GOLDfish_74

I have made this page to change the values of the table "stock_levels" when products are received. I have yet to put any information in the tables in question just to make sure it will say any errors. But this script is returning no errors. Can someone help me clean up the script and find out why it reports no errors. <html> <head> <link href="../style.css" rel="stylesheet" type="text/css" /> </head> <? if (isset($_POST['submit'])){ if(!isset($_POST['qty'])){ echo('You have not filled out the required field "Quantity."'); exit(); } if (isset($_POST['ean'])){ $ean = ($_POST['ean']); $getdetail = mysql_query("SELECT item_id, item_fullname, item_description FROM item_details WHERE item_ean='$ean'") or die(print (mysql_error)); $row = mysql_fetch_assoc($getdetail); $itemid = ($row['item_id']); $itemname = ($row['item_fullname']); $desc = ($row['item_description']); } elseif (isset($_POST['model'])){ $model = ($_POST['model']); $getdetail = mysql_query("SELECT item_id, item_fullname, item_description FROM item_details WHERE item_trunname='$model' OR item_fullname='$model'") or die(print (mysql_error)); $row = mysql_fetch_assoc($getdetail); $itemid = ($row['item_id']); $itemname = ($row['item_fullname']); $desc = ($row['item_description']); } else { echo('An error has occured, not all fields were entered correctly. Please press the back button on your browser to try again.'); exit(); } $qty = ($_POST['qty']); if (is_numeric($qty)==false){ echo("Quantity can only be entered as whole number amounts."); exit(); } $setting = mysql_query("SELECT stock_soo, stock_soh FROM stock_levels WHERE stock_item_id='$itemid'"); $rows = mysql_fetch_assoc($setting); $soo = ($rows['stock_soo'] - $qty); $soh = ($rows['stock_soh'] + $qty); $entry = mysql_query("UPDATE stock_levels SET stock_soh='$soh', stock_soo='$soo' WHERE stock_item_id='$itemid'") or die(print (mysql_error)); } else { ?> <body> <form method="post" action="srs.php?p=1]" class="bgeneral"> <table border="0" cellspacing="0" cellpadding="0"> <tr> <td colspan="2"><span class="title">Receive Order</span><br /> </td> </tr> <tr> <td align="right">EAN:</td> <td><input type="text" name="ean" accesskey="e" tabindex="0"></td> </tr> <tr> <td colspan="2" align="center"><br> or;<br> </td> </tr> <tr> <td align="right">Model #:</td> <td><input type="text" name="model" accesskey="w" tabindex="1"></td> </tr> <tr> <td> </td> <td> </td> </tr> <tr> <td align="right">Amount Recieved:</td> <td><input type="text" name="qty" accesskey="q" tabindex="2"></td> </tr> <tr> <td> </td> <td> <br /><input type="submit" name="submit" value="submit" /></td> </tr> </table> </form> <? } ?> </body> </html> Thanks anyone, Regards, THEfish!

What is the error returned? And in the future can you use the [ p h p ] <? ?> [ / p h p ] so we can visualise some of the markup.

Hi there, I am wondering if there is a way I can use an upload form to upload an Excel XML export or just an .xls file to a MySQL database. I am also wondering if there is a tutorial out there that can help. So far I have only been able to find sites that offer tools to do it, but I want to use an upload form instead. Regards, THEfish!

I can answer my own question there.... wrong file. This is the line that has the parse error: $logentry = mysql_query("INSERT INTO log (log_user_id, log_action, log_datetime) VALUES ('".$_SESSION['userid']."', 'User entered entry.php', '".$timedate")"); Thanks if you can spot the error, THEfish! NB: DONT WORRY (not that you were) FOUND IT!

$upin = md5(mysql_real_escape_string($_POST['pin'])); Where is the parse error in that?! I am lost! THEfish!

I originally didn't have quotes, but when in desperation lol. That worked at treat though! Thanks all for your help... ALL login garbage works perfectly for now... until I decide to change something. Ciao for now! THEfish!

