mac_gyver
-
Posts
5,449 -
Joined
-
Days Won
174
Everything posted by mac_gyver
-
you would use your database library's error function in your existing error handling logic to get your code to tell you why the query is failing. what database and php database library are you using? also, temporarily setting php's error_reporting to E_ALL and display_errors to ON may help expose why your connection isn't working.
-
encryption/decryption pads some data values with trailing null's, if i remember correctly. A) you should not be dynamically composing the table name, that implies you have created a bunch of tables that hold same type/meaning data. B) do you have a good reason to encrypt/decrypt a value being stored in a session? C) depending on your encryption/decryption being used, you may need to trim trailing nulls. D) if the value in the session variable comes from the user, you need to validate that it contains ONLY an expected value/table name before stuffing it into the query to prevent sql injection.
-
i'm guessing that your searches that don't match anything have some white-space/non-printing characters in with the data - new-line, tab, space, null. where are you getting/submitting the $nameSearch value from and are you doing any validation/filtering/trimming on it? -
i don't know, did it help you when you tried to produce the links with the ADID values in them and to find just the data in the .xml file that matches the submitted ADID value? if you identified that your data has a usable value in it, that's just the first step. the next step would be to actually try to solve this yourself. the other forum members here are not the ones who are trying/need to do this, you are.
-
all you are doing here is trying things and just dumping your error messages on a forum. why don't you try to troubleshoot what is causing the problem yourself? at least pin down which code or query is failing and post the current code/query so that someone would know what you tried.
-
phpmyadmin is just a php script that you can download and install on any server running php. SQL Buddy is also a usable php script that you could install and do this with. if you still need the query to do this, its -
-
xml is intended as a data exchange format between different systems, not a database. if your xml data doesn't already have a unique way of identifying each different block of data (or the .xml file will never change, which is unlikely), you would need to alter your xml data format to add a unique identifier to each block of data. this will be a much simpler task, taking less code and effort on your part, and run much faster, if you store this data in a database so that you can let the database assign and manage a unique id for each different piece of data.
-
article adds using a URL but not my upload box
mac_gyver replied to KevHopwood's topic in PHP Coding Help
you haven't clearly stated exactly what the current problem is (we only see the information that you put in your posts.) you previously stated that the file was being uploaded, but not being added to the database table. the code change that fastsol handed you would have fixed that problem. if it didn't correct that problem, you would need to tell us what it did do, and if the problem changed, you would need to tell us that too. -
the query that's failing is SELECT DATABASE $database. if you want to select a database using a query statement, it would be USE $database
-
[HTML][PHP][JAVA] login form with select box link to other page
mac_gyver replied to r1nk's topic in PHP Coding Help
what's wrong with retrieving the user's type from your database table (on each page request so that you can change to limit what anyone can do on the fly without requiring them to re-login) and using that information to determine what is output on any page? your current method would suggest that a student, for example, could select Admin in the drop-down and be redirected to the Admin page. is that something you want to allow? -
Suggestions and opinions on my sanitize function
mac_gyver replied to rk8479's topic in PHP Coding Help
also, the is_int and is_string functions test the type of the variable, not what's in them. you can have a string variable that contains a number (all $_POST/$_GET variables are strings variables, no matter what they contain.) and you could have a value that looks like a number, such as a phone number or a zip code that only contains numerical characters, but it is actually a string (with things like leading zero's) that if you treat it as a number in your code, it will be altered and won't have the same meaning as the value that was entered. -
[HTML][PHP][JAVA] login form with select box link to other page
mac_gyver replied to r1nk's topic in PHP Coding Help
as already mentioned in one of your previous threads, your login form/form-processing is not the place to select the type as the user's information stored in your users table tells your code what type the user is, not the other way around. the purpose of your login form/form-processing is to authenticate the user, i.e. to check who they are by entering and testing their username and password. you are making this harder than it really is. -
site was just working! now its not, sessions
mac_gyver replied to ryanmetzler3's topic in PHP Coding Help
your code needs to have the display_errors/error_reporting settings as the first php statements so that if there are any errors when the session_save_path() and session_start() statements run you would know about them. what is your code that is setting the $_SESSION variables? are you sure they are even being set in the first place? -
mysql has an IN() comparison operator - $cat_ids = array(12,26,32); $ids = implode(',',$cat_ids); $sql = "SELECT * FROM `categories` WHERE `cat_id` IN($ids)";
-
i see an amount of code/data that isn't doing anything and isn't needed. i recommend you start by defining what the posted code is supposed to do - allow the currently logged in user to update his password. you would typically require the old password to be entered (in case a session has been hijacked), along with the new one, plus the new one retyped. all the posted code (form processing and the form) should be inside a conditional statement that has checked if the current visitor is logged in (in which case you would know the user_id from the login/authentication code, and not need to pass it as a get variable or as a hidden form field, which is insecure for this operation anyway since that would let anyone try to update/screw-up someone else's password.) bindColumn is for binding the columns you have SELECT'ed and it's generally not needed. you can just fetch the resultant row(s).also, the numerical parameter is the column number in the SELECT term, it's not the actual column numbers in your table. you are suppling the input data in your $stmt->execute() statement. there's no need to bind the inputs in this case, though you get more control/checking if you do bind the inputs.
