mac_gyver

the code you have isn't checking if the upload worked before trying to use the uploaded file information. $_FILES['profile']['name'] will be set and will contain the name of the selected file, for most of the possible upload errors. this is the problem with following the crap php code you find online, that professes to show you the right way to do something, but was written by someone who doesn't really know or care what the code does. for debugging, what does adding the following echo ... statement show - <?php echo '<pre>',print_r($_FILES,true),'</pre>'; // add this right before the following line - if (isset($_FILES['profile']) === true) { // this is part of your existing code if you are doing this for real, you would make sure that a post method form was actually submitted by testing if $_SERVER['REQUEST_METHOD'] == 'POST, then you would test if the $_FILES array is set (it not being set indicates that the post_max_size setting was exceeded), then you would test if $_FILES['profile']['error'] == 0. only if all three of these conditions are true, do you know that the file was actually uploaded and you can use the uploaded file information in the rest of your code.

i hope you are not going to use this method, of getting the whole sql query statement via user submitted data, on an actual live web site? your current code will allow anyone who finds the site it run any query they want. they will either delete your data or set any of your data to anything they want.

nothing specific, but best guess, the url that $paypal_url = get_option( 'paypal_multiple_url' ); is returning is something that isn't possible/valid. check what the setting is set to (i have no idea where/how it is set.)

that specific error is because your test server couldn't post using SSL to the paypal server (most likely because the openssl extension is not enabled/installed.) what result do you get using this current code on the live server? make sure that php's error_reporting is E_ALL and log_errors are ON to get the trigger_error() statements to write to the server's error log.

this is that block of code with some needed error handling in it - $response = wp_remote_post( $paypal_url, $options ); if ( is_wp_error( $response ) ) { $error_message = $response->get_error_message(); $msg = "wp_remote_post for IPN verify step failed, error: $error_message"; trigger_error($msg, E_USER_ERROR); // this halts execution due to E_USER_ERROR } else { // you would use the $response['body'] here.. if ( 'VERIFIED' == $response['body'] ) { $this->paypal_ipn_values = $received_values; $this->session_id = $received_values['invoice']; } else { $msg = "IPN verify step failed with status: {$response['body']}"; trigger_error($msg, E_USER_ERROR); // this halts execution due to E_USER_ERROR } } i used trigger_error() here because it makes use of php's error_reporting/display_errors/log_errors settings. if error_reporting is set to show fatal user errors (it should be set to E_ALL always), then if display_errors is ON and you are browsing to this file or posting your test form to it, you will see any error messages in the browser. when actually using paypal, you need to have log_errors set to ON and any error messages will be written to the server's error log file. the original exit( "IPN Request Failure" ) code was only helpful if you are viewing the result in a browser, which paypal isn't. whomever wrote this code was only about half finished when he published it on the Internet.

here's the documentation for the wp_remote_post function - http://codex.wordpress.org/Function_Reference/wp_remote_post when it works, the result is an array and the original code $result['body'] is correct. when it fails, it returns an error object, that the code should be testing for before blindly attempting to use the result. so, this at least pins down the problem to what the wp_remote_post is doing and what error it returns. here's the error checking/reporting logic from that documentation - if ( is_wp_error( $response ) ) { $error_message = $response->get_error_message(); echo "Something went wrong: $error_message"; } else { // you would use the $response['body'] here.. }

are you sure the code had $response->body in it on line 400? the fatal error, suggests that the actual code running was still $response['body']. just changing the else{ ... } logic wouldn't have made the fatal error on line 400 go away.

the error means exactly what it says, $cart is a non-object, but the code expects it to be one, an instance of your cart class. the code is using two depreciated/removed functions - session_register() and session_is_registered(). however, if your php version was updated to the point where they don't exist at all, you would be getting a fatal runtime error at the first one of them and you would never get to line 50 in the file. for php versions (5.4 and higher) where these functions have been removed, the code will need to be rewritten to either just use the session variable directly to hold an instance of your cart class or you will need to copy the $cart variable out-of/in-to the session variable. afaik, for previous php versions, session_register() 'worked', even with register_globals turned off, despite what the php documentation states (i tested this myself at one point in time), and the code should be registering the $cart variable as a session variable. so it would appear that the session variable exists, but has been overwritten with something other than an instance of your cart class. for some first steps at debugging, do the following - 1) set php's error_reporting to E_ALL and display_errors to ON, immediately after the first opening <?php tag on that page. 2) on line 49 in that file, use var_dump($cart); to see exactly what is in the $cart variable at that point.

the header() redirect goes inside your form processing logic so that it is only executed when there is $_POST data.

