elite311

Thank you for all the help so far, I have been reading tutorials and manuals all afternoon to try and figure out I'm doing wrong. I am really stuck on this one. I added in the $res = $db->query($sql) or die($db->error); Like you had suggested but I still get an error, looks basically the same as before Fatal error: Call to a member function query() on a non-object This is what my code looks like, am I doing something wrong with me $db connection to the database? everything else is working but just not the drop down box, on the drop down box line is where I'm getting the fatal error showing up. <?php session_start(); if($_SESSION['loggedin'] == TRUE) if($_SESSION['auth_lvl'] > { //loggedin already }else{ //not logged in yet header("Location: index.php"); } include('admin/includes/config.php'); include('admin/includes/database.class.php'); include('admin/includes/functions.php'); // Configure new database object $db = new Database($db_host, $db_username, $db_password, $db_database, $db_table_prefix); $db -> connect(); $menuresult = $db->fetch_all_array("SELECT * FROM menu ORDER BY disporder ASC"); $userinforesult = $db->fetch_all_array("SELECT realfirst, reallast FROM users WHERE username = '".$_GET['id']."' LIMIT 1"); $users = $db->fetch_all_array("SELECT users.id, users.username, users.password, users.realfirst, users.reallast, users.dept, users.flag, auth.auth_level, auth.descrip, auth.id FROM users LEFT JOIN auth ON users.flag = auth.auth_level WHERE users.id = '".$_GET['id']."'"); function auth_level_options ($db, $user_level) { $sql = "SELECT auth_level, descrip FROM auth ORDER BY auth_level"; $res = $db->query($sql) or die($db->error); $opts = "<select name='flag>"; while (list($level,$desc) = $res->fetch_row()) { $sel = $level == $user_level ? 'selected="selected"' : ''; $opts .= "<option value='$level' $sel>$desc</option>"; } $opts .= "</select>\n"; return $opts; } if(isset($_POST['updateit'])) { // Protect against injection $username = mysql_real_escape_string($_POST[username]); $password = md5(mysql_real_escape_string($_POST['password'])); $flag = mysql_real_escape_string($_POST[flag]); $realfirst = mysql_real_escape_string($_POST[realfirst]); $reallast = mysql_real_escape_string($_POST[reallast]); $dept = mysql_real_escape_string($_POST[dept]); $db->query("UPDATE users SET username = '$username', password = '$password', flag = '$flag', realfirst = '$realfirst', reallast = '$reallast', dept = '$dept' WHERE id = '".$_POST['id']."'"); header("Location: admin.php?updated=1"); exit(); } ?> And I have added this to the form where I want the dropdown box <tr> <td width="19%" align="right" valign="top">Access Level :</td> <td width="1%" align="left"> </td> <td width="80%" align="left" valign="top"> <?php echo auth_level_options($dbconn, $current_user_level);?> </td> </tr>

Thanks so much for the help! I'm getting the following error on this line though, am I right that the error is caused because the $desc variable hasn't been defined? Fatal error: Call to a member function fetch_row() on a non-object while (list($level,$desc) = $res->fetch_row()) { Sorry still trying to learn php and mysql.

Hello, I have been trying to figure this for a while now and reading the tutorials are not helping, I think I'm a little over my head on this one and was hoping someone could help me out with this issue. I am making a User Edit page and would like to have the access level part of the form show the users access current access level thats set in the database when the page loads, and if it needs to be changed you can press the dropdown box and select a new access level. I can't figure out how to show the current access level as default and populate the drop down box with the other access levels in my table. My Tables look like this Users table (users): --------------------------------------------------------------------------------------------------- | id | username | password | flag | realfirst | reallast | dept | --------------------------------------------------------------------------------------------------- 1 loderd 9 test guy Service Auth Table (auth): -------------------------------------------- | id | auth_level | descrip | -------------------------------------------- 1 1 Service Tech 2 2 Office Staff 3 9 Super Admin My SQL Query looks like this $users = $db->fetch_all_array("SELECT users.id, users.username, users.password, users.realfirst, users.reallast, users.dept, users.flag, auth.auth_level, auth.descrip, auth.id FROM users LEFT JOIN auth ON users.flag = auth.auth_level WHERE users.id = '".$_GET['id']."'"); I can't seem to figure out how I can do this for the Access Level dropdown box. <tr> <td width="19%" align="right" valign="top">Access Level :</td> <td width="1%" align="left"> </td> <td width="80%" align="left" valign="top"> <?php echo "<select name='flag' id='flag'>"; foreach ($users as $row){ if($row[auth_level]==$row[auth_level]){ echo "<option value=$row[auth_level] selected>$row[auth_level] - $row[descrip]</option>"; }else{ echo "<option value=$row[auth_level]>$row[auth_level] - $row[descrip]</option>"; } } echo "</select>"; ?> </td> </tr> Any help would be greatly appreciated

