thomashw

There is no difference between this query and the one he already had. This has nothing to do with his problem. Pikachu2000 already identified the issue. I've had problems using the syntax he's using, so that is why I suggested changing the string to what I posted.

Can you post the full code, including the form?

Change your query string to this: $query = "UPDATE users SET money='".$nmoney."' WHERE username='".$username."'";

Oh, haha, no I wasn't. I just mistyped it up there. Anyway, thank you. My syntax was a little off.

What's the correct syntax for having a variable in a select statement? Here's an example of what I'm trying to do (after I'm already connected to the database). $username = "thomas"; $query = mysql_query( "SELECT * from users WHERE username = $thomas" ); if( mysql_num_rows( $query ) > 0 ) { bla bla... It works if I don't put the WHERE part in, but I get an error if I use it, so I'm assuming I have the wrong syntax for using a variable in the select statement.

Bump.

I've bolded the part of the code I don't fully understand. Won't sum = sum2 just overwrite the old sum? So why do you need to release it beforehand? Why isn't sum2 released at the end of the program? Should it be? #import “Fraction.h” int main (int argc, char *argv[]) { NSAutoreleasePool * pool = [[NSAutoreleasePool alloc] init]; Fraction *aFraction = [[Fraction alloc] init]; Fraction *sum = [[Fraction alloc] init], *sum2; int i, n, pow2; [sum setTo: 0 over: 1]; // set 1st fraction to 0 NSLog (@”Enter your value for n:”); scanf (“%i”, &n); pow2 = 2; for (i = 1; i <= n; ++i) { [aFraction setTo: 1 over: pow2]; sum2 = [sum add: aFraction]; [b] [sum release]; // release previous sum sum = sum2;[/b] pow2 *= 2; } NSLog (@”After %i iterations, the sum is %g”, n, [sum convertToNum]); [aFraction release]; [sum release]; [pool drain]; return 0; } Thank you!!

Redirect to the same page, but without the $_POST's. header("Location: http://www.example.com/");

Why don't you try setting $docRoot manually rather than using $_SERVER['DOCUMENT_ROOT']? If that fixes the problem, then you know the server is configured incorrectly.

I'd like to have a few constants to use throughout my site. I'm wondering where to store them and the best way to access them? Should I just make a constants.php file in my root directory and include that file in all of my pages, or... what?

