gtrufitt

Hi, I am using STRCMP to check whether a user's entered password on a login page is the same case as in the database, and then using an if statement to set the session variables if its the same, however, even though it means that the user is not technically logged in, it still shows the first login page immediately. I guess i need to refresh the page when the passwords are not the same so that it see the session variable is not set and just shows the login box again, how would i do this? Here is my code so far: $passwordcmp is the password from the database and $password is the POSTed variable from the login form. if (STRCMP ($passwordcmp, $password) == 0) { $_SESSION['sesid'] = $id; } else { } Thanks, Gareth

No worries, I just worked it out. The working code, if anyone's interested is: <?php $profilecomments = "SELECT id, comment FROM profilecomment WHERE profileid = '$user_id'"; $pc = mysql_query($profilecomments) or die(); ?> <?php if (mysql_num_rows($pc) == 0) { echo '<p><h2>' . $f_name . ' has no comments!</h2></p>' ; } else { while($rowa = mysql_fetch_array($pc, MYSQL_ASSOC)) { $senderid = $rowa['id']; $sender = "SELECT f_name FROM user WHERE id = '$senderid'"; $sc = mysql_query($sender) or die(); $rows = mysql_fetch_array($sc, MYSQL_ASSOC); { echo '<table id="profiletable"><tr><td><a href ="userprofile.php?user='; echo $senderid; echo '">'; echo $rowa['comment']; echo ' from '; echo $rows['f_name']."</a></tr></td></table>\n"; } } } ?> Thanks

I have tried combining the arrays, but couldnt get that to work either

Hi, I am trying to echo a comment, with the comment senders name, ina table, however, only the comments come up, I cant get the name of the sender to follow. The table structures are: user id, f_name profilecomment id, profileid, comment The sender's ID is retrieved from a session variable and the profile ID is retrieved from GET. Here is the code that I have so far: <?php $profilecomments = "SELECT id, comment FROM profilecomment WHERE profileid = '$user_id'"; $pc = mysql_query($profilecomments) or die(); $senderrow = mysql_fetch_array($pc); $senderid = $senderrow['id']; $getfriends = "SELECT friendid FROM friends WHERE id = '$user_id'"; $gf = mysql_query($getfriends) or die(); $friendrow = mysql_fetch_array($gf); while ($rowgf = mysql_fetch_array($gf, MYSQL_ASSOC)) { $getfriendid = $rowgf['friendid']; } $getfname = "SELECT f_name, l_name FROM user WHERE id = '$getfriendid'"; $gfn = mysql_query($getfname) or die(); ?> <?php if (mysql_num_rows($pc) == 0) { echo '<p><h2>' . $f_name . ' has no comments!</h2></p>' ; } else { $sender = "SELECT f_name FROM user WHERE id = '$senderid'"; $sc = mysql_query($sender) or die(); while($rowa = mysql_fetch_array($pc)) { $rows = mysql_fetch_array($sc); echo '<table id="profiletable"><tr><td><a href ="userprofile.php?user='; echo $rowa['id']; echo '">'; echo $rowa['comment']; echo ' from '; echo $rows['f_name']."</a></tr></td></table>\n"; } } ?> Any help would be great, I've been trying to work this out for a couple of days now and I just cant get my head around it! Thanks, Gareth

Anyone?

Ace, thanks alot, that worked

Yea, just a blank return.

ok. All I am trying to do is echo the f_name from the user table using the friendid variable from GET to get the ID of the person from the user table. But for some reason it is not working... Im surely doing something very small wrong? <?php mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!"); mysql_select_db("padgate") or die("Cannot select DB!"); $friendid = $_GET['friendid']; $getfriend = "SELECT id, friendid FROM friends WHERE id = '$sesid' AND friendid = '$friendid'"; $fr = mysql_query($getfriend) or die(); $countfr = mysql_num_rows($fr); $getfname = "SELECT f_name FROM user WHERE id = '$friendid'"; $fn = mysql_query($getfname) or die(); $friendname = $fn['f_name']; ?> <?php if ($countfr == 0) { $addfriend = "INSERT INTO friends (id, friendid) VALUES ('$sesid', '$friendid')"; mysql_query($addfriend) or die(); echo 'You have added ' . $friendname . 'as your friend!' ; } else { echo 'You are already friends with' . $friendname; } ?> Thanks

