mac_gyver

here's an example showing the points that have been made - <?php // initialization // this example uses the much simpler PDO database extension require 'pdo_connection.php'; // number of results per logic page $num_results_on_page = 25; // number of +/- pagination links around the current page number $range = 3; // post method form processing - none in this example // get method business logic - get/produce data needed to display the page // build the common part of the queries $common_sql = 'FROM random_donation_clash'; // get the total number of matching rows $sql = "SELECT COUNT(*) $common_sql"; $stmt = $pdo->query($sql); $total_rows = $stmt->fetchColumn(); // calculate total number of pages $total_pages = ceil($total_rows / $num_results_on_page); // get/condition the current page number, default to page 1 $page = intval($_GET['page'] ?? 1); // limit page to be between 1 and $total_pages $page = max(1,min($total_pages,$page)); // get a logical page of data $offset = ($page - 1) * $num_results_on_page; // note: a person's age is not a fixed number, unless they are dead. store the date of birth and calculate the age when needed. $sql = "SELECT name, age, joined $common_sql ORDER BY name LIMIT ?,?"; $stmt = $pdo->prepare($sql); $stmt->execute([ $offset, $num_results_on_page ]); $page_data = $stmt->fetchAll(); // build pagination links: prev, 1, range around current page, total_pages, next $pagination_links = ''; if($total_pages > 1) { // produce array of pagination numbers: 1, range around current page, total_pages, without duplicates, between 1 and total_pages $links = array_filter(array_unique(array_merge([1],range($page-$range, $page+$range),[$total_pages])), function ($val) use ($total_pages) { return $val >= 1 && $val <= $total_pages; }); // get a copy of any existing get parameters $get = $_GET; // produce previous $get['page'] = $page - 1; $qs = http_build_query($get,'', '&amp;'); $pagination_links .= $page == 1 ? 'prev ' : "<a href='?$qs'>prev</a> "; // produce numerical links foreach($links as $link) { $get['page'] = $link; $qs = http_build_query($get,'', '&amp;'); $pagination_links .= $link == $page ? "$link " : "<a href='?$qs'>$link</a> "; } // produce next $get['page'] = $page + 1; $qs = http_build_query($get,'', '&amp;'); $pagination_links .= $page == $total_pages ? 'next' : "<a href='?$qs'>next</a>"; } // html document ?> <!DOCTYPE html> <html lang="en-US"> <head> <meta charset="utf-8"> <title>Pagination Example</title> </head> <body> <?php if(!$page_data): ?> <p>There is no data to display</p> <?php else: ?> <table> <tr> <th>Name</th> <th>Age</th> <th>Join Date</th> </tr> <?php foreach($page_data as $row): ?> <tr> <td><?=$row['name']?></td> <td><?=$row['age']?></td> <td><?=$row['joined']?></td> </tr> <?php endforeach; ?> </table> <?php endif; ?> <p><?=$pagination_links?></p> </body> </html>

here's an additional list of points for this code, most of which will clean up, organizing, and simplify the code - put any error related settings in the php.ini on your system. build any sql query in a php variable. this makes debugging easier and helps prevent typo mistakes. pagination involves two queries. the common part of the query, from the FROM term through to any HAVING term should be built in a php variable, with a corresponding array of any prepared query input parameters, so that these common parts can be used in both queries. don't select all the columns and all the rows to find the total number of matching rows. use a SELECT COUNT(*) AS total... query, then fetch and use the total value. use the much simpler PDO database extension. as already mentioned, calculate the total number of pages, once, and store it in a correctly named php variable. the total number of pages is needed to validate/limit the submitted page number and in the pagination link code. use exceptions for database statement errors and only handle the exception/error in your code for user recoverable errors, of which a select query isn't, i.e. don't put any error handing logic in your code for a select query. put any query to get/produce the data needed to display the page above the start of the html document, fetch all the data from the query into an appropriately named php variable, then test/loop over this variable at the appropriate location in the html document. you should list out the columns you are selecting in a query. if the data retrieval query doesn't match any rows of data, test and output a message stating so, rather than to output nothing at that point in the html document. put any code to get/product the pagination links above the start of the html document, build the output in an appropriately named php variable, then echo this variable at the appropriate location(s) in the html document. when building pagination links, you should start with a copy of any existing $_GET parameters, set the current 'page' parameter value for the current link, then build the query string part of the current URL by using php's http_build_query(). there's generally no need to close prepared statements, free result sets, or close database connections in your code since php will destroy these things when your script ends.

