mac_gyver

you have asked this before - http://forums.phpfreaks.com/topic/295157-code-compare/#entry1507847 please stick to that existing thread and you need to answer the questions asked in order to provide us with information upon which to help you.

it's possible that the posted code isn't even where the error is coming from. you need to determine for yourself where in your code the error is occurring at. for debugging purposes, add the following two lines of code, immediately after the line with the first opening <?php tag in your main file being requested - ini_set("display_errors", "1"); // display errors error_reporting(-1); // report all errors also, remove the @ error suppressor on the session_start() statement. if you are getting any errors on the session_start() you will want to know so that you can find an fix them, rather than to hide them.

for your multiple attribute to be able to send the multiple selections, the name needs to be an array - name ='selectDivision[]'

@mabrt001, it's not very likely that participants in a nearly three year old thread will see your post or even have the code that was developed. Asking for code is not really the point of programming help forums. We are here to help you with problems with code you have written. If you haven't written any code for your assignment or don't have any specific programming question, there's not much we can do for you. if you do have some code you need help with or a programming question, please start you own thread for it.

your sql query would order the rows in the result set by active first, followed by non-active -

sorry, but we cannot help you based on that statement. several different things were mentioned or suggested and your exact code determines what the computer tried to do. without knowing what your code is and what incorrect result, error, or symptom you got from that code, we cannot help. several of the things you have shown in your code (this and previous threads) are invalid and would be throwing php errors. do you have php's error_reporting set to E_ALL and display_errors set ON in the php.ini on your development system so that php would help you by displaying all the errors it detects? you will save a ton of time. putting these setting into your code won't do anything for php syntax errors in your main file, as the code never runs to modify the error_reporting/display_errors settings. also, by having your development system set up with these settings, you don't need to remember to turn the settings on for development and turn them off if the code is ever moved to a live server because the setting will be tied to the server and not your code files. next, your code itself does not have any error checking logic in it to detect when statements fail. most of the database statements can fail due to an error of some kind and you should be checking at each step if they failed or not so that you don't throw follow-on errors in later statements when an earlier statement failed. for example, if the ->prepare() statement failed (due to a syntax error in the sql statement), there's no point in trying to bind input parameters or to execute the query. you can either add a conditional statement around each database statement that can fail or you can turn on exceptions for the mysqli statements (see the mysqli_report() statement) and either catch the exceptions yourself (which you would want to do for a real application) or let the uncaught exceptions be caught by php and stop execution and display the information about the error. some critique of your code in this thread (some of these have already been found and fixed by you or pointed out by others) - post #1 - $res->num_rows; just having this on a line by itself doesn't accomplish anything. the ->num_rows property returns a value. you must either assign that value to a variable or use the value in a conditional statement (or pass it as a value to another function.) if($stmt) { this tests if $stmt is a true value. $stmt is the result of the ->prepare() statement. it will be a true value as long as the prepare() didn't fail. post #3 - AND status = ? as a condition in the WHERE clause in the sql query statement. this would be okay if you are trying to find records that have a specific status value, i.e. all the user's that have status = 0, but for what you have stated you are trying to do, authenticate/log in a user, you would not have this as a condition in the WHERE clause, but instead retrieve this value and display a message to the person trying to log in. $status = $res->fetch_assoc(); this fetches the row that the query might have matched, as an associative array. this should be inside the conditional block of code that has tested if the query did match at least one row, since $status will be a false value, not an array, if there was no row to fetch. you still have a $res->num_rows; statement on a line by itself, which doesn't do anything. if($status = "0") { this actually assigns the "0" string to $status, then tests the result of that. one = is an assignment operator. two == are needed for a comparison operator. and as has already been mentioned, $status = $res->fetch_assoc(); will result in $status being an associative array. $status['status'] would actually hold the value from the status column in the database table. it would perhaps be easier to keep the code straight if you use a variable named $row - $row = $res->fetch_assoc();, then use $row['status'] to reference the status column value. finally, php has password hash functions - password_hash()/password_verify(), that produces a random salt for each hashed password, making it little harder for anyone getting a hold of your data to come up with the the original passwords, since they must brute force break each one separately. if you switch to using these functions, you would use password_hash() during registration. to authenticate the visitor, you would retrieve the hashed value from the database table and use password_verify() to test if the entered password corresponds to the hashed password. as always, there are basic examples for all the php functions in the php.net documentation.

something tells me that the rows between these two tables (using table names like table1, table2 doesn't provide useful context) are not related to each other using any sort of foreign key, but are two different types of data (that perhaps should all be in one table) that the OP wants to retrieve with the data for each username (which should actually be a userid) together in the result set. if so, you need to use a UNION query.

