jayteepics

Now working many Thanks indeed. Inspect Element is great I've just been engrossed in NetBeans and was getting away with rubbish by testing in IE9 Lesson learned - Yes I better buy a book on HTML(5) and CSS(3) to that end could I ask another favor please?.....Is there ONE book folks would recommend I buy?? Jamie

Thanks Kicken, I just came to that very conclusion and I'll investigate that 256px in the stylesheet asap Jamie

OK all uploaded... http://www.clevercollecting.com/default.php Don't believe everything you see There are Books under Art and History categories. Try IE9 first to get an idea of how it should look (not great but hey it at least functions) then try the other browsers to see the 'cover up' Many Thanks Jamie

That was very helpful in that visual/working HLinks take me to the proper <a href... But the ones that are 'covered' take me to the top menu bar "topbar".. Regarding making this live that's possible but I'll have to backup what's there first. I think you have hit the nail regarding 'a cover up' could you please just elaborate a tad on how this 'styling' can do this from your experience please? If I have to do the backup and put it up I will but if I can get a few pointers at where to look at this "topbar" (menu bar) styling I'd appreciate it. Jamie

It's a mess but hey I obviously need help. This is the view page source and isn't quite like the PHP that generated it... <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Welcome to Books</title> <link type="text/css" href="textstyles_nf.css" rel="stylesheet"></link> <meta http-equiv="content-type" content="text/html; charset=UTF-8"></meta> <script type="text/javascript" src="jquery.js"></script> <!--scripts--> <!--menu_java--> <script language="javascript" type="text/javascript"> /* <![CDATA[ */ function IeOver(){nua = navigator.appName;if (nua.toLowerCase().indexOf('microsoft')!=-1){if(arguments[0])arguments[1].className+=" over"; else arguments[1].className=arguments[1].className.replace(" over", "");}} /* ]]> */ </script> <!--/menu_java--> <!--endscripts--> <style type="text/css"> h2 { font-family:Arial, Helvetica, sans-serif; font-size:22px; color:#664B4A; margin-left:24px } body { font-family:Arial, Helvetica, sans-serif; font-size:13px; color:#664B4A } li, td { font-family:Arial, Helvetica, sans-serif; font-size:13px } ul.ind { font-family:Arial, Helvetica, sans-serif; font-size:13px; margin-left:40px } ul { font-family:Arial, Helvetica, sans-serif; font-size:13px } a { color:#000000 } #body {margin:0; padding:0; font-size:80%; font-family:sans-serif;} #header {display:block; width:100%;} #containerx {width:100%; display:table;} #row {display:table-row;} #left {width:45%; margin-left:20px; vertical-align:middle; background-color:#cecece; color:#664B4A; display:table-cell;} #middle {width:30%; display:table-cell; vertical-align:middle; background-color:#cecece;} #right {width:23%; display:table-cell; background-color:#cecece;} #normalcontainer #normal {width:100%; display:table-row; background-color:#cecece;} #header2 {display:block; width:100%;} #container2 {width:100%; display:table;} #row2 {display:table-row;} #left2 {width:45%; margin-left:20px; vertical-align:middle; background-color:#cecece; color:#664B4A; display:table-cell;} #middle2 {width:30%; display:table-cell; vertical-align:middle; background-color:#cecece;} #right2 {width:23%; display:table-cell; background-color:#cecece;} .style1 { font-family:Arial; font-size:small; text-align:center; } .style2 { color:#FF0000; } .style71 { text-align:center; color:#E2E2E2; } .style72 { text-align:center; color:#000000; } .style81 { font-family:Arial; font-size:xx-small; text-align:center; margin-left:400px; } .style82 { font-family:Arial; font-size: x-small; text-align:center; } </style> </head> <body> <div id="container"> <div id="topbar"> <img src="topbar.png" id="topbg" alt="" /> <ul id="mmenu"><!--mmenu--> <li><a class="mmenu" href="default_2.php" target="_self">Home</a> </li> <li><a class="mmenu" href="start.php" target="_self">Collectables</a> </li> <li><a id="ma" class="mmenu" href="index.php" target="_self">Books</a> </li> <li><a class="mmenu" href="index_glass_ceramic.php" target="_self">Glass/Ceramic</a> </li> <li><a class="mmenu" href="index_photo.php" target="_self">Photography</a> </li> <li><a class="mmenu" href="index_textiles.php" target="_self">Textiles</a> </li> <li><a class="mmenu" href="index_pictures.php" target="_self">Pictures</a> </li> <li><a class="mmenu" href="index_sculpture.php" target="_self">Sculpture</a> </li><!--/mmenu--></ul> </div><br /><br /><br /><br /> <div id="containerx"> <div id="row"> <div id="left" ><img src="images/cclogo6.png" alt="CleverCollecting" border="0" align="left" height="55" width="280"></img></div> <div id="middle" align="left"> Total Items = 0 Total Price = &#163;0.00</div> <div id="right"> <a href="show_cart.php"> <img src="images/view-cart.png" alt="View Your Shopping Cart" border="0" height="42" width="80"></a></div></div></div><div id="container2"><div id="row2"><div id="left2"><h2 margin-left="20px" vertical-align="text-top">Welcome to Books</h2></div><div id="middle2"></div><div id="right2"> <a href="start.php"> <img src="images/continue-shopping.png" alt="Continue Shopping" border="0" height="42" width="80"></a></div></div></div><p> Please choose a category:</p><ul class="ind"><li> <a href="show_cat.php?catid=1">Archaeology</a><br> </li><li> <a href="show_cat.php?catid=2">Architecture</a><br> </li><li> <a href="show_cat.php?catid=3">Art</a><br> </li><li> <a href="show_cat.php?catid=4">Exhibition Catalogues</a><br> </li><li> <a href="show_cat.php?catid=5">History</a><br> </li><li> <a href="show_cat.php?catid=6">Photography</a><br> </li><li> <a href="show_cat.php?catid=7">Travel</a><br> </li><li> <a href="show_cat.php?catid=8">Fiction</a><br> </li><li> <a href="show_cat.php?catid=9">Religion</a><br> </li><li> <a href="show_cat.php?catid=10">Literature</a><br> </li></ul><hr style="width: 70%" class="style71"><p style="height: 0px; text-align: center; " class="style82" ><strong>Thursday 15 March 2012 20:12:16</strong></p><!-- </body> </html> -->

