bruckerrlb

I have a new app that I'm administering and noticed the guy who developed it let a little security hole get through. The website displays pages like example.com?company_id=$company_id and that displays the link like example.com?company_id=25 for example. Now, if we take out that company_id so the link looks like example.com?company_id= Everyones information is shown this way. What would be the fastest way to get this fixed? I've tried setting it up as if ($Company_Id != $_SESSION['UserID'] || is_null($Company_Id)) { header("Location: index.php"); } Yet, it still keeps getting through, does anyone have any suggestions?

Just in case anyone needs to know for the future, I was trying to get the key of an array and return the value, what worked was: if (array_key_exists($day_start, $complete_time)) { $this_val = $complete_time[$day_start]; echo "val is $this_val"; }

I should also point out I've also tried if(in_array($day_start, $complete_time)) { echo "Found something"; } yet, nothing gets found..

I'm trying to do an array search and return a variable. The Variables I"m trying to test to see if exists are: $day_start = $day."_start"; $day_end = $day; $day_end .= "_end"; The values of these arrays are: //These are results from a database, and the result is something like 2am or 4pm or something along those lines $mon_start = $row['mon_start']; $mon_end = $row['mon_end']; $tue_start = $row['tue_start']; $tue_end = $row['tue_end']; $wed_start = $row['wed_start']; $wed_end = $row['wed_end']; $thur_start = $row['thur_start']; $thur_end = $row['thur_end']; $fri_start = $row['fri_start']; $fri_end = $row['fri_end']; $sat_start = $row['sat_start']; $sat_end = $row['sat_end']; $sun_start = $row['sun_start']; $sun_end = $row['sun_end']; I have my array set up as following $complete_time = array("mon_start" => $mon_start, "mon_end" => $mon_end, "tue_start" => $tue_start, "tue_end" => $tue_end, "wed_start" => $wed_start, "wed_end" => $wed_end, "thur_start" => $thur_start, "thur_end" => $thur_end, "fri_start" => $fri_start, "fri_end" => $fri_end, "sat_start" => $sat_start, "sat_end" => $sat_end, "sun_start" => $sun_start, "sun_end" => $sun_end); Then, I have a while statement, trying to find the variable while($r = array_search($complete_time, $day_start)) { echo "<td>Found something</td><td>$complete_time</td><td>$day_start</td><br />R is $r"; } Nothing seems to be getting printed out, can anyone tell me what I'm doing wrong?

I'm working on making a calendar, basically the first part is set up where a user selects a service. There is a table in the DB for times which uses the service as an identifier. What I'm doing to make this calendar is I'm looping the days of the week and I've got the loop down but I'm not sure how I can put my dates in a variable and check to see when the variable is called if I need to put that in or not. My code should make a little more sense <h3>Schedule a time and a day</h3> <p>Click on the time that you would like to set up your appointment</p> <table border="3"><tr> <?php session_start(); $service_id = $_SESSION['service_id']; //have the service_id stored in a session /////////////select all time for service id call back time $spct = mssql_init('pctimecallback'); mssql_bind($spct, "@service_id", $service_id, SQLVARCHAR); $result = mssql_execute($spct) or die('MSSQL error: ' . mssql_get_last_message()); //variables to put into string $row = mssql_fetch_array($result); $mon = $row['mon']; $tue = $row['tue']; $wed = $row['wed']; $thurs = $row['thurs']; $fri = $row['fri']; $sat = $row['sat']; $sun = $row['sun']; $mon_start = $row['mon_start']; $mon_end = $row['mon_end']; $tue_start = $row['tue_start']; $tue_end = $row['tue_end']; $wed_start = $row['wed_start']; $wed_end = $row['wed_end']; $thur_start = $row['thur_start']; $thur_end = $row['thur_end']; $fri_start = $row['fri_start']; $fri_end = $row['fri_end']; $sat_start = $row['sat_start']; $sat_end = $row['sat_end']; $sun_start = $row['sun_start']; $sun_end = $row['sun_end']; ///////first for loop $days = 0; $maxdays = 6; while($days < $maxdays) { $day = date('M d', time() + $days * 86400); ?> <td id="<?php echo $day; ?>"><?php echo $day; ?></td> <?php $days++; } ?> </tr><tr> <?php //second for loop displaying the day $days0 = 0; $maxdays0 = 6; while($days0 < $maxdays0) { $theday = date('D', time() + $days0 * 86400); $theday = strtolower($theday); ?> <td><?php echo $theday; ?></td> <?php $days0++; } ?> </tr><tr> <?php //third for loop to do a test on variables $days1 = 0; $maxdays1 = 6; while($days1 < $maxdays1) { $theday1 = date('D', time() + $days1 * 86400); $theday1 = strtolower($theday1); $start_1 = $theday1; $start_2 = "_start"; $a_start = $start_1.$start_2; $end_1 = $theday1; $end_2 = "_end"; $a_end = $end_1.$end_2; //main variables for time here are $theday1, a_start, a_end, now find a way to pass over the service that was selected!!!!!!!!! ?> <td><?php echo $a_start; ?> and <?php echo $a_end; ?></td> <?php $days1++; } ?> </tr> </table> Can anyone show me how to put my variables for example $mon, $mon_start, $mon_end to check and see if it has data, and if it does, how to properly echo it in the for each statement. If that doesn't work, a better way of doing it?