here's a form, mentioned in my last paragraph above, that will submit those values to your ipn script for debugging what the code is doing - <form method='post' action='url_of_your_ipn_script'> <input type='submit'><br> <input type='text' name='mc_gross' value='7.00'><br> <input type='text' name='invoice' value='4151379432588'><br> <input type='text' name='protection_eligibility' value='Eligible'><br> <input type='text' name='address_status' value='confirmed'><br> <input type='text' name='item_number1' value='531'><br> <input type='text' name='tax' value='0.00'><br> <input type='text' name='item_number2' value='568'><br> <input type='text' name='payer_id' value='LYXHGVEQ4ASFN'><br> <input type='text' name='address_street' value='1 Main St'><br> <input type='text' name='payment_date' value='08:42:47 Sep 17, 2013 PDT'><br> <input type='text' name='payment_status' value='Completed'><br> <input type='text' name='charset' value='windows-1252'><br> <input type='text' name='address_zip' value='95131'><br> <input type='text' name='mc_shipping' value='0.00'><br> <input type='text' name='mc_handling' value='0.00'><br> <input type='text' name='first_name' value='Ferenc'><br> <input type='text' name='mc_fee' value='0.50'><br> <input type='text' name='address_country_code' value='US'><br> <input type='text' name='address_name' value="Ferenc Szepesi's Test Store"><br> <input type='text' name='notify_version' value='3.7'><br> <input type='text' name='custom' value=''><br> <input type='text' name='payer_status' value='verified'><br> <input type='text' name='business' value='beatofficial@gmail.com'><br> <input type='text' name='address_country' value='United States'><br> <input type='text' name='num_cart_items' value='2'><br> <input type='text' name='mc_handling1' value='0.00'><br> <input type='text' name='mc_handling2' value='0.00'><br> <input type='text' name='address_city' value='San Jose'><br> <input type='text' name='verify_sign' value='AiPC9BjkCyDFQXbSkoZcgqH3hpacA.v.7UClmMzrTiiKgIJVSBufA1UT'><br> <input type='text' name='payer_email' value='ferenc@szepesiweb.com'><br> <input type='text' name='mc_shipping1' value='0.00'><br> <input type='text' name='mc_shipping2' value='0.00'><br> <input type='text' name='tax1' value='0.00'><br> <input type='text' name='tax2' value='0.00'><br> <input type='text' name='txn_id' value='7W214573HJ105310Y'><br> <input type='text' name='payment_type' value='instant'><br> <input type='text' name='payer_business_name' value="Ferenc Szepesi's Test Store"><br> <input type='text' name='last_name' value='Szepesi'><br> <input type='text' name='address_state' value='CA'><br> <input type='text' name='item_name1' value='Gamma Energizer (Wind background), 45 minutes'><br> <input type='text' name='receiver_email' value='beatofficial@gmail.com'><br> <input type='text' name='item_name2' value='15 minutes relaxation Break (Wind chimes background)'><br> <input type='text' name='payment_fee' value='0.50'><br> <input type='text' name='quantity1' value='1'><br> <input type='text' name='quantity2' value='1'><br> <input type='text' name='receiver_id' value='5YKCMZKL6G46G'><br> <input type='text' name='txn_type' value='cart'><br> <input type='text' name='mc_gross_1' value='3.50'><br> <input type='text' name='mc_currency' value='USD'><br> <input type='text' name='mc_gross_2' value='3.50'><br> <input type='text' name='residence_country' value='US'><br> <input type='text' name='test_ipn' value='1'><br> <input type='text' name='transaction_subject' value=''><br> <input type='text' name='payment_gross' value='7.00'><br> <input type='text' name='ipn_track_id' value='8542bf47e444e'><br> <form>

when you browse directly to the file, you are not supplying any of the post data. the code should have actually done nothing (except to log the fact that it was requested without any post data.) the code, because of what it is doing (handling the post-back from a payment transaction) should already have verbose error logging in it. every conditional test that fails should log the value that failed and the who, what, when, where, and why about the conditional test that failed. you will need to do some debugging of the problem, by determining the execution path the code is taking and the values the code is using to find out where the code doesn't do what is expected. you can use the php error_log() statement to write information to your own log file for debugging purposes. you know at least that the code is executing at line 400 in that file. start there by finding out what value is in $response->body for an actual paypal sandbox reply. for quicker debugging, you can repeatedly submit your own data (those values you have from an actual transaction) by making a html form with those values hard coded into the fields, then submit the form to the url of your ipn script. you will need to (and should) bypass the part of the code in that file that sends the post data back to paypal for verification and is checking for the 'VERIFIED' status back from paypal (the code at line 400.) this will allow you to easily track down what the code is doing for those values. you will even be able to echo messages back out of the code and see them in the browser.

php has/had (most have been removed) a number of short-cuts that are not portable between different php configurations. most likely your code is depending on a setting (i won't mention its name since it has been removed and trying to turn it on would be an additional wasted of time) that magically set php variables from the form's $_POST data. if the code is question doesn't have $_POST['the_form_field_name_here'] variables when trying to access the submitted form data, you need to change the php variables $the_form_field_name_here to use the corresponding $_POST variable. you can also just assign the $_POST ... variable to the php variable - $the_form_field_name_here = $_POST['the_form_field_name_here']; // repeat for each form field

you seem to be trying to program without any idea what the lines of code you are putting down in the file actually do. that won't result in working code any time soon because it will take you an infinite number of attempts before the random code actually does what you intend. programming requires that you know what the statements do, so that you know where and how to use them and can determine how to put them together with other statements in a meaningful way. i'm going to repost this since you might have missed it - until you have broken the problem down and have a defined list of steps you need to accomplish each task, you won't be able to write code that performs that task. your current code has php statements in it that don't have anything to do with retrieving the data from the database and putting those values into the form fields so that you could edit them.

