Psycho

Well, the solution depends on how you plan to implement the pop-up. Are you going to generate the content for the pop-up on-the-fly by passing the message ID and running a new query OR do you want to have the conent for the pop-up preloaded using this query? If you want to generate the code for the pop-up dynamically when the link is clicked, then you want to use a GROUP BY clause on this first query. If you want to preload the content for the popup then stick with your existing query and implement PHP logic to only display each message once. Example: $current_msg_id = ''; while($row = mysql_fetch_assoc($query)) { if ($current_msg_id!==$row['id']) { echo "$row[date] $row[message]" <br />; $current_msg_id = $row['id']; } }

Ok, I am in TOTAL agreement with those above - do not name elements "delete" or anything else that would cause a conflict. But, just for educational purposes, there is a workaround. document.photocomment['delete'].style.visibility = ... I only pose this because if you have fields named so they will be processed as arrays (i.e. name="foo[]") then you need to use this method to reference the fields. var fieldsArrayObj = document.formName['foo[]'];

While the method described above can prove useful, I submit it is definitely not bulletproof and preventing the use of email addresses that fail that validation will do nothing but tick off users entering "real" email addresses that simply fail that validation for any number of reasons - as stated in this comment in the manual: http://fr2.php.net/manual/en/function.checkdnsrr.php#75452 I have used perfectly valid email addresses in the past which failed such validations because I was using an address that was simply redirected and there was no DNS record for the mailserver or where I used a "custom" alias that would go to a "catch-all" account.

That IF statement needs an else - otherwise the display will never return to hidden. I'd use the ternary operator in this situation. function foo (e) { var idx = e.options.selectedIndex; document.getElementById('k').style.display = (e.options[idx].value === 'e') '' : 'hidden'; }

You have a FORM within a FORM? That makes no sense. Create just one form with an onsubmit trigger that first checks if any checkboxes are selected then asks for a confirmation. I would also suggest you give your variables/functions descriptive names. "cbox" tells nothng about what the function is or does. And using the name "checkbox" is even worse. what does the checkbox represent? Some item ID I expect, but I would giv it a representative naem, e.g. artistID, orderID, etc. JS Functions function isChecked(checkGroup) { //Iterrate through each checkbox in the group //to ensure at least one is checked for (var i=0; i<checkGroup.length; i++) { if (checkGroup[i].checked) { return true; } } alert("Please select at least one."); return false; } function validateForm(formObj) { //Ensure at least one item is checked if(!isChecked(formObj['item_id[]'])) { return false; } //Confirm the deletion return confirm('Are you 100% totally certain that you want to DELETE this ?'); } HTML (I'm assuming there's supposed to be some kind of loop here for the items?) <FORM ID="form1" NAME="form1" METHOD="get" ACTION="" ONSUBMIT='return validateFOrm(this);'> <TD valign="top" colspan="9"> <INPUT NAME="submit" TYPE="submit" value="Delete Selected" /> <INPUT TYPE="hidden" NAME="item_id[]" VALUE="<?php echo $row2['order_id']; ?>" /> </TD> </form>

No offense, but your first response states it is not returning anything, then your second response states it's returning the wrong values. So, forgive me if I don't trust your results. Based on the logic, i see no reason it would not work. You do know that in Javascript the months are numerically based starting at zero (0), right? January = 0, February = 1, etc.

I'm pretty sure that first line is invalid. I'm really not making sense of your code, but... Assuming you have the year and the month as numerical values, this function will return the number of days in that month: function daysInMonth(iMonth, iYear) { return 32 - new Date(iYear, iMonth, 32).getDate(); } I do not take credit for this. I lifted this code from here: http://snippets.dzone.com/posts/show/2099

Change the onclick calls to only send the numerical part of the DIV ID. Then use the function shown below: <html> <head> <script language="javascript"> function setvisibility(id) { for (var tabIdx=1; tabObj=document.getElementById('tab'+tabIdx); tabIdx++) { tabObj.style.visibility = (id==tabIdx) ? 'visible' : 'hidden'; } return; } </script> </head> <body> <li><a onclick="javascript: setvisibility(1);"><span>One</span></a></li> <li><a onclick="javascript: setvisibility(2);"><span>Two</span></a></li> <li><a onclick="javascript: setvisibility(3);"><span>Three</span></a></li> <li><a onclick="javascript: setvisibility(4);"><span>Four</span></a></li> <li><a onclick="javascript: setvisibility(5);"><span>Five</span></a></li> <div id="tab1" class="tabs">content1</div> <div id="tab2" class="tabs">content2</div> <div id="tab3" class="tabs">content3</div> <div id="tab4" class="tabs">content4</div> <div id="tab5" class="tabs">content5</div> <body> </html>

You should do this server-side, not client-side.

