Jump to content

mac_gyver

Staff Alumni
  • Posts

    5,451
  • Joined

  • Days Won

    175

Everything posted by mac_gyver

  1. the emails are being sent FROM your mail server at bluehost. the domain in the from address needs to correspond to the sending mail server, i.e. you have set up dns zone records under your account that the receiving mail server can use to confirm that the sending mail server where your domain is hosted at IS where the mail should have been sent from. if you want to include the sender's email address, for reply purposes, you put it into a Reply-to: mail header, not the From: header.
  2. while the purpose of your code is to produce client-side html, the issue is the php code and using smarty syntax and commends, which is all php. moving to the php help forum...
  3. your code produces a fatal php parse/syntax error due to a missing ;. i'm not going to tell you where, because your development system should have php's error_reporting set to E_ALL and display_errors set to ON in your php.ini so that all php errors will be reported and displayed. for this kind of error, php can point you to the correct area of the code (usually the actual problem causing a syntax error is immediately prior to where the syntax error is reported) and you should be able to find things like missing punctuation. edit: next you have a functional problem in getting the current autoincrement value from a table, increment it, and using it. if you have concurrent requests to your page, you will end up with wrong values. the way you would do this is, after the INSERT query runs for the aktiviteter table, use mysqli_insert_id() to get the actual id that was generated. next, you are mixing mysql_ (no i) and mysqli_ (with an i) functions. you need to use all mysqli_ (with and i) functions.
  4. you can test if your pdo driver is emulating prepared queries (for some, that's the only choice, regardless of the PDO::ATTR_EMULATE_PREPARES setting), by checking if a deliberate syntax error in your sql statement is throwing an error at the ->prepare() statement (temporarily add a die; after the prepare() to prevent the ->execute() from running) or at the ->execute() statement; if the query is actually being sent to the database server to be prepared, the syntax error will be thrown at the ->prepare() statement.
  5. in the context of a monthly calendar, what do you want to display? displaying every open time slot for even one trainer (what if you have 20 trainers) would not be piratical. your monthly calendar could at best show a clickable 'event' on the days that have available bookings (and a non-clickable, 'full' listing for days that have no open time slots), either just one event total, if any of the selected/filtered trainers have an opening, or one event for each selected/filtered trainer that has an opening on that date, with a hoover/pop-open tool or a link that gives you a view/page that consists of the booking grid with the open time slots for the clicked on date. a monthly calender could be used for the appointment confirmation. you could display an 'event' on any days that have any un-confirmed appointment(s), for the currently logged in trainer. clicking on the 'event' would take that trainer to a grid of un-confirmed appointments that can then be reviewed and approved. assuming that a trainer would have the need to cancel an appointment, you would instead display an 'event' for all days that the trainer is available. clicking on any day would take the trainer to a grid that shows un-approved and approved appointments on that day with choices to approve/cancel each appointment.
  6. a persons ip address can change at any time and all the people connecting from one nat based network will share the same ip address. using the ip for anything other than just informational purposes will result in problems of locking someone out or of allowing someone access just because the connected from the same network. you must limit access based on the logged in user's id and what content he has permission to view or change.
  7. dynamically produced web sites don't actually have folders and files for everything or for each user. they use logical folders and pages that map (using url rewriting) to one actual file that retrieves the correct content from a database and displays it in response to the url that was used to request the page. are you sure want to try to copy and then manage a bunch of actual folders and files? also, how are you going to restrict access for making changes to the proper user?
  8. the bind_parm() statement must have - i'm not making this up, this comes directly from the php.net documentation for that function - the statement you end up producing must be in the form - $stmt->bind_param ('iissssss',$var1,$var2,$var3,$var4,$var5,$var6,$var7,$var8); the only way one of the ways you can dynamically do this is to use call_user_func_array() and as stated, there are examples in the user contributed notes in the php.net documentation. edit: the user contributed notes that i have mentioned contains a method using class Reflection to do this in a more direct way. also, your $build_bind_param string isn't correct for the query you are showing. you would build the part that corresponds to the set of $arrays values and concatenate that in the correct place in the string relative to the other parameters.
  9. http://forums.phpfreaks.com/topic/281305-pagination-from-search-results/?hl=%2Bhttp_build_query&do=findComment&comment=1446040
  10. form data is only available on the page request that the form submitted to. it's up to your code to propagate the search term with the pagination links. in the search.php code, there's no need to check the $_GET['submit'] or to even have it as a named field in the form, just make sure there's a $_GET['search'], assuming you only want to display anything if a search term was entered. to build your pagination links, you should use a function like http_build_query, as it will let you take any existing $_GET parameters and combing in your page parameter. another thing http_build_query does for you, that your current code is lacking, is to urlencode all the values being put into the link, so that the link won't be broken if someone includes a search term that includes characters that must be urlencoded. http_build_query also lets you specify the separator to use between parameters, which for a link, should be &
