Jump to content

maxxd

Gurus
  • Posts

    1,698
  • Joined

  • Last visited

  • Days Won

    53

Everything posted by maxxd

  1. Your while loop is specifying which values you're using. Instead of this: while($array = mysql_fetch_array($result)){ $data[$array['date']][$array['id']] = $array['type']; } try this: while($array = mysql_fetch_array($result)){ $data[$array['date'][] = $array; } That should give you a date-indexed associative array of all the values in each row of the result set.
  2. You're getting the number of rows in the table on line 113, inserting a record on 117, then checking the number of rows in the table on 118. Unless the insert fails, the total on line 118 is always going to be 1 more than the total on line 113. If you want to e-mail yourself only after 50 records have been inserted, get the total number of rows in the table *before* your foreach() loop, add 50 to that, and increment a counter inside your foreach(). Once the counter plus the initial row count equals or is greater than the initial row count plus your cut-off for not sending e-mails, send yourself an e-mail.
  3. You're not using the user-submitted data in testdata.php. You use $username, $userlevel, $email, and $id in the query, but they're not set from $_POST - nor are they sanitized, which leaves you wide open to all kinds of injection. Also, the mysql functions have been deprecated and are scheduled to be removed soon - use mysqli or pdo.
  4. Upload the files to the server (you can check file type in a couple different ways for safety), then store the link to the uploaded file in the database. http://www.php.net/manual/en/features.file-upload.php should get you started on the upload process if you're having trouble with that part - I believe there's a decent explanation of file type checking in there.
  5. Right off the top, I don't see where you're declaring $selecteddate. You've got $selectedfromdate and $selectedtodate as parameters of print_log_selector_form_range(), but there's a content check on $selecteddate that doesn't exist. I don't see where else it's used in the function either, but I haven't had my third cup of coffee yet this morning. Add error_reporting(-1); to the top of your index page and see what it has to say.
  6. 'name' is a Users() property. In order to access it, you'll need to use $users->name instead of $this->name in form.php, just as you do with the $table instance of the create_checkout_table() class.
  7. You've got a couple things wrong here, I think. Try this: $pwd = ($_POST['pwd']); $query = "SELECT empid FROM users WHERE empid='{$pwd}'"; $sql = mysql_query($query); $result = mysql_fetch_assoc($sql); if ($pwd == $result['empid']) { header("Location: setpass.php?msg=ERROR: you dont have the password...."); } First off, the SQL was a bit malformed - on line 5 it looks like you're using the value in $pwd as the column header, and the value has to by 'empid'. You're also not actually getting the result set from the query process. By calling mysql_fetch_assoc(), you're putting the result set into an associative array (line 7). You were also using the assignment operator (=) in your comparator on line 9. Use the comparison operator (==).
  8. Psycho's correct - don't select the actual empid, select the count of returned records. Check the SQL in post #6 to see the difference in the SELECT line, or use mysql_num_rows() as in the post above. Either way, make sure you're comparing integer to integer, and you should optimally only get one returned row in the recordset.
  9. Hey y'all. I'm having (I think) a senior moment here with something I'm working on. I've got a small database abstraction class that I've written, and I'm trying to do as little work as possible to extend it a bit. Basically, I don't want to have to do a simple deferral method to go from my client code to the mysqli instance, but I also want some control over some of the mysqli functionality. So I'm attempting to implement a __call() magic method that'll pass the method through to the internal mysqli instance. Here's the method: class myDBAbstraction{ /* other stuff.... */ public function __call($method, $args){ if(method_exists($this->_conn,$method)){ $tmp = $this->_conn->$method($args); if($tmp === false){ die("<p>Error {$this->_conn->errno}: {$this->_conn->error}</p>"); } return $tmp; } $this->error = "Bad call: {$method}"; return false; } } Note that $this->_conn is a mysqli() instance stored as a private class property. The call is simple: class myClientTester{ /* I instantiate a myDBAbstraction() instance as $this->_conn for this class. I'm very original with naming conventions... */ public function testing(){ if($this->_conn->prepare('UPDATE tbl_copy SET cpy = ? ,last_edited = UTC_TIMESTAMP() ,last_edited_by = ? WHERE pg = ?')){ $this->_conn->close(); die("<p>Statement prepared</p>"); }else{ die("<p>Error: {$this->_conn->error}</p>"); } } } I'm literally just trying to get so far as to prepare the statement - I'll work on the rest later. However, the call to mysqli::prepare() fails. It returns false but myDBAbstraction::$_conn->errno = 0 and myDBAbstraction::$_conn->error is null. Anyone have any ideas as to what I'm doing wrong here? Much thanks in advance for any ideas or advice!
  10. Weird - what's happening now? Is it not redirecting at all or is it throwing an error? Try var_dump()'ing $res as well as printing the $qry string just to make sure you've got everything you need. I'm assuming you've got error_reporting() turned on and set to report all errors, right?
