Ch0cu3r

try changing <td>£ <?php echo $row['amount']; ?></td> to <?php $amount = $row['amount']; if($row['from_id'] == $_SESSION['account_id']) { $amount = '<span style="color: red"> -' . $amount . '</span>'; //sent } else { $amount = '<span style="color: green"> +' . $amount . '</span>'; // received } ?> <td>£ <?php echo $amount ?></td>

mysqli_query does not return any results. $values = mysqli_query($con,"SELECT IP FROM servers"); $result = mysqli_query($con,"SELECT * FROM servers"); To get the results from the query you use one of the mysqli_fetch_* functions, such as mysqli_fetch_assoc (see Example #2 for how to use this function)

Have you fixed this? I do not get a 500 Error when I add/edit/delete records. When you get a 500 Internal Server Error check your servers error log to see why you are getting this error.

Code for the while loop should be while($row = mysqli_fetch_array($result)) { echo "<tr>"; echo "<td>" . $row['ID'] . "</td>"; echo "<td>" . $row['Site'] . "</td>"; echo "<td>" . $row['AP_Name'] . "</td>"; echo "<td>" . $row['IP_Address'] . "</td>"; echo "<td>" . $row['MAC_Address'] . "</td>"; echo "<td>" . $row['AP_Location'] . "</td>"; echo "<td>"; $str = exec("ping -n 1 -w 2000 {$row['IP_Address']}", $input, $result); if ($result == 0){ echo "Online"; }else{ echo "Offline"; } echo "</td>"; echo "</tr>"; }

Post them here if you have any questions. Im not always right with my answers

Find msyql_real_escape_string and replace it with mysql_real_escape_string I spelt that function wrong. You can separate them into separate files if you want. However as the code is they wont interfere each other. If the login form is submitted then the login code will run. If the transfer form is submitted then the transfer code will run.

No, it'll be $params['VALUE'] = $params['VALUE1'] . $params['VALUE2']; ^ concatenation operator Or you can do $params['VALUE'] = $params['VALUE1']; $params['VALUE'] .= $params['VALUE2']; ^^ concatenation assignment operator

Remove the error suppression ( the @) from in front of the fopen, fwrite and fclose functions and turn error reporting on. They could be returning an error when trying to write to the log. If an error occurs then nothing will be written to the log. Also what is the purpose of $check = strpos($search, $log);

The line with the ternary operator is useless as it just echo's a space no matter what. You could simply replace it with echo " "; and you'll get the same result.

Your logic is revered on line 37. You are running the query before you have validated the $_POST values. Also before getting the results from the query you should first make sure mysql_query didn't return false (in case of an error) and that it did return any rows using mysql_num_rows(). Code for performing the transfer if(isset($_POST['transfer_submit'])) { // validate first if(empty($_POST['transfer_email']) || empty($_POST['transfer_amount']) || empty($_POST['transfer_description'])) { $transferMessage = "<div style=\"padding-bottom: 15px;\"> <a href=\"#\" class=\"notification error\">Please fill in all the fields below.</a> </div>"; } else { $login_email = msyql_real_escape_string($_POST['transfer_email']); $transfer_amount = intval($_POST['transfer_amount']); $transfer_description = msyql_real_escape_string($_POST['transfer_description']); $results = mysql_query("SELECT `id`, CONCAT(`first_name`, ' ',`lastname`) AS `name`, `balance` FROM `accounts` A WHERE `login_email` = '$login_email'"); // check query executed if($results) { // check it returned any results if(mysql_num_rows($results)) { // get result $row = mysql_fetch_assoc($results); if($row['id'] == $_SESSION['account_id']) { $transferMessage = "<div style=\"padding-bottom: 15px;\"> <a href=\"#\" class=\"notification error\">You cannot send money to yourself.</a> </div>"; } elseif($transfer_amount > $account['balance']) { $transferMessage = "<div style=\"padding-bottom: 15px;\"> <a href=\"#\" class=\"notification error\">You have insufficient funds.</a> </div>"; } else { mysql_query("INSERT INTO transactions (account_id, from_id, amount, description, date, status) VALUES ('". $row['id'] ."', '". $_SESSION['account_id'] ."', '". $transfer_amount ."', '". $transfer_description ."', CURRENT_TIMESTAMP, '1')") OR die(mysql_error()); $balance = $account['balance'] - $transfer_amount; mysql_query("UPDATE accounts SET balance = '". $balance ."' WHERE id = '". $_SESSION['account_id'] ."'"); $balance = $row['balance'] + $transfer_amount; mysql_query("UPDATE accounts SET balance = '". $balance ."' WHERE id = '". $row['id'] ."'"); $transferMessage = "<div style=\"padding-bottom: 15px;\"> <a href=\"#\" class=\"notification success\">You have successfully sent <strong>£". number_format($transfer_amount, 2) ."</strong> to <strong>". $row['name'] ."</strong></a> </div>"; } } else { $transferMessage = "<div style=\"padding-bottom: 15px;\"> <a href=\"#\" class=\"notification error\">Email address not found.</a> </div>"; } } else { echo 'Database error cannot run transaction'; } } } For the user login your code should be like if(isset($_POST['login_submit'])) { // validate first if(empty($_POST['login_email']) || empty($_POST['login_password'])) { $loginMessage = "<div style=\"padding-bottom: 15px;\"> <a href=\"#\" class=\"notification error\">Please fill in all the fields below.</a> </div>"; } else { // sanitize the user input $login_email = mysql_real_escape_string($_POST['login_email']); // encrypt user password (the stored password should also be encrypted too $login_password = md5($_POST['login_password']); $results = mysql_query("SELECT `login_email`, `id` FROM `users` A WHERE `email` = '$login_email' AND `pass` = '$login_password'"); if(mysql_num_rows($results) > 0) { $row = mysql_fetch_assoc($results); $_SESSION['users'] = $row['id']; header("Location: /account/dashboard.php"); } else { $loginMessage = "<div style=\"padding-bottom: 15px;\"> <a href=\"#\" class=\"notification error\">The information you entered was incorrect.</a> </div>"; } } }

