mrMarcus
-
Posts
1,903 -
Joined
-
Last visited
-
Days Won
3
Posts posted by mrMarcus
-
-
Actually, as long as the family ID provided isn't 0 or an empty string, it'll evaluate to "true". I'm taking advantage of the PHP type autocasting rules, in which an non-empty string (which isn't "0") evaluates to true.
php > var_dump (!"0"); bool(true) php > var_dump (!""); bool(true) php > var_dump (!"test"); bool(false)
I know what I'm doing, but thanks for being on the lookout.
Had a typo in my test code.
-
@cyber & marcus; I will have a look at thos captcha examples and will post later what I have done.
To clarify, these are alternatives to CAPTCHA.
-
if (!$family) { $errorMsg[] = "You Must Enter a Family ID."; }This will always return true, regardless of whether $family contains a value or not.
The ! operator is checking if !$family is NOT TRUE (Layman's terms: FALSE)... which it isn't. It's also not TRUE. It's not of boolean type. Use empty() when checking form posted values (isset is not necessary since every $_POST'ed form input is sent on form submission. Because of that, you need not check whether they are set; simply check their value's).
if (isset($_POST['submit'])) { $foo = $_POST['bar']; if (!$foo) { die('I will always return...'); } } ... <form action="" method="post"> <input type="text" name="bar" value="Go Leafs, Go."/> <input type="submit" name="submit"/> </form> -
I made some notes in another thread regarding an alternative to CAPTCHA: http://forums.phpfreaks.com/topic/235697-contact-form-with-math-captcha/?do=findComment&comment=1397557
If OP is interested.
-
Don't use trim(). Just do this:
$md5password = md5($_POST['resetpassword']);
EDIT: and remove the following:
$_POST = mysql_real_escape_array($_POST); $_POST = trim_array($_POST);
You should never trim() or escape a value that is a password.
Since mysql_real_escape_array() is not a built-in PHP function, I'm assuming you have created it to map 'mysql_real_escape_string' to the $_POST array, correct? Don't do that. If a user enters a single and/or double quote in their password (their right to do so), mysql_real_escape_string() will escape it and change the hash. Even though you can simply apply this same methodology to future login/registration/password reset applications, it serves no purpose and should be omitted.
-
My problem is I am having trouble narrowing down a search in a query. Here is my query below.
$query = mysql_query("SELECT * FROM users WHERE FamilyID='$Family' AND username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 0) {
}
else
$errormsg = "You Have Already Created A Family.";
Basically what I need is for the query to find the FamilyID and Username row using the variable $user which is the current user that is logged in. The if statement then asks if the FamilyID row is empty, then proceed, if not then echo out an errormsg.
The problem is that $numrows will obviously look at both the FamilyID and username row and will always echo out the errormsg instead of proceeding through the rest of the script. The username field is always going to be filled with data. What I need is a query that will select from the user that is currently logged in but also narrow it down by the FamilyID row. If that FamilyID row is empty, then I want the script to proceed. If not I want it to echo out an errormsg. Any Help would be much appreciated.
I'm also lost. Please talk variable/column names and not "row" and such as your usage is incorrect and hard to follow.
The if statement then asks if the FamilyID row is empty, then proceed, if not then echo out an errormsg.The "if" statement is not checking if FamilyID is empty. It is checking for the number of returned records from the query, if any.
Your issue would be better straightened out through conditions before executing the query.
When you initially login your users, you should then also check for that `FamilyID` value and store it within a $_SESSION variable, just as you (I'm assuming) do with the user ID/name/etc.
That way, you can run some conditions before firing the query to check if FamilyID contains a value for that user, and deal with that accordingly.
-
hmm ok. Is there another html option that is respected by all browsers? Or, a PHP option? The option you mentioned seemed to just echo a statement on the results page.?
I was just giving you an example. A best-case scenario, IMO, is a combo of javascript and PHP. The javascript/jQuery for instant notice that there are errors on the form, and the PHP (backend support) for those who have javascript disabled or have malicious intentions.
