maxxd

Unless it's a variation on the syntax with which I'm not familiar, your insert statement is malformed. It looks like you're using UPDATE syntax. The syntax in your first post "INSERT INTO [table] ([columns]) VALUES ([values])" is correct. The [column]=[value] syntax is used for updating.

You can do this using javascript, not php. <a href='#' onclick='alert("You clicked it!");'>click me</a>

"WHERE MONTH(date) = MONTH(CURRENT_DATE) AND YEAR(date) = YEAR(CURRENT_DATE)" should do it.

Couple things to add to mac_gyver's answer. First, ID in a table is typically (not always, so I'm making an assumption) an auto-increment field, which means you won't insert a value into that field at all. Drop it from the column and values lists. It also looks like you're missing the closing parenthesis in the values list of your query. Finally, strings need to be quoted, so $coment would be '$coment', etc. Turn on error reporting - it'll help.

Yeah, 32 characters for the hashed password value is not enough. I'd up that to 64 or 128, then - as mac_guyver suggests - go back to the beginning and revisit your logic. Also, make sure you've got error reporting enabled.

So what exactly is the purpose of the form? If it doesn't really do anything, why is it there? What is the not much that it does? For instance, a contact form may not insert any data into the database, but a malicious user could inject to: and from: headers into the comment section and use your contact form as a spam launcher to send mail to users. If the actual body of the spam mail contains malicious code, then yes. This could be a problem. I think what Jacques1 is saying is that any and all data needs to be carefully considered before anything is done with it, regardless of its eventual purpose - whether it's stored in the database, displayed to the current user, or e-mailed anywhere. I don't know that you need to validate the contents of the specific form element because I don't know the purpose of your form, but you should definitely handle all the other data - which I'm sure you're considering, given the fact that you've asked this question. Jacques1, please correct me if I'm wrong regarding my understanding of your post.

Possibly a dumb question, but what's your mySQL column settings for both salt and password? Make sure they're able to hold the complete strings of both values and aren't truncating upon insert. The code looks fine to me (admittedly, I haven't had my second cup of coffee yet), so I'd start there.

Try assigning the return value of the function to a variable, then dump that. $thumb = get_field('thumbnail'); print("<pre>".print_r($thumb,true)."</pre>"); die(); That should show you what you're dealing with, assuming get_field() is returning anything.

You need to reconsider your approach. By trying to 'make things as simple as possible', you're twisting things way out of control. Consider using comboboxes for the your filters. <select name='type'> <option value='newcars'>New Cars</option> <option value='new'>New Whatever</option> <option value='newmake'>New Make</option> </select> <select name='year'> <option>2014</option> <option>2013</option> <option>2012</option> </select> <select name='color'> <option value='blue'>Blue</option> <option value='red'>Red</option> <option value='rusted'>Rusted Out</option> </select> Then you build it in php $link = "http://ebay.com/{$_GET['type']}/{$_GET['year']}/{$_GET['color']}/"; I've honestly never used ebay so I don't know if that link makes any sense at all to it, but I think it's close to what you're trying to do?

A couple options in addition to cyberRobot's suggestion come to mind. You could use a checkbox group and a per-determined list of options, which is probably the safest and most controllable method. Or you can explode the $_POST['brand'] value on a comma (or other character). This, however, leaves you at the mercy of your users and whether or not they're going to read and follow the instructions.

Actually, that's not what's going on. The only value returned on line 7 is the last_login_date - student_id is pulled from _POST on line 16. The problem is this assumes that the submitting form (the log in form) already knows the student_id. Which it quite literally can't. The solution to this specific problem is to add student_id to the list of fields returned from the query on line 7, then assign that value to $_SESSION['student_id']. The security issues and outdated mysql_ functions are other matters entirely.

If running the query in phpMyAdmin only returns 1 row when you're expecting 3, you need to re-evaluate your query. Only 1 row is matching the criteria, so something is amiss. Work on the query in phpMyAdmin until you're actually getting back all the results you know you should have, then worry about getting those results from and into php.

I didn't even think about array_map() - much better for readability.

'&&' is a logical operator - it doesn't work the way you're trying to use it. Check http://us3.php.net/manual/en/language.operators.logical.php for more details. In the meantime, try foreach($fields_to_cap as $field){ $cap_fields[] = strtoupper(str_replace(' ','',rgpost($each))); } I'm assuming rgpost() is a custom function that should be called on the raw data?

There could be any number of reasons this isn't returning what you expect - a little more detail would help. If you run the query in phpMyAdmin or MySQLWorkbench, is it returning 1 row or 3? Is there some php display code - obviously, if there is display code we'd need to see that as well.

That's how I would handle it, yes. Something along the lines of the following: $query = mysql_query("SELECT id ,location ,description ,name FROM `images` ORDER BY `id` DESC LIMIT 4"); while($row = mysql_fetch_assoc($query)) { echo "<img src='{$row['location']}' alt='{$row['description']}' name='image_{$id}' id='image_{$row['id']}' title='{$row['name']}' />\n"; } Of course, I'd also recommend you use either the PDO or MySQLi libraries instead of mysql_* functions as those are well and truly deprecated and slated to be removed from the language soon.

Remove the width attribute in your table opening tag.

You're overwriting $imageData on each loop through the 4 returned rows from the database and only outputting the results after the loop. Are you actually storing the image in the database, or a path to the file on the server? I'm not sure how the browser's going to respond to trying to write the image header for each of the images, but you'd need to put the lines header("content-type: image/jpeg"); echo $imageData; before the closing curly brace of your while() loop. Also, if you're trying to display 4 images, why do you care if $_GET['id'] is set? If you're only trying to display the selected image (the image corresponding to 'id' in $_GET['id']), the user Ch0cu3r's code.