Thanks for the help!

So I'm new to the javascript world and attempting my first project and I'm stumped and hoping someone can tell me what I'm doing wrong here. What I am trying to accomplish is: If the user wants to buy between 1-4 set the mark price to 5 per mark, if it's between 5-9 set the price to 10 per mark, if it's greater than 9 set the price to 15 per mark So when the user puts how many marks they want to buy into the additonal marks field and then picks how many courses they want the total will show up to reflect this. So they want to buy 3 marks for 2 courses ((3x5)x2) total is $30 Heres my code: <script language="javascript"> function calcVals(){ //set form to document.form1 form = document.form1; //get the fields val = form.AdditionalMarks; val1 = form.NumberOfCourses; //check the value and set the price if (val<=4) { var markprice=5; } else if (addnlmarks==5,6,7, { var markprice=10; } else if (addnlmarks>=9) { var markprice=15; } //multilpy all the fields up total = (val * markprice) * val1; //if there's a problem inform the user if (String(total) != 'NaN') { form.valTotal.value = total; } else { form.valTotal.value = 'ERROR'; } } </script> </head> <body> <form id="form1" name="form1" method="post" action="" > <H2>The Request</H2> <table border = "3"> <tr> <td> Id </td> <td> <input name = "Id" type = "text" size="10"> </td> </tr> <tr> <td> Course Number </td> <td> <input name = "CourseNumber" type = "text" size="10"> </td> </tr> <tr> <td> Description </td> <td> <input name = "Description" type = "text" size="20"> </td> </tr> <tr> <td> Distance Education </td> <td> <input name = "DistanceEducation" type = "checkbox" size="2"> </td> </tr> <tr> <td> Additional Marks </td> <td> <input name="AdditionalMarks" type="text" size="10"> </td> </tr> </table> <p> </p> Number of courses <input name="NumberOfCourses" type="text" size="5" value="0"> Total Cost <input name="valTotal" id="valTotal" readonly type="text" size="5" value="0"> <br> <p> </p> <p> </p> <input type = "button" value = "Go for It" onclick="calcVals()"> </form> I put the values in and nothing happens and I have not been able to figure out why. Any help would be greatly appreciated.

Thank you very much! worked perfect!

So the sql query Barand posted di just what I wanted and displays the "..." after the text but I'm still stuck on how to show a "more" button if there is more words. My current code looks like this: <p class="txt-2"><?php echo wordwrap($row['article1'], 46, "\n", true);?><a href="#" class="news-readmore-link"><?php echo $row['readmore']; ?></a></p> <div class="p14"><a href="#" class="btn-1">more <span></span></a></div> What I would like to do is only show the more button if there is more then 25 words like the "..." I'm not sure how to do this using php.

Barand - Thanks worked great! now I just need to figure out how to show the link button when it's greater than 25. Thanks guys, I suppose I could just use a COUNT instead of the SQL_CALC_FOUND_ROWS but I was thinking the table would never really get that large it would become an issue.

