mac_gyver

in addition to the problems in your sql statement itself, the error you are getting is because your line of code that's running your query is incorrect. this is your line of code for running the query in the last post in this thread - if($myconn->query($user_query ===true)){ this is the equivalent line of code from the 1st, 4th and 6th posts in this thread - if($myconn->query($user_query)===TRUE){ look at those two lines of code carefully and find what's different between them. this is why in one of your threads, someone told you not to just copy/paste things you have seen somewhere. copy/pasting things doesn't teach you what they mean. your line of code is doing three things - 1) it contains an if(...){ conditional statement to test if an expression is true. 2) it's calling a mysqii database method to execute a sql query statement - $myconn->query($user_query) 3) it's comparing the value returned from the msyqli ->query() method with an exact TRUE value - ===TRUE. the result of this comparison is then being tested by the if(...){ conditional statement. this 3rd part is completely unnecessary and is just adding clutter to your code, which may be the reason the line of code you wrote in post #9 is incorrect. you are writing more code than is needed, making it difficult to see what you are actually doing. there's an expression we have in English - you cannot see the forest for the trees, which means you cannot see the big picture of what you are trying to accomplish because you are getting stuck on the small details. there's another expression/acronym - KISS (Keep It Simple Stupid.) which means to use the simplest method that works and don't overly complicate something. since all you need are parts #1 and #2, an if(){ conditional statement and a mysqli ->query() method call, this is all you need to do to call and test if the mysqli ->query() method returned a true value - if($myconn->query($user_query)){ by actually learning the meaning of what you are doing, you can write simple, error free code that does what you want.

this shouldn't be a matter of removing incorrect information after the fact, but of building the correct information in the first place, especially since the url that's being built is invalid with multiple sets of same name keys and could easily end up being longer than what browsers/servers accept for url lengths. it sounds like the pagination code is trying to append things to the url, rather than to just build the url from any existing get parameters and the page number it is responsible for. if you do an advanced search on the forum (the snow-flake thing to the right of the search box) and search for http_build_query and my user name as the author, you will find a page of results that show how to use http_build_query() to properly take any existing get parameters, without needing to know what they are or if there are any at all, and allowing the pagination code to just set the page value that is is responsible for and produce the pagination links.

what is the data type of the active column? what are some of the values in it? and is there any chance that you imported that data into that column from a csv file or copy/pasted into a form field or you have an error in your code inserting the data and you could have some white-space characters (either a space or a tab) in the column in front of the data so that when the 'apparent/visible' value is converted to a number for the comparison, all the values end up being a zero, which results in a TRUE WHERE clause for every row?

i think this is more of a theoretical problem, rather than a real situation, given that there's another current similar thread asking about two different switch/case statements, one for a book selection and a second one about chapters for each book.

we generally don't write code for people, but since you and whoever that is in the other thread are stuck on needing to use switch/case statements to do this assignment, here's an example of how you would do this if your book/chapter content is stored in files and folders/files - // condition/cast inputs $book_id = isset($_GET['book_id']) ? (int)$_GET['book_id'] : 0; $chapter_no = isset($_GET['chapter_no']) ? (int)$_GET['chapter_no'] : 0; $file = ''; if($book_id && !$chapter_no){ // only the book_id was given $file = "book{$book_id}.php"; // change this to whatever maps the book_id to the book file } if($book_id && $chapter_no){ // both were given $file = "book{$book_id}/chapter{$chapter_no}.php"; // change this to whatever maps the book_id/chapter_no to the chapter file } if(!$file){ // nothing or nothing using valid numbers was requested echo "no book or book/chapter was requested"; } else { // a book or a book/chapter was requested, test if what was requested exists if(!file_exists($file)){ // the book or book/chapter doesn't exist echo "the book or book/chapter requested doesn't exist."; } else { // the book or book/chapter exists, include it include $file; } } there are no switch/case statements needed, and this will work for any number of books and any number of chapters in any book. using some glob() statements and a little bit of program logic would let you dynamically produce the navigation menu/links without hard-coding them too. if you are taking a class and the instructor has suggested you use a switch/case statement for this task, he should have assigned a task that actually would use a switch/case statement. when the processing is the same for each input value, you would not use a switch/case statement. some examples where you could use a swtich/case statement would be - the CUD (create, update, delete) part of CRUD (create, read, update, delete) data coding, the different operations you can perform on a shopping cart (which is actually just CRUD coding).