that's great, exactly what I was looking for, thanks!

I'm trying to create a loop, starting from today, until let's say 30 days down the road. The code I have now looks like <?php $today = date("D M d"); //$theday = date( for ($i=$today; $i<=30; $i++) { $date = $today++; ?> <option value="<?php echo $date; ?>"><?php echo $date;?></option> <?php echo $date; } ?> This just seems to be looping the number part (d) and not the M or the D, can someone show me how to do this or point me in the right direction? Thanks

I'm writing my first function here and after reading and testing with easy things, I'm trying to do something not so hard, but am having a hard time finding results. I have my functions page with a function declared like the following: function test_user_input($username) { $stmt = mssql_init('pgetuserid'); mssql_bind($stmt, "@loginuid", $username, SQLVARCHAR); $result = mssql_execute($stmt); //get the user id to store in session and or insert into new db $row = mssql_fetch_array($result); //get the loginid $loginid = $row['loginid']; $loginuid = $row['loginuid']; //echo "First result $loginid"; return $loginid; return $loginuid; return $row; return $result; } Then, I call the function as such $username=$_POST['myusername']; test_user_input($username); The function initiates, binds and executes a ms sql stored procedure which isn't the problem, whenever I take out the function and place it directly in the page it works fine, but trying to declare it in a function, it's failing at the count part $count = mssql_num_rows($result); //if user does exist: if($count==1) { Any ideas?

That's exactly what I was looking for, thanks!

Hey Guys, I've been checking the php manual for how to do this without success, so I thought I"d post here. I'm trying to put mysql data into an array, which would be the following: <?php $sql_license = "SELECT products.product_id as product_id, products.product_name as product_name , license.license_numbers as l_number, license.company_id as l_company_id FROM products LEFT JOIN license ON products.product_id = license.product_id WHERE license.company_id = '$id'"; $result1 = mysql_query($sql_license); while($thequery = mysql_fetch_array($result1)) { $prod = $thequery['product_id']; $b = array($prod); echo "<h1>$prod</h1>"; // This spits out 3 numbers, which is exactly what I'm looking for, but when I put it into a foreach statement, I get Invalid argument supplied for foreach() //So, then I tried to use this variable $b = array($prod); //but it just puts out the text array three times ?> I'm trying to get this array into a foreach statement to no avail, just can't figure out arrays here, how can I turn the data from $prod into an array? The overall foreach statement looks like this <?php foreach($b as $key => $value) { ///Get All Products that don't have licenses $sql_license = "SELECT * FROM products"; $result_license = mysql_query($sql_license); while($row_license = mysql_fetch_array($result_license)) { $prod_name = $row_license['product_name']; $prod_id = $row_license['product_id']; ?> <tr> <?php if($product_id != $prod_id) { ?> <td class="row1"><?php echo $prod_name; ?></td><td class="row1"><input type="text" name="product<?php echo $prod_id; ?>" /></td> </tr><?php } } } }

I just posted my code, but it doesn't make sense without this part, so just wanted to post it so you can see what I"m trying to do here <?php /////////////bring back all licenses and their products $sql_license = "SELECT products.product_id as product_id, products.product_name as product_name , license.license_numbers as l_number, license.company_id as l_company_id FROM products LEFT JOIN license ON products.product_id = license.product_id WHERE license.company_id = '$id'"; $result_license = mysql_query($sql_license); while($row_license = mysql_fetch_array($result_license)) { $product_name = $row_license['product_name']; $product_id = $row_license['product_id']; $l_number = $row_license['l_number']; ?> <tr> <td class="row1"><?php echo $product_name; ?></td><td class="row1"><?php echo $l_number; ?> </td><td class="row1"> <a href="#">Delete</a></td> </tr> <?php } //////end getting back all products with licenses ?> <?php //turn the query into an array for the foreach statement ?> <?php $thequery = mysql_fetch_array($result_license); //get the array of product_id is this right? $product_id = $thequery['product_id']; ?> <?php foreach($thequery as $key => $value) { ///Get All Products that don't have licenses $sql_license = "SELECT * FROM products"; $result_license = mysql_query($sql_license); while($row_license = mysql_fetch_array($result_license)) { $prod_name = $row_license['product_name']; $prod_id = $row_license['product_id']; ?> <tr> <?php //with this method, if the prod_id from the newest query and product_id from the first query are not the same, return those rows if($product_id != $prod_id) { ?> <td class="row1"><?php echo $prod_name; ?></td><td class="row1"><input type="text" name="product<?php echo $prod_id; ?>" /></td> </tr><?php } } } //end getting all products that don't have licenses ?>

