GOLDfish_74

I have made this page to change the values of the table "stock_levels" when products are received. I have yet to put any information in the tables in question just to make sure it will say any errors. But this script is returning no errors. Can someone help me clean up the script and find out why it reports no errors. <html> <head> <link href="../style.css" rel="stylesheet" type="text/css" /> </head> <? if (isset($_POST['submit'])){ if(!isset($_POST['qty'])){ echo('You have not filled out the required field "Quantity."'); exit(); } if (isset($_POST['ean'])){ $ean = ($_POST['ean']); $getdetail = mysql_query("SELECT item_id, item_fullname, item_description FROM item_details WHERE item_ean='$ean'") or die(print (mysql_error)); $row = mysql_fetch_assoc($getdetail); $itemid = ($row['item_id']); $itemname = ($row['item_fullname']); $desc = ($row['item_description']); } elseif (isset($_POST['model'])){ $model = ($_POST['model']); $getdetail = mysql_query("SELECT item_id, item_fullname, item_description FROM item_details WHERE item_trunname='$model' OR item_fullname='$model'") or die(print (mysql_error)); $row = mysql_fetch_assoc($getdetail); $itemid = ($row['item_id']); $itemname = ($row['item_fullname']); $desc = ($row['item_description']); } else { echo('An error has occured, not all fields were entered correctly. Please press the back button on your browser to try again.'); exit(); } $qty = ($_POST['qty']); if (is_numeric($qty)==false){ echo("Quantity can only be entered as whole number amounts."); exit(); } $setting = mysql_query("SELECT stock_soo, stock_soh FROM stock_levels WHERE stock_item_id='$itemid'"); $rows = mysql_fetch_assoc($setting); $soo = ($rows['stock_soo'] - $qty); $soh = ($rows['stock_soh'] + $qty); $entry = mysql_query("UPDATE stock_levels SET stock_soh='$soh', stock_soo='$soo' WHERE stock_item_id='$itemid'") or die(print (mysql_error)); } else { ?> <body> <form method="post" action="srs.php?p=1]" class="bgeneral"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td colspan="2"><span class="title">Receive Order</span><br /> </td> </tr> <tr> <td align="right">EAN:</td> <td><input type="text" name="ean" accesskey="e" tabindex="0"></td> </tr> <tr> <td colspan="2" align="center"><br> or;<br> </td> </tr> <tr> <td align="right">Model #:</td> <td><input type="text" name="model" accesskey="w" tabindex="1"></td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td align="right">Amount Recieved:</td> <td><input type="text" name="qty" accesskey="q" tabindex="2"></td> </tr> <tr> <td> </td> <td> <br /><input type="submit" name="submit" value="submit" /></td> </tr> </table> </form> <? } ?> </body> </html> Thanks anyone, Regards, THEfish!

What is the error returned? And in the future can you use the [ p h p ] <? ?> [ / p h p ] so we can visualise some of the markup.

Hi there, I am wondering if there is a way I can use an upload form to upload an Excel XML export or just an .xls file to a MySQL database. I am also wondering if there is a tutorial out there that can help. So far I have only been able to find sites that offer tools to do it, but I want to use an upload form instead. Regards, THEfish!

I can answer my own question there.... wrong file. This is the line that has the parse error: $logentry = mysql_query("INSERT INTO log (log_user_id, log_action, log_datetime) VALUES ('".$_SESSION['userid']."', 'User entered entry.php', '".$timedate")"); Thanks if you can spot the error, THEfish! NB: DONT WORRY (not that you were) FOUND IT!

$upin = md5(mysql_real_escape_string($_POST['pin'])); Where is the parse error in that?! I am lost! THEfish!

I originally didn't have quotes, but when in desperation lol. That worked at treat though! Thanks all for your help... ALL login garbage works perfectly for now... until I decide to change something. Ciao for now! THEfish!

By that I meant <input type="password".... > So doesn't that make it md5 without the use of md5(...);? Also I am having a problem with a section of the code: if ($_SESSION['logged']='0') { echo "<form method=\"post\">"; echo " Username: <input type=\"textbox\" name=\"username\"><br />"; echo " Password: <input type=\"password\" name=\"password\"><br />"; echo " <input type=\"Submit\" name=\"Submit\">"; echo "</form>"; } else { echo ('logged = '); echo ($_SESSION['logged']); echo ('<br>'); echo ("You are logged in as: {$_SESSION['username']}<br />"); echo ("<a href=\"{$_SERVER['PHP_SELF']}?mode=logout\">Logout</a>"); } This returns (when run with the whole script, not just this portion): Logged = 0 You are logged in as Logout Why would it return that? It shouldn't execute that part of the script if logged = 0. Regards, THEfish!

