mac_gyver

if your question concerns retrieving the actual data that is being edited, it is best to query the database in case someone else has made changes to the same record. you will get the newest values and/or find that the recored is locked by someone else making changes to it at the same time you are trying to.

putting the [optional] connection parameter into the query statement won't fix the fact that the extension isn't installed. to the OP, if you should happen to visit this thread, starting in php5.3 the mssql extension is no longer available and you must switch your code to use the SQLSRV extension. wherever you found the php_mssql.dll file at, it is likely not complied for the same version of php you are using and isn't loading due to errors (check the web server error log.) this regurgitated information can be found in the mssql documentation at php.net

this is one of those cases where explaining how to do it takes longer than writing the code. the key is to detect when the storeid changes and execute logic to finish one table and start the next one. <?php $connection = mysql_connect("localhost", "username", "password"); //connect to server with these creds, store in $connection variable if(!$connection){ die('Could not connect: ' . mysql_error()); } //if $connection can not connect give error mysql_select_db("db_name", $connection); //select database name for $connection //sql select query for hour $sql ="SELECT storeid, dept, SUM( qty ) AS 'Weekly Total Quantity', SUM( value ) AS 'Weekly Total Value', AVG( avgqty ) AS 'Weekly Average Quantity Per Hour', AVG( avgvalue ) AS 'Weekly Average Value Per Hour', SUM( value ) / SUM( qty ) AS 'Avg Value Per Item' FROM depthour GROUP BY dept, storeid ORDER BY storeid, dept"; //echo "SQL Query used: "; echo $sql; $query = mysql_query($sql); //give resource the variables if(!$query){ // add this check. die('Invalid query: ' . mysql_error()); } if(mysql_num_rows($query) < 1){ echo "There are no matching rows to display"; } else { $current_store = null; // start with none while($row = mysql_fetch_array($query)){ //display results for hour entered by user if($current_store !== $row['storeid']){ // the store changed if($current_store !== null){ // finish an existing table echo "</table><br>"; } // start a new table echo "<table border='1' cellpadding='2' cellspacing='3' width='70%'>"; echo "<tr><th colspan='6'>Weekly Statistics for Store: {$row['storeid']}</th></tr>"; echo "<tr><th>Department</th><th>Weekly Total Quantity</th><th>Weekly Total Value</th> <th>Weekly Average Quantity Per Hour</th><th>Weekly Average Value Per Hour</th> <th>Avg Value Per Item</th></tr>"; $current_store = $row['storeid']; // store the new storeid } // output the table row of data echo "<tr><td>{$row['dept']}</td><td>{$row['Weekly Total Quantity']}</td> <td>{$row['Weekly Total Value']}</td><td>{$row['Weekly Average Quantity Per Hour']}</td> <td>{$row['Weekly Average Value Per Hour']}</td><td>{$row['Avg Value Per Item']}</td></tr>"; } // finish the last table echo "</table><br>"; }

your "stock" table should have a "location" column that holds the id of the location the stock is at. you should have a "location" table that you simply add a row to with a new id (auto-increment) and the new location details any time you need to add a location.

if nothing is displayed by the original code, then either you are not actually setting it or one of your session_start statement(s) is missing or is not working or you have managed to clear it at some point. is your php's error reporting set to display all errors?

you have mentioned your site a couple of times. that code allows sql injection in the search value and will allow the display of the contents of any of your database tables. i don't think you want to put that code onto a live site without correcting the sql injection problem in it first. if you truly wrote that code, rather than just copy/paste it and modifying it to match your database connection and table, changing the pagination link code like i suggested should take you about 5-10 minutes.

if you don't have the programming skills to attempt to modify this script, just find a different script that works using page numbers.

the code you found or wherever you learned php is 11 years out of date and won't work on current versions of php. throw that code away and find an up to date source of php information to code from.

you could try, as a learning exercise at one point, none of the people reading this knew how to do it either, but they tried and kept trying until they got it to work and learned something along the way. without trying, there's no possibility of learning.