I'd appreciate some pointers regarding a problem I have. Environment: localhost Apache 2 server: PHP 4; MySQL Everything works as expected in IE9 However Comodo/Chrome; FFox and Safari all demonstrate the problem I have. On a page with a <ul> list of items (in this case categories) when hovering over the first 5 out of 9 items the hyperlinks don't display or work BUT the remaining 4 do. I then added the following 3 red PHP statements to echo the contents of the $cat_array; $cat_array = get_categories(); echo '<pre>'; print_r ($cat_array); echo '</pre>'; When tested I was able to see and click on on all 9 category items in all the browsers which previously failed (as well as see all the contents of $cat_array) If I comment these 3 statements out I'm back to square one. Obviously there is something very flaky here. I would appreciate any suggestions as to what the cause of this might be please. If I view the page source and click on the hyperlinks, ALL work ??? Many Thanks Jamie

Many thanks for that.

Just set up a new wamp environment and in this new [stricter] environment I'm getting masses of warnings I never saw before (mea culpa):- e.g. Use of undefined constant name - assumed 'name' in C:\wamp\www... This is the sort of thing I have coded.. $_SESSION['address'][name] = $name; then later.... $name = $_SESSION['address'][name]; Should this be changed to... $_SESSION['address']['name'] = $name; and... $name = $_SESSION['address']['name']; Jamie

In trying to find solutions to my problems by searching the forums, I'm getting overwhelmed by the verbosity of the hits. Is there an oftion to just get terse one liners so that I can scan much more hits rather than giving up after umpteen pages where some hits fill the page. I really believe this would help get me more independant and eliminate a proprtion of my requests for help. Cheers jamie

Many Thanks XYPH for taking time to explain this. It is very much appreciated! As a beginner, I guess we are molded by our first impressions and mine are coming from the "PHP and MySQL Web Development" book Fourth Edition by Luke Welling and Laura Thomson. To be fair I guess they have to demonstrate a variety of ways of coding either that it was written by a committee ;-) The mix and match of OOP and Procedural is right there in the source samples and I'm too much a newb to know any better :-( Thanks again to all! Jamie

