Jump to content


Staff Alumni
  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by mac_gyver

  1. just because you have two files, doesn't necessarily mean they cannot be used on the same page. just 'require' the file containing the html/minimal amount of php code, at the appropriate place to produce a single page with all the functionality on it. if you don't think your instructor would go for that distinction, you would need to store the validation errors in a session array variable and also store the submitted array of post data in a session variable so that when you redirect back to the form page you can use the data in the same way as suggested above. all page(s) that set or use session variables must have a session_start() statement on it. located before anything is output to the browser.
  2. here's a list of practices that will result in a web page that does what you are asking, with a minimum of code - 1. put the form processing code and the form on the same page. the form processing code goes above the start of the html document. the form processing code needs to detect if a post method form was submitted before executing any of its code. 2. in the form processing code, store validation error messages in an array, with the form field name as the array key. 3. after the end of the validation logic, if the array holding the validation error messages is empty, there are no errors and you can use the submitted data. 4. after successfully processing the form data, execute a redirect to the exact same URL of the current page to cause a get request. this will prevent the browser from trying to resubmit the form data if you refresh the page or browse back to the url of the page. this will also cause a blank form, with no error messages to be displayed. 5. at the point of (re)displaying the form fields, you would test if the element in the errors array matching the current field name isset() and output the error message. you would also test for and output the existing field value so that the user doesn't need to keep reentering the data over and over, just correct the errors in the existing data.
  3. mac_gyver

    Need help with this script

    because you are putting external/unknown values directly into the sql query, it is open to sql injection. if someone managed to create a username containing sql when they registered, the posted code/query could allow them to set any user's record to anything they want, which could allow them to take over an administrator's account. while you are using prepare/execute statements, you aren't using place-holders in the sql query for the values. have you read the documentation for prepared queries?
  4. i noticed you viewing a forum thread earlier that used http_build_query() to produce pagination links with any existing get parameters. what issue are you still having with doing this yourself?
  5. what does the 'view source' in your browser of this blank page show? i'm betting it has your - 'You have to Enter movie name or producer', because there are two apparent problems in your current code . the 1st problem is $_GET['search'] isn't being added to the pagination links, which you would have noticed if you had looked at the URL in your browser's address bar. you can edit all the places where you are producing pagination links or you can use http_build_query() like has been suggested (if you search the phpfreaks forum, you will find examples showing how to use it with pagination.) the 2nd problem is you have too many different $_GET variables from the search form. you only need $_GET['search']. remove $_GET['submit'] and change your logic to only use $_GET['search'].
  6. the code in the _showDay() method is for producing a single cell. you would not add any loop to it. see the following logic for the end of the _showDay() method - // hard way of testing if the day being displayed is today $today_day = date("d"); $today_mon = date("m"); $today_yea = date("Y"); $class_day = ($cellContent == $today_day && $this->currentMonth == $today_mon && $this->currentYear == $today_yea ? "calendar_today" : "calendar_days"); // easy way of testing if the day being displayed is today $today = date('Y-m-d'); $class_day = $this->currentDate == $today ? "calendar_today" : "calendar_days"; // the above logic sets the $class_day to highlight 'today' and $cellContent if the day number should be displayed (currentDate is between the start and end of the month) // to add highlighting or different cellContent do that here if(in_array($this->currentDate, $this->highlight_dates)) { $class_day = "calendar_today"; // uses the existing 'today' css. change as needed $cellContent = ""; // produce the desired content (link) as needed } return '<div class="' . $class_day . '">' . $cellContent . '</div>' . "\r\n"; you would define a class property highlight_dates or a name of your choice as an empty array. if the array is left empty, the code works as is. you would then just assign an array of dates to the hightlight_dates property to cause the additional logic to do its thing. while you can make this array of values just the day number, here are some reasons to use a full date - you may have an array of holidays or company days off for the entire year or these dates may be event dates. you can just put these values into the array and the code will work. so, for your example of birthdays, you would just need to use the current year in the birth date values to come up with the full date values.
  7. you would initially create an array of the dates (Y-m-d date format) you want to highlight and store this array in a class property. at the point in the code where it is producing the css class selector and the cell content, you would use in_array() to find if $this->currentDate is one of the dates in the array. note: the author of that script should have produced a $today value in the Y-m-d format and just directly compared it with $this->currentDate in the existing css class selector code.
  8. mac_gyver