Here you go. <?php session_start(); include 'db.inc.php'; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die ('Unable to connect. Please contact the webmaster.'); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); $state_list = array('AL, AK, AZ, AR, CA, CO, CT, DE, FL, GA, HI, ID, IL, IN, IA, KS, KY, LA, ME, MD, MA, MI, MN, MS, MO, MT, NE, NV, NH, NJ, NM, NY, NC, ND, OH, OK, OR, PA, PR, RI, SC, SD, TN, TX UT, VT, VA, WA, WV, WI, WY'); //filter incomming values $username = (isset($_POST['username'])) ? trim($_POST['username']) : ''; $password = (isset($_POST['password'])) ? trim($_POST['password']) : ''; $first_name = (isset($_POST['first_name'])) ? trim($_POST['firstname']) : ''; $last_name = (isset($_POST['last_name'])) ? trim($_POST['last_name']) : ''; $email = (isset($_POST['email'])) ? trim($_POST['email']) : ''; $city = (isset($_POST['city'])) ? trim($_POST['city']) : ''; $state = (isset($_POST['state'])) && is_array($_POST['state']) ? $_POST['state'] : array(); $zip = (isset($_POST['zip'])) ? trim($_POST['zip']) : ''; if(isset($_POST['submit']) && $_POST['submit'] == 'Register') { $errors = array(); //make sure manditory fields have been entered if(empty($username)) { $errors[] = 'Username cannot be blank.'; } //check if username already is registered $query = 'SELECT username FROM users WHERE username = "' . $username . '"'; $result = mysql_query($query, $db) or die(mysql_error()); if (mysql_num_rows($result)>0) { $errors[] = 'Username' .$username. ' is already registered.'; $username = ''; } mysql_free_result($result); if(empty($password)) { $errors[] = 'Password cannot be blank.'; } if(empty($first_name)) { $errors[] = 'First name cannot be blank.'; } if(empty($last_name)) { $errors[] = 'Last name cannot be blank.'; } if(empty($email)) { $errors[] = 'Email address cannot be blank.'; } if(count($errors) > 0) { echo '<p><Strong style="color:#FF000;">Unable to process your '.'registration.</strong></p>'; echo '<p>Please check the following errors:</p>'; echo '<ul>'; foreach ($errors as $error) { echo '<li>' .$error. '</li>'; } echo '</ul>'; } else { // No errors so enter the information into the database. $query = 'INSERT INTO users (user_id, username, password) VALUES (NULL, "' . mysql_real_excape_string($username, $db) . '", '.'PASSWORD("' . mysql_real_excape_string($password, $db) . '"))'; $result = mysql_query($query, $db) or die(mysql_error()); $user_id = mysql_insert_id($db); $query = 'INSERT INTO user_info (user_id, first_name, last_name, email, phone, city, state, zip) VALUES (' . $user_id. ' , ' . '"' .mysql_real_excape_string($first_name, $db) .'", ' . '"' .mysql_real_excape_string($last_name, $db) .'", '. '"' .mysql_real_excape_string($email, $db) . '", '. '"' .mysql_real_excape_string($phone, $db) . '", '. '"' .mysql_real_excape_string($city, $db) . '", '. '"' .mysql_real_excape_string(join(', ', $state),$db) . '", '. '"' .mysql_real_excape_string($zip, $db) . '")'; $result = mysql_query($query, $db) or die(mysql_error()); $_SESSION['logged'] = 1; $_SESSION['username'] = $username; header('Refresh: 5; URL=main.php'); } } ?> <html> <head> <title>Register</title> <style type="text/css"> td{ vertical-align: top;} </style> </head> <body> <form action="register.php" method="post"> <table> <tr> <td><label for="username">Username:</label></td> <td><input type="text" name="username" id="username" size="20" maxlength="20" value="<?php echo $username; ?>"/></td> </tr><tr> <td><label for="password">Password:</label></td> <td><input type="password" name="password" id="password" size="20" maxlength="20" value="<?php echo $password; ?>"/></td> </tr><tr> <td><label for="email">Email:</label></td> <td><input type="text" name="email" id="email" size="20" maxlength="50" value="<?php echo $email; ?>"/></td> </tr><tr> <td><label for="first_name">First name:</label></td> <td><input type="text" name="first_name" id="first_name" size="20" maxlength="20" value="<?php echo $first_name ?>"/></td> </tr><tr> <td><label for="last_name">Last name:</label></td> <td><input type="text" name="last_name" id="last_name" size="20" maxlength="20" value="<?php echo $last_name ?>"/></td> </tr><tr> <td><label for="city">City:</label></td> <td><input type="text" name="city" id="city" size="20" maxlength="20" value="<?php echo $city ?>"/></td> </tr><tr> <td><label for="state">State</label></td> <td><select name="state[]" id="state" multiple="multiple"> <?php foreach ($state_list as $states){ if(in_array($states, $state)) { echo '<option value="'.$states.'" selected="selected">' .$states . '</option>'; } else { echo '<option value="'.$states.'">'.$states.'</option>'; } } ?> </select></td> </tr><tr> <td></td> <td><input type="submit" name="submit" value="Register"/></td> </tr> </table> </form> </body> </html> You were just missing a couple closing braces before you started the HTML section.

Why not just use the original function names instead of using your own? You can try using the stripslashes function when removing it from your database.

At the end of a function (the last line of code in the function) you can do a return, which will return a value to wherever it was called. For example, here's a function: function temp() { return 1; } Now if you call that function: $number = temp(); // number = 1 Get it? That's how you get a value out of a function. Also, there's no rules when to call functions as long as they make sense. You can have a function call another function, which calls five more functions. You can have a function call itself, etc.

Have you tried '=' instead of '->'?

Where you have: ($user = mysql_fetch_array($users)) Try changing it to: ($user = mysql_fetch_assoc($users))

