mac_gyver

the reason he asked that is because $_POST data is only available on the page that the form submits to. it's empty otherwise. why is your login php code setting $_SESSION variables? wouldn't that be so that you can use that information on other pages? as to your form, you have two sets of opening and closing form tags. the first form has the student_id field, the password field is in between the two forms, and the second form has the submit button. what you have shown will only submit the submit button itself, because that's the only thing in the form where the submit button is. edit: your login query is open to sql injection and basically anyone can cause it to select any row in your table. you need to escape your data being put into the query. you also need to use a strong hashing method for your passwords.

look at the zip functions. they basically sample the data and convert repeated sections into shorter codes, then reverse the process to get the original data back.

the PDO documentation at php.net is the best starting place. there's nothing technically wrong with the posted code and works for me. the error message mentions NO password, that indicates in your actual code that $pass was empty. the error message in general either means that the database name doesn't exist, with that exact spelling/capitalization, or the user/password combination doesn't exist or hasn't been given permission for the database name being used. if you copied any portion of that from some web site, you may have non-printing characters as part of it that is messing with the values. posting it here could have removed those characters, so copy/pasting it from this forum post may result in working code while your original code won't work. do you have php's error reporting set full on (error_reporting set to E_ALL and display_errors set to ON) as that may help with things like non-printing characters/character set issues in the $pass variable?

is that all the code or do you have other code later in the file? that error is typical of a mysql_query() or other mysql_ function running when there isn't a mysql_connect() database connection and it (the mysql_query() statement) tires to make a connection using default credentials, which are rarely set on any server.

i moved your thread from the 'third party' forum section to the php coding help section. the 'third party' forum section is for complete (functional) scripts that you are trying to use as is or to modify, such as a chat script, login script... snippets of code and coding concepts that you may have found, while being written by a third party, become your responsibly when you incorporate them into your own scripts.

a) you didn't post any code. when posting code in the forum, please use the forum's bbcode tags (the edit form's <> button). b) you would also need to show us the raw data values in your table (showing the table definition would help too) and what the actual incorrect output is that you are getting from your code.

your form(s) make no sense, and it is necessary for you to understand what your code is doing in order to (efficiently) get it to do what you want. you need to start with the basics and get them to work first. you are trying to make a form with input fields for a 'student_id', a 'student_password', and a submit button. all three of these must be in ONE single form. start with just the following (do things like formatting and styling after you have learned the basics) - <form action="Student_Home.php" method="post"> Student id: <input name="student_id" type="text"><br> Password: <input name="student_password" type="password"><br> <input name="login" type="submit" value="Login"> </form>

at this point, these problems are logic, copy/paste, and typo errors on your part. you need to debug what your code is doing and try and solve these yourself. it would probably help if you set php's error_reporting to E_ALL and display_errors to ON to get php to report and display all the errors it detects.

line 20 of your last posted code is the end of your if($search){ ... } logic. however, lines 22-28 are part of that logic. the closing } on line 20 needs to be moved down.

the error message is because your query failed due to an error (you removed the comma between the two remaining items in the SELECT list.) you also don't have any error checking logic for your queries, so you are getting follow-on errors when they fail due to an error in them.

after your run the search query, you must loop over the result set and build the $links array from the fetched data. the $links variable in your posted code is the result resource from the query, not the 'generic' data that the presentation logic needs. you should only SELECT the fields you need in that or any query. you are only using FullDocumentID and full_doc_number. these are the only things you should have in the SELECT list in the search query. you would just fetch and store each row to the $links array - // this code expects the result resource from the query to be in $result if(mysql_num_rows($result) > 0){ $links = array(); while ($row = mysql_fetch_assoc($result)){ $links[] = $row; } } btw - Please use the forum's [/nobbc] bbcode tags (the edit form's <> button) when posting code. i would edit your posts, the that generally messes up copy/pasted code that wasn't originally posted in [nobbc] bbcode tags. also, the mysql_ database functions are currently depreciated and will be removed in a future version of php. you should be learning and using either the mysqli or PDO database functions so that you don't need to go through all your code changing the database functions when the mysql_ functions get removed.

the example code i posted contains logic to test if there is a submitted search term before trying to use it and if there is a submitted document id before trying to use it, thereby preventing the errors you are getting. the example also propagates the search term in the document links. i recommend studying the example code again (it's standalone, functional, code that you can run by itself to see how it works.)

