mac_gyver

afaik, only database names and table names are ever case sensitive, on case sensitive operating systems. column names are not and referencing a column in a query using a letter case that doesn't match doesn't throw a query error (it would be a problem when trying to fetch the data since the actual column name letter case is what would be present in the data.) what does the result of running the query - SHOW CREATE TABLE `mylogin` produce? add the following to the list above - 19) you should be using php's password_hash() and password_verify() for hashing/testing the hashed password.

first, here's a list of things to consider - 1) all the form processing code needs to be inside the conditional statement that controls the execution of the form processing logic - if(isset($_POST['some_field_name_here'])){ all form processing code goes here... } 2) you should test a (hidden) form field that uniquely identifies, either by field name or the value in a field, which form submitted to the form processing code. 3) if the current visitor is already logged in, you would skip/prevent displaying the registration form and processing the registration form data 4) avoid using the _once form of the require statement. your code should be organized, so that you know when and where it is requiring files and you don't need to use the _once form. php has also had a number of bugs with the include path and correctly resolving the actual file so that the _once part actually works one time. 5) i recommend NOT using UPPERCASE for most things in your code and database queries, i.e. your form field names and database column names should be lower case. only use uppercase when you are calling attention to something. a convention is to use uppercase for defined constants, so that they stand out from any code/text they are surrounded by, and for parts of sql query syntax, i.e. SELECT, FROM, WHERE, ... 6) all your header() redirects need an exit; statement after them to prevent the code from continuing to run. the header() doesn't stop program execution. 7) you should use an array to hold validation error messages. this will let your code detect and display more than one validation error at a time. if only some of the required form fields are empty, one of the other fields doesn't contain an expected value, and the username or email is already in use, you would want to display all these errors at once. the captcha check should make sure that there is a $_SESSION['code'] value and that it's not empty 9) you should validate each 'required' input to insure that it contains either an expected/permitted value or format. 10) you should produce a separate and unique validation error message for each possible validation problem, i.e. don't combine all the empty() checks into one message. 11) you should trim all input data before using it. this will eliminate leading/trailing white-space characters. if you want to allow leading/trailing white-space characters as part of a password, exclude that from what you trim or get an untrimmed copy of the original $_POST data when using the password value. 12) your current code requires the captcha to match before doing any other processing. after making the suggested changes, it should still do that and skip all other processing, even the database connection, if it doesn't match. 13) whenever possible, dynamically process sets of data. your form fields are a set of data. you should avoid writing out line after line of code, repeated for each different form field. because the $_POST data is an array, you can use php's array functions on it when performing the same operation on each field. to do this, you would make an array of the form field names, then loop over this defining array and access the corresponding post data. you can expand on this and dynamically produce the form by including things like the form field type, label for the field, ... in the defining array. 14) only escape data right before using it in an sql query statement (or even better, use a prepared query with bound input parameters.) 15) it's unfortunate that you picked the mysqli extension, rather than the PDO extension. the PDO extension is more constant, easier to use, and has fewer gotchas then the msyqli extension, especially if using prepared queries. 16) running a SELECT query to test if the username/email is already in use allows a race condition where concurrent visitors can try to INSERT the same values. the fix for this is to have those two column defined as UNIQUE indexes, then just run the INSERT query and use the duplicate key index error information that will occur to tell the visitor that the username or email is already in use. the duplicate key error will report the first key that's duplicated, so, if someone does happen to repeat both values, it will take two form submission to detect this OR you could run a SELECT query after the INSERT query to find which or both of the values are duplicated. 17) if you put the form processing code and the form on the same page, it will eliminate all the session variables/header() redirects. the only place you would need a header() redirect is after you have successfully (no errors) processed the form data. you will also be able to repopulate the form fields (except you shouldn't repopulate the password field) when there is a validation error, rather the require the visitor to keep typing in the same information over and over. 18) after successfully, no errors, processing the form data, you should do a header() redirect to the exact same url that the form submitted to. this will cause a get request for the page, which will prevent the brower from throwing an error or trying to resubmit the form data if you reload the page or browse back to the url of the page. as to why your db column name in your sql query statement doesn't match your table definition, i'm betting that your actual db column name isn't spelled exactly as you are using it in the sql query statement.

