mac_gyver

i recommend rereading the first line in post/reply #3. when you have an error, until you determine what is causing it, there's little point in just trying different things that might not have anything to do with the problem.

this is the third thread for this particular part of the assignment. one of the points of solving simple programming problems like this, is to get you thinking like a programmer. programming is a do-it-yourself activity, not a run home to get mom to do it for you activity. you need to be trying to devise a way of accomplishing the task; then writing and testing code you think will accomplish the task; observing if it produces the result you intended; then going back and troubleshooting what it is doing when it does not.

if $reg_errors is not empty, how about displaying what errors were detected and are stored in it?

your if(condition){ ... } construct syntax is incorrect. time to go back to the basics. edit: which is also the same problem you had in this thread - http://forums.phpfreaks.com/topic/285546-submit-form-not-processing/page-2?do=findComment&comment=1466125

the issue is actually a straight forward one. all data that your script receives can be anything (i.e. you cannot assume that the data is even present at all or that integers will be just an integer, dates will be in the expected format, or strings will contain safe content...) each piece of data must first be validated/cast to insure it contains only a value/string of the expected type/format/content. for general/arbitrary string data, like a comment, blog, forum post..., using your database library's string escape function (or using prepared queries) will at least make it safe for inserting into a sql query statement (the data can still contain links/spam content or XSS/client-side issues, but that is a different subject from sql injection.) also, using your database libraries string escape function (or using prepared queries) on all string data will prevent sql errors if the expected string data happens to contain any special sql characters that would break the sql syntax of the query. apparently, your script is expecting an id, which would be an integer with a value greater than 0 (even though you have surrounded it with single-quotes in the query like it is a string.) your task would be to validate/cast it as an integer, then to test if the value is greater-than zero before using it in the sql statement.

this suggestion has nothing to do with your question, but you and those you are asking to help with this would be much better able to follow what the code is doing, if you use a mysql_fetch_assoc() statement to retrieve the values from the query and use the associative array index names everywhere so that you don't need to find and keep track of what each numerical offset means. you can also just use $arr[] = $r; when loading the data into the $arr array.

you need to pass the $dbc variable into the function as a call time parameter. you also need to turn on php's error_reporting/display_errors to get php to help you. you would be getting several php error's when you tried to use $dbc inside the function. lastly, for a user written function, there's no good reason to test if it doesn't exist before defining it. that's just more lines of code to clutter up what you are doing.

what you have described you want to do, with the folders, the repeated html file, and individuel include files IS a MAJOR amount of repetitive work. it will be less work for you, take less time, and take much less ongoing work to maintain the site, if you follow the suggestion given by cyberRobot. since you likely have the existing information hard-coded in html files, assuming it is in a mostly consistant format, you could write a php script to parse through the existing pages, extract the relavant information, and strore that into appropiate database tables. further advantages of having the informaiton stored in a database would be to dynamically/automaically produce any navigation menues, allow searching for any of the infomraiton (which gets updated as soon as the informaiton is added/changed.) in short, having a site like you have described, where you have hundreds of files, is a design leftover from about the year 2001. by not taking advantage of what serve-side scripting and a database driven design can do to simplify all the coding and maintance IS just wasted time.

you need to forget about using a multi query, for the following reasons - 1) when running queries you need to know which one is failing and why and for related queries, there's usually no point in running following queries after the point of a failure, they will likely fail for the same reason, 2) your first query is partly using prepared query syntax and it's putting raw user data into the query. there is no prepared multi query and you need to escape/cast external data to prevent query errors and to prevent sql injection. 3) the query statements must be separated by a ;. you don't have one after the first query.

you need to set php's error_reporting to E_ALL and display_errors to ON in your php.ini to get php to help you. restart your web server to get any changes made to your php.ini to take effect. the reason for putting the setting into the php.ini is so that all php detected errors will be reported and you don't need to remember to put the settings into into your script for debugging and take them out when you are done. your php code has some problems, partly because the original code you are trying to reuse wasn't written vary well (i posted a reply in your previous thread) and partly because you need to slow down and learn the basics of what you are doing before you can do them for your code and data. 1) using functions requires two things. a) the function definition, and b) the call to the function. your last posted code has a function definition, started by the function keyword, but you are never calling that function. also, in general, function definitions should be placed near the start of the code or be in an included file. they should also not be conditionally defined. your current function definition is inside the if(isset($_POST['add5'])){ ... } conditional statement, which is where your function call should actually be at. 2) your function code is assigning the prepared query statement handle to - $stmt. when you call the execute() method, it would be $stmt->execute(). 3) the point where the header('Location: ./register_success.php'); statement is at (you should probably make that a page specific to what you are currently doing) is in the wrong place in the code and will redirect even if the prepare() statement fails. it should be moved up in the code by one } so that success will only be indicated if the prepare worked and the update at least ran without any errors.

first, how do you know that? what symptom or error are you getting? next, you could use your database root username and password in your script, but that is a bad habit to get into as the root database username/password should only be used to manage databases. your script should use a restricted database user that only has the permissions needed by the script. you would create a database user/password through phpmyadmin, than assign that user privileges to the database in question.

the symptom sounds like the code is dependent on register_globals, which have finally been removed in the latests php version (they were first turned off by default in the year 2002.) if this is the case, all the code using $_POST, $_GET, $_COOKIE, $_FILES, and $_SESSION variables will need to be rewritten.

