benanamen

Perhaps, but when dealing with OP's, experience shows Op's are mostly not doing things correctly. Based on this OP's other threads, it just enforces that. I go in for the most part assuming the OP is doing things wrong rather than speculate. OP, if you can post an SQL dump with your tables and sample data we can let you know if you have any issues that need to be addressed. Your DB structure is the foundation of all the code you are going to write to manage it. If your DB is not right, then your code is not going to be right. Right or wrong, at this point in the thread I will assume provider is not a foreign key to the id in the providers table and is likely duplicated text. The only thing that should be in that table is the provider_id.

If you want to pm me your website I will let you know if you have any obvious security issues..

If you have duplicate data that pretty much says you have a bad database design. Spend some time studying database normalization. It's not a very complicated subject yet rather important to know.

Did you know that in the mobile version of this site there are no sigs? I am on the full version of the site most of the time and never notice anybody sigs. I'm sure the OP's don't either. Even so, that still doesn't account for helping to get obsolete code working. I personally have taken a stance with many other programmers to not help people get obsolete code working. It would be much better for everyone and the Inernet to guide them over to MySQLi or PDO and then have them come back with their updated code if they still have problems. If we were in the rehab world it would be known as enabling.

I am surprised you fellow experts have not said a word about the OP using obsolete code. Your not helping anyone by getting that code working. At least get him on Mysqli and then help him. Shame, Shame! OP, since no one has told you I will have to. You are using obsolete code that will not work at all in the latest version of Php. You need to be using PDO or Mysqli. You are wasting your time learning obsolete code. It has been obsolete starting well over 11 Years ago.

echo "<td width=\"100\"><div align=\"center\"><img src=\"http://www.brickbybricks.ca/php/images/{$row['Color_Name']}/{$row['PartID']}.gif\"></td>"; The only thing about that is you have no choice but to escape and concatenate the variables instead of doing {$row['Color_Name']} (Curly Syntax, my preference).

Glad your learning. When I asked you for an SQL data dump this is what I was asking for: INSERT INTO `users` VALUES ('1', 'test', 'test', 'test', '5c73b9801c80c790e4c9b5bf0f55cdf84bea07baa3af1d778845427339d71e12', '4f0819657e64c9ed', ' test@test.com', '1', '2015-10-31', '1'); The reason I wanted your table AND data was so I could quickly and easily recreate your database on my server for testing and to make sure your tables are setup correctly. What I gave you is very basic code. It does not account for a nonexistent username among other things.

Ok, we are getting somewhere. Now, just use this code alone while you get things going. The difference is I have now added what is called a "Positional Placeholder" for username which is the question mark. There is another way to do it called "Named Parameters" but we can get into that another time. The code will now give you the individual column data. This is complete standalone with the connection code. Just practice with this. you can integrate it later. Set the connection parameters to your DB. <?php error_reporting(-1); ini_set('display_errors', '1'); $hostdb = 'localhost'; $dbname = 'phphelp_joe'; $username = 'root'; $password = ''; if (!empty($_GET['username'])) { $pdo = new PDO("mysql:host=localhost;dbname=$dbname", $username, $password); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $sql = "SELECT username, firstname, lastname, email FROM users WHERE username=?"; $stmt = $pdo->prepare($sql); $stmt->execute(array( $_GET['username'] )); $row = $stmt->fetch(); echo "{$row['username']} {$row['lastname']} {$row['email']}"; } else { echo 'No username in URL'; } ?>

No you did not provide the array output as you have now. Go back and look at your post. This is what you posted: I implemented this change and I am now getting this: Array ( ) Now delete this line $_GET['username']='someusername'; and run the script like localhost/view_profile.php?username=test You should get the same EXACT result as the array you posted.

Forget it dude. You are TOTALLY CLUELESS! Some one else can deal with you. In your words "existing data" That is what I was asking you for. How in the world you couldn't understand that is beyond me. I am calling TROLL on this thread.

DUUUUUUUUUUUUUDE! Really? Do you really not understand what I am saying? Am I being punked? The the information that goes IN the table, the actual usernames, the actual first and last names etc... IN SQL INSERT FORMAT.

OMG Dude! I didnt ask for your code. I asked for the data in your users table. * I see you have other issues we can address later.

Data dump please.....

Dude! I know what you want. I am first trying to get a result from the DB which you are not getting. We need to find out why. Grabbing it from the URL right now is going to do NOTHING.

My bad on the quotes. OP, Post an sql dump of your data as well. Why?????? I just told you to replace it with an actual username in the DB.