IGNORE

+1000!

To search a table for specific records you can use a WHERE clause. Example code (assuming you are saving the users username to a session variable when they login.) <?php session_start(); // start session include_once "base.php"; $username = mysql_real_escape_string($_SESSION['username']); // get users username from session // only get prescriptions that matches the username $result = mysql_query("SELECT * FROM prescriptions WHERE username='$username'") or die(mysql_error()); $list = ''; // make sure query returned any records if(mysql_num_rows($result)) { while ($row = mysql_fetch_assoc($result)) { $user_id = $row["user_id"]; $drug = $row["drug"]; $strength = $row["strength"]; $quantity = $row["quantity"]; $list .= '' . $drug . ' ' . $strength . ' ' . $quantity . '<br/>'; } } // no records returned else { echo "No prescriptions for $username"; } ?>

When connecting to MySQL using mysqli you can use either procedural style or object style (read http://us2.php.net/manual/en/mysqli.construct.php). Example proceducal connection $conn = mysqli_connect('mysql hostname', 'mysql username', 'mysql password', 'msyql database name'); // procedural style connection When using procedural msyqli_*() functions, any function that requires the link identifier you pass it usually as the first argument. For example for running a query you'd do mysqli_query($con, $query). You get that error when you are not connected to the database. The database connection in db_connection.inc may have failed. Can you post how you are connecting to the database You reconnect again using mysqli_connect(). But it is recommend to only connect to the database once, rather than connecting/disconnection between queries. Database connections are closed once PHP has finished parsing the code. That will result in an error. You cannot run multiple queries together using mysqli_query(). Is elvis the name of your database? You state which database to use when connecting to the database not in the query.

By that do you mean a new line character?

The code you have posted is not enough no. However after reading mac_gyver's post I guess you are using the upload code from w3schools. In which case you need to add css to the $allowedExts arrays as well as checking for the file type. $allowedExts = array("gif", "jpeg", "jpg", "png", "css"); // add css to this array ... if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg") || ($_FILES["file"]["type"] == "image/x-png") || ($_FILES["file"]["type"] == "text/css") || ($_FILES["file"]["type"] == "image/png")) ...

If it works with images then it should work with css files. You must be doing something wrong. We cant help if you don't post your code.

Have you only tested this with css files? Does you code work with images being uploaded? If you cant upload any files then post your code here.

Yes. text/css is the correct mime type for css files. What is the output of printf('<pre>%s</pre>', print_r($_FILES, 1)); when you upload a css file

Your code is trying to update the counter column's value to the string value of 'counter+1' not increment it's value by 1, this is because you are binding its value to the query. If you need to increment the columns value you don't bind it. I setup the $postData array like $postData = array( 'counter' => array( // column name as the key 'value' => 'counter+1', // the columns value 'bindValue' => false // do we bind it? ), ); Then change the Update function to public function update($table, $queryData, $where) { ksort($data); $fieldDetails = NULL; foreach($queryData as $column => $data) { // do we bind the value? Set the column to the value or add the placeholder if(isset($data['bindValue']) && $data['bindValue'] === false) { $fieldDetails .= "`$column`={$data['value']},"; unset($queryData[$column]); // remove it from array so the value doesn't bind } else $fieldDetails .= "`$column`=:$column,"; } $fieldDetails = rtrim($fieldDetails, ','); $sth = $this->prepare("UPDATE $table SET $fieldDetails WHERE $where"); foreach ($queryData as $key => $value) { $sth->bindValue(":$key", $value); } $sth->execute(); } EDIT: Added updated function. I posted my reply too early

But this is for a log in. In this case you only want the query to match 1 record that matches the username/password. I guess adding LIMIT 1 to the query would be better?

