mac_gyver

example code - // define the possible choices for each set of filters - $dateorder = array(); $dateorder['asc'] = 'Ascending'; $dateorder['desc'] = 'Descending'; // note: you would query for the unique colors from your data to produce the choices, rather than hard-coding them // you may want an 'All' choice that would leave this WHERE term out of the query to match all colors. the 'All' choice would also be used as the default value if nothing is selected $colors = array(); $colors['red'] = 'Red'; $colors['green'] = 'Green'; $colors['blue'] = 'Blue'; //connect to the database $dbc = mysqli_connect('host', 'user', 'password', 'cars') or die('Error connecting to MySQL Server.'); $dateord = isset($_GET['dateorder']) ? $_GET['dateorder'] : 'asc'; // condition the input and set a default order $dateord = isset($dateorder[$dateord]) ? $dateord : ''; // validate the input as being only and exactly one of the permitted values $orderby_term = "ORDER BY id asc"; // note: asc is the default and doesn't generally need to be specified if($dateord) { $orderby_term = "ORDER BY caradded $dateord"; } $color = isset($_GET['color']) ? $_GET['color'] : ''; // condition the input $color = isset($colors[$color]) ? $color : ''; // validate the input as being only and exactly one of the permitted values $where_term = ""; if($color) { $where_term = "WHERE color = '$color'"; } $query = "SELECT * FROM cardetails $where_term $orderby_term"; $result = mysqli_query($dbc, $query) or die('Error Refreshing the page: ' . mysqli_error($dbc)); // the rest of your code using the data from the query... ?> <div id="leftcolumnwrap"> <div id="leftcolumn"> <h2>Trial Filters</h2> <form method="get"> <p>Order by Date:</p> <?php // note: the $value and $label (any dynamic data) being output, in the following two sections of code, needs to have htmlentities() applied to them, coding left up to you as an exercise foreach($dateorder as $value=>$label) { $checked = isset($dateord) && $dateord == $value ? ' checked' : ''; echo "<input type='radio' name='dateorder' id='dateorder_$value' value='$value'$checked><label for='dateorder_$value'>$label</label><br>\n"; } ?> <br><hr> <p>Filter by Colour:</p> <?php foreach($colors as $value=>$label) { $checked = isset($color) && $color == $value ? ' checked' : ''; echo "<input type='radio' name='color' id='color_$value' value='$value'$checked><label for='color_$value'>$label</label><br>\n"; } ?> <br><br> <input value="Submit" type="submit"> <br><br></form> </div> </div>

your dateorder and color filters are doing two different things that you need to combine into ONE sql query statement. the dateorder is determining what the ORDER BY term should be. the color is determining what the WHERE term should. the logic for each of those should be (safely) building the two parts of the sql query statement, then produce the entire sql query statement by incorporating those terms into it. next, you should be using a method='get' form, since this is determine what the page will display and your form should be 'sticky' and select any existing radio button choice. the easiest way of making the form 'sticky' is to dynamically produce the form fields. if you make an array holding the choices, you can just loop over the array to produce the form fields and cause any currently selected choice to be checked. you can than also use this same defining array to validate that the input data is only and exactly one of the permitted choices. i'll post some example code showing these suggestions, if i have some time.

you MUST test if the form submitted any data, before you can reference the data. there's a condition that occurs, most frequently when uploading files, though it can occur with any post method form submission, when the amount of data to be sent is larger then the post_max_size setting. when this occurs, the server aborts the transmission of the data and both the $_POST and $_FILES arrays will be empty. to handle this, you must first detect that a post method form has been submitted, use if($_SERVER['REQUEST_METHOD'] == 'POST'){, then you can detect this specific size condition and tell the user that the size of the submitted data is too large, then if there is $_FILES and $_POST data, you can reference the data to finish your validation logic. next, when you finally do loop over the $_FILES['file'] array, you must test that the ['error'] element is a zero ( UPLOAD_ERR_OK ), before you can use the file information. something like the example from the php.net documentation - foreach ($_FILES["file"]["error"] as $key => $error) { if ($error == UPLOAD_ERR_OK) { $tmp_name = $_FILES["file"]["tmp_name"][$key]; $name = $_FILES["file"]["name"][$key]; $size = $_FILES["file"]["size"][$key]; // use the uploaded file information here... } }

