Psycho

Technical, no. But, you should always give fields, variables, functions, etc. meaningful names that give you an idea of what the thing/value contains or it's purpose. '30' tells me nothing about what that field is for. That's the real problem. You don't just make additional columns when you have repetitive data associated with a record. Based on the above it seems each serial should be associated with a country. So, you would want (at the very least) two tables for this date The 'nsmtable' table should only contain the one-to-one type data associated with those records. It should NOT include data associated with the serials since there can be many associated with each record. Then you need a serials table. That table would include fields for: serial_id (primary ID for the table) nsm_id (the primary key of the record from the 'nsmtable' that the serial is associated with, also called a foreign key reference) serial (the actual serial value) country The country could, for simplicity, just include a country code (http://en.wikipedia.org/wiki/ISO_3166-1_alpha-3) or name. But, ideally you would have a foreign key reference to the primary key in a separate table of country records. Go do some research on database normalization.

Well, GROUP BY is a pretty standard SQL syntax that isn't specific to MySQL. If you were not aware of that, there's no telling what you are not familiar with: ORDER BY, LIMIT, etc. The MySQL manual isn't as easy to digest as the PHP one is. You can go here: http://dev.mysql.com/doc/refman/5.0/en/functions.html which is the base page for "functions". You can then select one of the links for areas such as "String Functions", "Data Functions", etc. You'll then get a list of functions in the selected area. Typically those pages have a list of the functions and a short description at the top of the page.

FYI: There is a plug-in for Chrome called "User Agent Switcher" which allows you to spoof the User Agent of your browser. That is what the sites use to determine which output to provide. This is handy for testing purposes.

Also, if the records in the 'nsmtable' table have multiple serial numbers, then those numbers should most likely be stores in a separate, associated table. Second, the query you are using is using the LIKE operator, when you state that you are entering the full serial number. If you are expecting the input to be the full ID and don't want/need to allow partial matches, then use the = comparison operator. But, the LIKE operator would work if there was an exact match (based on how you are using it). But, your problem is likely due to the fact that you are only SELECTing the columns 30, 31 & 32 (yeah, those are pretty poor names). But, in your output you are trying to echo the value for a field names 'serials'. Since you didn't select that field in the query that value doesn't exist. EDIT: Although it appears you need to modify a lot (DB structure, field names, logic, etc.) I just wanted to throw this out there. If you do expect the users to enter the full serial number and not partials, you could simplify that query like this SELECT serials, 30, 31, 32 FROM nsmtable WHERE $search IN (30, 31, 32)

searchacar, There is nothing technically different about a "Mobile" website. It is a website same as any other website. It can be created with flat HTML files, PHP, ASP, ColdFusion, etc. etc., etc. All it means is creating the layout of the site so that it displays 'nicely' on a mobile device. Go to a Wiki page on your Phone and you will see what I mean. You are viewing the "same" page on your phone that you would be viewing on a computer with a large monitor - but the output and layout are much, much different. And the terminology today is not "mobile" websites, rather "responsive" websites. Because it is not so much re-purposing the site based on specifically mobile devices but being responsive to the size of the output device. The layout for a phone would likely be much different than say a tablet with a much larger display.

I was not aware of that function. @TecTao: You need to determine how broad you want this process to be. If you only want to strip out "http://" or "https://" from the input string, then you shoudl use a string function as opposed to RegEx. Of course, you would want it to be case insensitive. $search = array('http://', 'https://'); $replace = array('', ''); $url = str_ireplace($search, $replace, $_POST['url']); However, if you want to capture other types of exceptions, such as "//domain.com/path/page.php", then the above function that CyberRobot referenced appears to be the way to go. You would use the returned values for host, path and query then concatenate them together to get the URL from those parts.

Like I said, there are a LOT of different things that can affect what is identified as SPAM. We found that some email servers do a check of the domain on the "From" address of the email and then see if the originating server that sent the email is the "authorized" one for that domain. We had an SMTP server just for our production environment that was separate from our company email server and had to open ports and update DNS records to prevent that issue. Some of the issues are rather complicated and one which I am not interested in understanding.

