zero_ZX

Hi, I'm sure many of you heard of "pastebin", if not the short of it, is that you can submit your code (+100 languages), and you can display it to your friends via a link with syntax highlighting available. So, One way to store the code is surely in txt files, but I would really prefer to have it stored in a mysql database. My only concern is people trying to run a sql injection, so how do i get around all this? I don't want the user's content to be changed, but I don't want SQL injections either.. is this even possible at all? Any tips appreciated, also if you could think of another alternative than txt files and mysql.

Hi, I have some strange issues with my code: <?PHP session_start(); $loginid = $_SESSION["valid_id"]; // First check if we are guest or user. if (!$_SESSION["valid_email"]) { $visitor = "yes"; } else { $visitor = "no"; $email = $_SESSION['valid_email']; $userid = $_SESSION['valid_id']; } //Load Header (blue menu) require("./inc/header.php"); //Load Sub-acc (silver account menu) require("./inc/sub-group.php"); //Load nav-group (Tabs) require("./inc/nav-group.php"); //Load Config file require("./inc/config.php"); //Set & get profile ID $getid = $_GET["id"]; //check ID $result = mysql_query("SELECT * FROM profiles WHERE id=('$getid') LIMIT 1"); $row = mysql_fetch_array($result); IF (mysql_num_rows($result) != 1) { exit("Invalid ID"); } //If we are guest, do we allow anon access to the profile IF ($row["privacy"] <= 10 && $visitor = "yes") { exit("You may not view this profile as a visitor, due to the users privacy settings"); } //Let's check if we are friends ELSEIF ($visitor = "no") { $result2 = mysql_query("SELECT * FROM profiles_friends WHERE user=('$getid') AND target=('$loginid') LIMIT 1"); $row2 = mysql_fetch_array($result2); $friends = $row2["status"]; if (mysql_num_rows($result2) = 0) { $friends = "no"; } } //If we are friend, do we allow access to the profile IF ($row["privacy"] >= 9 && $friends != 1) { exit("You may not view this profile because of the privacy settings."); } $row = mysql_fetch_array($result); $memgroup = $row["group"]; IF ($row["activated"] != 1) { exit("This account is suspended and cannot be viewed."); } //Check what group member is in. $result2 = mysql_query("SELECT * FROM profiles_groups WHERE id=('$memgroup') LIMIT 1"); $row2 = mysql_fetch_array($result); ?> Alright, so the error: Fatal error: Can't use function return value in write context in C:\xampp\htdocs\prog\profile.php on line 45 42. $result2 = mysql_query("SELECT * FROM profiles_friends WHERE user=('$getid') AND target=('$loginid') LIMIT 1"); 43. $row2 = mysql_fetch_array($result2); 44. $friends = $row2["status"]; 45. if (mysql_num_rows($result2) = 0) Alright, this is one thing that bothers me, the other is: //check ID $result = mysql_query("SELECT * FROM profiles WHERE id=('$getid') LIMIT 1"); $row = mysql_fetch_array($result); IF (mysql_num_rows($result) != 1) { exit("Invalid ID"); I tried to put an invalid ID, and already here the script should have died/exited before executing the parts of the code that doesn't work. I tested my code on another page and it works flawlessly, perhaps this error is just generated before it actually exists i dunno.. Any way, any help is much appreciated }

fail lol Okay so got this: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'group = ('1') AND topic = 0 ORDER BY date DESC' at line 1 Will i have to escape date?

Hi, So maybe some fresh eyes can tell me what's wrong <?PHP //Get and display news $result = mysql_query("SELECT * FROM groups_news WHERE group = ('$getid') AND topic = 0 ORDER BY date DESC"); IF (!result) { die(mysql_error()); } while($row = mysql_fetch_array($result)) { $topicid = $row["id"]; $authorid = $row["author"]; //Get profile info from author $result2 = mysql_query("SELECT * FROM profiles WHERE id=('$authorid') LIMIT 1"); IF (!result2) { die(mysql_error()) +"Result 2"; } $row2 = mysql_fetch_array($result2); //Count comments $result3 = mysql_query("SELECT * FROM groups_news WHERE group=('$getid') AND topic=1"); IF (!result3) { die(mysql_error()+"Result 3"); } Returns the usual: Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\prog\groups.php on line 38 Line 38: while($row = mysql_fetch_array($result)) Any help is much appreciated.

