waynewex
-
Posts
2,405 -
Joined
-
Last visited
Posts posted by waynewex
-
-
You forgot the "die" part. Try
$res = mysqli_query($con, $sql) or die(mysqli_error($con));
You should be recommending trigger_error instead of die.
-
echo ($banned === 1) ? 'Yes' : 'No'; -
Created a stock market game that is still in on-going development. My plan is to gradually add more features as time goes on.
My validation file can be found at: http://disbottle.com/phpfreaks.txt
Site is at http://disbottle.com
-
Swap your single quotes and double quotes around and see if it works. Example:
Change:
$query1 = "channel/item[title='$p']/title";
to
$query1 = 'channel/item[title="'.$p.'"]/title';
You can't escape apostrophes in XPath, as far as I'm aware. Properly formed XML shouldn't contain apostrophes, by the way. The following characters should be escaped:
" "
' '
< <
> >
& &In this case, ' should be used instead of '
-
The function eregi is deprecated as of PHP 5.3.0. This piece of code is not future proof. I'd advise you to find a newer script instead of trying to modify one that was originally released for PHP 4.3. The site phpfreebies was made back in 2005. That's nearly 8 years ago. Use at your own risk.
-
This is happening because by default, PDO emulates prepared statements with sprintf. This means that you're not actually communication with the database server when you prepare your statement. Thus, the statement cannot be validated.
This will work because I've changed the PDO::ATTR_EMULATE_PREPARES attribute to FALSE:
<?php try { $DBH = new PDO("mysql:host=localhost;dbname=libertc0_lr", 'libertc0_vadmin', '*****'); $DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); $DBH->setAttribute( PDO::ATTR_EMULATE_PREPARES, false ); $DBH->prepare('DELECT name FROM people'); } catch(PDOException $e) { echo "I'm sorry, Dave. I'm afraid I can't do that."; file_put_contents('PDOErrors.txt', $e->getMessage(), FILE_APPEND); } -
Check if magic_quotes are enabled on your server by running:
if(get_magic_quotes_gpc()({ echo 'Please disable magic quotes.'; } -
The discount processing should be on your side, not Paypal's. A discount should be applied on a per-item basis, simply because you might want to tweak the discount on a per-item basis (change discount rates and exclude certain products etc). This sounds like more of a UX problem than a PHP one, to be honest. A final discount figure should be shown at the end. However, you could also provide discount figures beside each product so that users know what discounts apply to each product. Have a look at Amazon and other major online retailers for some ideas on how to actually display this information in the cart.
-
while($run = mysql_fetch_array($result)){ echo "<tr> <td>{$run['vinNumber']}</td> <td>{$run['carYear']} {$run['carModel']}</td> <td><img src='franchises/franchise_id_{$franchise_id}/lotImages/dealer_id_{$dealer_id}/lot_id_{$run['id']}/wheelFL.jpeg'></td> </tr>"; }should work.
Edit: Formatting has become a challenge.
-
Barand are you saying i should not input it in the table because im echoing it on the same page? I get that i can just echo it out on here because i grabbed the data from the form. Is that what you mean?
He's saying that you don't need to run the SELECT query because the data you're inserting is available to the rest of your script. Although one could argue that you should be using the Post/Redirect/Get pattern: http://en.wikipedia.org/wiki/Post/Redirect/Get
-
what does the blurp.php page do? or is it just an example of something i could be linking to?
Just an example page you could link to.