  11. So basically you're (not eactly, but kind of) creating a temporary password that matches the user name when a user registers, right? In that case, don't bother encrypting the _POST['pwd'] value before you do the comparison. The rest of it should work for you, though - you've got the empid already, so there's not really a need to pull that from the database before you redirect the user; this means a simple count should still work as described above with only a couple tweaks. You may want to extend this to select only records where empid == $_POST['pwd'] and your password field is empty - this could help disambiguate the record and also make certain it's a new user that has a user name but not a password. However, that's internal business logic and not my place (I just thought I'd throw it out there). $qry = "SELECT COUNT(*) AS numUsers FROM users WHERE empid='{$_POST['pwd']}'"; $sql = mysql_query($qry); $res = mysql_fetch_array($sql); if($res['numUsers'] == 1){ header("Location: setpass.php?msg=ERROR: you dont have the password...."); } Please note the above does not even begin to deal with any database safety and I wouldn't ever recommend putting a user-submitted value directly into a query string without some sort of sanitization.
  12. $dt = new DateTime('now'); $qry = "select count(*) from clanovi_njihovi_parovi where status = 1 and racun=r.id and datum BETWEEN '{$dt->format('Y-m-d')}' AND '{$dt->sub(DateInterval::createFromDateString('7 days'))->format('Y-m-d')}'"; That's off the top of my head, but should get you started - the php DateTime() docs are comprehensive. Also, I know the statement will parse in SQL Server, but unfortunately I don't use MySQL at work so the syntax might be slightly different.
  13. You could use the php DateTime object and specify a BETWEEN clause with a range of today and seven days ago on the datum column.
  14. Couple things I see here. First off, you're encrypting the password from $_POST, but then not using it in the SQL statement. If the password data in the database table is encoded (which it should be), you'll never get a match like that. And because you're using the encrypted password as a condition in the SQL statement, it's only going to return results that match; a simple count should suffice. Check that the count in the result set is 1 and you're good to go. Finally, as ginerjm pointed out, non-numerical array indicies should be surrounded by quotes. Last but certainly not least, move to mysqli or PDO from the deprecated and soon-to-be-removed mysql library. Something like this: $md5pass = md5($_POST['pwd']); $qry = "SELECT COUNT(*) AS numUsers FROM users WHERE empid='{$md5pass}'"; $sql = mysql_query($qry); $res = mysql_fetch_array($sql); if($res['numUsers'] != 1){ header("Location: setpass.php?msg=ERROR: you dont have the password...."); }
  15. Totally understand - if I had a nickle for every hour I've spent 'debugging' code thanks to a typo I made, I'd be rich. Glad you figured it out!
  16. What error messages are you getting? Granted, it's just about time to go home, but the real_escape_string() syntax looks correct...
  17. Looks like the problem is not with the quoted code, but that you've got two login() functions in one of the files or you're importing mylibrary\login.php twice. Try include_once() or require_once instead of include(). Also (has nothing to do with the issue at hand, but needs to be said), switch from the mysql library to mysqli() or pdo() - the mysql lib has been deprecated for quite a while and will be removed soon if it hasn't been already.
  18. Each of the social sites you've mentioned has an API available, as paddyfields mentioned. Most - if not all - are documented (admittedly to varying degrees of success - if you start to dig deeper into Facebook expect the docs to become rather annoying quickly), so bookmark the docs pages, download the API files, and leave a tab open on Google. What you're describing isn't (at least for Twitter and Facebook - I've not worked with Google+ or Pintrest) terribly difficult in terms of additional programming.
  19. Database::__construct() requires a string parameter named $filename that you don't pass in from mainClass::con2DB().
  20. I'm assuming from your description that you're working procedurally and putting the 'cart' array into a session variable? if so, it'd be possible to add more session variables ('gcNumber', 'message', and 'eAddy', perhaps) then unset them at checkout once the total has been calculated and you've recieved a success message from your payment gateway. Or at least after the data has been processed in whatever way it's being processed - as long as the script doesn't just blithely keep subtracting the gift card discount amount from the cart amount if the user hits refresh. Although, honestly, it may be worth your while to look into updating to an object oriented style where you've got a store class that aggregates a cart object, where you would store individual item objects that include the size and id. The cart object would then keep track of and handle the gift card, personal message, and e-mail information at the proper time in the store class's timeline.
  21. To expound on what MargateSteve said, use isset() with the $_SESSION superglobal in this situation - something along the lines of: if(!isset($_SESSION['pass'])){ //do whatever }
  22. maxxd

    Hello

    Hey y'all. I've been coding php pretty steadily since the early to mid 90's and am always looking for more knowledge, new viewpoints, other advice, and to help out wherever I can. I took a quick look-see through the forums here and it looks like a nice place (and far more active than some of the other forums I tend to lurk at), so I created an account and here I am! I like long walks on the beach, moonlight, OO-style PHP, and using print() instead of echo. I also like curly braces and get confused easily when my co-workers don't use them in their conditionals, but I attribute that last one to old age and failing eyes... In all seriousness, I'm not sure how much I'll be around - let alone how much help I can offer to anyone when I am - but I wanted to say hi! - maxxd
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.