[[SOLVED] fetch array not working like I thought it would]

thanks

[[SOLVED] fetch array not working like I thought it would]

I am trying to post a detail message and say who the message was posted by. (the owner of the message) but it doesnt work quite right it says posted by the word "ARRAY". Some reason its not getting the name from the database.

 

Can someone tell me why this is?  here is my code..

//get owner of post
$get_owner_sql = "SELECT post_owner FROM forum_posts WHERE topic_id = '".$_GET["topic_id"]."'";
$get_owner = mysqli_query($mysqli,$get_owner_sql);
$post_owner = mysqli_fetch_array($get_owner);

//create the display string
$display_block = "
<p>Showing posts for the <strong>".$topic_title."</strong> topic by ".$post_owner.":</p>
<table width=\"100%\" cellpadding=\"1\" cellspacing=\"1\" border=\"1\" bordercolor=\"#000000\">
<tr>
<th>POST</th>
</tr>";

[[SOLVED] small question about syntax]

thanks Ceasar!!..........reply to other message.what I meant by error with session ID is that I know their was something wrong with that part of teh code, thats all. . 

[[SOLVED] small question about syntax]

can someone tell me how I cna add this session into this block of code?  I get error with the session ID.  I am trying to display the ID by name.

	//create the display string
$display_block = "
<p>Showing posts for the <strong>".$topic_title."</strong> topic by .'"$_SESSION['identity']"'.:</p>
<table width=\"100%\" cellpadding=\"3\" cellspacing=\"1\" border=\"1\">
<tr>
<th>POST</th>
</tr>";

[[SOLVED] unable to insert all my values into the database]

I got it. 

[[SOLVED] unable to insert all my values into the database]

yep because I can display it on the page like so.......<?php echo ($_SESSION['identity']); ?>  I just cant insert it into the database. and I do have my colunm names in the table correct otherwise I would get an error which I dont get.

[[SOLVED] unable to insert all my values into the database]

can someone tell me if I have an error in my code because its not inserting my $_session['identity']  into the database.   I know the session has a value because I am able to display it on the page. it just wont insert it into the database.    

//create and issue the first query
$add_topic_sql = "INSERT INTO forum_topics (topic_title, topic_create_time, topic_owner) VALUES ('".$_POST["topic_title"]."', now(), '".$_SESSION['identity']."')";
$add_topic_res = mysqli_query($mysqli, $add_topic_sql) or die(mysqli_error($mysqli));

[[SOLVED] found a security flaw in my logon page]

I made a mistake.  This is why it wasn't working in firefox......

 

header("Cache-control: must-revalidate");

 

so I deleted it

[[SOLVED] found a security flaw in my logon page]

no, I figured out what was going on. Firefox has a session manager that saves the sessions. Which I think is not secure ifon a public computer.

[how to populate data into text fields on page load??]

here is what I have and I cant get it to display data in the fields. i know my querey works because I Am able to diplay data on page just not in the fields. 

//create query and retrieve record of user logged on 
//create and issue the query
    $SQL = "SELECT * FROM auth_users";
// WHERE username = '".$_SESSION['identity']."'";
   $result = mysqli_query($mysqli,$SQL);
   $row = mysqli_fetch_array($result);
   ///part of form code///
  <td bordercolor="#000000"><input name="firstname" type="text" id="firstname" size="30" maxlength="30" value="<?=.$row['f_name']?>">/>

[how to populate data into text fields on page load??]

I am creating an account management page that shows the user's contact information and I would like to populate the textfields so that the user doesn't have to type in all his information when he wants to change something.  I want to have him type in only the information he wants to change or update. 

 

I already have the data displayed on the page. But now I would like to take the data and fill in the textfields with it. If somone show me a small example would appreciate it?

[[SOLVED] not sure if query is getting correct value from database]

thanks for the replies and sharing your knowledge   I got it to work.

[[SOLVED] not sure if query is getting correct value from database]

Can someone tell me if I have any errors in this code?  For some reason it goes to the error page everytime, even though it has a value of 0 in the column confirmkey.  I am able to update the field 0 or 1 for confirmkey at the approriate places in my code but this if condition is not working like it should.  If confirm key is 0 its supposed to execute the rest of the code and if its a 1 its supposed to go to the error page.  can someone tell me if I did this query right?

 

//gets query for confirm key 
$checkemail = trim(strip_tags($_POST['email']));
$sql0 = "SELECT Confirmkey FROM auth_users WHERE email = '$checkemail' LIMIT 1";
$key = mysqli_query($mysqli, $sql0);

if ($key == 1) {
  header("Location: ../error.html");
  exit();
}	

[[SOLVED] found a security flaw in my logon page]

this doesn't work in firefox only IE.  Anybody knows why this is???

[question about sessions?]

can someone tell me what is the difference between these two codes??

 

//sets session to authenticate
$_SESSION['loggedin'] = "yes";
             $_SESSION['id'] = $username;
             $sess_id = session_id();
             session_write_close();

     

 

//sets session to authenticate
$_SESSION['loggedin'] = "yes";
             session_write_close();	

     I am using the second code and it works but it was reccomended use the first one.  I know it sets a session ID but what for? or why do I need to set a session ID?

