mac_gyver

you would make use of the same type of page controller logic (the conditional tests) that you have in your main file, within each of the pages that have subpages, to control what they do for any subpage they contribute to the navigation and are responsible for processing. for your example of index.php?page=0101&subpage=0102, the main page controller in index.php will include/require 0101.php. the page controller within 0101.php would test for the existence of $_GET['subpage'] and run/include/require the appropriate code for the 0102 subpage action.

you are also making a PDO database connection, but using mysqli statements. you cannot mix the different database api's. you must use all PDO statements to match what you used when you made the database connection. edit: you are also making the database connection inside of a user written function, but are not passing the connection back to the calling code, so whatever variable you assign the connection to won't be available in any case. if you are going to wrap the connection code in a user written function, you need to return the connection to the calling code and assign it to a variable in the calling code's scope.

you wouldn't add the date string to the option value. you would convert the submitted option value to the date string right before you insert the data into your database table.

you can build the $expiry_options array entries with whatever values you want. store the strtotime offsets - '12 hour', '24 hour' (add them manually), '1 week' up to 'n week' (add the weeks dynamically using a loop) in the array. i'm pretty sure that the 's' is optional in the strtotime, so build the values that you need for display purposes, and the strtotime() should work. since the permitted values are now in an array, to validate that the submitted value is one of the permitted ones, before using it in your code, you can just use in_array(). see this code - <select name="expiry_date"> <?php $num_weeks = 10; // define the number of weeks you want in the option list // produce the data for the option list $expiry_options = array(); $expiry_options[] = '12 Hours'; // manually add the two hours entries... $expiry_options[] = '24 Hours'; foreach(range(1,$num_weeks) as $week_no){ // add the week entries $plural = $week_no > 1 ? 's' : ''; $expiry_options[] = "$week_no Week{$plural}"; } ?> <option value="0">Expires In</option> <?php // output the option list foreach($expiry_options as $arr){ $sel = !empty($_POST['expiry_date']) && $_POST['expiry_date'] == $arr ? 'selected' : ''; echo "<option value='$arr' $sel>$arr</option>\n"; } ?> </select>

here's a tip for the expire week number option menu. you should pass the minimum of data through the form, because you must validate all form data. change the code to submit just he the week number as the value, then using the submitted week number, calculate the actual expire date in the form processing code code.