Hi, Having issues with my script: It lists people in different departments, but i want the height of my overall table to be 100%, so that this table fills the entire screen. I'm using the following code: <html> <!-- <body style="overflow: hidden"> --> <span style="font:bold 1px arial;"> <table style="float: left; height: 100%; width: 100%px; border: 1px solid red"> <?PHP include("config.php"); $result = mysql_query("SELECT * FROM medarbejder ORDER BY medarbejder"); //echo "$result"; echo "<tbody>"; echo "<TABLE float:left height:100% border=0 width=100% >"; // <!--Start IT-afdeling--> echo"<td bgcolor=#7FFF00> <span style=font-size:48px;> <div align=center> IT-Afdelingen </div> </span> </td>"; while($row = mysql_fetch_array($result)) { echo "<tr>"; IF ($row['status']==1 && $row['afdeling']==2) { echo "<td width=100% height=100% bgcolor=#FFFFFF> <span style=font-size:32px;> " . $row['medarbejder'] . " (til stede) </span> </td>"; } elseif ($row['status']!=1 && $row['afdeling']==2) { echo "<td width=100% height=100% bgcolor=#FF0000> <span style=font-size:32px;color=white;> " . $row['medarbejder'] . " (ikke til stede) </span> </td>"; } echo "<td>"; echo "</td>"; //echo "<br>"; echo "</tr>"; } // <!--Start Marketing-afdeling--> $result = mysql_query("SELECT * FROM medarbejder ORDER BY medarbejder"); echo"<td width=100% height=100% bgcolor=#37FDFC><span style=font-size:48px;> <div align=center> Kommunikation og marketing </div> </span> </td>"; while($row = mysql_fetch_array($result)) { echo "<tr>"; IF ($row['status']==1 && $row['afdeling']==1) { echo "<td width=100% height=100% bgcolor=#FFFFFF> <span style=font-size:32px;> " . $row['medarbejder'] . " (til stede) </span> </td>"; } elseif ($row['status']!=1 && $row['afdeling']==1) { echo "<td width=100% height=100% bgcolor=#FF0000> <span style=font-size:32px;color=white;> " . $row['medarbejder'] . " (ikke til stede) </span> </td>"; } echo "<td>"; echo "</td>"; //echo "<br>"; echo "</tr>"; } // <!--Start Skema-afdeling--> $result = mysql_query("SELECT * FROM medarbejder ORDER BY medarbejder"); echo"<td width=100% height=100% bgcolor=#FF6600> <span style=font-size:48px;> <div align=center> Skema-lægning </div> </span> </td>"; while($row = mysql_fetch_array($result)) { echo "<tr>"; IF ($row['status']==1 && $row['afdeling']==3) { echo "<td width=100% height=100% bgcolor=#FFFFFF> <span style=font-size:32px;> " . $row['medarbejder'] . " (til stede) </span> </td>"; } elseif ($row['status']!=1 && $row['afdeling']==3) { echo "<td width=100% height=100% bgcolor=#FF0000> <span style=font-size:32px;color=white;> " . $row['medarbejder'] . " (ikke til stede) </span> </td>"; } echo "<td>"; echo "</td>"; //echo "<br>"; echo "</tr>"; } echo "</table>"; echo "</tbody>"; mysql_close($con); ?> </span> </html> I have been searching around, but haven't found a way to apply this to my own code. Any help is much appriciated.

Yet again, when the user adds new table headers they will have to edit the php code.. is there no way to manually avoid this?

Hi, The content column is displaying everything in the tables (except the KHS00), the field table is displaying all the table headers. I'm not sure how I can join the different tables without making it look like a mess :/ As for the array, It's a good idea, but it needs to generate it automatically, as I might end up with 100 rows, or even more.

Hey @ your first post, Yes that's correct @ your second post, The reason I do not store the data like this, that it wont be possible to edit the table headers (id | pc-name | archived | notes). Else I would surely have done that, as it's way easier

Hi. This is the present code: <table id="sort-table"> <thead> <tr> <?PHP //echo '<th style="width:128px">Options</th>'; echo ' <th> Identifier </th> '; $fieldresult = mysql_query("SELECT * FROM fields ORDER BY `order`"); while($fieldrow = mysql_fetch_array($fieldresult)) { echo ' <th> ' . $fieldrow["name"] . ' </th> '; } echo '</tr> </thead> <tbody> '; $contentresult = mysql_query("SELECT fields.*, identify.*, content.* FROM fields INNER JOIN identify JOIN content WHERE content.identify = identify.id AND content.field = fields.id ORDER BY fields.order, identify.id") or die (mysql_error()); while($contentrow = mysql_fetch_array($contentresult)) { echo '<tr><td>' . $contentrow["value"] . '</td><td>' . $contentrow["content"] . '</td></tr>'; } //echo ' </tr>'; ?> </tbody> </table> It looks added to me.

Still having troubles on this one

Thanks Cyber, now I even understand my query lol Appears to be working, but data looks exactly like it did before when it gets ehco'ed. The problem is, that i think i need a <td> & </td> each time it echoes a new $contentrow["content"].

