bob_the _builder

Thanks for that, This seems to work, dunno what the browser compatibility like, I only have ie atm: [code=php:0]<scrip type="text/javascript"> <!--     function formatText (tag) {         var selectedText = document.selection.createRange().text;                 if (selectedText != "") {             var newText = "[" + tag + "]" + selectedText + "[/" + tag + "]";             document.selection.createRange().text = newText;         }     } //--> </script> <a href="javascript:smilie(':p')"> <form name="form" action="page.php" method="post">     <textarea name="description"></textarea><br />     <input type="button" value="bold" onclick="formatText ('b');" />     <input type="button" value="italic" onclick="formatText ('i');" />     <input type="button" value="underline" onclick="formatText ('u');" /> <input name="submit" type="submit" value="Submit" /> </form>[/code] Now just similar code to input smilies .. :) :( etc .. Thanks

Hi, Thanks, I got: [code=php:0]if (is_array($value)) { foreach ($value as $k => $v){ if (!get_magic_quotes_gpc()) { $value[$k] = mysql_real_escape_string($v); } $value[$k] = trim(strip_tags($v)); } }else{ if (!get_magic_quotes_gpc()) { $value = mysql_real_escape_string($value); } $value = trim(strip_tags($value)); }[/code] Im sure I can loose the if statment for get magic quotes so its only used once. Thanks

I have googled and come across a few lots of code, most to complex or that only add tag to one side then you have to hit the button for the closing tag. Not after free code .. just a direction or snippet that I can work on. Thanks

Hi, thanks for the snippet .. something with better browser compatibility would be better.

Hi, I notice that if I use the function on a single text field, I get an error I guess because its not an array been called into it. Get the error on line: [code=php:0]foreach ($value as $k => $v){[/code] Is there a work around so I can use the same function on all variables that are from an array or just a single variable? Thanks

Hi, I have code to replace html to bbcode, but looking more for how you can select some text ans surround it with the bb tags ... Thanks

Hi, Would anyone have or beable to help create some code for adding basic BBcode to text areas like when you post a topic or reply here. All I am after is the basics Bold, Italic, underline, maybe hr and a couple of smilies. So when you highlight the word and click the button, have it add the tags either side of the text. Thanks

Perfect, Thanks alot. Is this the correct way to go about magic quotes for adding slashes? [code=php:0]if (!get_magic_quotes_gpc()) { $value[$k] = mysql_real_escape_string($v); }[/code] Thanks

Hi, Thanks that makes a diference, but now its not converting the html to the bbcode ..? Cheers

Hi, With the following function: [code=php:0]function ValidateInput($value) { $BBCode = array( "<b>" => "[b]", "</b>" => "[/b]", "<u>" => "[u]", "</u>" => "[/u]", ); $value = str_replace(array_keys($BBCode), array_values($BBCode), $value); $value = mysql_real_escape_string(trim(strip_tags($value))); return $value; }[/code] Using a form: [code=php:0] echo '<center>'; $number_of_fields = 4; echo '<form enctype="multipart/form-data" action="index.php?action=upload" method="post" name="upload_form">';   while($counter <= $number_of_fields){   echo '<input name="photo_filename[]" type="file" class="input-box"><br />'; echo '<textarea name="photo_caption[]" cols="26" rows="3" class="input-box"></textarea><br /><br />';   $counter++; } echo '<input type="submit" name="submit" value="Upload Photos" class="submit-button">'; echo '</form>'; echo '</center>';[/code] When I submit it to the insert page using: [code=php:0]$photo_caption = ValidateInput($_POST['photo_caption']); mysql_query("INSERT INTO gallery_images(subcat_id, photo_filename, photo_caption) VALUES('".$subcat_id."', '0', '".$photo_caption[$counter]."')" );[/code] Basically for each field it displays 1 letter starting to write Array A r r Thats the out put from 3 fields that did have a sentance or 2 in them What would cause this? as it works fine just posting a non array single field. Thanks

Hi, it will be 2 INSERT querys, placing the correct variables into each query.

Hi, If its just one patient, and all their prior visits why not just 2 querys. First to show the patient details, the next to list all their visits in which you could use pagination etc on. [code=php:0]$details = "SELECT * FROM contact WHERE Patient_id = {$_GET['Patient_id']}"; while($row = mysql_fetch_array($sql)) { //list patient name + details here } $records = "SELECT * FROM records WHERE Patient_id = {$_GET['Patient_id']} ORDER BY Next_Visit ASC"; while($row = mysql_fetch_array($sql)) { // List all patient records here }[/code]

[url=http://www.phpfreaks.com/forums/index.php/topic,108593.0.html]http://www.phpfreaks.com/forums/index.php/topic,108593.0.html[/url] maybe of some help

What code do you allready have, at what point are you stuck?