Each function has it's particular purpose. It is your responsibility to decide what to use and when. Read the documentation for each function (including the user comments). You will learn a lot. I'll give you a quick rundown of some of those you asked about: You should ALWAYS use mysql_real_escape_string() for any user input when using a query (saving, updating, searching, etc). Almost all user input is displayed on a page in some way or another. When it is you need to decide how" it needs to be displayed. let me give you a few examples: Let's say the user entered "<b>Some text</B>" If you are going to display the input within the body of the HTML page you need to decide if you want the HTML code in the user input to be interpreted ("Some text") or if you want it displayed exactly as they entered it ("<b>Some text</B>"). There are valid reasons for wanting the HTMLin the user input to be validated - but they are rare because allowign the user's input to be interpreted as HTML can allow them to seriously harm your pages (which is why almost all forums use modified tags such as [ b ], for only tags they want to allow. They are then translated into their HTML equivalent when displayed). So, in most cases you want the text to be displayed verbatim. That is when you would use htmlentities() or htmlspecialchars() which will translate certain characters, such as the opening and closing HTML brackets, into the escaped character equivalents. So, the above example would be translated into something like "<b>Some text</b>". But you would only want to use that when displaying the input on the page. It might seem simpler to just save it that way to the database so you don't have to "escape" it whenever you want to display it on the page. But, if you ever want the user to be able to edit their content you wouldn't be able to populate a text field in it's original form. So, save the content exactly how the user entered it. Then use one of the two functions above to escape when displaying within HTML, but display it as-is when repopulating a text field. One other note. Although I state above that you should save the user content exactly how the user entered it, that is not a "global" statement. There are situations where you should remove certain characters or perform other validations. But, what characters you don't allow or changes you make will always depend on how that data is stored and saved (a date for example). You need to make that decision for each piece of data.

Kinda hard to be specific based upon what you provided, but I think I can get you going inthe right direction. By looking at your code it appears the server-side script is returning back some text that is being populated into the page. But, you state that "sometimes" you want that response to also initiate a call to another JS function. As long as you can make that determination in the server-side code this is a trivial task. In the server-side code you simply need to add a "flag" to the response. The client-side code will then parse the response to check for the flag and, if it exists, will run the alternative function. Below is some mock code to show what I mean. PHP Server-side code <?php $AJAXInput = $_GET['input']; $responseText = ''; //Perform some logic to determine if the sound should be played if($foo == 'bar') { $responseText .= "[PLAY]"; } //Perform the actions to generate the response text $responseText .= "Here is the regualr text that is generated"; echo $responseText; ?> Revised AJAX code // Create a function that will receive data sent from the server ajaxRequest.onreadystatechange = function() { if(ajaxRequest.readyState == 4) { var ajaxDisplay = document.getElementById('sessions'); var result = ajaxRequest.responseText; //================================= //See if response text has the flag if (result.substr(0,6) == '[PLAY]') { //Remove the flag from the response text result = result.substr(6); //Play the sound soundobj = document.getElementById('IDOfSoundObject); EvalSound(soundobj); } //================================= ajaxDisplay.innerHTML = result; } }

Well, I DID test out the logic of the query using a couple tables I have. If you use the query I provided, try echoing the query to the page along with the mysql error. That will help to debug that problem. EDIT: I've done more tests using a query with the same type of logic and it still works. I've also reviewed the query I posted several times and don't see anything obviously wrong with it. Definitely need to echo the query out and see the mysql error message