That's a great idea, and I'm thinking it might be the best way to go, quick question for you on a kind of unrelated note, I have a foreach statement here <?php /////////////bring back all licenses and their products $sql_license = "SELECT products.product_id as product_id, products.product_name as product_name , license.license_numbers as l_number, license.company_id as l_company_id FROM products LEFT JOIN license ON products.product_id = license.product_id WHERE license.company_id = '$id'"; $result_license = mysql_query($sql_license); while($row_license = mysql_fetch_array($result_license)) { $product_name = $row_license['product_name']; $product_id = $row_license['product_id']; $l_number = $row_license['l_number']; ?> <tr> <td class="row1"><?php echo $product_name; ?></td><td class="row1"><?php echo $l_number; ?> </td><td class="row1"> <a href="#">Delete</a></td> </tr> <?php } //////end getting back all products with licenses ?> <?php foreach($result_license as $key => $value) { ///Get All Products that don't have licenses $sql_license = "SELECT * FROM products"; $result_license = mysql_query($sql_license); while($row_license = mysql_fetch_array($result_license)) { $prod_name = $row_license['product_name']; $prod_id = $row_license['product_id']; ?> <tr> <td class="row1"><?php echo $prod_name; ?></td><td class="row1"><input type="text" name="product<?php echo $prod_id; ?>" /></td> </tr><?php } } //end getting all products that don't have licenses ?> I'm trying to bring back the first query as an array and put it in this foreach statement so that I can get all of the values for $product_id but I keep getting an error that says: Invalid argument supplied for foreach() in /Applications/MAMP/htdocs/websites/lmanager/admin/modify_accounts.php on line 103 How can I replace the variable $result_license so that it's a variable. At first I thought it would be row_license but that didn't work either. I know it's an array because I'm calling the mysql_fetch_array but it's not working, any ideas? Thanks again for all the help!

I appreciate that, and would say your right, my db logic is probably a little screwed up here!! I was studying the db logic you drew out here and it looks really good, like a really good start, the only thing I saw here was the products ----------- product_id product_name [b]company_id[/b] companies ----------- company_id company_name licenses ------------ license_id license_name license_sum product_id company_id in the products table, that wouldn't work because companies can have many products, companies can also have the same product, so things would get a little hairy in the db. I appreciate the re-design though and agree with you that it needs to be fixed up I"m wondering if this would even be possible to do with my current database layout because while I"m not opposed to changing the db design completely, it would cause me to have to start from scratch and if I could figure out a way to do it from how the db is now, that would be awesome. If it's not possible, then it's just not possible though

Well, I had this crazy left join written out but then I realized it wouldn't help me bring out all the tables of products weather they had licenses or not, not sure if that's something I need to do in mysql or php though My left join which joins licenses and products looks like this SELECT products.product_id AS product_id, products.product_name AS product_name, license.license_id AS license_id, license.company_id AS l_company_id, license.product_id AS l_product_id, license.license_notes AS license_notes FROM products LEFT JOIN license ON products.product_id = license.product_id WHERE license.company_id =1 LIMIT 0 , 30 So, I need to bring back all products on this company edit page, and a field for number of licenses which gets inserted into the license table. If the product doesn't have any licenses, that's fine it can be blank, but still needs to show up in case the user wants to add one. I appreciate the left join suggestion, but I think it's a little out of range for this solution, but thanks though! any other ideas?