    Need a dynamic Subform

    ginerjm's reply wasn't about a static form with x predefined sets of input fields. it was about entering one line item of data at a time, submitting the data (where it would be validated, so you can correct any errors as they occur), and then presenting an empty set of input fields for the next data item. the already entered data items would be shown with edit/delete buttons. to do just the entry of data, you don't need any javascript. you may however want to use javascript to do auto-suggest item selection. you should not expect the user to be typing in a large amount of item information. your user interface should allow selecting from existing items to help prevent data entry errors. your code layout would be - post method form processing, for Create(insert), Update, and Delete operations. you would trim and validate input data, storing validation errors in an array. if there are no validation errors, use the submitted data in an appropriate sql query. retrieve any existing order item data and display with edit/delete buttons for each item. if there are validation errors, display the form (which has only one set of input fields), re-populating the field values from the submitted form data. the user would correct any errors and re-submit the form. if there are no validation errors, display the form with empty field values. the user would enter the next set of data values and submit the form.
  9. writing code that works correctly requires that you have first defined what the code is going to do, so that you don't waste time writing/trying code that has nothing to do with the goal you are trying to achieve. a search page with pagination involves - 1) a search term input, from a $_GET parameter in the url. you only need a single input for this. it will either be set or it won't. you need to decide what to do when it is not set. will you output a message that the search term is empty and skip running all the database code or do you instead match all data, i.e. have no WHERE term in the sql queries? you should trim() this value before testing it to remove accidental white-space characters and to let you detect if an all white-space value was submitted. 2) a page input, from a $_GET parameter in the url. if this is not set, you would use a default value of 1. you would also limit this value between 1 and the total number of pages. a negative or a zero value are not valid and a page greater than the total number of pages won't match any data. 3) a COUNT(*) query to get the total number of matching rows. the result from this query is used to calculate the total number of pages. this is used to test/limit the requested page number and when producing the pagination links. 4) a data retrieval query to get the logical page of data. both the COUNT(*) query and the data retrieval query must have the same table(s) and any JOIN, WHERE, GROUP BY, and HAVING terms. you should build this common part of the sql queries in a php variable, then use that variable in both of the actual queries. the data retrieval query also has ORDER BY and LIMIT terms. if you retrieve all the data from the data retrieval query into a php variable, it will separate the database specific code from your presentation code, making it easier to test your code or to change the database extension without having to make changes though out your code. 5) code to display the retrieved data. 6) pagination links. the pagination links need to include any existing search term and the page numbers. the easiest way of doing this is to get a copy of any existing $_GET parameters and use http_build_query() to produce the query string part of the urls. some suggestions for your code - 1) the ....escape_string() functions can still allow sql injection if the character set that php is using isn't the same as your database table(s) and it is rare that anyone sets the character set when they make a database connection. you should use prepared queries when supplying external/unknown values to the sql query statement. a prepared query results in the simplest sql query syntax and the least amount of php code, provided that you use the php PDO database extension. 2) you should have error handling for all the database statements (connection, query, prepare, and execute.) the easiest way of doing this is to use exceptions and in most cases let php catch the exception where it will use its error related settings to control what happens with the actual error information (short-answer database errors will get displayed/logged the same as php errors.) 3) the search form should be on the same page with the search results and you should make the form 'sticky' by re-populating the field value with any existing search term. this will result in the least amount of code and allow the user to see what the existing search term is and to easily modify it if need be.
  10. mac_gyver

    Parse error: syntax error, unexpected ';' line 44

    you also have a "cannot see the forest for the trees" problem with a lot of unnecessary variables, statements, and conditional tests (boolean-like values can only be true or false, so comparing a value first with a true and then later a false is redundant clutter.) by putting the form and the form processing code on separate pages, you are doubling the amount of logic you need. also, if you switch to the much simpler php PDO extension and use exceptions to handle database statement errors (and in most cases let php catch and handle any database errors) a lot of the database related code will go away.
  11. mac_gyver

    Auto populate price based on selected product

    do not pass the price through the form. you should get a minimum of data from the form, because all form data must be validated before using it. if all you are submitting is the item id and the quantity, you only have two pieces of form data that you must validate. the work-flow should be - 1) user selects an item, modifies the quantity (the initial quantity field value should be 1), and submits the form. 2) the server side processing code detects that a post method form has been submitted, validates the input data, and adds the item id (as the array index) and quantity to a cart session array variable. 3) to display the cart, get the item id's (see array_keys()), query the database to get all the item ids, names, descriptions, and prices for the items in the cart. loop over the retrieved data to display the cart, getting the corresponding quantity from the cart session array variable using the item id, performing any total calculation and display as needed.
  12. mac_gyver

    Auto populate price based on selected product

    if the point of retrieving the price is to calculate the total before you add the item to the cart, there's no real need to do this, assuming that after each item is added to the cart you are displaying the contents of cart. you would retrieve the item name, description, price, and would calculate the total when displaying the contents of the cart. You can just display the price next to the item name in the option list if the sales rep needs access to the unit price.
  13. mac_gyver

    Auto populate price based on selected product

    IMO using a select/option menu to pick a product to add to a cart is not a good user interface. there's a limited amount of information that can be displayed about each product, so picking between similar products will be difficult and once you get to 20-30 items no one is going to want to use a select menu. you should list out each matching (using a category/name selection/search) product with the name, description, price, thumbnail image, quantity field, and an add button. if you do have a use for a select/option menu to pick something, you would attach an onchange event handler to the select element, the option value should be the item id not the item name, the javascript would get the value of the selected option choice, use ajax to retrieve the data matching the selected item id, then populate any elements on the web page with the retrieved data. these are all very common tasks that you can research on the web to find example of. while you can display the price and calculate and display the total from the entered/selected quantity and the price, the only values that should be used on the server from the submitted data are the item id and the quantity.
  14. mac_gyver

