-
Posts
5,451 -
Joined
-
Days Won
175
Everything posted by mac_gyver
-
Multiple queries issue when included in another file.
mac_gyver replied to SF23103's topic in PHP Coding Help
in addition to what Barand stated about not using global, you should not be trying to paste together web pages using php include/require statements. you should also not be making database connections/running queries inside of loops. displaying classes and the instructor information for each class, can be accomplished using one JOIN'ed query. you can even select the formatted date/time in the query. this will result in very little code - build and run ONE query, loop over the result from that query and display the result the way you want. i suspect the reason your existing code doesn't work is because the actual $row['Instructor'] value that is being used either contains some white-space as part of the data (in the ft_form_7 table) or the column name isn't exactly 'Instructor' (there would be a php undefined index error if you have php's error reporting turned on all the way.)- 3 replies
-
- multiple queries
- mysqli
-
(and 1 more)
Tagged with:
-
i suspect you actually want to find the matching row(s) with the highest version number (i.e. you want the latest content, not just the highest version number.) see this link - http://dev.mysql.com/doc/refman/5.0/en/example-maximum-column-group-row.html
-
Script not inserting all user input from array into database
mac_gyver replied to eternal_newbie's topic in PHP Coding Help
the office information only exists once in the form data. you should not be looping over it when you are processing the file plan form data. in fact, you should store the common office information in an office information database table, which will establish an office_id for that information (you would typically allow the user to select an existing office that has already been stored to prevent typo errors when adding new data.) you would use the office_id as key in the file_plan_details table to relate each file plan row to the office it belongs with. p.s. - please use the forum's bbcode tags (the edit form's <> button) around code when posting it in the forum. i edited your post above for you this time. p.p.s. - your login check code is NOT secure. you need an exit; statement after the header() redirect to stop the code on the page from running. your current code, without the exit; is still running all the code, which will let hackers do anything a logged in user can, since they can simply ignore the header() redirect. -
i looked at your horrifically verbose query (you need to use better table names, column names, use aliases in the query and some white-space to format the query) and there's an obvious error in a column reference, so, i doubt the exact query you posted here, that's producing a query error, is the one that you ran directly against your database server.
-
the php.net documentation for sqlsrv_query() contains an example of how to test for query errors and how to display the error information if there is an error.
-
HTML5 Submit button not calling PHP file
mac_gyver replied to phpnewbieca's topic in PHP Coding Help
define: nothing happens? does the browser seem to stay on the html page? is there a chance that your my.php code redirects back to the html page? is the html and the php code in fact on the same/one page? does the browser goto the my.php page, but the page is blank? is that all the code you have in the html or is there some jaffascript (intentional play on words related to my avatar, haha) that could be interfering with the submission of the form? in order to help you with any coding problem, we need to know what your actual code is, what output/result you got from that code (stating that something 'doesn't work' or 'nothing happens' can have multiple meanings and what you observed must be specifically stated or shown), and what you expected the output/result to be (which we can generally deduce if we see your actual code.) also, if your client-side code doesn't reference the form by name, the <form> tag doesn't need the name='...' attribute and if you are not overriding the method or action attribute that's already present in the <form> tag, your <input> tag doesn't need the formmethod="..." and formaction="..." attributes. these are optional things. don't take the time to type them in if they are not being used. they just clutter up the code and increase the chances of errors that you will have to troubleshoot (which may be why nothing appeared to have happened when you tried to submit the form.) -
here's the JOIN'ed query that (untested) should get the Post_Cost for each item in the basket - $sqlquery = "SELECT p.Prod_REF, b.productID, b.quantity, p.Prod_Make, p.Prod_Model, p.Prod_Type, p.Car_Make, p.Car_Model, p.Price_ExVat, Product_Desc, pstg.Post_Cost FROM basket b JOIN products p ON b.productID = p.Prod_ID JOIN postage pstg ON p.Post_ID = pstg.Post_ID WHERE b.userID = '$userID'"; then just change your existing max post cost code to make use of the example code i posted in the reply #4 above. here's another hint, all code for the select, insert, update queries for the shopper table, besides not being needed at all (the total and postage are derived values, that should not be stored, but calculated whenever needed), can be replaced with one INSERT ... ON DUPLICATE KEY UPDATE ... query (the user_id column would need to be a unique index.) so, basically, all you would need is two lines of code. the ONE query and to run the query.