I doubt people are going to quit their job over a text message. But, it would be important to know how frequently these messages would be received. Also, what makes you think that text messages would automatically be received? A user can indicate in their phone to block messages from certain senders - which is no different than the user marking the email as spam. I think you are just trading one problem for another. There are a lot of things that can be done to help prevent email from being indicated as spam (not just an opt out link). It's not something I am an expert in, but you may need to do some research. But, even if you do your due diligence, they can still be targeted as spam on different levels: 1: There could be an intermediary service that verifies emails before they hit the email server or there could be software of the email server to verify messages, 2: The email client can mark messages as spam, and 3: The user can mark messages as spam. You should work with the customers to have them put in exceptions on #1 for email coming from you. #2 should be verified through testing of some major email clients. But, you can also provide instructions on adding your emails to the exclusion list in the different email clients. And, there is nothing you can do with #3, but even if you send a text you can't make the person read the email. That seems like something the firm should mandate.

Impossible for us to say with the little information you've provided. But, this should be a learning experience to test your application in a newer version before deploying it. You'll probably need to enable full error reporting on your pages and see what errors are thrown so you know what needs to be fixed. If you have any "simple" pages, you could post one here to get some input. But, whatever problems exist on that page may not necessarily be indicative of problems on other pages.

The code has many problems. For example $result = mysql_query("SELECT * FROM users"); $total_results = mysql_num_rows($result); $row=mysql_fetch_assoc($result); You don't query all the records to get the count. That's a waste of resources. Just query the count directly SELECT COUNT(*) FROM table It was too difficult trying to work with the code you have, so here is a rewrite that should get you started <?php //Show errors error_reporting(-1); ##Config settings $records_per_page = 5; // number of results to show per page /* Include the Pear::Pager file */ include('mysql_connect.php'); //include of db config file include ('paginate.php'); //include of paginat page //Get count of total record count $query = "SELECT COUNT(*) FROM users"; $result = mysql_query($query); $total_records = mysql_result($result, 0); //Calculate total pages $total_pages = ceil($total_records / $records_per_page); //Determine current page $current_page = isset($_GET['page']) ? intval($_GET['page']) : 1; if($current_page<1 || $current_page>$total_pages) { //Set page to 1 if page # is invalid $current_page = 1; } //Get records for current page $startIndex = ($current_page-1) * $records_per_page; $query = "SELECT id, firstname, lastname, department FROM users ORDER BY lastname ASC, firstname ASC LIMIT {$startIndex}, {$records_per_page}"; $result = mysql_query($query); //Create output for the result set $current_pageOutput = ''; while($row = mysql_fetch_assoc($result)) { $current_pageOutput .= "<tr>\n"; $current_pageOutput .= " <td>{$row['firstname']}</td>\n"; $current_pageOutput .= " <td>{$row['lastname']}</td>\n"; $current_pageOutput .= " <td>{$row['department']}</td>\n"; $current_pageOutput .= " <td><a href='add_team.php?id={$row['id']}'>Add Team Member</a></td>\n"; $current_pageOutput .= "</tr>\n"; } //Create pagination links //This can be modified to only show certain 'spans' of pages if there are too many $pagination = ''; for($page=1; $page<=$total_pages; $page++) { if($page != $current_page) { $pagination .= "<li><a href='?page={$page}'>{$page}</a></li>"; } else { $pagination .= "<li><b>{$page}</b></li>"; } } ?> <html> <head></head> <body> <div class="pagination"> <ul> <?php echo $pagination; ?> </ul> </div> <table class='table table-bordered'> <thead><tr><th>First Name</th> <th>Last Name</th> <th>Department</th> <th>Status</th></tr></thead> <?php echo $current_pageOutput; ?> </table> </body> </html>

That's because an INNER JOIN only returns records where there are records to be JOINed from both the LEFT and RIGHT tables. If a record in either table cannot be JOINed to a record in the other table it will not be included in the results (or in this case included in the Delete operation). Try using a LEFT JOIN DELETE projection, projection_detail FROM projection LEFT JOIN projection_detail ON projection.projection_id=projection_detail.projection_id WHERE company_valuation_id='1' AND year='1'

