mac_gyver

are you sure you want to use $_POST['redeem_points'] as the value to add in the UPDATE query, especially since you just retrieved $row['redeem_points'] from the first query in this code. also, by using an external $_POST value, you would allow someone to update their point_earn value to any thing they want.

for your UPDATE query, you need to troubleshoot and find out why it is not updating the row. echo the $sql variable to make sure the query statement contains the values you expect and then look directly in your database table using your favorite database management tool and make sure you have a row that exactly matches what the query's WHERE clause is.

the logic you are using in this code (and your other current thread) is not doing exactly what you think. the $result variable you are assigning from the msyql_query() statement will only be a false value if the query fails due to an error of some kind, i.e. the query does not run at all due to things like a connection problem, a syntax error in the query statement, wrong table/column names,... a SELECT query or an UPDATE can run, but not match any rows, if the WHERE clause is false. this is a successful query and the $result variable won't be a false value. so, your logic testing if $result is a false value and outputting messages like 'Redeemer code is not valid' are misleading. for a SELECT query, you would need to test the mysql_num_rows($result) value and for an UPDATE query, you would need to test the mysql_affected_rows() value to know if the query did or didn't match or updated a row.

do you have php's error_reporting set to E_ALL and display_errors set to ON in your php.ini (or before your session_start() statement in your code) so that any php detected errors would be reported and displayed?

your actual variable name is apparently $row (no s on the end.) the reason the replies have used $rows is because that is what you yourself used in some of your code (we only see the information you supply.)

after you submit the form, does the URL in your browser's address bar contain ?days=n and if so is the n value a zero or the correct value that you selected in the dropdown menu? just the code you have shown should work. there's something going on elsewhere, a .htaccess url rewriting/redirect or in code other than what you have posted that is causing the problem. is that the full php processing code? do you have a session variable or a cookie named 'days'?

a form without a submit button is going to be a little hard to submit. i recommend that you slow down and define what output you want to produce. what would the html be if you hand coded it for a couple of products without using php? then once you have that information, use php to dynamically produce the output from your products stored in the array. also, i recommend that your file being included ends in a .php extension so that if you were doing this for real and someone learned of the file name they could not see the entire contents of it by browsing to it.

the posted code only has the form field defined, not an actual form (an opening form tag with method and action attributes and a closing form tag.)

php has sqlite built-in that would provide a better solution than the "write everything to a inventory4.html file" scheme currently being used. you would use datatables on the front end with a sqlite backend.

@jjf3, you have been asked what the structure of this data is, not for actual data. your code implies there's at least 24 fields (0-23) to a line (you were asked if there were 20 and you confirmed the 20 value), some with specific prefixes. no one here is going to sift through the code (which is questionable code anyway with things like the if($i==10) in it) to reverse engineer what the format of the data in the file looks like in order to make up some test data that matches what the code expects. if you want specific help, take a line of your actual data and alter the sensitive data part of it and post it. the performance problem is because you are outputting a huge amount of markup to the browser each time the page is requested. this is not an efficient solution, which is why using an actual database, which is optimized to find and sort data, is how this is normally done. also, a scheme that writes an updated .html file every x amount of time would go away when using a database. you would use the current live data stored in the database on every page request. you are struggling to get this to work with 5000 items. a database solution will easily work with a million items in a table. edit: and please don't use the forum's quote button to make replies unless you are calling attention to something specifically in a post. all that does it clutter up the page with things we have already read before. there's a quick reply form at the bottom of the thread, there's a 'More reply options' button at the bottom of the quick reply form, and there's a 'Reply to this topic' button a the top of the thread that all can be used to write a reply.

for anything security related, you must check if the current logged in visitor is authorized to view the information. for something like a profile link, if the id from the link is different from the currently logged in user's id (held in your session variable), you would only display the 'publicly' accessible information or none at all if that's your desire. if the id from the link is the same as the currently logged in user's id, the user would have full permission to view all of the available information.

it should be noted the the OP continued this in another thread and no further action is needed in this thread.

what exact execution path or symptom are you getting? do you have php's error_reporting set to E_ALL and either display_errors set to ON or log_errors set to ON so that any php detected errors will be reported? do you have output_buffering turned OFF in your php.ini so that things you or php might display on a page aren't discarded when you do a header() redirect? edit: do you know for a fact that the code where your query is at is even being executed?

you don't have any white-space between the table name and the WHERE keyword (probably in both queries.) you need to build your query statement using one php statement so that you have minimum of different contexts - $query = "SELECT * FROM subjects WHERE id = {$subject_id} LIMIT 1"; or if you want some formatting (for longer query statements) - $query = "SELECT * FROM subjects WHERE id = {$subject_id} LIMIT 1";

there's nothing technically wrong with the code you posted, provided it's part of a class definition. what sort of problem are you having that you are trying to solve?

you need to build the pagination links with any existing search term. there's a php function to do that - http_build_query. see my posts in the following thread - http://forums.phpfreaks.com/topic/281305-pagination-from-search-results/?hl=%2Bhttp_build_query&do=findComment&comment=1446040

@r3wt, you do realize this thread is months old and statements made back in july about a newly released major version of software no longer apply?

