mac_gyver

there's nothing about this code that makes it worth using. well written code should be - secure provide a good user experience be simple, general-purpose, and reusable either work or tell you why it doesn't work this code fails on all these points. if you are just starting out, you need to start small. learn how to write valid html for a form with just a single form field and the php code needed to process the form data. learn how to securely build, execute, and test/use the result from SELECT and INSERT queries. you can then use the knowledge you have learned to produce ever increasingly complex applications or to debug code that others have written.

it's not exactly what i wrote. what i wrote does not involve redirecting. if the user has permission to access the page, you just proceed with producing and outputting the expected page. if not, produce and output the no access content. this is referred to as a Content Management System (CMS.) you would store the information that's different for each page - title, meta tags, description, content, ... in a database table, using the page id as a reference. when a page gets requested, you would get the page id from the url, query for the matching data, and produce the page. i was wondering why you weren't already getting a redirect loop. i'll guess that when using javascript, the browser knows it is already on that url and doesn't do anything, whereas the web server telling the browser to redirect, causes it to go ahead and preform the redirect even if already on that url. you need to get rid of the redirecting altogether, or at least for the case where the user has permission to access the page.

if you check your browser's developer console, you will find out why. the diff.js CDN needs to use https there also may be a version difference. the object is just named Diff, so the JsDiff in the following produces an error, which can be seen in the developer console as well - var diff = JsDiff.diffChars($(this).text(), cellBelow.text());

the above implies that your page access security is the absence of a redirect to the actual url of a page. this is not secure, since anyone can just directly request the 'rigth path' url. on each request for a page, the code on that page needs to retrieve the user's permissions and determine what the user can do and see on that page. if a user doesn't have permission to access a page, the content you produce and output on that page would be the unique 'no_access.php' content. if you are not already doing so, the navigation you produce and output on any page would be any common links and only those links that the current user has permission for. this would probably be a good time to dynamically produce the content and output it using a single physical .php file, rather than to create and maintain complete .php code files for each page.

the computer doesn't care what the actual image numbers/filenames end up being, why do you think it will be a problem? you would just query to get any person's list of image data/filenames matching any condition you want.

having error handling, using exceptions and php's error related settings, would have immediately told you about a column naming problem.

there's nothing technically wrong with the posted snippet of code. however - do you have php's error reporting set to E_ALL and display_errors set to ON, so that php would help you by reporting and displaying all the errors it detects? do you have error handling for all the database statements that can fail - connection, query, prepare, and execute, so that you would know if/why they are failing? the easiest way of doing this, taking just one line of code, is to use exceptions for errors and let php catch the exception where it will use its error related settings (see the point above) to control what happens with the actual error information. have you validated all the inputs (the session variable) before executing the code so that you know if the inputs have expected value(s)? have you determined if the posted code is even being executed by outputting a test message where these lines of code are at?

yes. a row per uploaded file. the only repeated information would be the user's id, relating the row back to the user it belongs with. databases are for storing data. each file that gets uploaded has who (user id), what (title, description), when (datetime), where (it's customary to record the ip address of the user for each piece of data that gets stored from them), and possibly some other why information associated with it. what do you consider to be a significant storage problem? with today's server hardware, large database tables start at 5-10 million rows.

using a timestamp also has this problem, since multiple concurrent uploads can all complete in the same second and attempt to use the same timestamp value. the simplest, fool-proof, and 'atomic' way of doing this is to insert a row into a database table that has an auto-increment integer primary index column, get the last insert id from that query, then use the last insert id as part of the file name.

to help prevent cross site scripting, any dynamic value that you use in a html context, your email message, needs to have htmlentities() applied to it.

from the fgetcsv documentation -

edit: pretty much repeating what they ^^^ said - your data is not stored/indexed in a way that you can simply produce the desired output from it. also, 'tools' is a type/category of items. assuming that wherever this data is retrieved from, you are only getting the data that you want in the order that you want it, or that you would filter the data before using it, see the following - $items['tools']['good']['quantity'] = 3; $items['tools']['good']['price'] = 10.00; $items['tools']['broken']['quantity'] = 3; $items['tools']['broken']['price'] = 5.00; $curency = '$'; foreach($items as $type=>$arr) { foreach($arr as $condition=>$item) { $price = number_format($item['price'],2); echo "We have {$item['quantity']} $condition $type at $curency$price each.<br>"; } }

