dekon

thank you it worked

yes include header is near the bottom of the code in createcat.php

i have used session start in my header which is <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="nl" lang="nl"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <meta name="description" content="A short description." /> <meta name="keywords" content="put, keywords, here" /> <title>Forum</title> <link rel="stylesheet" href="style.css" type="text/css"> <body> <center><h1>SE Connect</h1><center> <div id="wrapper"> <div id="menu"> <a class="item" href="home.php">Home<a/> - <a class="item" href="events.php">Events<a/> - <a class="item" href="forum.php">Forum<a/> - <a class="item" href="createtop.php">Create Topic<a/> - <a class="item" href="createcat.php">Create Catergory<a/> - <div id="userbar"> <?php session_start(); if ($_SESSION['loggedIn']) { echo 'Hello <b>' . htmlentities($_SESSION['username']) . '</b>. Not you? <a class="item" href="signout.php">Sign out</a>'; } else { echo '<a class="item" href="signin.php">Sign in</a> or <a class="item" href="signup.php">create an account</a>'; } ?> </div> <div id="content">

i can't save data to my database and keep getting an error saying this Notice: Undefined variable: _SESSION in /home/sn027/public_html/final project/createcat.php on line 10 could someone help me with this please thanks i want it so that only administrators with user_level of 1 are only able to create a category <?php include 'mysql.php'; //the user has admin rights $name = isset($_POST['name']) ? trim($_POST['name']) : ''; $description = isset($_POST['description']) ? trim($_POST['description']) : ''; //Create variable to hold error message $errorMsg = ''; if($_SESSION['loggedIn'] == false | $_SESSION['user_level'] != 1 ) { //the user is not an admin echo 'Sorry, you do not have sufficient rights to access this page.'; } else { //Check if form was posted if($_SERVER['REQUEST_METHOD'] == 'POST') { //Create array to hold errors $errors = array(); if(empty($name)) { $errors[] = 'The catergory name field must not be empty.'; } if(!ctype_alpha($name)) { $errors[] = 'The catergory only contain letters.'; } if(strlen($name) > 30) { $errors[] = 'catergory cannot be longer than 30 characters.'; } if(empty($description)) { $errors[] = 'The catergory description field must not be empty.'; } //if(($description)) // { // $errors[] = 'The catergory description must only contain letters.'; // } if(strlen($description) > 250) { $errors[] = 'catergory cannot be longer than 250 characters.'; } if(!empty($errors)) { $errorMsg .= "fields are not filled in correctly...<br>\n"; $errorMsg .= "<ul>\n"; foreach($errors as $err) { $errorMsg .= "<li>{$err}</li>\n"; } $errorMsg .= "</ul>\n"; } else { //No errors attempt to create record //the form has been posted, so save it $sql = sprintf("INSERT INTO catagories(name, description) VALUES('%s', '%s')", mysql_real_escape_string($name), mysql_real_escape_string($description)); $result = mysql_query($sql); if(!$result) { echo 'Error. Please try again later'. mysql_error(); exit(); } else { echo 'New category successfully added.'; exit(); } } } } ?> <?php include 'header.php'; ?> <?php echo $errorMsg; ?> <h3>Create Catergory</h3> <form method="post" action=""> Catergory Name: <input type="text" name="name" value="<?php echo $name; ?>" /></p> Catergory Description: </p><textarea name="description" /></textarea><?php echo $description; ?> <input type="submit" value="Add category" /> </form> <?php include 'footer.php'; ?>

i managed to solve the problem in the end i realized that i had to look back at my header.php page and add . htmlentities and check the spelling on my session

the reason the check login is being displayed at the end is since if they are logged in it will display to reply box

