stripslashes($_POST['pass']); //Database $connect = mysql_connect('localhost', 'root', '') or die ('Connection Failed'); mysql_select_db('registration', $connect) or die ('Connection Failed'); //Registration codes if (empty($firstname) || empty($lastname) || empty($email) || empty($uname) || empty($pmd)) { echo '<p class="error">All fields are required to fill!</p>'; return false; } elseif (strlen($firstname) && (strlen($lastname) < '2')) { echo '<p class="error">Invalid first name or last name!</p>'; return false; } elseif (filter_var($firstname, FILTER_VALIDATE_INT) || (filter_var($lastname, FILTER_VALIDATE_INT))) { echo '<p class="error">First name or last name cannot be integers!</p>'; return false; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo '<p class="error">Email address not valid!</p>'; return false; } elseif (strlen($uname) && (strlen($pmd) < '6' )) { echo '<p class="error">Username or password must be minimum 6 characters!</p>'; return false; } else { //Escape variables $email = mysql_real_escape_string(stripslashes($_POST['emailr'])); $uname = mysql_real_escape_string(stripslashes($_POST['user'])); $verify = "SELECT * FROM login WHERE emailaddress = '$email' AND username = '$uname'"; if(mysql_num_rows(mysql_query($verify)) != 0) { echo '<p class="fail">This email or username is already taken!</p>'; } else { //Escape other variables $firstname = mysql_real_escape_string(stripslashes($_POST['fname'])); $lastname = mysql_real_escape_string(stripslashes($_POST['lname'])); $pwd = mysql_real_escape_string(stripslashes($_POST['pass'])); $pmd= md5($pwd); $query = "INSERT INTO login (id, firstname, lastname, emailaddress, username, password) VALUES('', '$firstname', '$lastname', '$email', '$uname', '$pmd')"; mysql_query($query, $connect); echo '<p class="fail">Successful!</p>'; } } } } ?>

I don't think there is a difference as both are submitting the form. Personally I would get rid of the OnChange line of the select as that is very annoying if you haven't filled out the text field yet.

Slight modification putting mysql_real_escape_string after DB connect and just before DB query. Not sure it will help with current error but at least $pwd validation should work not having a md5($pwd). <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['fname']) && isset($_POST['lname'])&& isset($_POST['emailr']) && isset($_POST['user']) && isset($_POST['pass'])) { //Assignng variables $firstname = stripslashes($_POST['fname']); $lastname = stripslashes($_POST['lname']); $email = stripslashes($_POST['emailr']); $uname = stripslashes($_POST['user']); $pwd = stripslashes($_POST['pass']); //Database $connect = mysql_connect('localhost', 'root', '') or die ('Connection Failed'); mysql_select_db('registration', $connect) or die ('Connection Failed'); //Registration codes if (empty($firstname) || empty($lastname) || empty($email) || empty($uname) || empty($pmd)) { echo '<p class="error">All fields are required to fill!</p>'; return false; } elseif (strlen($firstname) && (strlen($lastname) < '2')) { echo '<p class="error">Invalid first name or last name!</p>'; return false; } elseif (filter_var($firstname, FILTER_VALIDATE_INT) || (filter_var($lastname, FILTER_VALIDATE_INT))) { echo '<p class="error">First name or last name cannot be integers!</p>'; return false; } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) { echo '<p class="error">Email address not valid!</p>'; return false; } elseif (strlen($uname) && (strlen($pmd) < '6' )) { echo '<p class="error">Username or password must be minimum 6 characters!</p>'; return false; } else { //Escape variables $email = mysql_real_escape_string(stripslashes($_POST['emailr'])); $uname = mysql_real_escape_string(stripslashes($_POST['user'])); $verify = "SELECT * FROM login WHERE emailaddress = '$email' AND username = '$uname'"; if(mysql_num_rows($verify) !== 0) { echo '<p class="fail">This email or username is already taken!</p>'; } else { //Escape other variables $firstname = mysql_real_escape_string(stripslashes($_POST['fname'])); $lastname = mysql_real_escape_string(stripslashes($_POST['lname'])); $pwd = mysql_real_escape_string(stripslashes($_POST['pass'])); $pmd= md5($pwd); $query = "INSERT INTO login (id, firstname, lastname, emailaddress, username, password) VALUES('', '$firstname', '$lastname', '$email', '$uname', '$pmd')"; mysql_query($query, $connect); echo '<p class="fail">Successful!</p>'; } } } } ?>

How about <a href="#" onclick="testform2.submit()">submit it!</a> I would also add a blank selection so you can select "5". <select name="checking" onchange="this.form.submit()"> <option value="">-</option> <option value="5">5</option> <option value="6">6</option> </select>

Got the javascript to back this up?

