PFMaBiSmAd

Single-quotes go around string data values in sql statements, not around table and column names.

You need to find what is actually causing the problem and fix it. What exactly is in your connect.php file? xxxxxx out any sensitive information, but don't change any of the actual syntax when you post it. Post the opening and closing php tags as well. Also, post your main file from the first line of it through and including the include statement. Have you checked to make sure that there are no characters in your connect.php file before the <?php tag or after the ?> tag? Also, if your connect.php file has been saved with the BOM (Byte Order Mark) characters, it will likely mess up your page. When you do a 'view source' of your page in your browser, what exactly is present in the output at the point where the connect.php file was included when the page was generated?

Posting the actual fopen statement and the url you are trying to use would help. xxxxxx out any part of the url you don't want to post, but don't change any of the actual syntax you are using.

noXstyle, sorry to shoot down your suggested code, but you should never blindly loop over external data and populate php program variables based on keys/names from the external data. That emulates what the hacker-friendly register_globals did and allows a hacker to set any program variable to any value he wants. If the code in question has any security related variables - $loggedin, $admin, $userid, ..., your code just provided a hacker with a way to become logged in, an admin, or any userid he chooses. You would instead loop over an array or list of expected external variable names or add a unique prefix to the resulting php variables that would prevent overwriting any existing php variables.

You are using the PDO extension (based on the connection code you posted.) You would use PDO methods and properties for executing queries and retrieving data, not sqlsrv_ statements.

What's the exact mysql_connect and mysql_select_db statement that does work?

There's nothing wrong with the code you posted, provided $this->color contains exactly any one of those values. What does $this->color contain, exactly? And are you sure?

Yes. All the computers within the same local network will share the single public ip address of the router.

There's no way to identify a computer over the Internet unless you get that computer to store and send a cookie value with the http requests. The MAC address is not sent with http requests.

What you are suggesting won't work when there are two or more computers with the same browser in the same network/same ip address. This situation would commonly occur in households, companies, universities, businesses providing wifi hot spots, ...

From where would you be getting the user id? It would need to come from the browser with the http request in order to distinguish which of the multiple possible users just made a request from the same ip address. The only information you get with each http request is the ip address, the URL (paths and get data), any headers (which includes cookies, session id cookie, and browser user agent), and any post data.

Umm. Find_in_set should have worked, even though you should not have a comma separated list that you want to search. Since your reworked design doesn't match the rows you think it should (and your original design didn't either), it's likely that there is something about the actual data values that is preventing a match, such as a white-space character that isn't what you expect or extra white-space characters before or after the data value. The query you just posted is trying to find 'study 2' (presumably - study space 2). Are you sure your data has that exact value in it? How did this data originally get inserted? You would need to post a data dump of the rows you expect your query to match, for any one here to directly be able to help.

I know nothing about ASP, but inference works great in problem solving, the following should work (depending on the format of the supplied dates) - <?php function _getdate($beg,$en){ // assuming "YYYY-MM-DD" date format list($beginYear,$beginMonth,$beginDay) = explode('-',$beg); // split date into parts list($endYear,$endMonth,$endDay) = explode('-',$en); // split date into parts $months = Array("0", "January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December"); If($beginYear < 1000) $beginYear += 1900; If($endYear < 1000) $endYear += 1900; $getdate = $months[intval($beginMonth)] . " " . $beginDay; If($beginYear != $endYear){ $getdate .= ", " . $beginYear; } If($beginMonth != $endMonth || $beginDay != $endDay){ $getdate .= " - "; } If($beginMonth != $endMonth){ $getdate .= " " . $months[intval($endMonth)]; If($beginDay == $endDay){ $getdate .= " " . $endDay; } } If($beginDay != $endDay){ $getdate .= " " . $endDay; } $getdate .= ", " . $endYear; return $getdate; } echo _getdate('2011-04-01','2012-05-17');

It would probably help if you gave an example of what the beg and en date format is going to be in your php script.

list($year,$month,$day) = explode('-',$date);

You should be using the prod_id column in the WHERE clause in your handlevogn table UPDATE statement, as that's the column that is getting the produkter.ID value. You should also be forming your query statements in a php variable so that you can echo them to see if they contain what you expect. Had you echoed the query statement and then compared it with the row you are expecting it to operate on in your table, you would have seen that you are mixing up the ID columns.

