PFMaBiSmAd

$newValue is already an array. Listing out all the elements of it inside another array is a waste of typing time.

Do you have php's error_reporting set to E_ALL and display_errors set to ON so that php would report and display all the errors it detects? You are likely getting a memory error when the script runs.

To reference just the date part of your datetime value - http://dev.mysql.com/doc/refman/5.5/en/date-and-time-functions.html#function_date

If you are going to do this, you need to output the question in the form of an image (that does not have a fixed/unique signature for each question) so that a bot script cannot simply scrape the question out of the html source and lookup the text answer or solve the math expression and post the answer. I was a moderator on a different php helo forum and the owner's office thought it would be a good idea to replace an existing traditional image based captcha (enter the letters/numbers you see) with a simple text based question/answer captcha, with a limited number of random questions/answers. The number of automated registrations (followed by spamming) went from one every few days to ~ 250 per day for a couple of days until the person that made the change got around to undoing what he did.

^^^ If by that you mean, list all the fields in the INSERT query statement - INSERT INTO your_table (field list) VALUES (value list), you should already be doing that so that the corresponding data will ALWAYS get put into the correct database table field. Having the list of fields in an array would also allow you to (eventually) validate each piece of submitted data and perform any unique conversions (your existing true/false data values and the start/end time data values don't match your database field definitions and require some extra processing to work in the query) by entering a list of 'rules' in the array entry for each field (that you eventually write code to make use of.) Assuming you had an array of the field names - $fields = array('jobDetailID','JobNo', ..., ...);, you can produce the query and pass it your existing array $newValue of data as follows - try { $dsn = "mysql:host=$host;port=$port;dbname=$database"; $db = new PDO($dsn, $username, $password); $statement = $db->prepare("DELETE FROM job WHERE jobDetailID = ?"); $statement->execute(array($tag)); $field_list = implode('`,`',$fields); $placeholders = implode(',',array_fill(0,count($fields),'?')); $statement = $db->prepare("INSERT INTO job (`$field_list`) VALUES ($placeholders)"); if(!$statement->execute($newValue)){ $err = $statement->errorInfo(); echo "Query failed: {$err[2]}"; } else { echo "Inserted: {$statement->rowCount()} row.<br />"; } } catch (PDOException $e) { echo 'Connection failed: ' . $e->getMessage(); }

I just realized that you are deleting and then inserting a row with the same index. You should just use one REPLACE query to do both of those things at once.

Prepared statements are not just about preventing sql injection, they are also about handling data values in a way that is appropriate for each data type, so that you don't need to, for example, escape each piece of string data that might have special sql characters in the data.

Each value you put into the query statement needs its own placeholder. So, you would need 55 of them. The syntax of the sql statement you put into the ->prepare(......) method is complete the way you would have written it without using a prepared statement, except it has a placeholder for each value and no single quotes around string values. You would also supply the $newValue array to the ->execute() method. You need to always have error checking and error reporting/logging logic in your code to get your code to tell you when and why it is failing. Some error checking/reporting to tell you why your existing code is failing - $statement = $db->prepare('INSERT INTO job VALUES (?)'); if(!$statement->execute(array($sqlString))){ $err = $statement->errorInfo(); echo "Query failed: {$err[2]}"; }

@bleured27, the code you are posting is also out of date and doesn't work at all on the latest php version.

The Menu Positioning Code block is ALWAYS updating cat_position=NULL. If none of the specific conditional statements in that block are true, you have an else {} statement in that block that is updating cat_position=NULL. So, when you run that final update query that sets cat_position='{$cat_position}', the row IS being UPDATED, unless $cat_position contains the literal string NULL and even then, because you have single-quotes around it in the query statement, mysql won't treat it as the mysql NULL keyword, but as a string data value consisting of the letters - N, U, L, and L. Also, in the Menu Positioning Code block, the second UPDATE query inside each conditional block doesn't have cat_id = {$edit_cat_id} in the WHERE clause, so they are updating the entire table, regardless of the cat_id value. I'm not sure if that is or is not what you are trying to do in that code. I recommend you clean up all the excess white-space in your code so that related code can be seen all at once in your editor. If values are numbers, don't put single-quotes around them inside query statements.

I'm going to guess you have two different mysql connections and since you aren't using the $connection link resource in the mysql_affected_rows statement, it is using the result from a query on the other (last) connection, not the connection in the code using the $connection variable.

