vishalonne

Can I make a function of this and call that function where I want search operation.

Hello I have databse in MySQL with 21 fields which are listed below Field Name Data Type NULL status text No roll_no text No branch_id int(5) No student_name text No father_name text No phone1 text No phone2 text No email text No dob date No city text No course_id varchar(5) No class_id int(2) No program text No duration text No comment text No admission_year int(4) No admission_date text No entryby text No address text No admission_no int(4) No fees int(6) No Now I am stuck with search process, I bit confused, how can I perform search for different types of conditions/criteria Few Examples of combinations of condtions 1. Only those records of city=3 2. Only those branch_id=2 3. Only those admission_year='2013' 4. Only those course_id='15' 5. Only those branch_id='2' AND course_id='15' 6. Only those branch_id='2' AND course_id='15' AND city LIKE 'XYZ' 7. Only those admission_year='2012' AND course_id='10' AND duration BETWEEN(2 AND 3) 8. Only those branch_id=2 AND course_id='15' AND student_name LIKE 'XYZ' 8. Only those course_id=7 AND class_id=2 AND father_name LIKE 'XYZ' My search.php form page is designed, I attached the image of form design here but I am confused how can I implement this search options for different situations. Or can view the page here Please give me some guidance and show me the correct way to solve this issue.

Great You are Genius Thank you very much

Thank you for your co operation After using the code you gave If I select image it it shows "File Uploaded" with the name of the image file And if I don't select image file it show Error: 4 Can't understand why 4? why not it shows "Please select a file"

I just want to save the image of an item in mysql database

As you suggested me to change if(!isset($_FILES[$image])) TO if(!isset($_FILES["IMAGE"])) now if submit the form without selecting any image file it is showing File Uploaded

CAn I just check the this by this way if(!isset($image))

YES YES ITS DONE Thank you Very much NOTICE GONE BUT I am getting Please select a File message and The name of the File Here is the modified code - $code=$_POST['ICODE']; $descp=$_POST['DESCR']; $rate=$_POST['RATE']; $image=$_FILES["IMAGE"]["name"]; if(!isset($_FILES[$image])) { echo '<p>Please select a file</p>'; echo $image; } else { echo "File Uploaded"; echo $image; ......

Now it more problematic If I don't select any image then also it is showing File Uploaded

Now I change my code to like this -> if(!isset($_FILES["IMAGE"])) { echo '<p>Please select a file</p>'; echo $image; } else { echo "File Uploaded"; It is now working showing File Uploaded but notice is still coming Notice: Undefined index: IMAGE in C:\xampp\htdocs\billing\prodinsert.php on line 11

Thank you for Guiding me What is the 2nd paprameter ["name"]

Hi I just wan to to pass the value of Input Type File html tag to a 2nd PHP page where I will insert the image in mysql but I am always getting a notice and isset() is not getting the $_FILE('IMAGE'). Here is the notice - Notice: Undefined index: IMAGE in C:\xampp\htdocs\billing\prodinsert.php on line 11 This is my HTML TAGS - <body> <hr /> <form id="form1" name="form1" method="post" action="prodinsert.php" enctype="multipart/form-data"> <input name="ICODE" type="text" size="10" maxlength="6" /> <input name="DESCR" type="text" size="50" maxlength="45" /> <input name="RATE" type="text" size="10" maxlength="9" /> <input type="hidden" name="MAX_FILE_SIZE" value="10000000" /> <input name="IMAGE" type="file" /> </form> And this is my PHP code- <?php $host="localhost"; $user="root"; $pass=""; $db="bill"; mysql_connect($host, $user, $pass) OR DIE (mysql_error()); mysql_select_db ($db) OR DIE ("Unable to select db".mysql_error()); $code=$_POST['ICODE']; $descp=$_POST['DESCR']; $rate=$_POST['RATE']; $image=$_POST['IMAGE']; if(!isset($_FILES[$image])) { echo '<p>Please select a file</p>'; echo $image; } else { echo "File Uploaded"; echo $image; } Where I am making mistake ??? Please guide me.

