Psycho

Well, obviously there are no records to JOIN from the session table to the topics table. That seem slike a really inefficient way to do a JOIN. BUt, using what you have you would need to do a little debugging to see why yhe join is not occuring. 1) First echo the query to the page to ensure the $_GET['tid'] value is what you expect 2) Do a query of records in the session table to see if any have tid=[TID_VALUE] in the referrer column AND 'act=topic' after the first ampersand.

This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=319917.0

Do you actually see that line when you view the image in the page or only when you take a screenshot? If I take a screenshot and view that image in a larger size I do see the line. But, if I use the Windows magnifier to view the actual image in IE or FF at a much larger size, there is no dark line. So, in my situation it looks like the dark line is only there when I take a screenshot, so it is an artifact of that process and has nothing to do with the image generation. EDIT: Correction, the line is only visible when I take a screenshot AND save that as a JPG. That makes sense since JPG is a lossy format and will do things like that. If I save the SS as a GIF/PNG there is still no visible line.

When I ran your code above (with the debug echo line) I got the values: 0-25, 25-51, 51-76, & 76-101. It was MY code that generated the values 0-24, 25-49, 50-74, & 75-99. Even when I removed the +1 from your code I got imperfect values. Besides, your code was overly complex. All you need is //Before the loop $bgHeight = ($this->height/count($this->bgColorsAry)); //In the loop $bg_y_start = round(($idx) * $bgHeight); $bg_y_end = round(($idx+1) * $bgHeight) - 1; As I stated, there is a good possibility that the dark line is due to the fact that your code was generating an overlap between colors. Try my code and see what you get.

I was bored and decided this would work much better as a class. EDIT: FYI: There was a problem with your logic for determining the Y start/end positions. Using a height of 100 your start/end values were 0-25, 25-51, 51-76, & 76-101. There are two problems there. One: the values should only go from 0 to 99 (not 101); Two: the rectangles overlapped. The overlapping might account for the problem you saw with the dark line. The code below corrects both issues and calculates the start/end values as: 0-24, 25-49, 50-74, & 75-99 Use $bgImage->outputBGImage(true); to output the debugging code instead of the image. <?php class createBGImage { var $width; var $height; var $bgColorsAry = array(); function createBGImage($width, $height) { $this->width = $width; $this->height = $height; return; } function addBackground($red, $green, $blue, $alpha) { $this->bgColorsAry[] = array($red, $green, $blue, $alpha); return; } function outputBGImage($debug=false) { //Create ouput image object $imageObj = imagecreatetruecolor($this->width, $this->height); $transBackground = imagecolorallocatealpha($imageObj, 255, 255, 255, 0); imagefill($imageObj, 0, 0, $transBackground); //Calculate background height $bgHeight = ($this->height/count($this->bgColorsAry)); foreach($this->bgColorsAry as $idx => $bgColorAry) { //Calclate bg y start and end $bg_y_start = round(($idx) * $bgHeight); $bg_y_end = round(($idx+1) * $bgHeight) - 1; //Get color parameters list($red, $grn, $blu, $alpha) = $bgColorAry; if($debug) { echo "<b>BG{$idx}:</b> y_pos: {$bg_y_start}/{$bg_y_end}, Red: {$red}, Grn: {$grn}, Blue: {$blu}, Alpha: {$alpha}<br />\n"; } else { // Create background color identifier $bgColorObj = imagecolorallocatealpha($imageObj, $red, $grn, $blu, $alpha); //Add background color imagefilledrectangle($imageObj, 0, $bg_y_start, $this->width-1, $bg_y_end, $bgColorObj); } } //Output the image if(!$debug) { header('Content-type: image/png'); imagepng($imageObj, NULL, 0); } } } //Create the image $bgImage = new createBGImage(500, 100); $bgImage->addBackground(255, 0, 0, 0); $bgImage->addBackground(0, 255, 0, 0); $bgImage->addBackground(0, 0, 255, 0); $bgImage->addBackground(0, 255, 255, 0); $bgImage->outputBGImage(); exit(); ?>

I don't think that line is "IN" the image. It is more likely an artifact caused by the rendering of the two colors next to each other with the colors butted up against each other. When running the code above I cannot see the line in IE or FF.

