mac_gyver

the entries you add to the $params array would need to each be a an array of the set of parameters that your ->bind() method expects. this would be an array containing two or three elements, the place-holder name, the value, and the optional type. when you loop over the $params array, you would call your ->bind() method inside the loop, using the elements from each entry in the $params array. you would need to test if the third, type, parameter has been supplied in the $params array entry it to avoid producing php errors or you could always build the element in the $params array with the third element. if you can use the second suggestion, of supplying the data to the ->execute(....) method and the $params array only contains the values (per the code i posted, using ? place-holders) or it only contains the place-holder name and the values (no type elements), the $params array IS the array you can supply to the ->execute() method as a parameter.

no, you won't have to check every combination of inputs. you only have to produce terms for the sql statement that have input values that you want to include in the sql statement. parts left out of the sql statement will match 'all' conditions for a column.

you would dynamically build the WHERE part of the sql query statement. see my posts in this recent thread - http://forums.phpfreaks.com/topic/299482-php-pdo-how-to-bind-values-to-varibale-contains-concatenated-string/ as you are testing the input parameters, for any of them that have non-empty, non-'all' values, add the portion of the sql statement for that input parameter to an array. at the end, if the array is not empty, implode the array using ' AND ' between the array elements. note: this works even if there is only one entry in the array as the implode will just return the single entry. it will only implode values, with the separator string between them, if there are two or more entires in the array.

are you getting any session_start() errors? is the host-name(sub-domain) and the path after the domain the same for the ajax requested file and the main file and your session cookie settings are only set up to match the exact host-name/path where the session is created, meaning that you have multiple different sessions?

you would use the same method, to not output the login form, when the visitor is already logged in, regardless of using any ajax. in fact, your page should work even if javascript is disabled. javascript/ajax only changes how client-side things occur. aside from adding logic to check if the request is an ajax request and to output only what the ajax expects, rather than the entire html document, you need the same functionality in the server-side code, ajax or not.

does that mean you validated the user's 'view source' from his browser at the time it wasn't working, or was that when you visited the page and it was working? if you are dynamically producing the page, there could be something for this set of users, that's causing the problem, such as data that contains html entities or character-encoded character, url's that need to be url-encoded when output on the page, or even data that's longer then the database field it's being stored in and it has been truncated. one characteristic that may be common to all the browsers/computers/networks where any one of these users has tried or could be a common thing between all the different uses with the problem, is that they may be accessing the web in such a way (proxy server) that a piece of information in the request is missing or not as expected. and the request for the web page could contain all the expected information, but media requests may not (i'm thanking back to AOL, where the requests for web pages and the requests for media on a web page could come from different ip addresses.) are you doing anything in a .htaccess file, such as trying to use the HTTP_REFERER to control access, or in your code trying to get and use their ip address making use of any of the HTTP_xxxxxxx headers? something like this in a .htaccess file or the code, could also account for why when you are logged in as them that you cannot reproduce the problem (i'm assuming you are actually using their credentials, rather than having an admin override, because an override may not be producing the exact same conditions.)

here's something else that you can do that will generalize your code. for the dynamic/conditional parts of the sql statement, add the different terms to arrays, then implode the contents of the array using either ' OR ' or ' AND ' as the separator string. for sections where you are producing something1 OR something2 OR ..., you would add each of the something... to an array, then implode the array using ' OR ' to give that part of the sql statement. your overall WHERE clause is a collection of AND'ed terms. you can have a main array that holds each of the individual parts as they are being built, then implode this array using ' AND ' (along with a few ( and ) ) to give the total AND term. here are your snippets of the query showing these methods (untested, could contain typo's) - $params = array(); $and_terms = array(); $and_terms[] = "au.suspended = 0"; if (!empty($_SESSION['advs']['title'])) { $terms = array(); // always initialize (array) variables if (isset($_SESSION['advs']['desc'])) { $terms[] = "au.description like ?"; $params[] = "%{$_SESSION['advs']['title']}%"; } $terms[] = "au.title like ?"; $terms[] = "au.id = ?"; $params[] = "%{$_SESSION['advs']['title']}%"; $params[] = $_SESSION['advs']['title']; $and_terms[] = implode(' OR ', $terms); } if (isset($_SESSION['advs']['buyitnow'])) { $and_terms[] = "au.buy_now > 0 AND (au.bn_only IN('y','n') AND (au.num_bids = 0 OR (au.reserve_price > 0 AND au.current_bid < au.reserve_price)))"; } if (isset($_SESSION['advs']['buyitnowonly'])) { $and_terms[] = "au.bn_only = 'y'"; } if (!empty($_SESSION['advs']['zipcode'])) { $userjoin = "LEFT JOIN " . $DBPrefix . "users u ON (u.id = au.user)"; $and_terms[] = "u.zip LIKE ?"; $params[] = "%{$_SESSION['advs']['zipcode']}%"; } $wher = "(".implode(') AND (',$and_terms).")"; // bind the data in $params here or use $params as a parameter to the ->execute($params) method

