Jump to content

cyberRobot

Moderators
  • Posts

    3,145
  • Joined

  • Last visited

  • Days Won

    37

Everything posted by cyberRobot

  1. Yep, but it can also show when something isn't technically correct. Without error_reporting(); being set to something like -1, the OP's code appears to work just fine. Once the error reporting code is added, the page will show a notice for an undefined variable.
  2. Including the dot in the first line will likely throw a warning if you enable all errors & warnings. error_reporting(-1);
  3. Of course values with leading zeros could be caught after the query is processed. If it doesn't return a result, then it's invalid. Just like 5300 would be an invalid value if the database only contains 1000 entries.
  4. If $_GET['status'] isn't a valid value, you could even skip the MySQL query. Your code could be changed to: <?php $conn = mysql_connect('','','') or trigger_error("SQL", E_USER_ERROR); $db = mysql_select_db('',$conn) or trigger_error("SQL", E_USER_ERROR); if((isset($_GET['status']))AND(!empty($_GET['status']))AND(trim($_GET['status']) !== "")) { // find out how many rows are in the table $sql = "SELECT id, post FROM comments WHERE id='" . mysql_real_escape_string($_GET['status']) . "'"; $result = mysql_query($sql, $conn) or trigger_error("SQL", E_USER_ERROR); $r = mysql_fetch_assoc($result); //display box ?> <center> <?php } ?> As monkeytooth suggested, if status is always going to be a number, you should run an extra test to prevent query errors. But instead of is_numeric(), I would suggest that you use ctype_digit(): http://www.php.net/manual/en/function.ctype-digit.php <?php $conn = mysql_connect('','','') or trigger_error("SQL", E_USER_ERROR); $db = mysql_select_db('',$conn) or trigger_error("SQL", E_USER_ERROR); if((isset($_GET['status'])) AND (ctype_digit(trim($_GET['status'])) { // find out how many rows are in the table $sql = "SELECT id, post FROM comments WHERE id='" . mysql_real_escape_string($_GET['status']) . "'"; $result = mysql_query($sql, $conn) or trigger_error("SQL", E_USER_ERROR); $r = mysql_fetch_assoc($result); //display box ?> <center> <?php } ?> If you choose to use is_numeric(), keep in mind that the following will be considered numbers: 9.1 1e4 For more information, see: http://php.net/manual/en/function.is-numeric.php
  5. To dynamically generate variable names, the curly quotes need to go around the entire variable name: ${'list' . $server['o']['id']}
  6. You could look into using JavaScript to do what you want. I don't have any tutorial links handy, but you could try Google. Maybe search for "javascript show content onmouseover".
  7. Maybe you're already aware of this, but your code is currently susceptible to MySQL injection attacks. You may want to take a look at the following article: http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php And become familiar with the mysql_real_escape_string() function: http://php.net/manual/en/function.mysql-real-escape-string.php Also, I've never used $_SERVER['SCRIPT_NAME'] so I'm not sure if it has the same problems as $_SERVER['PHP_SELF']: http://www.mc2design.com/blog/php_self-safe-alternatives
  8. Correct. The page stays completely static, as if the button, it does nothing. But if I manually refresh the new comments are there. It sounds like the MySQL insert is happening later than expected. Maybe the insert is happening after the code where you get the list of comments. Have you tried adding debugging code throughout the script to see if things are executing as expected? For example, you can make sure the $validentry is set to the value you expect by doing something like this: if(isset($_GET['id']) == TRUE) { //... }else{ $validentry = 0; } echo $validentry; You can see if the form is being submitted by doing something like: if($_POST['submit']){ echo 'here'; If the code works as expected, keep moving throughout the code until you hopefully find the bug.
  9. You could create another if() which tests to see if $_GET['id] contains 0-9. Maybe something like this: echo '<td width="20" align="center" id="#"'; if($_GET['id'] == '0' || $_GET['id'] == '1') { echo ' style="background-color:#F0F;"'; } echo '>#</td>'; Of course, you'll need to add the rest of the number tests $_GET['id'] == '2', etc. Also, I'm sure there is a more efficient way to do the number tests. Note that the above code is untested.
  10. Instead of hard coding the table column tags, you could create them with a foreach loop and the range() function: echo '<table cellpadding="2" cellspacing="2" border="0" align="center">'; foreach(range('A', 'Z') as $currLetter) { echo "<td width='20' align='center' id='$currLetter'"; if($_GET['id'] == $currLetter) { echo ' style="background-color:#F0F;"'; } echo ">$currLetter</td>"; } echo '</table>'; Note the if() statement in the middle which assigns a background color if $_GET['id'] matches the current letter being displayed. If you want to go with this type of solution, you'll just need to add a second foreach loop for the numbers. Also, the code provided is missing the open and close tag for a table row (<tr></tr>). I didn't add them since I'm not sure where you want them.