I can't tell you the exact script but I was thinking, if there is no easy way: you could make a script that takes the date: YYYY MM DD And say you want one month ago: Get all database results after YYYY MM-1 DD ($month = $month - 1;) Then for 6 months: YYYY MM-6 DD if $month < 1 { $month = 12 - $month; $year = $year - 1; } and so on. I dont think that would be too challenging. Good luck, hope that at least gives you a bright idea... far brighter than mine, THEfish!

Oh, definately agreed: Will this work with passwords that are md5-ed? Because I tried to change the password field to a password type and it would not work. Just said the username or password was wrong. Regards, THEfish!

Here I thought I got pwned too, but it says your line 8 has a parse error in it. I had a look at the manual on php.net but couldn't understand exactly how i should use mysql_real_escape_string all I know is that it adds security. Can someone fill me in on the correct usage for that function, or just what simple thing is missing from the line. Thank you, THEfish!

Well I have been through so many different tutes and this one was the closest to doing all I need it to do. I dont need much for this. That has solved that problem... damn this is getting annoying though. Now it is just saying I am logged in without having logged in! I'll look over this one myself and post again if I have any problems though, Thanks for your time, THEfish!

This time I got an error in one of my includes: Parse error: parse error, expecting `T_STRING' in c:\easyphp\www\includes\session_def.php on line 2 I'm sure you can locate line 2 on your own this time <? function (session_defaults()) { $_SESSION['logged'] = (false); $_SESSION['userid'] = (0); $_SESSION['username'] = (''); $_SESSION['usersec'] = (0); } if (!isset($_SESSION['userid']) ) { session_defaults(); } ?> I have never used function() before besides copying from tutorials, this is my first attempt. Thanks in advance for your help. Regards, TEHdish! lol

Wouldn't you have to switch back to HTML before you put the img tag in: ? <? BLAH in PHP ?> <img src="blah...> <? MORE PHP ?>

Well I think you could be right, but isn't that what the if isset() { is for? Why would it even be looking at line 11? Keep me posted, THEfish!

Hey there, I used a tutorial and changed it to suit my site. And when I attempted to run the page I returned this error: Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in c:\easyphp\www\login.php on line 11 This is what the code looks like: Line 11 is the first mysql_query <? session_start(); include ('includes/dbconnect.php'); include ('includes/session_def.php'); // This is the username and password you login with, you can also use // a database to get the username and match it up (later tutorial). // If the form was submitted if (isset($_POST['Submit'])) { $userquery = mysql_query("SELECT user_id FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); $pinquery = mysql_query("SELECT user_pin FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); $namequery = mysql_query("SELECT user_name FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); $secquery = mysql_query("SELECT user_sec FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); // If the username and password match up, then continue... if ($_POST['Username'] == $userquery && $_POST['Password'] == $pinquery) { // Username and password matched, set them as logged in and set the // Username to a session variable. $_SESSION['logged'] = true; $_SESSION['username'] = $namequery; $_SESSION['userid'] = $userquery; $_SESSION['usersec'] = $secquery; } else { echo('Either the User ID or PIN was incorrect.'); } } // If they are NOT logged in then show the form to login... if ($_SESSION['logged'] = false) { echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '"> Username: <input type="textbox" name="Username"><br /> Password: <input type="textbox" name="Password"><br /> <input type="Submit" name="Submit"> </form>'; } else { echo "You are logged in as: <b>" . $_SESSION['username'] . "</b> <br /><a href=\"" . $_SERVER['PHP_SELF'] . "?mode=logout\">Logout</a>"; } // If they want to logout then if (isset($_GET['mode']) && $_GET['mode'] == "logout") { session_defaults(); // Redirect to show results.. echo '<META HTTP-EQUIV="refresh" content="1; URL=' . $_SERVER['PHP_SELF'] . '">'; } ?> I am sure it is something simple, but I have never been that good at interpreting error messages. Regards, THEfish!