PFMaBiSmAd

Php needs to be shown where array variables start and end at inside of a double-quoted string, by surrounding the array variable in {} - $tabel .= "<td>{$matrix[$y][$i]}</td>";

So are we. [rant] The only way program variables should be set is if there's code to set them. register_globals has caused a huge amount of wasted time. They have also allowed a lot of web sites to be taken over, since you can set $_SESSION variables and program variables to any value you want, by simply suppling $_GET variables with the same name as the session or program variable. When this problem was first known, back in php4.2 in the year 2002, and register_globals were turned off by default, they should have been permanently and irrevocably tuned off. At that time, only a few thousand or a few 10's of thousands of web sites would have been affected, and those scripts/sites relying on register_globals would have all been updated long ago. However, since web hosts, the WAMP/LAMP packages, and php distributions continued to turn the setting on, you now have a large army of php coders, tutorials, books, schools, ..., created over the last 10 years, that think program variables are supposed to be automatically set from external data and don't even know about the security hole present. There are also a lot more web sites today (in the order of 100's of thousands) that are dependent on register_globals that will break under php5.4 (where this mess has finally been removed) and will now need to be upgraded to not rely on register_globals or will need to forever find a web host that offers an old version of php. Every lazy-way short-cut that was put into php in the early days, that made it easier to turn in 'working' code in a programming class, by saving a little typing or getting the language to do something that the programmer should have been doing only when and where he wanted it happen, have been shown to create problems for people trying to use the language in real life. [/rant]

P.S. The INNER JOIN footballodds o1 ON o1.gameid = f.id in the above should be a LEFT JOIN since you might not have data in the footballodds table for every fixture.

Here's code, based on the abbreviated code that you posted - <?php $query = " SELECT f.id, f.date, th.name home_name, ta.name away_name, o1.outcome, s.name site_name, o1.price FROM footballfixtures f INNER JOIN footballteams th ON th.id = f.home INNER JOIN footballteams ta ON ta.id = f.away INNER JOIN footballodds o1 ON o1.gameid = f.id INNER JOIN sitenames s ON s.id = o1.companyid WHERE price=(SELECT MAX(o2.price) FROM footballodds o2 WHERE o1.outcome = o2.outcome) AND o1.type='Match Betting' ORDER BY f.id, FIELD(o1.outcome,'Home','Draw','Away') "; $result = mysql_query($query); echo "<table>"; $last_fixture = null; // remember fixture (to detect when it changes) while($row = mysql_fetch_assoc($result)){ if($last_fixture != $row['id']){ // fixture changed (or is the first one) if($last_fixture != null){ // not the first one, close out the previous fixture echo "<td width='80' class='greymatchbar'><a href='/test/Betting/".$var2."/".$var3."/".$var4."/".$row['id']."/".$homename."-".$awayname."/Win-Draw-Win'>See All</a></td></tr>"; } // output the start of a new fixture $maindate = date("G:ia",$row['date']); $homename = $row['home_name']; $awayname = $row['away_name']; echo "<tr class='rowmouseover'><td width='160' class='greymatchbar'>".$maindate."</td><td width='300' class='greymatchbar'><a href='/test/Betting/".$var2."/".$var3."/".$var4."/".$row['id']."/".$homename."-".$awayname."/Win-Draw-Win'>"; echo $homename." v ".$awayname."</a></td>"; $last_fixture = $row['id']; // remember the fixture } // output the data under each fixture (Home, Draw, Away) echo "<td width='60' class='greymatchbar2' align='center' title='".$row['site_name']."'>".$row['price']."</td>"; } // close out the last fixture (if any) if($last_fixture != null){ echo "<td width='80' class='greymatchbar'><a href='/test/Betting/".$var2."/".$var3."/".$var4."/".$row['id']."/".$homename."-".$awayname."/Win-Draw-Win'>See All</a></td></tr>"; } echo "</table>"; ?> The query statement in this code has two minor additions from the post above this one.