your code needs to be organized differently, so that it is easy to see what the logic is doing. in fact, i cannot even tell what your code is trying to accomplish. there are forms that are not used and it's not clear if you are trying to edit the status of one customer at a time or a group of customers all at once. the code in your file should be laid out in this general order - 1) initialization - require/initialize things your code needs 2) post method form processing - form processing that alters data 3) get method business logic - code that knows how to retrieve/produce data that's needed to display the page 4) get method presentation logic - code that knows how to produce the dynamic content on the page 5) html document - starts with the <!DOCTYPE tag and ends with the </html> tag. this will move most the php code to the top of the file and it will group together common types of code. the get method business logic contains the queries and database statements needed to retrieve data and store data into php variables and would not contain any html markup. the get method presentation logic would take the data from all the sections of code above it and produce the dynamic content for the page and would not contain any database statements. the html document would contain a minimum of php statements, simple loops and conditional statements, calls to (output) functions, and php echo statements. also, by arranging your code like this, it is easier to test. you can make sure each section produces the result you want, before going onto the next section. you should use get parameter(s) in the url to determine what the get method business logic will do. if the 'check_list' data is going to cause a group of customer information to be displayed, the 'check_list' data should be supplied as $_GET data, not $_POST data. you would also prepare the SELECT query once, then only populate the $checks variable and then execute the query inside the loop. if you are selecting a single customer to edit at a time, the $cid value would be passed as a get parameter and you would reference it using $_GET['cid'] in the code. despite one of the forms using method='get', there's no code using the submitted data that would be in $_GET['cid']. when you output the select/option list, you would want to pre-select the current setting. if you organize the code as i have suggested, you would retrieve the statuses data into a php array variable. you would loop over this pre-retrieved data when you produce the select/option list for each customer. so, better organize your code and try to get it to do what you wan't. if you need more help, post your new code and if it's not clear from the code what you are trying to do, provide an explanation of what the work-flow should be.

the $Fields array is probably being MAGICALLY created by an extract() statement or register_globals action (thanks php). the OP is showing the tail end of the problem, the code that doesn't work. the code that's requiring primary.php is where to look, and it will take looking at the code or knowing how it is being invoked, since there may be no explicate reference to 'Fields' in it. how is this whole script being invoked? is there a form that you are entering something into a 'Fields' form field? does the main code have an sql query that's using extract() on data that's being fetched from a result set? note: there are a couple of other functions, like extract, that magically create variables, though i don't recall what they are off of the top of my head.

you change how the sql statement is formed and how the data values are supplied to it - http://php.net/manual/en/pdo.prepare.php unfortunately, emulated prepared queries are the default, despite the wishful thinking that pdo will automatically use real prepared queries if the database server supports them. when you make the pdo database connection, you need to turn emulated prepared queries off. add the following line to the section of code that's making the database connection - $dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES,false); // run real prepared queries

not sure why that error isn't being displayed. are you sure about the hostname, username, and password? on most shared web hosting, the hostname is not going to be 'localhost' and the username can be some combination of your web account name and the database username you have chosen.

if you do a 'view source' of the page in your browser, are the </body></html> tags present at the end of the output? What is the last output that is present in the 'view source'? what i am suspecting is your web hosting doesn't allow the error_reporting/ini_set statements and you are getting a fatal php run-time error due to not having the PDO extension present and the code stops executing before it gets to the end of the page.

you may not be getting any error messages, but what exact output are you getting after you submit the form? note: you will never see the Data not successfully Inserted alert, because an exception will be thrown if the query fails due to an error and code execution will go to the catch block.

the OP has already been told all of these things and more, such as what the sql join query needs to be to retrieve the correct data, on another help site, but hasn't made use of any of the information. save your time responding.

i don't really think i can help you 'get' what it is you need to do to be able to write code that does something useful. you are randomly changing code, because you haven't taken the time to learn what the statements in the code actually mean and do, then dumping the code on a forum for someone to tell you what to do to fix it. you won't learn anything by getting some to fix your code for you. some problems in the posted code - you are no longer preparing the query, yet you are trying to bind parameters to it. you are using a wrong PDO defined constant in the bindParm() statement, you are using global $per_page; that does absolutely nothing in the context of this code. the only thing you are currently doing different, from at the start of this thread, is changing the sql query statement, specifically just the WHERE ... term. the only code you need to change are the lines that are building the WHERE term. the rest of the code needs to remain the same. and even you were doing this for a completely different sql query statement, the only things you would change in the code are the two queries, the SELECT COUNT(*) ... query , that gets the total number of matching rows and the SELECT list of columns ... query, that retrieves the matching data. this is the code, from reply #10, that is building the WHERE term - // define the possible search fields - this is used to produce a data driven/dynamic design, where you don't write out block after block of code that only differs in the value it operates on $search_fields = array('title','name','description'); $and_terms = array(); // WHERE terms to be AND'ed $params = array(); // bound input parameters for a prepared query foreach($search_fields as $field) { if(isset($_GET[$field]) && $_GET[$field] != 'ALL') // only if the field is set and it's not 'ALL' { // add the search field to the WHERE terms $and_terms[] = "$field = :$field"; $params[] = array(":$field",$_GET[$field],PDO::PARAM_STR); } } $where_term = ''; if(!empty($and_terms)) { $where_term = "WHERE " . implode(' AND ', $and_terms); } all you have to do is change this section of code so that it produces WHERE memberID = :memberID as the where term and then add the correct entry to the $params array for the $_SESSION['memberID'] value. in its simplest, bespoke form, this is what you would have left - $params = array(); // bound input parameters for a prepared query $where_term = "WHERE memberID = :memberID"; $params[] = array(":memberID",$_SESSION['memberID'],PDO::PARAM_INT); the rest of the code, starting with - $query = "SELECT COUNT(*) FROM table $where_term"; doesn't change, unless you want it to do something differently, such as output the data differently or you want the pagination links to be different.

