mac_gyver

lol, a popular forum software (SMF) had a XSS hole in the moderator backend when admins/mods viewed either reported posts or viewed the error history, i don't remember which, because content that came from a visitor was being displayed in a browser without being escaped. if you are logging the mysqli_error() output and it can ever be viewed by anyone of importance, not just the visitor, in a browser, you need to escape render it harmless it at some point.

then why are you asking about a query and an error for the table member - your query - when you get error messages, you need to actually look at them and at the code/query that is producing them.

is that the exact capitalization of the table name? any chance your actual table name has some white-space character(s) before or after it?

putting function definitions in a file is not the same as putting function definitions inside a function.

the function being defined inside the other function won't exist until the outer function has been executed. there's rarely a good reason to do this. what is your good reason for doing this? lastly, you have probably seen or been told this in the forum, DO NOT use the global keyword to bring values into your function. it is a sign your structure is wrong.

afaik, you can use a named placeholder multiple times.

that's quitter talk (or try it and throw it away if it doesn't work programming talk.) none of the php detected error messages posted so far have anything to do with products not being displayed. you would need to start with whatever main page is responsible for displaying the products and determine why it isn't doing what you expect. if you want us to help, you will need to post the relevant code and any errors, symptoms, or incorrect output you are getting from the code. here's more off topic info - i did look at the products.php code closer and it is also full of repetitive code that only differs in the stored procedure it is calling in the database. of the 1200+ lines of code in it, there's probably only about 400 unique lines of code that could have been simplified and consolidate into selecting the desired query statement and calling common code to run the query and handle the result from the query. as to the database connection problem. the code needs to open one database connection at the start (in the main code) and pass that connection into the functions that need it and doesn't close the connection at all (php automatically destroys all resources used by a script when the script ends.) since the functions in either the users.php or products.php file are/should be related to users or products, the functions in each of those files should really be part of a class, in which case you can just pass the database connection into the instance of each class and store it and reference it as a property in the class.

@Ch0cu3r, mysqli_error() requires the connection link as a parameter. otherwise it produces an error itself rather than displaying the actual error.

you should use positive logic. a value exists and it IS a specific value to allow admin access.

are you getting the message your code produces (Gagal update) or is your database just not updating when you look in it?

if that's your current code, it is setting $_SESSION['user_level'] to a 1 and testing if that is a true value, which it is, and ALL your users will be admins. two equal signs is a comparison operator. one equal is an assignment operator.

and since you are closing the mysqli connection after the first block of code, it is not available later in the program.

it's possible that your links are changing the host-name/sub-domain in your url's (no www. vs www. in them) and the session id cookie no longer matches variation of the domain where it was set (by default the session id cookie only matches the host-name/sub-domain where it was set at.) is the host-name/sub-domain in your you URL's consistent when navigating around on your site? another possibility is your session_start is failing due to an error. you need to set the error_reporting/display_errors settings before any other statements (its best to actually put those settings in your php.ini.)

