simcoweb
-
Posts
1,104 -
Joined
-
Last visited
Everything posted by simcoweb
-
I've modified the code a bit to include a check against the results: [code]$username = $_POST['username']; $password = $_POST['password']; // Get Record Set $eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros` WHERE `plateau_pros`.`username` = '$username' AND `plateau_pros`.`password` = '$password'", $eg_objConn1); $eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC) or die ('Error in query: $eg_Result1. ' . mysql_error()); if (mysql_num_rows($eg_recResult1) == 1) { // the user id and password match, // set the session $_SESSION['loggedin'] = true; // Conditional statement // if(!empty($eg_Result1['plateau_pros.username'])) // Go to page header("Location: members.php"); exit; } else { $loginError = "Your user name and password do not match any in our database!"; }[/code] STILL it won't redirect. ARRGGGGGGGGGGGH!
-
NEW TO PHP..JUST JOINE PHPNET.US NEED HELP
simcoweb replied to 50cent1228's topic in PHP Coding Help
Well, first off..why would you come here looking for support for someone else's services? You would go to the people you signed up with to get assistance. Secondly, it's a common practice for spammers to go to forums and post goofy questions just to make sure they've entered the url to the spam site as many times as they can. I'm not a moderator here nor an admin. But I've run and moderated enough forums to be able to spot the spammers. This is a PHP help community and not customer support for another website. :) -
I have this file upload code and it's working just perfectly. However, i'd love to have either: 1 - preferred choice) it also create a thumbnail at the time of upload and deposit that in a separate folder and enter the image name into the mysql DB Or, 2) figure out a way to generate a thumbnail 'on the fly' when i'm calling the image to be displayed on a specific page where I need the image to be thumbnail size. Here's my file upload code that works fine for the general image: [code]// Upload File $eg_success_File1 = false; if(!empty($_FILES['photo']['name'])) { // Check file is not larger than specified maximum size $eg_allowUpload = $_FILES['photo']['size'] <= 100000 ? true : false; // Check file is of the specified type if($eg_allowUpload) $eg_allowUpload = preg_match('/\\.(gif|jpg|jpeg|png)$/i', $_FILES['photo']['name']) ? true : false; if($eg_allowUpload) { if(is_uploaded_file($_FILES['photo']['tmp_name'])) { $eg_uploaddir = $_SERVER['DOCUMENT_ROOT']."/images/photo/"; $eg_uploadFile1 = $eg_uploaddir.rawurlencode($_FILES['photo']['name']); // Create a unique filename for the uploaded file $eg_i = 1; while (file_exists($eg_uploadFile1)) { $eg_separated_filename = explode(".",$eg_uploadFile1); if (substr($eg_separated_filename[0],-1) == $eg_i) { $eg_separated_filename[0] = substr($eg_separated_filename[0], 0, (strlen($eg_separated_filename[0])-1)); $eg_i++; } $eg_separated_filename[0] = $eg_separated_filename[0] . "$eg_i"; $eg_uploadFile1 = implode(".",$eg_separated_filename); } $eg_success_File1 = move_uploaded_file($_FILES['photo']['tmp_name'], $eg_uploadFile1); } } }[/code] I also found this snippet of code that is supposed to do something like choice #2 as i've described: [code]<?php # Constants define(IMAGE_BASE, '/var/www/html/mbailey/images'); define(MAX_WIDTH, 150); define(MAX_HEIGHT, 150); # Get image location $image_file = str_replace('..', '', $_SERVER['QUERY_STRING']); $image_path = IMAGE_BASE . "/$image_file"; # Load image $img = null; $ext = strtolower(end(explode('.', $image_path))); if ($ext == 'jpg' || $ext == 'jpeg') { $img = @imagecreatefromjpeg($image_path); } else if ($ext == 'png') { $img = @imagecreatefrompng($image_path); # Only if your version of GD includes GIF support } else if ($ext == 'gif') { $img = @imagecreatefrompng($image_path); } # If an image was successfully loaded, test the image for size if ($img) { # Get image size and scale ratio $width = imagesx($img); $height = imagesy($img); $scale = min(MAX_WIDTH/$width, MAX_HEIGHT/$height); # If the image is larger than the max shrink it if ($scale < 1) { $new_width = floor($scale*$width); $new_height = floor($scale*$height); # Create a new temporary image $tmp_img = imagecreatetruecolor($new_width, $new_height); # Copy and resize old image into new image imagecopyresized($tmp_img, $img, 0, 0, 0, 0, $new_width, $new_height, $width, $height); imagedestroy($img); $img = $tmp_img; } } # Create error image if necessary if (!$img) { $img = imagecreate(MAX_WIDTH, MAX_HEIGHT); imagecolorallocate($img,0,0,0); $c = imagecolorallocate($img,70,70,70); imageline($img,0,0,MAX_WIDTH,MAX_HEIGHT,$c2); imageline($img,MAX_WIDTH,0,0,MAX_HEIGHT,$c2); } # Display the image header("Content-type: image/jpeg"); imagejpeg($img); ?> [/code] This was found here: [url=http://codewalkers.com/tutorials/42/1.html]http://codewalkers.com/tutorials/42/1.html[/url] If i'm understanding correctly, it creates a thumbnail image 'when needed'. That's an option if I can't find a modestly simple way to modify my upload code to include the creation of the thumbnail while uploading the file.
