mac_gyver

the order doesn't matter (see the code i posted.) the field list in the query and the data in the query match each other. if any of the fields you do want are not present in the actual data file, you would need to set up appropriate default values in your database table since the code won't include a column name that isn't in the header line.

as a continuation of the above reply, once you have the result from array_intersect, you can use array_intersect_key against the $data array to get just the correct data values from it. quicker to just post some code - // the fields you want (these can be in any order) $want = array('Latitude','Longitude','DateOccurred','Tripname','Angle','Speed','Altitude'); // the fields from the header line (code to get this from your data is left up to you) $have = array('Latitude','Longitude','DateOccurred','field3','field4','field5','Tripname','field7','Angle', 'field9','field10','field11','field12','field13','field14','Speed','Altitude','field17'); $map = array_intersect($have,$want); // get only the fields you want $fields = implode(',',$map); // use this to make the list of field names in the query statement $date_field = array_search('DateOccurred', $map); // find the position of the date field for special handling // make up some test data. the order of fields matches the $have array (your code would get this from the file) $data = array('Latitude1','Longitude1','11/4/2013','field31','field41','field51','Tripname1','field71', 'Angle1','field91','field101','field111','field121','field131','field141','Speed1','Altitude1', 'field171'); // processing of the data starts here ---------------------------------------- $data = array_intersect_key($data,$map); // get only the data fields you want $data[$date_field] = date('Y-m-d H:i:s',strtotime(str_replace('/', '-', $data[$date_field]))); // format the date $data = array_map('mysql_real_escape_string',$data); // treating all fields like strings and apply escape $sql = "INSERT INTO temp ($fields) VALUES ('".implode("','",$data)."')"; // treating all fields like strings echo $sql;

you would need to temporarily comment out the header() statements.

you would get the field names from the header line into an array and have an array of the fields you want. use array_intersect to filter out all the field names that you don't want between the first array and the second. the keys in the resulting array will be the index offsets [0],[16],[6], ... in the $data array for the corresponding field name. if you post an example of the format of the header line someone could post code showing how to do this.

web pages contain html tags. the html tag for an image is <img src='a url'> in this case, the url would be that of your pchart php script.

each of your header() redirect statements need an exit statement after it to prevent the rest of the code on the page from running. you also cannot echo or output any characters to the browser before a header() statement. if you are actually seeing the echoed output, the header() statement won't work at all and if you are not seeing the output and the header() is working it means that php is buffering output and echoing things to help you debug won't work.

you need to actually debug why your code is not returning the expected result. by just randomly trying different code, you are never going to find out why it is failing and the reason it is failing might be somewhere besides the code you are changing. the first step would be to form the query statement in a php variable and then echo that variable so that you know what the actual query statement is.

you need to post just the relevant part of the code that you need help with, the preg_match statement and possibly a few lines leading up to it if you are forming the match pattern in a variable.

when you successfully prepare a query, it returns an instance of the mysqli_stmt class. bind_param is a method of the mysqli_stmt class, not a method of the mysqli class. there are excellent examples in the php.net mysqli documentation.

you need to find out how the site was hacked, where the security hole is, before you would have anything to fix.

posting both your form and your php form processing code would allow someone to see what your code is doing and what to change in it.

the $ID variable contains a result resource from one query and inserting it into a string would result in something like Resource id #4 being put into the next query statement.

@ellchr3, based on the code you posted and the second method i suggested (attempt to fetch the row your existing query returns, since you want the data from any matching row) here's some untested (i didn't feel like setting up an obdc connection) code to try. $sql = "SELECT username FROM user_access WHERE username = '$username' AND password = '$password'"; $rs=odbc_exec($conn,$sql); if(!$rs){ // query failed with an error die("Query failed: $sql<br>Error: ".odbc_errormsg($conn)); } // query ran without any error if($row = odbc_fetch_array($rs)){ // the entered username and password match a user's row echo "You're in! Click here to enter the <a href='member.php'>Provider Database</a>"; $_SESSION['username']=$row['username']; } else { echo "Incorrect username or password!"; // but i won't tell you which } notes: 1) your query is testing the username and password values. if a row is found, there's no need for more logic to test the username and password again. 2) your code in a different thread is testing if the query produced any errors. you need to always do that to prevent the rest of your code from producing more errors and unexpected results when it tries to use the data from a query that failed due to an error.

just some guesses - 1) you are not validating the data in php form processing code. doing this in the form won't stop anyone from submitting anything they want or from submitting empty values. 2) empty form fields are not null values. they are empty strings. putting an empty string or a non-existent variable inside of ' ' in your query makes them into empty strings and the database is 100% okay with inserting empty strings. 3) the data might actually be white space characters, space, tab, newlines you need to trim, filter, validate, and escape the data in the php form processing code.

he wants help with the problems in his code. not to have to spend time making someone else's code work with his database type and then to still need to correct the specific things that are preventing it from working with his database type.

what does the "view source" of the page show?

the same complete path and filename that you used in fopen() needs to be used in filesize() or you could just use one function like file_get_contents to replace three lines of code. ATTACH_FOLDER.$new_file

you are missing the ; on the end of the string assignment statement.

$query = "SELECT id, col1, col2, datum, col4, col5, col6, col7, col8, col9 FROM table WHERE `datum` = '$datum'"; // form the query statement in a variable echo $query; // echo the query statement

@kendris, your code has nothing to do with the op's problem. he is using an entirely different database and the problem concerns a function for that database.

that should find exact date matches. if it didn't, you would need to troubleshoot why. the first step should be to form your sql query statement in a variable so that you can echo it to see exactly what the query statement is.

there are excellent examples in the mysqli section of the php.net documentation.

there's no guarantee that odbc_num_rows will return the number of rows in a select query result set. you should either use a SELECT COUNT() query and fetch and test the count value or actually attempt to fetch the row your existing query returns and test if the fetch statement worked.

it's $_POST not $post

if you want to match just the month number(s) to values, you would use a lookup array to do that - $map[4] = $video_name1; $map[5] = $video_name1; ... $today = date('n'); // 1-12 include $map[$today]; if you want to use any arbitrary month-day start and end you would use an array that lists the start and end values that you can loop through to find the matching entry - $map[] = array('04-01','05-31',$video_name1); $map[] = array('06-01','07-31',$video_name2); ... $map[] = array('12-01','12-31',$video_name5); // break up any value spanning the end/start of the year $map[] = array('01-01','01-31',$video_name5); ... $today = date('m-d'); // 01-01 - 12-31 foreach($map as $arr){ if($today >= $arr[0] && $today <= $arr[1]){ include $arr[2]; break; } }