Jump to content

mrMarcus

Members
  • Posts

    1,903
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by mrMarcus

  1. mail($email_for_admin, "new member", "{$firstname} {$lastname} has just registered.", "From: \"server.com\" <auto-reply@$host>\r\nX-Mailer: PHP/" . phpversion());
  2. Had a typo in my test code.
  3. To clarify, these are alternatives to CAPTCHA.
  4. This will always return true, regardless of whether $family contains a value or not. The ! operator is checking if !$family is NOT TRUE (Layman's terms: FALSE)... which it isn't. It's also not TRUE. It's not of boolean type. Use empty() when checking form posted values (isset is not necessary since every $_POST'ed form input is sent on form submission. Because of that, you need not check whether they are set; simply check their value's). if (isset($_POST['submit'])) { $foo = $_POST['bar']; if (!$foo) { die('I will always return...'); } } ... <form action="" method="post"> <input type="text" name="bar" value="Go Leafs, Go."/> <input type="submit" name="submit"/> </form>
  5. I made some notes in another thread regarding an alternative to CAPTCHA: http://forums.phpfreaks.com/topic/235697-contact-form-with-math-captcha/?do=findComment&comment=1397557 If OP is interested.
  6. Don't use trim(). Just do this: $md5password = md5($_POST['resetpassword']); EDIT: and remove the following: $_POST = mysql_real_escape_array($_POST); $_POST = trim_array($_POST); You should never trim() or escape a value that is a password. Since mysql_real_escape_array() is not a built-in PHP function, I'm assuming you have created it to map 'mysql_real_escape_string' to the $_POST array, correct? Don't do that. If a user enters a single and/or double quote in their password (their right to do so), mysql_real_escape_string() will escape it and change the hash. Even though you can simply apply this same methodology to future login/registration/password reset applications, it serves no purpose and should be omitted.
  7. I'm also lost. Please talk variable/column names and not "row" and such as your usage is incorrect and hard to follow. The "if" statement is not checking if FamilyID is empty. It is checking for the number of returned records from the query, if any. Your issue would be better straightened out through conditions before executing the query. When you initially login your users, you should then also check for that `FamilyID` value and store it within a $_SESSION variable, just as you (I'm assuming) do with the user ID/name/etc. That way, you can run some conditions before firing the query to check if FamilyID contains a value for that user, and deal with that accordingly.
  8. I was just giving you an example. A best-case scenario, IMO, is a combo of javascript and PHP. The javascript/jQuery for instant notice that there are errors on the form, and the PHP (backend support) for those who have javascript disabled or have malicious intentions. For the PHP, since we are in the PHP forum, can be something as simple as: <?php if (isset($_POST['submit'])) { $errors = array(); if (empty($_POST['q1'])) { $errors['q1'] = 'Please enter a response to question 1.'; } if (empty($_POST['q2'])) { $errors['q2'] = 'Please enter a response to question 2.'; } if (empty($_POST['q3'])) { $errors['q3'] = 'Please enter a response to question 3.'; } if (empty($errors)) { $qone = $_POST['q1']; $qtwo = $_POST['q2']; $qthree = $_POST['q3']; if ($qone == "q1a"){ echo "Your answer to question 1 is: I am pro-life. This is a republican/conservative view.<br />"; } elseif ($qone == "q1b"){ echo "Your answer to question 1 is: I am pro-choice. This is a democrat/liberal view.<br />"; } if($qtwo == "q2a"){ echo "Your answer to question 2 is: I support gun rights. This is a republican/conservative view.<br />"; } elseif ($qtwo == "q2b"){ echo "Your answer to question 2 is: I believe citizens should be unarmed. This is a democrat/liberal view.<br />"; } if ($qthree == "q3a"){ echo "Your answer to question 3 is: I support free markets. This is a republican/conservative view.<br />"; } elseif ($qthree == "q3b"){ echo "Your answer to question 3 is: I support regulating to any extent necessary. This is a democrat/liberal view.<br />"; } } } if (!empty($errors)) { echo 'There are errors in your form. Please see below:<br/><br/>'; $i = 1; foreach ($errors as $error) { echo "{$i}. $error<br/>"; $i++; } } ?