cannot help with code errors without seeing the code that's in error. however, this is all the more reason to use a data driven design to dynamically produce the output based on a definition, rather than write out all the repetitive lines of code that only differ in the data values they contain. see the following (untested, my contain typos) example - <select name="expiry_date"> <?php $num_weeks = 10; // define the number of weeks you want in the option list // produce the data for the option list $expiry_options = array(); foreach(range(1,$num_weeks) as $week_no){ $plural = $week_no > 1 ? 's' : ''; $expiry_options[] = array(date("Y-m-d H:i:s", strtotime("+ $week_no week")),"$week_no Week{$plural}"); } ?> <option value="0">Expires In</option> <?php // output the option list foreach($expiry_options as $arr){ $sel = !empty($_POST['expiry_date']) && $_POST['expiry_date'] == $arr[0] ? 'selected' : ''; echo "<option value='$arr[0]' $sel>$arr[1]</option>\n"; } ?> </select> for repopulating the dynamic form fields, see the following example. the conversion to the template method is up to you. please see the use of the $data array in the code (the raw $_POST data should in general not be altered, and this internal $data array would have any sort of trimming/filtering/validation done on the values in it) - <div id="options-parent"> <h2>Add Options</h2> <button class="add_field_button">Add More Fields</button> <?php // assume that there's a trimmed/filtered/validated copy of any previously submitted post data is in $data $data = $_POST; // just make a copy of the $_POST data for this example // if $data is empty(), output one set of form fields. there are no value='...' attribute values in this case // if $data is not empty(), output a set of form fields, with values, for each set of data $count = isset($data['option_quantity']) ? count($data['option_quantity']) : 1; // determine loop count for($x = 0; $x < $count; $x++) { $quantity = isset($data['option_quantity'][$x]) ? $data['option_quantity'][$x] : ''; $retail_price = isset($data['option_retail_price'][$x]) ? $data['option_retail_price'][$x] : ''; $discount_price = isset($data['option_discount_price'][$x]) ? $data['option_discount_price'][$x] : ''; ?> <div class="options-child-row"> <div class="option-float"> <label>Quantity</label> <input type="number" name="option_quantity[]" multiple min="1" max="1000000" step="1" value="<?php echo $quantity; ?>" /> </div> <div class="option-float"> <label>Retail Price</label> <input type="number" name="option_retail_price[]" multiple min="5" max="1000000" step="1" value="<?php echo $retail_price; ?>" /> </div> <div class="option-float"> <label>Discount Price</label> <input type="number" name="option_discount_price[]" multiple min="1" max="1000000" step="1" value="<?php echo $discount_price; ?>" /> </div> </div> <?php } ?> </div> <script> $(document).ready(function() { var max_fields = 20 - <?php echo $count - 1; ?>; //maximum input boxes allowed var wrapper = $("#options-parent"); //Fields wrapper var add_button = $(".add_field_button"); //Add button ID var x = 1; //initlal text box count $(add_button).click(function(e){ //on add input button click e.preventDefault(); if(x < max_fields){ //max input box allowed x++; //text box increment $(wrapper).append( '<div class="options-child-row">'+ '<div class="option-float">'+ '<label>Quantity</label>'+ '<input type="number" name="option_quantity[]" min="1" max="1000000" step="10" value="" />'+ '</div>'+ '<div class="option-float">'+ '<label>Retail Price</label>'+ '<input type="number" name="option_retail_price[]" min="1" max="1000000" step="10" value="" />'+ '</div>'+ '<div class="option-float">'+ '<label>Discount Price</label>'+ '<input type="number" name="option_discount_price[]" min="1" max="1000000" step="10" value="" />'+ '</div>'+ '</div>' ); //add input box } }); $(wrapper).on("click",".remove_field", function(e){ //user click on remove text e.preventDefault(); $(this).parent('.options-child-row').remove(); x--; }) }); </script>

for the part one problem, you are testing the wrong variable in the second <option.... code. you have - if($_POST['expiry_date'] == $expiry_1 for both <options. the second one should be $expiry_2. if you dynamically produce your option lists, from a data definition (usually an array or data stored in a database table), you can avoid errors like this, since the general purpose php code that makes use of the data definition will not make copy/paste errors or typos. for the part two problem, when you display the form, your php code needs to produce enough form fields to hold the data you have on the server-side to to redisplay. initially, with no data to display, output the the single set of form fields you now have, which wouldn't have anything to put into the value='....' attributes, but any time there is existing submitted form data, loop over the data, outputting the set of form fields with the correct data in the value='....' attributes. edit: for the html markup in your jquery code to dynamically add form fields, see the following link for a 'template' method so that you don't have to repeat the markup in your html and in the javascirpt - http://forums.phpfreaks.com/topic/298777-dynamic-for-additions/?hl=%2Btemplate&do=findComment&comment=1524053

your original text file probably contains an extra new-line/blank-line at the end. you need to validate the data you are using to make sure the data is an expected value, type, format, ... i would trim() the $r value, which will remove white-space characters before/after any data, and only write the line to the output file if the trimmed data is not an empty string. note: you have a new-line on the end of each real line that you probably don't want to remove or if you do remove it, you will want to add back to the output when you write the line to the output file.

no one is questioning his knowledge. is anyone really reading WHAT they or anyone else is writing? you know, it takes me a long time to compose what i write. it probably took me close to an hour to write post #6 above. i review and revise what i write several times to get the statements to covey the information that i am trying to get across and i tend to be more detailed than others in my explanations, for which i get a lot of thanks and likes. i don't take the time to write out huge verbose replies because i want the typing practice, i write them to share relevant knowledge. it's too bad that others would use their time to point out 'problems' with something that someone has written, without having a clear understanding what they are replying to first.

