simcoweb

Thanks for your post. The login form uses the POST method. It's pretty straightforward with a query against the database to make sure it exists then lets them in. Plus there's a bit of validation as well. Ok, if I run this query: [code]//new sql query $sql = "SELECT firstname, lastname, photo FROM `plateau_pros` WHERE username= '".$_POST['username']."'"; $result = mysql_query($sql, $conn) or die(mysql_error()); echo "query = ". $sql. "<br/>"; while ($row = mysql_fetch_array($result)) { print($row['firstname'].",".$row['lastname'].",".$row['photo']."\n"); }[/code] I get this message: [code]query = SELECT firstname, lastname, photo FROM `plateau_pros` WHERE username= ''[/code] But, if I take out the WHERE part of the query I get this: [quote]query = SELECT firstname, lastname, photo FROM plateau_pros bozo,clown,507142.jpg rock,metal,guy.gif crotch,rot,507142.jpg cowpatty,pattyman,girl_looking_up.gif cowpatty,pattyman,42-15602495.jpg bee,bop,11542956.jpg Ralph,Cramdon,90173-24.jpg scary,movie, scary,movie,AX016857.jpg scary,larry,AX045589.jpg kevin,bacon,AX061181.jpg logjam,cracker,AAKF001141.jpg moose,loose,129770991.jpg spider,man,CB0099781.jpg yosemite,sam,6620.jpg terrell,owens,AX028319.jpg[/quote] Which is basically the first name, last name and photo name. So the data is there and the query works but it's not working with the WHERE clause which is what I need. The query should work off either the username or their memberid so when someone clicks on a summary page with minimal info it opens to their full profile. Right now it's not displaying anything related to the POST username.

When I echo the query with your code suggestion I get this: [code]query = SELECT firstname, lastname, photo FROM `plateau_pros` WHERE username= ''[/code] Here's the entire chunk of code: [code]<?php // Enable sessions session_start(); // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); include 'dbconfig.php'; // Connect to database $conn = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname) or die(mysql_error()); //new sql query $sql = "SELECT firstname, lastname, photo FROM `plateau_pros` WHERE username= '".$_POST['username']."'"; $result = mysql_query($sql, $conn) or die(mysql_error()); echo "query = ". $sql. "<br/>"; // Get Record Set $result = mysql_fetch_array($sql, MYSQL_ASSOC); ?>[/code]

Hi AndyB. Actually I was doing the echo of the query as you'd suggested that in previous posts. I just didn't happen to show it. What I want to essentially know is if my WHERE statement is the proper way to write it since i'm trying to get the user's id by matching his username in the database and displaying just his profile data.

Sorry, I should've posted the display code. Basically i'm trying to display it in the body of the HTML code embedded within the page. Like this: [code]<tr>                                                         <td>                                                             <p>                                                                 <font size="2">Welcome<b> <span id="span1"><?= @$result['firstname'] ?></span> <span id="span2"><?= @$result['lastname'] ?></span></b></font>                                                             </p>                                                             <p>                                                                 <?php echo "<img src='images/photo/$photo' width='150' height='175'>"; ?>                                                             </p>                                                             <p>                                                                 <strong><font size="2">Member Actions</font> </strong>                                                             </p>                                                             <font size="2">                                                             <ul>                                                                 <li>                                                                     Edit Profile                                                                 </li>                                                                 <li>                                                                     View Referrals                                                                 </li>                                                                 <li>                                                                     View Calendar                                                                 </li>                                                             </ul>                                                             <p>                                                             </p>                                                             <p>                                                             </p>                                                             <p>                                                             </p>                                                             </font></td>                                                     </tr>[/code] Keep in mind, please, that the code i'm using is about the 5th different method. I've tried echo $firstname, etc. as well.

