samshel
-
Posts
837 -
Joined
-
Last visited
Posts posted by samshel
-
-
die(mysql_error()) is an extremely useful tool for debugging, however i would not use it on production code. Once everything is fixed, i would handle it more efficiently like passing the error to user defined function, which logs/mails you and redirects user to more user friendly error message.
Showing half baked queries and error messages to the user is shabby and insecure especially to "Open to Public" websites.
PS: You still need to handle the errors
-
looks like your date format is coming from config.
You can change the date format in your config and insert \@ between date and time.
$conf['formatdetails'] = 'd M Y H:i';
to
$conf['formatdetails'] = 'd M Y \@ H:i';
Edit:
This will change the date format whereever the config date format is used, so if you dont want to do that, you can specify this format for this code only:
<td align='left' class='forumheader3' nowrap>".(($wardate == -1) ? "" : date('d M Y \@ H:i', $wardate))."</td> -
$strSql = " INSERT INTO ffa_screens (imgname,match) VALUES( '" . mysql_real_escape_string($imgstr) . "', '" . mysql_real_escape_string($id) . "' )"; echo $strSql; $result = mysql_query($strSql) or die(mysql_error());
-
-
also try increasing your rand(1, 38) to something with bigger range like (1,100). May be as Kicken suggested, rand is messing up and range is not enough.
-
Not the cleanest way, but you can store the parameters in session and use them in the query. You can reset them when the form is submitted.
something like this. Again not tested...
<?php session_start(); include 'connect.php'; require_once('calendar/classes/tc_calendar.php'); if(!isset($_SESSION['username'])) { echo '<div align="center">'; echo 'You have to be a registered member to be able to view events.<br><br> <a href="register.html">Click here to register</a>'; echo '<br><br><br><br>Or if you are already a member, please login to use this area.<br>'; echo ' <form method="POST" action="loginverification.php"> <table border="0"> <tr><td> Username: </td><td><input type="text" name="username" size="15" /></td></tr> <tr><td>Password:</td><td> <input type="password" name="password" size="15" /></td></tr> </table> <div align="center"> <p><input type="submit" value="Login" /></p> </div> </form>'; echo '</div>'; } else{ $page_name="searchevents.php"; // If you use this code with a different page ( or file ) name then change this $start=$_GET['start']; if(strlen($start) > 0 and !is_numeric($start)){ echo "Data Error"; exit; } $arrParameters = array(); if(isset($_POST['county'])){//should ideally be the submit button on your form $_SESSION['arrParameters'] = $_POST; } $arrParameters = $_SESSION['arrParameters']; $eu = ($start - 0); $limit = 20; // No of records to be shown per page. $this1 = $eu + $limit; $back = $eu - $limit; $next = $eu + $limit; /////////////// WE have to find out the number of records in our table. We will use this to break the pages/////// $theDate = isset($_REQUEST["date1"]) ? $_REQUEST["date1"] : ""; $eventcounty = $arrParameters['county']; $eventdescriptionheader = $arrParameters['eventdescriptionheader']; $hoster = $arrParameters['hoster']; $arrWhere = array(); if($arrParameters['searchcounty'] == "yes") { $arrWhere['eventcounty'] = mysql_real_escape_string($eventcounty); } if($arrParameters['searchdate'] == "yes") { $arrWhere['eventdate'] = mysql_real_escape_string($theDate); } if($arrParameters['searchtitle'] == "yes") { $arrWhere['eventdescriptionheader'] = mysql_real_escape_string($eventdescriptionheader); } if($arrParameters['searchhoster'] == "yes") { $arrWhere['hoster'] = mysql_real_escape_string($hoster); } if($arrParameters['dogfriendly'] == "No") { $dogfriendly = $arrParameters['dogfriendly']; $arrWhere['dogfriendly'] = mysql_real_escape_string($dogfriendly); } if($arrParameters['dogfriendly'] == "Yes") { $dogfriendly = $arrParameters['dogfriendly']; $arrWhere['dogfriendly'] = mysql_real_escape_string($dogfriendly); } if($arrParameters['childfriendly'] == "No") { $childfriendly = $arrParameters['childfriendly']; $arrWhere['childfriendly'] = mysql_real_escape_string($childfriendly); } if($arrParameters['childfriendly'] == "Yes") { $childfriendly = $arrParameters['childfriendly']; $arrWhere['childfriendly'] = mysql_real_escape_string($childfriendly); } if($arrParameters['singlesonly'] == "No") { $singlesonly = $arrParameters['singlesonly']; $arrWhere['singlesonly'] = mysql_real_escape_string($singlesonly); } if($arrParameters['singlesonly'] == "Yes") { $singlesonly = $arrParameters['singlesonly']; $arrWhere['singlesonly'] = mysql_real_escape_string($singlesonly); } if($arrParameters['couplesonly'] == "No") { $couplesonly = $arrParameters['couplesonly']; $arrWhere['couplesonly'] = mysql_real_escape_string($couplesonly); } if($arrParameters['couplesonly'] == "Yes") { $couplesonly = $arrParameters['couplesonly']; $arrWhere['couplesonly'] = mysql_real_escape_string($couplesonly); } if($arrParameters['costinvolved'] == "No") { $costinvolved = $arrParameters['costinvolved']; $arrWhere['costinvolved'] = mysql_real_escape_string($costinvolved); } if($arrParameters['costinvolved'] == "Yes") { $costinvolved = $arrParameters['costinvolved']; $arrWhere['costinvolved'] = mysql_real_escape_string($costinvolved); } $strWhere = 'WHERE '; if(count($arrWhere)){ foreach($arrWhere as $strKey=>$strValue){ $strWhere .= ' '.$strKey.' = '.'"'.$strValue.'" AND '; } $strWhere .= ' 1 '; } else { $strWhere = ' 1'; // if you want all records to be selected if no radio is checked. if you want no records make this as '0' } $strSql = "SELECT * FROM Events $strWhere ORDER BY eventdate ASC limit $eu, $limit"; $query2="SELECT count(*) as cnt FROM Events $strWhere"; $result2 = mysql_query($query2); $row = mysql_fetch_array($result2); $nume = $row['cnt']; $result = mysql_query($strSql); echo '<br>'; echo "<table border='0'> <tr> <th>Date/Time</th> <th>Event</th> <th>Participants</th> <th>Hoster</th> </tr>"; while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td>"; print date('d M Y', strtotime($row['eventdate'])); echo " "; echo $row['starttime'] . "</td>"; echo '<td><a href="showevent.php?eventsID='; echo $row['eventsID']; echo '">'; echo $row['eventdescriptionheader']; echo "</a></td>"; echo "<td>" . $row['currentparticipants'] . "/" . $row['maxparticipants'] . "</td>"; echo "<td>" . $row['hoster'] . "</td>"; echo "</tr>"; } echo '</table>'; echo '<br><br><INPUT TYPE="button" VALUE="Back" onClick="history.go(-1);return true;">'; ////////////////////////////// End of displaying the table with records //////////////////////// /////////////////////////////// if($nume > $limit ){ // Let us display bottom links if sufficient records are there for paging /////////////// Start the bottom links with Prev and next link with page numbers ///////////////// echo "<table align = 'center' width='50%'><tr><td align='left' width='30%'>"; //// if our variable $back is equal to 0 or more then only we will display the link to move back //////// if($back >=0) { print "<a href='$page_name?start=$back'>PREV</a>"; } //////////////// Let us display the page links at center. We will not display the current page as a link /////////// echo "</td><td align=center width='30%'>"; $i=0; $l=1; for($i=0;$i < $nume;$i=$i+$limit){ if($i <> $eu){ echo " <a href='$page_name?start=$i'>$l</a> "; } else { echo "$l";} /// Current page is not displayed as link and given font color red $l=$l+1; } echo "</td><td align='right' width='30%'>"; ///////////// If we are not in the last page then Next link will be displayed. Here we check that ///// if($this1 < $nume) { print "<a href='$page_name?start=$next'>NEXT</a>";} echo "</td></tr></table>"; } } ?> -
Is the path for the document in web directory? I mean is it in a directory which is accessible by browser?