Don't confuse A writing style with what is being written. do you think the Angus Macgyver character would be concerned with capital letters on what he wrote out to solve a problem or would he be concerned with the result? the methods i listed are a summery of the form processing practices that have been stated in countless replies on the forum. and again, the following has nothing to do with what was stated, and can only be reasonably accounted for by a translation problem - no one stated that how the data gets submitted is an issue and this has nothing to do with any of the suggestions. the OP did apparently get useful information out of the post since he gave it a like.

since English is probably not your first language, you have been given some slack in the 'off' replies you give. however, no one stated - what was stated is, you don't need and shouldn't use an isset() statement to "individually test if they (the type of fields that were specifically mentioned) exist." when you translated that to your native language, you apparently got - 'don't validate each form field' and didn't get anything else that was stated or the context in which it was stated. no one stated to not validate each expected form field. in fact, if you have read or correctly translated what was stated, someone mentioned and gave a method for -

since you are validating a post method form, your form processing code should first check, once, that a form has been submitted, and have all the form processing code inside of a single conditional statement. if your page will process more than one form, you would have a test for each possible form (test for a field name or a value that will always exist when the form is submitted and uniquely identifies the form) and only run the correct form processing code that matches the form that was submitted. once you have tested that a/the-correct form has been submitted, all the text, textarea, password, and select form fields will exist. it's not necessary to individually test if they exist. in fact individually using an isset() for each form field tends to hide typo errors in the field names between the form and the form processing code. you would want to get and display/log (development/live server) php errors in this case or in the case where someone is submitting their own form data and is not submitting all the expected form fields. after you have determined that a/the-correct form has been submitted, only check-box and radio-button may or many not exist, depending on if they are checked/selected and would need to use isset() statements within the form processing code to detect if they exist or not. since you will want to set up a unique validation error message for each different thing that can be wrong with the data for a form field and you will want a way to detect if there are validation errors at any point in your code, you can kill two birds with one stone by using an array to hold the validation error messages. you would add elements to the array, using the form field name as the array index and the message as the value. this same array can serve as the flag that there are validation errors by either testing that the whole array is empty() or not or you can test if individual elements/errors are set or not, using the field name index value with an isset() statement.

the answer is still to use explode (unless you are getting this from a file, in which case file() would be the best first step.). you explode first on the line-ending-character (varies depending on where you are getting the data from, can be \r, \n, \r\n, or \n\r), to give an array of individual lines. you then explode each line on the comma character. you would want to trim() the final data before you try to use it in case there's some white-space characters as part of the data.

i recommend that you read the thread i linked to in post #2 above. the OP in that thread is doing just about the same thing, with PDO, and is getting how you would dynamically build the sql query statement and dynamically bind any input parameters.

the entries you add to the $params array would need to each be a an array of the set of parameters that your ->bind() method expects. this would be an array containing two or three elements, the place-holder name, the value, and the optional type. when you loop over the $params array, you would call your ->bind() method inside the loop, using the elements from each entry in the $params array. you would need to test if the third, type, parameter has been supplied in the $params array entry it to avoid producing php errors or you could always build the element in the $params array with the third element. if you can use the second suggestion, of supplying the data to the ->execute(....) method and the $params array only contains the values (per the code i posted, using ? place-holders) or it only contains the place-holder name and the values (no type elements), the $params array IS the array you can supply to the ->execute() method as a parameter.

no, you won't have to check every combination of inputs. you only have to produce terms for the sql statement that have input values that you want to include in the sql statement. parts left out of the sql statement will match 'all' conditions for a column.