I've looked for this in several spots but couldn't find precisely what I need. I have a login form with username and password as the two fields. Upon submission they are taken to a 'members' page where I want to display their first and last name and their photo in one section like a 'Welcome [B]Bill Jones[/B]' Then below that I want to show the other various fields of their profile. What i'm having trouble with is the query where it would pull precisely that user's info and display it based upon his/her username posted in the login form. I know I need a 'WHERE' clause in the query. I've been working with this: [code]$sql = ("SELECT firstname, lastname, photo FROM `plateau_pros` WHERE username= '$_POST['username']' "); $result = mysql_query($sql, $conn) or die(mysql_error());[/code] But get nothing. Need help on how to implement this. Thanks!

heh.. never mind :) I answered my own question. The problem was that the entries in the database didn't include http:// and were just www.yoursite.com. I updated that field to include the http:// and now they work properly. Just an FYI for any others who want to include URL's into their pages :)

I'm extracting a field from a MySQL database to display in a page as a hyperlink. The field contains a url like www.yoursite.com and i'm using this code to display it in an 'echo' statement containing  a large amount of HTML. Here's how the field is displayed: [code]<b>•</b> <a class="body" href="$url">Click Here To Visit My Site</a>[/code] The page displays it just fine as a hyperlink. But, the problem is when you mouse over it I get a duplicate URL like this: [quote]http://www.yoursite.com/www.yoursite.com[/quote] Which makes it appear as though it's treating the field data as a 'relative' link instead of just inserting it as it should. Ideas?

Ok, ran the scriptlet. Here's the results: [quote]POST variables Array (     [txt] => yoo hoo     [x] => Upload ) FILES[photo] variables Array (     [name] => 42dragono1-thumb.jpg     [type] => image/jpeg     [tmp_name] => /tmp/phpbEf9lf     [error] => 0     [size] => 3439 ) [/quote] So the value I need to write to the database is the location? I'm so confused. I'm using this to summon pics in the HTML page: <img src='http://www.sitename.com/images/photo/$photo'> So storing the file [name] comes from...?

Hi Barand: The form is enctype="multipart/form-data" and was previously working fine regarding the upload. I guess where i'm confused is your statement: [quote]You shouldn't get a value in $_POST['photo'] if you are uploading a file.[/quote] I'm inserting the name of the pic into a mysql database field ( 'photo' ) so I can bring it up in the page display later. If I don't assign it a value how do I get the name of the pic into that field?

Hmmm... is there a simple fix for this?

Barand, wouldn't that come from the $_POST of the form? I didn't post that code but basically it's parsing the form data to obtain the variables. All the other form elements are getting entered perfectly.