someone else recently asked about using a switch/case to just test/map values to determine what content to include/produce on a page. you wouldn't use a switch/case statement just to do this since that would require that you first create the switch/case statement with all your values, then find and edit the correct place in your switch/case logic every time you add or delete content. see my reply in this thread - http://forums.phpfreaks.com/topic/297827-switchcase-for-about-800-pages/ for what you are asking, you would use either one or two get parameters in the url - index.php?book_id=1 or index.php?book_id=1&chapter_no=1 the php code would receive these as $_GET['book_id'] and $_GET['chapter_no']. you would test if the first or both of these are present, validate or cast their value so that they are safe to use, then use the value(s) to determine what content to retrieve/include into the page. in short, you would use the computer to do the work for you rather than you writing out several 10's or several 100's of lines of code that only differs in the value they are testing/mapping.

afaik (after doing a little research) dates would need to be enclosed in #. give this a try - WHERE Date between #8/1/2015# and #8/30/2015# also, what is your date column definition? Short Date?

in your previous thread about forms and form processing, the forum members were trying to get you to organize your code so that it grouped common actions together and that it put any form processing code before any code that gets or uses data to be displayed on the page. and now that you have added database code into the process, you need to put code that inserts/updates/deletes database data and code that retrieves data into the proper locations in the code on your page the code on your page should be laid out in this general order - initialization, start of database dependent code, determine user state and permissions, post method form processing, get method business logic, end of database dependent code, get method presentation logic, and html page/template. 1) initialization - create/define things your code needs - session_start(), require files holding configuration data/function definitions, setup an autoloader for class definitions... 2) start of database dependent code - create a database connection. if you are using exceptions to handle database errors, this would be where the try block starts. 3) determine user state and permissions - check if the current user is logged in and retrieve any permissions the user has. the rest of the code on the page would make use of the logged in state and permissions to determine what code can be ran and what content will be produced. 4) post method form processing - the post method form processing code, which creates/modifies/deletes data on the server, should come near the start of your file so that you aren't tempted to output anything to the browser before any data has been updated by the processing code. if your page has multiple sections of form processing code, you would have them all groped together in this section of code. after successfully (no errors) processing any post data, do a header() redirect to the exact same url that the form submitted to. this will cause a get request for your page. this will cause the browser to forget that a form was submitted and it won't try to resubmit the form data if you refresh the page or browse back to the same url. this also enforces separation of concerns. post method form processing, which modifies data on the server is a separate concern from displaying data due to a get request for your page. if you want to display a one-time 'success' message after the header() redirect, pass it in a session variable, then clear he session variable after the the message gets displayed. if there are errors while processing any post data, you would not redirect, stay on the page, let the rest of the code on the page display the errors, (re)display the form, and repopulate the form fields with the previously submitted values. 5) get method business logic - code that produces/gets data needed for the dynamic content on the page. this code contains any database specific code that knows how to retrieve data from your database tables. the result of this code should be php variables that the code later on the page uses as its input. this code should contain NO html/css/javascript markup. 6) end of database dependent code - if you are using exceptions to handle database errors, you would catch the errors at this point. you can also destroy any query result resources and the database connection at this point since you won't need them any longer. 7) get method presentation logic - code that knows how to take the data (database data, errors, form data...) from ALL the above code and produce the dynamic output for the page. if the output doesn't require any 'heavy' processing/formatting, just use the data directly in the html page/template code. the result from this code should be php variables that the html page/template uses. this code should contain NO database specific statements. if your page has multiple sections of get method presentation logic, you would have them all groped together in this section of code. html page/template - this section starts with the <!DOCTYPE ... tag and ends with the </html> tag. it is the actual html document that the dynamic output is put into to make the complete page. only simple php conditional logic/loops, function calls (that are responsible for producing output), and echo statements should be present in this section of code. if you organize the code on your page like this, it will separate all the different concerns, making it easier to see what your code is doing, easier to test, and easier to get help with because you can isolate and post just the relevant part. also, in your 'Is php easy' thread, i made a post about defining the inputs, processing, and output/result for your code. if you do this for your form processing code, it will make it easier for you to write code that does what you want.

