Jump to content

Psycho

Moderators
  • Posts

    12,157
  • Joined

  • Last visited

  • Days Won

    129

Everything posted by Psycho

  1. Why would you "write out" the HTML for the form fields when you can easily create them programatically? $link_count = 10; for($link_no=1; $link_no<=$link_count; $link_no++) { echo "<tr> <td width='140' style='padding:4px;'>link {$link_no}:</td> <td ><input type='text' class='edit bk' name='links[]' style='width:350px;'></td> </tr>\n"; }
  2. That means your query is failing. You should always have error handling to see the errors. Yes this can be done. Based upon what I think you want to do, you probably want to do a UNION to get one result set from multiple tables. But, there are some specific things you will need to do to make that work. Primarily, the results from each table must "match" - they must return the same number of fields and each field must be of the same general type. So, if the first field returned from the first table is a text field, then the first field returned from the other tables must be a text field as well. You shouldn't be using "SELECT *" anyway, but in this situation you will definitely need to explicitly list of the fields to return for each table and ensure they match up. Although, if these tables contain the exact same fields you shouldn't be using separate tables to begin with.
  3. I don't believe there is anything in PHP to do what you ask. You can create PHP files with PHP but PHP has nothing to do with viewing PDF files in a web page. That functionality is typically handled by whatever PDF viewer the user has installed on their machine (e.g. Acrobat Reader). You simply need to provide a link to the PDF file in your web page. If the user has a PDF viewer installed, the PDF should automatically be displayed in their browser with appropriate controls (i.e. zooming) that are provided by the viewer.
  4. if(isset($_POST['links'])) { //Apply trim, remove empty values, apply htmlspecialcharacters $links = array_map(array_filter(array_map($_POST['links'], 'trim')), 'htmlspecialchars'); //Create array to hold insert values $values = array(); //Create array for results messages $results = array(); //Process processed post data foreach($links as $link) { if (!preg_match("/^(https?:\/\/+[\w\-]+\.[\w\-]+)/i", $link)) { $results[] = "'{$link}' is an invalid link."; } else { $values[] = "('{$row}', '{$link}')"; $results[] = "'{$link}' was inserted into database."; } } $query = "INSERT INTO " . PREFIX . "_post_links (matchid, link) VALUES " . implode(', ', $values); $db->query($query); echo implode("<br>\n", $results); }
  5. Well, pick the one that seems the least complicated, implement it step-by-step and continue until you run into problems. Then post here. However, I know I can find plenty of ready made image resizing/thumb creating functions with simple google searching. So, I'm not sure what your difficulty is. Although, those are usually based upon you already having the image or an uploaded image. So, do some searching on how to copy an image using a URL - then work on resizing it.
  6. What you should do will be driven by the purpose. When the user supplies the URL do you *want* to store that image locally (i.e.on the server)? If so, then you should copy the image to the server then make a thumbnail copy. If you only intent to store the URL and always get the source of the image from that URL, then it would be inefficient to create a thumbnail. Instead, you should use getimagesize() to get the height/width of the image and then determine the appropriate dimensions for the thumb and use those in the image tag.
  7. You queries are failing. You need to add error handling to trap those errors. In a dev environment you can just add an "or die(mysql_error())" to the query call, but for a production environment you can add something a little more elegant that won't display database errors to the user. Also, you are not escaping the user input which could cause the query to fail or, worse, open you up to SQL injection. You are also missing a lot of validation. For example, if the passwords are empty the will still be equal and the validation will pass. I made a lot of changes, so I can't guarantee this will work without some fixing of typos, but once that is taken care of you will get informative messages when there is a DB error <?php //Function to display db error messages based on dev or production environment function showDatabaseError($query, $userMessage=false) { $debugMode = true; //set to false for production environment if($debugMode) { echo "A DB error occured with the query: $query<br>Error: " . mysql_error(); } else { if($userMessage!