This was working fine until I added a bit of code to do some form validation via CAPTCHA. I didn't touch the queries or any of the database functions, however. But, for some reason now instead of the file name of the image being inserted i'm getting the /tmp name. [code]<?php ob_start(); session_start(); // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); if (isset($_POST['submit'])) { // clean and check form inputs including the secure image code     $username = trim(strip_tags($_POST['username']));     $email = trim(strip_tags($_POST['email']));     $password = trim(strip_tags($_POST['password']));     $confirmPass = trim(strip_tags($_POST['confirmPass']));     $secure = strtoupper(trim(strip_tags($_POST['secure'])));     $match = $_SESSION['loggedin']; // the code on the image // input error checking     if ($username=="") {         $err.= "Please provide a username<br/>";     }     if (!$email) {         $err.= "Please provide your email address<br>";     }     if ($email) {         if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {             $err.= $email. " is not a valid email address.<br/>";         }     }     if ($password=="") {         $err.= "Please provide password<br/>";     }     if ($confirmPass=="") {     $err.= "Please confirm your password.<br/>"; } if ($confirmPass != $password) {   $err.= "Your passwords do not match. Please re-enter your passwords."; }     if (!$secure) {         $err.= "No security code entered<br/>";     }     if (($secure!=$match) && ($secure!="")) {         $err.= "Security code mismatch<br/>";     }     if ($err=="") {     // success - input passed all tests     include 'dbconfig.php'; // Connect to database $eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass); mysql_select_db($dbname, $eg_objConn1);   //check if username already exists   $sql_user_check = "SELECT * FROM plateau_pros WHERE username='$username'";       $result_name_check = mysql_query($sql_user_check);       $usersfound = mysql_num_rows($result_name_check);       mysql_query($sql_user_check);       // if user  found, note that and end if ($usersfound > 0) {     $eg_error['username'] = "Username $username is already in use. Please choose another username to continue.";     } else {       // Upload File $eg_success_File1 = false; if(!empty($_FILES['photo']['name'])) { // Check file is not larger than specified maximum size $eg_allowUpload = $_FILES['photo']['size'] <= 100000 ? true : false; // Check file is of the specified type if($eg_allowUpload) $eg_allowUpload = preg_match('/\\.(gif|jpg|jpeg|png)$/i', $_FILES['photo']['name']) ? true : false; if($eg_allowUpload) { if(is_uploaded_file($_FILES['photo']['tmp_name'])) { $eg_uploaddir = $_SERVER['DOCUMENT_ROOT']."/images/photo/"; $eg_uploadFile1 = $eg_uploaddir.rawurlencode($_FILES['photo']['name']); // Create a unique filename for the uploaded file $eg_i = 1; while (file_exists($eg_uploadFile1)) { $eg_separated_filename = explode(".",$eg_uploadFile1); if (substr($eg_separated_filename[0],-1) == $eg_i) { $eg_separated_filename[0] = substr($eg_separated_filename[0], 0, (strlen($eg_separated_filename[0])-1)); $eg_i++; } $eg_separated_filename[0] = $eg_separated_filename[0] . "$eg_i"; $eg_uploadFile1 = implode(".",$eg_separated_filename); } $eg_success_File1 = move_uploaded_file($_FILES['photo']['tmp_name'], $eg_uploadFile1); } } } // Run query $sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES ('$username', '$password', '$confirmPass', '$firstname', '$lastname', '$email', '$business', '$title', '$address', '$city', '$zip', '$phone', '$fax', '$mobile', '$category', '$comments', '$specialties', '$photo')"; mysql_query($sql) or die(mysql_error()); $newid = mysql_insert_id(); echo $sql; // $sql2 = "INSERT INTO members_cat (`memberid`, `categoryid`) VALUES ('$newid', '$catid')"; // mysql_query($sql2) or die(mysql_error()); // $sql3 = "INSERT INTO specialties (`memberid`, `specialties`) VALUES ('$newid' '$specialties')"; // mysql_query($sql3) or die(mysql_error()); // set session ID and redirect to login page upon success // Set Session Value //$_SESSION['loggedin'] = @$_POST['username']; // Go to page header("Location: login.php"); exit; } } } ?>[/code] help?

The on_start(); right after the <?php causes a fatal error: Fatal error: Call to undefined function: on_start() in /home2/wwwxxxx/public_html/register-test.php on line 2 Ok, that thread explains the header issue but i'm not seeing, based upon their ideal model, where i'm out of sync. [quote][PHP processing the form (if it was sent) and storing the results] [HTML starting the page and layout] [PHP echoing the results] [form code if failed - exit(); if successful][/quote] Mine goes like this: PHP for validation and processing the form. PHP includes if statements for validation and error control If no errors it parses the form data, uploads the photo, and sends them to another page via 'header()' tag. HTML layout and code If i'm understanding this correctly about why there's errors, upon Submit it's sending an HTML header? And, once it hits my header() tag it snags the error due to the previously parsed HTML headers?

