PFMaBiSmAd

Your existing code can only add one item at a time to the cart (the form's 'Buy' submit button next to each displayed item), so there are no $_POST variables to be looping over. Ideally, you only need the submit button (so that you know you are adding to the cart) and the item id as $_POST data. Your design needs to be data driven. That means that you write general purpose code and you let the data control what is displayed and operated on, even for category navigation menus. You should have one table that holds all your items (your table named 'pans' implies you are planning on making different tables for different types of things.) You should not have separate pages like copperrange.php, steelrange.php. You should have one page where you pass the category id on the end of the url, something like shop.php?cat=123 You also query for the matching items and display them, rather than hard-coding each separate item you show on a page. The following is some re-factored code for a shop.php and cataction.php page that will get you a lot closer to what you need - shop.php - <?php // session_start(); // if there are no $_SESSION variables used on this page, no need for session_start() $cat_list = array(1=>'Copper Range',2=>'Steel Range'); // your list of category id's/descriptions (in a real application this would be retrieved from a database table) // get/condition the requested category $category = isset($_GET['cat']) ? intval($_GET['cat']) : false; if($category < 1 || !isset($cat_list[$category])){ // handle an invalid category here... // either setup a default $category or produce a menu to select a category... $category = 1; // for demo purposes, select the first available category } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title><?php echo $cat_list[$category]; ?></title> <link rel="stylesheet" href="styles/site.css" type="text/css" /> <?php //we need to access the stock table in the database to get the pan prices on this page // include the external script created to connect to database so it can be called from this page include ('databaseconnect.php'); // your database credentials should be inside of a file you include so that you don't need to repeat them in each file that needs them or accidentally post it in a forum //define some constants that can be used as parameters for the database connection function define ('HOST', 'localhost'); // database server address define ('USER', 'xxxxxx'); // database user name define ('PASS', 'xxxxxxxx'); // database password // pass these constants to the connect_db function to connect to my database $connection = connect_db(HOST, USER, PASS); // unless your connect_db function selects a database, your existing code and this code will fail at the mysql_query statement ?> </head> <body> <div id="header"> <h1><?php echo $cat_list[$category]; ?></h1> </div> <div id="mainblock"> <table> <?php // query for the items under the selected category and output them using a loop $query = "SELECT * FROM items WHERE cat_id = $category ORDER BY name"; $result = mysql_query($query,$connection) or die("Query failed: $query<br />Error: " . mysql_error($connection)); if(mysql_num_rows($result) < 1){ // no items for this category, handle that here... echo "No items found under category: $cat_list[$category]."; } else { // one or more items found while($row = mysql_fetch_assoc($result)){ echo "<tr><td><img src='images/{$row['image']}' alt='{$row['name']}' /></td>"; echo "<td><p>{$row['name']}<br />{$row['description']}<br />"; printf("£%.2f", $row['price']/100); echo "</p></td>"; echo " <td> <form method='post' action='cartaction.php'> <p> <input type='submit' name='submit' value='Buy' /> <input type='hidden' name='item' value='{$row['id']}' /> </p> </form> </td>"; echo "</tr>"; } } ?> </table> </div> <div id="footer"> <form method="post" action="cartaction.php"> <p> <input type="submit" name="submit" value="Show Cart or Checkout" /> <input type="hidden" name="cartaction" value="display" /> </p> </form> <ul class="navlist"> <li><a href="index.php">Go Back Home</a></li> </ul> </div> </body> </html> cartaction.php - <?php session_start(); $cat_list = array(1=>'Copper Range',2=>'Steel Range'); // your list of category id's/descriptions (in a real application this would be retrieved from a database table) ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <title>Pans for Your Kitchen</title> <link rel="stylesheet" href="styles/site.css" type="text/css" /> </head> <body> <div id="header"> <h1>Your Shopping Cart</h1> </div> <div id="mainblock"> <?php // get/condition input $submit = isset($_POST["submit"]) ? trim($_POST['submit']) : false; //If form is submitted, call the function and add the item to the cart if($submit == "Buy"){addToCart();} // your functions should be named to indicate what specific operation they perform function addToCart() { // if cart does not exist, create an empty cart if(!isset($_SESSION['cart'])){ $_SESSION['cart'] = array(); } // get/condition the requested item $item = isset($_POST['item']) ? intval($_POST['item']) : false; if($item < 1){ // handle an invalid item number here... die('Invalid Item'); // for demo purposes, just die } // $item is an integer > 0, add to cart/increase quantity in cart if(!isset($_SESSION['cart'][$item])){ // doesn't exist in cart, create it $_SESSION['cart'][$item] = 0; } // increment quantity in cart $_SESSION['cart'][$item]++; // display any information that you see fit here... } // generate category navigation menu $nav_menu = ''; foreach($cat_list as $key=>$value){ $nav_menu .= "<li><a href='shop.php?cat=$key'>$value</a></li>\n"; } ?> </div> <div id="footer"> <form method="post" action="checkout.php"> <p><input type="submit" name="submit" value="Goto Checkout" /></p> </form> <ul class="navlist"> <?php echo $nav_menu; ?> </ul> </div> </body> </html>