Sorry that I didn't make myself clear enough, It's a SQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.FLDS, *.IDNT, *.CNT FROM fields FLDS INNER JOIN identify IDNT JOIN content CNT ' at line 1

I c, then how would I print the rows? I tried with this: $contentresult = mysql_query("SELECT *.FLDS, *.IDNT, *.CNT FROM fields FLDS INNER JOIN identify IDNT JOIN content CNT WHERE CNT.identify = IDNT.id AND CNT.field = FLDS.id ORDER BY FLDS.order, IDNT.id"); while($contentrow = mysql_fetch_array($contentresult)) { echo ' <td> ' . $contentrow["value"] . ' </td> <td> ' . $contentrow["content"] . ' </td> '; } Last question is where i should close the table rows?

Sorry James, you totally lost me Cyber, no I didn't try it, I might not understand left join, never heard of it. I see I can select multiple fields from multiple tables, but I don't see how I can put my WHERE into this.

How's that? I can't add a where clause as I dont have any data to work with yet.

I think your best shot is to split this into two pages, like you do in forums. You show the categories, then you show the topics. So you have your categories.php or index.php or w/e where you use a mysql while loop and print the categories with a link to movies.php?cat=1 or w/e id it should be. At the movies.php you then do the same, except in this while loop you will have have a where clause depending on the cat variable. Remember to use real escape string so no1 makes some nasty attacks. If you need further help, please PM me, and i can code you two example pages to show you what i mean.

So.. yet again i moved on, and got this: <?PHP //echo '<th style="width:128px">Options</th>'; echo ' <th> Identifier </th> '; $fieldresult = mysql_query("SELECT * FROM fields ORDER BY `order`"); while($fieldrow = mysql_fetch_array($fieldresult)) { echo ' <th> ' . $fieldrow["name"] . ' </th> '; } echo '</tr> </thead> '; $fieldresult2 = mysql_query("SELECT * FROM fields ORDER BY `order`"); while($fieldrow2 = mysql_fetch_array($fieldresult2)) { $identifyresult = mysql_query("SELECT * FROM identify ORDER BY `id`"); while($identifyrow = mysql_fetch_array($identifyresult)) { //echo ' <td> ' . $identifyrow["value"] . ' </td> '; $contentresult = mysql_query("SELECT * FROM content where identify = '".$identifyrow['id']."' AND field = '".$fieldrow2['id']."'"); while($contentrow = mysql_fetch_array($contentresult)) { echo ' <td> ' . $identifyrow["value"] . ' </td> <td> ' . $contentrow["content"] . ' </td> '; } echo ' </tr>'; } } ?> Looks like this: http://img684.imageshack.us/img684/8740/udklipk.png I think there's something wrong when i close the table rows.. But not completely sure?

Okay, I did a little research and came to, that i could just execute the queries multiple times So new code is: <?PHP //echo '<th style="width:128px">Options</th>'; echo ' <th> Identifier </th> '; $fieldresult = mysql_query("SELECT * FROM fields ORDER BY `order`"); while($fieldrow = mysql_fetch_array($fieldresult)) { echo ' <th> ' . $fieldrow["name"] . ' </th> '; } echo '</tr> </thead> '; $fieldresult2 = mysql_query("SELECT * FROM fields ORDER BY `order`"); while($fieldrow2 = mysql_fetch_array($fieldresult2)) { $identifyresult = mysql_query("SELECT * FROM identify ORDER BY `id`"); while($identifyrow = mysql_fetch_array($identifyresult)) { echo ' <td> ' . $identifyrow["value"] . ' </td> '; $contentresult = mysql_query("SELECT * FROM content where identify = '".$identifyrow['id']."' AND field = '".$fieldrow2['id']."'"); while($contentrow = mysql_fetch_array($contentresult)) { echo ' <td> ' . $contentrow["content"] . ' </td> '; echo ' </tr>'; } } } ?> Now this produce this: http://img28.imageshack.us/img28/5186/udklip.png it appears to duplicate the identify record :/ I also tried to move the echo identity part down in the second loop without luck. Please let me know your suggestions.