Further lessons.... My Apache 2.2 server has been up for weeks.... php.ini display_errors change was done about a week ago... I have only just restarted Apache and I am seeing a shedload of errors NOW in the browser. My abject apologies to all:- If it is any consolation what I have learnt with this one post (though I still have to understand the connection differences) is... Pare down the coding problem to just the heart of the problem AND if any functions are used, include them with the code so everyone can see the entire story ! AND Don't forget to restart Apache server if any change has been made Hopefully this hasn't p***ed anyone off. Jamie

OK. I guess I should have run this code supplied by XYPH before.. in fact I guess I should have shown my connect function before!! <?php $var = 'Something'; echo 'BEFORE:<br>'; echo check_input($var) . '<br><br><br>AFTER:'; mysql_connect('localhost', 'xxxxxxx', 'yyyyyyy', 'zzzzzz'); echo check_input($var); function check_input($value) { echo '<pre>'; echo "Value before = "; echo $value; echo '</pre>'; // Stripslashes //if (get_magic_quotes_gpc()) // { // $value = stripslashes($value); // } // Quote if not a number //if (!is_numeric($value)) // { // $value = "'" . mysql_real_escape_string($value) . "'"; // $value = mysqli_real_escape_string($value); $value = mysql_real_escape_string($value); // // $value = addslashes($value); echo '<pre>'; echo "Value after = "; echo $value; echo '</pre>'; // } return $value; } ?> Thanks XYPH Using the code you supplied connecting using mysql_connect('localhost', 'xxxxx', 'yyyyy', 'zzzzzz'); BEFORE: Value before = Something Value after = AFTER: Value before = Something Value after = Something Something Worked!!!! ________________________________________ using my $conn = db_connect(); function which contains.. function db_connect() { $result = new mysqli('localhost', 'xxxxxxx', 'yyyyyyy', 'zzzzzzz'); if (!$result) { return false; } $result->autocommit(TRUE); return $result; } I get the failure !!! BEFORE: Value before = Something Value after = AFTER: Value before = Something Value after = Failed!! Drat!! I mean THANKS!! Could someone explain why my connect method doesn't work? making the real_escape_string mysqli_real_escape_string fails too. Note: at no time did I get any error displayed - despite the display_errors being On! So obviously I was connected all the time else none of my stuff would have been working HOWEVER my connection method was not compatible it seems with mysql_real_escape_string and that's the first failure which has cropped up so far. Hmm Many thanks for everyone looking at this and helping Jamie

Answers: Yes I'm connected I've showed this in the code below, the select query always works so have to be connected display_errors is On and error_reporting is E_ALL Full code no function calls.. <?php include ('book_sc_fns.php'); $conn = db_connect(); if (!$conn) { echo "Failed to connect to Database"; exit; } session_start(); $errors = ''; $iso_code = ''; $country_name = ''; do_html_heading("Check Country for Shipping"); $iso_code = trim($_POST['iso_code']); $iso_code = strtoupper($iso_code); $country_name = trim($_POST['country_name']); $country_name = ucwords($country_name); ///------------Do Validations------------- if (empty($iso_code) && empty($country_name)) { $errors .= "\n Either ISO Code or Country Name is required. "; } if (empty($errors)) { echo '<pre>'; print "Robert String = \n"; print mysql_real_escape_string("Robert's"); print "should have seen result Robert\'s \n"; print "ISO before = \n"; print $iso_code."\n"; print "Country before = \n"; print $country_name; echo '</pre>'; //$iso_code = mysql_real_escape_string($iso_code); // uncommenting these //$country_name = mysql_real_escape_string($country_name); // wipes out the variable $country_name = addslashes($country_name); if (!$country_name) $country_name = "blank"; $query = "select * from countries where iso_code = '" . $iso_code . "' or country like '%" . $country_name . "%'"; mysql_query($query); echo '<pre>'; print "ISO after = \n"; print $iso_code."\n"; print "Country after = \n"; print $country_name; echo '</pre>'; if (mysql_errno($conn)) { echo 'Error: Could not find country. Please try again.'; echo mysqli_errno($conn); echo mysqli_error($conn); exit; } $result = $conn->query($query); $num_results = $result->num_rows; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Shipping Information</title> <!-- define some style elements--> <style> label,a, body { font-family : Arial, Helvetica, sans-serif; font-size : 12px; } .err { font-family : Verdana, Helvetica, sans-serif; font-size : 12px; color: red; } .style1 { text-align: center; } </style> </head> <body style="background-color: #C9C9C9"> <table align="center" style="width: 100%"> <tr> <td class="style1"> </td> </tr> </table> <?php if (!empty($errors)) { echo "<p class='err'>" . nl2br($errors) . "</p>"; } ?><div id='country_check_errorloc' class='err'></div> <form method="POST" name="shipping_info_form" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>"> <p> <label for='iso_code'>Country Code (ISO standard): </label><br> <input type="text" name="iso_code" value=""> </p> <p> <label for='country_name'>Country Name: </label><br> <input type="text" name="country_name" value=""> <?php if ($num_results > 0) { for ($i = 0; $i < $num_results; $i++) { $row = $result->fetch_assoc(); echo "</strong><br /> ISO Code: "; echo $row['iso_code']; echo "</strong><br /> Country: "; echo $row['country']; echo "</strong><br /> Region: "; echo $row['region']; echo "<br /> Ship Cost: &#163;"; echo $row['ship_cost']; echo "</p>"; } } ?> <br><input type="submit" value="Submit" name='submit'><br /> <p class="style5"> <a title="return to site" target="_self" href="../default.htm"> Return Home</a></p> </form> </body> </html> Result with comments.. Result with comments in... Check Country for Shipping Robert String = should have seen result Robert\'s ISO before = UK Country before = United Kingdom ISO after = UK Country after = United Kingdom Country Code (ISO standard): Country Name: ISO Code: UK Country: United Kingdom Region: Europe Ship Cost: £10.00 Return Home remove comments ... Check Country for Shipping Robert String = should have seen result Robert\'s ISO before = UK Country before = United Kingdom ISO after = Country after = blank Country Code (ISO standard): Country Name: Return Home the only error output I can find is anxdebug output called cachegrind.out which I can post if it helps? Many Thanks jamie

