megz90

oh cool that worked just aswell. i didnt know any other way of doing it. ive always put them on in other areas of my code. and about the injection i know the problems. but i didnt find out about sql injection until about a month ago and by that time it was too late to change all of my code. ive added the (stripslashes($_post...... to a couple of my forms to show i know about the problem but wont have the time to add it to all. i need to work on my report now , this is to be handed in on Wednesday/Thursday thanks for your help

thanks, i had the $_post ... at the top of my code. i should of showed the full page. thanks for the help if ($hid == 0) die('No horse Selected'); $queryowner = "SELECT dbOwnerId FROM xhorse WHERE dbhorseid=$hid LIMIT 1"; $result = mysql_query($queryowner) or die(mysql_error()); $row = mysql_fetch_assoc($result); $oid="{$row['dbOwnerId']}"; echo $oid; the code you provided ive changed and it looks like this now. i can now use $oid to do something else before it adds the values in the database cheers

echo $hid; echo "<br />"; $queryowner = "SELECT dbOwnerId from xhorse where dbhorseid='$hid' AS oid"; $exec = mysql_query($queryowner) or die(mysql_error()); $oid = mysql_result($exec,'oid'); echo $oid; hi, could someone please have a look at this, i cant quite figure out what is wrong $oid will be a username letters/numbers mix error shows as im trying to find out the username from the table xhorse where the horseid is the same as the _post value ive assigned to $hid the reason is so i can then use $oid to query another table called xowner to find balance and assign that result to $bal thanks for any advice...

thanks for the reply but the code you provided with the top part of mine still did the same thing... is there something that im missing ? the previous code... http://www.phpfreaks.com/forums/index.php/topic,186425.msg835327.html#msg835327 worked fine and when i edited it to work on my other forms it also was alright. it is just on this form im getting problems. <script type="text/javascript"> function validateForm(form) { var fe = form.elements; var answer = true; //validate horse if (!requiredCheck(fe['dbhorsename'], 'Horse Name')) answer = false; //validate dob if (!requiredCheck(fe['dbDOB'], 'Date of Birth')) answer = false; if (!validDob(fe['dbDOB'], 'Date of Birth')) answer = false; // ueln if (!requiredCheck(fe['dbUELN'], 'UELN')) answer = false; if (!validPhone(fe['dbUELN'], 'UELN')) answer = false; return answer; } function requiredCheck(fieldObj, fieldName) { if (!fieldObj.value) { alert(fieldName+' is required. Please fill in missing field.'); fieldObj.focus(); return false; } return true; } function validAlpha(fieldObj, fieldName) { validAlphaRegEx = /^[a-zA-Z '-]*$/ if (!fieldObj.value.match(validAlphaRegEx)) { alert(fieldName+' contains invalid characters.'); fieldObj.focus(); return false; } return true; } function validDob(fieldObj, fieldName) { validDobRegEx = (0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])[- /.](19|20)[0-9]{2} if (!fieldObj.value.match(validDateRegEx)) { alert(fieldName+' is not a valid date. Please correct and try again.'); fieldObj.focus(); return false; } return true; } function validPhone(fieldObj, fieldName) { validNumberRegEx = /^[\d \-()]*$/ if (!fieldObj.value.match(validNumberRegEx)) { alert(fieldName+' contains invalid characters.'); fieldObj.focus(); return false; } return true; } </script>

hi this JS was created using a previous post. i cant seem to get it working. form allows empty and incorrect values through to the next page. <script type="text/javascript"> function validateForm(form) { var fe = form.elements; //validate horse if (!requiredCheck(fe['dbhorsename'], 'Horse Name')) return false; //validate dob if (!requiredCheck(fe['dbDOB'], 'Date of Birth')) return false; if (!validDob(fe['dbDOB'], 'Date of Birth')) return false; // ueln if (!requiredCheck(fe['dbUELN'], 'UELN')) return false; if (!validPhone(fe['dbUELN'], 'UELN')) return false; return true; } function requiredCheck(fieldObj, fieldName) { if (!fieldObj.value) { alert(fieldName+' is required. Please fill in missing field.'); fieldObj.focus(); return false; } return true; } function validAlpha(fieldObj, fieldName) { validAlphaRegEx = /^[a-zA-Z '-]*$/ if (!fieldObj.value.match(validAlphaRegEx)) { alert(fieldName+' contains invalid characters.'); fieldObj.focus(); return false; } return true; } function validDob(fieldObj, fieldName) { validDobRegEx = (0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])[- /.](19|20)[0-9]{2} if (!fieldObj.value.match(validDateRegEx)) { alert(fieldName+' is not a valid date. Please correct and try again.'); fieldObj.focus(); return false; } return true; } function validPhone(fieldObj, fieldName) { validNumberRegEx = /^[\d \-()]*$/ if (!fieldObj.value.match(validNumberRegEx)) { alert(fieldName+' contains invalid characters.'); fieldObj.focus(); return false; } return true; } </script> start of the form echo " <form method=\"post\" onsubmit=\"return validateForm(this)\" action=\"updatehorse.php\"> "; there are 7 elements in the form, only 3 need to be checked. dbhorsename required any dbDOB date req dd /- mm /- yy dbUELN numbers only im not sure whats going on with it but at the mo anything goes through... thanks

yes thanks i didnt get your reply until i had posted. it worked great. which is good cus i now have time to go through each and every page to change the code. i knew i should of included that bit of info just like i did the db connection. thanks. .... can i/you mark this as solved ?