You probably have a non-printing character as part of the price value, making it an invalid number. How did price information originally get inserted into the produkter table and what is the definition of the price column? AND as already stated, you should not even be keeping a calculated total in each cart row.

A) You should NOT store a value in a row that is derived from other values in the same row. That creates redundant data that you must now maintain. B) Show us an example of the price and quantity values in the row you are trying to update. You either have a zero quantity in that row or a price that isn't a valid number. Edit to match your edit above: By putting single-quotes around it, you are making it a string, consisting of the letters - q, u, a, n, t, ... When treated as a number, a non-numerical string will evaluate as a zero.

Here are two ways to handle the duplicate - 1) Leave the query as is and then specifically test the error number that is returned to see if the query produced a duplicate key error. You will need to experiment to find that error number, I think it is 1062, but don't take my word for that. 2) Add the IGNORE keyword to your query statement. If a duplicate key error does occur when the query runs, the error condition won't be returned. You can use mysql_affected_rows to check if the row was inserted or not.

You would need to use the following in your WHERE clause - FIELD(month,'Jan','Feb','March','Apr','May','Jun','Jul','Aug','Sept','Oct','Nov','Dec') <= MONTH(CURRENT_DATE) If you instead store the numerical month value (and convert it to the month abbreviation for display only), your queries will be greatly simplified and will execute faster.

You should NOT have separate tables for each round. You are creating a nightmare of data management. You should have ONE table that holds the data, with a column that indicates the round that data belongs to. You would then simply put the submitted round number (after validating it/casting it as a number) into the WHERE clause in your query statement to match just the rows for that round.

Sql injection literally means injecting sql statements into your queries and getting those sql statements to run on your database server, typically for the purpose of reading the content of your database tables or bypassing login queries... Your current problem is your code isn't validating any of the submitted data, so, anyone or a bot script can submit any sort of nonsense and your code will blindly insert it into the database table. You need to search for 'php server side form validation'. All external data cannot be trusted. It can be anything. You must validate that it is only what you expect and ignore invalid submissions. If you expect a person's name in the $_POST['name'] field, that is what you need to validate it for. Most names will not be empty, nor longer then your name field in your table and will only contain upper/lower case letters and perhaps a space, a ', and maybe a .. Email addresses are of a specific format, a minimum length, and a maximum length. Valid questions/comments would also contain only a specific set of characters, numbers, punctuation, and with a minimum and maximum length. It is up to your code to validate each piece of data before ever putting it into a query statement. After you have validated all the external data, you need to use mysql_real_escape_string on string data and cast/force numerical data to be only numerical values before putting them into query statements. This will prevent sql special characters that might be in the data from breaking the sql syntax and it will prevent sql injection.

You would use one or the other of the statements I posted, not both. You also need to execute the statement AFTER you execute the INSERT query, not before.

If the problem is a php script execution time limit, just set the time limit to a longer reasonable value - set_time_limit If you are trying to optimize the execution of your script, breaking the file into parts won't directly help. Your code still has to eventually read through and process all the lines in all the files. If you want us to suggest ways of optimizing your script, you would need to post your script along with some sample data. If you are executing a database query inside of a loop, it generally takes more time to for php to send the query statement to the database server and if using a prepared query, to send the actual data to the database server, then it takes for the query itself to run on the database server. It is generally most efficient to reduce the number of queries by forming a multi-value insert query and insert several 100 to several 1000 rows of data in each query (depending on how much data is in each row so as to not exceed the maximum length for one query.) Edit: Are you sure the problem isn't a memory usage problem? Do you get any php errors when you set php's error_reporting to E_ALL and display_errors to ON? Edit2: It is also more efficient to use php's array functions, such as array_walk, to perform the same operations on all the data within an array, rather than looping over each element in the array.

After the point where your INSERT query successfully executes, you can use either one of the following statements to get the last insert id - <?php $last_id = mysqli_stmt_insert_id($stmt); $last_id = mysqli_insert_id($dbc);