jesushax

how do i dvidie my record by 1024 i tried $FileSize = $rsfiles["FileSize"]/1024 thats no good

hi i have an upload form which uploads the file size to my db, is there a way when disaplying the file size which auto uploads in bytes into mb? Cheers

whooop like a chav in a filing cabinet.... sorted! needed document root path heres how its done for anyone else whod like to know <?php mkdir($_SERVER['DOCUMENT_ROOT'] . "/clients/".$strFolderPath); ?>

well quick glance at what you wrote <quote>When i hover my curser over any of the case studies, the link displays this case-studies.php=5</quote> you need to change to case-studies.php?ID=5

been reading this http://www.w3schools.com/php/func_filesystem_mkdir.asp doesnt say how to create a subfolder dammit no trailing slashes on that either so cant tell :S

been looking cant find many and they dont seem to be free ...

i got /clients/testterage Warning: mkdir() [function.mkdir]: No such file or directory in /home/fhlinux153/c/cwservicesltd.co.uk/user/htdocs/admin/add_user.php on line 36s

i dont know what this script is called but you know where you can view a preview of the wepage via a link (like ask.com) whats that script called?

can no one help? its this line thats the problem mkdir("/clients/".$strFolderPath.""); it doesnt work, is the context correct?

right heres my code i got the strign replace but the folder is not getting created in my clients folder <?php switch(@$_GET["mode"]) { case "add": include($_SERVER['DOCUMENT_ROOT'] . '/includes/header-logged.php'); include($_SERVER['DOCUMENT_ROOT'] . '/includes/connection.php'); include($_SERVER['DOCUMENT_ROOT'] . '/includes/admin_access.inc'); $strUserName = mysql_real_escape_string($_POST["txtUserName"]); $strFirstName = mysql_real_escape_string($_POST["txtFirstName"]); $strLastName = mysql_real_escape_string($_POST["txtLastName"]); $strTel = mysql_real_escape_string($_POST["txtTel"]); $strHomePage = mysql_real_escape_string($_POST["txtHomePage"]); $strCompanyName = mysql_real_escape_string($_POST["txtCompanyName"]); $strFolderPath = str_replace(' ','',$strCompanyName); $strUserPass = md5($_POST["txtUserPass"]); $strEmail = mysql_real_escape_string($_POST["txtEmail"]); $strDate = date("d/m/y"); if(!strlen($strUserName)) { echo "<p style=\"color:#FF0000;\">Error: Username Was Left Blank</p>"; } elseif(!strlen($strEmail)){ echo "<p style=\"color:#FF0000;\">Error: Email Was Left Blank</p>"; } else{ $result = mysql_query("SELECT UserName FROM tblUsers WHERE UserName='". $strUserName ."' ") or die(mysql_error()); if (mysql_num_rows($result) > 0) { echo "<p style=\"color:#FF0000;\">Error: Username Taken</p>"; } else{ mysql_query("INSERT INTO tblUsers (UserName, UserAdmin, UserPassword, UserEmail, UserCompanyName, UserCompanyFolder, UserFirstName, UserLastName, UserTel, UserHomePage, UserDateAdded) Values( '".$strUserName."','0' ,'".$strUserPass."', '".$strEmail."', '".$strCompanyName."', '".$strFolderPath."', '".$strFirstName."', '".$strLastName."', '".$strTel."', '".$strHomePage."', '".$strDate."')") or die(mysql_error()); mkdir("/clients/".$strFolderPath.""); header('Location: ?mode=done'); exit; } } break; case "done": include($_SERVER['DOCUMENT_ROOT'] . '/includes/header-logged.php'); include($_SERVER['DOCUMENT_ROOT'] . '/includes/admin_access.inc'); echo "</p>Account has been created.</p>"; break; break; default: include($_SERVER['DOCUMENT_ROOT'] . '/includes/header-logged.php'); include($_SERVER['DOCUMENT_ROOT'] . '/includes/admin_access.inc'); } include($_SERVER['DOCUMENT_ROOT'] . '/includes/nav/companies.inc'); ?> <b>Add an account</b> <form id="Profile" method="post" action="?mode=add"> <table width="100%" border="0" style="padding:0px; margin:0px;"> <tr> <td>Username: </td> <td><input type="text" name="txtUserName" size="50" /></td> </tr> <tr> <td>Password:</td> <td><input type="password" name="txtUserPass" size="25" /></td> </tr> <tr> <td>Confirm Password:</td> <td><input type="password" name="txtUserPass2" size="25" /></td> </tr> <tr> <td>Email Address:</td> <td><input type="text" name="txtEmail" size="50" /></td> </tr> <tr> <td>Company Name</td> <td><input type="text" name="txtCompanyName" size="50" /></td> </tr> <tr> <td>First Name:</td> <td><table width="100%" border="0" style="padding:0px; margin-left:-3px;"> <tr> <td><input type="text" name="txtFirstName" size="20" /></td> <td> Last Name:</td> <td><input type="text" name="txtLastName" size="20" /></td> </tr> </table></td> </tr> <tr> <td>Website Address</td> <td><input type="text" name="txtHomePage" size="50" /></td> </tr> <tr> <td>Tel: </td> <td><input type="text" name="txtTel" size="15" /></td> </tr> <tr> <td colspan="2" style="text-align:center;"><input type="submit" name="Submit" value="Add User" alt="Enter" /> <input type="Reset" name="Reset" value="Cancel" alt="Cancel" /></td> </tr> </table> </form> * a valid working email is required as your login and activation information will be sent there, thankyou. <?php include($_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php'); ?> no error messages either