Thank you

Hi, I am trying to build a friends list. I have the tables: user with the columns: userid, f_name. friends with the columns: id, friendid. So far I am using the query: $friendid = $_GET['friendid']; $getfriend = "SELECT id, friendid FROM friends WHERE friendid = '$friendid'"; $fr = mysql_query($getfriend) or die(mysql_error()."<Br /><br /.".$login); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection. $countfr = mysql_num_rows($fr); $row = mysql_fetch_array($fr); $id = $sesid; $friendid = $row['friendid']; Where $friendid is using GET to pass the variable from a previous page. and $sesid is saved as the logged in user's ID as a session variable. How do I check to see if the users are already friends, by checking to see if both $friendid and $id are in a row? Thanks

Yup. The code takes the userid and selects comments that are related to that userid from the profilecomments table. It then displays all the comments, along with the name of the sender of the comment (whos user id is taken from the profilecomment table and used to retrieve the users name from the user table). The code so far displays all of the comments that are related to the profile but I cannot get it to echo the senders name along with the comments. Is that a bit clearer? I know the code is a bit of a mess as well, sorry about that. Thanks

Hi, I am getting utterly confused with this. It displays the comments correctly but does not display the senders name, I'm sure I am just running the query on the wrong place but I really cannot get my head around it! The $user_id (who owns the profile) is taken from the GET. The $sesid is the usersID. The profileid is the profile owners ID. profilecomments has the colums ID (senders id taken from the session), comment and profileid (taken from the GET) Heres the related code: <?php session_start(); if (!isset($_SESSION['sesid'])){ header("Location: authenticate.php"); } $sesid = $_SESSION['sesid'] ?> <?php mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!"); mysql_select_db("padgate") or die("Cannot select DB!"); $user_id = $_GET['user']; $login = "SELECT id, email, f_name, l_name FROM user WHERE id = '$user_id'"; $r = mysql_query($login) or die(mysql_error()."<Br /><br /.".$login); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection. $count = mysql_num_rows($r); $row = mysql_fetch_array($r); $f_name = $row['f_name']; $l_name = $row['l_name']; $id = $row['id']; $hall = "SELECT id, hallid FROM userhall WHERE id = '$id'"; $p = mysql_query($hall) or die(mysql_error()."<Br /><br /.".$hall); $halln = mysql_fetch_array($p); $hallid = $halln['hallid']; $hallna = "SELECT hallid, name FROM hall WHERE hallid = '$hallid'"; $h = mysql_query($hallna) or die(); $hallne = mysql_fetch_array($h); $hallname = $hallne['name']; $profile = "SELECT about FROM profile WHERE id = '$id'"; $pr = mysql_query($profile) or die(); $aboutme = mysql_fetch_array($pr); $about = $aboutme['about']; ?> <?php $profilecomments = "SELECT id, comment FROM profilecomment WHERE profileid = '$user_id'"; $pc = mysql_query($profilecomments) or die(); $senderid = $pc['id']; ?> <?php if (mysql_num_rows($pc) == 0) { echo '<p><h2>' . $f_name . 'has no comments!</h2></p>' ; } else { $sender = "SELECT f_name FROM user WHERE id = '$senderid'"; $sc = mysql_query($sender) or die(mysql_error()."<Br /><br /.".$sender); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection. while($rowa = mysql_fetch_array($pc)) { $rows = mysql_fetch_array($sc); echo '<table id="profiletable"><tr><td><a href ="userprofile.php?user='; echo $rowa['id']; echo '">'; echo $rowa['comment']; echo 'from '; echo $rows['f_name']."</a></tr></td></table>\n"; } } ?> code] Thanks

Thank you

Hi, I have multiple forms on one page that are used to UPDATE a user's information, each form has its own submit button and the action is <?php echo $SERVER['PHP_SELF']; ?> to bring the form back to the page. I am slightly unsure of the code needed to process each from depending which one has been changed eg: if (the form name) has been changed UPDATE something else if (another form name) has been changed UPDATE something different etc. What is the correct php code to use with the if statement in order to update each form depending on which form has been changed? Thanks, Gareth

Hi, this script is meant to make sure a user cannot enter more than 42 characters into a textarea, but it is not working, any help as to why would be great! <script language="JavaScript" type="text/javascript"> <!-- function maxlength(element, maxvalue) var q = eval("document.pooh."+element+".value.length"); var r = q - maxvalue; var msg = "Sorry, you have input "+q+" characters into the "+ "text area box you just completed. It can return no more than "+ maxvalue+" characters to be processed. Please abbreviate "+ "your text by at least "+r+" characters"; if (q > maxvalue) alert(msg); //--> </script> <p> <label for name="about">About: </label> <textarea cols="30" rows="5" name="about" maxsize="42" onchange="maxlength('about', 42)">I don't want anyone to know about me!</textarea> </p> Thanks, Gareth

Ok, I changed that to use the concentation . things. i now get the error: Parse error: syntax error, unexpected $end in C:\Inetpub\wwwroot\padgate2\TMPnn10vxohrs.php on line 82 Which the line after the last line of code, why would this be?