Please wrap CODE tags around your code when you post it. <?php include("Web/htdocs/include/include.php"); ?> <?php require_guest(); ?> <?php if (isset($_POST["email"])) { // Verify the visitor has not attempted login too many times $visitors = query_mysql("SELECT `Login Attempts`, `Cookie Attempts`, `First Attempt` FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); if ($visitor = mysql_fetch_array($visitors)) { if (time() - $visitor["First Attempt"] >= $__options["attempts_timeout"]) { query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); } elseif ($visitor["Cookie Attempts"] >= $__options["max_session_attempts"] || $visitor["Login Attempts"] >= $options__["max_login_attempts"]) { $abort_session = 1; } } if (!isset($abort_session) || $abort_session != 1) { $users = query_mysql("SELECT `Supplier ID`, `Password`, `Force Password Change`, `Password Changed`, `Status` FROM `Suppliers` WHERE `Email` = '" . escape($_POST["email"]) . "'"); if ($user = mysql_fetch_array($users)) { if (check_password($_POST["password"], $user["Password"]) == 1) { if ($user["Status"] = "Active") { if ($user["Force Password Change"] == "Yes" || time() > ($user["Password Changed"] + $__options["admin_password_change_time"])) { if ($_POST["password1"] != "") { $temp = good_password($_POST["password1"]); if ($_POST["password1"] != $_POST["password2"]) { $temp = "Enter the same password twice."; } if ($_POST["password"] == $_POST["password1"]) { $temp = "Your new password can not be the same as the old one."; } if ($temp !== 1) { $password_change = 1; $message = $temp; } else { if ($result = query_mysql("UPDATE `Suppliers` SET `Force Password Change` = 'No', `Password` = '" . escape(salt_hash_password($_POST["password1"])) . "', `Password Changed` = '" . time() . "' WHERE `Email` = '" . escape($_POST["email"]) . "'") && mysql_affected_rows() > 0) { header("Location: /portal/supplier/login.php?action=passwordchange"); die(1); } else { $password_change = 1; $message = "There was a problem."; } } } else { $password_change = 1; $message = "You are required to change your password."; } } else { $temp = random_string(40); if ($result = query_mysql("SELECT `ID` FROM `Sessions` WHERE `Cookie` = '" . escape($temp) . "'")) { if (mysql_num_rows($result) == 0) { setcookie("session_id", $temp, time() + 600000, "/"); query_mysql("INSERT INTO `Sessions` (`Cookie`, `User ID`, `User Type`, `Activity`, `Login`) VALUES ('" . escape($temp) . "', '" . escape($user["Supplier ID"]) . "', 'Supplier', '" . time() . "', '" . time() . "')"); query_mysql("INSERT INTO `Login Tracking` (`ID`, `User Type`, `Login`, `Session ID`, `IP`, `Logout Type`, `Logout`, `User ID`) VALUES (NULL , 'Supplier', '" . time() . "', '" . mysql_insert_id() . "', INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '0', '0', '" . escape($user["ID"]) . "')"); query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); header("Location: /portal/supplier/"); die(1); } else { $message = "There was a problem on our end."; } } else { $message = "There was a problem on our end."; } } } elseif ($user["Status"] = "New") { $message = "After we approve your account, you will be able to login."; } else { $message = "Either your email or password is incorrect."; } } else { $message = "Either your email or password is incorrect."; } } else { $message = "Either your email or password is incorrect."; } } else { $message = "You, or someone on your internet connection, has attempted to login to the system too many times. Either wait a while or contact us for help."; } } if ($message == "Either your email or password is incorrect.") { $visitors = query_mysql("SELECT `First Attempt` FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); if ($visitor = mysql_fetch_array($visitors)) { if (time() - $visitor["First Attempt"] >= $__options["attempts_timeout"]) { query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); query_mysql("INSERT INTO `Visitors` (`IP`, `Login Attempts`, `Cookie Attempts`, `First Attempt`) VALUES (INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '1', '0', '" . time() . "')"); } else { query_mysql("UPDATE `Visitors` SET `Login Attempts` = `Login Attempts` + 1 WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); } } else { query_mysql("INSERT INTO `Visitors` (`IP`, `Login Attempts`, `Cookie Attempts`, `First Attempt`) VALUES (INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '1', '0', '" . time() . "')"); } } if (isset($_GET["action"])) { switch ($_GET["action"]) { case "timeout": $message = "You have been logged out due to inactivity or longevity. You will need to login again."; break; case "loggedout": $message = "You have been logged out."; break; case "passwordchange": $message = "Your password has been changed."; break; default: break; } } ?> <?php include("Web/htdocs/include/open.php"); ?> <meta name="keywords" content="global trade base" /> <title>Global Trade Base</title> <?php include("Web/htdocs/include/navigation.php"); ?> <?php if ($password_change == 1) { ?> <form method="post" action="Web/htdocs/portal/supplier/login.php"> <h1>Change Password</h1> <p style="color: red; font-weight: bold;"><?php echo $message; ?></p> <table> <tr> <th style="text-align: right;">Email:</th> <td><input id="email" name="email" value="<?php ehtml($_POST["email"]); ?>" /></td> </tr> <tr> <th style="text-align: right;">Password:</th> <td><input type="password" name="password" /></td> </tr> <tr> <th style="text-align: right;">New Password:</th> <td><input type="password" name="password1" /></td> </tr> <tr> <th style="text-align: right;">New Password Again:</th> <td><input type="password" name="password2" /></td> </tr> <tr> <td colspan="2" style="text-align: right;"><input type="submit" value="Login" /></td> </tr> </table> </form> <?php } else { ?> <form method="post" action="Web/htdocs/portal/supplier/login.php"> <h1>Supplier Login</h1> <p style="color: red; font-weight: bold;"><?php echo $message; ?></p> <table> <tr> <th style="text-align: right;">Email:</th> <td><input id="email" name="email" value="<?php ehtml($_POST["email"]); ?>" /></td> </tr> <tr> <th style="text-align: right;">Password:</th> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" style="text-align: right;"><input type="submit" value="Login" /></td> </tr> </table> </form> <a href="Web/htdocs/portal/supplier/forgot_password.php">I forgot my password.</a> <?php } ?> <script type="text/javascript"> <!-- $('#email').focus(); $('#email').select(); //--> </script> <?php include("Web/htdocs/include/close.php"); ?>