i have the session_start included in header.php

basically with my code it tells the user that they would need to be logged in to view the topics but once a user has logged in and tries to view them that it tells the user that they are not logged in and need to signin but once click this it already tells the user they are logged in can someone help me solve this i'm baffled. this is the code i'm using <?php //create_cat.php include 'mysql.php'; include 'header.php'; $sql = "SELECT id, subject FROM topics WHERE id = ". mysql_real_escape_string($_GET['id']); $result = mysql_query($sql); if(!$result) { echo 'The topic could not be displayed, please try again later.' . mysql_error(); } else { if(mysql_num_rows($result) == 0) { echo 'This topic dose not exist.'; } else { while($row = mysql_fetch_assoc($result)) { //display post data echo '<table class="topic" border="1"> <tr> <th colspan="2">' . $row['subject'] . '</th> </tr>'; //fetch the posts from the database $posts_sql = "SELECT post.topic, post.content, post.date, post.postby, users.id, users.username FROM post LEFT JOIN users ON post.postby = users.id WHERE post.topic = " . mysql_real_escape_string($_GET['id']); $posts_result = mysql_query($posts_sql); if(!$posts_result) { echo '<tr><td>The posts could not be displayed, please try again later.</tr></td></table>'; } else { while($posts_row = mysql_fetch_assoc($posts_result)) { echo '<tr class="topic-post"> <td class="user-post">' . $posts_row['username'] . '<br/>' . date('d-m-Y H:i', strtotime($posts_row['date'])) . '</td> <td class="post-content">' . htmlentities(stripslashes($posts_row['content'])) . '</td> </tr>'; } } if($_SESSION['loggedIn']) { echo '<tr><td colspan=2>You must be <a href="signin.php">signed in</a> to reply. You can also <a href="signup.php">sign up</a> for an account.'; } else { //show reply box echo '<tr><td colspan="2"><h2>Reply:</h2><br /> <form method="post" action="reply.php?id=' . $row['id'] . '"> <textarea name="reply-content"></textarea><br /><br /> <input type="submit" value="Submit reply" /> </form></td></tr>'; } //finish the table echo '</table>'; } } } include 'footer.php'; ?>

<?php //create_cat.php include 'mysql.php'; include 'header.php'; echo '<h2>Create a topic</h2>'; if($_SESSION['loggedIn'] == false) { //the user is not signed in echo 'Sorry, you have to be <a href="signin.php">signed in</a> to create a topic.'; } else { //the user is signed in if($_SERVER['REQUEST_METHOD'] != 'POST') { //dropdown is being used here where we'll retrieve the catagories from the database for use in the dropdown $sql = "SELECT id, name, description FROM catagories"; $result = mysql_query($sql); if(!$result) { //query did not work echo 'Error while selecting from database. Please try again later.'; } else { if(mysql_num_rows($result) == 0) { //there are no catagories, so a topic can't be posted if($_SESSION['user_level'] == 1) { echo 'You have not created catagories yet.'; } else { echo 'Before you can post a topic, you must wait for an admin to create some catagories.'; } } else { echo '<form method="post" action=""> Subject: <input type="text" name="subject" /> Category:'; echo '<select name="cat">'; while($row = mysql_fetch_assoc($result)) { echo '<option value="' . $row['id'] . '">' . $row['name'] . '</option>'; } echo '</select>'; echo 'Message: <textarea name="post_content" /></textarea> <input type="submit" value="Create topic" /> </form>'; } } } else { //start the transaction $query = "BEGIN WORK;"; $result = mysql_query($query); if(!$result) { //Damn! the query failed, quit echo 'An error occured while creating your topic. Please try again later.'; } else { //the form has been posted, so save it //insert the topic into the topics table first, then we'll save the post into the posts table $sql = "INSERT INTO topics(subject, date, cat, by) VALUES('" . mysql_real_escape_string($_POST['subject']) . "', NOW(), " . mysql_real_escape_string($_POST['cat']) . ", " . $_SESSION['user_id'] . " )"; $result = mysql_query($sql); if(!$result) { //something went wrong, display the error echo 'An error occured while inserting your data. Please try again later.' . mysql_error(); $sql = "ROLLBACK;"; $result = mysql_query($sql); }

An error occured while inserting your data. Please try again later.You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'by) VALUES('session state help', ' at line 5 this is the error i keep getting

could someone help me i can't seem to insert data into mysql table and don't know whats gone wrong //create_cat.php include 'mysql.php'; include 'header.php'; echo '<h2>Create a topic</h2>'; if($_SESSION['loggedIn'] == false) { //the user is not signed in echo 'Sorry, you have to be <a href="signin.php">signed in</a> to create a topic.'; } else { //the user is signed in if($_SERVER['REQUEST_METHOD'] != 'POST') { //dropdown is being used here where we'll retrieve the catagories from the database for use in the dropdown $sql = "SELECT id, name, description FROM catagories"; $result = mysql_query($sql); if(!$result) { //query did not work echo 'Error while selecting from database. Please try again later.'; } else { if(mysql_num_rows($result) == 0) { //there are no catagories, so a topic can't be posted if($_SESSION['user_level'] == 1) { echo 'You have not created catagories yet.'; } else { echo 'Before you can post a topic, you must wait for an admin to create some catagories.'; } } else { echo '<form method="post" action=""> Subject: <input type="text" name="subject" /> Category:'; echo '<select name="cat">'; while($row = mysql_fetch_assoc($result)) { echo '<option value="' . $row['id'] . '">' . $row['name'] . '</option>'; } echo '</select>'; echo 'Message: <textarea name="post_content" /></textarea> <input type="submit" value="Create topic" /> </form>'; } } }