-
NEW TO PHP..JUST JOINE PHPNET.US NEED HELP
simcoweb replied to 50cent1228's topic in PHP Coding Help
If it walks like a duck, talks like a duck..then it must be a duck. Smells like spam to me. -
Starting Big Project or How To Learn PHP In A Hurry
simcoweb replied to simcoweb's topic in PHP Coding Help
I can't say 100% sure but I do know that if I comment out $sql3 and run the script that I get no errors and the data inserts perfectly. If I un-comment it I get the error message and the data inserted from the first two queries gets goofy as I mentioned previously that the image name doesn't show in the 'photo' field. Instead it displays the 'tmp/blahblah' info. Now, that's an element of the file upload process above the query. That doesn't break unless I activate $sql3. This is a real stumper. I need to insert that data into the right table to make it all join together. -
Starting Big Project or How To Learn PHP In A Hurry
simcoweb replied to simcoweb's topic in PHP Coding Help
I get this: [code]INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('yosemite', 'park', 'park', 'yosemite', 'sam', 'yosemite@sam.com', 'WhoopAss', 'Come Get Some', 'here', 'there', '42342', '305-223-6900', '333-333-3333', '333-333-3333', 'Professional Services', 'butt kickin', 'yeehaws', '6620.jpg') Warning: Cannot modify header information - headers already sent by (output started at /home2/wwwplat/public_html/register-test2.php:91) in /home2/wwwplat/public_html/register-test2.php on line 103[/code] -
Starting Big Project or How To Learn PHP In A Hurry
simcoweb replied to simcoweb's topic in PHP Coding Help
That's interesting considering that query number $sql3 wants to insert two items into the 'specialties' table, the $newid and $specialties info. That table has 3 items including the auto-incremented 'id' field. They are id memberid specialties I don't see where it's any different than the $sql2 query which is inserting two items into the 'members_cat' table which contains: id memberid categoryid -
Hmmm...here's what I noticed. My validation is checking the entry of something into the fields. However, there's nothing checking the posted info with the data in the database. Right now i'm getting 'User not found' errors no matter what I type in even though the user IS in the database. I need some authentication code to use the SELECT data against a comparison. Not sure how to do that.
-
Starting Big Project or How To Learn PHP In A Hurry
simcoweb replied to simcoweb's topic in PHP Coding Help
Ok, I cleared out all the $_POST references in the query and got it down to the nuts and bolts. Here's a new development. As an experiment I commented out the $sql2 and $sql3 queries to see if I could isolate the problem. The first query ran fine and inserted the data properly. I uncommented the $sql2 query and it ran fine. When I did the same for $sql3 it produced some weird behaviour. For example. the image upload field should be populated with the name of the image. When the $sql3 is active the temp name/location is stored in that field instead of the image name. Something is amiss with the 3rd query. Also, it was creating an error something like 'Number of columns doesn't match line 1' or similar. -
heh..well, at least that produced an error. Unfortunately it's an error that the username doesn't exist in my database. But, I know it does cuz i'm looking right at it. Me thinks there's a problem with the query.
