Jump to content

mac_gyver

Staff Alumni
  • Posts

    5,352
  • Joined

  • Days Won

    173

Everything posted by mac_gyver

  1. create a new test .php file on your server with the following code in it and let us know what output it produced when you run it - <?php var_dump(ini_get('display_startup_errors')); var_dump(ini_get('display_errors')); var_dump(error_reporting()); echo '<br>'; ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); var_dump(ini_get('display_startup_errors')); var_dump(ini_get('display_errors')); var_dump(error_reporting());
  2. data you store should have a unique id, typically an auto-increment column, that you can reference it by. your update form would then submit the unique id/value for each row that was displayed for updating. your update logic would then loop over the data, getting the unique id and the value for each submitted row of data to use in the update query. you would also still need to enforce ownership in the query, by making sure that only rows that the currently logged in user 'owns' can be updated.
  3. you should store the category names in a database table along with an auto-increment id column, that becomes the category_id. you then need to add a category_id column to your videos table and store the correct category_id in it. once you have the category_id column in your videos database table, you would simply GROUP BY category - select count(1) as count FROM videos GROUP BY category_id to get the correct category name, you would write a JOIN query between the videos table and the category table using the category_id column in the two tables.
  4. one apparent reason for your program/query LOGIC to produce incorrect results is because your sql query that matches the row in the users table contains a logic error - select epasswd from Users where UserId='$UserId' and Approved='1' or Approved='-1' or Approved='-2' this query will match rows where the user UserId is correct and Approved='1', but it will also match any row with Approved='-1' and it will also match any row with Approved='-2'. the correct query logic to match the Userid and any one of the three Approved values would be - select epasswd from Users where UserId='$UserId' and (Approved='1' or Approved='-1' or Approved='-2') or, more simply - select epasswd from Users where UserId='$UserId' and Approved IN('1','-1','-2') also, if your columns are numerical data types, don't put single-quotes around the values in the query.
  5. what have you tried? posting an image of your code is pointless on a programming help forum. we cannot read it and no one could copy/past any of it to point out things that are in error.
  6. what do you get when you do a 'view source' of the empty page in your browser?
  7. writing (building) a complete application requires that you have already mastered (learned and practiced) using the tools needed to build the application. unless you know how to produce a form for the browser and produce the .php code to take the submitted form data and insert it into a database table, you won't be able to do these things for your data. next, using ajax to submit a form, is an 'extra' feature, and in general, can be added to an existing working form by adding an event that calls a function that submits the data using an asynchronous http request and prevents the browser from submitting the form. the .php code that process the form data will be the same, regardless of using ajax or not. if you don't know how ajax works, you need to first learn and practice writing code that uses ajax to submit post data to a .php page. then, adding that functionality to a comment form will be the easy part.
  8. that you are not getting any application errors from the code to pin down where the problem is at, probably means that the code wasn't written with any application error checking logic in it. so, debugging what the code is doing to find where in it the problem is at will require that you have the ability to read and understand what the code is doing and to add debugging statements to display values and determine code execution paths to locate where in the code the problem is occurring at. if you don't have the skills and experience to do this, you are going to need to hire someone, because, unless you can narrow down the problem to just a small section of code or a database query that can be posted in the forum, we cannot help you. please don't expect to be able to post, attach, or link to your complete application code and get someone in a forum to debug the entire application for you for free. that's not what programming help is, that's asking someone else to do your work for you.
  9. i didn't look at the specific data, but the following should work - array_push($arrayFPTitle, (string)$temp->title); // cast the element as a string