You can't delete from multiple tables in one query. You need to delete from the child table (projection_detail) first, then the parent table (projection). Query to delete from projection_detail table DELETE FROM projection_detail WHERE projection_id IN ( SELECT projection_id FROM projection WHERE company_valuation_id = '1' AND year = '1' ) This may need an alias on the sub-query, but I don't think so Query to delete from projection table DELETE FROM projection WHERE company_valuation_id = '1' AND year = '1'

1. Only select the fields you are going to use. Using '*' is inefficient and can lead to problems (especially when JOINing tables) 2. NEVER use data from a user directly in a query (e.g. $_POST, $_GET, $_COOKIE, etc.) Either sanitize the data or, better, use prepared statements. 3. You are apparently expecting only one record (based on the die() after the first record is processed) So, there is no need to use a while() loop 4. You are defining $to and $email from the query, but then use POST values in the email ??? 5. You are returning an error even if the email is sent ??? This will get you started, but is not complete $token = mysql_real_escape_string($_POST['userAc']); $sql = "SELECT l.fullname, l.email, a.email FROM leads l JOIN accounts a ON a.ref = l.userAc WHERE l.accesstoken = '{$token}'"; $result = mysql_query($sql) or trigger_error("Query Failed: " . mysql_error()); if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); $id = $row['id']; //Not used $to = $row['email']; $fullname = $row['fullname']; //Not used $email = $row['email']; //Not used $subject = $_POST["userSubject"]; $message = $_POST["userMessage"]; $useremail = $_POST["userEmail"]; $headers = "From: {$useremail}\r\n"; $headers .= "Reply-To: {$useremail}\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; if (mail($to, $subject, $message, $headers)) { $result = array('type'=>'error', 'text' => '<p>Your Message was sent successfully!</p>') } else { $result = array('type'=>'error', 'text' => '<p>Your Message was not sent!</p>'); } $output = json_encode($result); die($output); }

Frank, I concur with .josh's original post. I think you are reading something into the post that isn't there. He never stated that you can't implement AJAX without a framework. He was only stating that if you are asking for help with your AJAX implementation be prepared to be asked why you are not using a framework. Why? Because the vast majority of the people asking for help on this forum are novices. These are the people that typically get shunned in other forums because they really don't know what they are doing. These are people that may struggle with creating a simple script to query a database and generate output. AJAX is not rocket science, but it is not something the uninitiated really grasps out of the box. Trying to help someone debug issues with AJAX can be very complicated because of all the different technologies that are typically involved: PHP, MySQL, JavaScript, etc. By using a framework we don't have to read through all of their JavaScript to see if the person wrote wrote the handler correctly or not. It helps to reduce a point of failure that happens all too often. For someone that really knows what they are doing - by all means they can and should write the AJAX code to their specific needs. But, these are also the people that wouldn't need to come and post on a forum for help with it.

That would not work . . . Plus, doing the above completely circumvents any validation logic. You don't show any of your original code for generating the query, so it is impossible to provide a valid solution. But, to use what fastsol provided you could do this $categories = "'" . implode("', '", $_POST['category']) . "'";

You can't pass a 'single' price and expect to get a result for a range of prices. It is up to YOU to determine what parameters to put on the URL and how they will be processed. I provided an option of passing a min and max value on the query string.

@php2learn, Start with what fastsol posted about changing the SELECT input field so it will accept multiple selections and return an array to the PHP processing page. Once you have completed that, you will then need to change the code on the processing page accordingly. First you will need to add validation logic to all the values int he array. Then, you can change your query to use the IN condition as opposed to the equal (=) condition. An IN condition looks something like this SELECT * FROM table WHERE field IN (1, 3, 5, 9) That will return a result set where the field has a value of any of the comma separated values listed. So, you will need to validate the array of values passed and then put them into a comma separated list. Note: since you are using 'text' values they need to be enclosed in single quote marks int he query that you build, e.g. SELECT id, organisation, price FROM table WHERE category IN ('A-t1', 'C-t1')

i want to block ip for a certain time so he cant access site again. So, a malicious user could just spoof their IP address and continue with whatever they were doing. Plus, many users could be behind the same external IP (NAT). So the actions of one user would lock out all of those users.

