adamjones
-
Posts
172 -
Joined
-
Last visited
Posts posted by adamjones
-
-
"no" is a string, strings need to be surrounded by quotes in sql.
You also need to sanitise your input or you are leaving your code vulnerable to attack.
Ok, so I've changed it from being a 'yes/no' to '0/1'. I've sanitised the input and now it's not giving an error, but it's not updating the database? :-(
<?php *connection stuff* function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $id = clean($_GET['toggle']); if (empty($id)) { echo '<meta http-equiv="refresh" content="0; url=maintenance.php">'; } $sql = mysql_query("UPDATE maintenance SET check='$id'") OR die("Error:".mysql_error()); $result=mysql_query($sql); header('location:maintenance.php'); ?> -
I'm getting this error;
Error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'check=no' at line 1
For this code;
<?php $server = "server"; $username = "user"; $password = "pass"; $db_name = "db"; $connect = mysql_connect($server, $username, $password) or die(mysql_error()); mysql_select_db($db_name, $connect) or die(mysql_error()); $id = $_GET['toggle']; if (empty($id)) { echo '<meta http-equiv="refresh" content="0; url=maintenance.php">'; } $sql = mysql_query("UPDATE maintenance SET check=$id") OR die("Error:".mysql_error()); $result=mysql_query($sql); header('location:maintenance.php'); ?>Any ideas?
-
Doh! Thank you, working fine now! :-D
-
Hi,
I'm trying to make a menu which shows the user the active page;
<?php $url="http://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']; if ($url="http://www.myurl/dashboard.php") { echo "<li> <a href=\"dashboard.php\" class=\"active-title\"> <span class=\"nav-icon\"><i class=\"icon-dashboard icon-2x\"></i></span> <span class=\"sidebar-menu-item-text\">Dashboard</span></a> </li>"; } else { echo "<li> <a href=\"dashboard.php\"> <span class=\"nav-icon\"><i class=\"icon-dashboard icon-2x\"></i></span> <span class=\"sidebar-menu-item-text\">Dashboard</span></a> </li>"; } ?>But it will always display the active class regardless of the url, if that makes sense? Any ideas?
-
Thank you :-D
-
Hi, I'm getting this error;
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'read='0'' at line 1
With this code;
$msg = mysql_query("SELECT * FROM `messages` WHERE toid='$id' AND read='0'") or die(mysql_error()); $messages = mysql_num_rows($msg);It works fine if I remove "read='0'"... :-(
Any ideas?
-
Whoops, thank you!
-
Hi, I'm trying to display an iframe on my website, the source of which will depend on a link from the database. I'm using the GET method from the URL for the ID of the link, which is in the table;
<? include('core/dbconn.php'); $app = $_GET['id']; $result="SELECT * FROM applications WHERE id ='$app'"; while ($row = mysql_fetch_array($result)) { echo $row ["link"]; } ?>I'm getting the following error;
The requested URL /<br /><b>Warning</b>: mysql_fetch_array() expects parameter 1 to be resource, string given in <b>/home/suvoocge/public_html/application.php</b> on line <b>34</b><br /> was not found on this server. -
Fixed it, for some reason it was this;
$forumid = strip_slashes($_GET['id']);
Don't know why :S
-
Is all of the spelling and capitalization identical between the script and the table? What happens if you copy/paste the query string into phpMyAdmin?
Thankyou! In my table, beta was capitalised, however, now I'm just been given a blank page?
-
Hi,
No matter what I seem to change in my code, I sill get the same error!