-
Please help my INSERT and UPDATE scripts have ceased working
mac_gyver replied to designsweb's topic in PHP Coding Help
if you correct or simply remove the <span></span> tag in the code that Muddy_Funster posted or do a 'view source' of the output in your browser, you will be able to see what the mysql_error() statement returned. -
you will probably have better luck writing the output to a text file and piping it to the printer using a system() statement.
-
is your table actually named table? if so, that's a reserved mysql keyword and is producing a query error. to use a reserved keyword as a table or column name, you must enclose it in back-ticks `` or even better, rename it to something else that indicates the purpose of the table. you need to ALWAYS have error checking logic in your code to test if a step that might fail has worked or not before trying to use the result from that step. your code would have been telling you that the query failed and provided some information about where in the query the problem was at.
-
mysql_result is the only database function that throws a php error when the query ran but didn't match any rows. you need to use what cyberRobot suggested to get the id, but your code has some other problems. 1) you need to validate the inputs, so that you don't run the rest of the code and insert empty rows, just because your page got requested (i.e. by a search engine spider.) you should only run the insert query if you know you have valid data. at least test to make sure the required values are not empty. 2) you need to escape string data and validate/cast numerical data (or user prepared queries) before putting values into the query statement to prevent sql injection and to prevent query errors. 3) you need to test if your insert query ran without any errors and that it actually inserted a row before you can attempt to get the id. i suspect your insert query is failing with an error of some kind and having some error checking logic in your code would tell you if and why your query is failing, and would prevent more errors in the code that follows the query. 4) the mysql_ database library is depreciated in php5.5 and all new code should be written using either the mysqli_ or PDO database library. now is the time to switch so that you don't have to waste time in the future rewriting all your code.
-
it would probably help if you shared the variable name that's not defined and at which line in the posted code the error is occurring at.
-
are you sure the include("\db-config.php"); statement is even working? that path is referring the root of your disk, which is an unlikely place for a .php file to be at.
-
you need to use the $mysql->error property to find out why the query failed.
-
trying to verify a quantity of invalided email address at the receiving mail server would quickly get your sending server flagged as someone probing the server for valid email addresses (and a lot of mail servers silently ignore email they have no intention or ability to deliver so as to not give feedback to probing attempts.) the server doesn't know if you are trying to find active email addresses vs testing for invalid ones. your best bet would be to take all the bounced email addresses and remove/flag-as-invalid in your list and don't send to them any more, repeat for any future bounced replies.
-
php, correctly, has local variable scope in functions. this is so that the only affect a function will have on the calling code is at the point where it is called. this also helps with the design of a function, since you must define what inputs it needs, so that you can define a call time parameter for each input. i recommend that you get your overall logic to work first. then you will be able to see what repetitive code there is in it that would benefit by using a function.
-
you also don't need a user type dropdown on your login page, since you will know which type the user is when you authenticate them against this single user table that contains the type_of_user column. the only place you would need a user type dropdown is you are allowing an administrator to assign a user type to other user(s).