you would not use a switch/case statement to do this. switch/case statements are used when you have to select between different processing logic in each case. if all you are doing is checking if a value is one out of a permissible set, you would define the set of permissible values in a data structure somewhere (database table, array), test the input value against that data structure (db query, in_array()), then produce the output value based on the input value and use it. if you have more than a few pages on a web site you should also be dynamically serving those pages using a content management system, where the content that's different between the pages is stored in a database, and the navigation menus and the logical pages are dynamically produced by simple php code on one physical page that uses the information stored in the database. the PHPFreaks.com Questions, Comments, & Suggestions forum section where you posted this is not for asking programming questions, it's for asking questions or making comments/suggestions about this site.

@heeha, don't jump to conclusions. certain forum sections are configured to NOT count posts so that those members that are only posting generic and spammy nonsense won't accumulate post counts.

i have a more basic question, why are you trying to use database based session data handling? using the default file based session data handling, insuring that you are storing the session data files in a location of your choosing and with permissions set so that only your hosting account can access the files, is adequate in all but a very few cases. you also have a problem with database based session security if you are using the same database connection that your application code is using and ANY of your code allows sql injection, someone can grab all the session data. if the reason you are doing this is for a perceived security problem, to make this as secure as possible, you would need a separate database with a separate connection username that only has access to that database and you would want to encapsulate the database connection into your session handler so that no other code can use possibly it.

it would have also helped if you had told us what error message you are getting from your code and what you got when you echoed $error= $_FILES['vm']['error'] ?

yes, the untested example i posted is using the next/current id in the section of code that's outputting the comment-form for the previous section. change the first occurrence of - $content .= comment_form($row['content_id']); to this - $content .= comment_form($previous_blog_id); you can actually change the second occurrence of - $content .= comment_form($row['content_id']); too, for consistency, since $previous_blog_id will be the same as $row['content_id'] after the end of the loop. edit: i also see another problem, a missing $. change this (in two places) - if(previous_blog_id != 0){, to this - if($previous_blog_id != 0){ you should have been getting php runtime errors about an undefined constant if your error reporting and the execution path takes you through those lines of code.

the following example shows one way of separating the concerns in your code and should (untested) produce the result you are trying to achieve - // create one database connection in your applcation include 'core/db/db_connection.php'; // produces a mysqli connection in $dbCon // retrieve the blog/comment data function get_articles($dbCon) { $sql = "SELECT blog.content_id, blog.title, blog.content, blog.posted_by, blog.date, article_comments.comments, article_comments.comment_by FROM blog LEFT OUTER JOIN article_comments ON blog.content_id = article_comments.blog_id WHERE blog.content != '' ORDER BY blog.content_id DESC"; $result = mysqli_query($dbCon, $sql); // you need some error handling (exceptions work best) so that query errors can be displayed during development, logged on a live-server and don't throw follow-on errors trying to access data from a query that never ran due to errors $rows = array(); // initialize in case the query matched no rows while($row = mysqli_fetch_assoc($result)){ // you could use a fetch all statement, provided it is present in your php installation/version $rows[] = $row; } return $rows; } // produce the comment form (called in multiple places) function comment_form($id){ return <<<EOT <form method='post' action='' class='comments_form'> <input type='text' name='username' placeholder='your name... *' id='name'> <textarea name='comments' id='textarea' placeholder='your comment... *' cols='30' rows='6'></textarea> <input type='hidden' name='blog_id' value='$id'> <input type='submit' name='submit' id='post' value='post'> </form> EOT; } // produce the blog/comment/comment-form display function list_articles($rows) { if(empty($rows)){ return "There are no Blogs to display"; } $previous_blog_id = 0; $content = ''; foreach($rows as $row){ if ($previous_blog_id != $row['content_id']) { // the blog id changed if(previous_blog_id != 0){ // not the first section, close out the previous section $content .= comment_form($row['content_id']); // add the comment form html. you may want to add some html around this for styling... } // start a new blog section $content .= "<h5 class='posted_by'>Posted by {$row['posted_by']} on {$row['date']}</h5> <h1 class='content_headers'>{$row['title']}</h1> <article>{$row['content']}</article> <hr class='artline'>"; $previous_blog_id = $row['content_id']; } if (!empty($row['comment_by']) && !empty($row['comments'])) { $content .= "<div class='commented_by'>Posted by: {$row['comment_by']} </div> <div class='comments'>Comments: {$row['comments']}</div> <hr class='artline2'>"; } } // done looping over blog/comments. add the final comment form if there were any blogs if(previous_blog_id != 0){ // not the first section, close out the previous section $content .= comment_form($row['content_id']); // add the comment form html. you may want to add some html around this for styling... } return $content; } // call the code to get the article data, produce the blog/comment/comment-form display, and echo the result echo list_articles(get_articles($dbCon));