By that I meant <input type="password".... > So doesn't that make it md5 without the use of md5(...);? Also I am having a problem with a section of the code: if ($_SESSION['logged']='0') { echo "<form method=\"post\">"; echo " Username: <input type=\"textbox\" name=\"username\"><br />"; echo " Password: <input type=\"password\" name=\"password\"><br />"; echo " <input type=\"Submit\" name=\"Submit\">"; echo "</form>"; } else { echo ('logged = '); echo ($_SESSION['logged']); echo ('<br>'); echo ("You are logged in as: {$_SESSION['username']}<br />"); echo ("<a href=\"{$_SERVER['PHP_SELF']}?mode=logout\">Logout</a>"); } This returns (when run with the whole script, not just this portion): Logged = 0 You are logged in as Logout Why would it return that? It shouldn't execute that part of the script if logged = 0. Regards, THEfish!

I can't tell you the exact script but I was thinking, if there is no easy way: you could make a script that takes the date: YYYY MM DD And say you want one month ago: Get all database results after YYYY MM-1 DD ($month = $month - 1;) Then for 6 months: YYYY MM-6 DD if $month < 1 { $month = 12 - $month; $year = $year - 1; } and so on. I dont think that would be too challenging. Good luck, hope that at least gives you a bright idea... far brighter than mine, THEfish!

Oh, definately agreed: Will this work with passwords that are md5-ed? Because I tried to change the password field to a password type and it would not work. Just said the username or password was wrong. Regards, THEfish!

Here I thought I got pwned too, but it says your line 8 has a parse error in it. I had a look at the manual on php.net but couldn't understand exactly how i should use mysql_real_escape_string all I know is that it adds security. Can someone fill me in on the correct usage for that function, or just what simple thing is missing from the line. Thank you, THEfish!

Well I have been through so many different tutes and this one was the closest to doing all I need it to do. I dont need much for this. That has solved that problem... damn this is getting annoying though. Now it is just saying I am logged in without having logged in! I'll look over this one myself and post again if I have any problems though, Thanks for your time, THEfish!

This time I got an error in one of my includes: Parse error: parse error, expecting `T_STRING' in c:\easyphp\www\includes\session_def.php on line 2 I'm sure you can locate line 2 on your own this time <? function (session_defaults()) { $_SESSION['logged'] = (false); $_SESSION['userid'] = (0); $_SESSION['username'] = (''); $_SESSION['usersec'] = (0); } if (!isset($_SESSION['userid']) ) { session_defaults(); } ?> I have never used function() before besides copying from tutorials, this is my first attempt. Thanks in advance for your help. Regards, TEHdish! lol

Wouldn't you have to switch back to HTML before you put the img tag in: ? <? BLAH in PHP ?> <img src="blah...> <? MORE PHP ?>

Well I think you could be right, but isn't that what the if isset() { is for? Why would it even be looking at line 11? Keep me posted, THEfish!

Hey there, I used a tutorial and changed it to suit my site. And when I attempted to run the page I returned this error: Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in c:\easyphp\www\login.php on line 11 This is what the code looks like: Line 11 is the first mysql_query <? session_start(); include ('includes/dbconnect.php'); include ('includes/session_def.php'); // This is the username and password you login with, you can also use // a database to get the username and match it up (later tutorial). // If the form was submitted if (isset($_POST['Submit'])) { $userquery = mysql_query("SELECT user_id FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); $pinquery = mysql_query("SELECT user_pin FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); $namequery = mysql_query("SELECT user_name FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); $secquery = mysql_query("SELECT user_sec FROM users WHERE user_id = '$_POST['Username']'") or die(mysql_error()); // If the username and password match up, then continue... if ($_POST['Username'] == $userquery && $_POST['Password'] == $pinquery) { // Username and password matched, set them as logged in and set the // Username to a session variable. $_SESSION['logged'] = true; $_SESSION['username'] = $namequery; $_SESSION['userid'] = $userquery; $_SESSION['usersec'] = $secquery; } else { echo('Either the User ID or PIN was incorrect.'); } } // If they are NOT logged in then show the form to login... if ($_SESSION['logged'] = false) { echo '<form method="post" action="' . $_SERVER['PHP_SELF'] . '"> Username: <input type="textbox" name="Username"><br /> Password: <input type="textbox" name="Password"><br /> <input type="Submit" name="Submit"> </form>'; } else { echo "You are logged in as: <b>" . $_SESSION['username'] . "</b> <br /><a href=\"" . $_SERVER['PHP_SELF'] . "?mode=logout\">Logout</a>"; } // If they want to logout then if (isset($_GET['mode']) && $_GET['mode'] == "logout") { session_defaults(); // Redirect to show results.. echo '<META HTTP-EQUIV="refresh" content="1; URL=' . $_SERVER['PHP_SELF'] . '">'; } ?> I am sure it is something simple, but I have never been that good at interpreting error messages. Regards, THEfish!