here are three important things to do when learning php, developing php code, debugging php code, or asking for help with php code - 1) we are not sitting there with you. we don't know what you saw that leads you to believe that something didn't work. you mentioned that the $query fails, but you didn't state what error/message or symptom you got that leads you to believe that it failed. tell us exactly what did happen. 2) you need to set php's error_reporting setting to E_ALL and the display_errors setting to ON, in the php,ini on your development system, to get php to report and display ALL the errors it detects. putting these two settings into your code won't help with syntax errors in your main file since your code never runs in this case. you should also turn off php's output_buffering setting in the php.ini, since it hides problems in your code and you should only use output_buffering when you want to buffer output. 3) your code needs to ALWAYS test for and handle errors that can occur with statements. When developing and debugging code, you would display the errors, when running code on a live server, you would log the errors. by testing for and handling errors, your code will tell you when, where, and give you information about why it is failing. if the error you are getting is your 'failed' message, having error handling in your code for the database statements would tell you why the query failed. in one of your previous threads, you were told to use msyql_error() to get query error information. wouldn't that same advice apply, but using the equivalent mysqli statement? note: mysqli_error(....) statement requires the db connection link as a parameter. the type of error handling you can use is dependent on what sort of statements you are using. the best choice is to use exceptions to handle errors. the mysqli statements you are using do support exceptions. assuming you have set php's error settings as suggested above, add the following two lines of code before you make a database connection, so that a connection error will also throw an exception - $driver = new mysqli_driver(); $driver->report_mode = MYSQLI_REPORT_ALL; // <--- w/index checking; w/o index checking ---> MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT; this will throw uncaught exceptions for the msyqli statements. with the php error settings that have been suggested, php will report and display the error information. on a live server, you would instead log the error information. if i/others have time, i/we will make a list of things your code needs to do or do differently.

that will fix the immediate issue of the simple html dom class not running, when it's not where the error is at. any php error, no matter how benign, prior to using the load() method, will cause this problem. you should be defining/assigning the first line to the variable before using a concatenate operator on it anyway. every error in your code, even if the reporting/display/logging is turned off, is still being detected and handled by php. the reporting/display/logging is just the last step in the php error handling.

the OP's script is (he posted the code on one of the many forums he is asking this on) the phpmotion video/image/audio/blog/group sharing script. the information for each 'type' is stored in a different table with a few different column names/meaning between the tables and there's a switch/case statement on the type value to determine what columns to select and to select a table name where the related comments are stored, which are accessed by running another select query inside of a loop. this script looks like it is basically five independent scripts that were forced together. most of the code in the search.php file is so bad and out of date (@ error suppressors, ereg, msyql statements, string escaping things that aren't strings, no validation of the type value - you can enter a value that's not one of the choices and trigger all kinds of errors...) that it wouldn't be worth anyone's time trying to make to work. @Chrisj, if you want to have an 'ALL' search choice, you need to start with a script that properly stores the primary and related data in a normalized fashion. If the original Authors of this script had done this, there would be very little program logic present and doing the things that have been suggested, which assume that the type choice is just a value in a column in one single table, would be simple. edit: this script is also using an equally bad template system called TBS (Tiny But Strong), which i think was authored by the same people as the phpmotion script.

actually, there may (untested) be a way to do this through the browser. at least the chrome browser, has a command line parameter that allows local file access. it's intended to allow local testing, where things like an ajax request would make use of a local file. when used, this applies to any url the browser requests, so you would only want to do this for your site, so as to not allow any other site access to files on the local pc. you would make a desk-top short-cut that invokes the browser with the correct command line parameter and only use this when visiting your site. i don't know if the 'same origin' policy would override this, since the web page is coming from a different address than the local usage in the code. assuming all this actually works, the client-side code on the page could make an ajax request to read the local file, then submit the data to the remote server in a post request. this sounds like a good phpfreaks programming challenge to see if anyone can come up with working code and for which browsers it would work.