For the PHP, since we are in the PHP forum, can be something as simple as:
<?php if (isset($_POST['submit'])) { $errors = array(); if (empty($_POST['q1'])) { $errors['q1'] = 'Please enter a response to question 1.'; } if (empty($_POST['q2'])) { $errors['q2'] = 'Please enter a response to question 2.'; } if (empty($_POST['q3'])) { $errors['q3'] = 'Please enter a response to question 3.'; } if (empty($errors)) { $qone = $_POST['q1']; $qtwo = $_POST['q2']; $qthree = $_POST['q3']; if ($qone == "q1a"){ echo "Your answer to question 1 is: I am pro-life. This is a republican/conservative view.<br />"; } elseif ($qone == "q1b"){ echo "Your answer to question 1 is: I am pro-choice. This is a democrat/liberal view.<br />"; } if($qtwo == "q2a"){ echo "Your answer to question 2 is: I support gun rights. This is a republican/conservative view.<br />"; } elseif ($qtwo == "q2b"){ echo "Your answer to question 2 is: I believe citizens should be unarmed. This is a democrat/liberal view.<br />"; } if ($qthree == "q3a"){ echo "Your answer to question 3 is: I support free markets. This is a republican/conservative view.<br />"; } elseif ($qthree == "q3b"){ echo "Your answer to question 3 is: I support regulating to any extent necessary. This is a democrat/liberal view.<br />"; } } } if (!empty($errors)) { echo 'There are errors in your form. Please see below:<br/><br/>'; $i = 1; foreach ($errors as $error) { echo "{$i}. $error<br/>"; $i++; } } ?> <style type="text/css"> .error { color:red; display:block; } </style> <form name="questions" action="" method="post"> <h4>1. Are you pro-life (against abortion) or pro-choice (for abortion)?</h4> <?php echo (!empty($errors['q1']) ? '<div class="error">'. $errors['q1'] .'</div>' : ''); ?> <input type="radio" name="q1" value="q1a"<?php echo (($_POST['q1'] == 'q1a') ? ' selected="selected"' : ''); ?>/> : I am pro-life<br /> <input type="radio" name="q1" value="q1b"<?php echo (($_POST['q1'] == 'q1b') ? ' selected="selected"' : ''); ?>/> : I am pro-choice <h4>2. Do you believe that gun rights are necessary to preserve safety, freedom and to protect us from tyranny, or do you believe unarmed citizens are safer citizens?</h4> <?php echo (!empty($errors['q2']) ? '<div class="error">'. $errors['q2'] .'</div>' : ''); ?> <input type="radio" name="q2" value="q2a"<?php echo (($_POST['q2'] == 'q2a') ? ' selected="selected"' : ''); ?>/> : I support gun rights<br /> <input type="radio" name="q2" value="q2b"<?php echo (($_POST['q2'] == 'q2b') ? ' selected="selected"' : ''); ?>/> : I believe citizens should be unarmed <h4>3. Do you believe in free markets (limited regulation on business) or do you believe the government should regulate business' to any extent necessary?</h4> <?php echo (!empty($errors['q3']) ? '<div class="error">'. $errors['q3'] .'</div>' : ''); ?> <input type="radio" name="q3" value="q3a"<?php echo (($_POST['q3'] == 'q3a') ? ' selected="selected"' : ''); ?>/> : I support free markets<br /> <input type="radio" name="q3" value="q3b"<?php echo (($_POST['q3'] == 'q3b') ? ' selected="selected"' : ''); ?>/> : I support regulating to any extent necessary<br /> <br /> <input type="submit" value="Tell me if I'm a Republican or Democrat!" name="submit" /> </form>Offered two examples (can be used in conjunction with each other, or separately). You can fart around with the styling, positioning, etc. As well as adding any additional conditions within your form processing code.