-
and here's the relevant portion of the jquery documentation for what you are trying to do -
-
Lockout user after failed log on attempts
mac_gyver replied to NotionCommotion's topic in PHP Coding Help
the log in attempt is tied to the username being tried and the ip address the request came from. the $_SERVER['REMOTE_ADDR'] comes from the tcp/ip data packets the web server received and is where the response sent back out from the server will go to. you need to log, in a database table, the username, ip address, and date/time of each failed attempt. you can then query this table to determine what happens on the next attempt. you can find out how may attempts there have been within x amount of time as well as find the time of the last attempt using one query. the reason you tie this to the username and ip address the attempts are coming from, is so that if the legitimate user is already logged in, you don't inadvertently log him out just because some bot/hacker is making attempts to login. the goal is to limit the login attempts, not to harm a legitimate user. you also need to detect if there is a flood of attempts that come from multiple ip address for the same username and impose a longer delay or trigger the use of a security question that must be answered in order to allow a any log in attempt. since the data will be in a database table, you can simply use a query to count all the recent attempts against a username to trigger this mode. -
no one is going to type up fixed code for you as that won't help you to learn how to program or learn how to troubleshoot problems in your code. learning the meaning of what you are doing is required in order to program, so that you can take concepts and information you learned in one context and apply them in another context. your php code is expecting three input variables - $_POST['submit'], $_POST['name'], and $_POST['content']. before you added ajax to your code, your form was submitting those three variables. your ajax code must therefore submit the same variables. this is your line of javascript that's producing the data that's being submitted - var dataString = 'content='+ textcontent + '&name='+name;. your task would be to make sure there is a 'submit' value in that.
-
UPDATE & DELETE multiple rows with an array for the id
mac_gyver replied to 1st_Edition_Charizard's topic in PHP Coding Help
the reason your code only works for one row is because you are reusing and overwriting the $autorefund variable, in both sets of code you posted. if you had php's error_reporting set to E_ALL and display_errors set to ON, you would be getting an error at the mysql_fetch_assoc() statement on the second pass through the loop that would alert you to this problem. if the challenges credits value can be different for each challenge, you won't be able to do the update using the IN() comparison as that would update all the rows using the same credits value (or write more complicated code than the task deserves.) you also would not do the update inside of the while(){} loop. the purpose of the while(){} loop is just to get an array of teams id values. any code using that array would come after the end of the while(){} loop. this code has some questionable names for table columns. you are getting the challenges table id column and using that as the teams id value. that implies the challenges id column is really the 'destination' (team2/teamB) team id. it is not the id of the row in the challenges table, which is what it should be. the `a` for a column name needs to be something more descriptive. i suspect it is the team id who made the challenge (the 'source', team1, teamA?) lastly, your code has too much code and syntax for what it is trying to do, i.e. you cannot see the forest for the trees (you cannot tell what the program logic is, because of all the clutter in the code.) here is a simplified example of what i think you are trying to do - // find any expired challenges $query = "SELECT * FROM challenges WHERE `a` = {$team['id']} AND accepted = 0 AND completed = 0 AND chtype = 1 AND expires < UNIX_TIMESTAMP()"; // the above query statement, in addition to being formed in a php variable, has been simplified by removing unnecessary php and mysql syntax. $result = mysql_query($query); // if any expired challenges are found, add back the credits to the team it is against and delete the challenge if(mysql_num_rows($result) > 0){ // at least one result found $arrayin = array(); // holds the challenges id values found while($row = mysql_fetch_assoc($result)){ mysql_query("UPDATE teams SET balance = balance + {$row['credits']} WHERE id = {$row['b']}"); // update based on the challenges 'destination'/b/team2/teamB column $arrayin[] = $row['id']; // save the challenges id values } // delete all the challenges that were just found mysql_query("DELETE FROM challenges WHERE id IN(".implode(',',$arrayin).")"); // you don't need use mysql_real_escape_string on the $arrayin values for two reasons - // 1) they are not strings and using a string function on them won't provide any protection, and // 2) they are (should be) internally generated integers and don't need any special handling. } this code assumes some things - 1) the challenges id column is the challenge row id. it is not the teams id value 2) the challenges table has a column `b`, but more properly named, that does hold the teams id value that the challenge is against. 3) the challenges credits value can be different for each challenge. -
your php code may have worked before adding the ajax, but that doesn't mean it was correct. someone posted why your ajax code isn't causing the php code to run. i recommend reviewing all the replies in the thread.