you cannot automatically upload a file from the client/local pc to a remote server using a script running on the remote server, without having some software running on the client/local pc. the script running on the remote server does not have any access to the files on the client/local pc, either through the browser or via any communication protocol. to do this, you first need to pick a protocol. ftp, http, or ssh would be the available choices. you would then need to install server software on the client/local pc, either an ftp server, a http server, or an ssh server. you could then have a script running on the remote server connect to the client/local pc and upload/copy the file.

to save anyone from wasting time replying with problems in this code, the OP has already been told - 1) what the main problem is, which should be enough to make the code 'work', especially if he is aware of or is looking at what data is being storing in the database tables, which, sorry for the cutting commentary, the OP apparently isn't aware of or looking at. 2) to use the id of the source data when storing related data in other tables, i.e properly implement the R in RDBMS. 3) to have an exit statement after the header() redirect. 4) about the obsolete mysql statements, and to use PDO with prepared queries to securely get data values into the sql query. some other things to mention are - 1) don't include your database connection file more than once in the code. 2) separate the database code, that's retrieving data, from the presentation code, that's using the data to produce the output. doing this will actually make it easier to rewrite the code to replace the mysql statements with something more current.

in one of the other php help sites you posted this on, someone went to the trouble of figuring out what the problem is and posted a reply. you are mixing up the student_username and student_name values. i suggest you read existing replies you have before posting your problem elsewhere.

for this specific case, msyqli_real_escape_string() does NOT protect against sql injection. the value isn't being used in a string context in the sql query statement. sql can be injected that contains absolutely no characters that mysqli_real_escape_string() or any other escape string function operates on, i.e. a hexadecimal encoded string, that the mysql database engine happily converts back to any injected sql it contains. this is typically used to inject sql that satisfies the current SELECT query, than appends a UNION query to select anything from any table the current db connection allows.

here are three important things to do when learning php, developing php code, debugging php code, or asking for help with php code - 1) we are not sitting there with you. we don't know what you saw that leads you to believe that something didn't work. you mentioned an error while inserting to the table, but you didn't state or show what error you got and the actual error helps pin down where and what is causing the problem. did you get a php error, a mysql database error, or one of your alert messages and what exactly was the error message and what line of code does it refer to? 2) you need to set php's error_reporting to E_ALL and display_errors to ON, in the php,ini on your development system, to get php to report and display ALL the errors it detects. putting these two settings into your code won't help with syntax errors in your main file since your code never runs in this case. you should also turn off php's output_buffering in the php.ini. 3) your code needs to ALWAYS test for and handle errors that can occur with statements. When developing and debugging code, you would display the errors, when running code on a live server, you would log the errors. By testing for and handling errors, your code will tell you when, where, and give you information about why it is failing. if the error you are getting is your alert with - error while registering you..., having error handling in your code for the database query would tell you why the query failed. the type of error handling you can use is dependent on what sort of statements you are using. the best choice is to use exceptions to handle errors. the mysql_ statements you are using should be converted to statements from the PDO extension, which does support exceptions. in addition to updating the code and the problems already mentioned, here is a list of things it needs to do or do differently - 1) your login test needs to just test if the session variable isset(). isset() returns a Boolean value, to be directly used by program logic. there's no point in testing if the value isset() returned is not equal to an empty string, which is probably left over from before the code had an isset() statement it in. 2) the header() redirect needs an exit; statement after it to STOP the code from running. your current code still runs when the session variable is set. 3) your form processing code should set any error messages in a php array. you would output the error messages at the appropriate point in your html markup. the code currently outputs the alert messages before the start of your <!DOCTYPE tag. 4) your form processing code should validate each input to insure it is not empty and that it contains a value with an expected format. 5) you should repopulate the form fields with previously entered values, so that if there is a validation error, the user doesn't have to reenter the data over and over. 6) while you are changing the code to use the PDO extension, use a prepared query to supply data values to the sql statement. this will eliminate the need to escape string data. 7) the best choice for password hashing is to use php's password_hash() and password_verify() functions. there are code examples in the php.net documentation.