"Table 'suvoocom_wl.beta' doesn't exist"
This is my 'core.php' file;
<?php session_start(); @include ('config.php'); @include ('connect.php'); // ######################################################################### // Check if Writing Lounge is under maintenance, and avoid, if possible $qry="SELECT * FROM fuse_rights WHERE username='".$_SESSION['username']."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { $checks = mysql_fetch_assoc($result); $am = $checks['avoid_maintenance']; } } if(isset($_SESSION['username']) && $am == 0) { $result = mysql_query("SELECT * FROM break") or die(mysql_error()); while($row = mysql_fetch_assoc($result)) { if($row['on'] == 1) { header('location:../maintenance'); exit(); } } } if(isset($_SESSION['username']) && $am == 1) { } else { $result = mysql_query("SELECT * FROM break") or die(mysql_error()); while($row = mysql_fetch_assoc($result)) { if($row['on'] == 1) { header('location:../maintenance'); exit(); } } } // ######################################################################### // Check if Writing Lounge has BETA activated if(!session_is_registered(betaaccess)){ $result = mysql_query("SELECT * FROM beta") or die(mysql_error()); while($row = mysql_fetch_assoc($result)) { if($row['on'] == 1) { header('location:../BETA'); exit(); } } } // ######################################################################### // Check if the user logged in is banned $result = mysql_query("SELECT username FROM bans WHERE username = '".$_SESSION['username']."'") or die(mysql_error()); if (mysql_num_rows($result) > 0) { header('location:../banned'); exit(); } // ######################################################################### // Define the variables Writing Lounge will use later on $remote_ip = $_SERVER[REMOTE_ADDR]; $H = date('H'); $i = date('i'); $s = date('s'); $m = date('m'); $d = date('d'); $Y = date('Y'); $j = date('j'); $n = date('n'); $today = $d; $month = $m; $year = $Y; $date_normal = date('d-m-Y',mktime($m,$d,$Y)); $date_reversed = date('Y-m-d', mktime($m,$d,$y)); $date_full = date('d-m-Y H:i:s',mktime($H,$i,$s,$m,$d,$Y)); $date_time = date('H:i:s',mktime($H,$i,$s)); $date_hc = "".$j."-".$n."-".$Y.""; $regdate = $date_normal; $forumid = strip_slashes($_GET['id']); ?>It's basically the backbone to my website.
This is my 'config.php' file;
<?php $sqlhostname = "localhost"; $sqlusername = "suvoocom_wl"; $sqlpassword = "*****"; $sqldb = "suvoocom_wl"; ?>
And this is my 'connect.php' file;
<?php mysql_connect("$sqlhostname", "$sqlusername", "$sqlpassword")or die("Unable to connect."); mysql_select_db("$sqldb")or die("Unable to select the database you provided. Either I do not have premission to connect to that database, or the database doesn't exist."); ?>Does anyone have any ideas? :S
Thanks!
-
Hi,
I have this script which runs my 'notifications.php' file every 5 seconds to display new notifications to the user.
<script type="text/javascript"> jQuery(document).ready(function($) { setInterval(function (){$('#date').load('notifications.php');}, 5000); })(jQuery); </script>Notifications.php;
<script type="text/javascript"> if (!window.console || !console.firebug) { var names = ["log", "debug", "info", "warn", "error", "assert", "dir", "dirxml", "group", "groupEnd", "time", "timeEnd", "count", "trace", "profile", "profileEnd"]; window.console = {}; for (var i = 0; i < names.length; ++i) window.console[names[i]] = function() {}; } (function($){ $(document).ready(function(){ // This value can be true, false or a function to be used as a callback when the closer is clciked $.jGrowl.defaults.closer = function() { console.log("Closing everything!", this); }; // A callback for logging notifications. $.jGrowl.defaults.log = function(e,m,o) { $('#logs').append("<div><strong>#" + $(e).attr('id') + "</strong> <em>" + (new Date()).getTime() + "</em>: " + m + " (" + o.theme + ")</div>") } <?php require_once('config.php'); $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } $sql="SELECT * FROM alerts WHERE username='".$_SESSION['username']."'"; $result=mysql_query($sql); while ($rows = mysql_fetch_assoc($result)){ echo "".$rows['alert'].""; } $sql2="DELETE FROM alerts WHERE username='".$_SESSION['username']."'"; $result2 = @mysql_query($sql2); ?> }); })(jQuery); </script>However, It just loads a blank page...
Thank's.
-
Forgot my semi-colons, all working now
-
Variable names can't start with a number, they must start with a letter or an underscore.
Thank you, I changed it to a,b,c and it's working, except for this error;
"Parse error: syntax error, unexpected T_VARIABLE in /home/habhubc/public_html/intra/msend_alert_conf.php on line 109"
Line 109 = $b....
$a = '$.jGrowl(\"\"' $b = ', { header: \'' $c = '\' });' -
Hi, I think the problem here is the $, and I have tried changing it to \$ - Which had no effect.. :/ Any ideas?