-
Starting Big Project or How To Learn PHP In A Hurry
simcoweb replied to simcoweb's topic in PHP Coding Help
Ok, here's the 'original' query code before I modified it to do the multiple queries. Perhaps there's an out of place " or , or ' or ) that my editor just isn't spotting. The only changes made were to the beginning of the query code to remove the ( ahead of the "INSERT and then removed the corresponding ) from the end of the query string. Then set up the variable $sql = My hunch is even though my PHP editor shows the proper color coding for the various elements that something is out of alignment. Here's the original: [code] // Run query mysql_query("INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."')", $eg_objConn1);[/code] Here's the revised: [code] // Run query $sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1"; mysql_query($sql) or die(mysql_error()); $newid = mysql_insert_id();[/code] -
Starting Big Project or How To Learn PHP In A Hurry
simcoweb replied to simcoweb's topic in PHP Coding Help
Ok, that produced this: [quote]You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #3' at line 1[/quote] Line 1, of course, is my opening <?php tag. Not sure what this eludes to. Here's the entire block of code: [code]<?php // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); include 'dbconfig.php'; // Connect to database $eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass); mysql_select_db($dbname, $eg_objConn1); // Enable sessions session_start(); // Set Session Value $_SESSION['loggedin'] = @$_POST['username']; $username =$_POST['username']; // Validate users input if(!empty($_POST)) // Check email is a valid email address if(isset($_POST['email'])) if(!ereg("^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,}\\.[0-9]{1,}\\.[0-9]{1,}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,}|[0-9]{1,})(\\]?)$", $_POST['email'])) $eg_error['email'] = "You must enter a valid email address!"; // Check password has a value if(empty($_POST['password'])) $eg_error['password'] = "You must enter a password!"; // Check that confirmPass is the same as (comparison) if(isset($_POST['confirmPass'])) if($_POST['confirmPass'] != @$_POST['password']) $eg_error['confirmPass'] = "Your passwords do not match!"; // Check that username is numbers and letters if(isset($_POST['username'])) if(ereg("[!\"£\$%\^&\*()\+=\{}[.].][.[.]#~';:@/\.,<>\?\\| ]", $_POST['username'])) $eg_error['username'] = "The user name contains some illegal charactures, only use alpha-numeric charactures."; // Check username has a value if(empty($_POST['username'])) $eg_error['username'] = "You must enter a user name!"; // Check if any errors were returned and run relevant code if(empty($eg_error)) { //check if username already exists $sql_user_check = "SELECT * FROM plateau_pros WHERE username='$username'"; $result_name_check = mysql_query($sql_user_check); $usersfound = mysql_num_rows($result_name_check); mysql_query($sql_user_check); // if user found, note that and end if ($usersfound > 0) { $eg_error['username'] = "Username $username is already in use. Please choose another username to continue."; } else { // Conditional statement //if(!empty($_POST)) // Upload File $eg_success_File1 = false; if(!empty($_FILES['photo']['name'])) { // Check file is not larger than specified maximum size $eg_allowUpload = $_FILES['photo']['size'] <= 100000 ? true : false; // Check file is of the specified type if($eg_allowUpload) $eg_allowUpload = preg_match('/\\.(gif|jpg|jpeg|png)$/i', $_FILES['photo']['name']) ? true : false; if($eg_allowUpload) { if(is_uploaded_file($_FILES['photo']['tmp_name'])) { $eg_uploaddir = $_SERVER['DOCUMENT_ROOT']."/images/photo/"; $eg_uploadFile1 = $eg_uploaddir.rawurlencode($_FILES['photo']['name']); // Create a unique filename for the uploaded file $eg_i = 1; while (file_exists($eg_uploadFile1)) { $eg_separated_filename = explode(".",$eg_uploadFile1); if (substr($eg_separated_filename[0],-1) == $eg_i) { $eg_separated_filename[0] = substr($eg_separated_filename[0], 0, (strlen($eg_separated_filename[0])-1)); $eg_i++; } $eg_separated_filename[0] = $eg_separated_filename[0] . "$eg_i"; $eg_uploadFile1 = implode(".",$eg_separated_filename); } $eg_success_File1 = move_uploaded_file($_FILES['photo']['tmp_name'], $eg_uploadFile1); } } } // Run query $sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1"; mysql_query($sql) or die(mysql_error()); $newid = mysql_insert_id(); $sql2 = "INSERT INTO members_cat (`memberid`, `categoryid`) VALUES ('$newid', '$catid')"; mysql_query($sql2) or die(mysql_error()); $sql3 = "INSERT INTO specialties (`memberid`, `specialties`) VALUES ('$newid' '$specialties')"; mysql_query($sql3) or die(mysql_error()); // set session ID and redirect to login page upon success // Set Session Value $_SESSION['loggedin'] = @$_POST['username']; // Go to page header("Location: login.php"); exit; } } ?>[/code] -
heh... no errors displayed. Figures. It appears it's making the query without a hitch. Then it either hits a spot that tells it to quit or it's quitting on its own. Obviously it should query the database, check the username/password to make sure they exist, then if successful redirect to the stated page. If error, it would return to the login page and show the errors. Only no errors are being shown.