A Question: Has this actually got everyone stumped? Or is it so stupid it just might not be worth answering? I realise I'm a newbie but how can one single statement just not work for me but works for everyone else. Is it wrong? Is it possibly an environment issue (I have run it on two different environments) but php.ini is kind of similar apart from one being Windows and the other being linux? Again, any help would be appreciated. Jamie

Many Thanks for taking another look much appreciated. Here is the code... $iso_code = trim($_POST['iso_code']); $iso_code = strtoupper($iso_code); $country_name = trim($_POST['country_name']); $country_name = ucwords($country_name); ///------------Do Validations------------- if(empty($iso_code) && empty($country_name)) { $errors .= "\n Either ISO Code or Country Name is required. "; } if(empty($errors)) { //send the form // Make a safe SQL // echo check_input("robert's"); // should return robert\'s // echo '<pre>'; // echo "Robert String = "; // echo mysql_real_escape_string("Robert's"); // echo "should have seen result"; // echo '</pre>'; $iso_code = check_input($iso_code); $country_name = check_input($country_name); $query = "select * from countries where iso_code = '".$iso_code."' or country like '%".$country_name."%'"; mysql_query($query); Here is the pared down function... function check_input($value) { echo '<pre>'; echo "Value before = "; echo $value; echo '</pre>'; // Stripslashes //if (get_magic_quotes_gpc()) // { // $value = stripslashes($value); // } // Quote if not a number //if (!is_numeric($value)) // { // $value = "'" . mysql_real_escape_string($value) . "'"; // $value = mysqli_real_escape_string($value); $value = mysql_real_escape_string($value); // // $value = addslashes($value); echo '<pre>'; echo "Value after = "; echo $value; echo '</pre>'; // } return $value; } Here is the result... Check Country for Shipping Value before = US Value after = Value before = United States Value after = Num Rows 249Country AndorraRegion EuropeShip_cost 10.00 Country Code (ISO standard): Country Name: Country ISO Code = AD Country Name = Andorra Country Region = Europe Country Ship Cost = £10.00 Return Home By toggling from real_escape_string() in the function to addslashes() only change.. the result is... Check Country for Shipping Value before = UK Value after = UK Value before = United Kingdom Value after = United Kingdom Num Rows 1Country United KingdomRegion EuropeShip_cost 10.00 Country Code (ISO standard): Country Name: Country ISO Code = UK Country Name = United Kingdom Country Region = Europe Country Ship Cost = £10.00 Return Home As I mentioned before, I don't need to use the function a simple $value = mysql_real_escape_string($value); wipes out $value

If I can successfully issue a MySQL query... $query = "select * from countries where iso_code = '".$iso_code."' or country like '%".$country_name."%'"; mysql_query($query); does it follow that I have the appropriate libs available to be able to successfully execute a... $value = mysql_real_escape_string($value); All I can imagine is there must be something unavailable else why would $value get set to '' ? Any help appreciated Jamie