Ahh, thank you.

I constantly see @ used infront of functions. What does it do?

Create a function using that onlineusers.php file (I usually create a file called functions.php that contains all my functions), then include the functions.php file in your members.php file using: include( functions.php ); To create the function, do something like this: function onlineUsers() { // your code to calculate the online users return $numUsers; } Then in your members.php page: $numUsers = onlineUsers();

Use the htmlspecialchars function. http://php.net/manual/en/function.htmlspecialchars.php

I wasn't trying to be rude or anything, it just sounded like you wanted the code. Like kasitzboym said, I bet there are tons of tutorials out there. To let someone login, you'll want a page with a form. You'll want that form to submit to a page where you compare the username/password that was entered in the form to usernames/passwords in your database, probably using $_POST and using SELECT. To let someone register, you'll want another form to let them fill out with whatever info you require when they register. You'll want to have this form submit to a page where the info is processed, again probably using $_POST. On that same page, you'll want to INSERT this info into your database.

So a way to loop through all the rows in a table would be like this: while( $row = mysql_fetch_assoc( $result ) ) You can get rid of your $num variable, and replace your while loop with the loop I just posted. You'll also need to move your mysql_close(); to the bottom since your while loop will now be connecting to your database constantly. The cool thing about mysql_fetch_assoc is it lets you use the actual names of your columns, like this: $row["id"]; Here's your code switched around. It should work, but you may need to mess with it a bit. <?php // Start a session session_start(); include("dbinfo.inc.php"); mysql_connect(localhost,$username,$password); @mysql_select_db($database) or die( "Unable to select database"); $query="SELECT * FROM members"; $result=mysql_query($query); while ($row = mysql_fetch_assoc( $result ) ) { $id = $row["id"]; $username = $row["username"]; $firstname = $row["firstname"]; $lastname = $row["lastname"]; $address = $row["address"]; $city = $row["city"]; $state = $row["state"]; $zip = $row["zip"]; $phone = $row["phone"]; $email = $row["email"]; $iba = $row["iba"]; $mbd = $row["marchingband_currentdue"]; $ctd = $row["choir_currentdue"]; $fd = popen("/usr/sbin/sendmail -t","w") or die("Couldn't Open Sendmail"); fputs($fd, "To: $email \n"); fputs($fd, "From: \"LWE Music\" <lwemusic@lwemusic.org> \n"); fputs($fd, "Subject: $firstname $lastname IBA \n"); fputs($fd, "X-Mailer: PHP3 \n\n"); fputs($fd, "To the parents of $firstname $lastname, This is your monthly LWE Music IBA Statement. Your current IBA is: $iba Your current Marching Band Fees are: $mbd Your current Choir Trip Fees are: $ctd Thank You, LWE Music \n"); pclose($fd); echo '<br /><br />'; } mysql_close(); ?>

Do you know any PHP or how to use a database? Generally this is a help forum, not a free code forum.

Using a SELECT takes the information FROM your database. You need to use an INSERT INTO statement. http://www.w3schools.com/PHP/php_mysql_insert.asp

Can you figure out how to send ONE email using PHP if you had the name, email, and amount due? If so, can you figure out how to query the database for ONE row and send that person an email with the amount due? If so, all you need to do is use a while loop to do it for everyone. If you post some code getting either the first or second questions to work, I'll help with the third.