 

[[SOLVED] found a security flaw in my logon page]

thanks thats exactly what  I was thinking

[[SOLVED] found a security flaw in my logon page]

I have a login script that checks the username and password in a database and checks for a match if so it gives them access to a web page if not it redirects them back to the login page and gives them an error.  But I found out if the user types in the web address of that authorized web page it will display in the browser anyway.

 

Can someone tell me how to secure this? Do I use IP address, sessions, cookies, etc..??? What would be the most effecient way.

 

here is my login script.........

<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}
//connect to server and select database
$mysqli = mysqli_connect("localhost", "root", "", "test");

//trims and strips tags
$checkuser = trim(strip_tags($_POST['username']));
$checkpassword = trim(strip_tags($_POST['password']));

//create and issue the query
$sql = "SELECT username, f_name, l_name FROM auth_users WHERE username = '$checkuser' AND password = sha1('$checkpassword') LIMIT 1";
$result = mysqli_query($mysqli, $sql);

//gets number of unsuccessful logins
$sql1 = ("SELECT failed_logins FROM auth_users WHERE username = '$checkuser' LIMIT 1");
$result1 = mysqli_query($mysqli, $sql1);
$resultarr = mysqli_fetch_assoc($result1);
$attempts = $resultarr["failed_logins"];


//disables user if failed logins >= 3 
if ($attempts >= 3){

//records unsuccessful logins
$sql1 = "UPDATE auth_users SET failed_logins = failed_logins + 1 WHERE username = '$checkuser' LIMIT 1"; 
    mysqli_query($mysqli,$sql1);

$_SESSION['disabled'] = "<font color='red'>Your account has been disabled.<br>Please contact....$attempts</font>";
header("Location: Account_login.php");
exit();
} else {

//get the number of rows in the result set; should be 1 if a match
if (mysqli_num_rows($result) == 1) {

//if authorized, get the values of f_name l_name
while ($info = mysqli_fetch_array($result)) {
	$f_name = stripslashes($info['f_name']);
	$l_name = stripslashes($info['l_name']);
}
//set authorization cookie
setcookie("auth", "1", 0, "/", "mydomain.com", 0);
$_SESSION['usersname'] = $f_name . " " . $l_name;

//record last login
    $sql2 = "UPDATE auth_users SET last_login=NOW() WHERE username = '$checkuser' LIMIT 1";   
    mysqli_query($mysqli,$sql2);

//clears failed logins
$sql3 = "UPDATE auth_users SET failed_logins = 0 WHERE username = '$checkuser' LIMIT 1";
mysqli_query($mysqli, $sql3);

//directs authorized user
header("Location: logon.php");
exit(); 
} else {

//records unsuccessful logins
$sql4 = "UPDATE auth_users SET failed_logins = failed_logins + 1 WHERE username = '$checkuser' LIMIT 1"; 
    mysqli_query($mysqli,$sql4);

//stores a session error message
$_SESSION['error'] =  "<font color='red'>Invalid username and/or password combination<br>Please remember that your password is case sensitive.</font>"; 
	  
  	//redirect back to login form if not authorized
header("Location: Account_login.php");
exit;
}
}
?>

[searchbox for my website]

Well sort of. I use mysql to store the users information. Thanks I see what I have to do. I need to store my urls, keywords, etc.  in a table. and than I search the tables and output the results on the page.

[searchbox for my website]

I am thinking abouot creating a search box on my website in php. can someone give me any ideas or direction on how to do a search box for my website or is this something I can download and install?

[how can I host my website for other users on my internal network to view???]

I am already using wamp which is the same type of setup.

[have a php website running in IIS which works fine except can't connect to mysql]

thanks for all your help. but yes I have done all that. I added the extensions, configured php.ini, copied libmysqli.dll in windows directory and checked all the extensions.

 

Now I am using wamp which I dont think it makes a difference as long as I am using the right php directory and dll files like I would with the standard php setup. I am sure you know this but wamp is php, apache and mysql all in one.

 

Using IIS and when I logon to a dynamic web page its like it can get to my database?? But it is there?

[have a php website running in IIS which works fine except can't connect to mysql]

yep. When I use the Apache server everything works fine. It's only when I use IIS. I get the connection area.  The reason I am trying to use IIS because thats the only way I know how to publish the site on my internal network for other people to see in my domain.  I dont know how to do that with Apache. I can only view my website locally (on my machine)with Apache.

[have a php website running in IIS which works fine except can't connect to mysql]

I installed  the Connector/ODBC 3.51 -- Generally Available (GA) release and I still get this connection error?

[have a php website running in IIS which works fine except can't connect to mysql]

I can someone tell me what I can do to fix this error? 

 

 

Call to undefined function mysqli_connect() in C:\Inetpub\wwwroot\email_username.php on line

 

I have these extensions enabled:

extension=php_mysql.dll

extension=php_mysqli.dll

 

I am not sure what else to do?"?

[how can I host my website for other users on my internal network to view???]

I currently have apache php and mysql installed on my computer. My website works fine on my localhost. How can I set this up so that other users on the same domain as me can view my website through their browser on theri machine. Or what would my web address?  I have been struggling with these all week. I even tried IIS in Windows which works fine until someone tries to connect to the database when they logon I get a connection error.  If there is way to use Apache with windows to host the website on an internal network I sure coiuld use some guidance on how to do that.  Thanksss