maxxd

You had the same problem earlier ( post #8 ), and you still haven't fixed it as I suggested ( post #9 ). Also, the code you are using now is calling the buildOptions() functions from within an <option> tag in the HTML. The output of this method is a full <select> element, with options. You can't simply copy and paste example code - you have to read it, think about it a little bit, and then implement it in a way that makes sense in the context of your project.

Perhaps an annotated version will help. /** * Builds an HTML <select> element with options. * Will mark an option selected if passed a target value and that value is in the * array of options. * * Usage examples: * To print an Events select where the best event ever is already selected: * echo buildSelectOptions( * 'event', //name of the select element - arbitrary and totally up to you * array( * 1=>'Gala', * 2=>'Birthday Party', * 3=>'Wine Night' * ), //the data from which the user can select * 3 //the desired event option to be selected * ); * * To print a Moods select asking the user to select an event: * echo buildSelectOptions( * 'mood', //name of the select element - arbitrary and totally up to you * array( * 1=>'Meh', * 2=>'Blerg', * 3=>'Woot!' * ), //the data from which the user can select * //note nothing is passed here - this is fine because $current is optional * ); * * @param string $name DOM element name and id * @param array $options Options to display in the drop-down for the user to select * @param int|string $current Optional currently selected value. This can come from user * input, a database query, or can be a hard-coded default value. * @return string The full HTML string defining the <select> element and it's associated <option> values. */ function buildSelectOptions($name, array $options, $current=null){ $htmlString = "<select name='{$name}' id='{$name}'>\n"; $htmlString .= "\t<option value='-1'> -- Please select -- </option>\n"; foreach($options as $value=>$option){ $htmlString .= "\t<option value='{$value}'"; if($value == $current){ $htmlString .= " selected"; } $htmlString .= ">{$option}</option>\n"; } $htmlString .= "</select>\n"; return $htmlString; } /** * Gather and return the data in table 'Events'. * @return array An associative array of Events and their ID's as such: * $ret[event id] = event type */ function getEvents(){ $qry = "SELECT id ,Event_Type FROM Events ORDER BY id"; $sql = mysqli_query($conn, $qry); if(mysqli_num_rows($sql) < 1){ return array(); } while($res = mysqli_fetch_array($sql)){ $ret[$res['id']] = $res['Event_Type']; } return $ret; } /** * Gather and return the data in table 'Moods'. * @return array An associative array of event sub types and their ID's as such: * $ret[mood id] = event sub type */ function getMoods(){ $qry = "SELECT id ,Event_Sub_Type FROM Moods ORDER BY id"; $sql = mysqli_query($conn, $qry); if(mysqli_num_rows($sql) < 1){ return array(); } while($res = mysqli_fetch_array($sql)){ $ret[$res['id']] = $res['Event_Sub_Type']; } return $ret; } /** * Print the select elements to screen. */ echo buildSelectOptions('event', getEvents(), 3); echo buildSelectOptions('mood', getMoods()); Using the examples in the documentation, you will see the following output on your page: <select name='event' id='event'> <option value='-1'>-- Please select --</option> <option value='1'>Gala</option> <option value='2'>Birthday Party</option> <option value='3' selected>Wine Night</option> </select> <select name='mood' id='mood'> <option value='-1'>-- Please select --</option> <option value='1'>Meh</option> <option value='2'>Blerg</option> <option value='3'>Woot!</option> </select> Please note that this script is assuming the user has submitted a form where the option 'Wine Night' is the selected event and 'Woot!' is the selected mood upon page load. When the form is submitted, if it's redrawn, you would use the user input as the currently selected value (either $_POST['event'] or $_GET['event'] and either $_POST['mood'] or $_GET['mood'], depending on the form's action attribute).