if you read the error message, it tells you where the OUTPUT is occurring at, that is preventing the header() statement from working. the way to fix this is to find and prevent the output from occurring before the header() statement. this may involve rearranging your code so that the logic containing the header() statement comes near the top of your code, before you produce and output any html.

you would need to use the 'Report' link/button in the lower right hand corner of the first post and ask for a mod/admin to edit out the information. you need to go and change your username and password in any case. this thread has been view by 20+ members/guests, plus has probably already been indexed by more than one search engine. if you put your database credentials in a separate .php file and require it into your code, you won't ever be faced with problem of your credentials ending up in code you are posting. edit: you should also be using prepared queries to supply data values to the sql queries. unfortunately, php messed up when producing the msyqli class and it is a pain in the rear to use with prepared queries. if you can, forget about using msyqli and use PDO instead.

that's because there is no error handling in your code for the database statements. the easiest way of handling things like database statement errors are to use exceptions. to enable exceptions of the msyqli statements, add the following lines of code, preferably before you make the database connection so that connection errors will also throw an exception - $driver = new mysqli_driver(); $driver->report_mode = MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT; // MYSQLI_REPORT_ALL <- w/index checking; w/o index checking -> MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT; then, if you have php's error_reporting set to E_ALL and display_errors set to ON, any database statement errors will throw an exception and be caught by php, which will report a fatal runtime error that contains the actual msyqli error information. after you add the error handling, and find which column name is producing a sql sytnax error, because it is a reserved keyword, you need to use a prepared query to supply the data values to the sql statement, rather than putting them directly into the sql query. the PDO extension is much easier and more consistent than the msyqli extension, especially for prepared queries. if you can, switch to the PDO extension.

um. no you didn't. you still have several mysql_ statements in your code and the mysqli_ statements you do have are incorrect, which would be throwing php errors, if you had php's error_reporting/display_errors/log_errors settings set up correctly. you need make use of the php.net documentation for any php coding you do, so that you will know what each statement requires. also, you should not be manually building JSON encoded data. there's a function to do that - json_encode().

before proceeding with a JOIN'ed query, do you even need two tables? if the UsersRegTable is only for the user online data, yes, you would need it and you would need to join it with the UserInfoTable table. however, based on the name UsersRegTable, this is general user information that happens to have a column to hold the last active time. if this is so, why do you have a second table UserInfoTable that is also holding general user information? if you do need two tables, you should relate them with the user_id, an auto-increment integer column in the primary table, not the username. also, if the UsersRegTable is only for the user online data, you likely have a SELECT query, followed by either an INSERT or the UPDATE query that you posted. this can all be replaced with a single INSERT ... ON DUPLICATE KEY UPDATE query.

^^^ that's not specific enough. 10 lines of what exactly? will there always be a row with one yellow element at the top and a row with one brown element at the bottom and the entered number of rows is the number of total rows or it it the number of green rows, and will the green rows always be 4 more elements than the proceeding row? you have to define the rules before you can write the code. you would then be calculating the number of elements to output, based on the current row number being output, rather than having the numbers and blocks of code hard-coded. also, your four variables should have meaningful names, and if you use str_repeat() instead of for(){} loops, your code will be clearer to read. your current code would look like this - $white = '<td style="background-color:white"> </td>'; $green = '<td style="background-color:green"> </td>'; $brown = '<td style="background-color:brown"> </td>'; $yellow = '<td style="background-color:yellow"> </td>'; echo "<tr>"; echo str_repeat($white,4); // the 4 would be a calculated value echo str_repeat($yellow,1); echo "</tr>"; echo "<tr>"; echo str_repeat($white,2); // the 2 and 5 in this block, for green rows, would be calculated values echo str_repeat($green,5); echo "</tr>"; echo "<tr>"; echo str_repeat($white,0); // all the green rows would be output inside of a loop, this block of code wouldn't exist echo str_repeat($green,9); echo "</tr>"; echo "<tr>"; echo str_repeat($white,4); // the 4 would be a calculated value echo str_repeat($brown,1); echo "</tr>"; you would basically be calculating the number of white and green elements in each row and the green row(s) would be output inside of a loop.

