flashguy82

I have a search field linking to a different page for results, but if the user types nothing in the search field it comes up with every result in the database, this i don't want to happen. Could anyone tweak my code so if the search field is empty the results are also empty? or tell me how to achieve this? thank you. <?php require_once('Connections/z3phones.php'); ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $currentPage = $_SERVER["PHP_SELF"]; $maxRows_rsSearch = 5; $pageNum_rsSearch = 0; if (isset($_GET['pageNum_rsSearch'])) { $pageNum_rsSearch = $_GET['pageNum_rsSearch']; } $startRow_rsSearch = $pageNum_rsSearch * $maxRows_rsSearch; mysql_select_db($database_z3phones, $z3phones); $query_rsSearch = "SELECT ProductID, ProductName, image2, Description1 FROM z3phones WHERE Online = 1 AND ProductName LIKE '%$search%' OR Description1 LIKE '%$search%' OR Description2 LIKE '%$search%' ORDER BY z3phones.ProductName ASC"; $query_limit_rsSearch = sprintf("%s LIMIT %d, %d", $query_rsSearch, $startRow_rsSearch, $maxRows_rsSearch); $rsSearch = mysql_query($query_limit_rsSearch, $z3phones) or die(mysql_error()); $row_rsSearch = mysql_fetch_assoc($rsSearch); if (isset($_GET['totalRows_rsSearch'])) { $totalRows_rsSearch = $_GET['totalRows_rsSearch']; } else { $all_rsSearch = mysql_query($query_rsSearch); $totalRows_rsSearch = mysql_num_rows($all_rsSearch); } $totalPages_rsSearch = ceil($totalRows_rsSearch/$maxRows_rsSearch)-1; $queryString_rsSearch = ""; if (!empty($_SERVER['QUERY_STRING'])) { $params = explode("&", $_SERVER['QUERY_STRING']); $newParams = array(); foreach ($params as $param) { if (stristr($param, "pageNum_rsSearch") == false && stristr($param, "totalRows_rsSearch") == false) { array_push($newParams, $param); } } if (count($newParams) != 0) { $queryString_rsSearch = "&" . htmlentities(implode("&", $newParams)); } } $queryString_rsSearch = sprintf("&totalRows_rsSearch=%d%s", $totalRows_rsSearch, $queryString_rsSearch); ?> EDIT BY SA: Please use the [code][/code] tags!

I'm having some problems with editing users in my database, i have set the user sign up to encrypt their password and logging in and out works just fine. The problem is the edit user form, after updating the user the password no longer works, i took the md5 encryption off the "edit user" form and it worked fine, but when i put it back on it doesn't! and i'm pretty much stuck at that..here is my code. (GetSQLValueString(md5($_POST['Password']), "text"), is the line with md5 on) i'm very rarely called to do PHP as its not my field so any help would be very very much appreciated. many thanks. <?php require_once('../../Connections/z3phones.php'); ?><?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = "1,2"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "../login.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = $_SERVER['PHP_SELF']; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE users SET Username=%s, Password=%s, FirstName=%s, LastName=%s, EmailAddress=%s, `Admin`=%s, Allowed=%s, UserTypeID=%s WHERE UserID=%s", GetSQLValueString($_POST['Username'], "text"), GetSQLValueString(md5($_POST['Password']), "text"), GetSQLValueString($_POST['FirstName'], "text"), GetSQLValueString($_POST['LastName'], "text"), GetSQLValueString($_POST['EmailAddress'], "text"), GetSQLValueString(isset($_POST['Admin']) ? "true" : "", "defined","1","0"), GetSQLValueString(isset($_POST['Allowed']) ? "true" : "", "defined","1","0"), GetSQLValueString($_POST['UserTypeID'], "int"), GetSQLValueString($_POST['UserID'], "int")); mysql_select_db($database_z3phones, $z3phones); $Result1 = mysql_query($updateSQL, $z3phones) or die(mysql_error()); $updateGoTo = "index.php"; if (isset($_SERVER['QUERY_STRING'])) { $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; $updateGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $updateGoTo)); } if ((isset($_POST['UserID'])) && ($_POST['UserID'] != "") && (isset($_POST['Delete']))) { $deleteSQL = sprintf("DELETE FROM users WHERE UserID=%s", GetSQLValueString($_POST['UserID'], "int")); mysql_select_db($database_z3phones, $z3phones); $Result1 = mysql_query($deleteSQL, $z3phones) or die(mysql_error()); $deleteGoTo = "index.php"; if (isset($_SERVER['QUERY_STRING'])) { $deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?"; $deleteGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $deleteGoTo)); } mysql_select_db($database_z3phones, $z3phones); $query_rsUserTypes = "SELECT * FROM usertypes ORDER BY UserType ASC"; $rsUserTypes = mysql_query($query_rsUserTypes, $z3phones) or die(mysql_error()); $row_rsUserTypes = mysql_fetch_assoc($rsUserTypes); $totalRows_rsUserTypes = mysql_num_rows($rsUserTypes); $colname_rsUser = "-1"; if (isset($_GET['UserID'])) { $colname_rsUser = (get_magic_quotes_gpc()) ? $_GET['UserID'] : addslashes($_GET['UserID']); } mysql_select_db($database_z3phones, $z3phones); $query_rsUser = sprintf("SELECT * FROM users WHERE UserID = %s", GetSQLValueString($colname_rsUser, "int")); $rsUser = mysql_query($query_rsUser, $z3phones) or die(mysql_error()); $row_rsUser = mysql_fetch_assoc($rsUser); $totalRows_rsUser = mysql_num_rows($rsUser); ?>