Well, it is not necessarily "simpler", but it is the most efficient and, in my opinion, the right way. Having a relational database gives you a great deal of power and it will take time and effort to learn to utilize that power. I did my best to rewrite the code based upon a single query which included a lot of modifications. I also took the liberty to change some variable names to be more understandable (at least to me). Due to the amount of changes needed, I'm sure there are some typos. But, I can't test because I don't have your database. //Get complete list of options with "checked" identifiers $query = "SELECT op.optPricesID, o.name, op.basePrice, IF(op.optPricesID IN (SELECT optPricesID FROM woUpg WHERE awoID='$awoID'),1,0) as checked FROM optPrices op, options o WHERE op.optionID = o.optionID AND op.drumTypeID=1"; $result = @mysql_query($query); if(mysql_num_rows($result)==0) { $finalHTML = "\t<tr><td><center><span class='optTitles'>Nothing to Display</span></center></td></tr>\n"; } else { $max_columns = 2; $current_column = 1; while($row = mysql_fetch_assoc($result, MYSQL_NUM)) { //Open new row if first column if($current_column == 1) { $finalHTML .= "\t<tr>\n"; } $checked = ($row['basePrice']==1) ? ' checked="checked"' : ''; $finalHTML .= "\t\t<td align=\"left\" width=\"270\" height=\"20\"><span class=\"optTitles\">"; $finalHTML .= "<input type=\"checkbox\" name=\"snareOpt[]\"{$checked} value=\"{$row['basePrice']}\">{$row['name']}"; $finalHTML .= "</span></td>\n"; //Close preceeding row if max columns reached if ($current_column >= $max_columns) { $finalHTML = "\t</tr>\n"; $current_column = 1; } else { $current_column++; } } mysql_free_result($result); //Add additional cells and close last row if needed if ($current_column != 1) { for ($current_column; $current_column<$max_columns; $current_column++) { $finalHTML = "\t\t<td></td>\n"; } $finalHTML = "\t</tr>\n"; } } echo " $finalHTML"; ?>

You can accomplish this MUCH easier with just one query, but I'm having a hard time understanding your code. It really helps others (and yourself in the long run) to use descriptive names for variables/tables/fields and to include appropriate comments in your code. Let me take some time to see if I can unravel this.

Since you appear to have all the fields with a numerical index you could create a loop that will increment through the fields using that index. The loop below will continue until it finds that a field with that ID does not exist i = 0; While (document.getElementById("rental_after_discount"+i)) { //do something i++; }

Is there a particular reason you wanted to strip those characters? There may be a valid reason for doing so, but it would have nothing to do with validation or security. mysql_real_escape_string() will take care of those characters just fine when doing a database query. However, you did make me think of another validation I didn't mention: HTML characters in user input. Again, this all depends on the context that the input will be used. Let's say the input will be displayed within HTML on the page and you don't want the user's input to mess up the page display. Then, you should simply use htmlentities() or htmlspecialchars() when writing the values to the page. Some people would argue that you shoudl escape the value before saving, but I disagree. If you want to allow the user to edit the input you would want to disply the original content with a text input. I will almost always save the original input to the database and ensure to use the proper code when displaying the input depending on the context.

Running through every field on the form is probably not a good idea, because chances are you do have some fields which are not part of the calculation. I can't tell what you are really trying to accomplish as your code is a little bloated (plus using varaibles such as first and second are not helpful). But, in any case your IF statement has a problem. You first set the values of 'first' and 'second' both to 'i', then you do a IF to test if 'first' equals 'i'. Since you always set 'first' to 'i' just before you do that check that comparison will always result to true so the second half (the if else) will never be run.

Echo the update query to the page. Chances are the values aren't getting set correctly. My guess is that if you are getting the message "Part updated" and no errors are displayed then the $ref value isn't getting set. Since you didn't provide the form, I can't tell whether there is even such a field on the form. Try adding the following lines after the confirmation message to validate teh post values and the query. Is it what you expect? echo "Query: <br />{$query}\n"; echo "Post Values: <br /><pre>"; print_r($_POST); echo "</pre>";

You have tables. Styles applied to the BODY element do not apply to table content. You need to add the TD element as well. Try this: <style> body, td { font-family:Arial, Helvetica, sans-serif; font-size:12px; font-style:normal; line-height:12px; } </style> EDIT: OK, that may not work. You are using depricated and invalid code. Do NOT use the FONT tag, it has been deprecated for some time. Also, this is not even valid <td font face="Arial" size="1" align="center" valign="middle" bgcolor="cccccc"> I would suggest removing all the in-line formatting using antiquated code and instead using CSS (i.e. styles) as suggested above.