This forum section is not forgotten. In fact, this thread has been read 175 times at the point I am posting this. All the 'I want' threads get read, they just never get answered. The reason most of the "I want" threads go unanswered, no matter where they are posted, is because they are basic research (i.e. re-search = keep searching) that the OP should be performing himself, since only the OP will recognize when he has found something that has the features that he wants. We are not here to preform research for people. We are here to provide specific programming expertise and knowledge that is beyond the basics that everyone can learn by reading available documentation. If out of the 175 times this thread has been read, if no one has replied, either no one knows an answer or understands the question (which is why when bumping a thread without adding information or clarifying the question, your bump posts are likely to get removed), or more likely no one is going to spend their free time looking for something that you want and should be researching for yourself. You should be actively looking for the things you want, rather than repeatedly bumping a thread and sitting around waiting for an answer.

<?php $status = 'senior'; // fake for demo purposes $options = array("new","junior","senior","expert"); echo "<select name='some_name'>\n"; // if the current status is one of the valid choices, output it first if(in_array($status,$options)){ echo "<option value='$status'>$status</option>\n"; } // output the remainder of the choices foreach($options as $option){ if($option != $status){ echo "<option value='$option'>$option</option>\n"; } } echo "</select>\n";

<?php $last_heading = NULL; // initialize to a value that will never exist as data while($row = mysql_fetch_array($result)){ $new_heading = $row['.....']; // get the data value that changes to trigger closing the previous section and start a new one // detect if there is a change in the heading if($last_heading != $new_heading){ // detect if not the first section if($last_heading != NULL){ // this is not the first section, code to close out the previous section goes here... echo "close out the previous section here..."; } // code to start a new section goes here... echo "start a new section here..."; $last_heading = $new_heading; // remember the new heading value } // code to output the data under the section goes here... echo "data under each section..." } // detect if there were any sections at all and close out the last one if($last_heading != NULL){ // code to close out the last section goes here... echo "close out last section here..."; }

The reason your existing code doesn't actually output the echoed message to the browser before it redirects is because your php.ini has output_buffering enabled, so the output you are sending is being held in the buffer, then discarded when the header() redirect occurs.

DON'T use a cookie to hold the user's rank. You will almost immediately have everyone become an administrator to your site since anyone can edit a cookie and put any value they want into it.

The variable name you are using for the mysql_pconnect link resource isn't the variable you are using in the other mysql statements that expect that link resource.

The problem is not the header() statement, its the output you are sending to the browser prior to the header() statement. Did you read error message you are getting?

All string data that is put into a query statement that might contain sql special characters must be escaped so that the special sql characters in the data don't break the sql syntax. See this link - mysql_real_escape_string

Your code inside of the while(){} loop is reusing the $result variable, so after the first pass through the loop, $result no longer contains the result resource from the select query. Make sure you know which variable you are using where.

If magic_quotes_runtime is on, fread will escape the data. Using addslashes will escape it a second time, leaving it invalid. What does var_dump(get_magic_quotes_runtime()); show on both systems? Also, using GD functions just to save an image you retrieved from a database as a file is A) wasteful, you can just save the binary data to a file and B) modifies the image because the default quality level for imagejpeg is 75%.

Please use the forum's bbcode tags (the edit form's # button) when posting code.

No. A link is a link. When clicked, it goes to the target page that is in the link. You shouldn't have separate pages anyway, because anyone can enter a page address into their browser's address bar and request any page. The code on each page must enforce who may access that page and what anyone can do or see on any page. You should have one link that goes to a 'home' (index) page and the code on that single page tests what privileges the currently logged in user has and output the appropriate content/menus... on that page.

I would recommend using defined constants for your numerical levels, so that you can change them easily, if needed, by changing the constant values, rather than going through all the code and finding and changing the literal numbers throughout it. It will also make your code easier to understand. define('ADMIN',30); if ($rank >= ADMIN){... admin only code ...}

A) You already have a function, isLoggedIn(), that returns the logged in state. You should use that function everywhere. B) session_is_registered was depreciated over 10 years ago. You should be testing the $_SESSION variables in your isLoggedIn() function. C) You need an exit; statement after your header() redirect to prevent the remainder of the code on the protected page from running while the browser performs the redirect. Without the exit; all you need to do is ignore the header redirect and you have full access to the 'protected' page. D) Do you have a session_start() statement, before sending any characters at all to the browser, on every page that sets or references a $_SESSION variable?