You would do this (for the events drop-down): echo buildSelectOptions('events', getEvents(), 27); Remember that the last parameter in the buildSelectOptions() function is the currently selected option. Where that comes from is completely up to you - database, user input, or imagination. Go nuts. You can also not pass anything to that parameter, and the first option in the select element will be selected by default. The array parameter $options is not optional in the function definition of buildSelectOptions(), so if you pass it anything other than an array (including not passing it anything at all), the script will fail and display an error. Passing an empty array simply outputs an empty select object. It's printed to screen where the code says "echo buildSelectOptions(...". 'echo' prints a string to screen. No idea. Are your queries returning any data? To answer your other questions, 'events' and 'moods' are strings, not variables. They're used to set the name and id attributes of the resulting select elements. And, as Barand explained, the $ret variable is locally scoped - in other words, that variable doesn't exist outside of the function it's defined within. So you can use the same variable name in as many different functions as you want, as long as you don't want the data that variable contains to persist.

I don't know Laravel, but it certainly looks like a function that gets all the data from a table called Flight, then passes that data to a template file that is rendered to the user.

Drop the in-line height attributes on the images. You could also (and I'm not sure if this'll work, it's just an idea) set your #bannerImage{x} divs to display: flex, flex-direction: column, and align-items: stretch. Again, not sure if that will work because it's early and I've not tried it, but it could. One more thing while I'm thinking about it - I'd consolidate the repeated style info from #bannerImage1 and #bannerImage2 into a class (.bannerImageWrap, maybe?) and assign that class to both. You can then overwrite the defaults for either or both divs using the id.

Have you tried using flexbox? It takes a little getting used to, but can do what you're asking, and is supported by all modern browsers - though (of course) if you're supporting IE 10 you'll need to use prefixes and if IE 9 or lower is important, stick with floats. But like I said, modern browsers have no problem with flex.

Right, but the thing is - especially with passwords - you want to hash the submitted value before you send it over the line to the database. So use password_hash() before you insert the value into the database, then password_verify() after you retrieve it (and before you log a user in). Also, encryption of passwords should be a one-way thing; you should never be able to decrypt a user's password. That way, if the database is compromised, the hacker isn't getting any useful password information. If the user has forgotten their password, a new temporary one should be generated for a set amount of time, during which the user can log in to the system (using the auto-generated temporary password), and reset his or her permanent password. Which again, should be hashed (or encrypted - there's a difference between the two, but it's early and I can't rightly recall exactly what that difference is) before being sent to the database.

That's my question. I'm not judging, and the intent may be completely benign, but it sounds like "Help me create a CSRF script, please".

What's the overall goal here? Because honestly, it kinda sounds shady.

To add to it, your call to mysql_query() - which you shouldn't be using anyway; see QuickOldCar's note about Mysqli or PDO - is malformed. You're sending the second half of your query as the second parameter to the function. The second parameter of mysql_query() is an optional connection identifier. Also, don't use mysql_*.

You're creating a race condition by checking the supplied username and email before inserting the data. Just make sure your database has a unique constraint that covers the username and email columns, and try to insert the record. If the insert fails because of the constraint, you know that username/email combo already exists. And obviously you're not going to want to display the mysqli error directly to the user if the prepare() fails for whatever reason.

What does the response say in FireBug? Could be an error in the get_booking script - the response should let you know.

You are correct - keyword, not reserved word. Of course, I still think it's a bad idea to use as an identifier.

This is off topic, true, but why does the column 'year' (which is a reserved word in MySQL, by the way) not contain a year value? 'College' isn't a year, 2015 is a year.

Where are you stuck? wsdl basically is SOAP, so the usage is pretty much the same. ini_set('soap.wsdl_cache_enbled',0); ini_set('soap.wsdl_cache_ttl',0); try{ $opts = array( 'trace' => true, 'exceptions' => true, 'cache_wsdl' => WSDL_CACHE_NONE, 'soap_version' => SOAP_1_2, ); $client = new SoapClient($apiAddress,$opts); $params = new stdClass(); $params->param_a = 'Testing'; $params->param_b = 'Still testing'; $results = simplexml_load_string($client->InputFunction($params)->ReturnValues); }catch(SoapFault $e){ print("<p>Error: {$e->getMessage()}</p>"); } This is assuming the return values are XML-formatted.