you would dynamically build the WHERE part of the sql query statement. see my posts in this recent thread - http://forums.phpfreaks.com/topic/299482-php-pdo-how-to-bind-values-to-varibale-contains-concatenated-string/ as you are testing the input parameters, for any of them that have non-empty, non-'all' values, add the portion of the sql statement for that input parameter to an array. at the end, if the array is not empty, implode the array using ' AND ' between the array elements. note: this works even if there is only one entry in the array as the implode will just return the single entry. it will only implode values, with the separator string between them, if there are two or more entires in the array.

are you getting any session_start() errors? is the host-name(sub-domain) and the path after the domain the same for the ajax requested file and the main file and your session cookie settings are only set up to match the exact host-name/path where the session is created, meaning that you have multiple different sessions?

you would use the same method, to not output the login form, when the visitor is already logged in, regardless of using any ajax. in fact, your page should work even if javascript is disabled. javascript/ajax only changes how client-side things occur. aside from adding logic to check if the request is an ajax request and to output only what the ajax expects, rather than the entire html document, you need the same functionality in the server-side code, ajax or not.

does that mean you validated the user's 'view source' from his browser at the time it wasn't working, or was that when you visited the page and it was working? if you are dynamically producing the page, there could be something for this set of users, that's causing the problem, such as data that contains html entities or character-encoded character, url's that need to be url-encoded when output on the page, or even data that's longer then the database field it's being stored in and it has been truncated. one characteristic that may be common to all the browsers/computers/networks where any one of these users has tried or could be a common thing between all the different uses with the problem, is that they may be accessing the web in such a way (proxy server) that a piece of information in the request is missing or not as expected. and the request for the web page could contain all the expected information, but media requests may not (i'm thanking back to AOL, where the requests for web pages and the requests for media on a web page could come from different ip addresses.) are you doing anything in a .htaccess file, such as trying to use the HTTP_REFERER to control access, or in your code trying to get and use their ip address making use of any of the HTTP_xxxxxxx headers? something like this in a .htaccess file or the code, could also account for why when you are logged in as them that you cannot reproduce the problem (i'm assuming you are actually using their credentials, rather than having an admin override, because an override may not be producing the exact same conditions.)

here's something else that you can do that will generalize your code. for the dynamic/conditional parts of the sql statement, add the different terms to arrays, then implode the contents of the array using either ' OR ' or ' AND ' as the separator string. for sections where you are producing something1 OR something2 OR ..., you would add each of the something... to an array, then implode the array using ' OR ' to give that part of the sql statement. your overall WHERE clause is a collection of AND'ed terms. you can have a main array that holds each of the individual parts as they are being built, then implode this array using ' AND ' (along with a few ( and ) ) to give the total AND term. here are your snippets of the query showing these methods (untested, could contain typo's) - $params = array(); $and_terms = array(); $and_terms[] = "au.suspended = 0"; if (!empty($_SESSION['advs']['title'])) { $terms = array(); // always initialize (array) variables if (isset($_SESSION['advs']['desc'])) { $terms[] = "au.description like ?"; $params[] = "%{$_SESSION['advs']['title']}%"; } $terms[] = "au.title like ?"; $terms[] = "au.id = ?"; $params[] = "%{$_SESSION['advs']['title']}%"; $params[] = $_SESSION['advs']['title']; $and_terms[] = implode(' OR ', $terms); } if (isset($_SESSION['advs']['buyitnow'])) { $and_terms[] = "au.buy_now > 0 AND (au.bn_only IN('y','n') AND (au.num_bids = 0 OR (au.reserve_price > 0 AND au.current_bid < au.reserve_price)))"; } if (isset($_SESSION['advs']['buyitnowonly'])) { $and_terms[] = "au.bn_only = 'y'"; } if (!empty($_SESSION['advs']['zipcode'])) { $userjoin = "LEFT JOIN " . $DBPrefix . "users u ON (u.id = au.user)"; $and_terms[] = "u.zip LIKE ?"; $params[] = "%{$_SESSION['advs']['zipcode']}%"; } $wher = "(".implode(') AND (',$and_terms).")"; // bind the data in $params here or use $params as a parameter to the ->execute($params) method