strtotime/date are two fairly slow php functions. Using them to format a date typically takes 8 times longer than doing this in your query. If your query contains the following - SELECT DATE_FORMAT(dob,'%Y-%M-%d') as formatted_date You can use the following php code to get the year, monthname, and day - $list($year,$monthname,$day) = explode('-',$row['formatted_date']);

list($year,$month,$day) = explode('-',$row['dob']);

In general, your queries should get the rows you want in the order that you want them, then you simply output the data the way you want when you iterate over the data. The two queries that only differ in the status_id value can be combined to get rows with status_id = 1 OR status_id = 2. You would then test the number of status_id values to determine what your code should do. See the following block of replacement code - <?php // get both active and inactive characters if ($access_level_id == 2 || $access_level_id == 3) { $query = "SELECT characters.id, characters.character_name characters.status_id FROM characters WHERE characters.id <> '".$default_character_id."' AND characters.status_id IN(1,2) ORDER BY characters.character_name"; } else { $query = "SELECT characters.id, characters.character_name characters.status_id FROM characters INNER JOIN user_characters ON characters.id = user_characters.character_id INNER JOIN user_accounts ON user_accounts.id = user_characters.user_id WHERE user_accounts.id = '".$user_id."' AND user_characters.character_id <> '".$default_character_id."' AND characters.status_id IN(1,2) ORDER BY characters.character_name"; } $result = mysqli_query ($dbc,$query); $data[1] = array(); // active character data $data[2] = array(); // inactive character data while ( $row = mysqli_fetch_array ( $result, MYSQL_ASSOC ) ) { $data[$row['status_id']][] = $row; } // process active characters if (count($data[1])) { if ($access_level_id == 2 || $access_level_id == 3) { print "<optgroup label=\"** Active Characters **\">"; // only show if there are status_id = 1 rows and if level 2 or 3 } foreach($data[1] as $row){ print "<option value=\"".$row['id']."\">".$row['character_name']."</option>\r"; // show all status_id = 1 options } } // process inactive characters if (count($data[2])) { print "<optgroup label=\"** Inactive Characters **\">"; // show if any inactive characters foreach($data[2] as $row) { print "<option value=\"".$row['id']."\">".$row['character_name']."</option>\r"; // show all status_id = 2 options } } If the status_id will only ever have a 1 or 2 for a value, you can remove the characters.status_id IN(1,2) from both queries.

