mac_gyver

you need to find out how the site was hacked, where the security hole is, before you would have anything to fix.

posting both your form and your php form processing code would allow someone to see what your code is doing and what to change in it.

the $ID variable contains a result resource from one query and inserting it into a string would result in something like Resource id #4 being put into the next query statement.

@ellchr3, based on the code you posted and the second method i suggested (attempt to fetch the row your existing query returns, since you want the data from any matching row) here's some untested (i didn't feel like setting up an obdc connection) code to try. $sql = "SELECT username FROM user_access WHERE username = '$username' AND password = '$password'"; $rs=odbc_exec($conn,$sql); if(!$rs){ // query failed with an error die("Query failed: $sql<br>Error: ".odbc_errormsg($conn)); } // query ran without any error if($row = odbc_fetch_array($rs)){ // the entered username and password match a user's row echo "You're in! Click here to enter the <a href='member.php'>Provider Database</a>"; $_SESSION['username']=$row['username']; } else { echo "Incorrect username or password!"; // but i won't tell you which } notes: 1) your query is testing the username and password values. if a row is found, there's no need for more logic to test the username and password again. 2) your code in a different thread is testing if the query produced any errors. you need to always do that to prevent the rest of your code from producing more errors and unexpected results when it tries to use the data from a query that failed due to an error.

just some guesses - 1) you are not validating the data in php form processing code. doing this in the form won't stop anyone from submitting anything they want or from submitting empty values. 2) empty form fields are not null values. they are empty strings. putting an empty string or a non-existent variable inside of ' ' in your query makes them into empty strings and the database is 100% okay with inserting empty strings. 3) the data might actually be white space characters, space, tab, newlines you need to trim, filter, validate, and escape the data in the php form processing code.

he wants help with the problems in his code. not to have to spend time making someone else's code work with his database type and then to still need to correct the specific things that are preventing it from working with his database type.

what does the "view source" of the page show?

the same complete path and filename that you used in fopen() needs to be used in filesize() or you could just use one function like file_get_contents to replace three lines of code. ATTACH_FOLDER.$new_file

you are missing the ; on the end of the string assignment statement.

$query = "SELECT id, col1, col2, datum, col4, col5, col6, col7, col8, col9 FROM table WHERE `datum` = '$datum'"; // form the query statement in a variable echo $query; // echo the query statement

@kendris, your code has nothing to do with the op's problem. he is using an entirely different database and the problem concerns a function for that database.

that should find exact date matches. if it didn't, you would need to troubleshoot why. the first step should be to form your sql query statement in a variable so that you can echo it to see exactly what the query statement is.

there are excellent examples in the mysqli section of the php.net documentation.

there's no guarantee that odbc_num_rows will return the number of rows in a select query result set. you should either use a SELECT COUNT() query and fetch and test the count value or actually attempt to fetch the row your existing query returns and test if the fetch statement worked.

it's $_POST not $post

if you want to match just the month number(s) to values, you would use a lookup array to do that - $map[4] = $video_name1; $map[5] = $video_name1; ... $today = date('n'); // 1-12 include $map[$today]; if you want to use any arbitrary month-day start and end you would use an array that lists the start and end values that you can loop through to find the matching entry - $map[] = array('04-01','05-31',$video_name1); $map[] = array('06-01','07-31',$video_name2); ... $map[] = array('12-01','12-31',$video_name5); // break up any value spanning the end/start of the year $map[] = array('01-01','01-31',$video_name5); ... $today = date('m-d'); // 01-01 - 12-31 foreach($map as $arr){ if($today >= $arr[0] && $today <= $arr[1]){ include $arr[2]; break; } }

your code should be doing everything dynamically using the column names. the post by davidannis would let you get all the column names. you would use those column names or a subset of them in your form and the actual column names would be submitted to use in the display logic. since any column name could be submitted by altering the form data, you should validate the submitted column names before you use them in case you don't want to permit the display of some of the information, such as displaying a "password" column or displaying personal data to visitors not authorized to see that type of information.