Turns out it was the most obvious thing in the world!!! user_pass, was meant to be user_pin. and I had error display off. That and I agree EasyPHP is not what I should be using... lol, THANKS for all your patience to find such a pointless flaw. Ciao, THEfish!

Just to let you know, I have done a fair bit of PHP and MySQL before. And I know what auto_increment is... AND ITS NOT SET TO THAT. If you had cared to look, the id is set by a random number generator, not by the database. If you have any more suggestions that could work, please post. Regards, THEfish! PS: I tried using SET instead of VALUES with no difference in result.

Removing that line made absolutely no difference what so ever. It ran without reporting an error and still failed to put the data into the database. Regards, THEfish!

To view the full story: Click Here. Anywho, a summary of the story goes, I am trying to run a really simple script that would place users in my database when they registered: <?php // Connects to your Database mysql_connect("localhost", "goldfish_root", "password") or die(mysql_error()); mysql_select_db("goldfish_retaildefault") or die(mysql_error()); //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT user_name FROM users WHERE user_name = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, '.$_POST['username'].', you are already registered.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match.'); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } // now we insert it into the database $insert = "INSERT INTO users (user_id, user_name, user_pass, user_sec) VALUES ('".$_POST['userid']."', '".$_POST['username']."', '".$_POST['pass']."', '".$_POST['security']."')"; mysql_query($insert); ?> <h1>Registered</h1> <p>Thank you, you have registered - you may now login</a>.</p> <p><? echo ($_POST['pass']); echo ($_POST['security']); echo ($_POST['username']); echo ($_POST['userid']) ?></p> <?php } else { ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <table border="0"> <tr><td>Your User ID is:</td><td> <? $userid = rand(1000, 9999); echo($userid); ?> <input type="hidden" name="userid" value="<? echo($userid); ?>"> </td></tr> <tr><td>Full Name:</td><td> <input type="text" name="username" maxlength="60"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="10"> </td></tr> <tr><td>Confirm Password:</td><td> <input type="password" name="pass2" maxlength="10"> </td></tr> <tr><td>Security Level</td><td> <input type="radio" name="security" value="2">Supervisor<br><input type="radio" name="security" value="1">Employee</td></tr> <tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table> </form> <?php } ?> This did not report any errors but also failed to put any data in the database. As this failed to work I figured I'd just try a simple alternative: <? error_reporting(E_ALL); mysql_connect("localhost", "goldfish_root", "password") or die(mysql_error()); mysql_select_db("goldfish_retaildefault") or die(mysql_error()); $insert = "INSERT INTO users (user_id, user_name, user_pass, user_sec) VALUES ('1234, Josh, 3883, 1')"; $add_member = mysql_query($insert); ?> This also failed to work with no errors, and now I have no idea what is going wrong. These questions all came about when I tried to use EasyPHP to test my script while I was on public transport and away from home. When it seemed they did not like Vista, I got a free web host (qupis.com) and the problems are still the same. I am sure there is nothing wrong with my code, so what could be going wrong? Regards, THEfish.