i keep having a error with my code saying the following Error. Please try again laterColumn count doesn't match value count at row 1 could someone help me solve this <?php include 'header.php'; include 'mysql.php'; echo '<h3>Create Catergory</h3>'; if($_SERVER['REQUEST_METHOD'] != 'POST') { //the form hasn't been posted yet, display it echo '<form method="post" action=""> Catergory Name: <input type="text" name="name" /></p> Catergory Description: <input type="textarea" name="description"></p> <input type="submit" value="Add Catergory" /> </form>'; } else { //the form has been posted, so save it $sql = "INSERT INTO catagories(name, description) VALUES('" . mysql_real_escape_string($_POST['name']) . "', '" . mysql_real_escape_string($_POST['description']) . "', NOW(), 0)"; $result = mysql_query($sql); if(!$result) { echo 'Error. Please try again later';//. mysql_error(); exit(); } else { echo 'New category successfully added.'; exit(); } } include 'footer.php'; ?>

when using your code i got the following syntax error, unexpected '$result'

hi i keep getting help with my register page where i want users to register their details on my site could someone please help me about where i am going wrong with my code thanks <?php include 'mysql.php'; include 'header.php'; echo '<h3>Sign Up</h3>'; { if($_SERVER['REQUEST_METHOD'] != 'POST') echo '<form method="post" action=""> Username: <input type="text" name="username" /></p> Password: <input type="password" name="password"></p> Password again: <input type="password" name="pass_check"></p> Univeristy E-mail: <input type="email" name="email"></p> University: <input type="text" name="university"></p> <input type="submit" value="Add category" /></p> </form>'; } else { $errors = array(); if(isset($_POST['username'])) { //the user name exists if(!ctype_alnum($_POST['username'])) { $errors[] = 'The username can only contain letters and digits.'; } if(strlen($_POST['username']) > 30) { $errors[] = 'The username cannot be longer than 30 characters.'; } } else { $errors[] = array(); if(isset($_POST['university'])) { if(!ctype_alpha($_POST['username'])) { $errors[] = 'university name can only contain letters and digits.'; } if(strlen($_POST['username']) > 30) { $errors[] = 'The username cannot be longer than 30 characters.'; } } else { $errors[] = 'The username field must not be empty.'; } if(isset($_POST['password'])) { if($_POST['password'] != $_POST['pass_check']) { $errors[] = 'The two passwords did not match.'; } } else { $errors[] = 'The password field cannot be empty.'; } if(!empty($errors)) { echo 'Uh-oh.. a couple of fields are not filled in correctly..'; echo '<ul>'; foreach($errors as $key => $value) { echo '<li>' . $value . '</li>'; } echo '</ul>'; } else { // sha1 hashes the passowrd to give the form some security //and with the use of the escape query helps secure the site from being easily hacked $sql = "INSERT INTO users(username, password, email ,user_date, user_level, university) VALUES('" . mysql_real_escape_string($_POST['username']) . "', '" . sha1($_POST['password']) . "', '" . mysql_real_escape_string($_POST['email']) . "', '" .($_POST['university']) . "', NOW(), 0)"; $result = mysql_query($sql); if(!$result) { echo 'error please try again later.'; } else { echo 'Successfully registered. You can now <a href="signin.php">sign in</a>'; } } } include 'footer.php'; ?>

yes the problem was i forgot to tick auto_increment thanks for the help

my primary key is ID

Duplicate entry '0' for key 'PRIMARY' the id in my sql database don't change once i submit a new image

one of the errors is without the date function that my php echo's error writing image database