EDIT: Replace selected="selected" with checked="checked"
<form name="questions" action="" method="post"> <h4>1. Are you pro-life (against abortion) or pro-choice (for abortion)?</h4> <?php echo (!empty($errors['q1']) ? '<div class="error">'. $errors['q1'] .'</div>' : ''); ?> <input type="radio" name="q1" value="q1a"<?php echo (($_POST['q1'] == 'q1a') ? ' checked="checked"' : ''); ?>/> : I am pro-life<br /> <input type="radio" name="q1" value="q1b"<?php echo (($_POST['q1'] == 'q1b') ? ' checked="checked"' : ''); ?>/> : I am pro-choice <h4>2. Do you believe that gun rights are necessary to preserve safety, freedom and to protect us from tyranny, or do you believe unarmed citizens are safer citizens?</h4> <?php echo (!empty($errors['q2']) ? '<div class="error">'. $errors['q2'] .'</div>' : ''); ?> <input type="radio" name="q2" value="q2a"<?php echo (($_POST['q2'] == 'q2a') ? ' checked="checked"' : ''); ?>/> : I support gun rights<br /> <input type="radio" name="q2" value="q2b"<?php echo (($_POST['q2'] == 'q2b') ? ' checked="checked"' : ''); ?>/> : I believe citizens should be unarmed <h4>3. Do you believe in free markets (limited regulation on business) or do you believe the government should regulate business' to any extent necessary?</h4> <?php echo (!empty($errors['q3']) ? '<div class="error">'. $errors['q3'] .'</div>' : ''); ?> <input type="radio" name="q3" value="q3a"<?php echo (($_POST['q3'] == 'q3a') ? ' checked="checked"' : ''); ?>/> : I support free markets<br /> <input type="radio" name="q3" value="q3b"<?php echo (($_POST['q3'] == 'q3b') ? ' checked="checked"' : ''); ?>/> : I support regulating to any extent necessary<br /> <br /> <input type="submit" value="Tell me if I'm a Republican or Democrat!" name="submit" /> </form>
-
Ahhhaaaa. Basic html
required="required"
The required attribute is not respected by all browsers, ie. IE <=9, for example. I believe it falls within HTML5 capable browsers, so don't rely on it.
-
Thanks mrMarcus,
But I'm not sure what you mean by "Why are you hashing 'resetpassword'?"
What I currently have...someone can register with a password, if they reset their password a random password is emailed to them which they can continue to use if they wish. If they want to change it to their own password they can.
I thought this piece of code allows someone to add their own password in the 'resetpassword' field which then inserts it into the database in a hashed MD5 format. Is that not the case? Im not sure where the identical password issue comes into it?
In the code you provided, you are not creating a random password. You are simply hashing the string 'resetpassword'.
$newpassword = md5('resetpassword');There is nothing random about that. Nor is that remotely close to how you would handle a form field.
If you are using a password from a form field (<input type="text" name="resetpassword"/>) you will need to update your code to accommodate that. You know how to collect field values from a form using $_POST, correct?
-
Why are you hashing 'resetpassword'? Now, anybody who wants to reset their password is going to be given an identical password to the next.
$newpassword = md5('resetpassword');The issue with your query is you are missing single-quotes around $newpassword.
$sql = "UPDATE users SET password = '". $newpassword ."'"; $result = mysql_query($sql) or die("An error occurred ".mysql_error()); -
from tbcotizacionencabezado join tbmaquinapredet // JOIN on what? inner join tbclientes on tbcotizacionencabezado.idcliente = tbclientes.id inner join tbpersonal on tbpersonal.id = tbcotizacionencabezado.idcreado
-
Are you guys seeing it in your browser? I'm using Chrome and I don't see it. I see it in the screencap obv.
No, not in the browser. Copied his array over to Notepad++ and was able to see it. I'm on Chrome also.
-
That's what I told him several posts ago...
Just noticed that. I didn't see it myself until I pasted his array to my editor.
-
There is a funny character prepended to player: http://s9.postimage....t9tb/Image1.jpg
-
-
It's a date type
OK - please post the query once you've managed to print it to the screen.
-
include_once "Scripts/connect_to_mysql.php";
Within your connect file you should have created a variable to store the connection identifier:
$myConnection = mysqli_connect('host', 'username', 'password');Where $myConnection is now your identifier:
$praise = mysqli_real_escape_string($myConnection, $praise);
To echo your query you must separate it from the mysqli_query() function:
$sql = "UPDATE prayer SET how = '$praise', answerdate = NOW() WHERE id = '$pid'"; if ($query = mysqli_query($myConnection, $sql)) { header("location: http://orchardmidland.com/NewOrchard/praise_wall.php"); exit(0); } else { trigger_error("Query Failed! SQL: $sql - Error: ". mysqli_error($myConnection), E_USER_ERROR); } -
<option>'s within a <select> do not recognize the name attribute; only a value attribute.
Change:
echo"<option name='type_id' value='" . $pType->id . "'>" . $pType->name . "</option>";
To:
echo"<option value='" . $pType->id . "'>" . $pType->name . "</option>";
As well as:
$cats->type_id = trim($_POST['type_id']);
To:
$cats->type_id = trim($_POST['propType']);
-
It *will* once you sort out the error with your query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'T', answerdate = NOW() WHERE id = '12'' at line1
Echo you query, like I said, and post here.