when you have multiple sub-pieces of data for a particular main item, you would store the records as a sub-array using the main item value as the main array index. $array[$row->IdEmployee][] = array('id' => $row->IdEmployee, 'name' => $row->employeeName, 'date' => date("jS M Y", strtotime($row->Year.'W'.str_pad($row->Week, 2, 0, STR_PAD_LEFT).' +6 days')), 'week' => $row->Week, 'currency' => $row->CurrencySymbol, 'wage' => $row->Wage); you would loop over this using - foreach($array as $id=>$sub_array) { // $sub_array will be an array of the rows of data // start a new row in the output and output the name once here... // you can get a copy of the first row of data using $sub_array[0] // loop over the sub_array foreach($sub_array as $row) { // output the week information from each row } }

i'm going to guess, since the OP has still has not shown the include statement, that he is using a URL, rather than a file system path, to include the file and the variables don't exist, since they are in a completely separate process on the web server.

when you build the query string part of links, you should use a function like http_build_query(). this will let you take any existing $_GET parameters, add/remove/modify any of them, then produce the part of the link after the ? - $get = $_GET; // get a copy of any existing get parameters. you only need to do this once // in your pagination link code, for each link you produce $get['currentpage'] =1; // set the current page to whatever value you want $qs = http_build_query($get, '', '&'); // produce the query string part of the link echo "<span class='rest'> <a href='?$qs><<</a> </span>"; // output the link. note: i removed the use of $_SERVER['HTTP_SELF'] since it is open to cross site scripting and it's not necessary in modern browsers

$data = array(); // define the data array while($row=mysqli_fetch_assoc($result)) { $data[$row['Code']][$row['SectorDate']] = $row; }

you would query for the data you want BETWEEN a range of dates - WHERE SectorDate BETWEEN 'some start date' AND 'some end date'. you will reuse these start and end dates when you display the results, you would also ORDER BY the user name so that all the rows for each user name are together in the result set and the user names are in the order that you want to display them. the ordering of the dates in the result set is not important. you would retrieve the data that the query matches and store it into a multi-dimensional array, with the 1st array dimension/index being the user name and the 2nd array dimension/index being the date. to produce the output, you would loop over the array of data. this will give you the user name and a sub-array of dates and data for each date for that user. you would then loop over the dates from the start date to the end date and if there is data (the date array index value exists in the current sub-array of data) for any date, display it. if there is no data for any date, you would display whatever output you want for this condition (an empty cell, 'N/A', ...)

^^^ while this may not have anything to do with what's going on, is the included file functions.php or is it lib.php? if it's lib.php, what else is in lib.php? what html output do you get if you comment out the first call to the getAlert() function or make the first $html line just an assignment statement? if you get the correct result, with no fatal run-time error, i would say you have found a php bug, because there's no way the contents of your function, with or without concatenation/an undefined variable error, should have an effect on the simple html dom class. if php's error_reporting was listed as having no value, where/how were you 'seeing' the fatal run-time error at the start of this thread? to try and rule out a php bug, use a different variable name, $result, inside your function definition. about the only interaction/affect prior output could have between your function and the simple html dom class, is if the class is using output buffering internally, which i just searched the source file for, and there is none. actually, i think i just found the problem. the simple html dom class is using error_get_last(), in the load_file() method, to check for errors, without checking what triggered the error. since your code is producing an error, this trips up the simplistic use of error_get_last() in the code. short-answer: always write code that DOESN'T throw any errors during normal execution, the undefined variable error in this case, and use proper application error handling logic, by actually testing values returned by function/method calls, rather than to blindly use error_get_last().