<?php $1 = "$.jGrowl(\"\"" $2 = ", { header: '" $3 = "' });" ?>Thanks.
-
Try echoing mysql_error to see if there's any problem with this query
[edit]
At very least you're missing a ' before $date.
Are you storing date as string?
You forgot the quote, bro.
Change
$sql="INSERT INTO badges (username, badge, date) SELECT username, '$badge', $today' FROM users";
Into
$sql="INSERT INTO badges (username, badge, date) SELECT username, '$badge', '$today' FROM users";
What this query does is, it inserts the username from the users table along with a badgename and a date into the badges table.
THANK YOU! It's working
-
Try echoing mysql_error to see if there's any problem with this query
[edit]
At very least you're missing a ' before $date.
Are you storing date as string?
No, date = $today = date("d.m.y");
-
MySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '.10' FROM users' at line 1Try echoing mysql_error to see if there's any problem with this query
[edit]
At very least you're missing a ' before $date.
Are you storing date as string?
-
How did you manage to change INSERT INTO ... SELECT to SELECT ... INERT INTO... ??
Sorry? :S
I mean, how did you manage to change example given to you by CodeMaster into this?
$sql="SELECT username as user FROM users INSERT INTO badges(username, badge, date) VALUES ('user', '$badge', '$today'";Anyway, this should do it:
INSERT INTO badges (username, badge, date) SELECT username, 'YourBadge', CURDATE() FROM users
Oh, because when I ran it, It wasn't working :s
And I'm just getting a blank page now.
<?php //connect blah blah $today = date("d.m.y"); $badge = clean($_POST['badge']); $sql="INSERT INTO badges (username, badge, date) SELECT username, '$badge', $today' FROM users"; $result=mysql_query($sql); if($result){ header("location: ./give_badge"); } ?> -
Are you doing this action just one single time? If so, you might just want to execute the query directly in mysql.
Well, it's a page in my CMS, which gives all users on my forum a badge, and other users have access to the CMS, and I wouldn't really want them to have access to my MySQL to do this.
How did you manage to change INSERT INTO ... SELECT to SELECT ... INERT INTO... ??
Sorry? :S
Well.. I believe what you want to do is:
Get all the usernames from the users table via a query.
Do a while for that query, and inside the while.. would be inserting that username into the badges table with the nessecary badge etc.
Example
<?php if(isset($_POST['submit'])) { $query = mysql_query("select username from users"); while($row = mysql_fetch_assoc($query)) { $today = date("d.m.y"); $query = mysql_query("INSERT INTO `badges` (username, badge, date) VALUES ('".$row['username']."', 'THE BADGE', '$today')"); } } echo 'Give badges to all users'; echo '<form action="" method="post"><input type="submit" value="submit" name="submit" /></form>';This should work, but you can do it like what CodeMaster said.
I receive the following error;
"Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /home/habhubc/public_html/intra/mgive_badge_conf.php on line 90"
Line 90 = "while($row = mysql_fetch_assoc($query)) {"
-
Something like this?
INSERT INTO badges SELECT username, "HERE_YOUR_BADGENAME_VALUE" as badgename, NOW() as date FROM users
Hi, thanks. This is my code, but it's not working.
<?php require_once('config.php'); $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $badge = clean($_POST['badge']); $today = date("d.m.y"); $sql="SELECT username as user FROM users INSERT INTO badges(username, badge, date) VALUES ('user', '$badge', '$today'"; $result=mysql_query($sql); if($result){ header("location: ./give_badge"); } ?>I want it to insert each user from my users table into the badges table along with the $badge
-
Hi. I have a users table, which is basically;
id|username|password|etc...
and a badges table, which has;
username|badgename|date
I have a script where you can give a badge to a single user, but if i want to give a badge to every user, it would be very laborious. Is it possible to save all the usernames from my users table temporarly in a script and then insert them into my badges table along with a badge name?.. if you understand me? :S
Thank you!
-
I didn't read through your code, but the solution is simple.