ids must be unique throughout the html document. since each section has the same id, the popup code always displays the first section. you need to use a different selector in the javascript, either to operate on the current element, find the nearest element, or use unique and valid ids in the markup. posting all the code needed to reproduce the problem would allow someone here to help arrive at the simplest result.

the spelling in the PDO DSN connection string is mysql, not msql

if the last snippet of code, with the foreach() loop using $this->productType, was an attempt at 'fixing' the last error, that's not it. there was nothing wrong with the code i posted. it was in fact tested code. there is however, something that needs to be changed about the __construct() code in that class, which i wrote a reply stating. at this point, i don't think you understand what your OOP code is doing, so, wont be able to modify it or troubleshoot it when any errors occur. whatever learning resource you are using, isn't teaching you the meaning of what you are doing.

i'm going to guess that you didn't write the OOP post class or if you did, you copied something you saw and didn't actually learn the meaning of what you were doing? in your existing OOP post class definition, there's a __construct() method that looks like - public function __construct($db) { $this->conn = $db; } you need to add the $table and $fields input parameters and class property assignments.

I've written at least twice that the ->create() method must return a success or failure value that you test in the calling code. the database specific code in the ->create() method is where that information is known at. here's what your create.php should look like (without the multiple column duplicate determination code) - <?php // when using ajax, the only thing this code will do is handle the post method form processing // you can save resources on non-post requests by putting all the code inside the request method test // initialization //Headers header('Access-Control-Allow-Origin: *'); header('Content-Type: application/x-www-form-urlencoded'); header('Access-Control-Allow-Methods: POST'); header('Access-Control-Allow-Headers: Access-Control-Allow-Headers,Content-Type,Access-Control-Allow-Methods, Authorization, X-Requested-With'); // use 'require' for things your code must have for it to work require '../../config/database.php'; require '../../models/post.php'; //Instantiate db $database = new Database(); $db = $database->connect(); // define the $table and $fields for the Create operation $table = 'skandi'; $fields = []; $fields['sku'] = ['label'=>'SKU','validation'=>['required']]; // add other field definitions here... //Instantiate post for the Create operation $product = new Post($db,$table,$fields); $post = []; // array to hold a trimmed working copy of the form data $errors = []; // array to hold user/validation errors // post method form processing if($_SERVER["REQUEST_METHOD"]==="POST") { //Get raw data $json = json_decode(file_get_contents("php://input"),true); // trim all the input data at once $post = array_map('trim',$json); // if any input is an array, use a recursive trim call-back function here instead of php's trim // validate all inputs foreach($fields as $field=>$arr) { if(isset($arr['validation']) && is_array($arr['validation'])) { foreach($arr['validation'] as $rule) { switch ($rule) { case 'required' : if($post[$field] === '') { $errors[$field] = "{$arr['label']} is required"; } break; // add code for other validation rules here... } } } } // if no errors, use the input data if(empty($errors)) { //Create if(!$product->create($post)) { // initially, just setup a canned message for the sku column $errors['sku'] = "SKU is already in use"; // the code to detect which of multiple columns contain duplicates would replace the above line of code } } // if no errors, success if(empty($errors)) { $response = [ 'message' => "Created Successfully" ]; } else { $response = [ 'message' => implode('<br>',$errors) ]; } echo json_encode($response); } the corresponding ->create() method would be - public function create($data) { // build the sql query $set_terms = []; $params = []; foreach(array_keys($this->fields) as $field) { $set_terms[] = "`$field`=?"; $params[] = $data[$field]; } $sql = "INSERT INTO `$this->table` SET " . implode(',',$set_terms); $stmt = $this->conn->prepare($sql); try { // a 'local' try/catch to handle a specific error type $stmt->execute($params); // if you are at this point, the query executed successfully return true; } catch (PDOException $e) { if($e->errorInfo[1] == 1062) // duplicate key error number { return false; } throw $e; // re-throw the pdoexception if not handled by this logic } } as to the server-side validation logic, you should validate each input separately and setup a unique and helpful message for each validation error. the code posted in this reply shows how to use a data-driven design to dynamically validate the data and build the sql query. however, it just occurred to me that the product characteristics (size, weight, height, length, and width) change depending on the selected productType, so the data-driven definition would need entries for each productType value (you should also have a separate product characteristic table, rather than columns in this main table for these characteristic values, where you would only insert rows for each characteristic that exists for each defined product.) for debugging, just temporarily output (echo/print_r/var_dump) things in the php code, and send everything to the console log in the javascript - success: function (data) { console.log(data); alert("successfully posted"); },