I've tried the code above and don't see any black line (I also tried uncommenting the two lines specified). Are you running that code with any different values?

Seriously? As I said I have not worked with prepared statements but I can see that there is a difference between the query in that last function and the ones used in the previous functions. I pointed out that difference to you. Can you not make the logical conclusion of what you should try? Query in first function "SELECT `ID` FROM `users` WHERE `Email` = ? LIMIT 1" Query in last function 'UPDATE `users` SET `Password`="'.$password.'" WHERE `ID`="?" LIMIT 1' Although you should also not use double quotes around the password value either. Try changing the line in that last function to $SQL = $mySQL->prepare("UPDATE `users` SET `Password`= '$password' WHERE `ID`= ? LIMIT 1"); BY the way there are many other problems in your code within the logic. For example, take this function - look at the comment I added function checkSecAnswer($userID,$answer) { global $mySQL; if ($SQL = $mySQL->prepare("SELECT `Username` FROM `users` WHERE `ID` = ? AND LOWER(`secA`) = ? LIMIT 1")) { $answer = strtolower($answer); $SQL->bind_param('is',$userID,$answer); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->close(); return ($numRows >= 1) { return true; } //If $mySQL->prepare returns true above and $numRows == 0 // then this function will not return anything ! ! ! } else { return false; } } The function should look like this. If the $mySQL->prepare returns false or if no records are returned then the function will return false. function checkSecAnswer($userID,$answer) { global $mySQL; if ($SQL = $mySQL->prepare("SELECT `Username` FROM `users` WHERE `ID` = ? AND LOWER(`secA`) = ? LIMIT 1")) { $answer = strtolower($answer); $SQL->bind_param('is',$userID,$answer); $SQL->execute(); $SQL->store_result(); $numRows = $SQL->num_rows(); $SQL->close(); return ($numRows >= 1); } return false; }

All you have posted is a bunch of functions. Where is the code that calls those functions? You have a function changePassword() that generates the temp password. You state that the email is being sent. Since you don't state that the email does not have the temp password I will assume that it does. That means the function changePassword() is apparently getting called and providing that temp password. So, I'm guessing the query is failing - or more specifically it is not finding any matching records to update. You need to validate that you are passing the proper UserID to the function. Also, I have not made the switch to prepared statements, but I do see something different about that query. In the other queries you just used the question mark by itself to identify the parameter value. But, in the query for the changePassword() function you enclose it in double quotes. I have a feeling that is the problem.

PRE tags only preserve spaces and line breaks and display the font in a fixed-width style. If you have any "code" in the content it can still be processed by the browser. The example I used has nl2br() to convert the line breaks to BR tags

Your POST values likely don't have values or were not even sent. Add the following to the bottom of that script to see what, if anything, was sent in the POST data echo "<pre>"; print_r($_POST); echo "</pre>";

That because you are using nl2br() BEFORE you count the characters. So, the PHP validation is converting a new line character to "<br />" (which is 6 characters) then you are checking the length. Check the length THEN convert the new lines to BR tags.

That code really needs some work. You should be sorting your records when you query the database, then you don't need to manipulate the results. You should also be using JOINs instead of running queries in loops. In fact, I'm really confused by your code. You do a query to get the ids from a table where the from_user is a specific value THEN you do queries on each ID to get more data. Why don't you get all the data you need on the first query??? You can get everythign you need with one query in the order you want it. $username = $_SESSION['username']; $query = "SELECT id, from_user, to_user FROM my_activity WHERE from_user='$username' OR to_user='$username' ORDER BY id"; $result = mysql_query($query); while($row = mysql_fetch_assoc($result)) { echo "ID: {$row['id']}, From: {$row['from_user']}, To{$row['to_user']}<br />\n"; }