ummm. the use of the first set of $_POST variables doesn't have anything to do with the code where they are at. the errors are the result of incorrect logic and the logic needs to be defined first.

line 10 in your db.php file is outputting something, probably a new-line after your closing ?> tag. as to your last piece of code. i recommend that you first define what you are trying to do, before writing the code. define what input(s) you have, what processing you want to do based on that input, and what output you want. i guess your intent is to take an id in the url, retrieve the matching row from the database, and output those values in form field. then, when that form is submitted, update that row in the database. write (and test) the code for each of those steps/tasks, one at a time.

have you researched what the html syntax is of a href link and attempted to solve this yourself? its a pretty basic task and someone posting the solution would allow you to see what it looks like, but that doesn't teach you how to define what you want and do the coding to accomplish it.

you would start by examining existing code for each smaller task that you want to accomplish, to see how other programmer's accomplished the same task. then you would try to design, write, and test your own code, from scratch, to perform any specific task. once you have knowledge and experience with all the smaller tasks that make up the application, you can go about putting all the pieces together in an organized way that accomplishes the overall goal.

the safest thing to do with all uploaded files is to put them into a folder where there's no direct http access and no permissions to run (and assuming you don't provide a way of allowing them to be included into a script or executed via a shell command), then if something does get past your checking/validation, they cannot be requested on the server and executed as a script/application. you would then use a .php script to dynamically output the file's contents, so that they will only be treated as a data file on the server.

you need to always use the full opening php tag - <?php

apparently, your form page is via https://somedomain/somepage.php, but the action attribute that the form submits to is just http (no s.) to avoid the warning both must be the same protocol. if your form page is critical enough to need the https protocol, the data it submits does too.

one way, using just two queries - $sql = "SELECT DATE_FORMAT(sp_start, '%b %e, %Y'), DATE_FORMAT(sp_end, '%b %e, %Y'), TO_DAYS(sp_start), TO_DAYS(sp_end), sp_start, sp_end FROM salary_periods WHERE sp_id = '$sp_id'"; $sres = mysql_query($sql); $srow = mysql_fetch_array($sres); ?> <form action="somepage.php" method="post"> <table> <tr><td colspan="4" align="center">Salary Period</td></tr> <tr class="even"> <td width="100" align="right">Start Date</td> <td width="250" align="left"><?PHP echo $srow[0] ?></td> <td width="100" align="right">End Date</td> <td width="250" align="left"><?PHP echo $srow[1] ?></td> </tr> </table><br /> <table> <tr> <td width="150" align="center">Employee</td> <td width="550" align="center" colspan="<?PHP echo $srow[3] - $srow[2] + 1; ?>">Dates</td> </tr> <tr> <td> </td> <?php $start_date = new DateTime($srow['sp_start']); $end_date = new DateTime($srow['sp_end']); $end_date = $end_date->modify('+1 day'); // if you need the end date in the range $interval = new DateInterval("P1D"); $dates = new DatePeriod($start_date, $interval, $end_date); // Traversable date range foreach($dates as $date){ echo "<td align='center'>{$date->format('m/d')}</td>"; } echo "</tr>\n"; $i = 1; $sql = "SELECT emp_id, CONCAT(lname,', ',fname) FROM employees WHERE active = 1"; $res = mysql_query($sql); while ($row = mysql_fetch_array($res)) { $m = fmod($i, 2); if ($m == 0) { // $i is EVEN echo '<tr class="even">'; } else { // $i is ODD echo '<tr class="odd">'; } echo "<td align='left'>{$row[1]}</td>"; foreach($dates as $date){ echo "<td><input type='text' name='emp[{$row[0]}][{$date->format('Y-m-d')}]' size='2' style='text-align:right;'></td>"; } echo "</tr>\n"; $i++; } ?> </table> </form>

please, for the love of coding, set php's error_reporting to E_ALL and display_errors to ON in your php.ini to get php to help you. you have a fatal php parse error in your insert_contact.php due to using double-quotes within a double-quoted string.

A) what exactly does this have to to do with the forum section you posted in - PHP Applications Drupal, Joomla, Zen Cart, osCommerce, MediaWiki, etc.? B) given that you just parroted a reply in another thread where someone didn't ask an actual question in their post, what exactly is the question or problem you have with this code? C) you have been told in other threads to post code using the forum's bbcode tags.

as a continuation of the above reply, the date you submit from the form should already be in the YYYY-MM-DD format so that you don't need to do any further conversion of it to use it in a query.

use a multi-dimensional array name for the field, with the first index being the employee id and the second index being the date. also, don't repeat code, especially code that runs a query inside of a loop. you are already getting all the formatted dates using a for(){} loop. store those dates in an array and simply loop over that array each time you need to produce the result based on those dates.