Has anyone else experienced the phenomenon where mysql_real_escape_string() wipes out the contents of the variable? Code compiled using NetBeans 6.9.1 I've checked for dependencies on my local Windows 7 / Apache 2 httpd.conf / PHP 5.x installation php.ini also shipped the code to the ISP Linux Apache / PHP/ MySQL platform and get the same results? Does anyone have any ideas or do I just change the sanitization by using other methods? Jamie

Interesting, I did that and it returned null... Robert String <------ result should be here FRFranceselect * from countries where iso_code = 'FR' or country like '%France%' Num Rows 2Region EuropeShip_cost 10.00 Country Code (ISO standard): Country Name: Country ISO Code = FR Country Name = France Country Region = Europe Country Ship Cost = £10.00 Avoided the function the app works as before putting your suggested echo in gave null result

Thanks I tried that and it is still null I put this statement back in... $value = mysql_real_escape_string($value); result... Value before = robert's Value after = Value before = FR Value after = Value before = France Value after =

I am using this sample from w3schools <?php function check_input($value) { // Stripslashes if (get_magic_quotes_gpc()) { $value = stripslashes($value); } // Quote if not a number if (!is_numeric($value)) { $value = "'" . mysql_real_escape_string($value) . "'"; } return $value; } $con = mysql_connect("localhost", "peter", "abc123"); if (!$con) { die('Could not connect: ' . mysql_error()); } // Make a safe SQL $user = check_input($_POST['user']); $pwd = check_input($_POST['pwd']); $sql = "SELECT * FROM users WHERE user=$user AND password=$pwd"; mysql_query($sql); mysql_close($con); ?> and they are assigning the result back into $value, so my change to.. mysql_real_escape_string($value); is probably really stupid as it isn't actually doing anything hence it works as before BUT isn't sanitizing anything is it? Jamie

Hmmn, It works with.. mysql_real_escape_string($value); Duh! Serves me right for slavishly assuming proffered functions work.. Unless this is still wrong anyone? Jamie

FWIW I should have stated that magic quotes is OFF in php.ini

Folks this one line and any other variations I have tried just nulls my variable function check_input($value) { echo '<pre>'; echo "Value before = "; echo $value; echo '</pre>'; // Stripslashes //if (get_magic_quotes_gpc()) // { // $value = stripslashes($value); // } // Quote if not a number //if (!is_numeric($value)) // { $value = "'" . mysql_real_escape_string($value) . "'"; <----- //$value = mysql_real_escape_string($value); //$value = mysql_real_escape_string($value); echo '<pre>'; echo "Value after = "; echo $value; echo '</pre>'; // } return $value; } ... // Make a safe SQL $iso_code = check_input($iso_code); $country_name = check_input($country_name); $query = "select * from countries where iso_code = '".$iso_code."' or country like '%".$country_name."%'"; mysql_query($query); echo '<pre>'; echo $iso_code; echo $country_name; echo $query; echo '</pre>'; The result is:- Value before = UK Value after = '' Value before = United Kingdom Value after = '' ''''select * from countries where iso_code = '''' or country like '%''%' with no mysql_real_escape statement the app work fine. I'm now trying to make my code more robust. Any help would be appreciated. jamie

Many thanks all of you - great feedback and what I expected just never worked with browsers before other than static web pages. David thanks for taking time out to hammer the point home with humor ;-) I already have a status flag and will now proceed with flag set to PAID if the card payment works and delete everything for that order if it fails. Jamie

Hit Checkout button the following happens.. $conn = db_connect(); // we want to insert the order as a transaction // start one by turning off autocommit $conn->autocommit(FALSE); Then order, order_items and customers tables are updated If I then include this code after the order is on the database it commits fine // end transaction $conn->commit(); $conn->autocommit(TRUE); However I think i have a huge sequence error in that it is only at this point I ask them for the payment card details! If the payment fails I've still commited. I tried moving the $conn->commit(); to the end of the card processing but it just stops at that command I guess because when I went back to solicit the card payment details the plot got lost. I hope this is making sense... Is it possible to keep the transaction / unit of work pending i.e not committed until the result of the next dialog and only commit on a successful card payment else backout? The problem is I can't go to the card payment until I know the entire order process worked. Jamie