Here is a very simple example: <?php //Turn on output buffering ob_start(); //Create/Output the BODY of the HTML document $datetime = date('m-d-Y H:m:i'); echo "<h2>Today is: {$datetime}</h2>\n"; echo "More content goes here"; //Save the body to a variable $body = ob_get_contents(); //Create an escaped version of the body $body_code = nl2br(htmlentities($body)); //Clear the content of the output buffer ob_end_clean(); //Output the results of the body and the code ?> <html> <head> <title>Test Page</title> <head> <body> <?php echo $body; ?> <hr> This is the value of $body: <br><br> <?php echo $body_code; ?> </body> </html>

You can check the value of $_SERVER['HTTP_USER_AGENT'] and do a redirect based upon that value. However, that value can be spoofed by users if they really want to. So, it is not fool-proof. You would also have to determine how you will "decide" if the browser is IE or FF. Here are the contents of that variable using versions of IE7 and FF3 on my PC: - Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; MS-RTC EA 2; MS-RTC LM - Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 GTB7.1 (.NET CLR 3.5.30729) I'm sure there are some best practices, but I would guess you could check if the value contains "MSIE" or "Firefox"

You say the files (for each user) are stored in separate folders, but that the URLs for the photos are also stored in the database. Not sure how you are storing the data, but you should probably be storing the "root" folder location as part of the user table and then store the image file names in a separate table associated with each user. Anyway, you *could* determine which images to show a user by using file functions to read the images in the folder, but if you are already using a database - then use it. So, when a users access the page to see their photos, just do a query to get the root folder and the image names based upon the logged in user. Then process the results to display the images on the page. I would also assume that your comments are included as part of the image database. However, you now have the problem that a user could check the path for any of the displayed images and then use that path to potentially access images by other users (but not your comments). To prevent that you would want to obfuscate the actual path and (even better) put the images in a location that is not directly accessible. To do this, first put the images in a location that is not web accessible. Then when you query the images you would get the unique ID of the images and create your image tags somethign like this: <img src="http://www.mysite.com/get_image.php?id=123"/> You would then create the page get_image.php to use the passed ID to determine the file system path to the image, read the image and pass the image to the user. So, the user does not know the path and cannot access the file directly.

You would put the logic in the PHP code - never do queries in loops. Here is an example using some mock code function createTable($results) { $output = "<table>\n"; foreach() { $output .= "<tr>\n"; $output .= "<td>{$record['name']}</td>\n"; $output .= "<td>{$record['birthdate']}</td>\n"; $output .= "<td>{$record['phone']}</td>\n"; $output .= "</tr>\n"; } $output .= "</table>\n"; return $output; } $query = "SELECT id, name, birthdate, phone FROM table ORDER BY id"; $result = mysql_query($query); $current_id = false; $recordsByID = array(); while($record = mysql_fetch_assoc($result)) { if($current_id != $record['id']) { $current_id = $record['id']; if(count($recordsByID)>0) { echo createTable($recordsByID); $recordsByID = array(); } } $recordsByID[] = $record; } echo createTable($recordsByID);

There are plenty of things you can do, but none will absolutely ensure the email doesn't get flagged as junk. If it was that simple every spammer would configue their email not to go in the spam folder, right? In addition to the above you should ensure the email has all the proper headers, return address, etc. Plus, I have seen problems when the from email domain is not hosted on the email server that sends the email

No, you were clear. We have given you the correct solution. What you are asking to do would require running quries in loops which is very inneficient.

One correction, you would need to use 'IN' instead of an '=' SELECT * FROM someothertable WHERE id IN (SELECT id FROM sometable) Or you could also do a JOIN if you need data from both tables SELECT * FROM sometable JOIN someothertable ON sometable.id = someothertable.id WHERE sometable.id = $somevalue --optional, if needed Or, if the column names are exactly the same as in your example SELECT * FROM sometable JOIN someothertable USING id WHERE id = $somevalue --optional, if needed