i want to know what you mean by this as well, since -

while you should keep the posted form data as an array and operate on elements of this array throughout the rest of the code. e.g. in the validation logic and the ->create() logic, what you are actually doing is decoding the json to an object, manually building an array from those properties, then manually setting the product class properties from the elements in that array. all of this typing for every field/column and copying properties/variables to other properties/variables is not necessary and is a waste of typing time. just set the 2nd parameter of json_decode() to a true value and you will directly end up with an array of data. next, related to item #1 in the list in my first post in this thread, user written classes/functions should be general-purpose and reusable. your class methods/properties should not contain any application specific values, code, queries, or html markup. they should instead do useful things that help you to produce applications. the way to make your code general-purpose is to use a data-driven design, where you have a data structure (array) that defines the fields/columns, display labels, validation rules, and type of processing each field is to be used for. you would use this defining data structure to control what the general-purpose code will do. this will eliminate all of the repetitive application specific typing you have in the current code. the 'status' => 200 value that you are putting into the json encoded data has nothing to do with the http status value that the ajax code uses for the success/error sections. the status value that the ajax code receives is something that the web server outputs as part of the response header. as already stated, the ->create() code needs to return a true value at the point that it determines that the insert query was successfully executed. it needs to return a false value when it determines that the insert query failed due to a duplicate index error number. the code that calls the ->create() method must test the returned value to determine what message to set up, json encode, and echo as the response. for a true returned value, you would setup the "Created Successfully" message. for a false returned value, if you only have one unique column, you would just setup a 'canned' message that the value submitted for that column is already in use. however, for what you are doing, the sku and the name columns must both be defined as unique indexes. the insert query will fail at the first duplicate index. you would like to tell the user all the columns that have duplicate values at once, so that they don't need to keep correcting and resubmitting the values one at a time. to do this you would execute a SELECT query for just the unique columns and setup a message for each column that contains a value matching the submitted form value in the result set. you would then output the resulting duplicate error message(s) in the json encoded response. the example code outlines what the post method form processing code should do. this would become part of the create.php code. since you are using ajax to submit the form data, you would only need the initialization and post method form processing sections from the example. the post method form processing would - detect that a post method form was submitted json_decode the json data to an array, that you would then use as the input data for the validation logic and supply as a call-time parameter to the ->create($data) method. trim all the elements in the data array at once. since this is an array, you can use php's array functions to operate on it, such as array_map() to apply php's trim function to all the elements in the array. validate all the elements in the array, storing validation errors in an array using the field name as the main array index. after all the validation logic, if there are no errors, the array holding the user/validation errors is empty, you would use the form data. it is at this point that you would call the ->create() method and test the returned value from that call. if the returned value is false, you would add the duplicate data messages to the array holding the user/validation errors. at the point near the end, where the - // if no errors, success comment is, is where you would build the $response array, with either a success message or the user/validation error messages, json encode it, and echo it.