Why are you using preg_match() in item #1. You should always use mysql_real_escape_string() when using any input in a query. But, there are many different kinds of validations that should be done and various methods of accomplishing them. It all depends on the particular context. Here are some examples of typical validations that I do (this is not all inclusive, only what came to mind just now. I typically analyze each input and determine the appropriate validations). If the user has a select list of static values I never assume that the value being passed is one of those values. I will typically have an array of those values and ensure the submitted value is in that array. If the list is generated from a list in the database I will ensure the value does exist in the database [using mysql_real_escape_string() of course]. If the value should be a number I will ensure that the submitted value is a number and, if applicable, that it is an interger and/or a positive number. For text inputs I will always trim the value before doing any further validation. With very few exceptions, text input should always be timmed. Especially important when validating required fields. If you have any date inputs you would need to validate that they are in fact a date if you are storing the value as a date type in the database. In some instances one input is dependant upon another, such as the selection of a state and a city when selected from "linked" select lists. I will validate that the two values submitted are appropriate. Some other validations are optional. For example you can validate that an email address is in the proper format. This is more to help the user who may have made a mistake since someone can still enter a bogus email address. Other examples of this would be phone numbers, zip codes or anything that "should" accept certain character ranges or has a predetermined format.

For something like this, I would just use substr() with an indexOf(). But, either would work. <html> <head> <script language="javascript"> function selBox1(selectbox) { var selectVal = selectbox[selectbox.selectedIndex].value; var secondVal = selectVal.substr(selectVal.indexOf('-')+1); document.getElementById('div1').innerHTML = secondVal } window.onload = function() { selBox1(document.getElementById('mylist')); } </script> </head> <body> <form name="myform" > <select name="mylist" onchange="selBox1(this);" id="mylist"> <option value="Text 1 - Text A">Text 1</option> <option value="Text 2 - Text B">Text 2</option> <option value="Text 3 - Text C">Text 3</option> </select> </form> <br><br> <div id="div1"></div> <body> </html>

I haven't a clue what you are talking about. As for this... What else would you expect the value of the field to be after changing the value to 2? I think you need to provide more info on what the function is doing when it is called.

I'm not trying to start an argument, but I did state that the error handling in that example was just to give the OP an idea on how it would be approached. As I stated, I would utilze more comprehensive error handling with a debug mode so that a user would see a friendle error message or, while in debug mode, would give the developer more detailed information as to any errors that occur. In either case I would not use "on die()" - but it is a valid method of doing a quick test to see why a query is failing (or to confirm it is not failing). You really need to pay attention to what is written. In the original post the author was using double quotes to define the query and exited the quotes to append the $vin then appended another empty string using double-quotes. My statement (and particularly the code I provided) show that $vin can just be included within the double quotes that define the query. Makes a heck of a lot more sense than appending an empty string!

Well, I would do some things differently: 1. No need to exit the double quote to include a variable. 2. Add error handling to the query call 3. Create the query as a variable so if there is an error you can echo it to the page Note: I would use more extensive error handling to include a debug mode vs. production mode, but this gives you an idea <?php $vin = "11111111111111112"; require('lib/opendb.php'); $query = "SELECT mileage FROM cmileage WHERE vin = $vin"; $result = mysqli_query($conn, $query); $row = mysqli_fetch_array($query) or die ("Query: $query<br />Error: ".mysql_error()); echo $row['mileage']; ?>

I'm not seeing the problem, if the field is blank the message "Gamertag not specified" is displayed and nothing happens when I click the button. If I use a valid value and select something from the list, the page is populated with data. If I then remove the gamertag the data is removed. Seems the validation works just fine. But, from reading your last post it would seem there is some sort of problem and I am just not following the right steps. Not fully understanding the problem, I can't be sure, but I think there is a simple enough solution. The AJAX page uses the input to generate content to be displayed on the page, but in some instances the value is invalid and you need the page to react in some why (outside of the normal content being replaces). In that case, you need to determine what are all the error conditions you want to handle. Then have the AJAX page return an error code instead of the content. You can then have the JavaScript on the parent page inspect the return value. If the value is not an error condition, then display the content like you do now. Of, if it is an error condition, then do whatever other actions are needed. Here is some "mock" code: AJAX Page <?php if ($_REQUEST['gt']==='') { echo "ERROR:No gamertag"; } else { //echo the normal content to be displayed } JavaScript in Parent page xmlhttp.onreadystatechange=function() { if(xmlhttp.readyState==4) { var returnValue = xmlhttp.responseText; if (returnValue.substr(0, 5) == 'ERROR') { //Get the error condition, e.g. 'No gamertag' var errorCondition = returnValue.substr(6); //Use a switch for multiple error conditions, not needed if only using one switch(errorCondition) { case 'No gamertag': //Do error handling (i.e. disabling/hiding elements) break; default: //Add code for unknown error conditions if applicable break; } } else { //run normal code for a success return value } } } The bottom line is include the error handling for the parent page IN the parent page.