if you are asking about visitors to a site being able to see the raw contents of a .php file, they cannot, since browsing to the file will only show any output from that file. it would require that you have code that's echoing the variables/defined constants holding the database credentials or that your site provided a way for someone to display/download the raw contents of a file on your site, such as by not validating the path and filename being supplied (all external data cannot be trusted and must be validated before use) to a download script or a page controller/template engine that reads the contents of a file and then outputs the content on a page... in the rare event that php on a server ever gets broken and outputs the raw content of .php files or you are using php's short open tags and they get turned off (full opening php tags cannot get turned off), the best place to put ALL included/required files is in a folder that's outside of/below/closer to the disk root folder from your htdocs folder so that they cannot possibly be browsed to. or that your site allows a .php code file to be uploaded onto the server and then browsed to (uploaded files should be placed into a folder that cannot be browsed to) or allows php code to be saved as content that's eval()'ed (using eval() should be avoided unless you know exactly what content is being supplied to it) on the server or allows an external file to be included (the settings that allow this should be turned off) and ran on your server, which would allow someone to run their own php code on your server, which would allow them to take over your site and have access to all of the files anyways.

it's likely that you are getting a query error at the 137th line in the csv file, either due to an un-escaped value in the data, a duplicate key error, an empty numerical data value, an incorrectly formatted line in the data, or ... does your code have any sort of error checking logic in it to detect query errors? have you looked at the 137th line of data to see if there's something about it that's different and unexpected? edit: here's a post listing methods for inserting bulk data - http://forums.phpfreaks.com/topic/294621-importing-legacy-data-into-mysql/?do=findComment&comment=1505730

if you tried code that was had header() statements in it and it didn't download the file, you would need to troubleshoot what is causing the problem. the most likely reasons are - 1) outputting something to the browser prior to the header() statements (there would be php detected errors. do you have php's error_reporting/display_errors set to show all php errors?) 2) not using the correct headers (you would need to post what you tried for anyone here to be able to help with it.)

your code has the closing ) for the isset(...) statement in the wrong place (at the end of the line), producing a php syntax error (Parse error: syntax error, unexpected '&&' (T_BOOLEAN_AND), expecting ',' or ')' in your_file on line 3). the closing ) for the isset() belongs after the $_SESSION[ 'logged_in' ] parameter - isset( $_SESSION[ 'logged_in' ] ) && .... you need to have php's error_reporting set to E_ALL and display_errors set to ON in the php.ini on your development system to get php to help you find these kind of errors. putting these settings into your code won't help with syntax errors in your main file since your code never runs when there is a syntax error and lines trying to change the settings aren't executed. @sford999, while your posted code is syntactically correct, by removing the isset() statement, it will throw php errors when the page is visited when not logged in. also, by just posting 'fixed' code, without any statement of what was wrong with the original code, the OP doesn't learn anything.

assuming you always want the Active Leagues optgroup, even if it is empty, and you only want the Non Active leagues one when there are non active records - echo "<select name='whatever you are using'>"; echo "<optgroup label='--- Active Leagues ---'>"; // start with the active optgroup, even if it is empty $last_val = 1; // detect when this changes from active/1 to non active while ($lrow = mssqlfetchassoc($lres)) { // detect a change in regactive from the initial active/1 value if($last_val != $lrow['regactive']) { // value changed, to a zero, since there are only two possible values // close the previous section (even if empty) and start the next section echo "</optgroup>"; echo "<optgroup label='--- Non Active Leagues ---'>"; $last_val = $lrow['regactive']; // remember the new value so that this code only runs once } // output the data within each optgroup echo "<option value={$lrow['l_id']} ", ($l == $lrow['l_id'] ? "selected" : '') , ">{$lrow['night']} {$lrow['type']} {$lrow['size']}s {$lrow['division']}</option>"; } echo "</optgroup>"; // close the last optgroup echo "</select>";

the $UserName variable holds a PDOStatement object. your fetch statement (line 15 in the posted code) should assign the row that was fetched to a php variable. you can then access any of the elements of that array, such as the first_name. $row = $UserName->fetch(PDO::FETCH_ASSOC); // fetch the row echo $row['first_name']; // display the first name

if you are dynamically supplying the table name from user input, you must validate that it is exactly and only a permitted table name. no amount of escaping the table name, as through it is a piece of string data (it's not) will prevent sql injection in it, since it's not in the query in between single-quotes that you are trying to prevent it from escaping out of. supplying a dynamic table name also implies that you have created a bunch of different tables, one for each different $select value, where as you should have one table with a column that holds the $select value.

