PFMaBiSmAd

http://sourceforge.net/projects/upu/

1A) Redirect non-www. addresses to the www. version 1B) Use consistent addresses on all your pages (eliminates unnecessary redirects, see 1A.) 2) You can set the session.cookie_domain setting so that it matches all host-names/sub-domains of your domain.

Ummm. Since you have not shown either by an example or a statement of the rule(s) that determine what tables should be shown and what should be excluded, it is simply impossible to help you. Some possible guesses are to either use the LIKE 'pattern' in your query so that you only get the list of tables you are interested in or you will need to make a list of tables to not show and skip them when you echo the results.

I have the same question. What makes you think that is not secure? Edit: In programming, you cannot assume anything. You must have a state-able problem before you can solve it. What about showing the world the ID do you think makes it not secure?

http://us3.php.net/manual/en/function.str-pad.php

I recommend getting your page to work first without any pagination (a blank page usually indicates a fatal parse error due to bad php syntax.) Get your form to submit the data you want and the page to retrieve and display the data (even if it is all of the data.) You can then add the pagination. Here is an outline showing some of the things I mentioned (this also shows using count(*) to get the number of rows) - <?php include("includes/db.php"); mysql_connect($host,$username,$password) or die("Unable to connect to database server"); mysql_select_db($database) or die("Unable to select database"); // get or produce a list of the option values (ether a DISTINCT query, a specific table with the value/option, or an array) // for demo purposes an array is used - $options = array(); $options[0] = "Department"; $options[1] = "Internal Medicine"; $options[2] = "Cardiology"; $options[3] = "Pediatrics"; $options[4] = "General Surgery"; $options[5] = "Orthopedics"; $options[6] = "Obstetrics & Gynecology"; $options[7] = "Anesthesiology & Intensive Care"; $options[8] = "Accident & Emergency"; $options[9] = "Ophthalmology"; $options[10] = "Dermatology"; $options[11] = "Otolaryngology (ENT)"; $options[12] = "Dental"; $options[13] = "Pathology"; $options[14] = "Radiology & Imaging"; $options[15] = "Rehabitilation & Physiotherapy"; $options[16] = "Orthopedics"; ?> <div style="text-align:left;margin-left:14px;"> <div class="crumb"><a href="index.php">Home - </a><b>Doctor's Profiles</b></div> <div class="text"><b>Choose Department:</b></div><br/> <table><tr> <td style="vertical-align:top;"> <form action="profiles.php" method="post"> <select name="dept"> <?php foreach($options as $key => $value){ if($key == 0){ // special handling of the zero'th entry echo "<option value=\"0\">All Doctors</option>\n"; } else { echo "<option value=\"$key\">$value</option>\n"; } } ?> </select> <input type="submit" name="submit" value="Sort"/> </form><br/> <?php // check if the form was submitted - if(isset($_POST['submit'])){ $errors = array(); // array to hold validation errors // condition and validate the form data - $_POST['dept'] = isset($_POST['dept']) && is_numeric($_POST['dept']) ? (int)$_POST['dept'] : NULL; if(!is_numeric($_POST['dept'])){ // a number was not provided $errors[] = "The form data is not valid<br />"; } // check if the choice exists if(isset($options[$_POST['dept']])){ // found the index value, get the corresponding string $srch = $options[$_POST['dept']]; } else { $errors[] = "The supplid Department is not an available choice<br />"; } // process the form data if no errors - if(empty($errors)){ $table_name = "articles"; $where_clause = "WHERE cat='2' and descr LIKE '%$srch%'"; $count_query = "SELECT COUNT(*) as num FROM $table_name $where_clause"; $base_query = "SELECT * FROM $table_name $where_clause ORDER by id DESC"; // the pagination will add a LIMIT clause to the end of this // put your code here for the pagination, the actual query, and the presentation code that displays the results /* First get total number of rows in data table. If you have a WHERE clause in your query, make sure you mirror it here. */ $result = mysql_query($count_query) or die(mysql_error()); $row = mysql_fetch_assoc($result); $numrows = $row['num']; //.... pagination code to produce links ... // the actual query that gets the data for the page (the pagination produces the $offset and $rowsperpage) $query = "$base_query LIMIT $offset, $rowsperpage"; //.... code to display the results of the query and to display the pagination links ... } // end of no errors } // end of form was submitted // display any validation errors - if(!empty($errors)){ echo "The following errors occured -<br />"; foreach($errors as $error){ echo "$error<br />"; } } ?>

There are a number of things that are problems in your original code. Just trying other code that is either linked to or posted won't solve your problem if you are not even receiving the data values that you expect. 1) You should either build a list of the options and values from a database table or at a minimum use an array to define them, so that you can easily add new values. This will also allow you to simplify the code (any time you find yourself repeating blocks of code where only a value changes or that you must edit code in more than one place anytime a new choice is added, it is time to reconsider and optimize your code.) Doing this will also make it easier to see and find problems in your code because there will be less of it (i.e. you currently have a mismatch between what values are going into the <select> menu and what values your form processing code is using.) 2) Your form processing code currently does not test if the form was submitted AND your code relies on register_globals to magically populate the $dept variable from the correct $_POST['dept'] variable, so it is likely that your code won't see any value. Use the correct $_POST['dept'] variable (register_globals was turned off by default nearly 8 years ago, finally throws a depreciated error message when on in php5.3, and has been completely removed in upcoming php6.) 3) The last block of repeated code has an unused open else{ statement that is producing a fatal parse error and the current code is not even being executed. You should be learning php (or learning anything new in php), developing php code, and debugging php code on a development system with error_reporting set to E_ALL and display_errors set to ON in the master php.ini so that php will help you by displaying all the errors it detects. You will save a ton of time. 4) Doing some of the above will help you see what query you are actually forming so that doing the following will be clear - Your pagination code (and the code that TeddyKiller posted as well) may in fact be usable, but it requires that you use the same WHERE clause to find the total number of matching rows that you use in the actual query that retrieves the data. @TeddyKiller, the query in the code you posted that gets the total number of rows is extremely wasteful. It is selecting all the columns and returning all the rows in the result set, only to throw them away. You should use count(*) to only get and return a count of the matching rows, your web host well be most happy.