-
Barand is right:
<?php $conn = mysql_connect("localhost", "root", ""); $select = mysql_select_db("project", $conn); $title = mysql_real_escape_string($_POST['title'], $conn); $pic = $_FILES['pic']['tmp_name']; $pic2 = $_FILES['pic']['name']; $desc = mysql_real_escape_string($_POST['desc'], $conn); $path = mysql_real_escape_string("upload/".$pic2, $conn); $themove = move_uploaded_file($pic,$path); $sqlqry = mysql_query("INSERT INTO media(title,pic,desct) VALUES ('$title','$path','$desc')", $conn); $id = mysql_insert_id($conn); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>New Uploaded Page</title> </head> <body> <h1> <a href="blurb.php?id=<?php echo $id; ?>"> <?php echo htmlentities($title, ENT_QUOTES, "utf-8"); ?> </a> </h1> <br /> <br /> <img src="<?php echo htmlentities($path, ENT_QUOTES, "utf-8"); ?>" /><br /> <p> <br /> <?php echo htmlentities($desc, ENT_QUOTES, "utf-8"); ?> </p> </body> </html>One less query...
-
Change
<a href="#"><h1><?php echo $burp['title']; ?></h1></a>
to
<h1><a href="blurb.php?id=<?php echo $hmmm; ?>"><?php echo $burp['title']; ?></a></h1>
Note that you'll have to create a page called blurb.php
-
You should look into using the function http_build_query:
<?php $query = array( 'my' => 'milkshake', 'brings' => 'all', 'the' => 'boys', 'to' => 'the', 'yard' => 'and', 'they\'re' => 'like', 'it\'s' => 'better than yours!' ); echo http_build_query($query); ?>
It'll spit out a URL-encoded query string.
-
Your code is open to SQL injection because you're not sanitizing your incoming data. mysql_real_escape_string() will help (if you're actually using the mysql_* functions). Example:
$clean = mysql_real_escape_string($unclean, $connection_link);
The best way to protect yourself against SQL injections would be to use prepared statements. Example with PDO:
<?php $name = 'Wayne'; $value = 'Test'; $stmt = $db->prepare("INSERT INTO table_name (name, value) VALUES (:name, :value)"); $stmt->bindParam(':name', $name); $stmt->bindParam(':value', $value); $stmt->execute(); ?> -
Try:
http:\\www.########.com\\###service\\###xmlinterface.asmx
-
$response = file_get_contents($url, null, $context);
What is your $url?
Also, you should pass false instead of null into the second parameter.
-
Your query failed.
Change:
$query = mysql_query($query);
to
$query = mysql_query($query) or die(mysql_error());
and post whatever errors are shown on your screen.
-
Thank you for posting the solution. Months from now, somebody will mentally thank you for it. (Unlike those guys that say "It's OK, I found a solution" and never elaborate.
-
Most of my work is for web design companies that don't have a programmer on-staff. It's better to build up 2 or 3 good web design companies as clients than trying to deal with the type of crap that you find on freelancing websites.
-
What do you mean by change an image? Could you elaborate on that a bit more?
-
If you want to show the time counting down, you will need to use JavaScript. Use the time from PHP and give it whatever countdown js plugin you'll be using.
-
Loads for me.
-
You should be assigning welcome a value, regardless of whether it fixes your issue or not. welcome=true or welcome=Y
Insert double record instead of only one
in PHP Coding Help
Posted · Edited by waynewex
The code:
$query2 = "insert into complaint(complain,d_name,complainant_id) values ('$complain_det','$comp_name','{$row['complainant_id']}')"; mysql_query($query2); $the_auto_id_that_was_just_created = mysql_insert_id(); if (mysql_query($query2)) { echo "<script>alert('Complaint Added Successful')</script>"; }The issue:
Then, you do this:
if (mysql_query($query2)) { echo "<script>alert('Complaint Added Successful')</script>"; }Which basically runs the query again because it calls the mysql_query function.
Change your code to something like:
$query2 = "insert into complaint(complain,d_name,complainant_id) values ('$complain_det','$comp_name','{$row['complainant_id']}')"; $inserted = mysql_query($query2); $the_auto_id_that_was_just_created = null; if ($inserted) { $the_auto_id_that_was_just_created = mysql_insert_id(); echo "<script>alert('Complaint Added Successful')</script>"; }