  10. the receiving mail server @gmail.com probably blacklisted the sending mail server at your web host. the email is NOT being sent by or From: the email address that is being input in your form. the email is being sent from the mail server at your web host. the From: address in the email, at a minimum, needs to be a real mail box at your sending mail server. in addition to just helping to insure that an email will be processed, the From: email address is used as the return-path for bounce/error messages back from the receiving mail server when you haven't specifically supplied a Return-path email address in the mail headers. the email addressed entered in your form should be put into a Reply-to: mail header. what likely happens in these cases, is that enough people have entered xxxxx@gmail.com addresses in your form, which your code then used as the From: email address, and since gmail knows the sending mail server at your web host isn't a gmail mail server, all those emails saying they were From; xxxxx@gmail.com addresses eventually get your sending mail server blacklisted. another possibility, is that the receiving mail server received a 'flood' of emails from your sending mail server in a short time and blacklisted it. edit: another possibility, since you are NOT validating the user submitted data that you are currently putting into the mail header, which allows spammers to set any thing in the email message to anything they want, it that your script is being used to send huge volumes of spam, and has been blacklisted by numerous receiving isp's. in addition to fixing the mail headers, you will need to track down if your sending mail server is actually sending the email or if the receiving mail serve is discarding them them. after you can determine that your sending mail server is actually sending the emails, you can contact the 'postmaster' at @gmail.com to try and find out if/why they may be discarding emails you sending mail server has sent to their mail servers. an alternative that would allow you to send emails directly to your @gmail.com mail box, would be to use one of the php mailer classes and use smtp authentication against your mail box (you would use your email name and password in the script.) this would allow your php script to send the email directly to your mail box, without going through the mail server at your web host.
  11. the error is most likely in your main.php/sesstest() method - $count = $this->db->exec('SELECT * FROM sessions'); the pdo ->exec() method does NOT return results for a SELECT query and since a select query does not affect any rows, this usage will always return a zero, which is probably what you are basing the statement that the table is empty on. only insert, delete, update, and replace queries affect rows. you would need to get a row count using a method available for PostgreSQL (which i am not well versed with.) if you cannot get a count in the query statement, doing a pdo fetchall() of the result set and using php count() of the resultant array is the most universal method that would work with all database types. edit: if the PDOStatement::rowCount() method works for PostgreSQL, you would use the pdo query() method to run the query and get a count of the number of rows.
  12. you should probably post an example of the incorrect data the query is matching and an example of the data the query should match, along with the table definition. if your order by isn't returning the correct value, it's likely that your table definition is storing numbers as a character/text type.
  13. in the html <img ...> tag, you need to actually have php code that echos the variable - <img class="profile-photo" align="middle" src="uploads/<?php echo $actual_image_name; ?>" />
  14. there's no guarantee that any of those statements are still in the code. edit: it's also possible that the OP is on some web hosting that has disabled the error_reporting/ini_set statements.
  15. the 500 http error may be due to a php execution timeout or some other fatal php runtime error. set php's error_reporting to E_ALL and display_errors to ON to cause php to report and display the errors it detects when your code runs.
  16. ^^^ that's not the problem. that is a follow-on error. it is caused by a query that failed due to an error of some kind and your code didn't stop the rest of the code, the mysqli_fetch_assoc() statement, from trying to use the result from the failed query. to find out why the query failed, you can echo mysqli_error($link_id); after the line where you used the mysqli_query() statement.