  11. If you have a directory structure that looks like this: home imagesnavimg1.jpg navimg2.jpg [*]includes main_navigation.html [*]index.php Keep in mind that the image path for main_navigation.html when it's included in index.php does not start in the includes folder. Instead it starts in the home folder since that's where index.php is located. To avoid this type of issue, use root-relative links in the main_navigation.html file. So instead of: <img src="../images/navimg1.jpg"> You could use: <img src="/images/navimg1.jpg">
  12. When using double quotes, things like variables will be interpreted by PHP. On the other hand, PHP displays the string as is if you use single quotes.
  13. Actually, after taking a closer look, you seem to be duplicating code. Is there a reason why you're doing the $Banner_Image_[$i] assignment twice? You should be able to remove the second one in the if statement.
  14. Looks like it might be an issue with using single quotes instead of double. Change this: <?php $Banner_Image_[$i] = get_post_meta($post->ID, 'Banner_Image_$i', true); To this: <?php $Banner_Image_[$i] = get_post_meta($post->ID, "Banner_Image_$i", true);
  15. Note that the code could look cleaner by doing something like: <?php if($Banner_Image_[$i]!='') { echo "<a href=\"javascript:goto('.item$i')\">$i</a>"; } ?>
  16. After running the query, you could use mysql_num_rows() to see if there were any results. If nothing was found, display an error. More information about the function can be found here: http://php.net/manual/en/function.mysql-num-rows.php
  17. Or you could save a line of code by doing something like: $id = (int) $_GET['id']; Also, to save on database errors, you could use an if statement like: <?php if($id != '' && $id > 0) { //run query } else { //display error } ?>
  18. The test would actually go after reading in the ID. Also, I would recommend that you put the test in an if statement. if(it's an number) { run query } else { display error }
  19. The line of code that creates the $email_message variable is missing a concatination character in "... weather: ""\n"; It should be: $email_message .= "In ".clean_string($city) . " in the month of " .clean_string($month).clean_string($year)." you observed the following weather: " . "\n"; Or: $email_message .= "In ".clean_string($city) . " in the month of " .clean_string($month).clean_string($year)." you observed the following weather: \n";
  20. Keep in mind that going this route makes it fairly easy for someone to tamper with the prices. I would recommend storing that information in a database or an array instead. You could then use the database/array to create the form and the script to process the form.
  21. You might want to review the manual for strpos(): http://php.net/manual/en/function.strpos.php The function may return results which will evaluate to false, such as 0 if "blue" is found at the beginning of the string. Maybe try something like: <?php $ref = $_SERVER['HTTP_REFERER']; # have also tried HTTP_POST if (strpos($ref, "blue") !== false) { header('Location: bluepage.html'); exit(); # have also tried without the 'exit;' } require('otherpage.html'); ?> Note that the code is untested.
  22. This might help explain MySQL injection attacks: http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
  23. Note that you can use the SET keyword in your INSERT statement also. In my opinion it makes the queries easier to manage. $qry = "INSERT INTO troop SET login='{$_SESSION['SESS_LOGIN_NAME']}', ... As suggested by mikosiko, you should look into sanitizing your POST variables before using them in the queries to prevent MySQL injections. If you're not doing so already, you'll also want run the information through mysql_real_escape_string(): http://php.net/manual/en/function.mysql-real-escape-string.php
  24. To see if there were any MySQL errors using mysql_error(): http://php.net/manual/en/function.mysql-error.php You could try: <?php }else { echo mysql_error(); die("Query failed"); } ?> You could also try displaying the original query to see if the variables are being included as expected: <?php $qry="SELECT * FROM table where login=$login AND legion=$legion"; echo $qry; $result=mysql_query($qry); ?>
  25. When running the script, what happens? If you're getting errors, what are they? If the script appears to execute with no errors, you should looking to adding some debugging code so that way you'll know which part of the code was executed before quitting. For example: <?php ... if(mysql_num_rows($result) == 1) { $sql="UPDATE INTO table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')"; echo $sql; //DEBUG CODE - remove before going live exit(); }else { $sql="INSERT INTO table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')"; echo $sql; //DEBUG CODE - remove before going live exit(); } ... ?> Note that UPDATE statement shouldn't have the INTO keyword. $sql="UPDATE table (value1, value2...) VALUES ('{$_SESSION['SESS_LOGIN_NAME']}', '$value2')";
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.