If yes, you can do some thing like this:
while($row=mysql_fetch_array($result)){ echo "</td><td>"; echo $row['event_type']; echo "</td><td>"; echo $row['client']; echo "</td><td>"; echo $row['incident_date']; echo "</td><td>"; echo $row['responders']; echo "</td><td>"; echo $row['location']; echo "</td><td><a href='".$siteURL.$row['word_document']."'>Click Here</a>"; echo "</td><td>"; echo "</td><td><a href='".$siteURL.$row['pdf_document']."'>Click Here</a>"; echo "</td></tr>"; }Where $siteURL full web browsable URL of the PDF file. I tried appending the path to the domain you suggested but gave 404 so i assume it is not in web directory in private folder.
assuming
-
public function getData($user, $strField){ $thisquery = mysql_query("SELECT * FROM users WHERE username='". $user ."'"); if(mysql_num_rows($thisquery) == 1){ $row = mysql_fetch_assoc($thisquery); if(isset($row[$strField])) { return $row[$strField]; } else { return false; } } else { return false; } } $class->getData($user, 'name'); -
You need to pass the search parameters to the next page, may be by appending to the URL and query checking both POST and GET.
-
print the query and you don't need to fire the query twice. you can use COUNT(*). Replied PM with more details.
-
Do you get any error or the script completes but does not give expected results. Print some test text at the end to see what step it reaches. Also try increasing the memory limit.
It must be something specific to your server.
-
For Any, you dont need to add anything, Any = all records so no search field to be added.
-
try using ob_start() and ob_flush().
ob_start(); echo "Update setting 1:"; ob_flush(); sleep(5); echo "Success! <br>Updating setting 2"; ob_flush(); sleep(5); echo "Success! <br>Updating setting 3"; ob_flush(); sleep(5); echo "Success! <br>Updating setting 4"; ob_flush();
ob_flush flushed out the buffer contents.
-
Check with the webservice hosts if you need to pass anything in the headers. Generally webservices are secured with a username password to avoid genera public misuse.
-
please post some code
-
I am not sure if i understand correctly but will still give a try
Are you looking for something like this? Code is not tested so you may have to fix some syntax errors
<?php session_start(); include 'connect.php'; $username = $_SESSION['username']; if(!isset($_SESSION['username'])) { echo '<div align="center">'; echo 'You have to be a registered member to be able to view events.<br><br> <a href="register.html">Click here to register</a>'; echo '<br><br><br><br>Or if you are already a member, please login to use this area.<br>'; echo ' <form method="POST" action="loginverification.php"> <table border="0"> <tr><td> Username: </td><td><input type="text" name="username" size="15" /></td></tr> <tr><td>Password:</td><td> <input type="password" name="password" size="15" /></td></tr> </table> <div align="center"> <p><input type="submit" value="Login" /></p> </div> </form>'; echo '</div>'; } else{ $theDate = isset($_REQUEST["date1"]) ? $_REQUEST["date1"] : ""; $eventcounty = $_POST['county']; $eventdescriptionheader = $_POST['eventdescriptionheader']; $hoster = $_POST['hoster']; $arrWhere = array(); if($_POST['searchcounty'] == "Yes") { $arrWhere['eventcounty'] = mysql_real_escape_string($eventcounty); } if($_POST['searchdate'] == "Yes") { $arrWhere['eventdate'] = mysql_real_escape_string($theDate); } if($_POST['searchtitle'] == "Yes") { $arrWhere['eventdescriptionheader'] = mysql_real_escape_string($eventdescriptionheader); } if($_POST['searchhoster'] == "Yes") { $arrWhere['hoster'] = mysql_real_escape_string($hoster); } $strWhere = 'WHERE '; if(count($arrWhere)){ foreach($arrWhere as $strKey=>$strValue){ $strWhere .= ' '.$strKey.' = '.'"'.$strValue.'" AND '; } $strWhere .= ' 1 '; } else { $strWhere = ' 1'; // if you want all records to be selected if no radio is checked. if you want no records make this as '0' } $strSql = "SELECT * FROM Events $strWhere ORDER BY eventdate ASC" $result = mysql_query($strSql); echo '<br>'; echo "<table border='0'> <tr> <th>Date/Time</th> <th>Event</th> <th>Participants</th> <th>Hoster</th> </tr>"; while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td>"; print date('d M Y', strtotime($row['eventdate'])); echo " "; echo $row['starttime'] . "</td>"; echo '<td><a href="showevent.php?eventsID='; echo $row['eventsID']; echo '">'; echo $row['eventdescriptionheader']; echo "</a></td>"; echo "<td>" . $row['currentparticipants'] . "/" . $row['maxparticipants'] . "</td>"; echo "<td>" . $row['hoster'] . "</td>"; echo "</tr>"; } echo '</table>'; $check = mysql_num_rows($result); if ($theDate == "0000-00-00") { echo 'You did not select a date.'; echo '<INPUT TYPE="button" VALUE="Back" onClick="history.go(-1);return true;">'; } elseif ($check == 0) { echo 'No results found.'; echo '<INPUT TYPE="button" VALUE="Back" onClick="history.go(-1);return true;">'; } echo '<br><INPUT TYPE="button" VALUE="Back" onClick="history.go(-1);return true;"> '; } ?> -
the same way as you would use any mysql_* function.