-
i've actually seen it work where the named place-holder in the query statement has a : as part of the name, but the bind/execute() reference doesn't.
-
the data you are submitting via the ajax request, doesn't contain any 'submit' value, so, your php code is being skipped over since - if(isset($_POST['submit'])) { is a false value.
-
MySQL DATE_ADD - Displaying using PHP
mac_gyver replied to devilindisguise's topic in PHP Coding Help
you need to use an alias name in the query. when you ran it in phpmyadmin, the column heading/name for the value was literally - DATE_ADD(`datetime`,INTERVAL 4 DAY), which you could use in the php code (you would have to convert characters not permitted in variable names to underscores though, using print_r($row) will show what it is), but using an alias name is much easier. change your query to - SELECT DATE_ADD(`datetime`,INTERVAL 4 DAY) AS dt FROM `faults` WHERE fault_id = '51'; the php to reference the value would be - $row['dt'] -
^^^ your form field doesn't have a name='rand' attribute, so, there is no $_POST['rand'] or in your case $_REQUEST['rand'] value. only form fields with name's are submitted, as that's the only way for the value to be identified.
-
Moz Showing duplicate content issues with my code
mac_gyver replied to oracle765's topic in PHP Coding Help
here's some information for using the php http_build_query() function. the input values your page(s) receive determine what will be displayed (gotten) on that page and should be in the form of $_GET parameters that your php code receives, either directly or as the result of a 'pretty' url being rewritten to the actual url that your script gets requested by. everything from your categories, subcategories, country flag (and i noticed some country drop-downs on your site) selection, and any actual search terms that get submitted are all just filters that determine what to query for and display on the ONE page (there's no actual good reason to have separate search pages and result pages as it results in more code that must be written, tested, and paid for.) except for the cases where you intentionally reset a filter (such as going back to page 1 in pagination when you alter/submit new values for any of the other filters) each different piece of code that produces links or a form for one of these filters should simply take the existing $_GET array, modify the value(s) it is responsible for, then use the combined resulting array to build links or hidden fields in a forms. building links is where using http_build_query() comes in. it takes an input array and produces the query string part of a link. if you are instead using 'pretty' rewritten urls, you would take the combined resulting array and pass it through your function that knows how to make the pretty urls from the component parts. if you search phpfreak's for http_build_query, any of the posts by badge'd members will show how to take the existing $_GET array, modify just the element(s) any particular piece of code is responsible for, then build the query string portion of the links. -
the OP hasn't been back after the day the thread was started.