you are throwing too much code at this. you actually need to separate the concerns in your code. the code that knows how to query the database and contains all the database specific statements needs to be separate from the code that knows how to produce the html markup from that data. you also need to NOT make a database connection every place you are running queries. your application should make one database connection and pass it into any function/class that is dependent on having a database connection. i would have one function/class-method to run your query, fetch all the rows into an array, even if there are no matching rows, then return that array from the function/class-method. another function would accept that array of data, even if it is an empty array, as a call time parameter, then loop over that data to produce the output. this second function should build the output in a variable and return that variable to the main calling code. the main calling code can do whatever it needs with that returned content - echo it, cache it, put it into an email, make a pdf file from it, ... the place in your code to produce the comment form is actually right before you output the start of a new blog display, except before the very first blog display (you can test if the $previous_blog_id is a zero or not to determine if you are outputting the very first blog display). you would also output a final comment form after the last blog/comment display section, if there have been any blog/comment display sections (you can test if the $previous_blog_id is a zero or not to determine if there have been any blog/comment display sections.)

the comment form for a blog/comment display section, is part of the blog/comment display section. it's not a separate thing. you should have a comment form following the display of each blog/existing-comment section.

you would use a hidden field in the comment form with the blog_id as the the value. where are your 'comment' forms being output on the page? aren't you outputting one following each blog/comment section? blog... any existing comments for this blog.... comment form...

what have you tried? because the fun part of programming is in actually seeing code that you wrote produce the result that you want. your dates should be in a yyyy-mm-dd format (with leading zeros in the mm and dd) so that you can sort them. if you want to display them as m/d/yyyy, you would do that when you display the results. i would loop over the result (which should be sorted by the country name to give output in the order that you want) from your database query and produce two arrays. the first array gets all the dates. the second multi-dimensional array holds the data, using the country as the index for the first dimension, the date as the index for the second dimension, and the total as the stored data value. use array_unique() on the first array, then sort that resulting array. this will produce an array of unique dates in ascending order for producing the heading and for accessing the data under those headings. to produce the result, loop over the second array's first dimension (country), outputting the country name as the label for the row each time it changes. then, loop over the first array, and use each date to access the data, if any, for the current country for that date. if there isn't a value, output whatever indication you want (0, ----, n/a, blank). if there is a value, output the value. repeat for all countries being looped over.

your current code should be using an array for the form field name="...." attributes. this will allow you to process the submitted form data using php array functions. this is even more important if you plan on having an 'add' javascrpt/jquery button that dynamically adds more rows of data. using sequentially numbered field names will mean that you have to find and keep track of the number of fields in the javascript/jquery so that you can number the dynamic ones properly. by using an array for the field name, you don't need to do anything extra in the javascript/jquery for the dynamically added rows of data and all the form fields, the static ones and the dynamically added ones, will all be part of the same submitted data and will all be processed by the php code the same. you are also querying for all the product rows, then querying for all the rows again inside of the loop that's looping over the result from the first query. that is killing your database server with queries. even if your current method will result in a workable solution, once you query for all the rows in your database table, one time, just reuse that result set. the easiest and quickest way of reusing a result set multiple times would be to store all the rows in a php array or use a fetch_all statement if the database library you are using supports it. beyond those, i'm not sure why your code doesn't work, and since you have changed your concept multiple times, i'm not sure any of the previous helpers want to take the time to figure out what you are doing in this iteration of your design.