If you're just beginning with php, I'd recommend using PDO over MySQLi. It's an easier interface to wrap your head around, and not limited to one database as MySQLi is. Basically, what you're going to want to do is create a prepared statement using the user ID stored in session, query the database using prepared statement, and echo the resulting data to the page. If you're up for the learning curve, check out a templating system for the data display (for instance, Twig) - it takes some getting used to but if you're just starting to learn, you may as well learn good habits from the get-go.

First and foremost, php won't be parsed on pages with an .html extension unless the server is specifically set up to do so, which is a waste of resources as then every .html page will be passed through the php parser. So, if you're going to be dynamically building output, you'll need to change the extension to .php. As for the previous post, add the following error_reporting(-1); ini_set('display_errors',true); to index.php, before the line include('db.class.php'); and after the opening <?php tag and see what that has to say.

First off, it certainly doesn't look like this is a method within an object, so $this doesn't point to anything. Other than that, we've really no way of telling because none of the code you've posted contains the logic. It's all display, so we can't see what objval() is expecting or is expected to return. Turn on error reporting by placing the following at the top of your script and see what that has to say. error_reporting(-1); ini_set('display_errors',true); In fact, you reference $this->objval() in several places - are any of them working? Because, again, this doesn't appear to be a method of an object.

That's it - thank you! I knew there was something I should've remembered about PHP_SELF...

Unfortunately, the closest you can come to a prepared statement in WordPress is their prepared statement. So, you could do $gemeente = isset($_GET['gemeente']) ? sanitize_text_field($_GET['gemeente']) : ''; global $wpdb; $sql = " SELECT location , value , COUNT(*) as total FROM {$wpdb->prefix}rg_lead_detail INNER JOIN ( SELECT lead_id ,value as location FROM wp_rg_lead_detail WHERE field_number = 11 ) loc USING (lead_id) WHERE field_number IN (8,16,20) AND value <> 'Selecteer uw lied!' AND location = '%s' GROUP BY location, value ORDER BY total, location DESC LIMIT 10"; $posts = $wpdb->get_results( $wpdb->prepare( $qry, $gemeente ) ); Which is at least a bit safer - you've run the user input through the sanitize filter, and you've kinda used a prepared statement. If I'm not mistaken, the prepare() method does use mysqli_real_escape_string() at least before plopping the value into the query string. Still not the safest, but definitely better than what's currently happening. Note that I switched the total and location values in Barand's ORDER BY clause. This should take care of your order question, though it's untested and I've only had one cup of coffee, so no guarantees... According to the WP codex entry:

$curPg = $_SERVER['PHP_SELF']; // OR $curPg = $_SERVER['REQUEST_URI']; while($cat_rs = mysqli_fetch_assoc($cat_query)){ print("<li><a href='index.php?page={$cat_rs['link_name']}'"); if($cat_rs['link_name'] == $curPg){ print(" class='active'"); } print(">{$cat_rs['name']}</a></li>"); } You can use PHP_SELF or REQUEST_URI depending on what's stored in the 'link_name' column of your administration table. Or, you may have to do a bit more finessing on the data before the comparison. The important thing is that you get the current page and compare it to the value of link_name. If they match, you're on the current page and append the active class to that link.

Just making the previous statement a bit more specific.

Try running this code - comment out everything else on your page, paste this at the top of the page, and let us know what it says in your browser when you submit the form to this page. <?php error_reporting(-1); ini_set('display_errors',1); if(isset($_POST['submit'])) { $errors = validate_input(); display_form($errors); }else{ print("<p>POST is not set</p>"); } function validate_input() { if(empty($_POST['fname'])){ $errors['fname'] = "<span class='error'>Please enter your first name.</span>"; } return $errors; } function display_form(array $errors){ if(!empty($errors)){ print("<pre>".print_r($errors,true)."</pre>"); }else{ print("<p>No errors!</p>"); } }

Just out of curiosity, what can IE run correctly that Chrome can't? Because that sounds remarkably backwards from my experience...

No. Use the code I gave you. The if() statement is pretty clear in that post.