mac_gyver

foreach(array_keys($matches[1]) as $key) { echo "SKU number {$matches[1][$key]} costs {$matches[2][$key]}<br>"; }

you should have one login system with a single set of ids. if your user login system and admin login system reuses ids, those users having ids the same as an admin will appear to be the admin with that same id. Keep It Simple.

so, now you have to maintain two almost identical pages, where every change you make to the poll output, must be repeated in both pages. that's the wrong direction to move toward when doing programming. you want to reduced the amount of work you have to do to create and maintain a web site, not increase it. what's wrong with adding a simple conditional test where the two links appear at in the html document, so that they are only output if the current user is an admin? Keep It Simple (KISS.) edit: i also recommend that you convert your mysqli based code to use PDO. it is very simple to do so and actually eliminates a bunch of lines of code. you will also be able to directly fetch the result from the query into an appropriately named array variable, such as $user_data, so that you don't need to worry about naming a bunch of variables to keep from overwriting other variables that may already exist.

now that we know a bit more about what you are doing, a multi-page form, collecting data that eventually gets used for some purpose, now would be a good time to switch to using a data-driven design, to eliminate all the repetitive code for the data collection, rather than to spend time fixing each page of it.

i was able to make the code repopulate the fields/select-option, when navigating around, using 3 lines of code and one conditional test, added to the get method business logic section. i won't post the code i came up with because it is probably not how your application is determining which step/page it is on. you could also just merge the successful $post data into the $_SESSION['step'] array inside the post method form processing code, then when the page is visited without any $post data, copy the whole $_SESSION['step'] array back into $post (which i just tested and it works as well.) if you want help with anything your application is or is not doing, you must post enough of the code so that someone here can reproduce what it is doing.

for the activity you have shown in this thread and using the previously given programming practices about how to organize, cleanup, and code your form processing and form, a lot of this typing of code goes away, you would end up with the following - <?php /* put any error relating settings in the php.ini on your system you may have a need to store the result from some step in session variable(s), but by unconditionally storing each piece of post data, you are doubling the amount of code needed. only store the end result. Keep It Simple (KISS.) to dynamically generate a select/option list, you would not use discrete variables for each value and write out logic for each option. you would instead have an array of the values, then loop to dynamically build the options. in html5, an empty action='' attribute is not valid. to get a form to submit to the same page it is on, leave the action attribute completely out of the form tag. you should validate your resulting web pages at validator.w3.org */ // initialization session_start(); $post = []; // an array to hold a trimmed working copy of the form data $errors = []; // an array to hold user/validation errors // post method form processing if($_SERVER['REQUEST_METHOD'] === 'POST') { // trim all the data at once $post = array_map('trim',$_POST); // if any of the fields are arrays, use a recursive trim call-back function here instead of php's trim function // validate inputs if($post['owner'] === '') { $errors['owner'] = 'The owner is required.'; } if($post['renter'] === '') { $errors['renter'] = 'The renter is required.'; } if($post['state'] === '') { $errors['state'] = 'The state is required.'; } // add validation for other inputs here... // if no errors, use the form data if(empty($errors)) { // if this is a step in a multi-step process, store the now validated data in a specific session variable $_SESSION['step'][1] = $post; } // if no errors, success if(empty($errors)) { // if you want to display a one-time success message, store it in a session variable here, // then test, display, and clear that session variable at the appropriate point in the html document $_SESSION['success_message'] = 'Some success message for this step in the process'; // redirect to the exact same url of the current page to cause a get request for the page die(header("Refresh:0")); } } // get method business logic - get/produce data needed to display the page // query to get the states in the order that you want them // fake some values $states = []; $states[]="Maine"; $states[]="Texas"; // html document ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Form processing/form example</title> </head> <body> <?php // display and clear any success message if(isset($_SESSION['success_message'])) { echo "<p>{$_SESSION['success_message']}</p>"; unset($_SESSION['success_message']); } ?> <?php // display any errors if(!empty($errors)) { echo "<p>".implode('<br>',$errors)."</p>"; } ?> <form method="post"> <label>Owner: <input type="text" style="width:255px;" name="owner" value="<?=htmlentities($post['owner']??'',ENT_QUOTES)?>"></label><br> <label>Renter: <input type="text" style="width:255px;" name="renter" value="<?=htmlentities($post['renter']??'',ENT_QUOTES)?>"></label><br> <label>State: <select name="state"> <option value="">select state</option> <?php foreach($states as $state) { $sel = isset($post['state']) && $post['state'] === $state ? 'selected' : ''; echo "<option value='$state'$sel>$state</option>"; } ?> </select></label><br> <input type="submit"> </form> <?php // note: if you have the need for a 'clear' session function, add that as a separeate post method form, with a hidden field with a value to indicate that action // then test for that action value in the form processing code to clear the session data ?> <?php // display the content of the session if(!empty($_SESSION)) { echo '<pre>'; print_r($_SESSION); echo '</pre>'; } ?> </body> </html> and as already mentioned, if you have more than 2-3 form fields, you should use a data-driven design, where you have a data structure (database table, array) that defines the expected form fields (for each step), validation rules, and processing for each field, then dynamically validate and process the form data, rather than to write out bespoke logic for each field.