Hi, Nice never thought of doing it like that .. thanks! Trying to create a chained list/menu, not having much luck using the selected option on the 2nd list/menu [code]<scrip language=JavaScript> function reload(form) { var val=form.maincat.options[form.maincat.options.selectedIndex].value; self.location='chained.php?maincat=' + val ; } </scrip>[/code] [code=php:0]require_once 'db.php'; $maincat = $_GET['maincat']; $sql=mysql_query("SELECT * FROM gallery_maincat ORDER BY maincat_name ASC"); $sql2=mysql_query("SELECT * FROM gallery_subcat WHERE maincat_id = $maincat ORDER BY subcat_name ASC"); echo '<form action="" name="subcat"  method="post">'; echo '<select name="maincat" onchange="reload(this.form)">'; echo '<option value="">Selection</option>'; while($row = mysql_fetch_array($sql)) { $selected = $row['maincat_id'] == $maincat ? 'selected' : ''; echo '<option ' . $selected . ' value="'.$row['maincat_id'].'">'.$row['maincat_name'].'</option>'; } echo '</select>'; echo '<select name="subcat" onchange="reload(this.form)">'; echo '<option value="">Selection</option>'; while($row2 = mysql_fetch_array($sql2)) { $selected = $row2['subcat_id'] == $row2['subcat_id'] ? 'selected' : ''; echo '<option ' . $selected . ' value="'.$row2['subcat_id'].'">'.$row2['subcat_name'].'</option>'; } echo '</select>'; echo '</form>';[/code] Can it be writen better than that? Thanks

Hi, you need another field in the 2nd table to hold "Patient ID" so you can create the relationship between the 2 tables .. hth

Hi, Whats the correct syntax to merge: [code=php:0]$data1['maincat_id']=='$maincat' ? 'selected' : ''[/code] into: [code=php:0]echo '<option value="'.$row['maincat_id'].'">'.$row['maincat_name'].'</option>'[/code] [code=php:0]echo '<option $data1['maincat_id']=='$maincat' ? 'selected' : '' value="'.$row['maincat_id'].'">'.$row['maincat_name'].'</option>';[/code] Have tried a few ways and keep gettin errors. Thanks

Hi, I got it using: [code]$preview = mysql_query("SELECT i.photo_filename         FROM gallery_images i         INNER JOIN gallery_subcat s         ON i.subcat_id = s.subcat_id         INNER JOIN gallery_maincat m         ON m.maincat_id = s.maincat_id         WHERE m.maincat_id = {$row['maincat_id']} ORDER BY RAND()") or die(mysql_error());[/code] had a query prior the the $preview one for he pagination .. so was able to use $row['maincat_id'] [code] $sql = mysql_query("SELECT * FROM gallery_maincat ORDER BY maincat_id DESC LIMIT $from, $max_results");[/code] Is this a reasonable way to go about it? Thanks

Hi, First to clean form post data I am using a function: [code=php:0]function validate($value) { if (!is_numeric($value)) {         $value = mysql_real_escape_string(trim(strip_tags($value))); }         return $value; } $data = validate($_POST['field']);[/code] Is that good enough to clean user input before inserting into a mysql database? Also just say a login situation, checking the username and password .. is the above code gunna cover for any hack attempts? As for get data via url .. A simple query like: [code]$sql = mysql_query("SELECT * FROM gallery_images WHERE photo_id='".$_GET['photo_id']."'"); while($row = mysql_fetch_array($sql)) {[/code] Should anything be used with queries like the one above to clear any chance of sql injection? Maybe just: [code=php:0]if (is_numeric($field)) { // continue with query }else{ echo "Nice Try"; }[/code] ? Just after good ideas to stop sql injection and hack atempts on memberhip systems and alterasions of get data via url being used to alter sql querys. Thanks

Yer, if other variables from the query work there is no reason why topicid shouldnt echo, doent matter that its set for auto incriments.

Hi, maybe its topic_id? Must be working fine if it displays the other variables.

Hi, Is the following enough to clean user input before inserting into db: [code=php:0]$field = mysql_real_escape_string(trim(strip_tags($_POST['field'])));[/code] To my knowladge trim doesnt take away spaces between words in a paragraph? Also whats the best way to clean any data sent across the url like below? [code=php:0]index.php?action=user&user_id='.$_SESSION['user_id'].'[/code] Thanks

Thanks, That makes the joins bit more clearer .. Still no luck with the random maincat image. Seems it keeps showing images for maincats that arnt even in a related subcat. Any ideas? Cheers

Hi, Thanks that seems to work, I guess it has to be 2 queries? I dont really understand when you should use left joins or inner joins etc   :( A query to show a random image for each maincat from a corrosponding random subcat .. I guess thats hard as there is no post data to make the select from? Also abit off mysql, should you also clean any data sent across the url like &maincat_id=$_POST['maincat_id'], I guess code can be added to the url to cause damage to the site? also is (list($photo_filename) away around creating a variable $photo_filename = $row['photo_filename'];? Thanks

Ahh I see, back to 2 querys. It still doesnt delete subcats under the maincat being deleted that doesnt contain any images. Thanks