as you are dynamically building the sql query statement, you need to put a place-holder into the sql statement and add the data values as elements in an array. at the end, you would loop over the array of data values and run a bindvalue() statement for each place-holder/value in the array OR if all the values can be treated as strings or quoted-numbers, you can just supply the array as a parameter to the ->execute(...) method for LIKE comparisons, the wild-card % characters must be in with the data value, not in the sql statement.

when this doesn't work, it would be nice if you could get the 'view source' of the page to see if all of it is present, i.e. is the problem that the page isn't being completely sent/received or is it something that's occurring in the browser's rendering of the page. you mentioned that with javascript turned off the page would be crippled, here's a possibility. you have a race condition, that's dependent on the network used to access the site and/or the visitor's computer, having something to do with what the javascript is doing. a common occurrence, that's network speed/timing dependent, is if you are doing ajax requests that make use of session variables, and your main page is also using session variables, and/or you are dynamically producing images that are using session variables, the session data file is locked by each process/request in turn and each later request must wait until the file is release before the session_start() can open the file and return to your php script. if this is what is occurring, and you don't have a problem in your server side code (are you calculating the page generation time on the server and outputting it on the page and/or logging it?) that's causing the page to take a long time to be generated, the way to address this is to do a session_write_close() as soon as you are finished setting/changing any session variables on a page. if all you are doing is reading session variables, you can do the session_write_close() immediately after the session_start().

for one of the users where it doesn't work, hopefully on their computer when it doesn't work, is the copy/pasted html markup of the page in question, valid @ validator.w3.org ? for the last example of a user trying this at a library, is that using a different computer, one at the library, or his same computer, but using a different network/isp? is there anything in common between the users in what is being displayed on the page, such as special html characters (<, >, ', or ") as part of the information being output on the page from their profile? if they disable javascrpt in their browser and visit the page, does the problem still occur? could you have any cookies set due to your development cycle/access to the site that the users don't and it could be causing your attempt at reproducing this to be different from the users? are you using any cookies as part of the process, that if they do/don't exist or with outdated/changed-format/values over various revisions of the software, could affect how the page operates?

in order to make a single page web site, you need to separate the 'concerns' in your code. the post method form processing code is a separate concern from get method code that produces content for your page. the get method code can also be separated into 'business' logic that knows how to retrieve data, and stores the data in php array variables, and 'presentation' logic that knows how to produce the output using the retrieved data, and stores the produced output in php variables. the output that's produced from the 'presentation' logic should just be echoed at the correct place in your html document or output as a response to an ajax request. after you separate the code, for each different functionality you want on a page, into its separate concerns (some functionality may not have all three parts), you would group all the different post method form processing code together, all the get method 'business' logic together, and all the get method 'presentation' logic together. post method forms and post method form processing code should ONLY be used when you are submitting data to the server for creating/inserting data, updating/editing data, or deleting data. get method forms/links and get method code is for determining what the page will display. your code is apparently using a post method form to determine what to display on the page. you would need to fix this first. all the post method form processing code needs to come before you output anything to the browser, so that you can do a header() redirect after successfully processing the form data, to cause a get request for your page. the get method business/presentation logic should actually be before the <!DOCTYPE tag. see the following post for a suggested layout for the code on your page - http://forums.phpfreaks.com/topic/297824-database-issues-and-working/?do=findComment&comment=1519095 it also appears that your code is repeatedly making a database connection, running queries, and closing the database connection. your single page should make one database connection, then pass it into (functions/classes) any code that needs to use the database connection. if you follow the suggested page layout at that linked to post, there are specific places listed where you would make the database connection and close it.

It's a safe bet that nothing being hosted on or through an amazon web services server should be making requests to your web site. however, doing a whois ip lookup for two of those ip addresses, gives the following information - http://www.whois.com/whois/54.174.55.230 and http://www.whois.com/whois/54.174.62.56 these are apparently for a company named hubspot. those two whois lookups have different abuse contacts. get the whois lookup information for each of the different ip addresses you are getting requests from, then do two things - 1) provide the abuse contact(s) with the ip and datetime information about the requests. they should be able to determine for that set of ip addresses and datetime, what is sending the requests (perhaps they have a bot/proxy running on their system(s).) 2) find the range of ip addresses that each of the ip addresses is part of and assuming you are using an Apache web server, add an entry in a domain root .htaccess file that blocks (deny) requests from that entire range. repeat for any other ranges of ip addresses.