Step 1 is to accurately get the results for the price ranges. As Jacques1 states you should absolutely be storing prices as numerical values - not text. Once you are able to get the counts by price range you can create links to return the products in those price ranges. What that link looks like is up to you. You could create hard-coded "tags" within those URLs and translate them in the code. E.g. <a href="getProducts?pricerange=a">Products ($0.00 - $25.00)</a> But, that's pretty limiting. If you change your ranges later you have to go and change code. Plus, it only allows you to filter by one thing - price. It is much better, in my opinion, to create the URL parameters so it is much more flexible. I would pass two parameters: minPrice and maxPrice. Then in the page that receives the submission, it would use the two values that are passed to query the right products. You could also add other filters to 'add' to the URL. Rough example: <a href="getProducts?minPrice=0&maxPrice=25">Products ($0.00 - $25.00)</a> $minPrice = isset($_GET['minPrice']) ? floatval($_GET['minPrice']) : false; $maxPrice = isset($_GET['maxPrice']) ? floatval($_GET['maxPrice']) : false; $WHERE_PARAMS = array(); if($minPrice) { $WHERE_PARAMS[] = 'price >= $minPrice'; } if($maxPrice) { $WHERE_PARAMS[] = 'price <= $maxPrice'; } $query = "SELECT * FROM table"; if(count($WHERE_PARAMS)) { $query .= "WHERE " . implode(" AND ", $WHERE_PARAMS); }

Yeah, I started to try and work and that code and gave up. It's really a mess. Break down specific operations that need to occur and create functions instead of doing everything in-line. I would create, at a minimum, a function that takes parameters for the query string, the start position and the count. That function should return an array of the search results for the page. Then have another function to create the output for results. You could then easily implement paging functionality. EDIT: Also, if you are going to implement paging you should also set a sort order using setSort

You should really look at changing how you create the logic for your pages. By intermingling PHP and HTML, it makes it very difficult to read/debug the code. Put all your 'logic' at the top of the page and create PHP variables for the different output. Then just echo the variables where needed within the HTML. I'll look through your code, but I will likely rewrite in order to better understand it.

The functionality you are trying to implement is implemented much differently than what you are currently doing. What this is meant to prevent is a malicious user from attempting many password combinations against a username to try an find a match. So, using the session for this doesn't help as the user can simply close their browser to renew the session. You would also not store the IP in the database as that can be easily spoofed. The typical solution is to lock the "User ID" after three failed attempts (not the person who is trying to log in. So, if three unsuccessful attempts are made with the same User ID, then that User ID is locked. It doesn't matter if those three attempts came from the same IP address or different ones. So, when a failed login occurs, simple set a value in the User table for failed logins and increment. Once it hits three, consider the user "locked" and don't process any more login attempts for that user. You can either require that the user get unlocked via a password reset or have it unlock after a certain amount of time (which would require you to also store the last login attempt timestamp). Just don't forget to reset the failed attempts count whenever a successful attempt is made.

I don't understand your question. Perhaps you can give some examples of data.

I find that hard to believe. The radio group isn't even built correctly - you allow the user to select both options. And this makes no sense at all file_put_contents($file, "<?php ".'$fax_client = "' . NULL . '"'." ?>"); And this ensures that interfax an never be selected since the second line would overwrite the value of $option isset($_POST['interfax']) ? $option= "interfax" : $option= ""; isset($_POST['metrofax']) ? $option= "metrofax" : $option= "";

This is not really a PHP problem (mostly), it is a JavaScript problem. But, you should NEVER rely only upon JavaScript to enforce things on a form. So, you would have to have back-end PHP code upon form submission as a way to absolutely check that the user checked the check box. But, to add a dynamic process, it is JavaScript. Look at the example I posted here: http://forums.phpfreaks.com/topic/288864-help-me-integrate-this-code-with-this-code-contact-form/?p=1481319