roopurt18

The problem is in the code that outputs the form; here is your generated form: <form action="roster.php" method="post"> <table> <tr> <td><input type="text" name="player[-1][fname]" size="10"></td> <td><input type="text" name="player[-1][lname]" size="10"></td> <td><input type="text" name="player[-1][address]" size="15"></td> <td><input type="text" name="player[-1][city]" size="15"></td> <td><input type="text" name="player[-1][state]" size="2"></td> <td><input type="text" name="player[-1][zip]" size="10"></td> <td><input type="text" name="player[-1][phone]" size="10"></td> <td><input type="text" name="player[-1][email]" size="20"></td> <td><input type="text" name="player[-1][number]" size="2"></td> <td><input type="text" name="player[-1][gradyear]" size="4"></td> <td><input type="text" name="player[-1][feet]" size="1"></td> <td><input type="text" name="player[-1][inches]" size="4"></td> </tr> </table> <input type="submit" name="editplayers" value="Submit"></form> Remember I said the goal is for the name attributes to have the table column in them; these are all missing the player_roster_ prefix. So we will add it in the code that generates the form. The new code. I've changed two lines and commented them with (MODIFIED TO ADD player_roster_ prefix): <?php require('includes/application_top.php'); // if the customer is not logged on, redirect them to the login page if (!tep_session_is_registered('customer_id')) { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } ?> <!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"> <html <?php echo HTML_PARAMS; ?>> <head> <meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"> <title><?php echo TITLE; ?></title> <base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"> <link rel="stylesheet" type="text/css" href="stylesheet.css"> <?php require('includes/form_check_coach.js.php'); ?> </head> <body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"> <!-- header //--> <?php require(DIR_WS_INCLUDES . 'header.php'); ?> <!-- header_eof //--> <!-- body //--> <?php if( !empty( $_POST ) ) { /** * If you print_r( $_POST ) you will find that you have an array named 'players'. * Each index into this array will be POSITIVE and the players database ID if they already exist in the database * The index will be NEGATIVE if the player is new and needs to be inserted. * * And then each player is an array where the associative names should match your column names, * so that you can easily generate your insert / update statements based on what I * showed you earlier. */ foreach( $_POST['player'] as $player_id => $player_info ) { foreach( $player_info as $k => $v ) { $player_info[$k] = "'" . mysql_real_escape_string( $v ) . "'"; } echo "1<br />"; if( $player_id < 0 ) { $player_info['primary_key'] = "'" . mysql_real_escape_string( $player_id ) . "'"; $stmt = "insert into `rosters` ( " . implode( ', ', array_keys( $player_info ) ) . " ) values ( " . implode( ', ', $player_info ) . " )"; echo "2<br />"; }else{ foreach( $player_info as $k => $v ) { $player_info[$k] = '`' . $k . '`=' . $v; echo "3<br />"; } $stmt = "update `rosters` set " . implode( ', ', $player_info ) . " where " . "`primary_key`='" . mysql_real_escape_string( $player_id ) . "'"; echo "4<br />"; } $r = mysql_query( $stmt ); // check for errors and success if( !$r ) { echo mysql_error() . "<br>"; } echo "5<br />"; } echo "5a<br />"; exit(); return; // whatever is appropriate to stop processing echo "6<br />"; } echo "<form action=\"roster.php\" method=\"post\"><table>"; $result = mysql_query( $sqlplayers ); $maxrows = 15; $insid = -1; // create a blank player template $cols = array( 'fname' => 'size="10"', 'lname' => 'size="10"', 'address' => 'size="15"', 'city' => 'size="15"', 'state' => 'size="2"', 'zip' => 'size="10"', 'phone' => 'size="10"', 'email' => 'size="20"', 'number' => 'size="2"', 'gradyear' => 'size="4"', 'feet' => 'size="1"', 'inches' => 'size="4"' ); $blankplayer = array(); foreach( $cols as $c => $extra ) { $blankplayer['player_roster_' . $c] = ''; // MODIFIED TO ADD player_roster_ prefix } // we now have a blank player template for( $i = 1; $i <= $maxrows; $i++ ) { echo "<tr>"; if( $result ) { $player = mysql_fetch_assoc( $result ); } if( !$player ) { // We've run out of players, so create a blank one to insert $result = null; // stop trying to access result $player = $blankplayer; $player['id'] = $insid--; // first blank player is id -1, second is -2, third is -3, etc. } // dump the fields foreach( $cols as $c => $extra ) { $c = 'player_roster_' . $c; // MODIFIED TO ADD player_roster_ prefix echo "<td>" . tep_draw_input_field( "player[{$player['id']}][{$c}]", $row[$c], $extra ) ."</td>"; } $player = null; // important! echo "</tr>"; } ?> </table><input type="submit" name="editplayers" value="Submit" /> </form> <!-- footer //--> <?php require(DIR_WS_INCLUDES . 'footer.php'); ?> <!-- footer_eof //--> </body> </html> <?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?>

Well there you go. mysql_error() is telling you that `fname` is not a field in your database. Go back and look at the HTML generated for the original form. The idea is for each field to be named after the associated field in the database. In the form generation code I gave you I did my best to duplicate your table structure, but I don't know if I nailed it. But all of the inputs should have a name attribute of the format: name="players[player_primary_key_from_database][player_roster_column]" Make sure they're working like that and the update / insert code should also work. Otherwise, post: 1) Your table structure 2) The entire code 3) The HTML being generated for the form

You can still use SQL: select *, now() between start_tm and end_tm as `is_today` from `thetable` where ... Then your $row variable should have an index is_today: if( $row['is_today'] ) { echo 'it happens today'; }

In general the term you want to research is throttling.

