gw1500se

You are not saving then using the statement object returned by prepare. RTFM

Only true if the column of the where clause does not exist. Unless, of course, you don't have privileges. This should get you started.

When I said leave the action off I meant that literally. Don't put that in at all but I don't think that is the real problem. Start debugging by putting print statements after each mysqli to follow your logic so you can tell where it is failing. If you are getting a blank page then make sure there is no logic path where there is no output. Also check the page source to see if there is anything there that the browser is not displaying.

Don't feel bad, neither did I.

Assuming this is all one script, just leave the action parameter off.

The column may exist but that does not mean anything was returned by the query. DO NOT use * in the query. Only specify those columns you actually need to use. Add the following before that line so you can see what is being returned: echo "<pre>"; print_r($row); echo "</pre>";

What is the line causing the error? Why did you not post the entire error message?

Your action parameter is just doing an echo. It is not calling the script.

You need to be using try/catch with these calls to handle and identify errors. I'm guessing the open is failing because the path to the file is wrong.

Not enough information. Where and how was the session variable set? Is there a session_start call at the beginning of this script? There may be other issues, unrelated, with your query as well. You are not using prepared statements which may be OK as long as ':id' is not coming from a web page. Also it is bad practice to use * in a query. Specify only those columns you intend to actually use.

Hard to say without knowing how you are managing your logins. However, you could change your login script to check for the user's password or a superuser password. You have to be careful how you do the latter and what you us as a superuser password to minimize the risk of being hacked.

Thanks for confirming my theory.

I have the following javascript that I am trying to reverse engineer: function set_sw(row) { var i; var ofs = ofs_sr + row * 6; var sel_var = document.forms[0].elements[ofs + 5]; // Use the sw_id table to get the ID and the user-friendly name sel_var.options[0] = new Option("None", "None", false); for (i = 0; i < sw_id.length; i += 2) { sel_var.options[i/2+1]=new Option(sw_id[i+1], sw_id[i], false); } // Set the option if (sel[row * 2 + 1] == "") { sel_var.selectedIndex = 0; return; } for (i = 0; i < sw_id.length; i += 2) { if (sel[row * 2 + 1] == sw_id[i]) { sel_var.selectedIndex = i/2 + 1; return; } } } My question is how the array 'sel' is being used? That array appears to be used as pairs of values. var sel = [0,"170000001A5EA905",0,"910000001A7F2A05"]; var sw_id = ["910000001A7F2A05","910000001A7F2A05","170000001A5EA905","Test"]; I am trying to understand where/how the first element of each pair is being used. It appears to me that it is not used but it seems strange then that it is there. I'm hoping some new eyes can help. Can someone tell me if and where it is being used in that script? TIA.

if( strtotime($database_date) <= strtotime('now') ) { ... Make it just < if you want to exclude today as well.

Not there either as far as I can see. However, note that is appears to be using the deprecated (for more than a decade) mysql extensions which leaves you wide open to injection attacks. You need to take down this page immediately and switch to PDO or at least mysqli.

Nope. That just contains the login info. The code that restricts access is going to be an 'if' block that tests the login info.

Yes, you can program PHP to do anything with a database that you can do manually. However, I suspect that is not really what you are asking. Be more specific about what you want to accomplish. Creating databases and tables from PHP requires privileges. You are getting into an area where you need to be extremely careful security-wise to prevent unintended consequences.

Did you check your httpd log? Do you have all error reporting turned on? I'm guessing that the path in the include is wrong. error_reporting(E_ALL);

What do you want it to do when clicked? You can either make is a link (<a> tag) or a button (<button> tag). In both cases you need to put the table in a form.

SOAP responds with XML but uses namespaces. Parse it with DOM taking namespaces into consideration.

Just so we understand. If the filename from drawings_pdf_files is not in any description field of production_data, you want to delete that row from drawings_pdf_files?

You don't say what data type '$columnValue' is so I am assuming it is int. $table .= strval($columnValue);

One thing I see off the top of my head is to not delete one row at a time. Build a query string that deletes everything you want then execute that query once. This is really a MySQL question and I am not experienced enough to give you the exact syntax but it involves using 'WHERE id IN (...)'

if (preg_match('CO200428', $a)) { echo "<a href=\"#anchor\">$a</a>" } Or something like that.

That is what is in $_FILES['userfile']? If so then that means it contains an empty array (I didn't know it would do that). I suggest you change the logic a bit and check for errors. Remove the 'if' outside the 'foreach' and try this: foreach($_FILES['userfile']['name'] as $name) { if ($name['error']==0) { /* handle file */ } else { /* handle error */ } } You will need to decide how to handle the errors. Oddly, I think code 4 means duplicate file names.