deansatch

I have written a script for predictive text using php and ajax. The code in question is this: $li = '<ul>'; while ($row = mysql_fetch_assoc($query)) { $venue =$row['venue']; $li .="<li ><a onclick=\"document.getElementById('venue').value = '".addslashes($venue)."';currentQuery= '".addslashes($venue)."';hideDrop();\" href=\"#\">$venue</a></li>"; } $li .= '<li><a href="#" onclick="hideDrop();">Close</a></li></ul>'; if($venue !=''){echo $li;} } One of the results has an apostrophe in it so $venue = "mary's" Addslashes isn't adding the slash so it is breaking my javascript. If I type echo addslashes("mary's"); it outputs "mary\'s" but it just seems to ignore it when it comes from my db. any ideas?

I have been using php for a long time now and I am know it very well. I feel it is time I learned OOP though. I have been reading up on it and if I understand correctly, it allows total separation of html and php backend stuff. I am however having trouble finding examples or tutorials that show OOP in a real world useful way. e.g. I have a simple while loop output in to a table which I currently do like this: $v_list ="<h2>Variable List</h2>\n <div><table><thead><tr><td>V 1</td><td>V 2</td><td>V 3</td></tr></thead><tbody>\n"; $query = mysql_query("SELECT * from table"); $vnum=0; $vnum = mysql_num_rows($query); while($row = mysql_fetch_assoc($query)){; $v1= $row['v1']; $v2= $row['v2']; $v3= $row['v3']; $v_list .= "<tr><td>$v1</td><td>$v2</td><td>$v3</td></tr>\n"; } $v_list .= "</tbody></table></div>"; if($vnum> 0){echo $v_list;} How could I use OOP to keep the php part in a separate file from the html? e.g. file 1: my php code looping and setting of variables file 2: <h2>Variable List</h2> <div> <table> <thead> <tr><td>V 1</td><td>V 2</td><td>V 3</td></tr></thead><tbody> <tr><td>$v1[0]</td><td>$v2[0]</td><td>$v3[0]</td></tr> <tr><td>$v1[1]</td><td>$v2[1]</td><td>$v3[1]</td></tr> <tr><td>$v1[2]</td><td>$v2[2]</td><td>$v3[2]</td></tr> </tbody> </table> </div> Thanks in advance

I'm sure for the most part it is simple. A few forms that take payment details securely and return a result when checked. The problem is the checking part in the middle. This will not be something you or php can do since you don't have access to everyones card numbers and addresses etc... I assume all the banks pay a large amount of money to be granted access (probably strict controlled access) to that information. You don't have to use paypal, you can use your bank. Paypal just makes the programming side easier where the bank will probably not have any help or developer forums when it comes to writing a payment processor. Also, the banks are usually more expensive to use than the likes of paypal.

can you post your html code with the button on it? It is the only button on the page isn't it?

you shouldn't have to name the session unless you want to run more than one at a time on the same domain. However, make sure you aren't starting a session on http then on logging in, redirecting to https as this will be a completely different session because it is a different domain.

Before I read all your code, should the require_once url not be "includes" rather than "ncludes"?

have you tried echoing the cdata? e.g. <?php echo "<album><![CDATA[".$row_rsImages['AlbumName']."]]></album>" ;?>

I meant this sorry if ($link_field1 !=''){ echo'<img src="'.$link_field1.'" height="100px" alt="Resim Yok" style="float:left; padding-right:10px;padding-top:0px;"/>'; }

assuming your third page is thanks.php, add a bit to this line in script 2 include ( "thanks.php" ); to: include ( "thanks.php?id=$id" );

did you not just answer your own question? if (!$link_field1){ echo'<img src="'.$link_field1.'" height="100px" alt="Resim Yok" style="float:left; padding-right:10px;padding-top:0px;"/>'; }

do you not have the option to do this from within your hosting accounts control panel?

you can use a cookie

I think you'll be hard pushed to find a host that will allow you to upload files 300mb in size via php.

$sql = "INSERT INTO `DBName`.`TheTable` (`UserName`, `Password`, `Email`, `FirstName`, `LastName`, `Year`, `Month`, `Day`, `Country`, `ID`, `Gender`) VALUES( '$DesUsername' , '$Password' , '$email' , '$FName' , '$SName' , '$Year' , '$Month' , '$Day' , '$Country' , , '$Gender')";

not without seeing the code in question

$c1=$_POST['checkbox1']; if(!$c1){ echo "Not Checked"; exit; } else{ //crack on!!! }

Since ajax is javascript and xml it shouldn't work. it relies on javascript enabled browsers

I may just have missed it but to me it seems as though you aren't actually posting an id yet you are referencing one. i.e. $_POST['id']

You will have to post a bigger portion of your code as it is now. If you are using htmlspecialchars before the str_replace it won't work. Also it seems you are using addslashes. To get rid of " you can add it to your array $tags = array('<', '>','"');

This line still does not appear right to me: $nupdatedon = DATE_FORMAT(updatedon, "%m, %d, %y, %h:%i.%s"); I know you are setting a variable: $nupdatedon but what is updatedon? It is not a variable: Should it be? $updatedon is not set anywhere in your script. $nupdatedon = DATE_FORMAT($oupdated, "%m, %d, %y, %h:%i.%s"); Also, I assume you have php5 since you need it for that function

strip_tags() won't work because > is not a tag but <> is. Not too sure if this would be the best way but it will work: $tags = array("<", ">"); $username = str_replace($tags, "", $_POST['username'] );

And what's this? $nupdatedon = DATE_FORMAT(updatedon, "%m, %d, %y, %h:%i.%s"); Should updatedon be a variable? Is it set anywhere?

This line is a bit of a mess: mysql_query("UPDATE `teams` SET name = '".$nname."', status = '".$nstatus."', team = '".$nteam."', clan = '".$nclan."', captain = $ncaptain, steamid = '".$nsteamid."', updatedon = '".$nupdatedon."' WHERE `id` = '".$_POST['id']."'") or die(mysql_error()); try adding this to make id a variable first: $id=$_POST['id']; then change your mysql query to this: mysql_query("UPDATE `teams` SET name = '$nname', status = '$nstatus', team = '$nteam', clan = '$nclan', captain = '$ncaptain', steamid = '$nsteamid', updatedon = '$nupdatedon' WHERE `id` = '$id'") or die(mysql_error());

And as Andy was explaining, make sure your fields are named differently. Use relevant names so it makes your code easier to understand when you go back to work on it at a later date. e.g. <textarea type="text" class="itemEditForm03" name="description" ><?php echo $row['Description'];?></textarea> <input type="text" class="itemEditForm04" name="price" value="<?php echo $row['Price'];?>" /> <input name="productname" type="text" class="itemEditForm02" value="<?php echo $row['ProductName'];?>" /> etc...

Textareas are slightly different to text inputs. Do it like this: <textarea type="text" class="itemEditForm03" name="something" ><?php echo $row['Description'];?></textarea>