==false) { echo $userMessage; } else { echo "A database error occured. Please try again later."; } } } $connect = mysql_connect("localhost","xx","xx") or die("Kunne ikke koble til database."); mysql_select_db("xxx") or die("Kunne ikke finne database"); $username = trim($_POST['brukernavn']); $usernameSQL = mysql_real_escape_string($username); $query = "SELECT brukernavn FROM brukere WHERE brukernavn='$usernameSQL'"; $result = mysql_query($query); if(!$result) { showDatabaseError($query); } elseif(mysql_num_rows($result)) { echo "Beklager, $username er allerede i bruk. Venligst velg ett annet brukernavn."; } else { $email = trim($_POST['epost']); $emailSQL = mysql_real_escape_string($email); $query = "SELECT epost FROM brukere WHERE epost='$emailSQL'"; $result = mysql_query($query); if(!$result) { showDatabaseError($query); } elseif(mysql_num_rows($result)) { echo "Beklager, $email er allerede i bruk."; } else { //You should really be hashing the password! $password = mysql_real_escape_string($_POST['passord']); $confirm_password = mysql_real_escape_string($_POST['confirm_password']); if($password != $confirm_password) { echo "Passordene du tastet matcher ikke."; } else { $nameSQL = mysql_real_escape_string(trim($_POST['navn'])); $placeSQL = mysql_real_escape_string(trim($_POST['bosted'])); $query = "INSERT INTO brukere (brukernavn, passord, epost, navn, bosted) VALUES ('$usernameSQL', '$password', '$emailSQL', '$nameSQL', '$placeSQL')"; $insert_user = mysql_query($query); if(!$result) { showDatabaseError($query, "Noe galt skjedde under registreringen, venligst gå tilbake og prøv på nytt."); } else { echo "Gratulerer, du er nå registrert. Du kan nå logge inn på venstre side."; } } } } ?>
  8. I don't think you are understanding what I have said previously. If you are defining a string using single quotes - then you need to escape any single quotes in that content. The escape character, the backslash, is not part of the content - it is only telling the PHP parser that the quote is not the end of the string being defined. If you go willy-nilly adding escape characters when you shouldn't be then you WILL be adding the backslash to the content. Here are some examples: $var = 'You need to escape single quotes (i.e. O\'Reilly) defined in single quotes'; echo $var; //Output: You need to escape single quotes (i.e. O'Reilly) defined in single quotes $var = "You shouldn\'t escape single quotes not defined in single quotes"; echo $var; //Output: You shouldn\'t escape single quotes not defined in single quotes
  9. I checked your page and it looks like you resolved the problem with the events priot to the 10h. Glad you got it worked out.
  10. C'mon, this isn't that difficult a concept is it? If you can't learn to debug code you will never get anywhere. That debugging code I gave you simply echo's out the values of the variables which are causing your problem. So, put those lines after where those variables are defined ($event_day is the last one defined - so it goes after that) and before the lines where you are having the problem. That would be before the if() statement that is always failing for you. You should then see where the cause of the problem is.
  11. I already showed you how to escape the apostrophes in the content in the scenario you provided. If you are dynamically defining the content some other way you may, or may not, need to do any escaping. I would not be able to know what you should (or should not do) without seeing how you are actually defining the content. If you were, for example, defining the content from a DB query, you wouldn't need to do any escaping.
  12. What do the variables $var1, $var2, and $var3 contain and what do you expect the output to be?
  13. If $content_html already includes the apostrophes, you don't need to do anything. It is only when you define a string with single apostrophes and you want to put single apostrophes in the content.
  14. OK, I misunderstood your events vs. performances. So, every event will have an associated performance (or performances). As to In your function, you are setting $events=array() in the function header if no value is passed to the function draw_calendar() for that parameter. You need to validate that the value passed to the function has what you expect it to have. Also, you define $event_day as $event_day = $year.'-'.$month.'-'.$list_day; $year and $month are supposed to be passed to the function, but I don't see where $list_day is defined. You need to simply add some debugging lines to your code to see what is what. Add this after the line where you define $event_day echo "Month: {$month}<br>\n"; echo "Year: {$year}<br>\n"; echo "Event Day: {$vent_day}<br>\n"; echo "Events:<pre>" . print_r($events) . "</pre>";