as you are dynamically building the sql query statement, you need to put a place-holder into the sql statement and add the data values as elements in an array. at the end, you would loop over the array of data values and run a bindvalue() statement for each place-holder/value in the array OR if all the values can be treated as strings or quoted-numbers, you can just supply the array as a parameter to the ->execute(...) method for LIKE comparisons, the wild-card % characters must be in with the data value, not in the sql statement.

when this doesn't work, it would be nice if you could get the 'view source' of the page to see if all of it is present, i.e. is the problem that the page isn't being completely sent/received or is it something that's occurring in the browser's rendering of the page. you mentioned that with javascript turned off the page would be crippled, here's a possibility. you have a race condition, that's dependent on the network used to access the site and/or the visitor's computer, having something to do with what the javascript is doing. a common occurrence, that's network speed/timing dependent, is if you are doing ajax requests that make use of session variables, and your main page is also using session variables, and/or you are dynamically producing images that are using session variables, the session data file is locked by each process/request in turn and each later request must wait until the file is release before the session_start() can open the file and return to your php script. if this is what is occurring, and you don't have a problem in your server side code (are you calculating the page generation time on the server and outputting it on the page and/or logging it?) that's causing the page to take a long time to be generated, the way to address this is to do a session_write_close() as soon as you are finished setting/changing any session variables on a page. if all you are doing is reading session variables, you can do the session_write_close() immediately after the session_start().

for one of the users where it doesn't work, hopefully on their computer when it doesn't work, is the copy/pasted html markup of the page in question, valid @ validator.w3.org ? for the last example of a user trying this at a library, is that using a different computer, one at the library, or his same computer, but using a different network/isp? is there anything in common between the users in what is being displayed on the page, such as special html characters (<, >, ', or ") as part of the information being output on the page from their profile? if they disable javascrpt in their browser and visit the page, does the problem still occur? could you have any cookies set due to your development cycle/access to the site that the users don't and it could be causing your attempt at reproducing this to be different from the users? are you using any cookies as part of the process, that if they do/don't exist or with outdated/changed-format/values over various revisions of the software, could affect how the page operates?

in order to make a single page web site, you need to separate the 'concerns' in your code. the post method form processing code is a separate concern from get method code that produces content for your page. the get method code can also be separated into 'business' logic that knows how to retrieve data, and stores the data in php array variables, and 'presentation' logic that knows how to produce the output using the retrieved data, and stores the produced output in php variables. the output that's produced from the 'presentation' logic should just be echoed at the correct place in your html document or output as a response to an ajax request. after you separate the code, for each different functionality you want on a page, into its separate concerns (some functionality may not have all three parts), you would group all the different post method form processing code together, all the get method 'business' logic together, and all the get method 'presentation' logic together. post method forms and post method form processing code should ONLY be used when you are submitting data to the server for creating/inserting data, updating/editing data, or deleting data. get method forms/links and get method code is for determining what the page will display. your code is apparently using a post method form to determine what to display on the page. you would need to fix this first. all the post method form processing code needs to come before you output anything to the browser, so that you can do a header() redirect after successfully processing the form data, to cause a get request for your page. the get method business/presentation logic should actually be before the <!DOCTYPE tag. see the following post for a suggested layout for the code on your page - http://forums.phpfreaks.com/topic/297824-database-issues-and-working/?do=findComment&comment=1519095 it also appears that your code is repeatedly making a database connection, running queries, and closing the database connection. your single page should make one database connection, then pass it into (functions/classes) any code that needs to use the database connection. if you follow the suggested page layout at that linked to post, there are specific places listed where you would make the database connection and close it.