While it's possible you have found a bug in php, it's more likely something else is going on, such as errors being thrown in the actual data part of the code, and you are only seeing a part of the story. For the first version of the getAlert() function definition, you should be getting an undefined variable error - Notice: Undefined variable: html in your_file on line xxxx. if you are not seeing this error and it's not present in the 'view source' of the page either, either you don't have php's error_reporting set to E_ALL or you have something going on with error handling or output, such as a custom error handler or custom gzip/output buffer handler that's hiding what's really going on. make sure that php is reporting and displaying all errors. you should also turn off php's output_buffering setting (the default is on, in the php.ini.) next, is your full actual code doing any header() redirects to that same page? often, unusual symptoms like this are due to a page getting requested twice, either by the browser or by the code itself, and you are seeing the result of the second request, which won't necessarily have any input data. also, if your page is doing a header() redirect, does it have an exit; statement after the header() to stop program execution? lastly, where are $pause and $array coming from in the posted code? you could have some code which you haven't shown us that is the actual cause of the problem.

a) you could use an alias name for the select term, then use use the alias name when you reference the data in php b) you should normalize your data. you should not have columns like that, where you must alter your database table any time you add data for a new year. the way you have your table laid out now, is not normalize, and results in more complicated queries to do anything with or find any of data.

the join condition should be part of the JOIN, not as a WHERE clause anyway, which will also eliminate the error - SELECT * FROM company JOIN listing ON company.companyID = listing.companyID WHERE listing.type = Supplier LIMIT 0 , 30

it would take having enough of your code, that could be copy/pasted and ran as is (or put up on jsfiddle), that reproduces the problem, in order to help.

does that mean that the thread you posted on the forum a little over two hours ago no longer needs help? if so, please post a reply in it and mark it as solved/answered so that forum members don't waste their time reading it. as to the problem in this thread. you haven't shown the javascript/jquery code that's attaching the events, but this is a common problem, and it's likely that you will need to use the .on() method, with the second parameter being the selector(s) you want to attach the event to. see the inormation about 'delegated events' at the following link - http://api.jquery.com/on/#direct-and-delegated-events

upon further review (i stopped looking the first time when i discovered the OP wasn't operating on the value correctly), the only thing to OP should be doing in this code is running the INSERT query. the user_name column and the email column should be set up as unique indexes, to prevent duplicate values in those columns. the INSERT query will fail with a duplicate key error (you can look up what error number this is and then check what error number is returned when the query fails) if either the user_name or the email already exist in the table. you should also be hashing the password using the php password_hash() function and store the hashed password in the database table.

@cl0482, there is something wrong with almost everything you have shown us about your database table design, your code, and your statement of what you are trying to do. programming requires a clear definition of what exactly the code is going to do, before you write any code. ignoring that you shouldn't even be inputting a credit card number * and that you shouldn't be storing things like subscription/order data in the users table, your code requires a $_SESSION['username'] value (you should actually be storing the user_id in the session variable) in order to do anything. this implies that the current visitor must already be registered and logged in. this would require there to already be a row for the current visitor in your users database table. to alter the value in the `sub` column for an existing row, you would use an UPDATE query, not an INSERT query. your form would also only have the necessary fields for the subscription data. all the other fields for the user 'registration' data don't belong. * if you need a realistic and safe example of some data to add/update for a user, do something like a date of birth. edit: the following post contains a recommend layout for your code on the page - http://forums.phpfreaks.com/topic/297824-database-issues-and-working/?do=findComment&comment=1519095 following this will group together like things, which will eliminate duplication, and separate the different concerns in the code.

the syntax for a function call would be validateForm() the syntax you current have would be interpreted as a reference to a defined constant and if you had php's error_reporting set to E_ALL and display_errors set to ON, you would be getting an error to help point out the problem.