-
Starting Big Project or How To Learn PHP In A Hurry
simcoweb replied to simcoweb's topic in PHP Coding Help
I missed that in reply #39 :( Sorry. But, glad I found out it was a typo so I don't have to search Google for hours looking for 'unsert'. :) Now, as you notice i've changed the query codes a bit by addint $sql2 and $sql3 but now there's nothing being inserted. No errors occur...but nothing gets inserted. Once again i'm scratching my head. Here's the latest snippet. See if you can spot WHY i'm going insane: [code] // Run query $sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1"; mysql_query($sql); $newid = mysql_insert_id(); $sql2 = "INSERT INTO members_cat (`memberid`, `categoryid`) VALUES ('$newid', '$catid')"; mysql_query($sql2); $sql3 = "INSERT INTO specialties (`memberid`, `specialties`) VALUES ('$newid' '$specialties')"; mysql_query($sql3);[/code] -
Starting Big Project or How To Learn PHP In A Hurry
simcoweb replied to simcoweb's topic in PHP Coding Help
Ok, back on track with this monster. Update, have been doing some restructuring of the registration form to coordinate with the insertion of data into multiple tables as per your original example from reply #12: [code]<?php $sql = "INSERT INTO member (name, email, etc) VALUES ('$name', '$email', '$etc')"; mysql_query($sql); $newid = mysql_unsert_id(); $sql = "INSERT INTO members_cat (memberid, categoryid) VALUES ('$newid', '$catid')"; mysql_query($sql); ?>[/code] I did not use this method previously as I was taking a simpler method in using one table to insert the profiles into and then simply displaying them when summoned. However, I have since come to my senses and realize I need to update the method to something more useful such as what you laid out in this table structure: [quote]category member_cat members specialties ========== =========== ========= ============ categoryid --+ id +-- memberid --+ id category | memberid >-+ name +-< memberid +-< categoryid title speciality company phone email details image[/quote] Here's the question. I've created this series of queries in the 'new' registration form based on your model but receive this error: [quote]Fatal error: Call to undefined function: mysql_unsert_id() in /home2/wwwxxxx/public_html/register-test.php on line 89[/quote] The code including line 89 is this: [code] // Run query $sql = "INSERT INTO `plateau_pros`(`username`, `password`, `confirmPass`, `firstname`, `lastname`, `email`, `business`, `title`, `address`, `city`, `zip`, `phone`, `fax`, `mobile`, `category`, `comments`, `specialties`, `photo`) VALUES('".@$_POST['username']."', '".@$_POST['password']."', '".@$_POST['confirmPass']."', '".@$_POST['firstname']."', '".@$_POST['lastname']."', '".@$_POST['email']."', '".@$_POST['business']."', '".@$_POST['title']."', '".@$_POST['address']."', '".@$_POST['city']."', '".@$_POST['zip']."', '".@$_POST['phone']."', '".@$_POST['fax']."', '".@$_POST['mobile']."', '".@$_POST['category']."', '".@$_POST['comments']."', '".@$_POST['specialties']."', '".substr(strrchr($eg_uploadFile1, "/"), 1)."'), $eg_objConn1"; mysql_query($sql); $newid = mysql_unsert_id(); [b][color=red]<-- LINE 89[/color][/b] $sql2 = "INSERT INTO members_cat (memberid, categoryid) VALUES ('$newid', '$catid')"; mysql_query($sql2); $sql3 = "INSERT INTO specialties (memberid, specialties) VALUES ('$newid' 'specialties')"; mysql_query($sql3);[/code] I looked up 'UNSERT' and can't find anything on it. Don't know if this is a typo or what. But, it's producing an error like it's 'unknown'. Can you shed some light on this please? -
Hi Paul: Thanks for your post and for spotting that missing element. I did change the code to this: [code]<? // Enable sessions session_start(); // Set Session Value $_SESSION['loggedin'] = @$eg_Result1['username']; // Declare loginError so a value is always available $loginError = ""; // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); include 'dbconfig.php'; // Connect to database $eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass); mysql_select_db($dbname, $eg_objConn1); // Validate users input if(!empty($_POST)) { // Check username has a value if(empty($_POST['username'])) $eg_error['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $eg_error['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($eg_error)) { // Get Record Set $eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros` WHERE `plateau_pros`.`username` = '".@$_POST['username']."' AND `plateau_pros`.`password` = '".@$_POST['password']."'", $eg_objConn1); $eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC); // Conditional statement if(!empty($eg_Result1['memberid'])) { // Go to page header("Location: members.php"); exit; } else { $loginError = "Your user name and password do not match any in our database!"; } } } ?>[/code] Which reinstates that 'if' statement. I originally disabled it as one of the many experiements to get the redirection to work. Even with the reinstating and repairing of the code (as above) the redirection still doesn't work (*sigh*). Perhaps with this revised code there's still something missing?