UPDATE table SET coins = coins + $amount WHERE username='$username'
Thank you! Never expected it to be that simple
-
Hi. I have a simple form with a username and amount field (This is to award a user coins). The info is then posted to this script, but I'm not sure how I would add the number from the form onto the amount of coins they already have (ie. They are awarded 50 coins, and already have 100 in the database, this should then be changed to 150)
This is my code so far;
<?php session_start(); if(!session_is_registered(hh374747838807479736408649630860846496782)) { header("location:./"); exit; } if(!session_is_registered(username)) { header("location:./"); exit; } require_once('config.php'); $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } $qry="SELECT * FROM fuse_rights WHERE username='".$_SESSION['username']."'"; $result=mysql_query($qry); if($result) { if(mysql_num_rows($result) == 1) { $checks = mysql_fetch_assoc($result); $hk = $checks['housekeeping']; $comp = $checks['competitions']; $news = $checks['news']; $events = $checks['events']; $twitter = $checks['twitter']; $forum = $checks['forum_admin']; $pages = $checks['pages']; $users = $checks['users']; $settings = $checks['settings']; $bans = $checks['bans']; } } if(isset($_SESSION['username']) && $hk == 0) { $errflag = true; $errmsg_arr[] = 'You do not have access to the Intra.'; if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: ./error"); exit; } } if(isset($_SESSION['username']) && $users == 0) { header("location: ./dash"); exit; } $username = clean($_POST['username']); $amount = clean($_POST['amount']); if($username == '') { $errmsg_arr[] = '<div id="message-error" class="message message-error"> <div class="image"> <img src="resources/images/icons/error.png" alt="Error" height="32" /> </div> <div class="text"> <h6>Error</h6> <span>Please choose a user.</span> </div> <div class="dismiss"> <a href="#message-error"></a> </div> </div>'; $errflag = true; } if($amount == '') { $errmsg_arr[] = '<div id="message-error" class="message message-error"> <div class="image"> <img src="resources/images/icons/error.png" alt="Error" height="32" /> </div> <div class="text"> <h6>Error</h6> <span>Please enter an amount.</span> </div> <div class="dismiss"> <a href="#message-error"></a> </div> </div>'; $errflag = true; } if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; header("location: ./give_coins"); exit(); } $sql="SELECT * FROM coins WHERE (username='$username')"; $result=mysql_query($sql); $rows=mysql_fetch_array($result); $currentamount = $rows['coins']; // How to add the // $currentamount onto //the current user's coins? :S $sql="UPDATE coins SET coins='' WHERE (username='$username')"; $result=mysql_query($sql); if($result){ $errflag = true; $errmsg_arr[] = '<div id="message-success" class="message message-success"> <div class="image"> <img src="resources/images/icons/success.png" alt="Success" height="32" /> </div> <div class="text"> <h6>Success</h6> <span>Added Coins.</span> </div> <div class="dismiss"> <a href="#message-success"></a> </div> </div>'; if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: ./edit_user?username=".$username."#box-coins"); } } ?>Any ideas?
Thank you!
HTML won't insert and not giving an error
in PHP Coding Help
Posted
Hi,
I have a text area field on one of my forms in order for people to post articles, however, it doesn't work when I try and post HTML through it. It works if I post normal text. Also, PHP won't give me an error, it just doesn't insert it?
<?php if ($_POST['add']) { $title = addslashes($_POST['title']); $image = htmlspecialchars($_POST['image']); $source = mysql_real_escape_string($_POST['source']); $active = $_POST['active']; $feature = $_POST['feature']; $cat_id = $_POST['cat_id']; $content = htmlspecialchars($_POST['content']); $months = array( "", "January", "February", "March", "April", "May", "June", "July", "August", "September", "October", "November", "December" ); $date = date('d', time()) . ' ' . $months[date('n', time())] . ' ' . date('Y', time()); if ($title == NULL || $image == NULL || $content == NULL) { echo '<br /><br /><center>Please, fill all inputs</center><br /><br />'; } else { $add = "INSERT INTO `news` cat_id='$cat_id', title='$title', image='$image', content='$content', date='$date', author='".$user['admin']."', authorid='".$user['id']."', source='$source', active='$active', twitter='".$user['twitter']."', featured='$feature'" or die(mysql_error()); $sql = mysql_query($add); $addgrowl = "INSERT INTO `growl` (toid, message) VALUES ('$id', 'Your article is now online!')"; $sql = mysql_query($addgrowl); echo '<script type="text/javascript"> window.location = "articles.php" </script> '; } } ?>Help :-(