benanamen

What have you tried? What was the result?

Ok, lets go with this: Again, if you go to the tutorial I posted you will have your answer. If you cannot at least do that much I don't think you are going to get much help from anyone here. We are here to help you with your code, not write it for you.

Based on what you asked, I absolutely can. When I say "anything", I mean anything regarding the subject you are asking about, not implying you dont know other things. We are here to help. Your question clearly shows you have not studied the most basic of basics regarding your question. The fact that your throwing in $_SESSION without session_start further shows that unless you just have not provided the entire code for the page. Instead of jumping on me you could have just gone to the first tutorial I pointed you to and you would have had your answer and more. If you look over all my posts you will see I am very helpful and quite knowledgeable.

I am not sure, but I am thinking this is a situation where the OP is asking for a fix on what he thinks is the solution to the problem/overall goal. OP, you say: Where does this array come from or how is it created?. Please provide details and code and what exactly subpage means to you.

Standard forum protocol is to post what you did to fix your problem so other people reading this thread or having the same problem may benefit from it. Not to mention several people have taken their time to try to help you for free.

I think what you really need to do is study some tutorials. Your question is extremely basic and shows you really haven't put any effort into learning anything. IMO you are not ready to start asking for help yet. At least go through the following tutorial and then see if you have any questions. http://www.w3schools.com/php/php_mysql_intro.asp There are also numerous tutorials at code academy that will teach you all the different areas you need to know, PHP, SQL, HTML, CSS, etc https://www.codecademy.com/learn

For the most part, it looks like your tables are already set to go. Each of those headers and its data would be a table with an id column in each tied to the main id. I see there is repeating sub header names. Those would be additional tables. What you have would be on the complicated side for a beginner but we can help you. You must really understand Database Normalization with what you have going on. Its not a complicated subject and will really help you get this set up.

Your first problem is you need to take the table start and end tags out of the while loop. If you have the <hr> in the loop it is going to keep repeating. Your better off putting the DB variables in parenthesis instead of doing all that escaping. {$row["subject"]}

Do not post duplicate posts for the same thing

If you want to post a row of your data with headers I will help you sort it out, but you still need to understand Normalization.

Why are you even selecting the users status from the database? You already know they are online, just update the status to offline. It appears you are doing something with the status that will require some explanation. It simply should just be status = 1 or status =0 Is the status column an actual timestamp column? And you should be using an actual number for a user id, not the username.

You can have millions of records in a table. You should first learn Database Normalization and you will have a better idea how to do your tables. The amount of records you have wont even tickle a database.

In a perfect world every server will have Php ver. >=7. Its really the only way we can stop these people.

No, PHP_SELF is vulnerable to SQL injection. You can use $_SERVER['SCRIPT_NAME']

Ok, I finally remembered why you needed to only WHERE the username. After digging through my ancient archives I found a script that will demonstrate. The issue was SQL Injection and being able to login without a username and password. Security problem right? Just put the provided Injection examples in the username and password fields and the Injection Attack will give you the username and password, or in an old real world example would have logged you in. /* Source Database : sqlinjection */ -- ---------------------------- -- Table structure for users -- ---------------------------- DROP TABLE IF EXISTS `users`; CREATE TABLE `users` ( `user_id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(255) DEFAULT NULL, `password` varchar(255) DEFAULT NULL, PRIMARY KEY (`user_id`) ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; -- ---------------------------- -- Records of users -- ---------------------------- INSERT INTO `users` VALUES ('1', 'username', 'password'); <!DOCTYPE html> <html> <head> <title></title> </head> <body> This works:<br> anything' OR 'x'='x<br> ' or '1'='1<br> 'OR''='<br> <form action="<? echo $_SERVER['PHP_SELF'];?>" method="POST"> Username:<input name="username" type="text"><br> Password:<input name="password" type="text"> <input type="submit" name="Submit" value="Submit"> </form> <?php if ($_POST) { $DBhost = "localhost"; $DBusername = "root"; $DBpassword = ""; $DBname = "sqlinjection"; $DBtable = "users"; $con = @mysql_connect($DBhost, $DBusername, $DBpassword); mysql_select_db("$DBname"); $sql = "SELECT * FROM users WHERE username = '{$_POST['username']}' AND password='{$_POST['password']}' "; $result = mysql_query($sql); $row = mysql_fetch_array($result); echo "<p>$sql</p>"; echo "{$row['username']} {$row['password']}"; } ?> </body> </html>

I could have sworn there was something else but I cant remember what it was. I have always just did WHERE username= only for the last umteen years. Once I learned the "right" way to do something there was no reason to remember why it was right after all these years. Now its bugging me not remembering. The only thing I remember was it was way back when it was commonplace to put plaintext passwords in the db before md5 passwords started catching on.

@Jacques1, Wanted your input on the username/password selection comparison. From old school Mysql days I had learned to only WHERE the username, not WHERE username= AND password= and then do the password check after just like you did here so you weren't throwing more user supplied data at the database or some security related issue. Dont remember the details as to why now. With PDO and prepared statements does it even matter which way you do it? What do you say about the two options?

If I understand your example it would be include('../includes/some-file.php'); for a file located here: /htdocs/ng/some-dir/ to include a file located here: /htdocts/ng/includes/some-file.php

There are PDO tutorials all over. Just google. One of the things I want to point out, you want to have good error checking in place so you know exactly what goes wrong and where. Had you had that in place this would have been handled much easier and faster. When you start getting down on PDO I will show you how to set up your error catching if you haven't learned it. It should be the base of any project you start and will keep you moving along in your development.

Okay... movin on. <?php $hostdb = 'localhost'; $dbname = 'phphelp_rackspot'; $username = 'root'; $password = ''; $table = 'company'; $pdo = new PDO("mysql:host=localhost;dbname=$dbname", $username, $password); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $sql = "SELECT * FROM $table"; $stmt = $pdo->prepare($sql); $stmt->execute(); $result = $stmt->fetchAll(); ?> <form action="http://" method="post"> <select name="company" size="1"> <?php foreach ($result AS $row) : ?> <option value="<?= $row['compid'] ?>"><?= $row['comp_name'] ?></option> <?php endforeach; ?> </select> </form>

Ok, looka here young man, see what you did? $row2 = mysql_fetch_array($r2, MYSQLI_ASSOC); You do remember you are using Mysqli right? I think we should get you on PDO, it's just better. Not an opinion, it just is.

All you have to do is change extension on the sql dump to something like .txt

If only these schools would teach real world programming.

Cuing @Jacques1 in 3...2...1

Any reason your not using a database instead of a flatfile?