benji87

Yep ive got that in place now! Thanks guys!

Hi all. Just started on a new project which is based on a users only login interface. Last week i posted it on these forums for help on css on the login page. Then today i continue work on it and try to login and turns out my users table has been emptied!! Now the only reason i can think of for this happening is someone has done a sql injection attack on me and they must be a member or atleast a visitor of these forums because it is the only place i have posted the url and there is no way they could find it through a search engine! Now all i want to know is how do i go about from stopping this from happening in the future as this is a big project and i cant afford to have a serious sercurity lapse like this! Can anyone help?

I dont want to do that though im trying to get all the columns that have 1 not the username

Nope its not liking it error: code: <? $username = $_SESSION['username']; echo '<table border =\"1\">'; $query=mysql_query("SELECT * FROM pl_teach_learn WHERE username = $username AND lesson_planning, objective_led_planning, starters, plenaries, structure_and_pace, questioning, explanations, differentiation, marking, monitoring_progress, group_work, positive_classroom_management, positive_behaviour_management, using_lsas_effectively, gifted_and_talented, speaking_and_listening, ict, engagement_enjoyment ='1' LIMIT 1"); $row=mysql_fetch_array($query); echo '<tr>'; foreach($row as $k=>$v){ echo '<td>'.$k.'</td>'; } echo '</tr>'; $query=mysql_query("SELECT * FROM pl_teach_learn WHERE username = $username AND lesson_planning, objective_led_planning, starters, plenaries, structure_and_pace, questioning, explanations, differentiation, marking, monitoring_progress, group_work, positive_classroom_management, positive_behaviour_management, using_lsas_effectively, gifted_and_talented, speaking_and_listening, ict, engagement_enjoyment ='1' LIMIT 1"); while($row=mysql_fetch_array($query)){ echo '<tr>'; foreach($row as $k=>$v){ echo '<td>'.$v.'</td>'; } echo '</tr>'; } echo '</table>'; ?>

Ok thanks that kind of worked! trouble is it echos everything. I just want it to display the columns that only have '1' in its field where the session username matches the username in the field, if that makes sense. Plus this code seems to number the columns next to the names.....

Hi guys, what is the most efficient way to display column names from a database that only have the value '1' in its fields?? I cant seem to work it out, could someone give me a code example?? Thanks

Hi everyone, im having my first go at using CSS for layout so apologies if this is all wrong! I am trying to centre my divs in the middle of the page but for some reason it seems to place it 75% accross the page. Ive tried using text-align to override the bug in IE 6 i think it is but it doesnt seem to be helping it. Ive also tried putting each div's left space to 50% but still the same effect :-\ Can anyone tell me what im doing wrong please? Ive tested this in IE 7 and Firefox 2.0. Here is my url: www.alns.co.uk/plm Cheers guys

This has got to e the most original idea i have seen in a long time! So my hat goes off to for that, or should it be sock? haha Just a few things about the site. First of all you have way too much drop shaddow around the border. I really dont get that and it makes it look tacky. I would just stick to the amount you have on the left hand side and keep it like that all the way round! Also get ur header and make it stick to the top of the page! On the main page in the text you have all these different varients of verdana in colour and size. Get rid of this! Ok if you want a word to stand out just make it bold and slightly change the colour. You target audience is businessmen who dont have the time to buy thier own socks. Well if i was one of those guys i wouldnt have time to read that text because its all over the place and i would instantly close the site! Next redesign the whole navigation bar. The gradient is really not a good looker and i dont like the outer glow on the text on rollover. Also as mentioned before you need to consider your colour scheme because im really not feeling it! I makes me feel depressed and tired! Not something you want if you want your target audience to invest in your product! I hope some of this advice helps you! Looks af it all the coding is there and works perfectly! You have just got to work on your GUI which at the end of the day is going to sell your site before the text does!!

I like the header its really pleasing to the eye. Then i look below it and think ergh!! Plus loose the text buttons they just dont go well with the header, make them into graphics and have a nice rollover, maybe javascript with a slow fade. The content area looks like a totally different site to me. The two just dont go together. Looks to me as if the main content is built from a blogging template of some kind? U need to intergrate more of a GUI into content area. You can use CSS to make some nice layouts. Plus i agree with everyone else loose the bar at the top of the page! It really isnt pleasing and your eyes are drawn to it instantly loosing the focus on he content! Also u already have the same thing at the top of your left hand bar? Why repeat it?? On the 'members area' page. Id recommend that you just put in a login here instead of the user having to click again to get to the login screen! Lastly, on your members list page how about seperating each row with an alternate background colour? It would make it so much easier to read! Also how about popping in a last login and number of posts... I hope this helps you will get there in he end! Good luck with your community

Hi all ive recently purchased a bit of software that allows me to create sql tables from excel spreadsheets. It also is able to connect right to the database to download and upload current spreadsheets. Thing is i dont know how to set the connection up? Obviously when you are connecting to it via a page on the server its just localhost. But what do i use when accessing it from my desktop? I think i heard a while back that some hosts do not allow a remote connection, is this true?? Any help would be great because it would save me so much time!!