-
Still looking for a resolution on this one. Once again, after entering username/password it just returns to the login page. Not sure why.
-
Can you populate the <SELECT> list from a database?
simcoweb replied to simcoweb's topic in PHP Coding Help
Barand, as usual you rock. I'll need to brush up on the 'Join' part of the database structures. I'm not at all familiar with how that works and how to construct it. You've mentioned it before in previous posts. Is there a PHPFreaks tutorial on it somewhere? -
I just need to know if this can be done. I have a contact form that is asking for a 'referrer' selection (who referred you) to be a dropdown menu. What i'd like to do is to generate the selections in that list from the member's list in the database instead of hard-coding it into the form each time we add or lose member. Another 'key' is that I need the referrer's ID # to pass as well so that reports can be created using the ID# as the search key. So, basically when the visitor selects from the member list to choose the referrer that referrer's name is entered into a new table along with their ID# and the person they referred to.
-
I wish I could say that took care of it :( Unfortunately it didn't. Still just comes right back to the login page after submit.
-
Hi Paul: Thanks for the post. I'm aware of that aspect of the headers but normally that would produce a 'Premature end to script headers' error message which would indicate some HTML has been passed before the header. In this case everything is working except the redirection to the member's page after the login attempt. It's got to be something in the if/else statements that i'm not spotting. Some sort of syntax error or bad logic in my code.
-
I have a login page with the following code: [code]<? // Declare loginError so a value is always available $loginError = ""; // Enable sessions // Set Session Value $_SESSION['loggedin'] = @$eg_Result1['username']; // Turn on magic quotes to prevent SQL injection attacks if(!get_magic_quotes_gpc()) set_magic_quotes_runtime(1); include 'dbconfig.php'; // Connect to database $eg_objConn1 = mysql_connect($dbhost, $dbuser, $dbpass); mysql_select_db($dbname, $eg_objConn1); // Validate users input if(!empty($_POST)) { // Check username has a value if(empty($_POST['username'])) $eg_error['username'] = "Please enter a user name!"; // Check password has a value if(empty($_POST['password'])) $eg_error['password'] = "Please enter a password!"; // Check if any errors were returned and run relevant code if(empty($eg_error)) { // Get Record Set $eg_recResult1 = mysql_query("SELECT `plateau_pros`.`memberid` FROM `plateau_pros` WHERE `plateau_pros`.`username` = '".@$_POST['username']."' AND `plateau_pros`.`password` = '".@$_POST['password']."'", $eg_objConn1); $eg_Result1 = @mysql_fetch_array($eg_recResult1, MYSQL_ASSOC); // Conditional statement //if(!empty($eg_Result1['memberid'])) //{ // Go to page header("Location: members.php"); exit; } else { $loginError = "Your user name and password do not match any in our database!"; } } ?>[/code] The problem is that once the person enters username/password and hits submit it winds up right back at the login.php page instead of forwarding (upon successful validation) to the members.php page as instructed. My eyes are bugging out trying to spot the problem. So, perhaps some 'new eyes' could help me out here ? :P
-
How do I stop a form from submitting to database when there's errors?