yes. you would use ajax to search for the partially entered value. search the web for 'ajax typeahead' or 'ajax autocomplete' to find examples.

if this is for your current project, where you have stated an admin is entering the order information, where you should be validating that the current visitor is logged in as an admin for both the form and the form processing code, why are you concerned about the security of the values (assuming that you are actually testing the current logged in user's permissions in the form processing code)? anyway, a way of avoiding the need to validate the prices at all, would be to submit and store just the price number that was selected - 1,2,3, not the actual price, which if you don't trust your admin with, shouldn't be passed through the form (someone could change 100.00 to 1.00 for their friends.) if on the other hand, you are only submitting the price number, the only tampering with the price could be to select the wrong one among the choices for that product. which begs the question, of what happened to your concept of having a customer type that determines the price the customer gets for each product? if you are accepting the actual price from external data, and just anyone can submit to your form processing code, and you don't care is someone supplies they own price (form data can be manipulated to be anything, not just what you output when you produced the form), you would want to treat the number as a decimal, not a float. casting/storing it as a float will introduce floating point conversion errors. also, using just is_numeric(), without other validation, will allow a hexadecimal number to be entered, which somewhere between php and mysql sadly has (unknown of this is still the case) converts to the encoded string and allows sql injection in the query statement. i would also recommend prepared queries to provide security against sql injection for your external data as it works regardless of the data type and the value that was submitted.

the place-holders in prepared queries are for values only (numbers, string data, dates.) they cannot be used to supply identifiers (database, table, column names) or sql syntax. if you are getting any of the information being used to create the table from external input, you will need to validate the information in php code and form and run a non-prepared query. things like database, table, and column names, because they are not used in the query as strings cannot be protected against sql injection by using any string escape functions. if all the information is being using to create the table is produced solely in your code, you would just form an run a non-prepared query.

i suspect you are referring to these - all of these state that the form/form fields would/should be dynamically produced/created. the point of a web server-side scripting language, like php, is to dynamically produce web pages, so that the web page can be flexible and dynamic in what is does, but it also eliminates the need for the person creating the web page to write out block after block of repetitive html markup or repeat the same content on multiple pages. php is not just for processing form data. it is used to produce anything that makes up a web page - html, css, javascript, and media files. in this thread, you have written out 20-30 sets of form fields, twice. once without name attributes, then a second time with. and there are a ton of missing and inconsistent markup/labels in those sets of form fields that at some point you will need to fix. you have also written out nearly 30 php echo statements. DRY - Don't Repeat Yourself. this means that you should not repeat what you do. let the computer generate the multiple sets of repetitive/same meaning form fields and let the computer process all the submitted form data by looping over it. using php, you can write one set of form fields (i.e. a template of what you want), then use a loop in your code to produce as many fields as you want. by having the the card quantity and card name form fields defined only once, it will now be easy to fix any errors or make any changes in those form fields. you only have to do it once, not 20-30 times. and as i also stated, the number of fields you produce can come from the following, dynamically, at runtime - as also stated, by using an array for the form field name (see the link i provided), the form data will be submitted to php as an array. you can write a simple loop to process all the data, no matter how many form fields there are.

the data from a post method form will be in $_POST variables, with that exact capitalization and with the under-score, which is what Ch0cu3r first gave an example of in reply #12 in this thread. this is not the same as $_post. php variables are case-sensitive, which you would have known if you had studied the prerequisite basics of the php language. the capitalization we are typing when it comes to the actual php code elements we are showing you is not there for emphasis, it's there because it is required. programming is an exact science. every letter in every line of code matters and in this case, the letter-case of those letters matter.

you have to tell us what 'it is not working' means. we don't have the ability to run your code on your server with your data and we are also not sitting right next to you and don't know what you saw that leads you to believe that something didn't work. unless your code contains an obvious problem, we cannot tell you why it doesn't work just by looking at your code, and we are not going to look through multiple files unless you narrow down where to look at first.