mac_gyver

there are a number of issues in the code that are producing php errors. to get php to help you, find the php.ini that php is using and set error_reporting to E_ALL, display_errors to ON, and output_buffing to OFF. stop and start your web server to get any changes made to the php.ini to take effect. you need to ALWAYS validate inputs to your code before using them. if you are selecting from existing catalog (id) values, you should have some type of select menu and not require the user to remember and type in values. another recommendation is to separate the database specific code, that knows how to query for and fetch data, from the presentation code, that knows how to produce the output from that data. to do this, just fetch all the data into an appropriately named php variable, then test/loop over this variable in the html document. this will make testing easier, since you can 'see' if all the data you are getting is what you expect (it also makes asking for help easier since someone can make up some data to see what your code is actually doing, without needing any of your actual database information.) next, add the following line of code near the start of your php code so that you can see what data is actually being submitted - echo '<pre>'; print_r($_POST); echo '</pre>'; by putting the numerical index 1st, the array(s) of data being submitted are not what you think. lastly, the reason you are not getting the ITEM_NAME form fields is because the html markup is broken. don't concatenate things unless needed. you should also validate your resulting html markup at validator.w3.org

to get php to help you, find the php.ini that php is using and set error_reporting to E_ALL, display_errors to ON, and output_buffing to OFF. stop and start your web server to get any changes made to the php.ini to take effect. you should then be getting some php errors when you run your code that will help you find what the problem is.

a. the echoed time values should have been correct. are you sure about the posted code and the output that you got? b. browsers and web servers don't interact in real-time. even if you try to flush() the output, you are not very likely to get the result you want (see the php.net documentation for the flush() statement to see all the problems with trying to do it this way.) c. people don't like to wait on web pages to display things for x amount out time (it's either too long of a value or too short of one to suit the current visitor) or to redirect around on your site. the only redirect you have upon successful completion of post method form processing code should be to the exact same url of the current page to cause a get request for that page. if you want to display a one-time success message, store it in a session variable, then test/display/clear that session variable at the appropriate place in the html document. any navigation to other pages should be handled using navigation links where the visitor can choose where they want to go to next.

no. this results in a bad User eXperience (UX), takes more code, and gets your users used to automatically changing urls on your site, which increases the chance of a phishing site working. the form processing code should be on the same page as the form and the only redirect, upon successfully completing the form processing code, should be to the exact same url of the current page, to cause a get request for that page. any navigation to other pages should be via navigation links that the user can choose where he/she wants to go to. the form processing code would go above the start of the html document. you should also re-populate the form field values/selections when you re-display the form when there are validation errors. you didn't provide any details, but post method form processing code should - detect that a post method form was submitted before accessing any of the form data. if there is more than one form on a page, add logic to detect a unique value in the form data (a hidden field) to control which form processing code to execute. keep the submitted form data as an array, then use elements in the array throughout the rest of the code. trim all input data before validating it. you can do this with one array_map() statement, since you are keeping and operating on the data as a array. validate all the inputs, storing validation error messages in an array, using the field name or another appropriate name as the array index. this array is also an error flag. if the array is empty, there are no errors and you can use the submitted data. you can test/display the contents of this array at the appropriate point in the html document. if there are no validation errors, use the submitted data. if there are no (new) errors after using the submitted data, redirect to the exact same url of the page to cause a get request. if you want to display a one-time success message, store it in a session variable, then test/display/clear that variable at the appropriate point in the html document.

the username is a value that originally came from external submitted data. depending on your registration code's validation logic, it could contain anything, such as a hexadecimal encoded string, consisting of just letters and numbers (a hexadecimal encoded string, in a non-string context, will be decoded into whatever string it actually contains), or it could contain single-quotes, that if put directly into an sql query will allow sql injection. it sounds like you think that using a prepared query ONCE, when the data was first submitted and stored makes the value safe to use in all future queries. it does not. it only made that first query safe. any value that ever came from external, unknown, or dynamic data (recently, a year ago, or a year from now, when your application gets updated to get usernames via a call to an external api, where you don't know what type of characters it might contain) must treat the value as unsafe in whatever context the value is being used in (sql, html/css/javascript, email header, filename, system/shell, ...)

you need to define what output your code is going to produce (before you write the code.) if each of the three sections of data is to be a separate html table, you need an opening <table> tag at the start of each table and a closing </table> tag after you have output all the <tr> ... </tr> rows in the table. we cannot help you with any problem with code you tried unless you post that code. you have one opening <form ...> tag for each of the three sections of data, but you are outputting a closing </form> tag inside the data loop. after the 1st closing </form> tag, for the 1st row of data, the browser doesn't have any idea what the rest of the form fields and submit buttons are for. are you sure you even need/want forms for this part of the output? why are you even outputting the data values in readonly form fields?

