mike12255

ok didnt know about the escape_string and numbers. Well, neither of those worked srry

please start typing : ['code] ['/code] around your code but dont include the ' i just inserted that to show the tags it'll make it easier for us to read.

still unknown column 38 in where clause

Im trying to query my database using the following code: <?php include ("connect.php"); $id = $_GET['id']; $id = mysql_real_escape_string($id); //$sql = "SELECT * FROM tbl_product WHERE pd_id = $'id'"; $sql = "SELECT * FROM `tbl_product` WHERE `pd_id` = '$id'"; $result = mysql_query ($sql) or die (mysql_error()); $row = mysql_fetch_row($result); extract($row); echo "<tr>"; echo "<td align = \"center\">"; echo "<a href = \"item.php?id=$pd_id\"><img src=\"$pd_path\" border=\"0\"><br>$pd_name</a>"; echo "</td>"; echo "</tr>"; for some reason i get the error in the title though but when i manually enter the sql using 38 instead of id it works so im confused all i did was copy $sql delete the begining and change id to 38 and used it in php my admin with ease.

So im trying to upload an image (exaple - schoolworkanswers.com/kaon/imges/DOGGY.jpg) but it says the file is forbidden and i think this is whats stopping me from being able to display it. All the pictures in that folder that were not uploaded using my script are not forbidden and have no problems, any suggestions??: <?php include ("connect.php"); ini_set ("display_errors", "1"); error_reporting(E_ALL); //this returns the name of the image $name = $_FILES['uploadfile']['name']; //get the extension of the image $ext = substr($name,-3); //We will add some secruity here, make sure the extension is an image file extension if($ext == "gif" || $ext == "jpg" || $ext == "png" || $ext == "peg"){ //The part the user selected to insert the image into $area = $_POST['catagory']; //get the descirption $desc = $_POST['desc']; //more security, make sure 'catagory' is actually a choice offered and not a mysql query (or something else entered) if (!in_array($area, array("Sofas","Beds and Bunks","Dressers and Cabinets","Side Tables and Desks"))) { header ("Location: index.php"); } //set vars in here $wantedname = $_POST['name']; // This is the temporary file created by PHP $uploadedfile = $_FILES['uploadfile']['tmp_name']; //below changes the files name if ($name != $wantedname){ $name = $wantedname; } list($width,$height)=getimagesize($uploadedfile); $newwidth = 100; $newheight = 100; //copy the file to were we want it now //die($name); //rename("$uploadedfile", "images/". $name .".". $ext); $copied = copy($_FILES['image']['$uploadedfile'], $name .".". $ext); if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; } $path = "images/" . $area . "/". $name .".". $ext; //lets put it into the database $uname = $name . "." . $ext; $sql = "INSERT INTO tbl_product (pd_name,pd_path,pd_desc,cat_name) VALUES ('$uname','$path','$desc','$area')"; mysql_query($sql) or die (mysql_error()); }else{ header ("Location: index.php"); } ?>

not 100% sure but i thought that < input type="button" name="submit" id= "submit" value="Add To Cart >" onClick="window.location.href='<?php echo $cart_url; ?>';" class="addToCartButton"> was some how activating the function - since the function kind of works just not the return