Identify is a unique id Binding everything together. I'm not sure there's a need of it. It could be replaced by the regular ID column i think. HTML table: Identify | PC-name | Archive KHS000 | PC-Basement |10-01-2011 KHS001 | PC-entrance | 12-12-2010 etc.. (number 2 is not in the mysql, it was just a sample to give you a better idea). Picture: http://img191.imageshack.us/img191/4815/udklipn.png

This will only print the last result from the loop. Whole loop code: <?PHP //echo '<th style="width:128px">Options</th>'; echo ' <th> Identifier </th> '; $fieldresult = mysql_query("SELECT * FROM fields ORDER BY `order`"); while($fieldrow = mysql_fetch_array($fieldresult)) { echo ' <th> ' . $fieldrow["name"] . ' </th> '; echo '</tr>'; $identifyresult = mysql_query("SELECT * FROM identify ORDER BY `id`"); while($identifyrow = mysql_fetch_array($identifyresult)) { echo ' <td> ' . $identifyrow["value"] . ' </td> '; $contentresult = mysql_query("SELECT * FROM content where identify = '".$identifyrow['id']."' AND field = '".$fieldrow['id']."'"); while($contentrow = mysql_fetch_array($contentresult)) { echo ' <td> ' . $contentrow["content"] . ' </td> '; } } } ?> As you might see here, I'm slowly building up the entire table. First it prints the headers, but meanwhile it prints the headers, it starts to make the table rows, so i get the correct content and unique ids (identify) placed in the correct order. This is so far the only solution which actually prints the content i need, however it mess up the tables.

Correct, but as i wrote I don't want to exit the loop, as I'm not done with the data from it.

Hi, I'm in need of making some loops within each other, in order to retrieve the info which i need. First part of my code: <div class="hastable"> <table id="sort-table"> <thead> <tr> <?PHP //echo '<th style="width:128px">Options</th>'; echo ' <th> Identifier </th> '; $fieldresult = mysql_query("SELECT * FROM fields ORDER BY `order`"); while($fieldrow = mysql_fetch_array($fieldresult)) { echo ' <th> ' . $fieldrow["name"] . ' </th> '; So you see, here i create all the table headers required, as long as it can still fetch some data. My problem is, that I need to execute a echo '</tr>'; when it's done fetching the data, meaning as soon as it cannot retrieve any more data, i need to close this row, as the next data coming, should be placed in a second row.. Is there any way to do this - Without exiting the loop?

Yea, the table would be very confusing if it stored multiple items. If you stored everything within a single table, there would be no need of tables, just a database Any way, so I got this: <?PHP echo ' <td> Identifier </td> '; $result = mysql_query("SELECT * FROM fields ORDER BY `order`"); while($row = mysql_fetch_array($result)) { echo ' <td> ' . $row["name"] . ' </td> '; } ?> <th style="width:128px">Options</th> </tr> </thead> <tbody> <?PHP $result = mysql_query("SELECT * FROM identify ORDER BY `id`"); while($inforow = mysql_fetch_array($result)) { echo ' <td> ' . $inforow["value"] . ' </td> '; $resultfields = mysql_query("SELECT * FROM fields ORDER BY `order`"); $rowfields = mysql_fetch_array($resultfields); $resultcontent = mysql_query("SELECT * FROM content where identify = '".$inforow['id']."' AND field = '".$rowfields['id']."'"); while($rowcontent = mysql_fetch_array($resultcontent)) { Now my problem is the last selection: $resultcontent = mysql_query("SELECT * FROM content where identify = '".$inforow['id']."' AND field = '".$rowfields['id']."'"); I can get the identify ID, but I have no idea on how I would get the field ID. Maybe i should execute everything in a while loop when creating the table headers, then also create the rows at the same time, so it finish a header, then the rows below it, then move on to the next header and next rows etc.. Dunno if it's even possible to do it like that?

Thanks for your reply: |ID| |NAME| |AGE| 1 Joe 25 2 Jan 18 3 Yolanda 35 The ID is one table in my database called identify. The NAME & AGE are stored in another table called fields. Joe, 25, Jan, 18, Yolanda, 35 is stored in a third table called content. Within the content table each content is linked to a field and to the identify. My question is how i would print the different the data, as in, what query should i execute? As in first row, I want to select ID number one and the next field by order, then get the info from the content table matching those. Then keep on looping this process until everything is printed. Hope that makes more sense :/ As you see, nothing is defined in the database structure, it's all user made.

Hi all, So I'm not completely sure on how to do this, but basically this i what i want. I want the users to be able to create "fields" in my table, so let's say we have a structure like this: Field 1 Field 2 Field 3 Data 1 Data 2 Data 3 Problem is, that i want my users to update both the <td> and <tr> information via mysql, without altering the database. And I'm not sure on how I can make sure, that everything gets out in the right order. I have this so far: <table id="sort-table"> <thead> <tr> <?PHP echo ' <td> Identifier </td> '; $result = mysql_query("SELECT * FROM fields ORDER BY `order`"); while($row = mysql_fetch_array($result)) { echo ' <td> ' . $row["name"] . ' </td> '; } ?> <th style="width:128px">Options</th> </tr> </thead> This will display the field 1, 2, 3 etc.. My problem is.. How do i get the content displayed in the right order to the right fields.. :/ I hope you understand me, if not, please tell me so I can elaborate I know this might seems like a noob question, and I'm sorry that I couldn't search, but I didn't know what to search for.