your ->create() method code doesn't return a specific value, so null is returned. since null is not a true boolean value, the conditional logic where you are calling that method executes the else {...} branch, which outputs 'message' => 'Product Not Created'. the ->create() method should return a true value upon success. a great point of using exceptions for errors is that your main/in-line code only 'sees' error free execution, since exaction transfers to the nearest correct type exception handler, or to php's exception handler if there's none in your code, upon an error. what this means is that if your code reaches the line after the ->execute() call, that the insert query was successful. it is at this point where you would return a true value. the .ajax error code is for if the ajax request fails, meaning that the http(s) request didn't work at all. this doesn't mean that the server-side operation failed. the .ajax success code will be executed if the ajax request works correctly. you must access the json data in the success code. see the example code in this post - https://forums.phpfreaks.com/topic/315403-saving-to-mysql-database-not-working/?do=findComment&comment=1601407

you are deleting the comments without even reading and understanding what they say.

you need to fix all the occurrences of short opening php tags. the occurrences in the form that isn't working are probably breaking the html markup and preventing the form fields from being recognized. you can check what the submitted form data is by adding the following near the top of the php code - echo '<pre>'; print_r($_POST); echo '</pre>'; by doing that, you prevented anyone here from directly helping and wasted the time of those that looked at the posted information. you have some sql related code in a html context, some form fields outside of any form, form data that you state work without existing in any of the posted code. if you want actual, direct help post all the code needed to reproduce the problem.

updating old mysql_ based code requires more than just making it work. you must also make it secure. php's magic_quotes, which provided some protection against sql special characters in string data values from breaking the sql query syntax, which is how sql injection is accomplished, has also been removed. the best choice for updating old application code is to use the PDO extension and use prepared queries when supplying external, unknown, dynamic values to the query when it gets executed. since you must go through all the database specific code, you might as well future proof it by switching to the much simpler and more modern PDO database extension. if you use the PDO extension, when you make the connection, set the character set to match your database tables, set the error mode to use exceptions, set emulated prepared queries to false, and set the default fetch mode to assoc. for prepared queries, use simple positional ? place-holders and use implicit binding by supplying an array of input values to the ->execute([...]) call.

the code for any page should be laid out in this general order - initialization post method form processing get method business logic - get/produce data needed to display the page html document the post method form processing should - detect if a post method form was submitted keep all the input data in an array variable, then operate on elements in this array variable throughout the rest of the code trim all the inputs at once. after you do item #2 on this list, you can accomplish this with one line of code validate all the inputs, storing user/validation errors in an array using the field name as the array index after the end of all the validation logic, if the array holding the errors is empty, use the form data if an insert or update query can result in duplicate data, detect this in the error handling for the database query, and setup a message for the user telling them what was wrong with the data that they submitted after the end of the form processing logic, if there are no user/validation errors, perform a redirect to the exact same url of the current page to cause a get request for the page. to display a one-time success message, store it in a session variable, then test, display, and clear the session variable at the appropriate location in the html document. if there are errors at item #5 or #7 on this list, the code will continue on to display the html document, redisplay the form, where you should populate the form field values/selects/checkboxes with any existing values so that the user doesn't need to keep reentering/selecting/checking data over and over. you should get your code to fully work first with one form field, then one field of each type, before you worry about all the code needed for all the rest of the fields. you can use the following to display what post data is being submitted to your code - echo '<pre>'; print_r($_POST); echo '</pre>'; the posted code contains a php syntax error on line #13. to get php to display syntax errors, you must set php's error_reporting to E_ALL and display_errors to ON, in the php.ini on your development system (putting these settings into your code won't work for php syntax errors since your code never runs to change the settings.) stop and start your web server to get any changes made to the php.ini to take effect and confirm that the settings actually got changed by using a phpinfo() statement in a .php script file. you should also validate any resulting web page at validator.w3.org to help make sure the markup is valid and you should only write markup that is necessary.

putting the settings in your php code won't help with php parse errors in that file, which was one of the problems in this thread, since the code never runs to change the settings. putting these settings in the php.ini will cause ALL errors to be reported and displayed. it also allows you to change the settings at a single point, so you don't need to go through and edit your code when you move it to a live/public server, where you DON'T want to display all errors, you want to log them.

