tuberide

Actually I have four questions but first just a bit of background... I'm using Dreamweaver and I am a novice with php, although I've read a few thick books on php, so I can handle tweaks to what Dreamweaver lays out fairly competently(I hope!). I have created an online utility for use in my online baseball league that will allow league members to place bids on free agents baseball players(you will see a screenshot below). It works perfectly as far as updating the database with the latest bid and a time stamp. However, I would like to add the following: 1. A feature which will not allow another bid if 24 hours has passed 2. A feature that automatically enters the logged in user in the 'team' field behind the scenes so I can remove the 'team' field from the form. 3. A feature that limits the number of times a logged in user can bid on a specific player(all have player id's as primary keys). 4. Finally, I want this utility to disallow any bid that is not greater than or equal to 1.1 * current bid in the database. This is the part where I want to compare with what's in the database fields before it gets updated. My website is http://asahi2.montoyahome.com Here is screenshot of what I have so far: Here is the code I have so far. Any advice would be greatly appreciated. <?php require_once('../Connections/fautil.php'); ?> <?php function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue; switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } $curBid = $Recordset1['years'] * $Recordset1['amount']; if ( $curBid <= ($_POST['years'] * $_POST['amount']) AND (isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) { $updateSQL = sprintf("UPDATE players SET team=%s, amount=%s, years=%s WHERE player_id=%s", GetSQLValueString($_POST['team'], "text"), GetSQLValueString($_POST['amount'], "int"), GetSQLValueString($_POST['years'], "int"), GetSQLValueString($_POST['player_id'], "int")); mysql_select_db($database_fautil, $fautil); $Result1 = mysql_query($updateSQL, $fautil) or die(mysql_error()); } $maxRows_Recordset1 = 20; $pageNum_Recordset1 = 0; if (isset($_GET['pageNum_Recordset1'])) { $pageNum_Recordset1 = $_GET['pageNum_Recordset1']; } $startRow_Recordset1 = $pageNum_Recordset1 * $maxRows_Recordset1; mysql_select_db($database_fautil, $fautil); $query_Recordset1 = "SELECT players.player_id, players.first_name, players.last_name, players.free_agent, players.team, players.amount, players.years, players.`time` FROM players WHERE players.free_agent = 1 ORDER BY players.last_name"; $query_limit_Recordset1 = sprintf("%s LIMIT %d, %d", $query_Recordset1, $startRow_Recordset1, $maxRows_Recordset1); $Recordset1 = mysql_query($query_limit_Recordset1, $fautil) or die(mysql_error()); $row_Recordset1 = mysql_fetch_assoc($Recordset1); if (isset($_GET['totalRows_Recordset1'])) { $totalRows_Recordset1 = $_GET['totalRows_Recordset1']; } else { $all_Recordset1 = mysql_query($query_Recordset1); $totalRows_Recordset1 = mysql_num_rows($all_Recordset1); } $totalPages_Recordset1 = ceil($totalRows_Recordset1/$maxRows_Recordset1)-1; ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Free Agent Utility</title> <style> html {font-family:tahoma,verdana,arial,sans serif; font-size:62.5%;} body {font-size:1.2em;} table { font-size:1em; } table tr th{ background-color:#ddb; padding:0.2em 0.6em 0.2em 0.6em; } table tr td{ background-color:#eec; margin:0.3em; padding:0.3em; } </style> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body> <table width="200" border="1"> <tr> <th scope="col">Place Bid </th> <th scope="col">Last Name </th> <th scope="col">First Name </th> <th scope="col">Bidder</th> <th scope="col">Amount</th> <th scope="col">Years</th> <th scope="col">Time</th> </tr> <?php do { ?> <tr> <td> <form method="post" name="form1" action="<?php echo $editFormAction; ?>"> <table align="center"> <tr valign="baseline"> <td nowrap align="right">Team:</td> <td><input type="text" name="team" value="" size="32"></td> </tr> <tr valign="baseline"> <td nowrap align="right">Amount:</td> <td><input type="text" name="amount" value="" size="32"></td> </tr> <tr valign="baseline"> <td nowrap align="right">Years:</td> <td><input type="text" name="years" value="" size="32"></td> </tr> <tr valign="baseline"> <td nowrap align="right"> </td> <td><input type="submit" value="Update record"></td> </tr> </table> <input type="hidden" name="MM_update" value="form1"> <input type="hidden" name="player_id" value="<?php echo $row_Recordset1['player_id']; ?>"> </form> <p> </p> <p> </p></td> <td><?php echo $row_Recordset1['last_name']; ?></td> <td><?php echo $row_Recordset1['first_name']; ?></td> <td><?php echo $row_Recordset1['team']; ?></td> <td><?php echo $row_Recordset1['amount']; ?></td> <td><?php echo $row_Recordset1['years']; ?></td> <td><?php echo $row_Recordset1['time']; ?></td> </tr> <?php } while ($row_Recordset1 = mysql_fetch_assoc($Recordset1)); ?> </table> </body> </html> <?php mysql_free_result($Recordset1); ?>