Yes, the variable name you are building the query string in is not the variable you are putting into the mysql_query() statement. If you were developing and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON, php would help you find basic errors like that. You will save a TON of time.

The form you posted in this thread submits correctly and once the error in the variable name is corrected, produces the expected INSERT query and attempts to execute it -

The following line of code is missing an underscore in the variable name - if ( empty($telephone1) ) { The reason the resulting 'Please Enter your Main Contact Number' message is not being displayed in the form to help you pin down this problem is because your variables names for the errors don't match between what you are setting and what you are displaying. You are apparently trying to develop and debug code on a system that does not have error_reporting set to E_ALL and display_errors set to ON to get php to help you.

One or more of your validation tests is failing. The reason I asked what the remainder of the code on the page is doing when $valid is not a 1 is because your code is apparently not displaying what validation errors did occur, which would help you pin down where the problem in the form or in the validation code is at.

If your form is being redisplayed, then the code where the header() statement is at is not being executed. What does your code on the rest of the page do when $valid is not equal to 1? In fact, to get the quickest solution to what the code on your page is doing or is not doing correctly, just post the whole actual code for that page. Have you actually checked that your form causes $_POST['submit'] to be set? Also, don't use .inc file extensions for included code. If someone guesses the name they can just browse to the file and see your database connection information. Always use a .php file extension for included code.

Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON so that php would report and display all the errors it detects?

The following should be the equivalent to the above (assuming no typo's and that I did not misinterpret what your data is) - // assumptions - parent 1-7 are all the values and you always select all of them // - you always display the whole menu (i.e. you can build a single string holding the whole menu) // if these assumptions are incorrect, some of the code reduction would need to be undone $sqlCommand = "SELECT name, parent, link FROM menu WHERE published='1' AND sublevel='1' ORDER BY parent, ordering"; $query = mysqli_query($myConnection, $sqlCommand) or die (mysqli_error()); $submenuDisplay = ''; $last_parent = NULL; while ($row = mysqli_fetch_array($query)){ if($row['parent'] != $last_parent){ // the parent changed $last_parent = $row['parent']; // remember the new parent value if($last_parent != NULL){ // finish the previous section $submenuDisplay .= '</ul>'; } // start a new section $submenuDisplay .= "<ul id=\"vbUL_button{$row['parent']}\" class=\"bar\" style=\"visibility: hidden;\">"; } $submenuDisplay .= "<li><a href=\"{$row['link']}\" title=\"{$row['name']}\">{$row['name']}</a></li>"; } $submenuDisplay .= '</ul>'; // finish the last section mysqli_free_result($query); One of the great points to strive for in using a database is to retrieve the data you want in the order that you want it. Then simply let your presentation code iterate over the data. If you find yourself repeating a block of code or putting a query inside of a loop, where the only difference are the value being operated on, you can almost always simplify the code.

select stores_title, stores_id from stores WHERE stores_title REGEXP '^[a-m]' ORDER BY stores_title

Both of the the things you are trying should work (even if the dates in that format are stored as strings.) You would need to show us the definition of that column (just in case), show the actual data values that are not producing the expected results, show the actual query statements, show the code that is producing the incorrect results, and show the results you are getting. Also, it is never too late to fix a design problem. If the values in the current field are in fact of the format that you have shown, you can simply alter the column data type and the values will be carried over (make sure you have a known good backup of the database first.) If the values are actually something else, you would need to add a new column of the correct type, populate it from the existing values (there are several methods that can be used to do this depending on the actual starting format), check that the values actually carried over, remove the old column, and rename the new column as the old one.

You are not specifying the file name portion of the destination in the move_uploaded_file() function.

Also - display_errors = on You will need to stop and start the IIS service (in the service control panel) to get any changes made to the master php.ini to take effect. Also, use a phpinfo() statement to confirm that the settings were actually changed.

Line 24 is missing the semi-colon ; and your code is producing a fatal parse error. To see fatal parse errors when developing and debugging code (to save a lot of time), you must set the error_reporting/display_errors settings in your master php.ini (when you have access to it) or in a local php.ini (when php is running as a CGI application.)

For debugging purposes (remove them when you are done), add the following two lines of code after your first opening <?php tag to get php to display all the errors it detects - ini_set("display_errors", "1"); error_reporting(E_ALL);

You should use an array and a loop. See example #3 at this link - http://us.php.net/manual/en/features.file-upload.post-method.php

None of your buttonsumofchain, buttonsumofdifference, ... $_POST variables are set, so $sql is not being set and your code is blindly attempting to execute a query on an empty $sql variable, hence the error message. You need to troubleshoot what is wrong with your form. Since you did not post it, I gave the most likely cause for IE to behave differently. Best guess is that your HTML is invalid and other browsers ignore the error while IE does not.

As long as the variable has a value at the time the code in template.php references it, what you are doing will work.

'1,4,3' is not an integer. It is a comma separated list of numeric digits.