if your question concerns retrieving the actual data that is being edited, it is best to query the database in case someone else has made changes to the same record. you will get the newest values and/or find that the recored is locked by someone else making changes to it at the same time you are trying to.

putting the [optional] connection parameter into the query statement won't fix the fact that the extension isn't installed. to the OP, if you should happen to visit this thread, starting in php5.3 the mssql extension is no longer available and you must switch your code to use the SQLSRV extension. wherever you found the php_mssql.dll file at, it is likely not complied for the same version of php you are using and isn't loading due to errors (check the web server error log.) this regurgitated information can be found in the mssql documentation at php.net

this is one of those cases where explaining how to do it takes longer than writing the code. the key is to detect when the storeid changes and execute logic to finish one table and start the next one. <?php $connection = mysql_connect("localhost", "username", "password"); //connect to server with these creds, store in $connection variable if(!$connection){ die('Could not connect: ' . mysql_error()); } //if $connection can not connect give error mysql_select_db("db_name", $connection); //select database name for $connection //sql select query for hour $sql ="SELECT storeid, dept, SUM( qty ) AS 'Weekly Total Quantity', SUM( value ) AS 'Weekly Total Value', AVG( avgqty ) AS 'Weekly Average Quantity Per Hour', AVG( avgvalue ) AS 'Weekly Average Value Per Hour', SUM( value ) / SUM( qty ) AS 'Avg Value Per Item' FROM depthour GROUP BY dept, storeid ORDER BY storeid, dept"; //echo "SQL Query used: "; echo $sql; $query = mysql_query($sql); //give resource the variables if(!$query){ // add this check. die('Invalid query: ' . mysql_error()); } if(mysql_num_rows($query) < 1){ echo "There are no matching rows to display"; } else { $current_store = null; // start with none while($row = mysql_fetch_array($query)){ //display results for hour entered by user if($current_store !== $row['storeid']){ // the store changed if($current_store !== null){ // finish an existing table echo "</table><br>"; } // start a new table echo "<table border='1' cellpadding='2' cellspacing='3' width='70%'>"; echo "<tr><th colspan='6'>Weekly Statistics for Store: {$row['storeid']}</th></tr>"; echo "<tr><th>Department</th><th>Weekly Total Quantity</th><th>Weekly Total Value</th> <th>Weekly Average Quantity Per Hour</th><th>Weekly Average Value Per Hour</th> <th>Avg Value Per Item</th></tr>"; $current_store = $row['storeid']; // store the new storeid } // output the table row of data echo "<tr><td>{$row['dept']}</td><td>{$row['Weekly Total Quantity']}</td> <td>{$row['Weekly Total Value']}</td><td>{$row['Weekly Average Quantity Per Hour']}</td> <td>{$row['Weekly Average Value Per Hour']}</td><td>{$row['Avg Value Per Item']}</td></tr>"; } // finish the last table echo "</table><br>"; }

your "stock" table should have a "location" column that holds the id of the location the stock is at. you should have a "location" table that you simply add a row to with a new id (auto-increment) and the new location details any time you need to add a location.

if nothing is displayed by the original code, then either you are not actually setting it or one of your session_start statement(s) is missing or is not working or you have managed to clear it at some point. is your php's error reporting set to display all errors?

you have mentioned your site a couple of times. that code allows sql injection in the search value and will allow the display of the contents of any of your database tables. i don't think you want to put that code onto a live site without correcting the sql injection problem in it first. if you truly wrote that code, rather than just copy/paste it and modifying it to match your database connection and table, changing the pagination link code like i suggested should take you about 5-10 minutes.

if you don't have the programming skills to attempt to modify this script, just find a different script that works using page numbers.

the code you found or wherever you learned php is 11 years out of date and won't work on current versions of php. throw that code away and find an up to date source of php information to code from.