Hi, i'm having some trouble getting my price field right. I have set it as a "DOUBLE" field but it's very stupid ill give u an example this is ok "49.99" that will show up but say if i do this "49.00" the ".00" won't show up, it's only with 0's i have the problem also say i add this "49.50" it will show up as "49.5" does anyone know where i'm coming from? can anyone help me out with this? Thanks - Erik

Cool, this is really usefull thanks for all the help  :D

Hey, I need some help knowing how to use md5 for my login/sign up page, PHP isn't my thing so any help would be appreciated. Here's my code, i just need to know where and how to use the md5 encryption (although any other comments on security would be v helpfull to ;o) ), need anything else just ask. Thanks for any help in advance. <?php // *** Redirect if username exists $MM_flag="MM_insert"; if (isset($_POST[$MM_flag])) {   $MM_dupKeyRedirect="userexists.php";   $loginUsername = $_POST['Username'];   $LoginRS__query = "SELECT Username FROM users WHERE Username='" . $loginUsername . "'";   mysql_select_db($database_fitnessdatabase, $fitnessdatabase);   $LoginRS=mysql_query($LoginRS__query, $fitnessdatabase) or die(mysql_error());   $loginFoundUser = mysql_num_rows($LoginRS);   //if there is a row in the database, the username was found - can not add the requested username   if($loginFoundUser){     $MM_qsChar = "?";     //append the username to the redirect page     if (substr_count($MM_dupKeyRedirect,"?") >=1) $MM_qsChar = "&";     $MM_dupKeyRedirect = $MM_dupKeyRedirect . $MM_qsChar ."requsername=".$loginUsername;     header ("Location: $MM_dupKeyRedirect");     exit;   } } function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") {   $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;   switch ($theType) {     case "text":       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";       break;        case "long":     case "int":       $theValue = ($theValue != "") ? intval($theValue) : "NULL";       break;     case "double":       $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";       break;     case "date":       $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";       break;     case "defined":       $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;       break;   }   return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) {   $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {   $insertSQL = sprintf("INSERT INTO users (Username, Password, FirstName, LastName, EmailAddress, `Admin`, Allowed, UserTypeID) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)",                       GetSQLValueString($_POST['Username'], "text"),                       GetSQLValueString($_POST['Password'], "text"),                       GetSQLValueString($_POST['FirstName'], "text"),                       GetSQLValueString($_POST['LastName'], "text"),                       GetSQLValueString($_POST['EmailAddress'], "text"),                       GetSQLValueString(isset($_POST['Admin']) ? "true" : "", "defined","1","0"),                       GetSQLValueString(isset($_POST['Allowed']) ? "true" : "", "defined","1","0"),                       GetSQLValueString($_POST['UserTypeID'], "int"));   mysql_select_db($database_fitnessdatabase, $fitnessdatabase);   $Result1 = mysql_query($insertSQL, $fitnessdatabase) or die(mysql_error()); } $currentPage = $_SERVER["PHP_SELF"]; ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) {   session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) {   $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['Username'])) {   $loginUsername=$_POST['Username'];   $password=$_POST['Password'];   $MM_fldUserAuthorization = "";   $MM_redirectLoginSuccess = "postreview.php";   $MM_redirectLoginFailed = "loginfailed.php";   $MM_redirecttoReferrer = true;   mysql_select_db($database_fitnessdatabase, $fitnessdatabase);     $LoginRS__query=sprintf("SELECT Username, Password, UserID FROM users WHERE Username='%s' AND Password='%s'",     get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));     $LoginRS = mysql_query($LoginRS__query, $fitnessdatabase) or die(mysql_error());   $loginFoundUser = mysql_num_rows($LoginRS);   if ($loginFoundUser) {     $loginStrGroup = "";         //declare two session variables and assign them     $_SESSION['MM_Username'] = $loginUsername;     $_SESSION['MM_UserGroup'] = $loginStrGroup;           $_SESSION['MM_UserID'] = mysql_result($LoginRS,0,'UserID');     if (isset($_SESSION['PrevUrl']) && true) {       $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];     }     header("Location: " . $MM_redirectLoginSuccess );   }   else {     header("Location: ". $MM_redirectLoginFailed );   } } ?>