@r3wt, the OP's query did not contain a sql syntax error. however, the code change you posted did introduce a php syntax error. please, don't post code changes unless you know they are correct.

the thread you started after this one has been removed. please stick to ONE thread for a problem. also, please use the forum's bbcode tags (the edit form's <> button) when posting code. you have over 20 posts on this forum and should know how to do this. this will also increase the chance of someone reading your post and replying to your problem.

i'm going to guess error_reporting is set to a 0, so php detected errors are not being reported. i'm also guessing php is running as an apache module. try adding the following to your .htaccess - php_value error_reporting -1

you also have an extra comma after the last place holder ?, that is or should be producing an error. you should try to make a general purpose prepared query function (or a class) that you can reuse, instead of repeating the body of that code each time you are running a query. if you had a function that accepted the $db, the completed sql statement with the place holders already in it, the list of 'sssiiisis...' parameters, and an array of the data values, all you would need to do in your main code is form the correct parameters and call your function.

you would do the following to convert - 1) backup your database and test that the backup is valid (restore it to a different location as a test.) 2) alter your table and add a new column with a DATE data type. 3) run one UPDATE query to populate the new DATE column from your existing column, using the STR_TO_DATE() statement you are currently using to produce a DATE value from the existing data. 4) modify and test any existing queries to use the new DATE column. to INSERT or UPDATE, just use the STR_TO_DATE() statement you are currently using to take a value in the existing format being put into the query and produce a DATE value to insert or update. in those cases where you want to SELECT the existing format, just use a DATE_FORMAT() statement in the query to take the DATE value and produce the existing formated value. 5) after step #4, you can drop the previous column from your table and just use the newly added DATE column.

if your dates were stored as a mysql DATE data type, you could do this directly in the query for any date range. all it would take is about 4 lines of code.

based on the error message, your code is based on the w3schools code and has lumped together all the validation tests into one with one generic error message. what's really really sad about the w3schools code is they 'improved' it to add file extension testing, but the rest of the code that they didn't change is just as bad as it was. when validating user supplied input, an uploaded file in this case, a) you must test if the upload worked without error before you attempt to use any of the uploaded file information, and b) you need to have separate, unique, and verbose messages telling the user what is wrong with the input they supplied (in this case, its probably the file extension) and what if anything they can do to fix the problem. assuming the problem is the file extension, tell the user what value the code used from his upload file (css) and what the permitted values are.

+1 for that. your code is overly complicated for what it is doing and hard to understand. if we cannot understand it, i'm pretty sure you cannot. it should be possible, just by looking at code, now or a year from now, to be able to deduce a majority of what it is trying to do. the biggest problem is your use of generic, sequential, form field and variable names that don't convey the meaning of the values in them. using things like $memberHid1, $memberHid3, $memberHid4 requires you to remember and keep track of what those values actually are. which of those are actually the current user's name, his id, or the id or name of the user he is trying to add? afaik, the code on this page is responsible for adding a selected user to the myteam table. that's all this code should be doing. here's a list of things the code should/should not be doing - 1) the current user, who's logged in, should have his member_id stored in a session variable. by passing his member_id or member_name through the form, you are allowing anyone to alter the data for any other user. also, by storing the member_id in a session variable, you don't need to run a query to get it based on the member_name. 2) your code needs to test if the current visitor is logged in before doing anything, both on the form and the form processing page. 3) your form processing code needs to test if a form has been submitted at all before trying to use any of the form data. 4) the form should submit the selected user's member_id, so that you don't need to immediately run a query just to get the id based on the member_name. 5) all database query statements need to have the external data being put into them validated and escaped/cast as appropriate to prevent errors and sql injection. 6) you should test if the submitted member_id is valid (exists in the team table), isn't the same as the current logged in user (the current user shouldn't be able to accidentally/intentionally add himself), and that it isn't already in the myteam table. your myteam table should enforce unique combinations of the owner member_id and the added member_id by having a unique index for those two columns. 7) you need to list out the database table column names in your INSERT query. your myteam table apparently has three or more columns, some with names ending in 1,2,... which again, doesn't convey the meaning of the data in the columns. i'm not sure how or even if your INSERT query is running without an error. having a num_of_members column in your team table is redundant, unnecessary, and problematic. the number of members on any person's team can be found from the myteam table. you can query at any time to get that number. storing it in another place will create problems because the values can get out of sync should there be a query error. 9) i'm not sure how any of the 'friends' field/table has anything to do with adding a member to your myteam table. it would seem like that is part of some other action.