I modified this register.php script to include image CAPTCHA (courtesy of AndyB) and have it working in regards to validation. However, after validating everything and then executing the query, etc. I get a premature header error at the line redirecting the user to the next page. Here's the full code: [code]<?php session_start(); // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); if (isset($_POST['submit'])) { // clean and check form inputs including the secure image code     $username = trim(strip_tags($_POST['username']));     $email = trim(strip_tags($_POST['email']));     $password = trim(strip_tags($_POST['password']));     $confirmPass = trim(strip_tags($_POST['confirmPass']));     $secure = strtoupper(trim(strip_tags($_POST['secure'])));     $match = $_SESSION['loggedin']; // the code on the image // input error checking     if ($username=="") {         $err.= "Please provide a username<br/>";     }     if (!$email) {         $err.= "Please provide your email address<br>";     }     if ($email) {         if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) {             $err.= $email. " is not a valid email address.<br/>";         }     }     if ($password=="") {         $err.= "Please provide password<br/>";     }     if ($confirmPass=="") {     $err.= "Please confirm your password.<br/>"; } if ($confirmPass != $password) {   $err.= "Your passwords do not match. Please re-enter your passwords."; }     if (!$secure) {         $err.= "No security code entered<br/>";     }     if (($secure!=$match) && ($secure!="")) {         $err.= "Security code mismatch<br/>";     }     if ($err=="") {     // success - input passed all tests     include 'dbconfig.php'; // Connect to database $eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass); mysql_select_db($dbname, $eg_objConn1);   //check if username already exists   $sql_user_check = "SELECT * FROM plateau_pros WHERE username='$username'";       $result_name_check = mysql_query($sql_user_check);       $usersfound = mysql_num_rows($result_name_check);       mysql_query($sql_user_check);       // if user  found, note that and end if ($usersfound > 0) {     $eg_error['username'] = "Username $username is already in use. Please choose another username to continue.";     } else {       // Upload File $eg_success_File1 = false; if(!empty($_FILES['photo']['name'])) { // Check file is not larger than specified maximum size $eg_allowUpload = $_FILES['photo']['size'] <= 100000 ? true : false; // Check file is of the specified type if($eg_allowUpload) $eg_allowUpload = preg_match('/\\.(gif|jpg|jpeg|png)$/i', $_FILES['photo']['name']) ? true : false; if($eg_allowUpload) { if(is_uploaded_file($_FILES['photo']['tmp_name'])) { $eg_uploaddir = $_SERVER['DOCUMENT_ROOT']."/images/photo/"; $eg_uploadFile1 = $eg_uploaddir.rawurlencode($_FILES['photo']['name']); // Create a unique filename for the uploaded file $eg_i = 1; while (file_exists($eg_uploadFile1)) { $eg_separated_filename = explode(".",$eg_uploadFile1); if (substr($eg_separated_filename[0],-1) == $eg_i) { $eg_separated_filename[0] = substr($eg_separated_filename[0], 0, (strlen($eg_separated_filename[0])-1)); $eg_i++; } $eg_separated_filename[0] = $eg_separated_filename[0] . "$eg_i"; $eg_uploadFile1 = implode(".",$eg_separated_filename); } $eg_success_File1 = move_uploaded_file($_FILES['photo']['tmp_name'], $eg_uploadFile1); } } } // Run query $sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES ('$username', '$password', '$confirmPass', '$firstname', '$lastname', '$email', '$business', '$title', '$address', '$city', '$zip', '$phone', '$fax', '$mobile', '$category', '$comments', '$specialties', '$photo')"; mysql_query($sql) or die(mysql_error()); $newid = mysql_insert_id(); echo $sql; // $sql2 = "INSERT INTO members_cat (`memberid`, `categoryid`) VALUES ('$newid', '$catid')"; // mysql_query($sql2) or die(mysql_error()); // $sql3 = "INSERT INTO specialties (`memberid`, `specialties`) VALUES ('$newid' '$specialties')"; // mysql_query($sql3) or die(mysql_error()); // set session ID and redirect to login page upon success // Set Session Value //$_SESSION['loggedin'] = @$_POST['username']; // Go to page header("Location: login.php"); exit; } } } ?>[/code] NOTE: Some items are commented out on purpose while I was testing to find the error(s). Here's the actual error message: [quote]Warning: Cannot modify header information - headers already sent by (output started at /home2/wwwplat/public_html/register-test.php:105) in /home2/wwwxxx/public_html/register-test.php on line 117[/quote] Normally this means there's some HTML parsing before the header() command but I don't see it. Help?

Ok, this is fixed. Thanks for the help!

aHA! I found the problem me thinks. Apparently it's logging in and it's going to the members.php page BUT the members.php page is directing it back to login.php due to a session setting. Now I have to figure that one out. I found this out by creating a new login page called 'login-test.php' where I spliced in your code as posted. I entered a username/password that I know is valid and wound up back at 'login.php'. So, it must be hitting the members.php and then told to revert back. Here's the session settings from members.php: [code]// Enable sessions session_start(); // Conditional statement if(empty($_SESSION['loggedin'])) { // Go to page header("Location: login.php"); exit; }[/code]

Actually the $eg_error values are displayed in the body of the HTML in this: [code]// Loop through all errors if(!empty($eg_error)) { ?> <ul> <? foreach($eg_error as $eg_message) { ?> <li id="validationError"><?= @$eg_message ?></li> <? } ?> </ul> <? } ?>[/code] That way it displays at the top of the form area where they can see it. Many of the commented out items were left there as I was going through a process of elimination trying to determine where it was breaking down. I'll give your code a shot real quick and re-post.