the html markup has a number of mistakes - some missing <tr></tr> tags, no closing </table> tags, and opening/closing <form></form> tags in the wrong places. this last item is probably what's causing the wrong operation. you should validate the html of the resulting page at validator.w3.org for what you are apparently doing, a 'view more' link, just use a button as a html link, with a type id (paye/contract/permanent) and a record id as get parameters in the link. there's really no need for the post method forms (and the search form should use method = 'get'.)

if you are currently getting undefined index errors, it means $row exists, but doesn't contain what you think. what columns are in the uni2020 table? what does using var_dump($row); show? the above line of code is not doing anything, because of the ; on the end of it. a lot of these issues would not exist if you organized your code better. your code should be laid out in this general order - initialization - define, require, create, ... things your page needs, such as the session_start() statement, a database connection, configuration values, ... post method form processing code - a post method form should be used for things that create/update data on the server or perform an action such as sending an email. you should detect if a post method form has been submitted before using any of the form data. get method business logic - get/create data needed to display the dynamic content on the web page. you should fetch the data from any query into an appropriately named php variable, then test/reference that variable in the html document. html document/template - using simple php code or an actual template system, produce the actual html document, using the data produced from the above sections of code. the php error settings should be in the php.ini on your system, not in your code file. next, you need to validate all inputs to any section of code before using them, setting up and displaying a user error message for any 'required' input that doesn't contain an expected value. if $_GET['ID'] is required for the page to work, it is a user error if it doesn't exist. you should be setting up a message for the user telling them that no UniversityCourse has been selected. at the point of echoing the result from the SELECT query, if the query did not match any data, you should be outputting a message stating so, and only attempt to echo the values if they exist. inside the post method form processing code, if any of the inputs are 'required', but they are empty, that's a user error. you should be setting up a unique message for each empty input, telling the user which inputs they did not enter a value for.

there are three current problems - 1. you are getting a fatal runtime error, due to both where you put the php statements and that one of the statements is using a wrong variable name, but you don't have php's error related settings set up so that php will help you. when learning, developing, and debugging code/query(ies), you need to display all php errors. find the php.ini that php is using and set error_reporting to E_ALL and set display_errors to ON. stop and start your web server to insure that any changes made to the php.ini will take effect. 2. where you put those lines of code is nonsense. you put them before the point where you are executing the sql query. this says you are not even looking at what you are doing. you must be aware of what each line of code is doing and what it is contributing to the overall goal. the first line of code, which is attempting to fetch all the rows of data from the query, should replace the current line of code that's fetching just one row of data. it goes in your program at the point where you are fetching the data from the query, which would be after the point where you are executing the query. the second line of code is the start of the loop. it would go at the point in the html document where you are going to repeat the output for each user. you would 'close' the loop, with a } at the end of the block of html that you are repeating for each user. 3. the first line of code you copied, is using a wrong variable name. copying code is not programming. that's just you acting like a human Optical Character Reader (OCR) program. again, you must actually look at and read what the lines of code are doing. in your code, the $start variable (which is poorly named, use something like $stmt to indicate the variable holds a PDOStatement object), is what you would be calling the ->fetchAll() method on.

the sub-query was originally selecting everything, the g.*. you need to select the end column, so that there is a t.end for the outer query to test.

does any part of the output you got look like it would correspond to the next step of -

the following debugging code will show you what the submitted form data looks like - echo '<pre>'; print_r($_POST); echo '</pre>';

where's your attempt at doing this? just repeating something someone else told you to do isn't programming and isn't learning how to program.

for the first step - make the checkbox field an array, with the array index being the user_id value - <td><input type="checkbox" name="checkbox[<?php echo $row['user_id']; ?>]"></td>

the checkbox and user_id fields are not arrays, so there's nothing to loop over in the form processing code. also, since only checked checkboxes as submitted, there's nothing that relates each existing checkbox to a user_id. do this instead - make the checkbox field an array, with the array index being the user_id value. if you want to display the user_id in the html table, just echo it like the rest of the columns. if any of the checkboxes are checked, you will get an array with the indexes being the user_ids (i would use array_keys() to get all of them as an array to loop over). you would then use a prepared query, prepared once before the start of any looping, to insert each row of data.