You need to turn register_globals OFF, ASAP. They were turned off by default in php4.2 in April of the year 2002 (10 years ago this month) because they let hackers set your session variables and a lot of web sites have been taken over. They have also been completely removed as of php5.4, so your current code that relies on them won't work at all under php5.4. You still have not determined which of the two md5 values (database table or login) is correct, which would pin down if your registration script that puts the value into the table is the problem or something in your login script - And you do need to use the proper mysql_num_rows function in your script so that your script will work as intended under all versions of php. There were a few versions of php where someone, without any documentation, made mysql_affected_rows work the same as mysql_num_rows. AFAIK this has been undone and back to what the documentation states for those functions.

Each piece of data belongs in a separate row in your database table, with identifying information, such as the full date it corresponds with, not spread out in columns.

SELECT queries don't set mysql_affected_rows (in most versions of php.) You need to use mysql_num_rows to determine if a SELECT query matched any rows. Your registration logic is likely doing something, such as using a 'salt' string before performing an md5 hash. Have you checked what the md5() value of your password should be so that you know which one of those values is correct? What does the following show - echo md5('your_actual_password_here');

You have at least two problems - 1) Your database column is not large enough to hold a md5 value. Its 32 characters. 2) The password value in the php code isn't what you expect (it's likely empty), because the same portion of the two md5 values that are present would be the same.

Your query is finding one or more rows in the table. If that's not the result you expect, you need to troubleshoot why. Have you directly examined the data in your table to see if there is or is not a row with the current userid in it? Do you know for a fact that $_SESSION['userid'] contains the value you think it does? Debugging programming problems involves checking what your code and data is actually doing to find out at what point your code and data is doing what you expect and at what point they are not. I can guarantee that the problem lies somewhere between those two points. If you don't check what's actually going on with your data values or you don't narrow down the problem to a specific statement, a specific variable, or a specific value, you cannot find what is causing the problem (we cannot because we don't have access to your server and your data.)

filesize md5_file Files that are the same size, might be the same. Files that are not the same size cannot be the same. Files that have the same md5 hash/checksum, are likely to be the same. Files that don't have the same md5 hash cannot be the same. If files are the same size and have the same md5 hash, you would need to compare byte-byte to determine if they are the same or not.

Your form processing code isn't checking if a form was submitted, so the code on that page will run EVERY TIME the page gets requested (if the code is on a public web server, a search engine spider can find it and requested it.) You should also be validating the data from the form so that each value only contains an expected value (and not something like php code.) By validating that there is data, and not empty strings, you would also prevent overwriting the configuration file with empty values. Also, after your installation routine runs, it is customary to delete the installation script or have the script check if it has already completed so that a hacker cannot come along and re-run the install and mess up the installation.

After the explode, $option is an array. You would need to loop over that array and process each entry in the array.

You are only getting the last set of form data because you need to use an array for your form fields. See this link - http://us2.php.net/manual/en/faq.html.php#faq.html.arrays Because you have repeating sets of form fields, you would typically use the current data set's id as the array index so that when you loop over the resulting arrays in the php code (your current php code isn't currently looping, but it needs to), you can determine which set of submitted data values corresponds with each section of the form. You are apparently using javascript to submit your form. For the javascript you posted, the form data would arrive in $_GET variables, not $_POST variables (you had a previous thread thet was using $_GET variables.) Why are you using javascript at all, since you would need to iterate over all the form fields and process the data from each repeating set of form fields. Get your forms/form processing code to work without javascript first, then if you want to add some additional functionality in the browser, use javascript (you must be able to crawl correctly before you can walk.)

ucwords

If the row has an id, that is the id value you would use. What makes you think you would need two ids?

Without a definition of what it is you are actually trying to accomplish, it is not possible to write any code that does it. You are trying to: _________________________________.

The if() conditional statement is incorrect. The only time it will return the "Username or Password Not Found" error is if both the username and password are wrong, because you are using an && logical operator (you would need to use an || for it to work correctly, because you are using negative logic.) If only one of them is wrong, the else{} statement with your header() redirect will be executed. You do realize that by testing the [0]'th element of the result set, your code will only work when there is just one row in your database table, which is one of the reasons why thorpe suggested performing the logic check in your query statement (you would query to find the correct row, with the username and password in your database table, then test if the query matched exactly one row.) Edit: Which is why the original code that you just posted was doing what I stated in the second paragraph above.