hi i am creating a website where a user can post a title,upload an image, description of image and description of ad and with this i keep getting error writing to database could somebody help me with this code thanks. also i need to insert current date into the database thanks. <?php if ( !isset($_FILES['userFile']['type']) ) { die('<p>No image submitted</p></body></html>'); } ?> You submitted this file:<br /><br /> Temporary name: <?php echo $_FILES['userFile']['tmp_name'] ?><br /> Original name: <?php echo $_FILES['userFile']['name'] ?><br /> Size: <?php echo $_FILES['userFile']['size'] ?> bytes<br /> Type: <?php echo $_FILES['userFile']['type'] ?></p> <?php require 'mysql.php'; $title=$_POST['title']; $description=$_POST['description']; // Validate uploaded image file if ( !preg_match( '/gif|png|x-png|jpeg/', $_FILES['userFile']['type']) ) { die('<p>Only browser compatible images allowed</p></body></html>'); } else if ( strlen($_POST['altText']) < 9 ) { die('<p>Please provide meaningful alternate text</p></body></html>'); } else if ( $_FILES['userFile']['size'] > 16384 ) { die('<p>Sorry file too large</p></body></html>'); // Connect to database } else if ( !($link=mysql_connect($host, $user, $passwd)) ) { die('<p>Error connecting to database</p></body></html>'); } else if ( !(mysql_select_db($dbName)) ) { die('<p>Error selecting database</p></body></html>'); // Copy image file into a variable } else if ( !($handle = fopen ($_FILES['userFile']['tmp_name'], "r")) ) { die('<p>Error opening temp file</p></body></html>'); } else if ( !($image = fread ($handle, filesize($_FILES['userFile']['tmp_name']))) ) { die('<p>Error reading temp file</p></body></html>'); } else { fclose ($handle); // Commit image to the database $image = mysql_real_escape_string($image); $alt = htmlentities($_POST['altText']); $query = 'INSERT INTO image (title,type,name,alt,img,description,date) VALUES ("' . $title . '","' . $_FILES['userFile']['type'] . '","' . $_FILES['userFile']['name'] . '","' . $alt . '","' . $image . '","' . $description . '","' . $NOW() . '")'; if ( !(mysql_query($query,$link)) ) { die('<p>Error writing image to database</p></body></html>'); } else { die('<p>Image successfully copied to database</p></body></html>'); } } ?>

thanks was making me think for a while that i done something wrong works now cheers

i keep getting this error all the time i don't understand why this is happening could someone please help me. <?xml version="1.0"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb"> <body> <h1>image upload to freecycle</h1><p> <?php require 'auth.php'; if(isset($_SESSION['loggedin'])){ //session is set, user is logged in }else{ header("http://stuweb.cms.gre.ac.uk/~sn027/login.html"); if ( !isset($_FILES['userFile']['type']) ) { die('<p>No image submitted</p></body></html>'); } ?> <body> <h1>Uploading Images to MySQL</h1><p> <?php if ( !isset($_FILES['userFile']['type']) ) { die('<p>No image submitted</p></body></html>'); } ?> You submitted this file:<br /><br /> Temporary name: <?php echo $_FILES['userFile']['tmp_name'] ?><br /> Original name: <?php echo $_FILES['userFile']['name'] ?><br /> Size: <?php echo $_FILES['userFile']['size'] ?> bytes<br /> Type: <?php echo $_FILES['userFile']['type'] ?></p> <?php require 'mysql.php'; // Validate uploaded image file if ( !preg_match( '/gif|png|x-png|jpeg/', $_FILES['userFile']['type']) ) { die('<p>Only browser compatible images allowed</p></body></html>'); } else if ( strlen($_POST['altText']) < 9 ) { die('<p>Please provide meaningful alternate text</p></body></html>'); } else if ( $_FILES['userFile']['size'] > 16384 ) { die('<p>Sorry file too large</p></body></html>'); // Connect to database } else if ( !($link=mysql_connect($host, $user, $passwd)) ) { die('<p>Error connecting to database</p></body></html>'); } else if ( !(mysql_select_db($dbName)) ) { die('<p>Error selecting database</p></body></html>'); // Copy image file into a variable } else if ( !($handle = fopen ($_FILES['userFile']['tmp_name'], "r")) ) { die('<p>Error opening temp file</p></body></html>'); } else if ( !($image = fread ($handle, filesize($_FILES['userFile']['tmp_name']))) ) { die('<p>Error reading temp file</p></body></html>'); } else { fclose ($handle); // Commit image to the database $image = mysql_real_escape_string($image); $alt = htmlentities($_POST['altText']); $query = 'INSERT INTO image (title,type,name,alt,img,description) VALUES ("' . $_FILES['userFile']['type'] . '","' . $_FILES['userFile']['name'] . '","' . $alt . '","' . $image . '")'; if ( !(mysql_query($query,$link)) ) { die('<p>Error writing image to database</p></body></html>'); } else { die('<p>Image successfully copied to database</p></body></html>'); } }