Ahhh i have solved the problem and can now get the UserID, here is my current code.  Still if anyone can see any security issues or anything else that they see wrong or just stupid (as i know its far from perfect) please feel free to comment. Cheers - <?php // *** Validate request to login to this site. if (!isset($_SESSION)) {   session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) {   $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['Username'])) {   $loginUsername=$_POST['Username'];   $password=$_POST['Password'];   $MM_fldUserAuthorization = "";   $MM_redirectLoginSuccess = "postreview.php";   $MM_redirectLoginFailed = "loginfailed.php";   $MM_redirecttoReferrer = true;   mysql_select_db($database_fitnessdatabase, $fitnessdatabase);     $LoginRS__query=sprintf("SELECT Username, Password, UserID FROM users WHERE Username='%s' AND Password='%s'",     get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));     $LoginRS = mysql_query($LoginRS__query, $fitnessdatabase) or die(mysql_error());   $loginFoundUser = mysql_num_rows($LoginRS);   if ($loginFoundUser) {     $loginStrGroup = "";         //declare two session variables and assign them     $_SESSION['MM_Username'] = $loginUsername;     $_SESSION['MM_UserGroup'] = $loginStrGroup;           $_SESSION['MM_UserID'] = mysql_result($LoginRS,0,'UserID');     if (isset($_SESSION['PrevUrl']) && true) {       $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];     }     header("Location: " . $MM_redirectLoginSuccess );   }   else {     header("Location: ". $MM_redirectLoginFailed );   } } ?>

Hey ppl, I'm very much new when it comes to PHP and know very very little code and i have got myself stuck! I am trying to get the UserID when a user logs in (aswell as username and password) so when he or she leaves a product review it will have his or hers UserID in the database in the reviews part, understand what i mean? So far i have only managed to get the ProductID, anyway heres my code... any help from any PHPfreaks would be appreciated aswell as ways to improve on the code as i know it is very ermm crap! Need anything else just ask. Cheers <?php // *** Validate request to login to this site. if (!isset($_SESSION)) {   session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) {   $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['Username'])) {   $loginUsername=$_POST['Username'];   $password=$_POST['Password'];   $MM_fldUserAuthorization = "";   $MM_redirectLoginSuccess = "postreview.php";   $MM_redirectLoginFailed = "loginfailed.php";   $MM_redirecttoReferrer = true;   mysql_select_db($database_fitnessdatabase, $fitnessdatabase);     $LoginRS__query=sprintf("SELECT Username, Password, UserID FROM users WHERE Username='%s' AND Password='%s'",     get_magic_quotes_gpc() ? $loginUsername : addslashes($loginUsername), get_magic_quotes_gpc() ? $password : addslashes($password));     $LoginRS = mysql_query($LoginRS__query, $fitnessdatabase) or die(mysql_error());   $loginFoundUser = mysql_num_rows($LoginRS);   if ($loginFoundUser) {     $loginStrGroup = "";         //declare two session variables and assign them     $_SESSION['MM_Username'] = $loginUsername;     $_SESSION['MM_UserGroup'] = $loginStrGroup;           $_SESSION['MM_UserID'] = sprintf.UserID;     if (isset($_SESSION['PrevUrl']) && true) {       $MM_redirectLoginSuccess = $_SESSION['PrevUrl'];     }     header("Location: " . $MM_redirectLoginSuccess );   }   else {     header("Location: ". $MM_redirectLoginFailed );   } } ?>