Then your answer is simple. Look at this bit of code you posted previously if (isset ($_FILES['fupload'])) { //upload the image to tmp directory $url = $_FILES['fupload']['name']; // Set $url To Equal The Filename For Later Use if ($_FILES['fupload']['type'] == "image/jpg" || $_FILES['fupload']['type'] == "image/jpeg" || $_FILES['fupload']['type'] == "image/pjpeg") { $file_ext = strrchr($_FILES['fupload']['name'], '.'); // Get The File Extention In The Format Of , For Instance, .jpg, .gif or .php $copy = copy($_FILES['fupload']['tmp_name'], $idir. basename($_FILES['fupload']['name'], $file_ext).rand(10000 , 99999).$file_ext); // Move Image From Temporary Location To Perm } } You "save" the original name to the variable $url which you later used in your INSERT statement, but you actually saved the file using the name $idir. basename($_FILES['fupload']['name'], $file_ext).rand(10000 , 99999).$file_ext); You just need to create the new name as a varaible first then use that to both save the file AND to save to the database. Here is a modification of that block of code that you can use to rewrite the similar blocks: if (isset ($_FILES['fupload'])) { //upload the image to tmp directory $file_ext = strrchr($_FILES['fupload']['name'], '.'); // Get The File Extention In The Format Of , For Instance, .jpg, .gif or .php $url = basename($_FILES['fupload']['name'], $file_ext).time().$file_ext); // Set $url To Equal The Filename For Later Use if (in_array($_FILES['fupload']['type'], array('image/jpg', 'image/jpeg','image/pjpeg')) { $copy = copy($_FILES['fupload']['tmp_name'], $idir.$url); // Move Image From Temporary Location To Perm } }

I guess I am reading the problem differently than the last two posters. Looking at the code it seems he is trying to insert the ORIGINAL file name in the database - not the modified name with the random number. First, I agree with nafetski that a timestamp would be prefereable to a random number. But, more importantly - if you are storing the original names but not the modified names, how are you linking the database records to the images? You need to store both in the same record. That way you can display the original name the user uploaded but still link it back to the unique file name you create. However, none of that is your problem. If you are getting a database error when trying to insert an image with the same original name as another image, the problem is that you have set that field in the database to be a unique field.

You don't. There is no reason to run multiple queries. And you don't have the CUI's in a variable. $cuis = mysql_query("SELECT CUI1,CUI2,REL FROM MRREL WHERE CUI1 IN $cui1 OR CUI1 IN $cui2 "); In that code $cuis is a resource identifier to a MySQL result set. You would have to loop through that result set to get the values to use in a subsequent query. Why would you not want to run just one queery anyway?

You only need one query SELECT CUI1, CUI2, REL FROM MRREL WHERE CUI1 IN (SELECT DISTINCT CUI FROM MRSTY WHERE STY='ABC' OR STY='XYZ')

I will give no guarantees since I do not have your files to work with, but I'll give some suggestions. First don't run any code that you don't need to. For example, you define the variable $size, but you only use it within an IF condition. So, you only need to define it within the condition. Defining it outside the condition is unnecessary. In fact, I wouldn't even define it at all. In this case, however, the performance gain is imperceptible, but just giving an idea of the logic I would use to approach a problem such as this. The real meat of the function is the for loop that loops over every record in the array created using file(). But, you are only removing one line, correct? So, you don't even need a loop. Just unset() the one line you don't want and then implode the array! Also, PHP uses zero based indexes by default, I would adjust the function to do the same (i.e. pass a zero to remove the first line, 1 to remove the 2nd line , etc.). That makes it consistent with how PHP operates and will solve some other possible issues. Give this a try public function deleteLine($line_no, $csvFileName) { // this function strips a specific line from a file // if a line is stripped, functions returns True else false // // e.g. // deleteLine(-1, xyz.csv); // strip last line // deleteLine(-2, xyz.csv); // strip 2nd to last line // deleteLine(0, xyz.csv); // strip 1st line // deleteLine(1, xyz.csv); // strip 2nd line // Assigna o nome do ficheiro //Define default return value $strip_return = false; //Parse fiel into an arrya $lines = file($csvFileName); //Define the line index to be removed $skip_index = ($line_no < 0) ? count($lines)+$line_no : $line_no; //Check if the line exists if(isset($lines[$skip_index])) { //The line exists - remove it unset($lines[$skip_index]); $strip_return = true; //Open file to write new contents $pipe = fopen($csvFileName, 'w'); //Write the array using implode fwrite($pipe, implode(PHP_EOL, $lines); //Close the file fclose($pipe); } return $strip_return; }