Hey Guys, I'm working on calling data back from my database. I am basically dealing with three tables here, companies, products and licenses I'm trying to get all products to show up in one cell of the overall company information and if they have a license, I'd like to get it to show up in the corresponding cell of the products. I've set my database up so that this will work, basically it looks like this: Products product_id product_name company company_id company_name license license_id license_name product_id company_id license_numbers (really amount of licenses a company owns) So, with that knowledge, I have my form set up like this <form action="<?php echo $PHP_SELF;?>" method="post" name="modcompany"> <input type=hidden name="id" value="<?php echo $company_id ?>"> <table class="floattable"> <tr> <td class="row2">Company ID</td><td class="row2"><?php echo $company_id; ?></td> </tr> <tr> <td class="row1">Company Name</td><td class="row1"><input type="text" name="company_name" value="<?php echo $company_name; ?>" /></td> </tr> <tr> <td class="row1">Address</td><td class="row1"><input type="text" name="address" value="<?php echo $address; ?>" /></td> </tr> <tr> <td class="row1">City</td><td class="row1"><input type="text" name="city" value="<?php echo $city; ?>" /></td> </tr> <tr> <td class="row1">State</td><td class="row1"><input type="text" name="state" value="<?php echo $state; ?>" /></td> </tr> <tr> <td class="row1">Zip</td><td class="row1"><input type="text" name="zip" value="<?php echo $zip; ?>" /></td> </tr> <tr> <td class="row1">Country</td><td class="row1"><input type="text" name="country" value="<?php echo $country; ?>" /></td> </tr> <tr> <td class="row1">Phone</td><td class="row1"><input type="text" name="phone" value="<?php echo $phone; ?>" /></td> </tr> <tr> <td class="row1">Contact</td><td class="row1"><input type="text" name="contact" value="<?php echo $contact; ?>" /></td> </tr> <tr> <td class="row1">Status</td><td class="row1"><input type="text" name="status" value="<?php echo $status; ?>" /></td> </tr> <tr> <td class="row1">Kayako Link</td><td class="row1"><input type="text" name="kayako_link" value="<?php echo $kayako_link; ?>" /></td> </tr> <tr> <td class="row1">Vtiger Link</td><td class="row1"><input type="text" name="vtiger_link" value="<?php echo $vtiger_link; ?>" /></td> </tr> <tr> <td class="row1">Internal Link</td><td class="row1"><input type="text" name="internal_link" value="<?php echo $internal_link; ?>" /></td> </tr> <tr> <td class="row1">Notes</td><td class="row1"><textarea name="notes" rows="5" cols="5"><?php echo $notes; ?></textarea></td> </tr> <?php //this gets all of my products to show up, which is great for adding but need to figure something out for editing $sql_license = "SELECT * FROM products"; $result_license = mysql_query($sql_license); while($row_license = mysql_fetch_array($result_license)) { $product_name = $row_license['product_name']; $product_id = $row_license['product_id']; ?> <tr> <td class="row1"><?php echo $product_name; ?></td><td class="row1"><input type="text" name="product<?php echo $product_id; ?>" /></td> </tr><?php } ?> </table> And, thanks to another user, I have found a way to add the values to my db if (isset($_POST['modcompany'])) { $company_name = $_POST["company_name"]; $address = $_POST['address']; $city = $_POST['city']; $state = $_POST['state']; $zip = $_POST['zip']; $country = $_POST['country']; $phone = $_POST['phone']; $contact = $_POST['contact']; $status = $_POST['status']; $kayako_link = $_POST['kayako_link']; $vtiger_link = $_POST['vtiger_link']; $internal_link = $_POST['internal_link']; $notes = $_POST['notes']; $sql = "UPDATE company SET company_name='$company_name',address='$address',city='$city', state='$state', zip='$zip', country='$country', phone='$phone', contact='$contact', status='$status', kayako_link='$kayako_link', vtiger_link='$vtiger_link', internal_link='$internal_link', notes='$notes' WHERE company_id = $id"; $result = mysql_query($sql); echo "Thank you! Information updated."; $id = mysql_insert_id(); foreach($_POST as $key => $value) { // looping through each post variable. $key is the textbox name // check if the the variable name starts with 'product' which indicates it's a product$id variable if(strpos($key, 'product') === 0) { // found one, need to parse the ID off the end $prod_id = substr($key, 7); // 7 because 'product' is 7 chars long echo "<br />Product id = $prod_id"; echo "<br />Text Box = $value <hr />"; if($value != '') { $query = "INSERT INTO license (company_id, product_id, license_numbers) VALUES ('$id', '$prod_id', '$value')" or die('mysql_error'); mysql_query($query) or die('error'); /* at this point you now have the product id in $id and the value of the textbox in $value so you can now add to database or do anything else you want */ } } } So, right now with this code, I'm able to have my companies show up and all of my products show up which then get inserted into the license table, but I'm not sure how I could set this up to edit it, which means - have all products show up, and if they have an amount of licenses, that shows up as well, but all the products show up so that users can add licenses to that. I tried doing a table join, but realized it didn't make sense as it wouldn't help me to get all of the products out SELECT products.product_id as product_id, products.product_name as product_name, license.license_id as license_id, license.company_id as l_company_id, license.product_id as l_product_id, license.license_notes as license_notes FROM products LEFT JOIN license ON products.product_id = license.product_id Any ideas?