i thought it was that but it didnt work <?php session_start(); // admin page include('../db_connection.php'); if (!isset($_SESSION["sess_loggedon"])) { session_start(); } else header ('location: index.html'); ?> im sure ive tried that before. it still loads the page but again doesnt show any specific user info. sorry for the trouble but any ideas ?

hi all im having a little problem with sessions .... i have at the top of all my pages.... <?php if (!isset($_SESSION["sess_loggedon"])) { session_start(); } else header ('location: index.html'); //Database Information include('../db_connection.php'); // this then goes on to show the rest of the page html and other php ?> what i want to do is on each of the pages check if a session is active or not, if not then show the index page what is happening is this... if the user loads a page without logging in then the page still displays all the normal links and stuff shows it just doesnt show any personal information... any suggestions on what ive got wrong ?

im very confused. i have a mysql table the firld type decimal(5,2) Unsigned not null ..... does this mean i can have 5 digits and 2 after the decimal point or max 5 digits (3 before and 2 after point) ive read 3 different websites and now im confused cus they have all said different things. i think my confusion is because of the changes in different mysql versions... im using version: 5.0.45 thanks anyone who knows.

thankyou, i'll send you a message tomorrow from uni, my internet and localhost setup keep crashing. thanks for taking the time out to try and help. i;ll let you know how it goes.

yeah the services names are in a table called xservices containing (serviceid, sname, cost, description,) in the booking table i have a field called 'services' which should store all the services that a cust selects and i thought the implode all the selected serviceId would be the best way. so if a cust wants to edit a booking i can just show a edit form with the things they selected and all the other services as well so they can choose. iwas looking at doing this in a different way to start with. http://www.phpfreaks.com/forums/index.php/topic,188079.msg843084.html#msg843084 but was told not to go that way as it would be very difficult. what do you think ?

hmm. im not sure if i have misunderstood but each and every checkbox will have the value of 1 from what im reading, value=\"1\" it'll show all the checkboxes on the screen but they are all one in value when it gets added to the database what would u suggest? would u care to look at the whole of my code?

make booking . php [code=php:0]<?php // admin page include('../db_connection.php'); if (!isset($_SESSION["sess_loggedon"])) { session_start(); } else header ('location: index.html'); $query = ("SELECT * FROM xhorse WHERE dbOwnerId='".$_SESSION['sess_loggedon']."'"); $result = mysql_query($query); $queryser = ("SELECT * FROM xservice"); $resultser = mysql_query($queryser); ?> [/code] ...other half with the form [code=php:0]<form action="bookadd.php" method="POST"> <?php echo "Select Your Horse :"; echo "<select name='selecth' id='selecth'>"; while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo "<option value=\"{$row['dbhorseid']}\" >{$row['dbhorsename']}</option>"; } echo "</select>"; echo "<br/>"; echo "Date : <input name=\"date\" type=\"text\" size=\"10\" maxlength=\"10\" />"; echo "<br/>"; ?> <table border="1"> <tr><td>Tick if needed</td><td>service name</td><td>cost</td><td>description</td></tr> <?php while($row = mysql_fetch_array($resultser, MYSQL_ASSOC)) { echo "<tr>"; echo "<td><input type=\"checkbox\" name=\"interest[]\" value=\"{$row['dbserviceId']}\"/></td>"; echo "<td>{$row['dbservicename']}</td>"; echo "<td>£{$row['dbcost']}</td>"; echo "<td>{$row['dbdescription']}</td>"; echo "</tr>"; echo "<br/>"; } echo "date: "; ?> </table> <input name="submit" type="Submit" value="Confirm Booking" /> </form> [/code] i haven't included the bit where it glues it together or puts it in the DB but if u would like to see it, say..

hey, ive managed to get working a while loop which displays a check box for each record in a table. the user can select a number of check boxes which then implode into a string for storage in a database implode... $glued = implode(',', $_REQUEST['interest']); if (isset($_REQUEST['interest'])) { echo implode(',', $_REQUEST['interest']); } ie if check box for serviceID 1 2 4 and 5 from the loop at the top were ticked then the string would read 1,2,4,5 so this adds in the database ok. when i take the value out of the database i can use explode to get the array back out on the screen $serv = "{$row['dbservices']}"; print_r (explode(",",$serv)); the above prints out this : (i had service 1 2 4 and 5 selected from the check boxex) output= Array ( [0] => 1 [1] => 2 [2] => 4 [3] => 5 ) what i want to do is find out what the values from the out put mean. ie for each value in the array look at the service table and check for the servicename where the serviceID is the same as each of the array items. is that somehting the php can do, how would i go about trying to do that ? thanks for any help

*bump* anyone ?