PFMaBiSmAd

All external data ($_POST, $_GET, $_COOKIE, and some $_SERVER variables) that is submitted to your code can be set to anything, cannot be trusted, and must be validated before you use the values in your code.

Have you investigated if the data is being stored correctly in your sale_details table for each sale_id or is that data correct and the problem occurs when you display the end result, which would be the show_sale() function which you didn't post. Posting the show_sale() function code would be helpful. Any chance the bad data is occurring for a sale_id of zero, because your code is not accessing data from queries only after checking if the queries have executed without errors and your code could be using a non-existent (zero) value for things like the sale_id. For example, when you INSERT the row into the sales table, you are checking if that query was successful or not with an if(){}else{} statement. However, ALL the code that is dependent on that query working and the sale_id value from that query should be INSIDE the if(){...} part of that statement. You could also be deleting/manipulating values (in the part of your code you didn't show) and that code is being executed when you don't think it is (i.e. for things like a header() redirect that don't have an exit; statement after them), resulting in a scrambling of sale_id values and data. Attaching all the code to the post as a .zip would be the quickest way of getting a solution. The only apparent functional problem (I'll withhold comments on the code in general) in the code you did post, concerns concurrent submissions and getting and modifying the current inventory amounts. If two or more invocations of your script call the Add2Sale() function for the same $product_id, you can get incorrect results because each invocation of the script is trying to subtract from the balance at the same time and could exceed the quantity available. You either need to lock that record or check if the update resulted in a negative balance and adjust the quantity accordingly. Edit: You should also be developing and debugging that code on a system with error_reporting set to E_ALL and display_errors set to ON. There are a number of places where you don't have array index names inside of quotes and you are also trying to access $_POST['sale_id'] to set $sale_id, which doesn't exist in the form (that you posted) and could be the cause of some of your problems if the logic that is trying to set $sale_id later in the code is failing.

When you changed the alias name in the query, did you change your php code to use that new name? What does show up on the web page where the quantity should be? Do you get a zero or is it blank? Have you done a 'view source' in your browser, in case the output is present but is not being rendered? Are you sure you have any rows that match WHERE id='$select', because the SUM() will return a null value if there are no rows. Try using var_dump($row['quantityHandSUM']) to see what you are actually getting. It would help if you echoed $select to make sure it has the value you expect (just because it is set and not an empty string, doesn't mean it has the value you expect) and it would help if you showed us the rows from your table that the query should be operating on.

Try putting the setting in at the start of your php.ini or make a php.ini that only contains that setting. That would tell you if there is a syntax error somewhere in your php.ini and you would just need to locate where it is at by moving the setting down in the php.ini until it stops working.

Where in your code are you setting $connection to a valid mysql connection link?

This is a two year old thread that got bumped by sdfpw to post a link.

You may in fact have an error in your query statement, but the current error is because $connection isn't a valid database connection. You would need to troubleshoot why your connection.php file isn't creating a database connection in the $connection variable. ^^^ You should be learning php, developing php code, and debugging php code on a local development system on your computer. You will waste a TON of time constantly uploading your files to a live server just to see the result of each change you make. You will also have problems and errors when one of your files fails to upload correctly and/or if the web host has set disk-caching/web caching so that your changes don't take effect immediately.

Care to narrow down the problem by identifying -

That column doesn't exist in that table. Check your spelling and for any white-space/non-printing characters as part of the column name.

The problem occurs because the browser's history recorded for the URL is a form submission. When you navigate back to that URL the browser attempts to perform the action it has recored for that URL. There are two things you can do to fix this - 1) After you have successfully processed the form submission, redirect to the same URL. This will cause a GET request for that URL to be recored in the browser's history and it won't resubmit the form data when you navigate back to that URL. 2) Store a value in a session variable that indicates that the form has been processed and skip the form processing code as long as that session variable is set.

You need to use &&, because you are using negative logic - if (($_SERVER['HTTP_HOST'] != 'www.domain.com') && ($_SERVER['HTTP_HOST'] != 'domain.com')){ echo "The value is not either one"; } The above is the complement of - if (($_SERVER['HTTP_HOST'] == 'www.domain.com') || ($_SERVER['HTTP_HOST'] == 'domain.com')){ echo "The value is either the first one or the second one"; }

I'm going to guess that your actual table name has some non-printing character as part of the name. Perhaps rename the table to something else, then rename it back to pages.

There's still a line of code (right after the line with the mysql_query() statement) that is fetching and discarding the first row from the result set - $row_Fleet = mysql_fetch_assoc($Fleet);

What's the actual statement that is in your php.ini? I suspect it is commented out.

America/New_York

mysql_real_escape_string() only protects against sql injection when used on string data. Most/all of your queries are expecting numerical data and mysql_real_escape_string won't stop sql injection in those cases. You must either validate your numerical data as being a only a number or cast it as a number to prevent sql injection. You only have error checking logic on one of your mysql_query() results. You need to have error checking, error reporting/logging, and error recovery logic on every query. You are also not always checking if a query returned any row(s) before attempting to fetch and use data that might not exist. You should use double-quotes to start and end your $sql = "..."; statements. This will allow you to put php variables directly into the statements and you won't need to escape single-quotes that you are putting inside the statements. Your get_responses() function is selecting three columns of data and all the matching rows, only to throw that result set away, because all you are doing in that function is to get a count of the number of matching rows. You should use count() in your query so that you only return the count and not all the data itself. You are outputting the category name in your links and other text 'content' on the page. You should use htmlentities() with the second parameter set to ENT_QUOTES on ALL text that you output (anything that is not a HTML tag) so that any html special characters in it won't break the html on your web page. Doing this will also prevent any XSS (cross site scripting) that someone includes in the external data values they send to your script.

That's because that code is invalid and produces an error. Exactly how are you displaying the data where it ends up being all on one line? In an editor? On a web page?

What character encoding are you using on the web page where you are trying to display the information? What does your whole 'view source' of the page show?

And closing a connection has nothing to do with security, better security, worse security, or any other kind of security.

If you save/export an Excel file as a .csv and you have fields that contain commas in the data, Excel will wrap that data inside of double-quotes. Have you actually tried what it is you are asking us about?

The fields making up a CSV generally have significance. If you just get the non-empty values, without regard to the position they came from in the CSV, you loose the meaning of that data. A string would be enclosed in quotes if it contains a comma that is part of the data and not a data separator or all string data values could be enclosed in quotes.

Define: ignore the "empty fields"? What do you want to do when there is an empty field? What end result are you trying to achieve (because I doubt using print_r() on your data is the final result.)

I would use an array of the choices and use the index/key value to pick and return the one you want. Edit: Code posted above ^^^.

The tutorial where you found this script states that the download contains - "a SQL file to create and populate the required tables." Someone in this thread also stated there was likely a .sql script file to do this. Did you look at the files that you were using?

You either haven't associated the data from each different sales transaction together with a unique identifier or you assumed something that isn't true (such as exclusive access to database values) when a race condition exists. It would take seeing all your code necessary to reproduce the problem, knowing how you are identifying what information comes from each sale transaction, knowing how you are storing the information, and exactly what result or symptom you are getting that leads you to believe sales transactions are getting inter-mixed for any one to have a chance at actually helping you with what is causing the problem.