Hello, I have been working on my own news system and have got almost everything working perfect including limiting the amount of words shown on the main page. Problem is I'm not sure and haven't been able to figure out how to show "..." at the end if the output has more words than 25 and if it has more than 25 words show the readmore link. What I'm doing right now is counting 25 spaces in the article column of the query to limit the output to 25 words and display it as article1. Not sure if this is the best way or not just seemed the most logical way to me, however I'm having trouble figuring out how to show the "..." at the end of the output and the readmore link if it's more than 25 spaces. I'm counting the words like this in my query: $MySQL = 'SELECT SQL_CALC_FOUND_ROWS SUBSTRING_INDEX(article," ",25) AS article1, id, date, postedby FROM news ORDER BY date DESC LIMIT ' . (($pagination->get_page() - 1) * $records_per_page) . ', ' . $records_per_page . ''; Then displaying it like this: <?php echo wordwrap($row['article1'], 46, "\n", true);?> I'm not sure if I have posted this in the right section but hoping someone could help me figure this out. Thanks in advance

Are all the values you want to sum contained in the users table? or are you storing the users in 1 table and the values in other tables?

Thank you all for the replies it has helped a lot with my understanding, but Particularly thank you ChristianF for taking the time to explain all of that. I am defiantly going to read up on that sprintf function as well as due some reading on validating form input and error checking. Again thanks everyone for all the help so far, this is a great place for a beginner like myself to learn from people who really understand this stuff.

I'm a little confused, I'll do more reading on this though. As far as my script is now though it would protect against injection the way it is currently?

Yes just a number, I'm not sure I understand what you mean by cast it in as an int

I have done a bunch of reading and I just want to make sure I am doing this correctly to protect against injection. I'm hoping someone can confirm if this is the correct way to protect against injection. if(isset($_POST['updateit'])) { // Protect against injection $site = mysql_real_escape_string($_POST[job]); $avguse = mysql_real_escape_string($_POST[avguse]); $id = mysql_real_escape_string($_POST[id]); // Update database $db->query("UPDATE assets SET pmcount = '$avguse', updatedby = '{$_SESSION['username']}', updateddate = NOW() WHERE id = '$id'") or die(mysql_error()); // Redirect page header("Location: locationinfo.php?id=$site&updated=1"); exit(); }

I understand what you mean, the value might not be there even though it shows before the form is submitted. I have a lot of learning to do obviously, but your post made me think about a different solution and I managed to get it to work. Although its probably not the best way to do it, thank you 2 for helping I really appreciate it. On my form I added: <input type="hidden" name="job" value="<?php echo $assetinfo['currentjob'];?>" /> And I changed: $site = $assetresult[0]['currentjob']; to $site = $_POST['job'];

Yup I have the print_r($site); in the code and it shows 215 which is correct. The whole file looks like this: <?php session_start(); if($_SESSION['loggedin'] == TRUE) if($_SESSION['auth_lvl'] > 5) { }else{ header("Location: index.php"); } include('admin/includes/config.php'); include('admin/includes/database.class.php'); include('admin/includes/functions.php'); $db = new Database($db_host, $db_username, $db_password, $db_database, $db_table_prefix); $db -> connect(); $assetresult = $db->fetch_all_array("SELECT * FROM assets WHERE asset = '".$_GET['id']."'"); $site = $assetresult[0]['currentjob']; if(isset($_POST['updateit'])) { $db->query("UPDATE assets SET pmcount = '".$_POST['avguse']."', updatedby = '{$_SESSION['username']}', updateddate = NOW() WHERE id = '".$_POST['id']."'") or die(mysql_error()); die("Location: locationinfo.php?id=$site&updated=1"); exit(); } print_r($site); ?>

it prints Location: locationinfo.php?id=&updated=1 Ya I have started reading about it, I realize I'm probably doing some things wrong but just learning still.

When I do print_r($site); I get the proper result, am I writing this incorrectly in the header to get the value?

