jbis2k

Thanks for both replies. I will try your suggestions in a few days and report back with the results.

Thanks in advance for the help. Below is my code which compares the date a record was created with today's date. During each access of the table I calculate the number of days between the dates and then either delete a record or display (for test purposes only) the difference. Why do I see a blank screen them when this code is run? Shouldn't I see the day difference? <?php // Connect to database. // Access the database @mysql_select_db($database,$con) or die( "Unable to select database"); $result = mysql_query("SELECT * FROM table"); function dateDiff ($d1, $d2) { // Return the number of days between the two dates: return round(abs(strtotime($d1)-strtotime($d2))/86400); } // end function dateDiff while($row = mysql_fetch_array($result)) { $days = dateDiff(date("Y-m-d"),$row['DateCreated']); if ($days >= 30) { $update_rec = mysql_query("DELETE FROM table WHERE AutoNum = {$row['AutoNum']}"); if (!$update_rec) { die('Invalid query: ' . mysql_error()); } } else { echo $days; echo "<br />"; } } mysql_close($con) ?>

Thanks much

Is the PHP function mysql_real_escape_string($string); [\code] sufficient to prevent all injection attempts? Do I need to consider other functions as well?

Thank you all for the help with the UPDATE (DELETE) answer provided. I consider this topic closed and solved.

Oh, I see. Thanks for the . . . advice. I was unaware that I had to do so.

Finally getting back to the code. Okay. First of all, thanks to all who responded here and now. After reading your replies, I gave some thought as to what exactly I was trying to accomplish. I came to the conclusion that it's best to simply DELETE the record which has met its date limit. In my code you'll see (1 - ....). This is only for test purposes. I am learning PHP and came across this code by chance. So here is my new updated code: <?php // Connect to database. include("connect.php"); // Access the database @mysql_select_db($database,$con) or die( "Unable to select database"); $result = mysql_query("SELECT * FROM Autos"); while($row = mysql_fetch_array($result)) { if (1 - strcmp(date("Y-m-d"),$row['DateCreated']) == 0) { $update_rec = mysql_query("DELETE FROM Autos WHERE AutoNum == $row['AutoNum']"); if (!$update_rec) { die('Invalid query: ' . mysql_error()); } } } mysql_close($con) ?> After reading all records from Autos into the $result array, I loop through each record and compare subtract 1 from the comparison of the current date with the record creation date. This, I know, is obvious to you. It's easier for me if I elaborate too much so thanks for understanding. For every record where 1 - the comparison is equal to zero, I would prefer to DELETE that record from the actual table. The code I'm using presents this error: Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in D:\hosting\7359420\html\WA\delete.php on line 16 And, yes, line 16 just happens to be where mysql_query("DELETE FROM is located.

Good morning: This is the output of my test database table: 2011-05-30 Chevrolet Monte Carol 1975 9000 15000 James Bond's 007-1212 james@bond.com B I am setting the rocord for bond's most active movies. 2011-05-31 Dodge Stratus 2008 5000 7500 James Cagney 555-1818 jc@hollywood.com S This is not going to be the best of time's. Ain't it? Within my table I have two important fields--the record date-created field shown on the left and the (hidden) EXPIRED field--on which the UPDATE function depends. This is my code for (wherein lies the problem) UPDATING the record within my table and setting the EXPIRED field to 'Y' for filtering and easy deletion of the record(s). <?php // Connect to database. include("connect.php"); // Access the database @mysql_select_db($database,$con) or die( "Unable to select database"); $result = mysql_query("SELECT * FROM Autos"); //read all records into array while($row = mysql_fetch_array($result)) //loop through array { if (1 - strcmp(date("Y-m-d"),$row['DateCreated']) == 0) //compare current date with record date and act when result is zero { mysql_query("UPDATE Autos SET Expired = 'Y' WHERE Expired == 'N'"); //if ready to expire then update table EXPIRED field } else { if ($row['BuyerSeller'] == 'B') { echo "Contact buyer below"; } elseif ($row['BuyerSeller'] == 'S') { echo "Contact seller below"; } echo "<br />"; echo $row['DateCreated'] . " " . $row['Make'] . " " . $row['Model'] . " " . $row['Year'] . " " . $row['MinPrice'] . " " . $row['MaxPrice'] . " " . $row['POC'] . " " . $row['POCPhone'] . " " . $row['POCEmail'] . " " . $row['Notes']; echo "<br />"; } } mysql_close($con) ?> Lastly, does the mysql_close function with the single parameter $con also close the database? MOD EDIT: code tags added.

Yes!! Thank you for the prompt reply of earlier today btw. I got so busy trying to solve this issue that I did not log into my account here until just now. I figured out only twenty minutes ago exactly what you just told me here. Cheers!

Good morning to all: I began using PHP, well, yesterday. I invested 8 hrs searching via Google and found many good samples to use as a test bed. I learned that one of the problems to exist with PHP is the apostrophe. I have setup a test form at www.datasafe.biz/WA for anyone who may wish to help me with this. The problem, as you may have guessed, is with the use of the " ' " in any field period. For my test purposes, I entered a comment in the notes field and input an apostrophe. I submitted my form to a php script which looks as follows: <?php // Insert cleaning code here function cleanQuery($string) { $newstring = mysql_real_escape_string($string); return $newstring; } $con = mysql_connect($host,$username,$password); //Using preset variables if (!$con) { die('Could not connect: ' . mysql_error()); } // connect to database code @mysql_select_db($database,$con) or die("Unable to select database"); //Check if field set and then clean it if (isset($_POST['BuyerSeller'])) $BuyerSeller = cleanQuery($_POST['BuyerSeller']); if (isset($_POST['Make'])) $Make = cleanQuery($_POST['Make']); if (isset($_POST['Model'])) $Model = cleanQuery($_POST['Model']); if (isset($_POST['Year'])) $Year = cleanQuery($_POST['Year']); if (isset($_POST['MinPrice'])) $MinPrice = cleanQuery($_POST['MinPrice']); if (isset($_POST['MaxPrice'])) $MaxPrice = cleanQuery($_POST['MaxPrice']); if (isset($_POST['POC'])) $POC = cleanQuery($_POST['POC']); if (isset($_POST['POCPhone'])) $POCPhone = cleanQuery($_POST['POCPhone']); if (isset($_POST['POCEmail'])) $POCEmail = cleanQuery($_POST['POCEmail']); if (isset($_POST['Notes'])) $Notes = cleanQuery($_POST['Notes']); // End cleaning code here //Get ready to query and insert into database table $sql="INSERT INTO Autos (DateCreated,Make,Model,Year,MinPrice,MaxPrice,POC,POCPhone,POCEmail,BuyerSeller,Notes) VALUES (curdate(),'$_POST[Make]','$_POST[Model]','$_POST[Year]','$_POST[MinPrice]','$_POST[MaxPrice]','$_POST[POC]','$_POST[POCPhone]','$_POST[POCEmail]','$_POST[buyerSeller]','$_POST[Notes]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; mysql_close($con); ?> This code I found at various places on the net via Google. It works mostly except for when the, you know, is used. I tried other suggestions posted by others who had a similar problem, all to no avail. This is what is returned as an error: Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 't it?')' at line 1