And it doesn't matter where you make the connection as long as it precedes any functions that rely on it, ie. mysqli_real_escape_string()
EDIT: what is the column type of `answerdate`? I'm thinking you have it set to varchar or something of the like which would be a problem.
-
I haven't been echoing it out. I just look over in php myadmin and see nothing was written. Same effect. Except that annoying logging me out after 1800 seconds :-)
You need to have error_reporting turned on because it'd be telling you that you're establishing a db connection after you've called mysqli_real_escape_string(). It relies on an open connection to your db to work. In your INSERT query you have done so correctly. In your UPDATE, not so much.
<?php $name = $_POST['name']; $praise = $_POST['praise']; $pid = $_POST['pid']; $praise = mysqli_real_escape_string($praise); include_once "Scripts/connect_to_mysql.php"; // ME! I'M THE PROBLEM!! MOVE ME UP TO THE TOP (BEFORE mysqli_real_escape_string()) $query = mysqli_query($myConnection, "UPDATE prayer SET how = '$praise', answerdate = NOW() WHERE id = '$pid'") or die (mysqli_error($myConnection)); echo 'Operation Completed Successfully! <br /><br />'; header("location: praise_wall.php"); exit(); -
Just give up, MrMarcus: You're only wasting your time. As Jessica said the OP either cannot learn, or he doesn't want to learn and is just trolling. I'm not quite sure what would be the best, but either way trying to "help" him is a utter and complete waste of time.
Can't help it.. I'm a teacher at heart. If he was trolling that would be nothing short of amazing, though. Such dedication to his craft.
-
If you simply echo out your query, do you see expected results?
$name = $_POST['name']; $praise = $_POST['praise']; $pid = $_POST['pid']; $praise = mysqli_real_escape_string($praise); include_once "Scripts/connect_to_mysql.php"; $query = "UPDATE prayer SET how = '$praise', answerdate = NOW() WHERE id = '$pid'"; echo $query; exit(0);
-
The plan is to use 'follow', 'follow1', 'follow2' etc... and when a user clicks the follow button their ID number enters into the next available follow row.
Its the only way I can think of doing it.
OK, but your query does nothing of the sort. Anytime somebody hits the 'follow' button, the `follow` column in the `users` table is updated per that ID. Every single row. You need to hadd clauses to that query, and/or (preferably OR) change up your table logic.
`users` table has the user_id
`follow` table has `id`, `user_id`, `follow_user_id`
You would then INSERT those values into the `follow` table so that a user can follow an unlimited number of other users. Keeping that data in the `users` table is not recommended, nor can I see how it would even work/scale.
Set a key on (`user_id`, `follow_user_id`)
<?php if (($_GET['do'] == 'follow') && !empty($_GET['id'])) { // check if user is logged in if (($_SESSION['auth']) && !empty($_SESSION['current_user_id'])) { // whatever your $_SESSION variable is for logged in users if ($_SESSION['current_user_id'] == $_GET['current_user_id']) { // other checks here to determine various ID's are numeric, etc. $sql = "INSERT INTO `follow` (`user_id`, `follow_user_id`) VALUES (". (int)$_SESSION['current_user_id'] .", ". (int)$_GET['id'] .")"; if (!mysql_query($sql)) { if (mysql_errno($link_identifier) == 1062) { //$link_identifier is necessary to avoid conflicting error notices due to multiple openning/closing SQL connections // duplicate attempt to follow // handle accordingly } } } } }Now you can join that table when checking for whether a certain user is following another user.
-
Well no...it's not actually called table. Not sure why that was the only thing I changed in there :-) That is the actual code except the table is called prayer.
You want the whole code? I figured that was the important part.
Oh. And thanks for being nice Jessica. I've seen some of your replies to others.
Hehe, you got them shaking in their boots, Jessica.
@diearcy - don't change variable names, table names, etc. Only thing you can omit/alter is connection credentials. Even still, without a link to your domain, db credentials are useless.
Once you have changed your code back to the original, I will also have a look at it.
Email admin after user registers
in PHP Coding Help
Posted
mail($email_for_admin, "new member", "{$firstname} {$lastname} has just registered.", "From: \"server.com\" <auto-reply@$host>\r\nX-Mailer: PHP/" . phpversion());