simcoweb replied to simcoweb's topic in PHP Coding Help
Ok, I understand that part. I have that code already as shown below: [code]if(!empty($_POST)) // Check email is a valid email address if(isset($_POST['email'])) if(!ereg("^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,}\\.[0-9]{1,}\\.[0-9]{1,}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,}|[0-9]{1,})(\\]?)$", $_POST['email'])) $eg_error['email'] = "You must enter a valid email address!"; // Check password has a value if(empty($_POST['password'])) $eg_error['password'] = "You must enter a password!"; // Check that confirmPass is the same as (comparison) if(isset($_POST['confirmPass'])) if($_POST['confirmPass'] != @$_POST['password']) $eg_error['confirmPass'] = "Your passwords do not match!"; // Check that username is numbers and letters if(isset($_POST['username'])) if(ereg("[!\"£\$%\^&\*()\+=\{}[.].][.[.]#~';:@/\.,<>\?\\| ]", $_POST['username'])) $eg_error['username'] = "The user name contains some illegal charactures, only use alpha-numeric charactures."; // Check username has a value if(empty($_POST['username'])) $eg_error['username'] = "You must enter a user name!"; // Check if any errors were returned and run relevant code if(empty($eg_error)) { echo "You must complete all the form fields before submitting." ; } else { //check if username already exists $sql_user_check = "SELECT * FROM plateau_pros WHERE username='$username'"; $result_name_check = mysql_query($sql_user_check); $usersfound = mysql_num_rows($result_name_check); } // if user found, note that and end if ($usersfound > 0) { $error = "Username $user is already in use. Please choose another username."; } else {[/code] The validation and empty field check is doing fine. But it's not stopping the form from submitting the data. I don't know if I can make it any clearer but ... the validation errors appear to the user but it's not stopping the query entering the info into the database. I'm looking specifically for the code snippet that prevents that. In a plain logical way it would work like this: if(check for empties..if empty ..halt... show error messages for fields not completed properly....user inputs new data..hits submit... it validates again...if ok then goes to 'else') else(if no errors as above...upload photo...run query...redirect to 'login.php') Right now what's happening is: if(check for empties... finds fields that violate validation rules... [B]runs the mysql query..uploads the file[/B]...then returns to the form to display the error messages which makes it look to the user like nothing happened..user re-inputs the data and uploads again duplicating the records) In my limited knowledge I look at the code i'm using and see this: if(check user input to make sure username/password/confirmpass have entries... check same fields for type of input...if errors display error messages..if no errors proceed to next step which is username check... run username check if no errors..if no username match found then proceed to next step which is file upload, query, etc.) What i'm in need of is the correct code to stop this duplication of the same username and prevent the query from happening until there's no errors in the input. I'm reading you loud and clear on the part you've posted but that's just one part of the equation. Make sense? I do appreciate your posts. Just not sure if we're looking at the same part of the problem :) -
How do I stop a form from submitting to database when there's errors?
simcoweb replied to simcoweb's topic in PHP Coding Help
Exactly! That's the part of the code i'm looking for. As I mentioned, I have the validation and the 'if empty' parameters taken care of. What's missing is the STOP HERE AND DO NOT PROCESS part that's confusing me . Here's the form for your viewing pleasure: [code]<form id="Form1" style="WIDTH: 100%" name="Form1" method="post" enctype="multipart/form-data"> <table id="Table1" cellspacing="0" cols="2" cellpadding="0" width="400" align="center" border="0"> <tbody> <tr> <td> <strong><font size="2">User Name:</font></strong></td> <td> <input id="username" maxlength="10" size="10" name="username" value="<?= @$_POST['username'] ?>"></td> </tr> <tr> <td> <strong><font size="2">Password:</font></strong></td> <td> <input id="Password1" type="password" maxlength="10" size="12" name="password"></td> </tr> <tr> <td> <strong><font size="2">Confirm Password:</font></strong></td> <td> <input id="Password2" type="password" maxlength="10" size="12" name="confirmPass"></td> </tr> <tr> <td colspan="2"> <hr> </td> </tr> <tr> <td> <font size="2">First Name:</font></td> <td> <input id="firstname" maxlength="50" name="firstname" value="<?