continuing on (at this point, this reply is completely off topic, because the errors listed for the users.php file have nothing to do with any problem of displaying anything), the LoggedInAndLogo() function, rewritten without the redundant code and without the nonsense code, with some comments to explain what it is doing, would look like this - function LoggedInAndLogo($Menu = 0,$MainMenu = 0, $Promo = 0) { // if no user id, default to 1, guest/visitor if (!isset($_SESSION['uAUID'])) { $_SESSION['uAUID'] = 1; } // setup guest/visitor display if ($_SESSION['uAUID'] == 1) { // if no session quote id and there is a cookie, get quote id from the cookie if ((!isset($_SESSION['QuoteID'])) && (isset($_COOKIE['quoteid']))) { $_SESSION['QuoteID'] = (int)$_COOKIE['quoteid']; } $display_name = 'Visitor'; } // setup logged in user display if ($_SESSION['uAUID'] > 1) { // get quote(s) for this user AUQuote($_SESSION['uAUID'], $gqQuoteID, $gqAUID, $gqTStamp, $gqTDate, $gqTQty, $gqTotal, $gqREF, $gqQuoteStatusID, $gqHQDate, $gqEmail, $gqFirstname, $gqSurName, $gqQuoteStatus, $gqCOID, $gqCompany); // loop over quotes for this user for ($p = 0; $p < count($gqQuoteID); $p++) { // if any are 'New', use the last new one's id as the quote id if ($gqQuoteStatus[$p] == 'New') { $_SESSION['QuoteID'] = $gqQuoteID[$p]; } } $display_name = $_SESSION['uFirstName']; } // common/display code - print "<div style='margin:0px;padding: 0px;position:relative'>"; print "<a href='index.php' target='_self'>"; print "<img name='Gestures_r1_c6' src='images/Gestures_r1_c6.png' width='283' height='149' border='0' id='Gestures_r1_c6' alt='' /></a>"; print "<div style='margin:0px;padding: 0px;position:absolute;top:134px;left:0px;text-align:center;width:230px;' class='PurpleBold'> "; if (isset($_SESSION['QuoteID'])) { GetQuoteStatus($_SESSION['QuoteID'], $QuoteStatusID, $QuoteStatus); if ($QuoteStatus == 'New') { GetQuoteItems($_SESSION['QuoteID'], $QuoteProdID, $QuoteID, $QuoteRef, $ProdID, $ProdCode, $Product, $PColorID, $PColor, $Qty, $Price, $Active_Tag); } for ($i = 0; $i < count($QuoteProdID); $i++) { $TotalQnty = $TotalQnty + $Qty[$i]; $TotalPrice = $TotalPrice + ($Price[$i]*$Qty[$i]); } } else { $TotalQnty = 0; $TotalPrice = 0.00; } print "<div align='left' style='padding-left:10px'>"; print " <table width='100%' border='0' cellspacing='0' cellpadding='0'> <tr> <td colspan='2'><div align='center' class='PurpleBold'>Hi $display_name <span class='FormBoldText'>| </span><a href='login.php?signout' ><span class='GreyText12'>Sign out </span></a></div></td> </tr> <tr> <td colspan='2'><table width='270' border='0' cellspacing='5' cellpadding='0'> <tr> <td><table width='260' style='border-style:solid; border-width:thin' align='center' cellpadding='0' cellspacing='0' bordercolor='#64358C'> <tr> <td bordercolor='#FFFFFF' bgcolor='#FFFFFF'><table width='100%' border='0' cellspacing='2' cellpadding='0'> <tr> <td width='50%' class='PurpleWish'>Wishlist:</td> <td width='20%' class='BlackBoldText'><div style='display:inline' id='your_basket'>".$TotalQnty."</div></td> <td width='30%' rowspan='2' valign='bottom'><form action='product.php' method='post'><input name='Checkout' type='submit' class='BottomBanner' id='Checkout' value='Submit Quote' /></form></td> </tr>"; print " </table></td> </tr> </table></td> </tr> </table></td> </tr> </table>"; print " </div>"; print "<div align='right' class='PurpleBold' style='padding-left:15px;padding-top:5px;display:none' id=login_form'> <form id='login_form' name='login_form' method='post' action='login.php'> <table border='0' align='center' cellpadding='0' cellspacing='0'> <tr> <td class='PurpleBold'><div align='right'>Email: </div></td> <td><label> <input name='email' type='text' class='FormBoldText' id='dealer-username' /> </label></td> <td></td> </tr> <tr> <td class='PurpleBold'><div align='right'>Password: </div></td> <td><input name='password' type='text' class='FormBoldText' id='dealer-password' /></td> <td><input name='login' type='submit' class='PurpleBold' id='Login' value='Login' /></td> </tr> </table> </form> </div>"; print "<div style='text-align:left' >"; if ($Menu == 1) { ProductGroupMenu(); } if ($MainMenu == 1) { MainMenuBox(); } if ($Promo == 1) { PromoBox(); } print "</div>"; print "</div>"; print "</div>"; }