  11. yes, and for those that have javascript enabled, you can use an onchange event to submit the filter form. for those without javascript, provide a submit button using <noscript></noscript> tags. i would reverse the order of the fields in the rewritten url. you will always have a page number, even if there's only one page. the page number should come first. the content and sort type won't necessarily exist and should come after the page number.
  12. you would make links that contain a get parameter that tells your one page how you want to sort the data, such as ?sort=date&direction=asc you would then test for and validate the get parameters and use the values to determine what sql query statement to build (don't use the values directly in a query without being fully validated to insure they are ONLY one of the permitted values in order to prevent sql injection.) you would also build the pagination links with whatever existing get parameters there (you can use http_build_query to do this) are so that they propagate between the page requests when you click on the pagination links.
  13. your testing on the development system should have found things like query errors. your code should also have logic that tests each query to see if it failed or not and take an appropriate action. if a query does fail, you should output a user message - 'Sorry, an error has prevented this page from completing the requested operation' and log the actual query and the database error message. testing is more than just checking that the code runs. it means testing if the code does what you expect for both expected values and unexpected values and making sure that the code produces the expected result for all the possible execution paths/logic branches.
  14. things which are configuration dependent (and php version dependent) will be producing either php syntax or runtime errors. if the pages all actually run at all, then at least the main pages don't contain php syntax errors and you can set php's error_reporting to E_ALL and display_errors to ON in the code to see what errors are being detected by php. you could also post the code here and someone could directly tell you the most likely things it is doing that would be configuration or version dependent.
  15. using a prepared query with the IN() comparison, will require that you dynamically supply a place-holder in the query for each value in the array - it must look like IN (?,?,?,?,?), you must dynamically build the bind_parm() statement with the correct first parameter with a type character for each place holder, and the hard part, you must dynamically supply a 2nd through nth parameter consisting of a variable (which can be an array element) for each parameter. if you look at the user contributed notes in the php.net documentation, either in the msyqli prepare or mysqli bind_parm section, you can probably find a script/class that helps do this for you. to build the place-holders and the type character string, you can just get a count of the elements in the array and use string functions to build those. to actually supply a dynamic number of parameters to a function, you must use call_user_func_array(). or if you can switch to using the PDO database library/class, all of this becomes very simple, because you can bind each parameter separately.
  16. you could of course write out a ->bind_result() statement that lists a $row['column_name'] variable for each column you have selected in the query, but that wouldn't be general purpose and would require that you do a lot of typing that the computer would be more than happy to save you from doing each time you write out or change a query. fortunately, i have done this before, and when you see how much code this takes, you will see why we recommend using the PDO database library/class. with respect to the code i posted as an example above, the following section - $stmt->execute(); ... // the above php code is the business logic, that knows what to do on the page and how to get data from the database is replaced with this - $stmt->execute(); $meta = $stmt->result_metadata(); $variables = array(); // the 'bind_result' parameters $data = array(); // array to reference to hold the actual fetched data $fields = array(); // just the field names, for building the display header while($field = $meta->fetch_field()){ $variables[] = &$data[$field->name]; // parameters to 'bind_result' are references to the data array elements $fields[] = $field->name; } call_user_func_array(array($stmt, 'bind_result'), $variables); $results = array(); $i=0; while($stmt->fetch()){ $results[$i] = array(); foreach($data as $k=>$v){ $results[$i][$k] = $v; // you must specifically access the key/value (otherwise you get a reference to the element in $data and they are all the last value fetched) } $i++; } $stmt->close(); // the above php code is the business logic, that knows what to do on the page and how to get data from the database
  17. this is covered in point #2 in my post and the php.net documentation for msyqli prepared queries. the portion of the code using ->get_result() will need to be rewritten to use the ->bind_result() and ->fetch() methods. if you continue to use mysqli statements, you will need to use a ->bind_result() statement to bind each column being selected in the query to a php variable (array entries will work), then, in your existing while(){} loop, use the ->fetch() method to get the data from the query into those variables. if you instead switch to using PDO statements, you can avoid all of this mess, because no matter how you run the query (prepared statements or not, regardless of any driver or php version differences), you can use PDOStatement methods to fetch the result form the query.
  18. the parentheses are not part of the require_once statement (it's not a function.) what using them does is cause php to evaluate the term they enclose, similar to using parentheses in a math equation to force operator precedence.
