gmwebs

Which did you try? Thebadbad or mine, or both?

If you are using extract($row) doesn't it then create variables from the field names for the row? <?php // While a row of data exists, put that row in $row as an associative array // Note: If you put extract($row); inside the following loop, you'll // then create $userid, $fullname, and $userstatus while ($row = mysql_fetch_assoc($result)) { echo $row["userid"]; echo $row["fullname"]; echo $row["userstatus"]; } ?> I don't understand why you would be doing: <?php $num_views = $row['num_views'] + 1; ?> What if you try the following... <?php $result = mysql_query(SELECT * FROM ads); while($row = mysql_fetch_assoc($result)) { extract($row); echo "<img src=\"/$ad_url\" width=\"400\">"; echo "<h4>$business</h4>$description"; $qry = "UPDATE ads SET num_views = num_views + 1 WHERE id = $row[id]"; mysql_query($qry) or die ("Error during query!"); } ?>

I 2nd WinSCP but have also used FileZilla in the past.

Have you seen CakePHP: Where to get help?

I have been using CakePHP almost exclusively for all my projects (professional and personal) over the past couple of years and cannot recommend it enough. I started using v1.2 in the early days and have now got completely used to the conventions used. The documentation is getting much better, (see CakePHP Manual) and with 1.2 now being in RC2, more stable and mature. rmbarnes82: CakePHP does in fact allow you to use resources other than database tables in the Model. If you are interested, have a look at CakePHP Models which explains CakePHP's implementation of the Model.

Sorry, I am at work at the moment, but if I remember correctly I am doing it the following way... //index.php session_start(); $_SESSION['product'] = "foo"; require_once($_SERVER['DOCUMENT_ROOT'] . "/includes/menu.inc.php");

Hi, I just can't seem to get this to work... In my index.php file I set a session variable $_SESSION['product'] = "foo"; and then in my html part of index.php I include a file menu.php using require_once() which I use to build the menu tree. However, the session variable is not available to me inside that include file. It is available to me inside index.php because if I echo it I can see it. If I go to page2.php it is also there. Just not in the include file. Am I doing something stupid here?? Graham

Yep... Assign the POST value to a variable and then use that variable in your query. Or you could just use the [code=php:0]$_POST['username'][/code] directly.

Well yeah, sure, if you name your db fields something weird, then it would obviously make it harder to guess your table structures. That is the only benefit I can see. It would make it hell on earth for anyone else to work with your code though!

Firstly, it's always a good idea to assign your query string to a variable, and then perform the MySQL operation on that variable. Also, it is a good idea to echo out the SQL error should it be failing. An example... [code=php:0]$sql = "SELECT * FROM comments WHERE nid = '$nid'";[/code] [code=php:0]$result = mysql_query($sql) OR DIE ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());[/code] This will print out... [b]A fatal MySQL error occured[/b]. Query: SELECT * FROM comments WHERE nid = '' Error: (err_no) The MySQL error description gets printed here. Sorry Thorpe... didn't see you there!

Well, I think you don't quite understand the mechanism of forms. When you have an html form, and the fields are displayed to the browser ([i]client-side[/i]), no matter what you call them, when the user clicks submit the form is posted (POST or GET method) to its target script and the data that is posted is in clear text. On the receiving script, you then perform any encryption/decryption on the [i]server-side[/i]. As I said in my previous posts, the [b]only[/b] way you can secure transmission of data over HTTP is to use HTTPS (SSL). Think of it, if you do internet banking, you have to use SSL. Now that's not because they have enough money to buy an SSL certificate, it's because it's the [i]only[/i] way to secure the transaction. Whenever user input is involved, and that input has to be encrypted, there is no other way to do it.

Unless you are doing something with JavaScript, the POST data in your scenario will be passed through as clear text. The user will input "fred" and "password" into the text fields, and when he clicks submit, those exact values will be passed. The mere fact that you have named the fields something weird, would not really thwart anyone who was sniffing the wire, as anyone who sees 2 values coming accross as "fred" and "password" would immediately put 2 and 2 together. The only true way to secure wire transmissions is to use SSL.

Well... My opinion is this: If your data was [i]that[/i] sensitive that you need to encrypt the values on the wire, then I would be looking at using SSL for those transactions that did. Just remember that your sql stuff is all server-side, and potentially even on the same server as your web stuff, so the only data that would be traversing the wire would be your POST data from your forms - which SSL will secure perfectly. As for storing encrypted values in the database, you would just need to encrypt them before your sql query inserts them into the tables. If you are concerned with having clear text data stored in the tables, then as I said, encrypt the values before inserting them, and then decrypt them before displaying them. Obviously, if you were concerned about the data you were displaying back to the user agent, then you would have to use SSL, otherwise you would just be passing the clear text value back to the browser when you decrypt it to display it. I am sure that there are many other people who are much more experienced with this kind if thing, and hopefully they will fill in anything that I have left out.