I have this login script which has been revamped 43,249,340 times and can not get it to log me in and send me to the 'members.php' page as instructed. All the page does after entering username/password is refresh itself. I've tweaked this so many times but can not get it to: 1) log the person in 2) transfer them to the proper page after login Here's the code: [code]<? // session_start(); // Set Session Value // $_SESSION['loggedin'] = @$eg_Result1['username']; // Declare loginError so a value is always available $loginError = ""; // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); include 'dbconfig.php'; // Connect to database $eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass) or die(mysql_error()); mysql_select_db($dbname, $eg_objConn1) or die(mysql()); // Validate users input if(!empty($_POST)) { // Check username has a value if(empty($_POST['username'])) $eg_error['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $eg_error['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($eg_error)) { //$username = $_POST['username']; //$password = $_POST['password']; // Get Record Set $sql = ("SELECT * FROM `plateau_pros`  WHERE username = '$username' AND password = '$password'"); mysql_query($sql) or die(mysql_error()); $results = mysql_query($sql) or die(mysql_error()); $num_rows = mysql_num_rows($results) or die(mysql_error()); //$eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error()); if ($num_rows == 1) {       // Enable sessions if (isset($_SESSION['loggedin'])) {   header("Location: members.php");   exit; } else {   $_SESSION['logged'] = $_POST['username'];   // Go to page header("Location: members.php"); break; } } else { $loginError = "Your user name and password do not match any in our database!"; } } } ?>[/code] There are no errors produced so I have nothing to go by that would point to the problem. It must be my super-noobie coding capabilities. ALL help is appreciated!

heh...well, it only matters if the code works ;)  I'm going to use the isset function and see how things progress from there. Thanks!

Ok, thanks. But maybe it should be an isset function? if (isset($_SESSION['loggedin'])) {   header("Location: login.php"); } else {   run code blah blah; }

I have a registration form that, if registration is successful, starts and sets the session ID. What I want to do is have it check if the session has already been started so that they don't try to register twice in the same session. if (!$_SESSION['loggedin'] == true) { header("Location: login.php"); } else { blah blah proceed with registration } I'm just not sure on my syntax but that's the jist of what I need.

This is a baffler to say the least. I can't imagine what the problem is with the query. It's the right database, the right table and the right fields. I don't see a syntax error. I rewrote it slightly to see if that fixed it. The 'resource' reference went away but the sql error persists. Here's the  new snippet: [code]// Get Record Set $eg_recResult1 = ("SELECT * FROM plateau_pros  WHERE username = '$username' AND password = '$password'"); mysql_query($eg_recResult1); $eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error());[/code]

bumpy-poo :)

Hi Paul: Thanks for your persistence! I'm sure we'll nail this eventually. Ok, regarding the two conditional statements, if you notice the lower one is commented out while replacing it with the one above. I was experimenting to see if perhaps the check for a valid member was not working with the lower statement. I utilized your modified query statement and upon submit got this error: [quote]Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in /home2/wwwxxxx/public_html/login.php on line 31 Error in query: $eg_Result1.[/quote] Line 31 is the query. I've made no other changes in the code except to actually delete the 2nd conditional statement that was previously commented out.

Ok, let's assume your request is legitimate. Your question is vague and since most likely no one here uses that service then it's not the proper place to get assistance for how it works. Now, if you're asking what to do after you sign up for hosting in regards to getting a website online.... Yes, you'd have to create some HTML pages. And, Yes, if you wish to use some PHP you'd have to code some PHP. Then upload the files, images, and PHP scripts to your new hosting service. If they don't work, then come back here and post your code so we can help you with it. Right now your question appears to be more of a Websites 101 inquiry :)