hi i have a add company form what i want to do is take the below $strCompanyName = mysql_real_escape_string($_POST["txtCompanyName"]); remove any spaces in the company name then create a sub-folder with the new company name in the below /clients/ can anyone show or point me in the right direction for these please? Thanks

indeed it is, thankyou very much

hi below is my code <?php $max = 10; //amount of articles per page. change to what to want $p = @$_GET['p']; if(empty($p)) { $p = 1; } $limits = ($p - 1) * $max; //view all the news articles in rows $NotesQuery = mysql_query("SELECT * FROM tblCompanyNotes WHERE md5(UserID)='".$ID."' ORDERBY NotesDate DESC LIMIT ".$limits.",$max") or die(mysql_error()); //the total rows in the table $totalres = mysql_result(mysql_query("SELECT COUNT(NotesID) AS tot FROM tblCompanyNotes"),0); //the total number of pages (calculated result), math stuff... $totalpages = ceil($totalres / $max); ?> and get error any ideas as why? thanks

so what else can i use to keep user ids secure? instead of md5'ing? cheers

where you can have a table of details and you click one of those details and it turns into a textbox ajax? im not sure just know ive seen it Cheers

pap thankyou for noticing it Cheers

below is my code <?php include($_SERVER['DOCUMENT_ROOT'] . '/includes/header-logged.php'); include($_SERVER['DOCUMENT_ROOT'] . '/includes/admin_access.inc'); switch(@$_GET["action"]) { Case "delete": $DelID = ($_GET["ID"]; mysql_query("Delete From tblUsers Where md5(UserID)='".$DelID."' "); header("Location: /admin/companies/view_companies.php"); break; default: $sql = mysql_query("SELECT * FROM tblUsers WHERE UserAdmin=\"0\" ORDER BY UserCompanyName") or die(mysql_error()); include($_SERVER['DOCUMENT_ROOT'] . '/includes/nav/companies.inc'); echo "<p>Click Username to edit profile, CompanyName to view/edit all company realted info, email to email direct and login reports to view users log in info.</p>"; echo '<table width="100%" cellpadding="2px"><tr style="font-weight:bold;"><td>Username</td><td>Company</td><td>Email</td><td>Tel</td><td>Date Added</td><td>Login Reports</td><td> </td></tr>'; while ($rsView = mysql_fetch_array($sql)) { @$counter++; $background_color = ( $counter % 2 == 0 ) ? ('#D7D7D7') : ('#EEEEEE'); echo "<tr height='20' style=\"background-color:".$background_color.";\">"; echo "<td><a href=\"/admin/edit_user.php?ID=". md5 ($rsView["UserID"])."\">".$rsView["UserName"]."</a></td>"; echo "<td><a href=\"/admin/companies/edit_company.php?ID=". md5($rsView["UserID"])."\">".$rsView["UserCompanyName"]."</a></td>"; echo "<td><a href=\"mailto:".$rsView["UserEmail"]."\">".$rsView["UserEmail"]."</a></td>"; echo "<td>".$rsView["UserTel"]."</td>"; echo "<td>".$rsView["UserDateAdded"]."</td>"; echo "<td><a href=\"/admin/view_user_logs.php?ID=".$rsView["UserID"]."\">View</a></td>"; echo "<td><a href=\"/admin/companies/admin_view_companies.php?ID=". md5 ($rsView["UserID"])."&action=delete\">Delete this Company</a></td></tr>"; } echo "</table>"; break; } include($_SERVER['DOCUMENT_ROOT'] . '/includes/footer.php'); ?> and my error message i cant see anything wrong! :S

works a treat thanks for your input

this $ID = $_GET["ID"]; $UserResult = mysql_query("SELECT * FROM tblUsers WHERE md5(UserID)=".$ID." ")or die (mysql_error()); it doent work i get unknown column error is it right? cheers

so $ID = $_GET(md5["ID"]); would bring the correc id to my scripts?

if there is such a term when editing my users ive md5'd the id but to show the records of the user where UserID='".$ID."'" i need to get the querystring back to orginal id as it obvisouly wont find the md5'd version in my db Cheers

ahh right i see. Thanks!

now i have <?php $notes = mysql_query("SELECT COUNT(*) as total FROM tblCompanyNotes WHERE UserID='".$ID."' ") or die (mysql_error()); $files = mysql_query("SELECT COUNT(*) FROM tblCompanyFiles WHERE UserID='".$ID."' ") or die (mysql_error()); $CNotes['total']; $CFiles = mysql_fetch_array($files); $CNotes = mysql_fetch_array($notes); echo 'You have a total of '.$CNotes.' notes<br />'; echo 'You have a total of '.$CFiles.' files available for download<br />'; echo $notes; ?> and still, same result

hi below is my code <?php $notes = mysql_query("SELECT COUNT(*) FROM tblCompanyNotes WHERE UserID='".$ID."' ") or die (mysql_error()); $files = mysql_query("SELECT COUNT(*) FROM tblCompanyFiles WHERE UserID='".$ID."' ") or die (mysql_error()); $CNotes = mysql_fetch_array($notes); $CFiles = mysql_fetch_array($files); echo 'You have a total of '.$CNotes.' notes<br />'; echo 'You have a total of '.$CFiles.' files available for download<br />'; ?> and it outputs this whats wrong here, can anyone tell me? Cheers

Hi to keep my UserID Safe for userse when logged in as a user the userid comes from the sessionID but when logged in as admin to edit the user the usersid getts passed through a querystring ist there another way to do this or is md5'ing a id a good idea? Cheers