The following single query will replace all those queries - $query = " SELECT f.date, th.name home_name, ta.name away_name, o1.outcome, s.name site_name, o1.price FROM footballfixtures f INNER JOIN footballteams th ON th.id = f.home INNER JOIN footballteams ta ON ta.id = f.away INNER JOIN footballodds o1 ON o1.gameid = f.id INNER JOIN sitenames s ON s.id = o1.companyid WHERE price=(SELECT MAX(o2.price) FROM footballodds o2 WHERE o1.outcome = o2.outcome) AND o1.type='Match Betting' ";

In your footballodds table, are there only three rows for each gameid AND type='Match Betting'? I.e. one for outcome='home', one for outcome='draw', and one for outcome='away'? Edit: I visited your site (url in a previous thread) and found the answer - you have ~14 different rows for each. Short-answer: By using joins, you can do all that in one query. The reason for the footballodds question is, if there are only the three rows for each gameid/type='Match Betting', the query is simpler, since you don't need to find the maximum price for each outcome.

The most efficient way of using php and a multi-value insert query, is to get as much data as possible into an array (each entry is a formatted string of data ready to go between the () in the query), then use array_chunk to replace that array with a chunked version of itself (which uses the least amount of available memory and gets php to do the work instead of looping over each piece of data again), the chunk size is the number of rows you want to place into one query. You then loop over the chunks and implode each chunk to produce the data for the query statement. If you exceed the maximum packet size in one query, you will get a 'server has gone away' error from your error checking logic. For test data with only a few fields, I have inserted 50k rows in one query. For typical things you would see posted in the forum, I use a block size of 10k rows. edit: added [m][/m] tags

Also, it is very inefficient to run any kind of query inside of a loop. The time it takes php to send the query statement/data (when using prepared statements) to the database server is usually longer than the time it actually takes the database server to insert the data into the table. By forming a multi-value insert query, where you insert as many rows of data as possible (limited by the maximum packet size for one query statement) at once, would be the quickest php based way of doing this. You would typically insert 2k-5k rows at one time. An even more efficient way would be to parse the xml data into a csv file and use a LOAD DATA LOCAL INFILE query to get the data into a table at the highest speed possible. If this is your database server, where you can place the file into a location where the database server can directly read it without going through the client (php), a LOAD DATA INFILE query (without the LOCAL keyword) would produce the fastest possible result. From the mysql documentation -

I have just been reviewing code you have been posting. You are changing which $_SESSION variable you are using all over the place. One time you post, it's $_SESSION['id'], the next time it's $_SESSION['user_id']. Until your code starts using the same variable everywhere, you are not going to get this to work.

If you goto www.yourdomain.com and do this, A) Logout works as expected, B) But your logout redirect returns to an index2.php page. I suspect that you have some .htaccess redirecting and/or url rewriting going on and/or multiple logout.php pages and multiple index.php and index2.php pages.

The only specific problem I can see is in core/init.php. The following line - $session_user_id = $_SESSION{'id'}; should probably be - $session_user_id = $_SESSION['user_id']; I actually ran your code, bypassing what I don't have, and log in and log out works as expected, as far as I can tell. Do you have php's error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that ALL the php detected errors will be reported and displayed?

If your code runs without any php syntax or sql syntax errors, any highlighting anomalies are due to the forum software.

It would probably be a good idea if you shared what this script is from? I'm guessing you didn't write this, but are trying to debug it. You are trying to sneak up on a problem, by posting snippets that you think are where the problem is, but debugging code doesn't work that way, especially if you are not the one doing the debugging and you want someone in a help forum to actually help you without it taking three pages of posts to pin down the problem. Nothing you posted above is identified as being in or for index.php. Without that whole picture, no one here can possibly help you.

Last guess, without seeing all the code needed to reproduce the problem - you have some code in index.php or in includes/widgets/login.php that is setting $_SESSION['id']. Probably in a conditional test that only has one = sign (an assignment operator) instead of two == signs (an equal comparison operator.) If that's not it, you will need to post all the code (less any database credentials) that reproduces the problem.

^^^ Your logged_in() function is testing if $_SESSION['id'] isset. Assigning a zero to it is setting it.

