mac_gyver

afraid not. that's not how help/learning works.

if this code ran as expected on your localhost development system (actually inserting the submitted form data), it was because the default mysql credentials in your php.ini happened to match what you are using and the msyql_real_escape_string() statements were able to make a database connection. you have two problems in your code, which i have already mentioned above and to fix them, you need to 1) move your code using mysql_real_escape_string() so that it is right before you put the data into your sql query statement. this will move it so that it is after the point where you have made a database connection. your validation logic needs to test the un-escaped values from the form. 2) your code containing the mysql_query() statement needs to be inside of the else{} statement where you are making the database connection. it is currently outside of and after this else{} statement. this else{} statement is currently false and is not running because of problem #1 (all the variables from your form are being set to a null from the mysql_real_escape_string() statements since there isn't a database connection.) @jazzman1, just because you cannot reach this database host/port from an external server, doesn't mean that a web server who's ip address has been allowed to make database connections to it cannot.

you must have a database connection before you use mysql_real_escape_string(). mysql_real_escape_string() is trying to create a database connection because there's isn't a connection already. also, you should only escape string data right before you use it in a query. doing this before your validation logic can cause your validation logic to produce a different result than you expect, depending on what you are validating for. you also don't have a valid database connection at the msyql_query() statement on line 84 and the mysql_query() statement is trying to create a database connection, edit: because your database connection logic is inside of a conditional statement that is false.

the suggestion in the second paragraph would look like - $_GET['pn'] = $nextPage; // set $_GET['pn'] to the value you want in the link $qs = http_build_query($_GET, '', '&'); // produce the url query string with all existing $_GET variables $paginationDisplay .= " <a href='?$qs'> Next</a> "; // build pagination link note: $_SERVER['PHP_SELF'], in some versions of php included the url query string and allowed cross site scripting and should not be used. you can leave it out and all current browsers will correctly produce a url that submits to the current page.

two == is a comparison operator. your code is not assigning a value to $fn (one =), it's comparing $fn with 1 or 0 and if you had php's error reporting turned full on, you would know this because you would be getting an undefined variable error at the $fn references.

you must pass the search term(s) between pages. the easiest way of doing that is to use mode='get' in your search form so that the search terms are in the url query string/$_GET variables. then you need to include those search terms in the pagination links. the easiest way of doing that is to use http_build_query(). you can set your pagination pn=x attribute in to the existing $_GET variables (i.e. $_GET['pn'] = x; ), then build the url query string using all the existing $_GET variables (i.e. $qs = http_build_query($_GET, '', '&'); ), then just echo this $qs variable in the url's you are building.

http://dev.mysql.com/doc/refman/5.6/en/update.html

the missing php tags would have resulted in a fatal php parse error. do you have php's error_reporting set to E_ALL and display_errors set to ON in your php.ini (putting these settings in your script won't show fatal parse errors) so that php will help you by reporting and displaying all the errors it detects?

@Roopavathy, your code is not logical and some of it is not doing anything (that needs to be in there.) line 13 (in your post) if($row['Examno']==$exno) is testing if the row matches $exno. you already know that will be true because that's the condition you put in your query. line 50 (in your post) while($_GET['Examno']==$exno) is looping while the get variable matches $exno. again you already know that will be true because on line 3 in your posted code you have set $exno=$_GET['examno']; also, this while(){} loop will loop forever (or until php times out) because the condition being tested never changes. next, you have 12 column values you are using inside of your loop. you don't need to create separate variables from each value (saving 12 lines of code). you can just use the $row['Examno']... variables directly in your code, especially since you are using each one only one time. you can also put php variables inside of double-quoted strings " ... " without using concatenation. an array variable like $row['Name'] does need {} around it when put into a string. what your posted code would look like without the unnecessary bits - include("CommentBox/includes/Connection.php"); $exno=$_GET['examno']; $query=mysql_query("Select * from results where Examno='$exno'",$con); if (!$query){ die ("Problem in query".mysql_error($con)); } while($row=mysql_fetch_assoc($query)) { echo "<table> <tr><td>Name:</td><td>{$row['Name']}</td></tr> <tr><td>Exam no:</td><td>{$row['Examno']}</td></tr> <tr><td>Roll No:</td><td>{$row['Rno']}</td></tr> <tr><td>Semester:</td><td>{$row['Sem']}</td></tr> </table>"; echo "<table> <tr><td>Paper Code</td><td>Title</td><td>CIA</td><td>ESE</td><td>Credits</td><td>Grade</td><td>Grade Pt</td></tr> <tr><td>{$row['Subcode']}</td><td>{$row['Title']}</td><td>{$row['CIA']}</td><td>{$row['ESE']}</td> <td>{$row['Credits']}</td><td>{$row['Grade']}</td><td>$row['Gradept']</td></tr> </table>"; } finally, is that your intended output? one table with the student information, followed by a second table with the exam information for that student, repeat both tables for each student?

the first step would be for you to post the error you got so that someone here would have a starting place upon which to help you.