    Error establishing a database connection

    your php installation needs to be set up to log all php errors. there should be information in the web server error log file to help identify the problem.
  15. it sounds like you are manually creating new code each year/season with hard-coded values in it. your time would be better spent making one instance of the code dynamically produce/operate on whatever is different each year, so that you only have to find and fix whatever is causing the current error once.
  16. mac_gyver

    Site Won't Submit Multiple Variables

    you need to start by specifically defining what you are trying to accomplish, including what the scope and limitations are. then write and test just the code needed to accomplish the stated goal (you currently have a bunch of code and queries written out for each combination of search fields - this is not how to do this, you would dynamically build a query with just the parts it needs.) you have shown one example of a composite value, the 1;3 for Chesapeake or Virginia Beach. is this the only multiple location or are you planning on producing all possible combinations once you get this working for the one example OR do you actually just want to allow any of the listed cities to be picked? if your assignment is just to allow multiple cities to be picked, you have been given the answer on at least one of the forums, add the multiple attribute to the <select tag and make the select name attribute an array. this will let you select one or more cities from the listed cities. note: you should be dynamically producing the select option choices from the available cities, the form and the form processing code should be on the same page, and you should make the form 'sticky' by selecting any option choice(s) that have already been selected and submitted. next, for the form processing code, start small. get this city id code to work first, then add other search fields. your form processing code should detect and validate any inputs before using them, as already stated - dynamically build the query, fetch the data from the query into a php array variable, then just test and loop over this variable to produce the output. since you are doing pagination, you need two queries, the first one gets a count of the matching rows, the second one gets the logical page of data. the table, join, and where clauses in both these queries must be the same and should just be built once, then re-used in both queries.
  17. mac_gyver

    Arrays: concatenation operator .= vs =

    since the $array[] syntax always appends a new element to the array, it won't contain anything to concatenate to, so, the use of the . has no meaning and is probably producing a php undefined error. what sort of error, symptom, or problem are you having that causes you to ask this?
  18. mac_gyver

    MySQL pulling results twice

    just use the LEFT JOIN query, with corrected join condition and where clause. if you fetch all the data from the query into a php array variable and use var_dump(), you will be able to see what result the LEFT JOIN produces when there are and are not corresponding row(s) in the D table.
  19. mac_gyver

    bots and forms

    your html is either broken (no closing > for that input) or you have multiple fields with the same name. it would take having the actual html of your form page to help. you might also be setting $_POST['email'] to a value somewhere in your php code. if you use var_dump($_POST) to see what value it contains, you can back-track to find where the value is coming from.
  20. mac_gyver

    MySQL pulling results twice

    the reason you are getting the wrong result is because you are only joining on the menu_item_id for the table D LEFT JOIN condition, but both the menu_id and the menu_item_id are what associates a menu/item with its' quantity in the D table (you probably have the same menu_item_id in more than one menu.) you should also be using a.menu_id in the WHERE clause in both queries. you should actually have an auto-increment id column in the B table. this will define a menu/item id. you would use this id in the D table. this will also simplify the form fields since there's only one id involved with each quantity. next, you don't need two sets of code/queries. the LEFT JOIN with the D table will give the quantity if there is one, or a null (which php will treat as a zero) if there isn't a row for an item.
  21. mac_gyver

    php help

    the users table should only hold unique/one-time user information - first name, last name. this would produce a user_id (auto-increment integer column.) you would store any repetitive user information, such as the weight/date data in a second table, related back to the user through the user_id value. once you have properly stored the data, you can write sql queries to get any user(s) information for any date or date range.
  22. check your DNS records at tools.dnsstuff.com start with the DNSreport tool.
  23. mac_gyver

    proper PRG form handling

    the Redirect part of PRG is to the exact same URL that the post method form submitted to. if after successfully processing the post method form data, you are redirecting to a different URL, that's not what the PRG pattern is.
  24. mac_gyver

    Update script to PHP7.2

    didn't state that. it is possible to convert old code to use a new database extension and to manually modify any sql query that has data being directly put into it to be a prepared query (the query function needs to accept a second optional array of input data and either just execute the query if there is no input data or prepare and execute the query if there is.) this is simpler if the code is using a database abstraction layer, which the code has (some user written functions), but isn't consistently using everywhere, so, it would first require that all database interactions be rewritten to use the existing functions.
  25. mac_gyver

    Update script to PHP7.2

    the php mysql_ extension has been removed from php. however, if the script is old enough to still be using the mysql_ extension, it is probably using other removed features (the error you got is just the first of many.) it would require reviewing the entire script and rewriting everything that's been removed and to also add security for database queries (php's attempt at protecting against sql special characters in external data from breaking sql queries was also removed.)

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.