= @$_POST['firstname'] ?>"></td> </tr> <tr> <td> <font size="2">Last Name:</font></td> <td> <input id="lastname" maxlength="50" name="lastname" value="<?= @$_POST['lastname'] ?>"></td> </tr> <tr> <td> <font size="2">Email:</font></td> <td> <input id="email" maxlength="100" size="30" name="email" value="<?= @$_POST['email'] ?>"></td> </tr> <tr> <td colspan="2"> <hr> </td> </tr> <tr> <td> <font size="2">Business Name:</font></td> <td> <input id="business" style="WIDTH: 211px; HEIGHT: 22px" size="28" name="business"></td> </tr> <tr> <td> <font size="2">Title/Position:</font></td> <td> <input id="title" style="WIDTH: 211px; HEIGHT: 22px" size="28" name="title"></td> </tr> <tr> <td> <font size="2">Address:</font></td> <td> <input id="address" style="WIDTH: 211px; HEIGHT: 22px" maxlength="20" size="24" name="address" value="<?= @$_POST['address'] ?>"></td> </tr> <tr> <td valign="top"> <font size="2">City:</font></td> <td> <input id="city" style="WIDTH: 115px; HEIGHT: 22px" size="15" name="city"></td> </tr> <tr> <td> <font size="2">Zip Code:</font></td> <td> <input id="zipcode" maxlength="20" size="15" name="zip" value="<?= @$_POST['postCode'] ?>"></td> </tr> <tr> <td colspan="2"> <hr> </td> </tr> <tr> <td> <font size="2">Phone:</font></td> <td> <input id="phone" maxlength="50" size="25" name="phone" value="<?= @$_POST['phone'] ?>"></td> </tr> <tr> <td> <font size="2">Fax:</font></td> <td> <input id="fax" maxlength="50" size="25" name="fax" value="<?= @$_POST['fax'] ?>"></td> </tr> <tr> <td> <font size="2">Mobile:</font></td> <td> <input id="mobile" maxlength="50" size="25" name="mobile" value="<?= @$_POST['mobile'] ?>"></td> </tr> <tr> <td colspan="2"> <hr> </td> </tr> <tr> <td colspan="1"> <font size="2">Category:</font></td> <td> <select id="DropDown1" style="WIDTH: 230px" name="category"> <option value="Marketing" selected="selected">Marketing <option value="Professional Services">Professional Services <option value="Health and Wellness">Health & Wellness <option value="Home Design and Improvements">Home Design & Improvements </select></td> </tr> <tr> <td valign="top"> <font size="2">Details:</font></td> <td> <textarea id="TextArea2" name="comments" cols="30"><?= @$_POST['comments'] ?></textarea> </td> </tr> <tr> <td valign="top"> <font size="2">Specialties:</font></td> <td> <textarea id="TextArea2" name="specialties" cols="30"><?= @$_POST['specialties'] ?></textarea> </td> </tr> <tr> <td colspan="1"> <font size="2">Photo Upload:</font></td> <td> <input id="photo" type="file" name="photo"></td> </tr> <tr> <td colspan="2"> <hr> <font size="1">photo should be .jpg, .gif. or .png format under 100k (bytes)</font> <br> </td> </tr> <tr> <td> </td> <td align="right"> <input id="Submit1" type="submit" value="Register"></td> </tr> </tbody> </table> </form>[/code] -
How do I stop a form from submitting to database when there's errors?
simcoweb replied to simcoweb's topic in PHP Coding Help
Just another quick note: It didn't dawn on me until just now that the validation code already contains the if(empty) code as well: [code]// Validate users input //if(!empty($_POST)) // Check email is a valid email address if(isset($_POST['email'])) if(!ereg("^([a-zA-Z0-9_\\-\\.]+)@((\\[[0-9]{1,}\\.[0-9]{1,}\\.[0-9]{1,}\\.)|(([a-zA-Z0-9\\-]+\\.)+))([a-zA-Z]{2,}|[0-9]{1,})(\\]?)$", $_POST['email'])) $eg_error['email'] = "You must enter a valid email address!"; // Check password has a value if(empty($_POST['password'])) $eg_error['password'] = "You must enter a password!"; // Check that confirmPass is the same as (comparison) if(isset($_POST['confirmPass'])) if($_POST['confirmPass'] != @$_POST['password']) $eg_error['confirmPass'] = "Your passwords do not match!"; // Check that username is numbers and letters if(isset($_POST['username'])) if(ereg("[!\"£\$%\^&\*()\+=\{}[.].][.[.]#~';:@/\.,<>\?\\| ]", $_POST['username'])) $eg_error['username'] = "The user name contains some illegal charactures, only use alpha-numeric charactures."; // Check username has a value if(empty($_POST['username'])) $eg_error['username'] = "You must enter a user name!"; // Check if any errors were returned and run relevant code if(empty($eg_error)) { } else { } }[/code] What's missing is the coding that is to run in the 'else' area with the key element being what happens when the validation doesn't jive. Again, the script is validating and producing the errors requiring them to re-enter but not stopping the form submission.