UPDATE queries don't return result sets. why are you trying to use bind_result at all. bind_result is used for a SELECT/SHOW/EXPLAIN query. after you correct bind_result to be bind_parm, do you understand that the array you pass as the second parameter to call_user_func_array() contains the parameters you are trying to supply to the bind_parm() statement? the first element of that array would be the 'si' string. the following array elements would be references to the actual data. this is the only place you use references. however, since you are NOT dynamically binding an arbitrary number of parameters to the query, why are you even using call_user_func_array()? you would only use call_user_func_array() when the number of bound parameters is dynamic.

here's a basic example/outline showing how to do this - // define all the information about the data your code needs $fields['company'] = array('legend'=>'Company Name','type'=>'text'); // add other elements as needed by the logic $fields['comp_uw'] = array('legend'=>'I\'m not sure what uw would be','type'=>'text'); $fields['comp_street'] = array('legend'=>'Street Address','type'=>'text'); // define other fields here... // the following code is 'data' neutral. it doesn't know or care how many pieces of data there are or what type (after the code is completed to handle the different types) they are // process the form if($_SERVER['REQUEST_METHOD'] == "POST"){ $errors = array(); // keep track of validation errors in this array $data = array(); // the following logic will place validated, cast/escaped/quoted (as appropriate) data into this array // loop over the $fields array and access the corresponding $_POST[$key] to reference the data foreach($fields as $key=>$value){ // your validation logic goes here... // for this example code, simply copy/escape/quote string type data switch ($value['type']) { case "text": case "textarea": $val = $mysqli->real_escape_string($_POST[$key]); // escape string data, you actually need to use prepared queries to simplify even this $data[$key] = "'$val'"; // quote string data break; } } if(empty($errors)){ // validation passed, use the submitted data to produce and run the query $query = "INSERT INTO your_table (`".implode('`,`',array_keys($fields))."`) VALUES (".implode(',',$data).")"; echo $query; // see what the query looks like } } // produce the form // you would also display any validation error messages in the $errors array echo "<form method='post' action=''>"; foreach($fields as $key=>$value){ echo "<label for='$key'>{$value['legend']}: </label>"; echo "<input type='{$value['type']}' id='$key' name='$key'><br>"; } echo "<input type='submit'></form>";

i seem to mention arrays in just about every thread i reply in, but you need to use arrays to simplify your code/data. let the computer do the repetitive tasks of listing out everything multiple times, in your form, in your processing/validation code, and in your query. you should only list/define information once, i.e. make your code 'driven' by the data, rather than writing out code for every field and having to find and edit your code any time you add/remove/change anything about the amount of fields. after all, computers were designed to perform repetitive tasks, very fast, tirelessly, and without making mistakes. ignoring any changes your database design needs to normalize it (already mentioned by Psycho), you need to have your list of form/database fields defined in an array (along with the form field type, a legend to display in the form, if they are required or not, what sort of validation to use for each value,...) you would then use this defining array to dynamically produce the form page and use the same array when processing/validating the submitted data and producing the query. the massive INSERT query you have posted would become just a few php statements (after you have validated the data.) one statement that would get all the column names (out of the defining array) and one statement that would get all the data (out of a data array where the validation logic placed it after having validated it.)

now that you have explained that the (uncommented) code you posted was the code intended to filter out bot submissions, all text, textarea, and hidden form fields are set if the form has been submitted. the only types of form fields that might not be set when a form has been submitted are radio-buttons and check-boxes. so, your using of isset() will always be true when the form has been submited. you need to test for empty/not empty or test for an empty string or not an empty string in that field. if that posted logic allowed the form submission to be processed before you changed the name of the field, it was because you had a mis-match in the field names and the field your php code was testing didn't exist at all and wasn't set, ever.

the logic you showed in the first post is backwards. if the $_POST field is set, you echo a message, else you process the form. this might be an actual person and no amount of captchas/hidden fields that should/shouldn't be filling in will help because it is a person using your actual form. what occurs for a successful submission that would be of benefit for a person/bot script? is an email sent to the arbitrary address that was entered that also might contain spam content that was submitted? is the person/bot then able to post spam content on a forum????? what's the actual spam content vs normal content, so that you might get help in detecting/filtering it out? are you logging all the available information about the submission (date/time, ip, all headers in the request) so that you can try to determine where they are being sent from/through and how far a part they are so that you might be able to detect and filter them out?