// recursive function to trim data function _trim($val){ if(is_array($val)){ return array_map('_trim',$val); // recurse if an array } else { return trim($val); // call php's trim function, if not an array } } $post = []; // define an array to hold a trimmed, working copy of the submitted form data // inside the form processing code, get a trimmed copy of the submitted form data $post = array_map('_trim',$_POST); // you would refernce the elements in $post in the rest of the code, i.e. $post['search_products']

fetching data from a mysqli prepared query doesn't work the way you are used to for fetching data from a query. you will need to consult the documentation for the extra code necessary, or you can switch to the much simpler PDO database extension, which does work for fetching the data from a prepared query in the way you are used to. also, if you use exceptions for database statement errors, and in most cases let php catch and handle the exception, you won't have to add logic (or can remove the logic you have now) that's testing the result of the prepare() and execute() statements, simplifying the code.

forget about all the bindParam calls. just supply an array of the values to the ->execute([$ip,$filename]) method call. if the filename is being changed, just call $stmt->execute([$ip,$filename]) again after each new value is assigned to $filename.

@sanram123 the t, the r, and the h are table alias names and belong where they are shown. @Birdmansplace what symptom or error are you getting that leads you to believe something isn't working? you need to provide information about what you saw in order to narrow down the possibilities. also, why do you have two completely different sets of database connection code? are both of those on the same page or is the posted code for two separate pages? your database connection code should be in a separate .php file that you 'require' when needed and each page should only make one database connection.

have you defined what you want the output to look like? this will define what data you need to get/produce, which will also define what inputs you need. you would then query to get the necessary data in the order that you want it. you would then loop over that data to produce the output that you want. btw - some of the xPDF libraries have writeHTML() methods that allow you to produce html (or capture the html of an existing page), then supply that as input to produce the pdf document, so that you don't need to build the pdf document at the x/y/cell level.

no. you would use one file, that accepts a specialty id as an input, then uses a query with a WHERE clause in it to match the requested specialty information. the specialties should be defined in a database table, with an id and a name. this will assign an id to each specialty. you would query this table to retrieve all the specialties to produce some sort of navigation/selection menu. when the visitor to the page picks a specialty via the navigation/selection menu, the submitted specialty id would be used in the code in the single file to cause the correct data to be retrieved and used to display the contents on the page.

its probably the short opening php tag on line 1 in the posted code.

what result or symptom are you getting that leads you to believe that? btw - the short opening php tags <? my not be enabled on your server. you should ALWAYS use full opening <?php tags. You can also use a combined opening/echo tag <?=

this logic should NOT be combined in one statement. here's why. this code is trying to process a form submission. the visitor who was presented with the form and submitted it expects the form processing code to run or to be told exactly why it didn't. these session variables are inputs to the process and must be validated, along with validating the form data, before actually using the form data. each condition that will prevent the form processing code from running should result in a unique and helpful error message being setup and displayed telling the visitor why the submitted form was not processed. for those things that the visitor has control over, he can correct, then go through the process of submitting the form again. if the process is in a state where no further forms of the type that was submitted can be processed, the error message should indicate this. your form processing code should - detect if a post method form has been submitted. if there is more than one type of form, detect which form was submitted. trim all the form data, so that you can detect if all white-space characters where entered. validate all the input data, setting error messages in an array, using an array index indicating the input the error corresponds to. you would display the contents of the errors array at the appropriate point in the html document. if there are no errors (the array holding the error messages is empty), use the submitted form data. btw - once a form has been submitted, except for unchecked check boxes and radio buttons, all form inputs will be set. there's no good reason to have isset() tests for these type of inputs as this will just hide programming mistakes.

the OP solved this on another forum.

the associative index for the COUNT(*) expression is actually something like $row['COUNT(*)']. to simplify this, add an alias name for the COUNT(*) expression in the query and use that alias name for the associative index. next, both of the query examples you have shown will/probably match at most one row. why you are using a loop to fetch the data. just fetch the single row without the loop.

what do you want the output to actually be? where do you want to show the totals and do you really want to repeat all the id/name/designation information?

in addition, you need to always have error handling for database statements. if you had, you would know that the query is failing, with an error about a non-existent column of the same name as the session variable value. also, using a prepared query would have eliminated the problem, since you would not be trying to put data directly into the sql query statement.