public function userr($user){ $thisquery = mysql_query("SELECT * FROM users WHERE username='". $user ."'"); if(mysql_num_rows($thisquery) == 1){ $row = mysql_fetch_assoc($thisquery); echo $row['user_id']; // will echo user_id field from row, you can use any other field you want. return true; } return false; } -
Well.... There are 2 single quotes, so i am assuming your $user already has single quotes.
you want to find a user with username Test or 'Test' [single quotes are part of username].
If first case, then try entering the username without quotes wherever you are entering it. Secondly you need to sanitize your inputs to any query using mysql_real_escape_string
$thisquery = mysql_query("SELECT * FROM users WHERE username='".mysql_real_escape_string ($user)."'") or die(mysql_error());Also when in doubt....echo the query
-
change
$thisquery = mysql_query("SELECT * FROM users WHERE username='". $user ."'");to
$thisquery = mysql_query("SELECT * FROM users WHERE username='". $user ."'") or die(mysql_error());It will show what exactly is wrong... May be the table name is wrong, DB is incorrect or the connection is not working.
-
@kicken
I think he is not expecting any duplicates. The function stargate_address_generator() gets 6 unique random numbers between 1-38 and forms a string.
There should be very thin of chances of getting a duplicate here.
I am assuming that the array_unique function is somehow changing data type for these elements while sorting and mixing them up.
@Shadowing
You can try avoiding use of array_unique by specifying the address as the key itself like salathe suggested. Did you try it?
-
There seems nothing wrong with this code on the first look...except you can simplify it but doing it one loop.
Code is not tested but should give you a pretty good idea. This will ensure the field and data length match.
$placeHolderFields = ''; $placeHolderData = ''; // this builds the list of field values foreach ($_POST as $key => $value) { if(trim($value) && trim($key)) { $key= '"'.$key.'",'; $placeHolderFields .= $key; $value= '"'.$value.'",'; $placeHolderData .= $value; } } // pull the last extra comma off $placeHolderData = rtrim($placeHolderData, ","); $placeHolderFields = rtrim($placeHolderFields , ","); // add a line feed and new line $placeHolderData = $placeHolderFields."\r\n".$placeHolderData; -
Do you have any code you can post? I am afraid I cannot help you more without seeing the code.
-
1) Not sure why you need an account if you want *everyone* to access it.
2) If *everyone* means a specific list of users, you can create one user and share the username/password with all
3) if you want different passwords for all users, you can make the username as non - unique, make it static and allow users to create different passwords for each. You can keep a unique user id for username/password combination so you can track activity of each user.
-
Did you try the SORT FLAG or running it with lower limit?
Help with a Join
in PHP Coding Help
Posted
1) this is not a PHP question but rather a MySQL question
2)
$query = "SELECT attacks.id, attacks.name, attacks.price, attacks.class, attacks.descript, spells.id, spells.name, spells.price, spells.class, spells.descript FROM attacks, spells WHERE attacks.class = 'All' OR spells.class = 'All' order by attacks.name, spells.name asc";
mysql($query) or die(mysql_error());//will show if there is any error in the query
3) Echo the query and fire manually on database to see if it returns any result.
without knowing the data in the tables and structure of the tables, i am afraid i cannot help you more.