  19. the last code you posted won't even parse, it's missing the closing syntax of two php constructs. i even see a double $$ on a variable and wrong variable names being used. programming is an exact science. every character matters. sometimes, capitalization of those characters matters. every variable name matters. every statement, what it does and what it contributes to your goal, matters. copy/pasting code together isn't how programming is accomplished and isn't how learning a programming language works either. you must actually learn what the basic language syntax is, then what each statement you are using means and does, so that you can write code that uses the language syntax and statements to accomplish the goal you are trying to achieve. next, you need to define the goal you are trying to achieve. besides a statement of what you are trying to accomplish (in this case, process form data to retrieve and display a corresponding piece of information from a database table), you need to define what inputs you have available, what exact processing you want to do based on those inputs, and what exact result or output you want to produce. i'm not going to take the time to list what's wrong with the posted code because, well, you need to start over with the php portion of your code and write it yourself to do what you want it to do. i have one hint, htmlspecialchars() is an OUTPUT function. it is used when you output data onto a web page. it is not used on input data to a script. any code you may have found posted on the internet that showed using it on data going into a database query was an incorrect application of the function.
  20. the most immediate problem is that your <select> tag doesn't have a name='tank' attribute, so there's no value being submitted to the php code. as akphidelt2007 mentioned, you need to have php's error_reporting set to E_ALL and display_errors set to ON (in your php.ini on your development system) so that php will help you by reporting and displaying all the errors it detects. this will save you a ton of time during the learning and debugging process.
  21. with all the changes that have been made, what is the current end result/symptom when this fails? i would still be concerned about the values not being urlencoded (which the http_build_query does for you) when building the links, since any sort of non-url-permitted character could be treated differently by different browsers and would result in the submitted values being different from what was used to build the link and so wouldn't match in a database query.
  22. text textarea, and password form fields will be set, even if they are empty. your form processing logic should first test if your form was submitted, then specifically test the content from each form field. for fields that are required, at a minimum, you would want to test if their character length is greater than an acceptable minimum.
  23. some more advantages of rearranging the code as ginerjm has suggested are - 1) it will be easier to update the existing mysql code to use the mysqli or POD database functions, since the mysql functions are obsolete. all the database code will be close together, near the start of the code file. 2) since the main logic that determines what to do on the page and what data is being produced will be grouped closer together, it will be easier to avoid problems like the $userid variable problem. 3) it will make testing and debugging the code easier, since once you have determined that the main php code is producing the correct result, you can forget about that part of the code and concentrate on getting the correct output on the web page. 4) you will be able to perform a header() redirect back to the same page once you have successfully processed the form data, thereby making the user experience better since the browser won't attempt to resubmit the form data should you refresh the page or navigate back to any page that was the target of a form submission.
  24. @JTM, is this a second account for you? we have another member joemal, that posted code for this same assignment and from the same location you are at.
  25. there are existing resource availability/resource reservation scripts that probably do this in some fashion (likely for reserving/booking rooms, rather than a trainer, but the logic is the same.) you would need a table to hold the resource (trainer) availability schedule, all resources in stored in the same table, using a resource id to identify which rows are for each resource. for reoccurring schedules, you would need to store the definition of the schedule (Mike is available on Mondays-Friday from 8am-5pm) and evaluate it, storing the resulting dates and times in the availability schedule table, as needed (any query displaying data with a date higher than the latest stored date would evaluate the definition to populate dates up to at least the latest display date.) you would have a second table to hold resource reservations, with the resource id, the id of who is requesting the resource, the date, start time, end time, and a status. the status would indicate if the resource has been requested (someone selected a date/time slot, but it has not been confirmed) or booked (if the trainer has reviewed and confirmed the reservation.) any resource reservation with either of those status values would not be available for selection. if there is a preference for a particular resource or type of resource, you would get and apply a filter in the query that determines which resource id(s) you match in the resource schedule table and for just the date(s) you are trying to display. you would then join the rows from that table with the resource reservation table, using the resource id and date columns, to get the row(s) and therefore the start/end times the resource is (is not) available for selection. that should get you the data you need to display a grid of appointment slots that are (are not) available for selection.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.