> <style type="text/css"> .error { color:red; display:block; } </style> <form name="questions" action="" method="post"> <h4>1. Are you pro-life (against abortion) or pro-choice (for abortion)?</h4> <?php echo (!empty($errors['q1']) ? '<div class="error">'. $errors['q1'] .'</div>' : ''); ?> <input type="radio" name="q1" value="q1a"<?php echo (($_POST['q1'] == 'q1a') ? ' selected="selected"' : ''); ?>/> : I am pro-life<br /> <input type="radio" name="q1" value="q1b"<?php echo (($_POST['q1'] == 'q1b') ? ' selected="selected"' : ''); ?>/> : I am pro-choice <h4>2. Do you believe that gun rights are necessary to preserve safety, freedom and to protect us from tyranny, or do you believe unarmed citizens are safer citizens?</h4> <?php echo (!empty($errors['q2']) ? '<div class="error">'. $errors['q2'] .'</div>' : ''); ?> <input type="radio" name="q2" value="q2a"<?php echo (($_POST['q2'] == 'q2a') ? ' selected="selected"' : ''); ?>/> : I support gun rights<br /> <input type="radio" name="q2" value="q2b"<?php echo (($_POST['q2'] == 'q2b') ? ' selected="selected"' : ''); ?>/> : I believe citizens should be unarmed <h4>3. Do you believe in free markets (limited regulation on business) or do you believe the government should regulate business' to any extent necessary?</h4> <?php echo (!empty($errors['q3']) ? '<div class="error">'. $errors['q3'] .'</div>' : ''); ?> <input type="radio" name="q3" value="q3a"<?php echo (($_POST['q3'] == 'q3a') ? ' selected="selected"' : ''); ?>/> : I support free markets<br /> <input type="radio" name="q3" value="q3b"<?php echo (($_POST['q3'] == 'q3b') ? ' selected="selected"' : ''); ?>/> : I support regulating to any extent necessary<br /> <br /> <input type="submit" value="Tell me if I'm a Republican or Democrat!" name="submit" /> </form> Offered two examples (can be used in conjunction with each other, or separately). You can fart around with the styling, positioning, etc. As well as adding any additional conditions within your form processing code. EDIT: Replace selected="selected" with checked="checked" <form name="questions" action="" method="post"> <h4>1. Are you pro-life (against abortion) or pro-choice (for abortion)?</h4> <?php echo (!empty($errors['q1']) ? '<div class="error">'. $errors['q1'] .'</div>' : ''); ?> <input type="radio" name="q1" value="q1a"<?php echo (($_POST['q1'] == 'q1a') ? ' checked="checked"' : ''); ?>/> : I am pro-life<br /> <input type="radio" name="q1" value="q1b"<?php echo (($_POST['q1'] == 'q1b') ? ' checked="checked"' : ''); ?>/> : I am pro-choice <h4>2. Do you believe that gun rights are necessary to preserve safety, freedom and to protect us from tyranny, or do you believe unarmed citizens are safer citizens?</h4> <?php echo (!empty($errors['q2']) ? '<div class="error">'. $errors['q2'] .'</div>' : ''); ?> <input type="radio" name="q2" value="q2a"<?php echo (($_POST['q2'] == 'q2a') ? ' checked="checked"' : ''); ?>/> : I support gun rights<br /> <input type="radio" name="q2" value="q2b"<?php echo (($_POST['q2'] == 'q2b') ? ' checked="checked"' : ''); ?>/> : I believe citizens should be unarmed <h4>3. Do you believe in free markets (limited regulation on business) or do you believe the government should regulate business' to any extent necessary?</h4> <?php echo (!empty($errors['q3']) ? '<div class="error">'. $errors['q3'] .'</div>' : ''); ?> <input type="radio" name="q3" value="q3a"<?php echo (($_POST['q3'] == 'q3a') ? ' checked="checked"' : ''); ?>/> : I support free markets<br /> <input type="radio" name="q3" value="q3b"<?php echo (($_POST['q3'] == 'q3b') ? ' checked="checked"' : ''); ?>/> : I support regulating to any extent necessary<br /> <br /> <input type="submit" value="Tell me if I'm a Republican or Democrat!" name="submit" /> </form>
  9. The required attribute is not respected by all browsers, ie. IE <=9, for example. I believe it falls within HTML5 capable browsers, so don't rely on it.
  10. In the code you provided, you are not creating a random password. You are simply hashing the string 'resetpassword'. $newpassword = md5('resetpassword'); There is nothing random about that. Nor is that remotely close to how you would handle a form field. If you are using a password from a form field (<input type="text" name="resetpassword"/>) you will need to update your code to accommodate that. You know how to collect field values from a form using $_POST, correct?
