Psycho

You say you found the solution - but there are multiple solutions. My preference is to put any files that shouldn't be directly accessed outside of the public folders. Then you don't have to worry about folder permissions or putting logic into the files to prevent access.

mac_gyver provide a lot of good info, but the above was something that you should pay particular attention to as the problem may not have anything to do with bots. If I understand his comment, the page would send an email just from accessing the form - i.e. so submission would be needed. If that is the case, you should wrap all the logic to receive the form data and process it within a condition that actually checks if the form was submitted.

FYI: It appears the back tick and the W got combined into a single character with a dialectic! That should be UPDATE `ctryvisits15`SET `Qtr`= 1 WHERE `WNo`< 14

It's a lot like order of operations in math. If I want to add 2 and 3 and then multiple the result by 4, this will not work: 2 + 3 * 4 In math, multiplication and division are performed first. So the result of that would be 2 + 3 * 4 = 2 + 12 = 14 To get the intended result, you would have to enclose the addition in parenthesis (2 + 3) * 4 = 5 * 4 = 20

Ah, The problem is the OR condition. Operators have a process in how they are interpreted. For AND/OR operators that are interpreted from left to right. For an OR operator, if the condition(s) to the left are True or if the condition(s) to the right are True - then the result is True. Your conditions are being interpreted as this If `idequipamento` IS NULL OR `idequipamento` =12 AND `idsala` =13 AND `idtempoInicio` <2 AND `idTempoFim` >2 AND `data` = "2015-06-12" The first record matches the condition because idequipamento is NULL. You need to use parenthesis to group conditions to be interpreted how you wish them to be interpreted SELECT COUNT( * ) AS total FROM `ebspma_paad_ebspma`.`req_material_reserva` WHERE (`idequipamento` IS NULL OR `idequipamento` =12) AND `idsala` = 13 AND `idtempoInicio` <2 AND `idTempoFim` >2 AND `data` = "2015-06-12"

I think you misunderstand how a COUNT() query will work. I am assuming you are counting the number of records in the result set - which will always be 1. You will ALWAYS get a result - that result will contain the number of the COUNT() calculation. Using the example data and query you have above you should get a result with one record. That one record will contain a value of 0 - because there were no matching records. You need to extract the value from that result to get the number you are after.

The answer is simple. You do a foreach() to define different INSERT statements in the $sql variable. Each iteration of the loop overwrites the preceding $sql statement with the new statement. Therefore, when the loop completes, $sql only contains the statement for the last INSERT statement. It isn't until after the loop completes (and $sql only contains the last INSERT statement) that you actually execute the statement. You could put the execution of the statement in the loop foreach ($data as $rec) { $sql = "INSERT INTO data (user_id, " . join(', ', $keys) . ", status) VALUES "; $sql .= "(1, '" . join("', '", $rec) . "', 'ok')";; echo $sql . '<br>'; if ($conn->query($sql) === TRUE) { echo "New record created successfully"; } else { echo "Error: " . $sql . "<br>" . $conn->error; } } But running queries in loops can be a performance issue. It's better to create one INSERT statement with all the records. //Create an array of values for the insert statement $values = array(); foreach ($data as $rec) { $values[] = "(1, '" . join("', '", $rec) . "', 'ok')"; } //Create a single insert statement with all the values $sql = "INSERT INTO data (user_id, " . join(', ', $keys) . ", status)"; $sql .= "VALUES " . implode(", ", $values); echo $sql . '<br>'; if ($conn->query($sql) === TRUE) { echo "New record created successfully"; } else { echo "Error: " . $sql . "<br>" . $conn->error; }

To add to ginerjm's response: What is the purpose of selecting the record with an ID of 31 if you don't want to use it? If you don't need that value then don't select it, by adding criteria to your WHERE clause. WHERE id = 1 Then you would only have the record(s) for ID 1 Or if you do need those records and only want to ensure the ID of 1 is first, then order the records so it will be first ORDER BY id = 1

Impossible to state. There are many variable to consider other than just the number of records being added: CPU, Memory, how big the existing database is, are there any triggers, complexity of the table, the type of data for those records, shared server, etc., etc. The only way to know is to run some tests using the same or similar hardware and configuration as you would expect to see in your production environment. If this is a shared server, you are really at a disadvantage as your results would be based on what is happening with the other sites using that same database server.

Just use a script tag to include a file with the error function: <script type="text/javascript" src="path/nameOfFile.js"></script>

I'm not really understanding your question. But, your query appears to be invalid [cod]WHERE IN (SELECT session_id . . . [/code] WHERE "WHAT" is IN the select query. Again, I really don't understand all the facets of what you are trying to accomplish, but I don't see that you need the IN() clause at all. Why not just this? DELETE FROM sessions WHERE session_id = s.session_id AND UTC_TIMESTAMP() > DATE_ADD(modified, INTERVAL lifetime SECONDS)

I don't see that this is any different from a site that uses a normal username/password authentication process. The fact that the username is a populated select list of values as opposed to a free-form text field does not require any differences in functionality (except to run a query to populate the select list). You say "the password is where things get muddled". Don't have any clue what that means. What, specifically, are you having an issue with?

If the value truly is NULL, I don't see an easy solution. You could create a sub-query that returns either the target ID (if it exists) or NULL. But, you wouldn't be able to use the result of that sub-query because you compare against a value and NULL differently. E.g. SELECT * FROM tbl_featured_images WHERE pageID = ( SELECT pageID FROM tbl_featured_images WHERE pageID = :page OR pageID IS NULL ORDER BY pageID ASC LIMIT 1 ) That sub-query will return either the page ID (if it exists for any records) else it returns NULL. The problem is you can't do a pageID = NULL If you are using an empty string instead of NULL, then you can use the above and change the OR condition to look for that empty string and it will work. Even with NULL, this can probably be done with one query - but it may be rather complicated. May just be worth running one query to find records with the target ID. If the results are empty, then run a second query for all records that are NULL.