the value in that code that is being called a "page" is actually the starting row number, starting at zero. it's the offset value being put into the LIMIT offset, row_count statement. to change the code so that the page number is actually the page number, starting at 1, the first step would be to take the submitted $_GET['page'] value and calculate the starting row offset from it - $offset = ($page - 1) * $per_page; the above value would be used in the LIMIT statement instead of the $page value. you also need to modify the code that produces the pagination links so that it just increments the page number, starting at 1, instead of adding $per_page to it.

put the "included" files into a folder that doesn't permit any web access. there's two ways of doing that - 1) put the folder outside, rather than inside, your web root folder or 2) put the folder inside your web root folder and put a .htacess file into the folder that deny's all http requests to the files in that folder. search for "htaccess deny all" to find out how.

when you have code that's producing the wrong result (in your case, you expect it to return a true value when the entered password is correct), it's not a matter of getting opinions on what could be causing the problem. it's a matter of actually finding which of the multiple possible problems is causing that wrong result. your first step will be to determine which of the four points in the code that can return a false value is the one that actually is doing it, because that determines where to look to fix the problem.

no matter what code you use, you must find out why it isn't working, because the cause of the problem could be somewhere else, such as in the registration code that is producing the values and inserting them into the database table or in the database table definition itself. if all you are doing is copying code and praying it will work (copy-n-pray is not a useful programming pattern), you are not going to get very far very fast.

there's 4 different conditions in the login() function that return a false value and since the code isn't reporting in any way why it is failing you need to debug at what point the code is returning the false value to find out why it is failing. the first one is if the prepare fails. that's a fatal application error. during development your code should be screaming at you at that point telling you exactly why it failed. the second one is if the email is not found. that's an application warning and it means that someone tried to log in using an email that doesn't exist. you should be logging everything about that occurrence and during development your code should be screaming at you at that point actively telling you why the function is returning a false value. the third one is if the checkbrute() function doesn't pass. same comment as for the second one. the fourth one is if the passwords don't match. same comment as for the above two cases.

are there any php detected warnings or notices?

the code is building what appears to be a prepared query, with ? placeholders for the values. as long as the table and column names are not coming from unvalidated external data and the ->query() method is actually running a prepared query, it's secure against sql injection. edit: the code should also place the table name within back-ticks if it is trying to be universal code that won't fail with an error for any arbitrary table/column names.

that means it is returning a false value, not a true value, and it's going to the code in the else part of the statement.

how do you know it is always returning a true value? what output, error, url, or other symptom are you getting?

how would anyone here know if your code is doing that or if that is even relevant to the problem? you have all the code, you should be able to answer that question yourself. this is your error message. did you read it and try to solve this yourself? you are calling the mysqli_query() function. it expects parameter 1 to be an instance of a mysqli connection. you are supply a null non-existent value. you have either not made a database connection, have closed the database connection, or the program scope where the template code is running at is not the same program scope where the connection exists.

your first error is because $db_connex doesn't exist. based on the line numbers, that's probably all your code and you aren't making a database connection at all, let alone a connection in $db_connex. your second error is because of the first error.

your thread title is just about the literal answer to your question - http://dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html#function_extract WHERE 201305 = EXTRACT(YEAR_MONTH FROM your_datefield)

the login() function code needs to return a true value when there is a successful login.

in your existing thread for this, PaulRyan pointed out what you need to do to make it work - the query you posted in this thread is just testing where the id is a true value and returning the first row.

the null that is returned if the prepare fails is == to false (just tested) and the code goes to login.php?error=1 for that case.

your code functioned as expected for me. a mismatch in passwords goes to login.php?error=1 and matching passwords goes to member.php?id= i'm going to guess that when it redirects to login.php?error=1 that either the logic or output on that page makes it look like it logged in correctly or code on that page is redirecting to make it look like it logged in correctly or the absence of exit statements after your header() redirects allows some code to run that makes it look like it logged in correctly. what have you done to debug what your code is actually doing?