Ok those are pretty simpe queries and is what i already have. That wont output the date correctly as at the moment in the table its in YYYY-MM-DD format and that wont order it by the months just the number......

anyone???

Try this: <div id="service_bar"> <li><a title="View/Download Templates" href="/templates.php" class="s">Templates</a></li> <li><a title="Upload your Templates" href="/templatesupload.php">Upload</a></li> <li><a title="Templates in use" href="/tiu.php">TIU</a></li> <li><a title="Sort Templates" href="/search.php">Search</a></li> </div>

I cant see what the problem is. What exactly isent displaying correctly?

Here is my code, it all seems to process fine it just wont insert into the database :-\ can anyone help? <?php session_start(); include 'includes/db.php'; $username = $_SESSION['username']; $id = $_GET['id']; $query=("SELECT * FROM ssrfc_noticecomments WHERE topicid = $id ORDER BY date ASC LIMIT 0,10"); $result=mysql_query($query); $num=mysql_numrows($result); $i=0; while ($i < $num) { $commentby=mysql_result($result,$i,"commentby"); $date=mysql_result($result,$i,"date"); $comment=mysql_result($result,$i,"comment"); <table width="100%" border="0" cellpadding="2" cellspacing="2" bgcolor="eaeaea"> <tr> <td class="headers">Posted by: <? echo "$commentby" ?> Date: <? echo "$date" ?></td> </tr> <tr> <td class="navigation"><? echo "$comment" ?></td> </tr> </table> $i++; } mysql_close(); <form id="form1" name="form1" method="post" action="<?php $_SERVER['PHP_SELF'] ?>"> <table width="100%" border="0" cellspacing="2" bgcolor="eaeaea"> <tr> <td><div align="center"> <textarea name="message" cols="40" rows="10" class="navigation" id="message"></textarea> </div></td> </tr> <tr> <td><div align="center"> <input type="submit" name="Submit" value="Submit" /> </div></td> </tr> <tr> <td><div align="center"> <input name="id" type="hidden" id="id" value="<? echo "$id" ?>" /> <input name="commentby" type="hidden" id="commentby" value="<? echo "$username" ?>" /> </div></td> </tr> </table> </form> if (isset($_POST['submit'])) { $topicid = $_POST['id']; $comment = $_POST['message']; $commentby = $_POST['commentby']; $date = date("j F"); $sql = mysql_query("INSERT INTO ssrfc_noticecomments (topicid, comment, commentby, date) VALUES('$topicid', '$comment', '$commentby', '$date')") or die (mysql_error()); if(!$sql){ echo 'There has been an error while trying to submit your post.'; $id = mysql_insert_id(); } } ?>

Yes it is yyyy-mm-dd

Hey all im trying to sort a fixtures list by date! But obviously it just sorts it by first numbers for example it orders the list by day value and not day and month, i found this code in a previous post SELECT DATE_FORMAT(date_field, '%W %M %Y') FROM table_name Trouble is i dont really understand. How do i implement that if i want to select all from the table and order it by the date???

Quick question, How do i retain paragraph breaks when inserted into a sql database through a text field without the user having to manually input <br> tags??

Ignore that sorry it shouldnt be there! Well i dont understand what difference changing the query would make?? That part works fine its just the redirecting thats the problem it doesnt parse the variables through the url for some reason!

I dont know, i think the variables might not be parsing through the url for some reason??

Hi all im trying to create a little comments page similar to a shoutbox. Trouble is when i make a post i cant make it redirect correctly ??? i always get a mysql_numrows() is not a valid resource. Im not sure why it does this but i guess its something to do with me trying to redirect it by parsing variables through the URL. Although i have tried using javascript goback function but i get a similar error. Here is my form submit code: <? include 'db.php'; $id = $_GET['id']; $username = $_GET['u']; $title = $_GET['t']; $topicid = $_POST['id']; $comment = $_POST['message']; $commentby = $_POST['commentby']; $date = date("j F"); $sql = mysql_query("INSERT INTO ssrfc_noticecomments (topicid, comment, commentby, date) VALUES('$topicid', '$comment', '$commentby', '$date')") or die (mysql_error()); if(!$sql){ echo 'There has been an error while trying to submit your post.'; } else { header("Location: http://www.alns.co.uk/ssrfc/member/showcomments.php?id=$id&u=$username&t=$title"); $id = mysql_insert_id(); } ?>

No it doesnt like that either i really dont understand why it wont work

anyone???

Cheers, unexpected { on line 3 ??? <?php if (isset($_POST['submit']) { $topicid = $_POST['id']; $comment = $_POST['message']; $commentby = $_POST['commentby']; $date = date("j F"); $sql = mysql_query("INSERT INTO ssrfc_noticecomments (topicid, comment, commentby, date) VALUES('$topicid', '$comment', '$commentby', '$date')") or die (mysql_error()); if(!$sql){ echo 'There has been an error while trying to submit your post.'; } else { $id = mysql_insert_id(); } <? Dont see why that is unexpected??

Could some point me in the right direction or give me a code example to submit a form on the same page, so as i wont have to link the form to a processing script but have them on the same page. Im sure its simple but ive never done it before and i cant find any examples! :-\ Cheers