  17. if that's the query statement that was formed, then you are not handling the $_GET variable correct, since it shows injected sql along with the numerical value. that particular sql injection attempt may have failed, but you can inject sql that doesn't contain any characters that are affected by an escape function, that isn't failing, isn't producing any errors, and does allow the hacker to dump the contents of your database tables. short-answer - that the sql statement you posted doesn't have any ' before the number, means that no amount of using an escape function will protect it, and that it shows injected sql with the id number, says you are not handling the value correctly. if you post your code showing how you are handling the $_GET variable before putting it into the sql statement, someone can help with it. an alternative would be to use prepared queries, where values are bound to place holders in the sql query statement, supplied when the query is executed, and cannot be used for sql injection.
  18. you didn't even bother to try and change your code to use the $points data that Barand's code extracts. this is a copy/paste fail on your part. i suggest that you look at the print_r() output from his code so that you know what format the name/point value is in, then remove all your existing code for the insert into points values ... query, and actually WRITE some new code that uses the $points array, keys/value pairs, to form and run the insert into points values ... query.
  19. that's too vague to help you. we can only answer specific questions.
  20. just off of the top of my head, you would do a GROUP BY some_time_interval to consolidate data for the time interval, getting an average, in the query, of the data for each time interval. it would be fairly easy to craft a query that either groups by - hour, day, week, month, or year intervals, depending on the scale you need, assuming you are storing a DATETIME value with each data point.
  21. you would need to post your current code responsible for forming and running the insert into points values ..., query, as it's likely it isn't using the $points array that Barand's code produces.
  22. here is the phpfreaks main site pagination script, modified to show dynamic items per page and showing the original mysql and equivalent mysqli database library functions - <?php define('SOURCE','mysqli'); // the method/type of data source - mysql, mysqli switch(SOURCE){ case 'mysql': // database connection info $conn = mysql_connect('localhost','dbusername','dbpass') or trigger_error("SQL", E_USER_ERROR); $db = mysql_select_db('dbname',$conn) or trigger_error("SQL", E_USER_ERROR); // find out how many rows are in the table $sql = "SELECT COUNT(*) FROM numbers"; $result = mysql_query($sql, $conn) or trigger_error("SQL", E_USER_ERROR); $r = mysql_fetch_row($result); $numrows = $r[0]; break; case 'mysqli': // database connection info $conn = mysqli_connect('localhost','dbusername','dbpass','dbname') or trigger_error("SQL", E_USER_ERROR); // find out how many rows are in the table $sql = "SELECT COUNT(*) FROM numbers"; $result = mysqli_query($conn,$sql) or trigger_error("SQL", E_USER_ERROR); $r = mysqli_fetch_row($result); $numrows = $r[0]; break; } // number of rows to show per page $rowsperpage = 10; // (default value when using dynamic rows per page) // dynamic rows per page, handling and form $per_page = array(1,5,10,25,50); // choices for select/option menu. also used to limit (min, max) the submitted value $rowsperpage = isset($_GET['perpage']) ? (int)$_GET['perpage'] : $rowsperpage; // get submitted value or the default $rowsperpage = max(min($per_page),$rowsperpage); // limit to the minimum value $rowsperpage = min(max($per_page),$rowsperpage); // limit to the maximum value // produce rows per page form $rpp_form = "<form method='get' action=''>\n<select name='perpage' onchange='this.form.submit();'>\n"; foreach($per_page as $item){ $sel = $rowsperpage == $item ? 'selected' : ''; $rpp_form .= "<option value='$item' $sel>$item</option>\n"; } $rpp_form .= "</select>\n<noscript><input type='submit'></noscript>\n</form>\n"; // find out total pages $totalpages = ceil($numrows / $rowsperpage); // get the current page or set a default if (isset($_GET['currentpage']) && is_numeric($_GET['currentpage'])) { // cast var as int $currentpage = (int) $_GET['currentpage']; } else { // default page num $currentpage = 1; } // end if // if current page is greater than total pages... if ($currentpage > $totalpages) { // set current page to last page $currentpage = $totalpages; } // end if // if current page is less than first page... if ($currentpage < 1) { // set current page to first page $currentpage = 1; } // end if // the offset of the list, based on current page $offset = ($currentpage - 1) * $rowsperpage; switch(SOURCE){ case 'mysql': // get the info from the db $sql = "SELECT id, number FROM numbers LIMIT $offset, $rowsperpage"; $result = mysql_query($sql, $conn) or trigger_error("SQL", E_USER_ERROR); $rows = array(); while ($row = mysql_fetch_assoc($result)) { $rows[] = $row; } // end while break; case 'mysqli': // get the info from the db $sql = "SELECT id, number FROM numbers LIMIT $offset, $rowsperpage"; $result = mysqli_query($conn,$sql) or trigger_error("SQL", E_USER_ERROR); $rows = array(); while ($row = mysqli_fetch_assoc($result)) { $rows[] = $row; } // end while break; } // while there are rows to be fetched... foreach($rows as $row) { // echo data echo $row['id'] . " : " . $row['number'] . "<br />"; } // end foreach // display dynamic rows per page form echo $rpp_form; /****** build the pagination links ******/ // range of num links to show $range = 3; // if not on page 1, don't show back links if ($currentpage > 1) { // show << link to go back to page 1 $_GET['currentpage'] = 1; $qs = http_build_query($_GET, '', '&'); echo " <a href='{$_SERVER['PHP_SELF']}?$qs'><<</a> "; // get previous page num $prevpage = $currentpage - 1; // show < link to go back to 1 page $_GET['currentpage'] = $prevpage; $qs = http_build_query($_GET, '', '&'); echo " <a href='{$_SERVER['PHP_SELF']}?$qs'><</a> "; } // end if // loop to show links to range of pages around current page for ($x = ($currentpage - $range); $x < (($currentpage + $range) + 1); $x++) { // if it's a valid page number... if (($x > 0) && ($x <= $totalpages)) { // if we're on current page... if ($x == $currentpage) { // 'highlight' it but don't make a link echo " [<b>$x</b>] "; // if not current page... } else { // make it a link $_GET['currentpage'] = $x; $qs = http_build_query($_GET, '', '&'); echo " <a href='{$_SERVER['PHP_SELF']}?$qs'>$x</a> "; } // end else } // end if } // end for // if not on last page, show forward and last page links if ($currentpage != $totalpages) { // get next page $nextpage = $currentpage + 1; // echo forward link for next page $_GET['currentpage'] = $nextpage; $qs = http_build_query($_GET, '', '&'); echo " <a href='{$_SERVER['PHP_SELF']}?$qs'>></a> "; // echo forward link for lastpage $_GET['currentpage'] = $totalpages; $qs = http_build_query($_GET, '', '&'); echo " <a href='{$_SERVER['PHP_SELF']}?$qs'>>></a> "; } // end if /****** end build pagination links ******/ ?>
  23. the items per page is just a form with a select/option menu. mysqli is just a database library of functions. implementing either of those things in an existing pagination script just involves writing and testing the code that does what you want. for the items per page. you would produce and output a get method form with the select/option menu, pre-selecting the existing/default choice. you would use an on-change event to submit the form if javascript is enabled, or display a submit button, if javascript is not enabled, using <noscript></noscript> tags. the submitted value would be validated and be used as the items per page value in the pagination code. the existing/default choice would be passed in any pagination links. if i have time, i will post an example. as to using mysqli (or PDO) as the database library in any script, it doesn't matter which library of database functions any code uses (as long as they are not obsolete/depreciated.) the database specific statements in code are at a lower-level 'layer' and is (should be) separated, and abstracted, from the application code. once you learn how to use the database library functions you have chosen, you simply use them at the point they are needed by the application code. if you need to learn how to use the mysqli or PDO database library functions, start with the php.net documentation. you will first need to know how to make a connection to the database server, how to run queries (and test for errors), and how to retrieve the data from the query.
  24. the mysql_fetch_array() expects parameter 1 to be resource, boolean given error is very common. you can search the web to find out what it means and how to find what is causing it. however, the mysql_ (no i) database functions are obsolete, depreciated, and will be removed in an future php release. you should not be wasting any time writing code using the msyql_ functions. you should instead be using either the mysqli_ (with an i) or PDO database libraries.
  25. yes, we can help you with your coding problem, but you must ask a specific question in order to get help. i.e. you ask a question, someone answers it. all you have done is to state you want or need something and we are not your mom, who is usually in charge of giving you things you need. the point is, you must have actually made some attempt to do this, in order to be at the point of asking someone for help with it. if you are asking for someone to help with it before you have even made an attempt, you are instead asking them to do your work for you and that's not how programming help works.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.