And using COUNT() $verify = "SELECT COUNT(*) as cnt FROM login WHERE emailaddress = '$email' AND username = '$uname'"; $result = mysql_query($verify); $query_data = mysql_fetch_row($result); if ($query_data['cnt']==1){ echo '<p class="fail">This email or username is already taken!</p>'; } else { $query = "INSERT INTO login (id, firstname, lastname, emailaddress, username, password) VALUES('', '$firstname', '$lastname', '$email', '$uname', '$pmd')"; mysql_query($query, $connect); }

Excuse me for jumping in here, but doesn't mysql_num_rows() return a value regardless of results? Shouldn't mysql_num_rows be compared to a value? $verify = "SELECT * FROM login WHERE emailaddress = '$email' AND username = '$uname'"; if (mysql_num_rows(mysql_query($verify))>0) { echo '<p class="fail">This email or username is already taken!</p>'; } else { $query = "INSERT INTO login (id, firstname, lastname, emailaddress, username, password) VALUES('', '$firstname', '$lastname', '$email', '$uname', '$pmd')"; mysql_query($query, $connect); } Or this way $verify = "SELECT username FROM login WHERE emailaddress = '$email' AND username = '$uname'"; $result = mysql_query($verify); $query_data = mysql_fetch_row($result); if ($query_data[0]){ echo '<p class="fail">This email or username is already taken!</p>'; } else { $query = "INSERT INTO login (id, firstname, lastname, emailaddress, username, password) VALUES('', '$firstname', '$lastname', '$email', '$uname', '$pmd')"; mysql_query($query, $connect); } Again sorry for jumping in.

You may have got things fixed with all the help you've had but just based on your first post, login.php should be like this with all session updates and headers made before ANYTHING is sent to browser (as already pointed out). <?php session_start(); include "konekcija.php"; error_reporting(E_ALL | E_STRICT); ini_set("display_errors", 0); ini_set("log_errors", 1); ini_set("error_log", "logovi.log"); if (isset($_POST['ime'])&&isset($_POST['pas'])) { $ime = mysql_real_escape_string($_POST['ime']); define('skrembl', '48762497&*%$#(%$1'); $pasvord = md5(skrembl . $_POST['pas']); $sql="SELECT k.*, u.* FROM korisnik k JOIN uloga u ON k.UlogaID = u.UlogaID WHERE KorisnickoIme = '".$ime."' AND Lozinka = '".$pasvord."'"; $q = mysql_query($sql); if (mysql_num_rows($q)==1) { $_SESSION['ime'] = $_POST['ime']; $red=mysql_fetch_array($q); $_SESSION['korisnickoIme'] =$red["Ime"]; $_SESSION['prezime'] =$red["Prezime"]; $_SESSION['telefon'] =$red["Telefon"]; $_SESSION['email'] =$red["Mail"]; if($red["NazivUloge"] == "Administrator") header('Location: admin.php'); else header('Location: prva.php'); } else { header('Location: MojNalog.php'); } } else { //Ako POST parametri nisu prosledeni echo "Nisu prosledeni parametri!"; } ?>

Is this what you're looking for? <?php session_start(); if (isset($_POST['submit'])){ foreach($_POST['form_field'] as $name => $value) { $_SESSION[$name][] = $value; } } ?>