the following is a 'tricky' example of INSERTing data that satisfies a maximum count of rows - $query = "INSERT INTO team_members (team_id, staff_id, stafftype) SELECT -- the following values being SELECTed are the actual data values to insert ?,?,? FROM DUAL -- dual is an allowed dummy table name to satisfy the FROM ... WHERE syntax WHERE (SELECT COUNT(*) FROM team_members WHERE team_id = ? AND stafftype='leader') < 1 -- insert the data if the WHERE (subquery count) < 1 is TRUE"; $stmt = $pdo->prepare($query); $stmt->execute([$team_id, $staff_id, $stafftype, $team_id]); if($stmt->rowcount()) { echo "A leader row was inserted for team_id: $team_id, staff_id: $staff_id<br>"; } else { echo "A leader already exists for team_id: $team_id<br>"; } this example was to insert a maximum of one 'leader' row per team id. you would change it to insert a maximum of two rows per datetime appointment slot. because this uses a single query to both get a count of the number of existing rows and insert a new row, it will work correctly for multiple concurrent instances of your script.

code for any page should be laid out in this general order - initialization. post method form processing. get method business logic - get/produce data needed to display the page. html document. the post method form processing should - detect if a post method form has been submitted before referencing any of the form data. keep the form data as a set in a php array variable, then operate on elements in this array variable throughout the rest of the code. trim all the input data, mainly so that you can detect if it consists of all white-space characters. validate inputs, storing validation errors in an array using the field name as the array index. after the end of the validation logic, if there are no errors, use the form data. after using the form data, if there are no errors, perform a redirect to the exact same url of the current page to cause a get request for that page. any redirect needs an exit/die statement after it to stop code execution. to display a one-time success message, store it in a session variable, then test, display, and clear the session variable at the appropriate location in the html document. if there are errors at step #5 or #6 on this list, the code would continue on to display the html document, where you would display any errors and redisplay the form, populating the form field values with any existing data. since there won't be any existing data values the first time the form is displayed, you need to address this at the point of using the values in the form. php's null coalescing operator ?? is a good choice to use here. any external, dynamic, unknown value output in a html context should have htmlentities() applied to it to help prevent cross site scripting. once you have detected that a post method form has been submitted, except for unchecked checkbox/radio fields, all form fields will be set and won't produce php errors. for checkbox/radio fields, you need to use isset() statements to test if they are set before referencing them in the form processing code. since the posted code isn't detecting if a post method form has been submitted at all before referencing the form data and isn't doing anything for item #10 on this list, you are getting unnecessary php errors. btw - if you have more than 2-3 form fields, you should use a data-driven design, where you have a data structure (database table, array) that defines the expected form fields, validation rules, and processing for each field, then dynamically validate and process the form data, rather than to write out bespoke logic for each field.

is there an actual question in this?

DOM ids should start with a letter (though browsers will probably let you use ones that start/are just a number.) the parameter in the function call is a string and must be surrounded by quotes. the onclick='...' attribute must also be quoted. the two quote types must be different. the id attribute in the <div ...> must also be set to be the same value as the parameter in the function call. i recommend that you slow down and reread the linked to example.

DOM ids must be unique. you basically have the same problem (and solution) as in this recent thread - https://forums.phpfreaks.com/topic/315508-php-and-javascript-with-mysql-copy-button/

the msyqli extension does have a fetch_all() function/method, which they finally fixed so that it doesn't depend on the mysqlnd driver, but it is still messed up in that the default fetch mode is numeric, which is different from the default fetch mode for every other general fetch - both/assoc/numeric statement, because the nimrods that programmed this didn't understand that the fetch mode applies to the rows of data, not the all-array holding those rows.

yes. if you were using the PDO database extension, it has a fetch mode that will directly produce an array of the SELECTed column values.

$sku = array( '1234', '5678', '4444', '2222', '9393', '1111', '8689' ); foreach(array_chunk($sku,5) as $chunk) { $qs = '&SKU=' . implode('&SKU=',$chunk); // examine the result echo $qs . '<br>'; }

i would use array_chunk() to break the starting array into chunks of 5 elements, with the last chunk containing the remainder. you can then simply use a foreach(){} loop to loop over the chunks. rather than concatenating to build the query string, just implode each chunk array.

the main point of using a prepared query, e.g. with place-holders in the sql statement where the data values are to be acted upon, then supply the actual data values when the query is executed, is to prevent any sql special characters in a data value from being able to break the sql query syntax, which is how sql injection is accomplished, by separating the parsing of the sql query syntax from the evaluation of the data values. a secondary point is they provide a performance gain (~5%) in the rare cases when you execute the same query within one instance of your script with different data values, since the sql query statement is only sent to the database server once, where it is parsed and its execution is planned only once.