php variables are not replaced with their value unless the string they are inside of uses initial/final double-quotes. also, when you have just a variable, e.g. the $dbuser and $dbpass, don't put quotes around it/them at all. several of the things you have posted should have been producing php errors. do you have php's error_reporting set to E_ALL and display_errors set to ON, preferably in the php.ini on your system, so that php will help you by reporting and displaying ALL the errors it detects? the PDO extension is much simpler, more consistent, and more modern than the mysqli extension. if you are just starting out, forget about the mysqli extension. when you make the PDO connection, you should name the variable holding the connection as to what it is, such as $pdo. you should also set the character set to match your database tables, set the error mode to use exceptions, set emulated prepared queries to false, and set the default fetch mode to assoc. don't bother catching any database exception unless it is for something that the user to your site can recover from, such as when inserting/updating duplicate or out of range data. in all other cases, simply let php catch and handle any database exception, i.e. don't put any try/catch logic in your code. you should always list out the columns you are SELECTing in a query and build the sql query statement in a php variable. this is obsolete markup. use css instead. you should validate your resulting web pages at validator.w3.org don't copy variables to other variables for nothing. this is just a waste of typing. just use the original variables. in most cases, there's no need to free result sets, free prepared query handles, or close database connections, since php will destroy these when your script ends.

the main point behind just attempting to insert the data and test for a unique index error, is because your database must enforce uniqueness. it is the last step in the process. when there are multiple concurrent requests to your current code, a race condition exists where all the instances will find from the SELECT query logic that the value doesn't exist. they will then all attempt to run the INSERT query, resulting in either duplicate data (if your column(s) are not defined as unique indexes), or the first query will win the race, with the others resulting in duplicate errors. since your database must enforce uniqueness, you might as will eliminate the initial SELECT query, since it isn't doing anything useful. as to why your current code with the SELECT query, which you are going to eliminate from the design, isn't finding if the value exists, is because php variables/class-properties are not replaced with their value when enclosed in over-all single-quoted strings. had you used a proper prepared query, which the first code at the top of this thread was doing, this problem wouldn't have occurred. also, the name column should be defined as a unique index as well, i.e. both the sku and name must be unique. client-side validation is a nicety for legitimate visitors. data submitted to your web site can come from anywhere, not just your code, can be anything, and cannot be trusted. you MUST trim (mainly so that you can detect if all white-space characters were entered), and validate the data on the server before using it.

// before the start of the loop, set a variable to the unique/one-time output you want. $first = 'class="active"'; while($row = mysqli_fetch_array($result)) { // echo that variable at the point where you want the output ?> <li><a id="<?php echo $row["urlName"] ?>Tab" <?=$first?> href="#<?php echo $row["urlName"] ?>Content"><?php echo $row["title"] ?></a></li> <?php // then set that variable to an empty string after the point where you echo it. every pass through the loop after that point will echo an empty string, i.e. nothing will be output. $first = ''; }

no. it's not more easy.

before the start of the loop, set a variable to the unique/one-time output you want. echo that variable at the point where you want the output, then set that variable to an empty string after the point where you echo it. every pass through the loop after that point will echo an empty string, i.e. nothing will be output.

in a copy of my original posted code, search for every place where $post exists and what related comments there are in the code. see where it is defined and initialized to an empty array? see where it is assigned a value from the array_map() call? see where elements of it are tested in the validation logic? see where elements of it are displayed in the form field value="..." attribute? do the same for the $errors variable. see where it is defined and initialized, elements of it are assigned a value in the validation logic, where it is tested after the end of the validation logic, and where it is tested and displayed in the html document? if you are not understanding and following how these two variables are being used throughout the code, you will not be able to do this activity.

there shouldn't be else statements in the validation logic, unless they are for different validation steps for the same input, such as for the first name, where you should setup a specific message for each possible validation error telling the visitor what was wrong with the value they submitted. a required value that is empty, or it too long, or contains characters that are not permitted need three different error messages. validating independent/separate inputs is NOT mutually exclusive. you are to validate each input separately, storing any validation error in the $errors array using the field name as the array index. by using else statements, only the first validation error will get setup and displayed, requiring the user to resubmit the form over and over for each different validation error. also, by no longer trimming and keeping the form data as a set, in the $post array, none of the field value='...' attributes will get populated with the existing data upon an error. you are making syntax and logic changes where none is needed.