Maybe this might get you going. <?php include($_SERVER['DOCUMENT_ROOT'].'/!SYSTEM/bootstrap.php'); if(isset($_POST['savearea'])){ if (isset($_POST['hideID']) && !empty($_POST['area'])){ foreach($_POST['hideID'] as $k => $id){ $area=mysql_real_escape_string($_POST['area'][$k]); mysql_query("UPDATE bmth_streetindex SET area='$area' WHERE id='$id'"); } } } // grab data from bmth street index where the area is = 0 (which means its area is un-assigned) $sql = "SELECT * FROM bmth_streetindex WHERE area='0' LIMIT 0, 10"; $rs = mysql_query($sql) or die(mysql_error()); $form='<form action="" name="inputAreaForm" method="post">'."\n\n"; // 'while' thru and print them 1 at a time while($row = mysql_fetch_array($rs)) { $id = $row['id']; $tfare = $row['tfare']; $ptown = $row['ptown']; $pcode = $row['pcode']; $area = $row['area']; $urlQ = $tfare. ", " .$ptown. ', ' .$pcode; $form.="<div>\n"; $form.="\n<input type=\"hidden\" name=\"hideID[]\" value=\"$id\">"; $form.="\n[$id] $tfare, $ptown, $pcode "; $form.="\nArea <input type=\"text\" name=\"area[]\" value=\"$area\" />"; $form.="\n<a href=\"http://www.google.com/maps?q=$urlQ&hl=en&ie=UTF8&z=17\" target=new>SHOW ON MAP</a>"; $form.="</div>\n"; $form.="\n<>\n<hr>\n\n"; } $form.="\n<input type=\"submit\" name=\"savearea\" value=\"Save Area\">"; $form.="</form>\n"; echo "$form"; ?>

Piece of cake. Post new topic if you need help.

Doing more work, Yes. Not scanning entire DB. Yes

Exactly. You could name the variable $meat or any other name. $meat = mysql_fetch_row( $result ); echo "{$meat['roastturkey']}";

Normally you would use mysql_fetch_row for grabbing info from one "row" of the table. $row = mysql_fetch_row( $result ); If you are listing a group of rows you would use while ($row =mysql_fetch_array( $result )){ //and result will loop for each record } There are other options as well. Change to use mysql_fetch_row.

I'll let the big-boys respond. In the mean time, post entire code as was requested.

Can you show query statement you are using to grab info from DB?

No promises. Not tested. <?php if ($_POST["request"] == "requestFriendship") { $mem1 = preg_replace('#[^0-9]#i', '', $_POST['mem1']); $mem2 = preg_replace('#[^0-9]#i', '', $_POST['mem2']); // if (!$mem1 || !$mem2 || !$thisWipit) { echo 'Error: Missing data'; exit(); } // if ($mem1 == $mem2) { echo 'Error: You cannot add yourself as a friend'; exit(); } */ //See if already friends $sql1 = "SELECT id FROM friends WHERE mem2='$mem1' AND mem1='$mem2' LIMIT 1"; $result1 = mysql_query($sql1) or die (mysql_error("sql1 failed")); $data1 = mysql_fetch_row($result1); if ($data1[0]) { echo 'This member is already your Friend'; exit(); } //Check if user already requested to be friends $sql2 = "SELECT id FROM friends WHERE mem1='$mem1' AND mem2='$mem2' Limit 1"; $result2 = mysql_query($sql2) or die (mysql_error("sql2 failed")); $2data2 = mysql_fetch_row($result2); if ($2data2[0]) { echo '<img src="images/round_error.png" width="20" height="20" alt="Error" /> You have a Friend request pending for this member. Please be patient.'; exit(); } //Check if friend already requested to be friends $sql3 = "SELECT id FROM friends WHERE mem1='$mem2' AND mem2='$mem1' Limit 1"; $result3 = mysql_query($sql3) or die (mysql_error("sql3 failed")); $2data3 = mysql_fetch_row($result3); if ($2data3[0]) { echo '<img src="images/round_error.png" width="20" height="20" alt="Error" /> This user has requested you as a Friend already! Check your Requests on your profile.'; exit(); } //If still here make insert $mem1=mysql_real_escape_string($mem1); $mem2=mysql_real_escape_string($mem2); $sql = mysql_query("INSERT INTO friends (mem1, mem2, timedate) VALUES('$mem1','$mem2',now())") or die (mysql_error("Friend Request Insertion Error")); echo '<img src="images/round_success.png" width="20" height="20" alt="Success" /> Friend request sent successfully. This member must approve the request.'; exit(); } ?>