btherl

The error is here: //echo "ip=$ip1 "; Instead, do this: //echo "ip=$ipq\n"; It's the same, but only one line. "\n" == "next line" or "new line"

Yes, the error is caused by a query. "max_allowed_pakcet" is a mysql configuration parameter. I don't know much about this particular error message, only that it's caused by mysql, and it's related to either long queries or long query results. As for whether or not your encoding is causing the errors, it might be. Try printing out the query that causes the error and take a look. Or maybe try something like this: $sql = "SELECT * FROM blah"; print "Length of query is " . strlen($sql) . "<br>"; That'll tell you how big your query is, which should give you a clue as to whether or not it's too big. If that number it prints out is getting into the millions, then you've got problems You might even need to rethink your database design if that's the problem.

You can try this query: SELECT kname, ip_add, max(login) AS last_login, max(logout) as last_logout FROM users_activity GROUP BY kname, ip_add ORDER BY ip_add ASC The columns to fetch will be named kname, ip_add, last_login and last_logout

That sounds quite reasonable. It's a low level of security, but that may be suitable for your organization. Of course anyone who knows someone else's membership number can use it, but whether or not that happens depends on the organization, the type of people involved and on what you can actually do if you are able to login as someone else. Are you looking mainly for input on your idea, or for details about implementation?

Commas are not part of the "double" format. So you need to remove them. Simple For currency, you may prefer to use the numeric or decimal type: http://dev.mysql.com/doc/refman/5.1/en/numeric-types.html

Which query gives the error? If possible, print out the actual query itself, like this: $sql = "SELECT * FROM foobar"; print "About to execute $sql<br>"; $db->query($sql);

Thanks, the whole form is exactly what I needed Notice that the first mention of $row_rsermain['erID'] is actually before $row_rsermain is set. $row_rsermain is fetched from a query further down in the script. So you can't get the id from there. You will need to get it from somewhere else. It looks as if you pass the entire $_SERVER['QUERY_STRING'] along as the edit form action. Does this contain erurl? If not, can you make it so it does contain erurl? That is, the url that goes from the main list to the editing page contains erurl, and therefore the copied query string used as the edit form action also contains erurl. Then you can use $_GET['erurl'] to grab the number during the update, instead of $row_rsermain['erID'], which can't be used at that point in the script. Does that make sense? It would actually be easier to use sessions, then you don't have to bother with all this passing around.

Yep, that's exactly it

Ok.. so is the problem that erurl is empty, when it should contain a value? I asked you to print out the value here: <td>ER ID: <?php echo $row_rsermain['erID']; ?></td> because that is the value that goes into erurl, and it looke like erurl was empty when it shouldn't be. Did you put that line that prints out ER ID directly above the line that constructs the redirect url? If $row_rsermain['erID'] is set properly and is used to construct the redirect url, then everything ought to work. So the only explanation is that it's not set (or there's a typo). I think it's fine to have it in the action.. you can access those variables through either $_GET or $_REQUEST.

Set _submit_check to 0 where, and for what purpose?

Since it's in the same session, you can store the customer id like this: <? session_start(); $_SESSION['customer_id'] = $customer_id; Then in the following page, you can get it back: <? session_start(); $customer_id = $_SESSION['customer_id']; Is that what you're looking for? I'm not sure what level your understanding of sessions is at, so I'm not sure what it is you're looking for. You can do the same with order_id, storing it in $_SESSION. Then when the credit card details are entered, you can put the customer_id and/or order_id in the credit card info table, so it can be linked back. You'll have the ids available in $_SESSION.

Do you understand how to design the database part? If not, do a tutorial on that first. Otherwise you'll go mad trying to work it out Google will find you plenty of tutorials. Look for something like "PHP SQL tutorial" And yes, the best way is to store the file names in the database, but store the files themsleves as files. MPG is too big to store in a database.

Ok.. let me clarify a few things. You said that the url you get is this: localhost/expensereports/erR_report.php?erurl=&erDetID_url=10764 Do you intend erurl to have the value "&erDetIT_url=10764"?

Hmm.. first we need to clear up what you are identifying. Do you want a unique id for every customer? Because that is not the same as a unique id for each session. Each customer can have many sessions (and one session can have many customers, for shared computers). So you can have an auto_increment customer identifier in your customers table, an auto_increment order identifier in your orders table (the orders table will also store customer_id as well as order_id). Whenever a user makes an order, you create a new order in the orders table, and insert that customer's id into that row. So there's now a link between the customer and their order. The shipping table can store the order_id value as well. It can also store the customer_id if you want, although you could find that by linking via the orders table back to the customers table. That's what "JOIN" is for in SQL. You might want to look through some examples, like the standard "employee" tables used for demonstrating SQL, to get the idea. Look for "SQL tutorials" on google

What I am thinking of is a table like this: CREATE TABLE email_queue (email text, to text, headers text, content text, inserted datetime); Your main script adds rows to this table instead of sending actual emails. Then another script (which could run from cron, or could run constantly) just reads the queue like this: SELECT * FROM email_queue ORDER BY inserted ASC LIMIT 1 That fetches the oldest email's data, which you can then send off. The email sending script simply keeps fetching emails until none are left. Then it either waits or exits.

Which mysql query causes that error? Can you post the code that constructs the query? It's nothing to do with echoing. Also see http://dev.mysql.com/doc/refman/5.0/en/packet-too-large.html

How do you know if a particular view permission allows viewing of a given row? Or are you asking how to implement that?

Did you really use urlencode()? The error message you show is an error message from a string that was not urlencoded. Can you post your actual code?

Oh wait.. I think I get what you are saying. The "session identifier" is only auto_increment in ONE table. In all other tables, it is set to the same value. So it can never be out of sync, because it's only ever automatically incremented in that one source table. So, you would enter data into the customer table (for example), and grab the next auto_increment id. Then you would use THAT id to put data into the other tables. You wouldn't rely on a seperate auto_increment in the other tables and hope that it matches up. Is that what you're worried about?

I don't see why it would be a problem. Is there an additional condition you want to satisfy, such as "There is only every one auto_increment id for one customer" ?

Is $row_rsermain['erID'] empty? Try printing it out. If so, trace it back through your code with print statements until you find what's causing it to be empty. And yes, we need more code Everything from what you've posted back until the source of that variable which isn't what you expect it to be. I'm also unclear on how you intend to pass the url around. Where did you store it?

How is the other php file called?

How does someone submitting information but not placing an order cause trouble with auto_increment? There's essentially no difference between auto_increment and randomly generated ids, except that auto_increment ids are in order. In practice, they both act identically. To generate a random number, you can use mt_rand(). Then check the number is unused, and add it into your $_SESSION[] array. You might want to provide customers with a method to recover old sessions, such as providing an order number. It's a trade-off between security and ease of use always.

Without knowing the details, I can suggest you put the emails into a queue, and have a seperate process which reads from the queue, dispatching emails. I would implement the queue as a database table.

Instead of $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // send email $To = $row['$result']; $Subject = "<".$msgsubject.">"; $Body = "<".$msgbody.">"; mail($To, $Subject, $Body); you should do $result = mysql_query($query) or die ("Error in query: $query. " . mysql_error()); // send email if (mysql_num_rows($result) == 0) { # Error! Could not find email } else { $To = mysql_fetch_result($result, 0, 'email'); $Subject = "<".$msgsubject.">"; $Body = "<".$msgbody.">"; mail($To, $Subject, $Body); } Actually, that will only work for ONE email only. Do you want to send emails to several people? If so it needs to be re-written a little