Barand

It's hard to find something that is defined. Your first query selects productcode from products but the value for the options is "productid" The select is named "drpcode" yet you are expecting $_POST[''productid'] What jQuery? What AJAX function?

I'm curious to know how that posted code outputs any settings with "off" (unchecked checkboxes aren't posted)

+----------------+ +----------------+ | Make sure to |---+ +------->| (e.g. Courier) | +----------------+ | | +----------------+ | | | | +----------+ | | +->| use a |---+ | | +----------------+ +----------+ | | +------->| and use spaces | | | +----------------+ | +----------------+ | | +--->| monospace font |-----+ | +----------------+ | +----------+ | | not tabs |<----------+ +----------+ | +--------------------------------------------------------------------------+ | V +---------------+ | It also helps | +---------------+ | | | +-------------------+ +-------------------+ +------------------------>| if you sometimes |---------------------->| switch between | +-------------------+ +-------------------+ | | +-----------------+-----------------+ | | | | +-------------------+ +-------------------+ | overtype | | insert | +-------------------+ +-------------------+ | | | | | +----------+ | +----------=>| modes |<----------+ +----------+

Plus a couple of related sections... Handling file uploads Uploading multiple files

Sorry, there is an error $where = "max_price <= ?"; should be $where[] = "max_price <= ?";

The query has inbuilt syntax errors. Your WHERE clause will always begin with "WHERE AND … " IMO a cleaner way to include conditions only if there is a value is $min_price = 10; $max_price = 50; $featured = 1; $binds = []; $where = []; $whereclause = ''; if ($min_price > 0) { $where[] = "min_price >= ?"; $binds[] = $min_price; } if ($max_price > 0) { $where = "max_price <= ?"; $binds[] = $max_price; } if (in_array($featured, [0,1])) { $where[] = "featured = ?"; $binds[] = $featured ; } if ($where) $whereclause = 'WHERE ' . join(' AND ', $where); $find_records = $db->prepare(" SELECT * FROM projects $whereclause "); $find_records->execute($binds); $result_records = $find_records->fetchAll(PDO::FETCH_ASSOC);

Or you can use ? placeholders. $find_records = $db->prepare("SELECT * FROM projects WHERE min_price >= ? AND max_price <= ? AND featured = ? "); $find_records->execute( [ $min_price, $max_price, $featured ] ); $result_records = $find_records->fetchAll(PDO::FETCH_ASSOC);

If you do it the second way (no placeholders), there is no point in preparing it; just use $db->query(). CAVEAT: If $vars originated from an external source ($_GET, $_POST, $_COOKIE etc) then you are injection-prone and, as you are not even escaping the values your queries could fail. EG $username = "O'Reilly"; $res = $db->query("SELECT password FROM user WHERE username = '$username' ") // fails with syntax error and open to injection If in doubt, prepare(); Your bindings do not either, the query does. The array is just a more convenient way of binding.

Your WHERE clause will then be like this... … WHERE id = N AND duplicate = 'False' You have my sympathy. Also those "Answer_x" columns should ne normalized into a separate table; separate row for each answer.

The thing about programming is that it requires some thought. Why would as user_id be equal to a date value? Why don't you do some reading about how to use SQL instead of taking the "infinite monkeys with typewriters" approach in the hope you eventually come up with a right answer?

This time, read what I said.

PS there is a perfectly good function in php already which does all this for you $file_data = file_get_contents($file); Which reminds me, your function needs to return the file data.

If KB_TO_BYTES has not been defined then you need const KB_TO_BYTES = 1024; // We don't need to write to the file, so just open for reading $fp = fopen($file, 'r'); // open file for reading if ($fp) { $file_data = fread($fp, 8 * KB_TO_BYTES); fclose($fp); //close the file }

Where did I say that? The comments are fine - you need to add the code that implements the comments. You also need to ensure that the constant KB_TO_BYTES has been defined and use it correctly as a constant (ie without the quotes).

You have this comment... but you don't get around to actually opening the file - the comment won't do it for you. Therefore in the next line $fp has not been defined. Further, you have put 'KB_IN_BYTES' inside quotes thus making it a string value (which has a numeric value of 0). So I guess the problem is in trying to read 0 bytes from a file that doesn't exist. And what is the comment about being "good citizens"? You don't close it either. (Has KB_IN_BYTES been defined as constant anywhere?)

Try this // Attempt delete query execution $stmt = $dbc->prepare("DELETE FROM users WHERE user_id = ? "); // prepare query with placeholder (?) for id value $stmt->bind_param('i', $_SESSION['user_id']); // bind the id value to the placeholder if ($stmt->execute()) { // execute the query echo "Records were deleted successfully."; } else { echo "ERROR: Not able to execute query " ; }

That same phpinfo() output will tell you the status of your error reporting settings. If you are developing on a hosted site it is probable that any error reports go to your php error log instead being displayed.

You can check the location of the php.ini file being used in the first section of the output from phpinfo(); EG

I can see I have been talking to myself. I have better things to than waste more time on you.

One way would be to add an "expiry_date" (default NULL) column to your user table. Instead of deleting the record, update the record setting the expiry date to CURRENT_DATE+3 days. Run a job every day that does a "DELETE FROM user WHERE expiry_date < CURRENT_DATE

At the moment, your query says "DELETE all records from the user table where the value in column "user_id" is equal to the value in column "user_id". Is it obvious to you yet why every record gets deleted? You need to fix your query so it compares the value in column user_id against your session value.

I suggest you read your query carefully, bearing in mind that the condition "user_id = user_id" is true for all records.

When your button's name is "delete" why are you checking for $_REQUEST["remove_$i"] instead of $_REQUEST['delete'] ? Stop using REQUEST. Use POST or GET depending on your form's method. if you are fetching data to display, use method GET. If submitting your form has consequences (such as updating, deleting, emailing) then use POST method.

For the record, the problem is an extra heading column, not an extra data column. You have <th> intead of a </th> thus adding an extra header cell. <th>VISITOR DOMAIN ADDRESS<th> ^

Those ini-set()s at the beginning need to be in your php.ini file. If you have startup errors the code isn't executed, so how can it then set and report startup errors???