  11. Why are you hashing 'resetpassword'? Now, anybody who wants to reset their password is going to be given an identical password to the next. $newpassword = md5('resetpassword'); The issue with your query is you are missing single-quotes around $newpassword. $sql = "UPDATE users SET password = '". $newpassword ."'"; $result = mysql_query($sql) or die("An error occurred ".mysql_error());
  12. from tbcotizacionencabezado join tbmaquinapredet // JOIN on what? inner join tbclientes on tbcotizacionencabezado.idcliente = tbclientes.id inner join tbpersonal on tbpersonal.id = tbcotizacionencabezado.idcreado
  13. No, not in the browser. Copied his array over to Notepad++ and was able to see it. I'm on Chrome also.
  14. Just noticed that. I didn't see it myself until I pasted his array to my editor.
  15. There is a funny character prepended to player: http://s9.postimage....t9tb/Image1.jpg
  16. OK - please post the query once you've managed to print it to the screen.
  17. include_once "Scripts/connect_to_mysql.php"; Within your connect file you should have created a variable to store the connection identifier: $myConnection = mysqli_connect('host', 'username', 'password'); Where $myConnection is now your identifier: $praise = mysqli_real_escape_string($myConnection, $praise); To echo your query you must separate it from the mysqli_query() function: $sql = "UPDATE prayer SET how = '$praise', answerdate = NOW() WHERE id = '$pid'"; if ($query = mysqli_query($myConnection, $sql)) { header("location: http://orchardmidland.com/NewOrchard/praise_wall.php"); exit(0); } else { trigger_error("Query Failed! SQL: $sql - Error: ". mysqli_error($myConnection), E_USER_ERROR); }
  18. <option>'s within a <select> do not recognize the name attribute; only a value attribute. Change: echo"<option name='type_id' value='" . $pType->id . "'>" . $pType->name . "</option>"; To: echo"<option value='" . $pType->id . "'>" . $pType->name . "</option>"; As well as: $cats->type_id = trim($_POST['type_id']); To: $cats->type_id = trim($_POST['propType']);
  19. It *will* once you sort out the error with your query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'T', answerdate = NOW() WHERE id = '12'' at line1 Echo you query, like I said, and post here. And it doesn't matter where you make the connection as long as it precedes any functions that rely on it, ie. mysqli_real_escape_string() EDIT: what is the column type of `answerdate`? I'm thinking you have it set to varchar or something of the like which would be a problem.
  20. You need to have error_reporting turned on because it'd be telling you that you're establishing a db connection after you've called mysqli_real_escape_string(). It relies on an open connection to your db to work. In your INSERT query you have done so correctly. In your UPDATE, not so much. <?php $name = $_POST['name']; $praise = $_POST['praise']; $pid = $_POST['pid']; $praise = mysqli_real_escape_string($praise); include_once "Scripts/connect_to_mysql.php"; // ME! I'M THE PROBLEM!! MOVE ME UP TO THE TOP (BEFORE mysqli_real_escape_string()) $query = mysqli_query($myConnection, "UPDATE prayer SET how = '$praise', answerdate = NOW() WHERE id = '$pid'") or die (mysqli_error($myConnection)); echo 'Operation Completed Successfully! <br /><br />'; header("location: praise_wall.php"); exit();
  21. Can't help it.. I'm a teacher at heart. If he was trolling that would be nothing short of amazing, though. Such dedication to his craft.
  22. If you simply echo out your query, do you see expected results? $name = $_POST['name']; $praise = $_POST['praise']; $pid = $_POST['pid']; $praise = mysqli_real_escape_string($praise); include_once "Scripts/connect_to_mysql.php"; $query = "UPDATE prayer SET how = '$praise', answerdate = NOW() WHERE id = '$pid'"; echo $query; exit(0);
  23. OK, but your query does nothing of the sort. Anytime somebody hits the 'follow' button, the `follow` column in the `users` table is updated per that ID. Every single row. You need to hadd clauses to that query, and/or (preferably OR) change up your table logic. `users` table has the user_id `follow` table has `id`, `user_id`, `follow_user_id` You would then INSERT those values into the `follow` table so that a user can follow an unlimited number of other users. Keeping that data in the `users` table is not recommended, nor can I see how it would even work/scale. Set a key on (`user_id`, `follow_user_id`) <?php if (($_GET['do'] == 'follow') && !empty($_GET['id'])) { // check if user is logged in if (($_SESSION['auth']) && !empty($_SESSION['current_user_id'])) { // whatever your $_SESSION variable is for logged in users if ($_SESSION['current_user_id'] == $_GET['current_user_id']) { // other checks here to determine various ID's are numeric, etc. $sql = "INSERT INTO `follow` (`user_id`, `follow_user_id`) VALUES (". (int)$_SESSION['current_user_id'] .", ". (int)$_GET['id'] .")"; if (!mysql_query($sql)) { if (mysql_errno($link_identifier) == 1062) { //$link_identifier is necessary to avoid conflicting error notices due to multiple openning/closing SQL connections // duplicate attempt to follow // handle accordingly } } } } } Now you can join that table when checking for whether a certain user is following another user.
  24. Hehe, you got them shaking in their boots, Jessica. @diearcy - don't change variable names, table names, etc. Only thing you can omit/alter is connection credentials. Even still, without a link to your domain, db credentials are useless. Once you have changed your code back to the original, I will also have a look at it.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.