Everything I posted above concerns <img > tags on web pages and forming URLs that the browser uses to fetch the image in order to display it. move_uploaded_file operates on files on the server, using file system paths, not URLs. A leading / on a file system path refers to the root of the current hard disk. To form an absolute file system path, starting at your document root folder, you would use $_SERVER['DOCUMENT_ROOT'] as the starting point, then append (concatenate) the path/filename.ext to get the absolute path to the file.

Sample code to dynamically output an image - <?php // file called using <img src="image.php?id=123" alt=""> $id = isset($_GET['id']) ? intval($_GET['id']) : false ; // get and condition id, setup default if id not supplied // setup default type/image in case of error (no id, invalid id, no matching image, query error) $type = 'image/jpg'; $default = 'error.jpg'; // assumes you have an error image file if($id > 0){ // make db connection and select db mysql_connect('localhost','your_dbuser','your_dbpwd'); mysql_select_db('your_db'); // query for the image mime type and image data $query = "SELECT type,image FROM your_table WHERE id = $id"; $result = mysql_query($query); if(mysql_num_rows($result)){ // query worked and image found list($type,$image) = mysql_fetch_row($result); } } // output the actual image or the default/error image header("Content-Type: $type"); if(isset($image)){ echo $image; } else { readfile($default); }

To dynamically output images from php, you normally use a separate .php script to output the actual image data. You would put the URL of this separate .php script into the src="URL_of_script_that_outputs_an_image" attribute. The main page would just form the correct URL and put it into the src="..." attribute. The query in the main page would not SELECT the raw image data, but would instead select the ID of the image. You would typically put a GET parameter on the end of the URL to specify the id of the image (so that you can use the same .php script for any dynamically produced image.) The <img tag would end up looking like - <img src="image.php?id=123" alt=""> This separate .php script would read the GET parameter $_GET['id'], validate it/cast it as an integer (since it is going to be put into a mysql query), form and execute a query that gets the content-type of the image (you can either store this in the database table row with the blob image data or you can use the image file extension to get the correct content type) and the raw image data. You then output a content-type header followed by the image data. You should be able to find an example showing this now that you know the general process.

Yes, I do. Did you read them, they tell you what the problem is - The folder that the session.save_path setting points to does not exist. You either need to create the folder (assuming that the session.save_path setting is correct and appropriate) or you need to correctly set the session.save_path setting so that points to a correct and appropriate folder for your hosting account (may require you to create a folder within your account's folder tree.)

You would use an array. Arrays are for sets of related data that you need to process. $var[1] = .01; $var[2] = .01; $var[3] = .98; With arrays, you can use php's array functions, such as array_sum to directly calculate the sum of the array, regardless of the number of elements in it, no looping required.

Images on web pages are requested by the browser using a URL, i.e. <img src="URL_of_the_image" alt=""> If you use a leading slash / on a URL, it forms a domain relative URL. When the browser finds a leading / in a URL that is on a web page, it takes the http://domain.com portion of the current page and appends the /some_path/some_file.ext to form the actual URL that it will request. Things like the following are file system paths on the server and don't have anything to do with urls or images on web pages - www/WEBROOT $_SERVER['DOCUMENT_ROOT'] include_path c:/wamp/www/website

Since it prevents the browser from caching the images, you should not be outputting images on a web page this way. It also results in a huge amount of data which slows down the sending and loading of the web page (base64 encoding is always larger than the raw image data.) Do you have a specific reason for trying to output the image this way?

Add the following two lines of code to both pages, putting it immediately after the first opening <?php tag, to see if there are any session related errors - ini_set("display_errors", "1"); error_reporting(-1);