to convert a design to use ajax, you are basically splitting and moving functionality around between the server-side and client-side code. however, your design should still work if javascript is disabled. therefore, the changes you make to the server-side code should be conditional, so that it produces the same exact output it does now, if javascript is disabled. when you make the ajax requests (one to post the form data and a second to get and display the account listing), the response your code returns needs to be just the data that you expect, not the whole web page. the response when you post the form data would be your $SaveMsgAccount/$msgBox on success, or validation errors or a generic 'cannot perform action' for query errors when it fails. the response when you get the account listing would be the html markup you are producing for that list now. you can detect if a request to a page was made via ajax - // determine if the request was an ajax request define('IS_AJAX_REQUEST', isset($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest'); the IS_AJAX_REQUEST constant would be used in conditional statement(s) to control what gets output back to the browser. for the account listing, you would need to build the html markup in a php variable, so that you can either output it in the html document, for non-ajax requests, or output it in response to the ajax request. you would move the while(){} loop from where it is in the html document, to right after where you execute the sql query. You would define a variable to hold the markup, then build the markup in that variable - // run the query here... $list_content = ''; while($col = mysqli_fetch_assoc($GetListCategory)) { $list_content .= " <li class='table_row'> <div class='table_section'>{$col['AccountName']}</div> <div class='table_section_last'> </div> </li> "; } right before you start to output the html document, which i am assuming is at your "//Include Global page" code, you would output the response to the ajax request, then halt execution so that the html document is not output - // output content due to an ajax request if(IS_AJAX_REQUEST){ // use a switch/case as a controller $get_action = isset($_GET['action']) ? $_GET['action'] : ''; switch($get_action) { case 'list_content': echo $list_content; break; // add code for other actions here... } exit; // stop execution so that nothing else is output to the browser } in the markup on your page, where the account list content is now, you would replace it with a container with an id so that the javascript can set the content from the ajax request. you would also echo the $list_content here for non-ajax requests - <ul class="responsive_table"> <li class="table_row"> <div class="table_section"><?php echo $Account; ?></div> <div class="table_section"> </div> </li> <div id='list_content'> <?php echo $list_content; ?> </div> </ul> in the javascript, you would write a function, that when called, uses an ajax request to get the account list and display it in the correct place on the page - <script> function get_list() { $.ajax({ url: "accounts.php?action=list_content", cache: false }) .done(function(html) { $( "#list_content" ).html(html); }); } </script> you would then simply call this function inside your existing ajax post form success: handler.

no, the number of entries in the array definition is not related to the bindValue() list of parameters. you must know, by reading the php.net documentation, what parameters the bindValue() method takes, in order to understand what the code is doing and why there are three parameters. to search more columns, yes, you only add them to the $search_fields array.

if your code isn't using the database, those lines of code would have no affect on what your code does. however, if you are using a database, there are some inconsistencies between running an emulated prepared query and running a real prepared query (thanks php) that could be throwing an error, and depending on how you are handling any thrown errors, combined with the error_reporting level you have set in your code, could result in your code halting without showing any error information. don't set error_reporting to zero. it should ALWAYS be set to E_ALL. when debugging problems, you should display errors (set display_errors to ON), otherwise they should be logged (set display_errors to OFF and set log_errors to ON). also, don't use output buffering statements in your code unless you ARE buffering output. they hide messages from your code and php error messages.

the php.net documentation has migration sections in the appendix that lists the major changes that have been made to the language. if your code is dependent on any of the Backward Incompatible Changes, from the starting php version you were using to the final php version you have now, you will need to rewrite that portion of your code. we cannot specifically help you since we don't know what exact method, among all the possibilities available in programming, your code is using. you would need to post enough of your code that reproduces each problem to get specific help.

you would use an UPDATE query with a WHERE clause to control which rows get updated. the following is the UPDATE query syntax definition of the commonly used parts highlighted -

you are missing a $stmt->fetch(); method call to retrieve the data. the PDO extension is much more consistent and straight-forward to use, particularity with prepared queries. if you can, switch from using the mysqli extension to the PDO extension.

you don't even have any code to move the uploaded file in the NEW RECORD logic. are you looking at your code at all? you shouldn't be duplicating the code between the EDIT RECORD and and the NEW RECORD logic. the only thing that's different is the UPDATE query, when you have an id, or the INSERT query when you don't. you should have ONE instance of the logic, then a simple conditional if/else branch to form either the UPDATE or the INSERT query, then back to ONE instance of the logic to execute the query.

this would be another good reason to ascend to a higher plane of programming existence and reuse proven, tested, general purpose code. so that each time you do the same thing, you don't have to beat on the keyboard typing out bespoke code and queries, then find and fix all the typo's and missing or wrong statements. reusing proven, tested, and general purpose code will let you concentrate on the program flow and the goal you are actually trying to accomplish, rather than on the tedious details of each step you take along the way.