you would use a simple page controller to combine and control what the code does on one page. a key to organizing your code to make this easier is to separate your 'business logic' from your 'presentation logic'. see the following example - <?php // the following is the business logic that determines what to do for any page request and gets whatever data is needed $search = isset($_GET['search']) ? $_GET['search'] : ''; if($search){ // get the data to produce the document links // your action code making use of the submitted search term would go here or be included here... // some made up data as an example $links[] = array('id'=>123,'full_document_number'=>'doc 134566'); $links[] = array('id'=>567,'full_document_number'=>'doc 745745'); } $id = isset($_GET['id']) ? $_GET['id'] : 0; if($id){ // get the data/file for the requested document id // your action code making use of the submitted document id would go here or be included here... // some made up data as an example $doc = "some document contents or document link from wherever and however you are storing it"; } // the following is the presentation logic that takes the data from the above business logic and produces a (correctly formatted) html page // the search form if(!$search){ echo 'Enter search term: '; } ?> <form method="get" action=""> search: <input type='text' name='search' value='<?php echo $search;?>'> <input type='submit'> </form> <?php // the document links if($search){ if(isset($links)){ // output document links echo 'Select a document to view:<br>'; foreach($links as $link){ $_GET['id'] = $link['id']; // add document id to (any) existing get parameters $qs = http_build_query($_GET, '', '&'); // build the current url query string echo "<a href='?$qs'>{$link['full_document_number']}</a><br>"; } } else { echo 'No matching documents found.'; } } // the document display if(isset($doc)){ echo 'The requested document:<br>'; echo $doc; } a point about your search form. it determines what will be shown, i.e. gotten, on the page and should use method='get'.

php syntax errors won't be reported in your main file by settings in that file or included into that file since the code never runs to modify the settings. the error_reporting/display_errors settings must be set before the page is even requested to show syntax errors in your main file, so the settings must be in a php.ini or a .htaccess file (only when php is running as an apache module.) by having the settings in a php.ini/.htaccess file, you don't need to remember to put them into your code for debugging and remember to remove them when you put your code onto a live server. also, error reporting should be E_ALL. by hiding notices messages (the setting you posted) you are missing out on getting php to help you with things like typo errors that cause mismatched variables...

and because the header() redirect doesn't have an exit; statement after it, the posted code won't prevent access to the protected page. the rest of the code on the protected page will run just the same and all anyone or a bot script would need to do is ignore the redirect to access the page and whatever the code on it permits.

what debugging have you done to find out where the problem is at? are the links correct and with the expected idi values in them? is your code in edit_record_form.php using the correct get variable? is your code in edit_record_form.php throwing a php syntax error, due to the smart/curly quotes in it from where ever you copied it from? do you even have php's error reporting set full on so that php syntax errors would be reported?

oh wow. for security purposes DO NOT set cookies with things like user id's, usernames, passwords, or any sort of hashed versions of these, the main reason being is these values being stored in the cookies are fixed/static/unchanging for any one user and if anyone gets a hold of these values they can use them to impersonate the actual user until the values get changed. if you need to identify a user longer than one browser session (i.e. session variables), generate a unique id (which is essentially what the session id is) and store that in a cookie and in the corresponding row in your user table. you would use this value to identify the user and since it is a generated value, not tied to any fixed information, it can be regenerated at any time.

what debugging have you done to find out at what point your code and data are doing what you want? you haven't even shown us the modified code, so how could we help with anything it is doing? did you also change the code where you are calling that function to use the new value in the returned array()?

the most immediate problem is the code building the $tData content is inside the if (! $doneHeader) { ... } logic, so it will only be executed once. you would need to put the $tData logic after the } // end doneHeader on line 633 so that it gets executed each time through the loop.

i recommend showing us the var_export() from your array of data for the three events (so that would could duplicate/experiment with actual data) and the complete code of the loop that's processing that data to build the $tData content.

in your posted code, lines 52 to 61 are your form processing logic, and are where the variables/arrays are defined at. however, the code following line 61 is also part of your form processing logic. you need to move the closing } that is on line 61 down so that it is after the end of your form processing logic.

php tags were always required around any php code, in an include file or not. the only exception would be some sort of template system where the 'php' code is being 'evaluated' by a part of your php script itself.

magic_quotes wouldn't affect the $_FILES array in that way. it's likely your code leading up to that point is overwriting $_FILES['uploads'] with a 1.

run the following (untested) single query and fetch the total from the result set - $query = "SELECT SUM(CASE vote_com_rank WHEN 1 THEN 1 WHEN 2 THEN -1 ELSE 0 END) as total FROM comment_votes WHERE vote_com_writer_id = {$d['user_id']}";

another reason to slow down (see my reply #17 above) is you are currently storing data using the $array['id'] as the $data array's second index. that's your row id from the table and is not organizing the data in a useful format.