Take a look at this page and the comments: http://www.php.net/manual/en/function.apache-request-headers.php They might steer you in the right direction.

There are generally two times when you escape data. The first time is when you are putting it into the database. In this case you use the appropriate escape method for your database, which is mysql_real_escape_string() for MySQL. This replaces characters that are dangerous for the database with ones that aren't and protects from hackers abusing your HTML forms to inject arbitrary SQL into your database. The second time you escape data is when you have taken it out of the database and are going to send it to the user's browser. In this case it is a good idea to use htmlentities() and / or striptags(). This protects innocent users from abusive users who like to embed JavaScript or other dangerous content into their data with your PHP forms. You do not typically use htmlentities() or striptags() when inserting data into the database; as a rule, valid data should go into the database intact. That is you should be inserting it as close to the original form as possible and not calling htmlentities() or striptags() on it, but only mysql_real_escape_string() so that it doesn't harm the database. In terms of encrypting, hashing, or masking, when you do these depends on the content of the data and the level of protection needed. Passwords should be hashed before being inserted into the database. Credit card info should be encrypted before going into the database and masked to look like XXXX XXXX XXXX 1234 when displaying to the user, assuming you're saving credit card info to begin with.

Did you read the installation requirements: http://www.php.net/manual/en/openssl.requirements.php (edit)Make sure you read user comments!

If you do this any other way than with a UNIQUE INDEX then your application is destined for failure.

It won't cause problems. But in SQL it's probably "more" correctly to use OR instead of || $query = "SELECT * FROM table WHERE (id=4 OR id=125) and approve=1 "; The IN( ... ) method is probably easier to code in PHP as well with arrays and implode.

$query = "SELECT * FROM table WHERE id in (4,125) and approve=1 ";

It does not let me enable the username column to be unique. Why not? You should enforce this with a UNIQUE INDEX, not PHP code.

<?php $file = "/path/to/csv/file"; $contents = file( $file ); $records = array(); foreach( $file as $line ) { $line = trim( $line ); if( !strlen( $line ) ) { continue; } // ignore empty lines if( substr_count( $line, ',' ) != 2 ) { continue; } // expect 2 commas list( $fname, $lname, $email ) = explode( ',', $line ); $records[] = array( 'fname' => $fname, 'lname' => $lname, 'email' => $email ); } print_r( $records ); // should have no empty records ?> Or you could probably just load it directly from the CSV file with and not use PHP at all: http://dev.mysql.com/doc/refman/5.1/en/load-data.html Sure, you're taking a PHP class. But no sense catching a fish with dynamite if you have a pole handy.

Oh and: $r = mysql_query( $stmt ); // check for errors and success if( !$r ) { echo mysql_error() . "<br>"; }

Try: echo "5a"; exit(); return; // whatever is appropriate to stop processing echo "6"; It's also more helpful if they appear on their own lines, so append either <br> or "\n" to them. And you can remove some of the basic ones now that you know they're being executed.

Or you could put them inside of: ~/public_html/private And inside private add an .htaccess file: Order allow,deny Deny from all If Apache decides to stop parshing PHP corbin, then your solution won't protect against it. (At least I don't think it will, I'm tired and it's been a long frustrating day.)

Add some simple echo statements throughout the page to see it's progression of execution.

Just remember that the primary markup, the markup that you, the developer, controls belongs in the views if you are using MVC. Anything editable by the user belongs in the database and is inserted as appropriate.

Markup can be content. In the last product I developed we allowed users to customize the markup on certain pages; their custom markup was saved in the database and plugged into the page where appropriate.

Documentation is always your friend.

http://dev.mysql.com/doc/refman/5.0/en/update.html update t1, t2 set t1.type=t2.type1 where t1.id=t2.id1

I guess I wasn't clear, but my point is you wouldn't. You only escape the data once it's in the form that it will be going into the database, which is after the hash function. You should still escape the output from hashing functions, even if at this point in time it doesn't seem necessary. So just to be ultra clear, this is the correct way: $password = mysql_real_escape_string( md5( $salt . $password ) );

CV isn't being harsh until someone is missing an appendage.

We provide guidance and assistance with things you've tried that didn't work. You asked how to perform authentication without a database and ken suggested a flat file. It's up to you to learn about PHP's file handling mechanisms, write some code, and then come back for help when your code doesn't work.

What's the entire result that is incorrect?

Well you said there are no errors and it's returning results, just that some of them have expired enddates. The only thing I can think of is NOW() is not what you're expecting it to be, which means the clock on that machine may be wrong. Try this: $sql = "SELECT *, now() as thenow FROM content WHERE NOW() BETWEEN startdate AND enddate";