I copied and pasted the results of the print_r I did, this is what my code looks like now. $assetresult = $db->fetch_all_array("SELECT * FROM assets WHERE asset = '".$_GET['id']."'"); $site = $assetresult[0]['currentjob']; if(isset($_POST['updateit'])) { $db->query("UPDATE assets SET pmcount = '".$_POST['avguse']."', updatedby = '{$_SESSION['username']}', updateddate = NOW() WHERE id = '".$_POST['id']."'") or die(mysql_error()); header("Location: locationinfo.php?id=$site&updated=1"); exit(); } ?>

That didn't work, looks like I have some reading to do to see if I can figure this out. Thanks

I get: Array ( [0] => Array ( [id] => 336 [asset] => H802 [currentjob] => 215 [pmcount] => 8 [category] => Aerial [descrip] => Scissor Lift 20' Elec [year] => 2005 [make] => Skyjack [model] => SJ3220 [serial] => 614441 [createdby] => loderd [createddate] => 2012-09-06 15:50:01 [updatedby] => loderd [updateddate] => 2012-09-06 15:50:01 ) ) I'm using Database.class.php from ricocheting.com

Hi I'm hoping someone can help me with this, I'm trying to get a value from my sql query and store it as variable so I can use it in the url but I'm not quite sure how to do it. Right now when I click the edit button I set the id to the asset number in the url (ie edituseloc.php?id=H802) I use this to query the info related to that asset number. When I save the changes I want to redirect back to a page where the asset is located (ie job number locationinfo.php?id=215) the problem is I have to have the job number passed back to the url when it redirects and I'm not sure how to get that value into the header line with the "updated=1" Right now when I run this all I get in the header is locationinfo.php?id=&updated=1 which is almost correct I just need to add the job number in as the id. I have this right now: $assetresult = $db->fetch_all_array("SELECT * FROM assets WHERE asset = '".$_GET['id']."'"); $site = $assetresult->currentjob; if(isset($_POST['updateit'])) { $db->query("UPDATE assets SET pmcount = '".$_POST['avguse']."', updatedby = '{$_SESSION['username']}', updateddate = NOW() WHERE id = '".$_POST['id']."'") or die(mysql_error()); header("Location: locationinfo.php?id=$site&updated=1"); exit(); }

Thank you very much! I have been playing with this for while and couldn't get anything to work properly, this worked fantastic! and as a bonus your post really helped me understand joins a little better. Thanks again for the help

I manged to get the query to update all of the tables from the one statement, but I'm really having difficulty with the sub query. I have never really used one before and I can't seem to get this to work. I read about how to use these here http://www.roseindia.net/mysql/mysql5/writing-subqueries.shtml and have been trying for a little while now but can seem to figure this out. I changed my query to this: $db->query("UPDATE assets a,assethours ah,pm p SET a.asset = '".$_POST['asset']."', a.category = '".$_POST['category']."', a.descrip = '".$_POST['descrip']."', a.year = '".$_POST['year']."', a.make = '".$_POST['make']."', a.model = '".$_POST['model']."', a.serial = '".$_POST['serial']."', a.updatedby = '{$_SESSION['username']}', a.updateddate = NOW(), ah.hoursasset = '".$_POST['asset']."', p.pmasset = '".$_POST['asset']."' WHERE ah.hoursasset = ANY(SELECT hoursasset FROM assethours) AND p.pmasset = ANY(SELECT pmasset FROM pm)") or die(mysql_error()); And I get this error: You can't specify target table 'a' for update in FROM clause So I kept reading about Subqueries http://dev.mysql.com/doc/refman/5.1/en/subquery-restrictions.html but I'm not understanding how to fix this problem still. I can make it update all the tables however when I do that using my original query it changes all the records in all the tables which I don't want. I just want to be able to edit the asset number in the assets table and it up date the asset numbers in the other 2 tables (asssethours.hoursasset & pm.pmasset) for the asset I'm working with only. If anyone can point me to even a better tutorial it would be much appreciated.

I managed to get the query to run, looks like I was missing a few commas. When I run this query now though it changes all the records to the new asset number in all the tables not just the record I'm editing, any idea why? $db->query("UPDATE assets a,assethours ah,pm p SET a.asset = '".$_POST['asset']."', a.category = '".$_POST['category']."', a.descrip = '".$_POST['descrip']."', a.year = '".$_POST['year']."', a.make = '".$_POST['make']."', a.model = '".$_POST['model']."', a.serial = '".$_POST['serial']."', ah.hoursasset = '".$_POST['asset']."', p.pmasset = '".$_POST['asset']."' WHERE a.asset = ah.hoursasset AND a.asset = p.pmasset") or die(mysql_error());