You are using the incorrect case for DisplayImage.php - it should be lowercase displayimage.php. You also have a space before the id <img src="DisplayImage.php?gim= 7" alt="league"width=80 height=80> which you probably don't want.

lol... In all fairness it was my code that suggested he assign a variable to [code=php:0]$_FILES['input_name'][/code] but yeah, fair point ;)

Well instead of using the long [code=php:0]$_FILES['file1']['name'][/code] by assigning a variable to the respective [code=php:0]$_FILES['input_name'][/code] you are able to access each attribute of the respective variable directly [code=php:0]$file1['tmp_name'][/code]. I hope that explains it? You certainly don't [i]have[/i] to use my method, I just find it easier to work with.

You could try and use [code=php:0]strtotime()[/code] which will convert a string representation of a date to a unix timestamp. [code] <?php $stamp1 = time(); $stamp2 = strtotime("1 January 2000"); ?> [/code]

You would either need to assign those POST values from page 1 as session variables in page 2 and then page 2 POST values as session variables in page 3 and then page 3 POST values as session variables in page 4 - or you would need to POST page 1 values again as hidden inputs on page 2 to page 3, and then hidden inputs from page 1, 2 & 3 to page 4.

Yep, Akitchin you are right... Thanks for putting us straight... I have included a script which will test exactly what you are saying... [code] <?php // Fetch the file array for file1 $file1 = $_FILES['file1']; // Fetch the file array for file2 $file2 = $_FILES['file2']; // Fetch the file array for file3 $file3 = $_FILES['file3']; // Fetch the file array for file4 $file4 = $_FILES['file4']; // Check file1 if (!empty($file1['name'])) { //do your code to move and rename file1 echo "File1 Exists | "; } else { echo "File1 does not exist | "; } // Check file2 if (!empty($file2['name'])) { //do your code to move and rename file1 echo "File2 Exists | "; } else { echo "File2 does not exist | "; } // Check file3 if (!empty($file3['name'])) { //do your code to move and rename file1 echo "File3 Exists | "; } else { echo "File3 does not exist | "; } // Check file4 if (!empty($file4['name'])) { //do your code to move and rename file1 echo "File4 Exists | "; } else { echo "File4 does not exist | "; } ?> <form enctype="multipart/form-data" method="post" name="upload_form"> <label for="file1">File 1: </label><input type="file" name="file1"></input><br /><br /> <label for="file1">File 2: </label><input type="file" name="file2"></input><br /><br /> <label for="file1">File 3: </label><input type="file" name="file3"></input><br /><br /> <label for="file1">File 4: </label><input type="file" name="file4"></input><br /><br /> <input type="submit" value="upload"> </form> [/code]

Seriously... Change your code to echo out your query... When you have done it, post the output here. [code] <?php if(isset($_POST['izmeni'])) { //update for this product! $popravi2 = "UPDATE software SET naslov = '$naslov', opis = '$opis', kat_id = '$kategorija', cd_id = '$cd', novo = '$novo' WHERE id = '$id'"; echo $popravi2; //Let's see what the query consists of exit(); //Exit the script so that you can see the query $rezultat = mysql_query($popravi2); if ($result)  echo "<p>Product has been successfull UPDATE!</p>";     else     echo "<p>Error cannot write in DB!</p>"; } ?> [/code]

Each file upload field on your form has a name. [code] <input name='file1' type='file' /> <input name='file2' type='file' /> <input name='file3' type='file' /> <input name='file4' type='file' /> <input type="submit" name="submit" value="upload" /> [/code] On your processing script, there will be a $_FILES array for each field. [code=php:0]$_FILES['file1][/code] [code=php:0]$_FILES['file2][/code] [code=php:0]$_FILES['file3][/code] [code=php:0]$_FILES['file4][/code] You would then test each field to see if it contains any values in the array, and if it does, perform your move and rename functions. [code] <?php // Fetch the file array for file1 $file1 = $_FILES['file1']; // Fetch the file array for file2 $file2 = $_FILES['file2']; // Fetch the file array for file3 $file3 = $_FILES['file3']; // Fetch the file array for file4 $file4 = $_FILES['file4']; // Check file1 if (count($file1) > 0) { //do your code to move and rename file1 } // Check file2 if (count($file2) > 0) { //do your code to move and rename file1 } // Check file3 if (count($file3) > 0) { //do your code to move and rename file1 } // Check file4 if (count($file4) > 0) { //do your code to move and rename file1 } ?> [/code]

Well... whether you upload 1 or 300 files, they are still in the $_FILES array. If you want to work through each one separately writing 100 lines of code when one while loop will do it, then be my guest  ;D [code] <?php // Fetch the file array for file1 $file1 = $_FILES['file1']; // Count the number of files uploaded if (count($file1) > 0) { //do your code to move and rename file1 } //repeat many times over... ;) ?> [/code]

The $_FILES array will *only* contain the files that were uploaded, so if your user only used 5 fields, then there would only be 5 files to work with in the $_FILES array (0 through to 4) so you would not need to test for their existance.

In your form, for each upload field you have, name it like this... [code]<input name='upload_file[]' type='file' >[/code] Then in the script you are POSTing to, the files can be accessed by [code=php:0]$_FILES['0'][/code] through to [code=php:0]$_FILES['29'][/code].

One way is to post an array of files, and then iterate through the array with a while loop, moving and renaming each file until there aren't anymore.