you should be learning, developing, and debugging your code/queries on a localhost development system. trying to use public/online hosting is a waste of time, constantly uploading, and making sure there were no upload errors, to see the result of each change. until your code is secure, this opens the possibility of your web hosting getting abused by hackers. also, most cheap shared web hosts disable things like php's error related settings and database error settings that you need in order to get php and your database statements to help you. they also set disk and web server caching so that you won't immediately see the result of changes you make to your code. the database hostname on shared hosting is generally not going to be localhost. your web host should have an FAQ section that gives examples of connection credentials. the control panel where you created your database user/password should also list the hostname/ip address to use and any prefix for the username. if you can setup php's error related settings, you need to set error_reporting to E_ALL and set display_errors to ON. these should be in the php.ini on your system so that they can be changed at a single point. next, you always need error handling for statements that can fail. for database statements that can fail - connection, query, prepare, and execute, the simplest way of adding error handling, without adding logic at each statements, is to use exceptions for errors and in most cases simply let php catch and handle the exception, where php will use its error related settings (see the above paragraph) to control what happens with the actual error information (database statement errors will 'automatically' get displayed/logged the same as php errors.) to set the error mode to exceptions for the mysqli extension, add the following line of code before the point where you make the database connection - mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); lastly, if you are just starting with php/MySql, learn and use the simpler and more modern PDO database extension.

the catching of the database statement error would be in the server-side code, where you would detect if the error number is for a duplicate index error, and setup a message telling the user what was wrong with the data that they submitted, which in this case would be that the sku already exists. here's the whole story - you always need error handling for statements that can fail. for database statements that can fail - connection, query, prepare, and execute, the simplest way of adding error handling, without adding logic at each statement, is to use exceptions for errors and in most cases simply let php catch and handle the exception, where php will use its error related settings to control what happens with the actual error information (database statement errors will 'automatically' get displayed/logged the same as php errors.) the exception to this rule is when inserting/updating duplicate or out of range user submitted data values, which are the only kind of database errors that the 'user' on your site can recover from (all other database errors are either due to programming mistakes, the database server not running, or nefarious activity, that the user doesn't need to know anything at all about), by potentially entering new value(s) and resubmitting the data. in these cases, your code would catch the exception, test if the error number is for something that your code is responsible for handling, and setup a message for the user letting them know what was wrong with the data that they submitted. for all other error numbers, just re-throw the exception and let php handle it. you would set the PDO error mode to exceptions when you make the connection. the net result of submitting the form data to the server-side code for this Create/insert operation should be either a success value/message or failure message(s) - consisting of all the user/validation errors. since you are making an ajax request, you should create an array with a 'success' or 'error' key, with the appropriate values, json_encode() this and output it to the browser for the ajax success code to test and use. some points about the posted code - OOP is not about wrapping a class definitions around parts of your main code and adding $var-> in front of everything to get it to work. all this is doing is exchanging one defining/calling syntax for another one, taking 2-3 times the amount of typing to accomplish a task. you won't be using a SELECT query anymore for this current operation, but when you do use a select query, list out the columns you are selecting. for cases where you just need a count of the number of matching rows, use a SELECT COUNT(*) ... query, then fetch and use the count value. related to this, the rowCount() method may not work for a data retrieval query for all database types, and should be avoided for these type of queries. you should always fetch all the data that a query returns (the current code should be producing an out of sync error since you didn't fetch the row(s) of data from the select query.) also, for a select query, the only variable name that must be unique is the final variable holding the data fetched from the query. just use simple names like $sql, $stmt, ... for the variables in the common code. writing out variables/properties by themselves does nothing (doesn't even produce any php byte code.) why do you have those 9 lines in there? if you use simple positional ? place-holders and implicit binding, by supplying an array to the ->execute([...]) call, it will save a ton of repetitive typing and typo mistakes. any php error related settings should be in the php.ini on your system so that they can be changed at a single point. having a display_errors setting inside some conditional logic in your code makes no sense.

the getLocationInfoByIp() function call is returning a boolean (probably a false value), so the array dereferencing of the returned value, e.g. the ['country'] element, is also failing. you would need to determine why the function call is failing. you also always need error handling for statements that can fail so that your code doesn't attempt to use non-existent data.