your query should retrieve the rows in the order that you want them, with the active first, followed by the non-active - ORDER BY regactive DESC in your select list, you should use <optgroup label="--- Active Leagues ---"></optgroup> and <optgroup label="--- Non Active Leagues ---"></optgroup> tags around the appropriate list of <option></option> tags. you would control the outputting of the opening/closing optgroup tags based on detecting a change in the active/non-active bit in the data as you are looping over it. if you are always going to have at least one active league, you can unconditionally start the active optgroup, output the option list while the active bit is a 1, then when the active bit changes to a zero, close the first optgroup and start the second. at the end, after the loop, close the optgroup tag.

you need to proof read your code. you have a spelling mistake in the function name. hint - php does not have a global positioning location function.

didn't read through every word in this thread, but using GROUP BY in the query consolidates all the rows with the same c.originalid value together into a single row in the result set. so, even if your query matches several rows that have member1/member2 values that match $memberid, the only data that will be in this consolidated row will be from the first row in the group, before the group by consolidated them into a singe row. dumping each row in your result set, using var_dump()/print_r(), would show you what you are actually getting.

you have a typo in the place-holder name. query :lowestHighScore vs bind statement :lowestHighScores, which should be producing an error at the bind or execute statement, depending on if emulated prepared queries are on/off. your error handling logic should be logging the error information for you to use for debugging.

telling us what sort of error or symptom you got that leads you to believe the code doesn't work, would help narrow down the problem. if they are not identical, posting both of them would give someone here information upon which to help diagnose the problem. it's also possible that the second code is outputting something prior to the json encoded data, such as some white-space, a php error message. you should be able to check in your browser's debugging console if there are errors or some unexpected/malformed data.

i suggest you go back and reread what i posted about normalizing the data. the query i posted only needs to be ran ONE time for a correctly normalized data table. to display the picks once the data is normalized, you simply use ORDER BY user, num in the query to get the rows in the correct order for display. to highlight any matching number as you are looping over the rows, would simply involve using in_array() between the picked number and the $arr of random numbers (you do realize that you need to store the $arr of numbers as the winning numbers for the particular draw, since each time the page gets requested the random numbers will be regenerated.) when the user changes, you would finish the previous user display and start the display for the new user.

the error message means that the sql query failed with an error of some type. the php sqlsrv_query() documentation contains an example showing how to test the result of the query and to display the sqlsrv_error() information that would tell you why the query failed.

a) you didn't post the error, so kind of hard to specifically help you. b) don't use @ error suppressors in any code. all they do is hide problems, such as typo errors in variable names. c) all of your form processing code should be inside of a conditional statement that detects if the form was submitted. you will then know that all the text/password/textarea/select fields will be present and they won't produce any errors. d) to detect if your form was submitted, without producing an undefined index error when it wasn't, use isset(). e) since you are getting and displaying results on a page, the form should use method='get' f) assuming that it's valid to not supply any of the search terms (to display all results), you should not unconditionally put the WHERE keyword into the sql statement, as it will produce a query error without any sort of sql conditional statement after it. you should only put the WHERE keyword into the sql query statement if there will be a non-empty WHERE term. g) you should build each dynamic where term as an element in an array, then simply implode the array with the AND keyword as the separator. you can test if this array is empty or not to determine if there is a WHERE clause to add to the query (see item f. in this list.) h) you should be escaping external string data being put into the sql query statement (or use prepared queries) to prevent sql errors when the data contains special sql characters and to prevent sql injection. i) have you echoed the final sql statement in $sql so that you know that it is what you intended? j) when you have a set of things that you will process all in the same way, your list of form fields, you need to use a data driven design, where you have the list of the field names in a data structure of some type (array, database table) and that list is used as the input to a loop that controls what one copy of the code does, rather than to repeat the same program logic for each possible item in the list. this will let you change/reuse the code simply by changing the list of field names in the defining data structure. this defining data structure can also be expanded and used to dynamically produce the form, again, by having the code loop over the list of fields and produce the html, without you writing out by hand the html for each field.

then you would probably want to take the time to do it in general, so that you don't need to repeat code over and over. you should extend whatever database library you are using (PDO works best for this), to create a generic prepared query method, that you can simply supply the sql statement and an (optional) array of input parameters/types, and it will handle preparing the query, binding any input data, running the query, and returning the result of the query (array of data, even if empty, for select/show queries, true/false status from delete/update queries.)

your form <input tag is missing the = in the name='image' attribute. yours - <input type="file" name"image" id="image" /> should be - <input type="file" name="image" id="image" />

unfortunately, a lot of the xAMP development packages set up default root database credentials in the php.ini that allow mysql_ functions to automatically make a working database connection, thereby hiding bad code that should fail and call your attention to a problem, instead of silently appearing to work, that then won't work on a live server.