Hi, I am trying to echo the first and last name of a set of people in a table. I keep gettin the error: Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in C:\Inetpub\wwwroot\padgate2\TMPmyn02xogw6.php on line 57 and before that it only echoed the first person in the table. The 'userhall' table has the columns 'id' and 'hallid' The 'hall' table has 'hallid' and 'name' <?php mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!"); mysql_select_db("padgate") or die("Cannot select DB!"); $hall_name = $_GET['hall']; $hallid = "SELECT hallid FROM hall WHERE name = '$hall_name'"; $hi = mysql_query($hallid) or die(mysql_error()."<Br /><br /.".$hallid); // don't use your SQL statement in your error. $rowh = mysql_fetch_array($hi); $hallid2 = $rowh['hallid']; $hall = "SELECT id FROM userhall WHERE hallid = '$hallid2'"; $h = mysql_query($hall) or die(mysql_error()."<Br /><br /.".$hall); // don't use your SQL statement in your error. ?> <?php if (mysql_num_rows($h) == 0) { echo 'Apparently no one lives in ' $hall_name ' hall!' ; } else { echo 'The following people live in ' $hall_name ' Hall! </p>'; while($rowa = mysql_fetch_array($h)) { $userid = $rowa['id']; $hallmembers = "SELECT * FROM user WHERE id = '$userid'"; $m = mysql_query($hallmembers) or die(mysql_error()."<Br /><br /.".$hallmembers); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection. $row = mysql_fetch_array($m); { echo '<a href ="userprofile.php?user='; echo $row['id']; echo '">'; echo $row['f_name']; echo ' '; echo $row['l_name'],"</a><br />\n"; } } ?>code] Any help to get this working would be great! Thanks, Gareth

Anyone?Please

*bump*

How is this done please? Cheers

I tried the code that sasa posted, the code is now: <?php mysql_connect("localhost", "admin", "admin") or die("Cannot connect to DB!"); mysql_select_db("padgate") or die("Cannot select DB!"); $hall_name = $_GET['hall']; $hallid = "SELECT hallid FROM hall WHERE name = '$hall_name'"; $hi = mysql_query($hallid) or die(mysql_error()."<Br /><br /.".$hallid); // don't use your SQL statement in your error. $rowh = mysql_fetch_array($hi); $hallid2 = $rowh['hallid']; $hall = "SELECT id FROM userhall WHERE hallid = '$hallid2'"; $h = mysql_query($hall) or die(mysql_error()."<Br /><br /.".$hall); // don't use your SQL statement in your error. ?> <?php if (mysql_num_rows($h) == 0) { echo 'Apparently no one lives in ' $hall_name ' hall!' ; } else { echo 'The following people live in ' $hall_name ' Hall! </p>'; while($rowa = mysql_fetch_array($h)) { $userid = $rowa['id']; $hallmembers = "SELECT * FROM user WHERE id = '$userid'"; $m = mysql_query($hallmembers) or die(mysql_error()."<Br /><br /.".$hallmembers); // don't use your SQL statement in your error. It will let malicious users know your table structure and open it up to sql injection. $row = mysql_fetch_array($m); { echo '<a href ="userprofile.php?user='; echo $row['id']; echo '">'; echo $row['f_name']; echo ' '; echo $row['l_name'],"</a><br />\n"; } } ?> But I now get the error: Parse error: syntax error, unexpected T_VARIABLE, expecting ',' or ';' in C:\Inetpub\wwwroot\padgate2\hallprofile.php on line 54 which is: if (mysql_num_rows($h) == 0) { Thanks.

I had already tried that before, it still comes up with one result. I definately have the column 'l_name', it displays the 'f_name' and 'l_name' of only the first row but does not seem to loop to echo the other rows...

Cheers, I managed to work that out but I cant work out how to display all the names, it only displays the first name so far.. $hallmembers = "SELECT * FROM user WHERE id = '$userid'"; $m = mysql_query($hallmembers) or die(mysql_error()."<Br /><br /.".$hallmembers); while($row = mysql_fetch_array($m)) { echo $row['f_name']; echo ' '; echo $row['l_name']; Thanks

The userid variable would be taken from the session so yea, you are right there, it would be an INSERT query to insert the userid and the value into the table therefore no WHERE would be needed for the INSERT query, only the UPDATE query. Thanks for your help.

Can anyone help with this? Thanks.