Thanx for guidence but I'm confused now how to fetch the value from array here I am modifying my code - if($stmt = $mysqli -> prepare("SELECT * FROM $tbl_name1 WHERE confirm_code=?")) { $stmt -> bind_param("s", $passkey); $stmt -> execute(); $stmt->store_result(); $count=$stmt->num_rows; echo "\n".$count; // getting the value 1 which is correct if($count==1) { $rows = $stmt->get_result(); $res=$rows->num_rows; $rows->data_seek($res); [b]// I am not getting link from here HOW CAN I get the value $rows->fetch_assoc());[/b] $v_fname=$rows['temp_first_name']; $v_lname=$rows['temp_last_name']; $v_sex=$rows['temp_sex']; $v_phone=$rows['temp_phone'];

@Barand Yes I agree with you. Am I not implementing this function properly, I suppose I am doing some wrong pocedure to implemet it

Sorry Pikachu Error is -

Hi Every Body I am facing problem in retreving the data from my mysql table I want to use prepared statement with mysqli for security reason. Here is my code Please give a guidance - <?php $host="localhost"; // Host name $username="**********"; // Mysql username $password="**********"; // Mysql password $db_name="**********"; // Database name $tbl_name1="**********"; // tem Table name $tbl_name2="**********"; // registered user table $mysqli = new mysqli($localhost, $username, $password, $db_name); if ($mysqli->connect_errno) { echo "Connection Failed: " . mysqli_connect_errno(); exit(); } $count=null; $passkey=$_GET['passkey']; echo $passkey; // exact passkey printed if($stmt = $mysqli -> prepare("SELECT * FROM $tbl_name1 WHERE confirm_code=?")) { $stmt -> bind_param("s", $passkey); $stmt -> execute(); $stmt->store_result(); $count=$stmt->num_rows; echo "\n".$count; // getting the value 1 which is correct if($count==1) { while($rows = $stmt->fetch_assoc()) { $v_fname=$rows['temp_first_name']; $v_lname=$rows['temp_last_name']; $v_sex=$rows['temp_sex']; $v_phone=$rows['temp_phone']; $v_city=$rows['temp_state']; $v_state=$rows['temp_city']; $v_pin=$rows['temp_pin']; $v_schoolname=$rows['temp_school_name']; $v_class=$rows['temp_class']; $v_subject=$rows['temp_computer_subject']; $v_board=$rows['temp_board']; $v_session=$rows['temp_session']; $v_email=$rows['temp_email']; $password=$rows['temp_password']; $v_salt=$rows['temp_salt']; if (!($insert_stmt = $mysqli->prepare("INSERT INTO $tbl_name2 (first_name,last_name,sex,phone,state,city,pin,school_name,class,computer_subject,board, session,email,password,salt) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"))) { echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error; } if(!$insert_stmt->bind_param('sssiiisssssssss',$v_fname,$v_lname,$v_sex,$v_phone,$v_city,$v_state,$v_pin, $v_schoolname,$v_class,$v_subject,$v_board,$v_session,$v_email, $password,$v_salt)) { echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error; } if(!$insert_stmt->execute()) { echo "Execute failed: (" . $mysqli->errno . ") " . $mysqli->error; } else { //echo "Data saved properly"; $flag=1; if($flag==1) { echo "<body bgcolor='#FFFF99'>"; echo "<p align='center'><font color='#008000' size='6' face='Verdana'>"; echo "Congratulation...!! </font>"; echo "</br>"; echo "<font color='e80005' size='5'>Your account has been activated</font>"; if ($stmt = $mysqli->prepare("DELETE FROM $tbl_name1 WHERE confirm_code = ? LIMIT 1")) { $stmt->bind_param("s",$passkey); $stmt->execute(); } } } } } } else { echo "Select Failed: (" . $mysqli->errno . ") " . $mysqli->error; echo "<body bgcolor='#FFFF99'>"; echo "<p align='center'><font color='#e80005' size='6' face='Verdana'>"; echo "SORRY...! </font>"; echo "</br>"; echo "<font color='#e80005' size='5'>Your Confirmation code is not correct</font>"; } $stmt->close();

Here in PHP Frreaks I saw in one thread you suggested to use library for this purpose like Ion auth is simple and secure. Can you suggest me more library which can give a strong security features.