the simplest, straightforward solution would be to query on each page request to get the current user's status. even though you are not performing any of the actions i listed, you are forcing the user to become logged out. in the current code you should have login check logic on each protected page, that starts the session and tests if $_SESSION['unique_id'] is or is not set. you would change it to the following to cause a status value of "Offline now" to log the user out and redirect to the logintool.php page - <?php // this sets the lifetime to zero and the rest of the values to null session_set_cookie_params(0); session_start(); // login check code if(!isset($_SESSION['unique_id'])) { // if not logged in, go elsewhere header("location: https://www.peredy1.com/adminchat/logintool.php"); die; } // at this point there's a logged in user, get the user's current status // note: use 'require' for things your code must have for it to work require "config.php"; $sql = "SELECT status from users WHERE unique_id = ?"; $stmt = $conn->prepare($sql); $stmt->bind_param('i', $_SESSION['unique_id']); $stmt->execute(); $stmt->bind_result($user_status); $stmt->fetch(); if($user_status === "Offline now") { // force a log-out // note: you should only unset() $_SESSION['unique_id'] since a session can contain other pieces of data session_unset(); session_destroy(); header("location: https://www.peredy1.com/adminchat/logintool.php"); die; } // at this point the user is logged in and can access the rest of the code on the protected page

no. the session data files are managed by php.

session_save_path() returns the path of the current directory used to save session data.

it's in the posted code, by deleting the session data.

you would have to find out where the session data files are stored and unlink() them. it would be much better to query on each page request to get the user's current status, so that you can individually implement things like promoting, demoting, suspending, or banning a user.

the code wasn't designed to let you do this, because it isn't querying on each page request to get the user's current status, which would let the login check code force a log-out based on a value stored in the database table. you can either rewrite the code to do this, or you could delete all the session data files, which would also log-out the admin performing this action, unless you want to scan through the session data files to find the one for the admin and not delete it too. btw - not only should the logout be a post method form, but using mysqli_real_escape_string() on a value that isn't being used in a string context in a query doesn't provide any sql injection protection, which still can occur for trusted users if cross site scripting is possible, since any value submitted to your code can be changed by cross site scripting to be anything and cannot be trusted. the only fool-proof way of preventing sql injection is to use a prepared query.

in general, functions should accept input data as call-time parameter(s), so that they can be reused with different input values. start by dynamically building the id attribute, incorporating the $row['id'] value (note: you can put php variables directly into an overall double-quoted string without all the extra quotes and concatenation dots) - id='c_{$row['id']}' dynamically build the function call with the same value as its call-time parameter - <button onclick=\"myFunction('c_{$row['id']}')\">Copy</button> modify the function definition to use the call-time parameter as the id of the element to reference - function myFunction(id) { // Get the text field var copyText = document.getElementById(id); .. the rest of the function code is the same

the variable in question contains a string, because that's what you wrote a line of code to cause that variable to contain. that line of code was not in the most recent previous code. why are you making random changes for no reason? why are you even changing the name of the database connection variable, which should be named as to what type of database connection it contains, so that you can easily see or search which code is using a connection type that's different from what you were previously using in your code? the example code I posted some time ago was error free, secure in both an sql and html context (the htmlentities() call was in the proper location, where a dynamic value was being output as a form field value), provided a good User eXperience (UX), was as SIMPLE and straightforward as possible, without a bunch of unnecessary typing, variables, and logic, and through the suggested php error related settings, validation logic, and error handling, would have either worked or told you when and why it didn't work. now you have a bunch of assembly line repetitive typing crap that took over a month to come up with and still doesn't work.

the number of concurrent database connections is only limited by your database server/hosting, and is typically several 100. your script could (but shouldn't) make a dozen connections using both mysqli and PDO at the same time. the PDO extension is better designed, simpler, and more consistent than the mysqli extension. as an added benefit, works with 12 different database types, so you are not learning a new set of php statements for each database type. if you had some problem using the PDO extension, you would need to find out why and fix it. the following is typical PDO connection code - $DB_HOST = ''; // database host name or ip address $DB_USER = ''; // database username $DB_PASS = ''; // database password $DB_NAME = ''; // database name $DB_ENCODING = 'utf8mb4'; // db character encoding. set to match your database table's character set. note: utf8 is an alias of utf8mb3/utf8mb4 $options = [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, // set the error mode to exceptions PDO::ATTR_EMULATE_PREPARES => false, // run real prepared queries PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, // set default fetch mode to assoc ]; $pdo = new pdo("mysql:host=$DB_HOST;dbname=$DB_NAME;charset=$DB_ENCODING",$DB_USER,$DB_PASS,$options);