several words of caution about the script you found. it is at best just a demonstration of the secure login concepts that were presented. it is not a well written, finished, login script. for example, in the registration process. if the prepare statement is failing due to an error, which is what is happening when you modified the insert query statement, the code doesn't attempt to run the insert query at all and it reports that registration was successful. the code should - a) detect and report errors that occur, and b) only report a successful registration if the insert query ran without any errors and actually inserted the row.

you need to tell us what the code IS doing when it runs. is it redirecting to the error.php page or what?

your current function is tied to one specific id, the currently logged in user's id. to make a general purpose function that could retrieve data for any user's id, for example in a game, a profile page, a pm system, the id should be a call time parameter into the function. then to use the general purpose function specifically for the currently logged in user you would call it - $thing = getThing($mysqli,$_SESSION['user_id']);

a function who's name is login_check() should only check if the current user is logged in. the purpose of that function is not to retrieve any arbitrary user information. the user information it happens to retrieve are for the purpose of authenticating the user. after your code calls login_check() and it returns true, you know that the current user is logged in and you can use his $_SESSION['user_id'] to then query for any information you have stored for that user.

no. the code you posted last is NOT a proper way of making and using a database connection in your application or of writing a class. a database connection is something your application is dependent on and is used multiple times throughout the code on any one page. your application should form one database connection, then use that one connection everywhere it is needed. you should not be forming a database connection inside each function, just to run the code inside that function, then to have php (automatically) close that connection when the function ends/returns. the first reply in this thread showed you an example of passing the variable holding the database connection into your function. your first goal would be to assign the $conn variable in your main code with an instance of the pdo class. pdo is already a class, wrapping your own class definition around it, unless your class adds something useful to the pdo class, doesn't accomplish anything. hard-coding your database connection details inside of a class definition is also not good coding. also, by wrapping your class definition around the pdo class, you must now write your own methods in that class to handle every pdo method you call. it is much better to have your class extend the pdo class, provided your class is going to add something useful to the pdo class at all, so that you can directly use the pdo methods in your code. if your class doesn't add anything useful to the pdo class, you might as well just use the pdo class directly without wrapping your own class around it. a useful thing you can add to the pdo class, would be an arbitrary prepared query method that takes the query statement, any optional bound input parameters, runs the query with error handling, then returns the result set (select/show queries) or number of affected rows (insert/update/delete queries) or perhaps just returns the pdo PDOStatement object to the calling code so that it can test/use the result from the query. lastly, your list of functions appear to be related to things having to do with a user. wouldn't writing a user class that contains methods that perform the getUserName, getFullName, ... operations be something to do for learning how to write and use classes? in this case, you would pass the instance of your database class/pdo into an instance of a user class using dependency injection.

there's no reason a single query couldn't produce the same exact program variables that you have now. the only re-coding is to consolidate your multiple type=1, type=2 queries into one query that gets all the type information at once.

you could GROUP BY the type in the query, group concatenating the selected data. this will give one row per type. depending on what and how you are using this data, you could use the concatenated string for each type directly, or simply explode it into an array for each type. again, without knowing what the data is and how it is being used, cannot offer exact solutions that will work best for you.

i think you have generalized this to the point that we can only give general answers. so, in general, you should run one or as few queries as possible that gets the data you want in the order that you want it. the reason for getting the data in the order you need it, is so you can in most cases simply loop through the result set once and use the data the way you need it. if your host is complaining about database usage, the biggest problem is running queries inside of loops, using data from one query to feed a query inside the loop. the solution is to write one joined query that does it all at once. if you show how you are using these different type values, and even if you need all or just some of the possible type values, someone can provide more specific help. optimization takes knowing the full scope, as just looking at one small part may micro-optimize that one small part, while missing things that could result in major improvements.

you could create a view in your database with that condition, then the query would use the name of the view as the table name.

you right clicked on this(these) files where? on a development computer after you downloaded them or is this some file browser through your hosting control panel?

the php code later in the page has also had the leading and trailing < > converted into html comments <-- and -->. the question now becomes HOW did you edit this page? it looks like you used some sort of web based wysiwyg comment form and ALL the php code in it is no longer valid php.

the php code you have posted has also been passed through htmlentities or perhaps you copied the view source from where it was published rather than the actual text on the page where it was published. in any case, that's not functional php code, unless you go through and fix all the <, >, &, ", and ' characters. perhaps if you explain exactly what you started with and what exactly you did or changed in the file to get to this point? p.s. things you change in code on a server isn't you web host's problem. they are not going to be able or willing to help you.

the expensive processing you asked/mentioned in your first post assumes you are doing a huge amount of processing (taking a second or more) to produce the markup on the page. at this point i actually doubt this is the case, but does your page have any sort of microtime() code determining how long it takes the page to be generated, and you are either displaying this on the page or logging the values? if your page is taking a fraction of a second to be generated on the server, there's little to be gained by caching the resulting html of the page. if your page is taking longer than a second to generate, the first step is to optimize the code, rather than to slap a band-aid on top of it to compensate for a long page generation time. you need to be more specific about this. what is the typical processing, how many database queries are there? are you reading the images and storing them on your server, then serving them to the client by putting a url at your server into the markup or are you putting amazon's url for the image directly into the markup? if you are putting amazon's url into the markup, and perhaps you are required to do so to satisfy their terms of service, there's actually nothing you can do to speed up the page loading since your site isn't involved at all with these images. it is the browser that is requesting the images from the url you are putting into the markup. it doesn't sound like you are dynamically producing/manipulating images using GD functions? only using static images, which may be added/removed over time, but the actual image file exists as a real static file.