-
Moz Showing duplicate content issues with my code
mac_gyver replied to oracle765's topic in PHP Coding Help
this is mostly going to be negative commentary, based on what i can recall from looking at the specific code in this thread (that was months ago), your site, and past threads (even longer ago.) you have a huge amount of hard-coded logic, for what is essentially a content management system. the programmers made only a little use of any sort of functions/classes/organization/framework. each page on your site only differs in the category of content on the page. this all could have and should have been handled using general purpose code on one physical page, with url rewriting to produce logical pages for each category. i don't recall, but i'm betting that even the navigation is hard-code, rather than database driven. for the shopping page that's the subject of this thread, the problem is because whoever wrote the code, hard-coded the logic building the urls to be specific to what the page is doing, so any variation or change to what the page does, which i suspect is where the three country flag selections come in to this problem, requires going through all the code that's relevant to that page to alter each instance where it uses or builds the get parameters in the urls. this would include both the code where the form is displayed and the search result page. i can recall that the code is using both url and session variables, meaning that the code must keep track of two different sources of same meaning information. i mentioned above in this thread using http_build_query() to handle making the url's with any existing get parameters and only modifying the one(s) that any section of code needs to change. unfortunately, making this change to the code would require going though all the relevant code to determining what it is doing (i.e. finding every place that's using or producing get parameters in the urls and in the session variables), modifying, and then testing it to make sure that it works properly. this is more than changing a couple of lines of code. p.s. i just tried a search on the insurance page and got a php error displayed - Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in ... there's three problems with this - 1) you should not be displaying php errors to the visitors, you should be logging php errors, 2) the code should have detected the query that failed with an error, logged the actual information about the error, displayed a harmless message to the visitor, and prevented the remaining code from running and throwing follow-on errors, and 3) you should not be using the obsolete mysql_ functions. you should be using either the mysqli_ or PDO functions. had this code been written in an organized way, to switch to the newer database functions should only require replacing the code in the database layer, not going through every piece of code and changing functions. short-answer: the army of coders that typed this code up for you didn't have any experience at actually coding a web page or were intentionally making it so that you would need to pay them more to fix or change the code or face having someone else doing a greater amount of work to fix or change anything than what it would take to just start over with a proper design. -
Data is not inserted to database after submit
mac_gyver replied to osherdo's topic in PHP Coding Help
the error message is from the sql query. the message mentions sql or mysql three times. the problem is in line 2 of your sql query statement. here's a tip that will help you to write better and easier to debug code. always form your sql query statement in a php variable. this lets you echo the sql query statement for debugging purposes and separates the syntax of the php code that prepares/runs the sql query from the sql query statement itself (which is where the problem is in this case.) $query = "INSERT INTO users (Workout,first_name,last_name,gender,Email_Address,Password,User_Age,workout_options,Registration_Date) VALUES (?,?,?,?,?,?,?,?,?"; $stmt = $conn->prepare($query); once you do this, you will be able to see what's wrong with the sql query syntax just by looking at the code - the closing ) is missing. the ) that you had near the end of the query was part of the ->prepare() syntax, not part of the sql syntax. -
you also already have a thread from Dec 8th/9th for the php error and php code you just added to the end of this thread. this topic is locked.
-
Checking row values within while using if stmt
mac_gyver replied to mythri's topic in PHP Coding Help
if the purpose of this code is to display things, it shouldn't be updating any database table. any value needed in the orders table should have been gotten when the information was inserted into the orders table or as a separate step, not as the display step. you shouldn't mix POST method functionality that changes information on the server with GET method functionality that displays information. in fact, after you successfully (without any errors) process a POST method form submission, you should be doing a header() redirect to the same exact url of the page to get the browser to forget the form data so that it won't try to resubmit it. this will cause a GET request for the page and your code should then display the current information for the page. edit: and if you need to get the sales_authorisation information for items in a cart/order, you should do it in the query getting the cart/order information using a JOINed query. you should not run select queries inside of loops. -
you wouldn't want to store the number of login tries in a session variable either, since you can get a new empty session simply by not propagating the session id with the page request. to detect and count failed login attempts, you need to store the information in a database. by storing each failed attempt as a separate row, along with the date/time, you can get a count of the number of failed attempts for any username within a time interval to decide what action to take. edit: using this method will also let you detect if there has been a flood of attempts over a longer period of time, indicating someone is trying to break into the account.
-
a recommendation - even if your drop-down menus have pre-defined values, you should store those values in a data structure of some type (database table, array) so that you can both dynamically produce the drop-downs and use that same data structure to validate the submitted data. you can then change the drop-downs to be whatever you want simply by changing the defining data. no need to edit hard-coded html every time you want to add, remove, or change an item or reuse your code for a completely different project.
-
it would take seeing the echo/var_dump() of the $sql statement and seeing the result of a SHOW CREATE TABLE your_table query in order to help you further. you have also implied there may be two separate queries being ran because the debugging output shows two print_r() arrays worth of data - Array ( [0] => 00000 [1] => [2] => ) Array ( [0] => 42S22 [1] => 1054 [2] => Unknown column 'postcode' in 'field list' ). any chance the code is being called twice, the first time it runs a query without error, and the second time, whatever the actual query is, produces an error? and while you are checking the database table definition, make sure you don't have multiple databases and that you are selecting the correct one to run the query against and that you are connecting to the correct database server as well.