Because the query needs to be wrapped in quotes! Also it is a bad idea adding raw $_POST values into an SQL query. Use msyql_real_escape_string to sanitize it Using my example in reply #13 this is how I'd insert the data to the database <?php // connect to database first // check form has been submitted if (isset($_POST['submt'])) { // add an any errors to an array $errors = array(); //check that type field is not empty if(empty($_POST['type'])) { $error[] = 'Type'; // Add type to errors } // check that desc field is not empty if(empty($_POST['desc'])) { $error[] = 'Desc'; // Add Desc to errors } // check that dlink field is not empty if(empty($_POST['dlink'])) { $error[] = 'DLink'; // Add DLink to errors } // only insert record to database if $errors is empty if(empty($errors)) { // sanitize input before you use it in the query $type = mysql_real_escape_string($_POST['type']); $desc = mysql_real_escape_string($_POST['desc']); $dlink = mysql_real_escape_string($_POST['dlink']); $time = mysql_real_escape_string($_POST['time']); $typ = 'list'.$type; // execute query to add record to database $resultcourse = mysql_query("INSERT INTO $typ (type,time,desc,dlink) VALUES ('$type', '$time', '$desc', '$dlink')"); // check query has executed if($resultcourse) { // check query has added a record to the database if(mysql_affected_rows()) { // success! echo 'Record added to database'; } // query did not add anything to database else { // Fail! echo 'Record was not added to the database'; } } else { echo 'DB Error! cannot insert course'; exit(); } } } ?> <!DOCTYPE html> <html> <head> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript"> $(document).ready(function() { // on page load hide the fields within div#fields if($('input[name="type"]:checked').length === 0) { $('#fields').hide(); } // when user selects a course slide fields into view $('input[name="type"]').bind('click', function(e) { $('#fields').slideDown(); }); }); </script> </head> <body> <?php // list courses in an array $courses = array('DANSK', 'TYSK', 'MATEMATIK', 'ENGELSK', 'ANDET'); ?> <form method="post"> <?php // display the error message here if(!emtpy($errors)) { echo '<div style="color:red">Please specify ' . implode(', ', $error) . '</div>'; } ?> <div id="type"> <dt>Type: <?php // loop through courses and output radio button foreach($courses as $course): $checked = (isset($_POST['course']) && $_POST['course'] == strtolower($course)) ? ' checked' : null; ?> <dd><input type="radio" name="type" value="<?php echo strtolower($course) ?>" <?php echo $checked ?> /> <?php echo $course; ?></dd> <?php endforeach ?></dt> </div> <div id="fields"> <p>Time: <input type="text" name="time"></p> <p>Desc: <textarea name="desc"></textarea></p> <p>Dlink: <input type="text" name="dlink"></p> <p><input type="submit" name="submit" value="Add" /></p> </div> </form> </body> </html>

The document.write is adding an iframe to the webpage. It is the requesting the webpage you have defined in the src attribute ( src='//www.youtube.com/embed/...').

Trying to DDoS/Hack a sites login? To answer you question the JavaScript code will be separate to the html form. Also no matter how many times you want the while loop to submit the form it'll only submit it once. Because as soon as you have submitted the form you'll be redirected to where you are submitting the form to. <body> <form action="http://someweb.com" method="post" name="form_confirm" id="form_confirm"> <input class="post" type="text" id="username_reg" name="username" value="somethingname" size="25" maxlength="25" /> <input class="post" type="password" name="password_confirm" value="somethingpass" size="25" maxlength="25" /> <input class="mainoption" type="submit" name="submit" id="submit" value="Save"> </form> <SCRIPT LANGUAGE="Javascript"> while(i<5){ document.getElementById("form_confirm").submit(); i++; } </script>

You mean MySQL. phpMyAdmin is a php script for managing a MySQL server from a web interface, it is not the database. In index.php you are calling session_start() within your HTML code. This function cannot be called in this way. This can only be called before any output has been sent to the browser. Anything you echo or text/html outside of the php (<?php ?>) tags is considered output. Call this function on the first line of any page that needs to use $_SESSION variables (eg index.php, login.php and logout.php). In login.php you are seem to be connecting to mysql twice mysql_connect('localhost','root','password')or die($connect_error); mysql_select_db('mkjb')or die($connect1_error); $con = mysql_connect($mysql_db_hostname, $mysql_db_user, $mysql_db_password) or die("Could not connect database"); mysql_select_db($mysql_db_database, $con) or die("Could not select database"); You only need to be call mysql_connect and mysql_select_db once to connect to the database. When checking to make sure your query returned a result, you want to be checking it returned 1 result not more than 1 if( $num_row >=1 ) Use == To make sure it only matched 1 record for the username/password that was given. if( $num_row == 1 ) { As for why you get the Wrong username or password message when logging in you need to debug your AJAX/JavaScript code.