OK - it's actually not a bad start at all for a beginner. Couple things (please keep in mind that this is how I code and there are a million other opinions and ways of working) First, your constructor method actually was doing what it was supposed to do, it just wasn't storing the result anywhere or returning anything so it looked like it wasn't doing anything. Notice in the code below that there are two property declarations before the constructor - these set up object-scope variables (also called properties). The scoping here means that the methods in the Greeting class can access the values in the properties, but, because they're declared private, an external class will *not* be able to access them directly. The same visibility caveat applies to the functions (called methods) in the class itself - an external class won't be able to call setGreetingPhrase() without an error. Now, I have a tendency to break my functionality into the smallest units I can think of when I create my methods. Some would say they're too small, but I like to know exactly what I'm looking at when I have to debug a method. So, in this example, your constructor explicitly calls setTime() to set the hour of the day in the local property, then explicitly calls setGreetingPhrase() which uses the value in hour_of_day to set the string value you eventually want to return. Finally, you've got the getGreetingPhrase() method which acts as the public access point in order to return the string built by the constructor. Obviously, there's a ton of different things you can do here - it's just a quick and dirty example. For instance, make setGreetingPhrase() and setTime() public and other objects can modify the eventual output, you can do value checking, etc. class Greeting{ /** * The hour * @var int */ private $hour_of_day = 0; /** * The actual greeting phrase * @var string */ private $greeting_phrase; /** * Class constructor. * @param string $dateString Date string */ public function __construct($dateString=null){ if(!is_null($dateString)){ $this->setTime($dateString); $this->setGreetingPhrase(); } } /** * Sets the time of day. * @param string $value Valid date string to parse and store * @return void|string Error code and message on DateTime exception */ private function setTime($value){ try{ $dt = new DateTime($value); }catch(Exception $e){ print("<p>Error: {$e->getCode()} :: {$e->getMessage()}</p>"); die(); } $this->hour_of_day = $dt->format('G'); } /** * Sets the actual phrase to return as a greeting. * @return void */ private function setGreetingPhrase(){ if($this->hour_of_day < 12){ $this->greeting_phrase = 'Good morning!'; }elseif($this->hour_of_day >= 12 && $this->hour_of_day < 18){ $this->greeting_phrase = 'Good afternoon!'; }else{ $this->greeting_phrase = 'Good evening!'; } } /** * Returns the greeting phrase if set up. * @return string|null */ public function getGreetingPhrase(){ if(!empty($this->greeting_phrase)){ return $this->greeting_phrase; } return null; } } $greeting = new Greeting('2014-06-19 12:45:00'); //$greeting = new Greeting('12:45pm today'); echo $greeting->getGreetingPhrase(); So, that's my two cents - hope it helps!

I've always considered legacy code to be existing code in a project - class code written for version 1.0 and not updated for 1.2 is legacy code. And, honestly, version 1.2 code is legacy as soon as development on 1.3 starts. Legacy code can be ugly or pretty, as can code under test, code in development, or deployed code. Ugly is ugly regardless of state or stage. That's the way I've always thought about it, anyway.

.bind() has been deprecated as of JQuery 1.7, with .on() being the preferred method of binding events to potentially non-existing dom objects at page load. That may have something to do with it - check which version of JQuery is being used in each case. Also, I've run across a couple odd occurrences where using the dom element selector doesn't actually work, and it needed to be something along the lines of $(document).on('click','#main_menu_id',function(){ ... }); Don't quote me on the actual syntax above - I've only run across the situation once or twice, so I can't pull it out of my brain right now. I'll look tomorrow morning and see if I can find a concrete example.

OK. First off, do what ginerjm suggests. Always turn on error reporting on your development server. Now, fun times. You're assigning $student_id the value from $_REQUEST['id'], using $_GET['id'] in the query, assigning $_SESSION['student_id'] the value from $_POST['student_id'], and using $student_id in the redirect header. It also seems that the database contains a learner_id field, which you compare to $_POST['learner_id']. The sheer volume of inconsistent data sources, names, and data transfer methods makes debugging a nightmare. I would recommend selecting the student id from the student_information when you select last_login_date. The id should be an auto-incremented primary key for the table, so you'll know it's an integer and safe for CRUD operations. Compare that to either $_GET['id'] or $_POST['id'] (I'd recommend you choose a transfer method and stick with it - as you can see, it's easy to get confused if you don't know where the data is coming from) to make sure you're dealing with the right student, then you can a) assign the database-retrieved value to $_SESSION['student_id'], b) use the database-retrieved value to update the student_information table, and c) append the database-retrieved value to the location header. All of that aside, print out the value of $student_id before and after the htmlentities() call and see what the value actually is. From the documentation: If the input string contains an invalid code unit sequence within the given encoding an empty string will be returned, unless either the ENT_IGNORE or ENT_SUBSTITUTE flags are set.

There's no field named 'check' in your form. Which means there'll be no $_POST['check'] for you to use as an array.

We'll need to see the HTML form code. Basically, it's saying that $_POST['check'] isn't an array after submission. Post the HTML and please use the '< >' button on the editor to put all the code in code tags - makes it easier to read.

OK - Looks the the SECURE constant is undefined. What's the purpose of it - I don't see where you've used it anywhere else in the code.