the character-encoding for the first link/page is - utf-16le, which is treating characters as consecutive 2byte/16bit entities. the character-encoding for the second link/page is - utf-8 just changing the character encoding that the first file is saved with may fix the problem.

you are actually doing two things - 1) recording who, what book_id/title they have borrowed/returned, how many they have borrowed/returned, when they borrowed/returned them (not just when they promised to return them.), and 2) being able to track actual inventory of books. before you continue to try and write any code or queries, or do things that other people tell you, which may not take into account all the requirements that only you know about, you need to sit down and do some 'thinking through the problem' and figure out what data you need to record and how you will query to get the results you need. the following is my thinking through this problem, and assumes that you are not going to serially number each book (which you stated in the previous thread that you weren't doing), which would make this like a discrete resource reservation system, i.e. a room booking system. without a serial number for each book, this is like a shopping cart/order system, except that you expect all the items to be returned (or accounted for if not returned.) so, someone visits the library, picks out some number of one or more different books, and goes to the check out desk. this should create a record for this transaction (order) that assigns a unique id, that will be used to refer to everything that's part of this transaction, who the person is, and any other unique information about each transaction. then, for each book_id/title that's part of a transaction, you would enterer a record in a second (order details) table that assigns a unique id (for reference purposes), the transaction_id, the book_id, quantity (i would store a negative quantity when a book is borrowed, a positive quantity when a book is returned, so that you can directly SUM() quantities to find inventory levels), date (or datetime if you are actually using the time part) that the quantity of book(s) was borrowed/returned, a scheduled/promised return by date (or datetime if you are actually using the time part) - this could be different for each book_id/title and could be extended by any amount upon request, and any other information you need for each book_id/title that's part of a transaction, such as status/memo fields. when book(s) are returned by a person, you would enter more records in this details table, using the same transaction id, book_id, a positive quantity, so that they offset the number of books that were borrowed, the date (or datatime) they were returned (the scheduled/promised return date is not used in this case.) the only use of a date (or datetime) in a query would be to find out if any books are over due or to determine when books should be available. to find out what books a person (still) has checked out, you would just query for the data for his transaction(s), group by the book_id and sum up the +/- quantities. to find out the available quantity of any book(s), you would write a query that groups by the book_id, regardless of the transaction, and sums up all the +/- quantiles for each book_id. to record initial books on hand, books added, books lost/damaged/sold, books found by others, ... you would enter records in this same details table, with + or - quantity. the status/memo field(s) would be used to mark the record with this type of extra information about a transaction. if you have any requirements that are not covered by this suggested method, you need to sit down and think through what data you need to store or calculate and how you will query to get the results you need.

a slightly more dynamic slant on doing this - // dynamically build the query string part of a url, from whatever part(s) it is made of - $q = array(); $q['PartID'] = $row['PartID']; $q['Color_ID'] = $row['ColorID']; // add any other key/value pairs here.... $qs = http_build_query($q,'','&'); // build urlencoded query string, with properly encoded & $label = htmlentities($row['PartID'],ENT_QUOTES); // use html entities on any content // this is just the <a></a> link part of what you are outputting, which appears to be incomplete/broken in your code echo "<a href='Part_Color.php?$qs' style='text-decoration:none;'>$label</a>";

for time being, forget about "individually without refreshing the page." you have to be able to write the program logic that does what you want first, and us just posting code isn't going to help you learn how to do that. start by making this all one page, but using just html and php (your page should work, even if someone has disabled javascript - you can output a submit button for your form(s) using a <noscrpt> tag.) then, you can add things like on change events and ajax requests after you have gotten all the code written and working. it sounds like you are making the U part of a CRUD (Create, Read, Update, Delete) exercise. the first step is to define the steps that accomplish the work flow. wouldn't these be something like - 1) list the available stages, with a way of selecting one. 2) if a stage value has been submitted, as a get parameter (you are controlling what is being displayed on the page), (safely) use the value to retrieve the record(s) that match that stage, display them, each as an individual (based on your stated goal) 'edit' form for updating the values. 3) if an edit form has been submitted, as post data (you are altering data values at this point), (safely) use the submitted form data to update the correct record. 4) repeat until you have updated all the records that you want or you pick a different stage value. you would basically use this list as comments in your code and write the code that implements each of these steps of the work flow. the code on your page should be laid out as suggested in this - http://forums.phpfreaks.com/topic/297824-database-issues-and-working/?do=findComment&comment=1519095

doing an exact, equal, comparison with dates doesn't make any sense. would the query you tried match any other row(s) in your database table for that id_item? it sounds like you don't know why you added the start and end dates/times, but whatever reason you have, you would need to make use of <, <=, >, or >= comparisons, not just = comparisons.