That would mean that a changing path in the URL isn't causing multiple different sessions to exist for one client (browser.) The problem can still be due to URL's that are changing back and forth between having and not having www. in them. What does the phpinfo() statement show for the session.cookie_domain? (it's very likely empty as that is the default value and it would require you to specifically be setting it.) Since we don't have all your code needed to reproduce this problem, you would need to debug exactly what is occurring. For your logout code to clear the same session data that corresponds to your log in code, you need to have the same session id on the log out page that you have on your log in page (and in the session id cookie in your browser.) You can echo session_id(); in your code to see what the current session id is. You can also check the session id cookies in your browser to see if there is more than one matching your base domain, there would be one cookie for www.yourdomain.com and one for just yourdomain.com

To test the year for the <1900 condition, you would write a simple if(){} conditional statement.

Because you are redirecting around all over the place, I suspect you have more than one session going on, either because you are switching back and forth between having and not having the www. on the url and/or you are changing paths in the url. See the following post (concerns trying twice to log in, but might be related to your not being able to log out) http://forums.phpfreaks.com/index.php?topic=360649.msg1705611#msg1705611 Are all your URL's consistent, i.e. all with or all without the www. on them? What does a phpinfo() statement show for the session.cookie_path setting?

There is already a thread about the search - http://forums.phpfreaks.com/index.php?topic=361356.0 And an announcement as well - http://forums.phpfreaks.com/index.php?topic=361331.0

All the information that was posted in this thread is public information. Your signup date is listed in your public profile. All your posts and threads can be searched for several different ways by anyone.

Probably because the size of the file also exceeded the post_max_size setting, which causes both the $_POST and $_FILES arrays to be empty - For upload form processing code, you need to test if the $_POST/$_FILES array are not empty, before you test any values in those arrays. If the $_POST array is empty, your if(isset($_POST['submitbutton'])){ statement will always be false. To detect if an upload form has been submitted, we typically suggest using the following logic to test if a form has been submitted - if($_SERVER['REQUEST_METHOD'] == 'POST'){ // a post mode form has been submitted, test if the $_FILES array is not empty and that the ['error'] element is zero // you could also test if the ['error'] element is set and is equal to zero or you can test if the ['error'] element is exactly (===) equal to zero }

Your current error is because of the or die() statement that is part of that nested logic. When the mysql_query() produces a result resource and you logically or that value, rather than assign it to a variable, the value supplied to the outer mysql_result function is no longer a result resource. You should never nest functions that can fail due to an error, since it prevents proper error checking (did something fail or not), error reporting (output a user message and log the actual error so that you can find and fix problems), and error recovery (take an appropriate action in your code to recover from the error condition.) Nesting functions like that might produce 'cute' code, but it's poor programming. P.S. I removed the new thread you started for this same code/same error. Don't start new threads for the same problem. P.P.S. Programming requires a large amount of patience. Don't start madly bumping your thread.

If you mean a bunch of switch/case statements that all repeat the same code, but just use different values, yes, you would generally use an array to hold the different sets of data values, select the proper set of data based on the input selection, then have just one set of code to process the selected values.

Your WHERE clause in the update query is trying to test: id='ID'. You would need to use a variable that actually holds the id value. The reason your code reports that the update was successful, is because the update query is successfully running (it did not fail due to an actual error.) To test if the update query actually updated a row, you would need to use the mysql_affected_rows function.

CrashOkami, the reason your code is going to the ELSE clause is because none of the variables being set from the $_POST data, are actually being set. Since the connection to the database does not exist at the point where the mysql_real_escape_string statements are at, those statements are triggering a bunch of php errors and returning NULL values. This is also why you need to have php's error_reporting set to E_ALL and display_errors set to ON when you are trying to debug any code. You need to make the database connection before calling any other mysql_ function. The reason you cannot insert data with single-quotes in it, is because your code must escape all string data being put into a query statement OR use prepared sql statements (which are supported in mysqli and PDO) so that any special sql characters in the string data don't break the sql syntax (which also allows hackers to inject sql.) The purpose of the mysql_real_escape_string function is to escape string data being put into a query statement. When using mysql_ (no i), you must use mysql_real_escape_string on string data. When using mysqli_ (with the i) without using prepared statements, you must use mysqli_real_escape_string on string data. When using mysqli_ (with the i) with prepared statements or using PDO with prepared statements, you don't need to specifically escape string data being put into a query. For non-prepared statements, numerical data should be validated or cast as the appropriate numerical data type, since it is normally used in a query statement as a number and escaping it won't prevent sql injection.