i've looked at part of your code, where some of posted errors in the users.php file are at, specifically the LoggedInAndLogo() function, and the errors are due to meaningless nonsense code. this also means that the errors in this section where always present in the code but were hidden due to php's error_reporting/display_errors settings and aren't even relevant to the problem of products not displaying. $_SESSION['uAUID'] is the logged in user id. for a non-logged in visitor, this is set to a 1. the code then tests $_SESSION['uAUID']. if it is a 1, it displays content with "Hi Visitor" in it. if it is greater than a 1, it displays content with "Hi " . $_SESSION['uFirstName']." in it. this second block of code/content only differs in the visitor/username text and is repetitive/copy/pasted/bruit-force-built crap code. the three lines of code - GetAU($iAUID, $AUID, $Email, $Firstname, $Surname, $COID, $CellNo, $PWord, $Active_Tag); $_SESSION['uFirstName'] = $Firstname[0]; $_SESSION['uSurName'] = $Surname[0]; don't even belong in this. for a guest/visitor that isn't logged in, there's no input value present that says who he is and that code is meaningless at that point and won't ever produce any result, except for the php errors is generates. for someone who's logged in, those values have already been set in the session variables (wherever the login processing logic is at.)

you need to store each vote separately with its date/time so that you will have the data you need to determine which votes occurred in any 24 hour period. getting the average for any date/time period would then be trivial as you can do this directly in the database query statement using an AVG() function.

you need to actually troubleshoot and find out why your page isn't producing the result you expect. making individual error messages go-away won't necessarily find the cause of the problem. you need to narrow down and find out the exact point in the code that is responsible for producing the display of the products that the problem starts at, to find out what is causing it. the code you have posted is just the functions that are being called, the main code that should be setting variables and calling the functions is where the actual problem is at. for example, the Undefined offset: 0 error for the $_SESSION['uFirstName'] = $Firstname[0]; statement. that's just a follow-on error because the query is missing the the $iAUID value and the query didn't return any rows(s) to fetch. you may want to consider rewriting this code, it is amateurish, brute-force built, contains little or no validation or error checking, and is killing your database server with making/closing a database connection in each function that runs a query (this alone will result in a noticeably longer page generation time.)

@Ch0cu3r, there is no display_errors() function. the code you have been suggesting in replies is itself a fatal error.

date/time values in a query statement are literal strings and must be enclosed by single-quotes. without single quotes, 2013-10-29 is a mathematical subtraction problem (i.e. 1974.)

since the code is being eval()'ed, it cannot start with an opening php tag (throws a different error from the one you are getting.) the full code you have posted doesn't produce the original error when eval()'ed. the only general php help that comes to mind is your actual code contains something like a smart/curly-quote that is being changed to a straight-quote by this forum's software. you could zip the code and upload/attach it to a post. there is a rightnow forum that could give targeted/specific help - http://communities.rightnow.com about the only other thing that comes to mind is if you post the original logic from the file (assuming it contains any php code at all) so that someone here could see the expected usage.

the posted code doesn't produce that error. i'm betting there's something in lines 1-7, such as a string that isn't terminated that is causing the error.

if you correctly generated the hash (using password_hash()) and stored that hashed value in your ExaminerPassword column, your query will never match a row because ExaminerPassword will never equal $password. your query should only try to find rows with the correct ExaminerUsername. your logic using password_verify() is what tests if the hash of the $password matches the value from the ExaminerPassword column.

you already have a thread on this forum, where the question was answered - http://forums.phpfreaks.com/topic/282852-newbie-question/

line 3 (and probably lines 1 and 2) of index.php are sending output to the browser that is preventing the session_start() from working. the reason you were not having this problem on a different server is because output_buffering was turned on in your php.ini, thereby allowing your code to function even though it is not properly organized. you need to have the session_start() statement before you send any characters of any kind to the browser (even the html doctype tag is made up of characters and must come after the session_start() statement.)

the only things that are apparent in your code is there isn't a session_start() statement, so the login won't actually remember the logged in state, but registration should work, and the use of or trigger_error() as error handling logic doesn't address the execution path your code takes, and is dependent on php's error_reporting/display_errors settings, so your code could have database errors, but you might never know it. what does adding the following two lines, immediately after the first opening <?php tag in your register.php page, show - ini_set("display_errors", "1"); error_reporting(-1);