the OP should have that already in this table, as this is pretty much just a continuation of another thread - http://forums.phpfreaks.com/topic/298896-pdo-with-array/

i was going to try and provide some specific direction that would help you, but your code seems to be pretty much just a random, changing, collection of things you have seen somewhere. that you now have the code that's running the sql query statement, which isn't even using the same database api as your connection code, and no code to fetch the result from the query, after the form that's trying to use the data, shows that you either aren't looking at what you are doing or you have no idea what the statements mean. so, my only recommendation is - in order for you to retrieve YOUR data from a database or to process the data submitted from YOUR form, you will first have to learn how to do these tasks at all. you need to learn and practice the basics first, before you can do this for your data and your form. you would start by getting the entire process to work correctly for one instance of a form field type.

by the time you get to reading or writing 'code that does something', you need to have already learned the basics of the php/sql languages, so that you can read the code/queries and get the gist of what they are doing. if the book just starts presenting complete code examples, that take more than 10-20 lines to do something, it's not a beginner book to use to learn the php/sql languages or to learn programming in general. if you need to learn the basics of php, to get you to the point of being able to read/understand what existing code does, make use of the php.net documentation. see the 'Language Reference' section, sub-sections - 'Basic syntax' through 'Functions', and 'Predefined Variables', followed by the 'Security', 'Features', 'Function Reference', 'FAQ', and 'Appendices' sections, followed by most of the other sections as you move into more advanced coding.

the reference the OP is using to 'get', is likely referring to his get method code, i.e. the code that's responsible for displaying the page due to a get request (or a post request with validation errors and a need to redisplay the form.) this is about the n'th recent - I have this huge hard-coded form and I need to populate/repopulate the form fields with existing database data/data from the last form submission. if you have a form more than about 3 form fields, you need to use php to DYNAMICALLY produce the form (produce the form field, display any validation errors, populate the field with existing data) and DYNAMICALLY process the submitted form data. for an example showing how to do this, see my posts in the following thread - http://forums.phpfreaks.com/topic/298936-form-data-to-csv-using-php-code-problems/ to populate the form fields with either existing database data or data from the last form submission, see the use of the $data array in that example code and the comment in the code - // get request code would go here... if you are retrieving data to edit/update it, if the $data array doesn't exist at this point, the form hasn't been submitted. retrieve any existing data and store it in the $data array. at the point of populating/repopulating the form fields, you would just use the data values in the $data array. to populate/repopulate checkboxs, you have to output a checked attribute in the <input type='checkbox' ... checked> tag. dynamically producing the form makes this easy, because as your code is looping and producing the form fields, for a checkbox type, you would just test if the existing data for that checkbox matches the current checkbox you are producing, and output the checked attribute at the correct place. using this method, you don't have to write out the program logic for every form field. you only have to write the correct logic one time, for each different type of form field.

the example data record you have shown should have a negative quantity, -11, since those books are checked out/not available. the SUM(quant) in the query should take the original record with 30 books, plus the -11 books checked out by that user_id, giving 19 available books. your separate date and time columns should be one DATETIME data type column.

have you researched what the html syntax is that will cause an option choice to be selected, so that you will know what output the php code will need to produce? after you do that, you will need to write a php comparison statement that tests if there's an existing value from the form and if that value matches the current option choice value, and output the correct html to cause that option choice to be selected.

right before the line with if(mail(.....)){... add the following debugging code - ini_set("display_errors", "1"); error_reporting(-1); echo CNT_TXT_WARNING_EMAILSENTOK; echo CNT_TXT_WARNING_EMAILSENTERROR; exit; assuming you are doing this on a server that allows ini_set() and error_reporting() statements, this should echo the actual corresponding messages without any php errors. if you do get php errors about undefined constants/assuming you meant a string..., it means that your defined constants don't exist, either because your include code isn't working or you don't have defined constants with exactly that spelling/capitalization and without potentially some non-printing/character-encoded characters as part of the definition or usage. lol, while the actual file name you use for an included file doesn't matter, why are you still using something like .php3 at all?

here's another problem with your code - ...WHERE username = '$session->username'"; a username can be anything that you allow when the user registered, so, something like D'Angelo is possible. this will break the sql syntax and cause a query error. if someone is logged in, their username should only be used for display purposes. you should be using an integer user_id internally in your code. using an id will also make your queries faster, for a couple of reasons - the id column should be defined as an auto-increment column, this will/should automatically make it an index, and finding an integer value, either in the data or in the indexes, will be faster than finding a string, unless you use very short strings.