@NickWrenLab, that is the kind of response we love to get. You would be amazed at how many "coders" get all bent out of shape when you tell them how bad their code is. There are numerous resource to learn php. Code Academy is a good place to start. https://www.codecademy.com/learn/php There are many editors, free and paid. Try them and see what you like. I use Webuilder but it is not free. I am sure others will give recommendations.

Post an sql dump of your DB. "someusername" needs to be an actual username in the database, not the name of the column. Forget the URL for now. The code I gave you has nothing to do with it.

Let cut out the fluff. Set the username below and run this and tell me what you get. <?php $_GET['username']='someusername'; $query = "SELECT id, username, firstname, lastname, password, salt, email, access_level FROM users WHERE username = {$_GET['username']} "; try { $stmt = $db->prepare($query); $stmt->execute(); $result = $stmt->fetchAll(); } catch (PDOException $ex) { die("Failed to run query: " . $ex->getMessage()); } echo "<pre>"; print_r($result); echo "</pre>"; ?>

How about posting your code. You are aware of the MySQL WHERE clause right?

@mac_gyver, nice job on explaining a form generator with arrays. I have used the same technique before. Just wanted to point out that the array_map line will not work with multidimensional arrays. $data = array_map('trim',$_POST); // make a trimmed copy of all post data I have a function that will trim recursively I use that handles it either way. You can test by switching the commented code. If you know of a better/other way, would love to see it. function TrimArray($Input){ if (!is_array($Input)) return trim($Input); return array_map('TrimArray', $Input); } $_POST = array ( array(" Volvo ",22,18), array("BMW ",15,13), array(" Saab",5,2), array(" Land Rover ",17,15) ); $_POST = array_map('trim',$_POST); // Wont work //$_POST = TrimArray($_POST);// Will work echo "<pre>"; print_r($_POST); echo "</pre>";

The OP probably wont understand it but IMO it is the OP that needs to step up their knowledge and learn what was presented to them as the better/right way rather than us dumb it down for them. Now the OP has heard of new things and can look up how to use them. Like you, there is also only so much time and effort I want to put into any OP's post. Enough was presented here to keep the OP busy learning for awhile should he choose to do so.

Checking what? trim isnt any kind of check, it strips leading and trailing spaces It's STILL not defined. It needs to be outside of $_POST No lets look at the code here: if (isset($_POST["lastname"]) && trim($_POST["lastname"]) != '') { $lastname = trim($_POST["lastname"]); } else { $lastname = ''; $errors['lastname'] = "Last Name is required"; } $_POST["lastname"] is going to be set no matter what so what is the point of checking to see if it is? What you want to do is check if it is EMPTY. Suffice it to say, doing two trims is pointless and does nothing. So how should it be? That whole bunch of code above could be written as: $lastname = !empty($_POST["lastname"]) ? trim($_POST["lastname"]) : $errors['lastname'] = "Last Name is required"; Although $lastname would also be set to the error message if the field is empty, the correct $errors code will stop everything before it matters. I would actually do all the error checking much different but I am not up to getting into it right now, but there is a better way. This is just a quick example. Now, all of this everywhere is just ridiculous. There must be a thousand of those in the page. CSS is our friend here. Now we come to another problem <input name="lastname" type="text" id="lastname" size="15" value="<?php echo $lastname;?>" /> This is going to give you an undefined index since $lastname is not set until AFTER you $_POST. The following is also going to give you undefined index errors as well for the same reason: if($errors['lastname']){ echo "<span class='error'>".$errors['lastname']."</span>"; }

FYI: http://www.wrenlaboratories.com has security issues and is vulnerable to Click Jacking. It also has numerous html errors and broken links.

OP, you have a seriously bad naming convention, which is to say you don't have one. Your names are ALL OVER THE PLACE with upper and lowercase. Your best bet is to use all lowercase_with_underscores_separating_words. camelCase is the other accepted naming convention althoughIthinkiItIsMuchharderToread Windows servers are stupid when it comes to case. It doesnt care what it is. It thinks it's all the same, but Linux does not. DO NOT USE $_SERVER['PHP_SELF']! It is vulnerable to SQL Injection. Use $_SERVER['SCRIPT_NAME'] instead. Not sure if OP did it or @QuickOldCar, Why are you setting these like this: $lastname = ''; ?? If you get to the else, it is ALREADY empty. That's why you are at the ELSE And why are you trimming the same POST var TWICE?

OP, are you using Goutte?