@Psycho Thank you very much for this great information, unnecessarly I was banging my head on these code. Can you please tell me from where I can get good security tutorial for php for the same purpose. So, I can do same job in PHP Regards

If I delete the entire code from isset to the bottom and leave only this part in login.php file - <?php include 'dbconnection.php'; include 'functions.php'; sec_session_start(); echo var_dump($_POST); print_r($_REQUEST); ?> See the output array(3) { ["logemail"]=> string(6) "ankush" ["logpass1"]=> string(0) "" ["p"]=> string(128) "704d3e76a26e1c6e99e8ca31237eb400cf2cb38b9712f22ee49ec4831bd974a37ef68fd3a8ee265b9a90cb2c07006c114db59fccd93cc0a36458f9d3f04773ea" } Array ( [logemail] => ankush [logpass1] => [p] => 704d3e76a26e1c6e99e8ca31237eb400cf2cb38b9712f22ee49ec4831bd974a37ef68fd3a8ee265b9a90cb2c07006c114db59fccd93cc0a36458f9d3f04773ea )

Actually I got this code from http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL

Please check this code for formhash2() and formhash1() - // Javascript Document csnip function formhash2(form,password) { // Create a new element input, this will be out hashed password field. alert(form.id + " " + password.value); var p = document.createElement("input"); // Add the new element to our form. p.name = "p"; p.type = "hidden" p.value = hex_sha512(password.value); // Make sure the plaintext password doesn't get sent. password.value = ""; // Finally submit the form. form.appendChild(p); form.submit(); } function formhash1(form,password) { alert(form.id + " " + password.value); // Create a new element input, this will be out hashed password field. var pl = document.createElement("input"); // Add the new element to our form. pl.name = "pl"; pl.type = "hidden" pl.value = hex_sha512(password.value); // Make sure the plaintext password doesn't get sent. password.value = ""; // Finally submit the form. form.appendChild(pl); form.submit(); }

Dear Maniac Dan. First of all thank you for considering my problem. I have 2 forms on my index.php here it is <FORM ID="Login" ACTION="login.php" METHOD="POST"> <h1>welcome to the login page</h1> please input the login details to create an account here<br /> <table border="2"> <tr> <td>email :</td><td><input id="logemail" name="logemail" type="text" size"30"></input></td> </tr> <tr> <td>password :</td><td><input id="logpass1" name="logpass1" type="password" size"20"></input></td> </tr> </table> <input type="button" value="Login" onclick="formhash2(this.form,this.form.logpass1);"> </FORM> <FORM ID="Register" ACTION="register.php" METHOD="POST"> <h1>welcome to the registration page</h1> please input the registration details to create an account here<br /> <table border="2"> <tr> <td>email :</td><td><input name="regemail" type="text" size"30"></input></td> </tr> <tr> <td>password :</td><td><input id="regpass1" name="regpass1" type="password" size"20"></input></td> </tr> </table> <input type="button" value="Register" onclick="formhash1(this.form,this.form.regpass1);"> </FORM> 1. As you can see in the code Second form also have same code with minor changes like the name of function in onclick() when this is working perfectly Why not 1st form is working. 2. But interesting part of the code is if I remove the comment from these // $email = $_POST['logemail']; // $password = $_POST['p']; // echo $password; // echo $email; and rest of the code I commented then I get waht I expect from POST. Now can you explain this...

Hi All See the code give given below. I was fighting with this code since last 5 hours to know why isset() is eveluating the condition as false if value is posted exactly what it shall POST. If I uncomment the line no. - 4,5,6,7,8 and put rest of the code from line no. 10 to 28 I can see the POSTED value . Can Anyone help in this by any guidance or suggestion. I will be thankful. <?php include 'dbconnection.php'; include 'functions.php'; //sec_session_start(); // $email = $_POST['logemail']; // $password = $_POST['p']; // echo $password; // echo $email; // Our custom secure way of starting a php session. if(isset($_POST['logemail'], $_POST['p'])) { $email = $_POST['logemail']; $password = $_POST['p']; // The hashed password. if(login($email, $password, $mysqli) === true) { // Login success //$url = 'mwq'; //echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">'; echo $password; echo $email; } else { // Login failed header('Location: login.php?error=1'); } } else { // The correct POST variables were not sent to this page. echo 'Invalid Request Data Not POSTED'; }

Registration not required I just want to show the stuff for clear picture.

Thank you for your consideration PFMaBiSmAd but I already integrated login code on every page. If possible you can take look in my site www.cbsecsnip.in Home Page - > Computer Science -> XI - > Solved Materials (click this, required valid login) Now if user enter valid login from on home page he should see the page which is blocked (Solved Material)