  15. If you want to define the string using sigle apostrophes, then you need to escape any single apostrophes in the content $body='<html><body><font size="1"> We\'re sending this email. It\'s been a while</font></body></html>'; Of course, you could define the string using double apostrophes, but then you need to escape those in the content. $body="<html><body><font size=\"1\"> We're sending this email. It's been a while</font></body></html>"; Then again, you can use the heredoc or nowdoc methods for defining the string. Lots of info here: http://php.net/manual/en/language.types.string.php
  16. You should run the query each time the page is accessed - not once each day - as Fenway already stated. Not sure why you need two tables (one for events and one for performances). Is there different data you need to store for the two types? If no, then just use one table with a "type" column to identify if it is an event or a performance. Then you only need to query one table. Or, if the two types of activities share some data, but not all. You could still do the same thing. Have one table for the common data with a column to identify the type, then two associative tables to define the extended information for Events or Performances. Then, you still have one main table to query. Or, you could stay with two completely separate tables and use a UNION clause to run one query to get all the records.
  17. One word of caution to what Buddski has suggested. Using WHERE MONTH(`datetime`) = 10 or the MONTHNAME() alternative will return any record that are in the specified month - regardless of year. I have seen very few - valid - implementations - that want to see all the records for a particular month across years. So, you likely need to add a year parameter to that WHERE clause.
  18. Here's one possible solution. I have never used it myself, so I can't speak to its efficacy. http://lsolesen.github.com/pel/
  19. //Case insensitive key sort function iksort($a, $b) { return strcasecmp(strtolower($a), strtolower($b)); } $array = array('One' => array(), 'two' => array(), '_three' => array()); uksort($array, 'iksort'); echo "<pre>".print_r($array, true)."</pre>"; Output Array ( [_three] => Array ( ) [One] => Array ( ) [two] => Array ( ) )
  20. No it does not. Underscores come before numbers. $array = array('one' => array(), 'two' => array(), '_three' => array()); ksort($array); echo "<pre>".print_r($array, true)."</pre>"; Output Array ( [_three] => Array ( ) [one] => Array ( ) [two] => Array ( ) )
  21. There is a function for sorting by keys. Did you even look in the manual? ksort() I can understand if you maybe didn't know how underscores would be sorted, but you could of at least tried. You would have found that it sorts exactly as you want.
  22. You should have a switch in your code to check if magic quotes are turned on before utilizing strip_slashes. But, in any event you should run strip_slashes before you run mysql_real_escape_string(). Although I would suggest using a function that automatically removes any modification due to magic quotes on all input (see the manual), try this function cleanvar ($var) { if (get_magic_quotes_gpc()) { $var = stripslashes($var); } return mysql_real_escape_string($var); } Also, why are you using mysql_real_escape_string() on an "id" field? If that's an id field I would expect it is an integer value. mysql_real_escape_string() is meant for string input. SO, you should validate/force the value to be an integer. One option is to cast the value as an integer $galleryid = (int) $_GET['gid']; Or use the intval() function
  23. I see no reason why they would have an XML file with a PHP extension unless the intent was to allow dynamically created config files. If I was working on it, there are a lot of different things I would try. Have you tried contacting the author of the application?
  24. Two things to try. 1. Do the same thing, but add a line break at the end <?php echo "<Associate-O-Matic Version=\"5.0.2\">\n"; ?> If that doesn't work, then add the appropriate header for an XML file output at the top of the page <?php header ("Content-Type:text/xml"); ?>
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.