the PHPFreaks.com Questions, Comments, & Suggestions forum section, where you posted this - php help questions belong in the php help forum section. moving thread....

no, it's not correct. i recommend that you read a php/mysql book or tutorial as you are currently not aware of even the syntax for a php variable and you will also need to know how to fetch a row from the result set that a query returns.

unfortunately, the result that the mysqli prepared statement produces for a SELECT/SHOW query (unless you have PHP 5 >= 5.3.0 using the mysqlnd driver, so that you can use the $stmt->get_result() method to convert it to a mysqli_result) won't be directly usable by your calling code. to lessen the impact on your calling code, and keep your functions operating like black-boxes, if you don't have the $stmt->get_result() method available, you would need to return an instance of a result class that you write that emulates the properties/methods of a mysqli_result object. you could then convert your calling code to use OOP notation so that it would be the same regardless of if the $stmt->get_result() method is available or not. an alternative would be to use PDO prepared queries instead of mysqli prepared queries as the PDOStatement object that a prepared PDO query returns is exactly the same as what a normal PDO query returns. you would need to modify your calling code to use the PDOStatement object's properties.

the problem is you are reusing your variables and overwriting them. but, you should never find yourself running queries inside of loops or of running/processing data from more than one query at one time. your $queryx, $resultx, $rowx variables are an indicator that you are using TOO much code to accomplish a task. you need to run ONE query using a JOIN that gets the rows you want in the order that you want them. the following (untested) should work (i'm not sure i got all the ul/li tags the way you need them to be) - $query = "SELECT c.category,s.subcat_id,s.subcat FROM categories c JOIN subcats s ON c.cat_id = s.cat_id AND c.active = 1 AND s.active = 1 ORDER BY c.category,s.subcat"; $result = mysql_query($query, $conn); $last_heading = null; // remember the heading (category) to detect when it changes, start with a null value while($row = mysql_fetch_assoc($result)){ $category = $row['category']; // save a little typing if($last_heading!= $category){ // detect if the heading changed // heading changed, test if it is not the first heading if($last_heading != null){ // not the first one, close out the previous section here.... echo "</ul></li>"; } $last_heading = $category; // remember the new heading // output the new heading here... echo "<li><a href=''><span>$category</span></a><ul>"; } // output the data under each heading here... echo "<li><a href='products.php?subcat={$row['subcat_id']}'><span>{$row['subcat']}</span></a></li>"; } // close out the final section here... echo "</ul></li></ul>";

dungpt29, please don't bump year old threads that have been answered. the OP asked "Whats the use of checked in ..." and the first reply answered the question.

you cannot just output multiple images. each image must have an <img src=' ... ' alt=''> html tag. the URL you put into the src=' ... ' attribute must result in the correct content type being output, followed by the data for one image. to display all your images, you would need to retrieve all the id's and output each one on the end of the url in the src= ' ... ' attribute it its own <img > tag. then when the browser fetches each image in the <img > tags it finds on a page, your first script will get the id, retrieve the data, output the content type header, followed by the image data for that id.

the error message probably did change to an undefined variable message. the php variable $user_level is not defined anywhere in the posted code. where do you expect it to get its value from and where is your code setting it to that value?

there's a handful of 30 minute ones and a couple of 15/45 minute ones - http://en.wikipedia.org/wiki/List_of_time_zones_by_UTC_offset

you are making a mysqli connection (with an i), but trying to use a mysql_query() (no i). all your database functions must be of the same type, you cannot mix calls to the different database libraries. if you had php's error reporting set to E_ALL and display_errors set to on so that php would help you by reporting and displaying the errors it detects, you would have been getting a error pointing to the problem ($con isn't a mysql_ connection.) also, i'm pretty sure !== isn't a valid mysql database comparison operator and is probably causing a query error.

this isn't the first time someone has asked about a too many connection error with code that opens a connection/runs a query/closes a connection, repeated more than once in a script... i am wondering if when you close a connection in php how much time it actually takes to send that commend to the database server and for the connection/process to actually be shut down on the database server. a possibility - php considers the connection closed when the _close() statement is executed, so that the next connection in the script will attempt to create a new connection to the database server. the database server sees a request for a connection and goes through the process to make a new connection/start a new process to service the connection, but perhaps the previous connection is still in the process of being destroyed/shutdown on the database server. a possible end result - a script doing this could actually be consuming multiple database connections, triggering a too many connection error because each concurrent instance of the script is tying up more than one actual connection/process on the database server.