Deleted my response. I'm pretty sure this is homework and the problem is super easy. At least show an attempt at what you've tried - then ask for help showing what you tried.

@Barand & QuickOldCar: But, accoridng to his attached image, he is storing the timestamp as a UNIX timestamp - not a MySQL timestamp. So, none of those soltuions will work. He could use @honkmaster: You shoudl really store dates using one of the native date/time fields supported in your database. Then you can use all the date/time functions thata re natively supported in the database (such as was shown above). In fact, you could just create a DB Timestamp and the field woould be auto-populated whenever you create a new record - without needing to include in in your query. But, you could use FROM_UNIXTIME() with what you have - but I would still say you should change what you are doing to a proper method. SELECT COUNT(*) FROM history WHERE DATE(FROM_UNIXTIME(history_date)) = CURDATE()

You could also encrypt within the database as opposed to doing it with PHP: https://dev.mysql.com/doc/refman/5.5/en/encryption-functions.html There are advantages and disadvanteges to both

At the very end of the script you have this: $xml->save(dirname(__FILE__)."/streamguideXML/".$channel.".xml") or die("Error"); } //END OF FUNCTION However, there is no function in your script. That final bracket is the closing bracket for the first foreach loop - so, yes, you are creating a file for each execution of the loop.

I typically use one form for both the create and update scenarios. I will include a hidden field for the ID field. For a scenario where the user requests to create a new record the hidden field will be empty or 0. But, if the user selects to update a record, I will query the data for that user and populate the fields (including the hidden field) as Brand stated above. Then, when the form is posted, I would simply do a check to see if the id field is set or not. If yes, perform an UPDATE query - else I perform an INSERT query.

In your original post you stated you have this code in the page <div class="form-group"> <label for="exampleInputPassword1">Sala</label> <select class="form-control" id="sala" name="sala" onchange="verificaSala(this)"> <option selected="selected">Escolha a sala</option> </select> </div> You also showed JavaScript code that is apparently executed on page load to do a call to a server-side page to get the list of values to populate the select list. That is inefficient. Just put the PHP code in the page that is called to build the select list rather than sending the user a page and then having to make a subsequent JavaScript call. In other words, you can do it all in the main page without having to do another server-side call (no JavaScript required) <?php error_reporting(E_ALL | E_NOTICE); ini_set('display_errors', '1'); include 'conn.php'; mysql_query("SET NAMES 'utf8'"); //Execute query to get list of sala values $query = 'SELECT `idsala`, `sala` FROM `ebspma_paad_ebspma`.`req_material_sala`;'; $result = mysql_query($query)or die ("Error in query: $rs. ".mysql_error()); //Create HMTL output for list of sala options $salaOptions = "<option selected='selected'>Escolha a sala</option>\n"; //Set default value while($row = mysql_fetch_assoc($result)) { $salaOptions .= "<option value='{$row['idsala']}'>{$row['sala']}</option>\n"; } ?> <!-- HTML content before select list goes here --> <div class="form-group"> <label for="exampleInputPassword1">Sala</label> <select class="form-control" id="sala" name="sala" onchange="verificaSala(this)"> <?php echo $salaOptions; ?> </select> </div>

On second thought, it would be better to add it to the JavaScript that builds the new options. Just set that option in the code before the new options are appended. But, I'm still not understanding why you are creating the initial values in JavaScript instead of the back-end code. <script> $(function(){ var items = '<option selected="selected">Escolha a sala</option>'; $.getJSON("getSalas.php",function(data){ $.each(data,function(index,item) { items += '<option value="'+item.idsala+'">'+item.sala+'</option>'; }); $("#sala").html(items); }); }); </script>

As QuickOldCar stated previously Yet, you have this $date = "2015-01-01"; . . . $tmp = date("F", $date);

Why are you using JavaScript to populate the values of the select list? Can the list items dynamically change after the user has loaded the page? In any event, that's not how I typically see the values of a list changed. It could cause problems with pre-selected values and other scenarios. The problem is you are replacing the entire list with what is returned from getSalas.php. You will either need to 1) Change getSalas.php to return the "Choose a value" option in the list it returns or 2) Change the logic so getSalas.php returns an array of options, then use JavaScript to append those to the current list.

I don't think this is a scenario where I would use explode. Rather, I think, regular expression would be a better solution. Having said that, you show a sample string that contains 4 pieces of information, yet you only show three values. Do the two instances of "2" in the string both represent the quantity?

When using a function, you need to understand what the parameters are what they are for. The str_replace function takes 1) the search string, 2) the replacement string and 3) the subject (i.e. the content which you want to replace the strings in). Your code makes no use of the subject. What was wrong with the code I provided you on the previous topic to do the same thing? You can't use str_replace() to replace the value of a line like $host = ''; because there are multiple instances of = ''. You need to use a regular expression to find and replace the values for those variables. Or, you have to search and replace the entire line (e.g. search for "$host = '';"). But, doing that limits you to only replacing the values if they have never been set before. That is why I provided a regex solution that can be used to set the initial value as well as updating the values in the future. If you are not going to use the help provided then some people (i.e. me) will likely stop helping you.

Why do you feel that storing data in the session is inefficient?