anton_1

this is where I re-direct to the help page: if ($_SESSION["user_times_loggged_in"] == '0') { header("Location:UsingTheSystem.php"); } thanks!

iv already got the session variables showing on the logged in page with double quotes but the variables will not show in help page? Thanks!

thank you for batwimp for your reply, yes i set the session_start on the start page aswell

want to carry over session to help page? but getting the error undefined index. Any help would be greatly appreciated! //getting my value from database table and put it into session $_SESSION["user_firstname"] = $data["Firstname"]; //decides on where the user gets re-directed to. if ($_SESSION["user_priority"] == '1') { header("Location: AdminSection.php"); } else { header("Location:LoggedIn.php"); } if ($_SESSION["user_times_loggged_in"] == '0') { header("Location:UsingTheSystem.php"); } //Help page <?php session_start(); $name = $_SESSION["user_firstname"]; echo $name; ?> any idea why its not picking up the session? Thanks

Why won't this increment the database field by 1? $sql2="update 'users' set 'TimesLoggedOn' = 'TimesLoggedOn' + 1 where 'BarcodeID' = $barcode"; mysql_query($sql2); Thanks!

what is the best way to add 1 to the database filed TimesLoggedIn after a user has logged in? Regards Ant

after the user has logged in, I would like to display their details by barcode id Login.php <?php $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); session_start(); // username and password sent from form $barcodeID=$_POST['barcode']; // To protect MySQL injection (more detail about MySQL injection) $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); $count=mysql_num_rows($result); if($count > 0){ $data = mysql_fetch_array ($result); $_SESSION["user_id"] = $data["BarcodeID"]; $_SESSION["user_firstname"] = $data["Firstname"]; $_SESSION["user_surname"] = $data["Surname"]; $_SESSION["user_jobrole"] = $data["JobRole"]; $_SESSION["user_manager"] = $data["Manager"]; $_SESSION["user_priority"] = $data["Priority"]; $_SESSION["user_datejoined"] = $data["DateJoined"]; $_SESSION["user_times_loggged_in"] = $data["TimesLoggedOn"]; if ($_SESSION["user_priority"] == '1') { header("Location: AdminSection.php"); } else { header("Location:LoggedIn.php"); } if ($_SESSION["user_times_loggged_in"] == '0') { header("Location:UsingTheSystem.html"); } } ?> LoggedIn.php I keep getting the error undefined index "barcode"? <?php $barcodeID = $_POST["barcode"]; include 'dbcon.php'; $sql = "SELECT Firstname, Surname, JobRole, Manager" . " FROM users" . " WHERE BarcodeID = .'$barcodeID'" ; $rows = mysql_query($sql); echo $rows; ?> Any help will be greatly appreciated Thanks

Thank you mate!

<?php $host=""; // Host name $username=""; // Mysql username $password=""; // Mysql password $db_name="helpdesk"; // Database name $tbl_name="users"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $barcodeID=$_POST['barcode']; // To protect MySQL injection (more detail about MySQL injection) $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); $isAdmin = mysql_fetch_row($result); if ($result['Priority'] = "Admin") { header("location:AdminSection.php"); } else //do I have something missing here? { header("location:index.php"); } // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" $_SESSION['barcode'] = $barcodeSession; $_SESSION['userlevel'] = $row['Priority']; if($row['userlevel'] == "Admin") { header("location:AdminSection.php"); }else{ header("location:index.php"); } header("location:LoggedIn.php"); } else { header("location:index.php"); } ?> When a user has been entered into the database with their priority set to Admin, it will no recognise it? Any help is apprectiated Thanks

Any help would be greatly appreciated! <?php $host="localhost"; // Host name $username="user"; // Mysql username $password=""; // Mysql password $db_name=""; // Database name $tbl_name=""; // Table name mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $barcodeID=$_POST['barcode']; echo $barcodeID; $barcodeID = stripslashes($barcodeID); $barcodeID = mysql_real_escape_string($barcodeID); $sql="SELECT * FROM $tbl_name WHERE BarcodeID='$barcodeID'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); $count=mysql_num_rows($result); if($count==1){ $_SESSION['barcode'] = $barcodeSession; $_SESSION['userlevel'] = $row['Priority']; if($row['userlevel'] == "Admin") { header("location:AdminSection.php"); }else{ header("location:index.php"); } header("location:LoggedIn.php"); } else { header("location:index.php"); } ?> when the script has been run, I want it to redirect to either the user page or admin page depending on their priority level. if Priority field == "Admin" then go to admin page. Can you see anything missing? Thank You

life saver mate! thank you

is there any way to submit a form without using a submit button? I want the form to post after the user has entered a certain amount of charaters? maybe using javascript? Any help is appreciated Ant

will try just now thanks!

Yeah mate this retrieves the file and outputs it. after I have clicked the link and it displays in the url. if I add .pdf onto the end it does display the pdf. So even if there was a way to put . ".pdf" after it or something? thanks again! <?php function checkValues($value) { // Use this function on all those values where you want to check for both sql injection and cross site scripting //Trim the value $value = trim($value); // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Convert all <, > etc. to normal html and then strip these $value = strtr($value,array_flip(get_html_translation_table(HTML_ENTITIES))); // Strip HTML Tags $value = strip_tags($value); // Quote the value $value = mysql_real_escape_string($value); return $value; } include("dbcon.php"); $rec = checkValues($_REQUEST['val']); //get table contents if($rec) { $sql = "select * from questions where Question like '%$rec%'"; } else { $sql = "select * from questions"; } $rsd = mysql_query($sql); $total = mysql_num_rows($rsd); ?> <?php while ($rows = mysql_fetch_assoc($rsd)) {?> <div class="each_rec"><a href="<?php echo $rows['Question'];?>" target="_blank"><?php echo $rows['HelpDocument'];?></a></div> <?php } if($total==0){ echo '<div class="no-rec">No Record Found !</div>';}?>

thanks for your reply mate, yes that exactly correct im saving the file name as filename.pdf and the file is stored within the server folder but when I select all form database and click on it, it only goes to http://localhost/pagename/filename whithout the .pdf