the posted code has almost no error handling/validation logic and the error handling it does have is not being used ($msg is not being displayed anywhere in the html document.) to answer your question of how to test if a 'required' file was uploaded and display a message, your code needs to test for upload errors and then validate the submitted form data, only using the form data if there are no errors and the data passed all the validation tests. the simplest, general-purpose way of doing this is to use an array to hold user error/validation messages. this array is also an error flag. if the array is empty, there are no errors and you can use the submitted form data. if the array is not empty, there are errors. you can test and display the content of this array in the html document to let the visitor know what problems occurred with the data that they submitted. here's what your form processing code should do - detect if a post method form was submitted. detect if the total size of the form data exceeded the post_max_size setting. if this condition occurs, the web server will abort the form submission, and both the $_POST and $_FILES arrays will be empty. since you expect a non-empty $_FILES array, to keep it simple, you can just test for this (there are actually other reasons the $_FILES array can be empty - an invalid upload form, uploads are not enabled.) if there is data in the $_FILES array, you would then test if the upload was successful - $_FILES['image']['error'] will be UPLOAD_ERR_OK (0). for the case of not selecting a file in the form, the ['error'] element will be UPLOAD_ERR_NO_FILE (4). your code would add an error message to the array of error messages. if you want to add other validation of the uploaded file, such as file extension, mime type, file size, image size, ... you would perform those tests next. validate the other input(s), adding any validation error message(s) to the array of error messages. if the textarea input is 'required' you would validate that it is not an empty string. after all the validation logic, if the array holding the error messages is empty, you would use the submitted form data, adding any new error messages to the array of error messages. at the end of the post method form processing code, if there are no errors, you should redirect to the exact same URL of the page to cause a get request. this stops the browser from trying to re-submit the previous form data. if you want to display a one-time success message, store it in a session variable, the test, display, and clear that variable in the html document. some other suggestions for the code - make only one database connection and use it throughout the rest of the code. use a prepared query when supplying external, unknown, dynamic data to a query. switch to the much simpler PDO database extension. this is even more important when using prepared queries since the mysqli prepared query interface is overly complicated and inconsistent. put the database specific code, that knows how to query for and retrieve the data needed to display the page, before the start of the html document, fetch all the data from the query into an appropriately named php variable, then test/loop over this variable in the html document. if there is no data from the query to display, you should output an appropriate message on the web page. apply htmlentities() to all dynamic values when you output them on a web page to help prevent cross site scripting. all database statements that can fail - connection, query, prepare, and execute, ALWAYS need error handling. the simplest way of adding this without adding logic at each statement that can fail is to use exceptions for errors and in most cases let php catch the exception where it will use its error related settings to control what happens with the actual error information (database statement errors will 'automatically' get displayed/logged the same as php errors.)

from the php.net documentation - the 3rd parameter is a result mode flag. are you using it this way in your code?

i think (i cannot tell for sure without having all the code and actual testing, because of how overly complicated this code is) your issue is due to how your code is laid out (your form processing code is inside the html document), that you are not validating inputs w/user error messages for 'required' values, have too many variables being copied to other variables, too many database connections, and that you are using session variables when they are not needed. you need to Keep It Simple (KISS.) your code needs to ALWAYS validate inputs before using them, setting up validation errors for the visitor for 'required' inputs. doing this would at least help you find where the problem starts at and will eliminate follow-on errors that aren't directly due to the actual problem. the session variable in question IS an input to your page and needs to be validated before use. the code for any page should be laid out in this general order - initialization - define, require, create, ... things your page needs, such as the session_start() statement, a database connection, configuration values, ... post method form processing code - a post method form should be used for things that create/update data on the server or perform an action such as sending an email. get method business logic - get/create data needed to display the dynamic content on the web page. html document/template - using simple php code or an actual template system, produce the actual html document, using the data produced from the above sections of code. lastly, don't put external, unknown, dynamic values directly into sql query statements. use prepared queries.

this is because your code is fetching the first row from the result set, see the first line in the following code, not using it, then looping over the remaining rows in the result set, starting at the second line in the following -

in html5, no action attribute at all means that the form submits to the same page. you can also set action='#' to submit to the same page, but an empty action attribute, action='', is not valid html5 markup (as of the last time i checked.)

no. it will set php's error related setting so that php will help you find what's causing the problem by reporting and displaying all the errors it detects.

that's not E_ALL. as an integer, E_ALL would be 32767

do you have php's error_reporting set to E_ALL and display_errors set to ON, in the php.ini on your system, so that php will help you by reporting and displaying all the errors it detects?

here's a list of things your login code needs to do differently - do NOT store the user_id in a cookie to identify who is logged in. anyone or a bot script can supply any value for a cookie when they request your page and appear to be anyone, such as you or an administrator on your site, just by going through all possible user id's until they find one that works. you would instead generate a random unique value, similar to what a session id cookie is, and store it in a database table that relates it to the actual user_id and store it in the cookie. you must have an exit/die statement after every header() redirect to STOP code execution. your current code is executing all the rest of the code on the page at each header() redirect. don't use fetchAll() and a loop for a query that will at most match one row of data. just directly call the fetch() method and test if a row of data was found. as to your current problem, the code you are dealing with is the login form processing code and the login form. however, you have put the login form processing code at what appears to be the top of the main index.php page. this doesn't make any sense, logically, because you would be redirecting to the main page, that you are already on, if the cookie is set. you are also testing a different cookie name then the one you are setting (id vs user_id), and there's no code setting the $user_id variable you are testing on the page to determine if there is a logged in user.

what have your tried? this assignment seems pretty straight-forward - SELECT the things you want, one of them being the SUM() of the column you want to add up FROM your two tables JOINed together ON the column that relates the data between the tables GROUP BY the column that identifies which rows to SUM() together and any ORDER BY column(s) that get the data into the order that you want to display it as