So i got two files one productdetial.php and another cart-functions.php. Product detail is going to a function (addtocart()) and i've tried to set it so if their is less then what the user has, then return $error saying that. the function kind of works, it dosnt add anymore to the cart after the user has more then whats in stock. But apparently error is not being returned because it keeps saying undifiened variable $error. Ill bold the part in cart-function.php that i added. And if anyone can figure out how to get this returning the error messaging working - ill be forever happy productdetail.php: <?php require_once 'library/cart-functions.php'; if (!defined('WEB_ROOT')) { exit; }?> <style type="text/css"> <!-- .boldsmall { font-weight: bold; font-size: xx-small; } .name{ padding: 8px 0px 6px 10px; background:url(../images/content_top.png) no-repeat; } --> </style> <?php $product = getProductDetail($pdId, $catId); // we have $pd_name, $pd_price, $pd_description, $pd_image, $cart_url extract($product); ?> <table width="100%" border="0" cellspacing="0" cellpadding="10"> <?php if(isset($_POST['submit'])){ if ($error){ echo '<tr>'; echo '<td><span class="style11">$error</span></td>'; echo '</tr>'; } }?> <td style="padding: 8px 0px 6px 10px;"><?php echo $pd_name; ?><br></td> <tr> <td align="center"><img src="<?php echo $pd_image; ?>" border="0" alt="<?php echo $pd_name; ?>"></td> <td valign="middle"> Price : <?php echo displayAmount($pd_price); ?><br> <?php // if we still have this product in stock // show the 'Add to cart' button if ($pd_qty > 0) { ?> <input type="button" name="submit" id= "submit" value="Add To Cart >" onClick="window.location.href='<?php echo $cart_url; ?>';" class="addToCartButton"> <?php //die($cart_url); } else { echo 'Out Of Stock'; } ?> </td> </tr> <tr align="left"> <td colspan="2"><?php $amount = getqty(); $tempn = $pd_name . "(s)"; echo "<span style='color: #000; font-weight: bold; font-size: 12;'> You currently have $amount of $tempn in your cart, <a href=cart.php> view cart</a></span>"; ?></td> </tr> <tr align="left"> <td colspan="2"><?php echo $pd_description; ?></td> </tr> </table> cart-functions.php: <?php require_once 'config.php'; /********************************************************* * SHOPPING CART FUNCTIONS *********************************************************/ function addToCart() { // make sure the product id exist if (isset($_GET['p']) && (int)$_GET['p'] > 0) { $productId = (int)$_GET['p']; } else { header('Location: index.php'); } // does the product exist ? $sql = "SELECT pd_id, pd_qty, pd_popular FROM tbl_product WHERE pd_id = $productId"; $result = dbQuery($sql); if (dbNumRows($result) != 1) { // the product doesn't exist header('Location: cart.php'); } else { // how many of this product we // have in stock $row = dbFetchAssoc($result); $currentStock = $row['pd_qty']; $pop = $row['pd_popular']; $pop = $pop++; $update = "UPDATE `schoolw1_niftys`.`tbl_product` SET `pd_popular` = '1' WHERE `tbl_product`.`pd_id` = $productId LIMIT 1"; mysql_query($update)or die (mysql_error()); if ($currentStock == 0) { // we no longer have this product in stock // show the error message setError('The product you requested is no longer in stock'); header('Location: cart.php'); exit; } } // current session id $sid = session_id(); // check if the product is already // in cart table for this session $sql = "SELECT * FROM tbl_cart WHERE pd_id = $productId AND ct_session_id = '$sid'"; $result = dbQuery($sql); [b]$row = dbFetchAssoc($result); if ($currentStock < $row['ct_qty']){ $error = "No more of this in stock"; $stop = "yes"; return $error; }else{ $stop = "no"; } if($stop != "yes"){[/b] if (dbNumRows($result) == 0) { // put the product in cart table $sql = "INSERT INTO tbl_cart (pd_id, ct_qty, ct_session_id, ct_date) VALUES ($productId, 1, '$sid', NOW())"; $result = dbQuery($sql); } else { // update product quantity in cart table $sql = "UPDATE tbl_cart SET ct_qty = ct_qty + 1 WHERE ct_session_id = '$sid' AND pd_id = $productId"; $result = dbQuery($sql); } }else{ $error = ""; return $error; } $row = dbFetchAssoc($result); if ($currentStock < $row['ct_qty']){ $error = "No more of this in stock"; $stop = "yes"; return $error; }else{ $stop = "no"; } if($stop != "yes"){

Ok thanks. Ill edit this after i finish up some other things i got going atm and post back in a few hours asking for your opinion again

I cant do much about the index.php the client paid somone to design it and she likes it. As for the catagories section, well thats why i posted here i have no idea how to make that look nice. As for the tiling issue i have found that and will fix it as soon as i get some more time. Thanks

i know about the injections: and did you enter that URL manually, or did you get directed there from a link? thanks

So im suposed to be showing my client this website in a few days. I am aware that about us and find us are both broken links, they will be last minute fixes. Right now im looking for suggestions on how to make the design look better, and how 'user friendly' it is. http://schoolworkanswers.com/nifty/ also if you could tell me what you think of the administation panel that would be nice. - feel free to add products and catagories, dont upload php files or anything this is not a security test i know i'd fail that - please dont delete user accounts. http://schoolworkanswers.com/nifty/admin Username: test password: test

I just preset $amount and it seems if the amount of rows is non existant it dosnt overwrite the variable: $amount = 0; $result = mysql_query($sql) or die (mysql_error()); while($row = mysql_fetch_array($result)){ $amount = $row['ct_qty']; } return $amount; }

I tried the to things below, just getting the same error. <?php function getqty(){ $cartContent = array(); $sid = session_id(); $pid = $_GET['p']; $pid = mysql_real_escape_string($pid) $sql = "SELECT * FROM tbl_cart WHERE ct_session_id = '$sid' AND pd_id = '$pid'"; if(!empty($sid)){ $result = mysql_query($sql); while($row = mysql_fetch_array($result)){ $amount = $row['ct_qty']; }else{ $amount = "0"; } return $amount; }?> <?php function getqty(){ $cartContent = array(); $sid = session_id(); $pid = $_GET['p']; $pid = mysql_real_escape_string($pid) $sql = "SELECT * FROM tbl_cart WHERE ct_session_id = '$sid' AND pd_id = '$pid'"; $result = mysql_query($sql) or die (mysql_error()); while($row = mysql_fetch_array($result)){ $amount = $row['ct_qty']; return $amount; }?>

I got a peice of code which in basic is just a function with a query in it. Sometimes the variable $amount is non existant though because the the user does not have the correct session. This is a simple placement error of my if statment im sure, i just cant tell were i should move the else statment, or the if statment. Anyone got ideas? <?php function getqty(){ $cartContent = array(); $sid = session_id(); $pid = $_GET['p']; $pid = mysql_real_escape_string($pid) $sql = "SELECT * FROM tbl_cart WHERE ct_session_id = '$sid' AND pd_id = '$pid'"; if ($result = mysql_query($sql)){ while($row = mysql_fetch_array($result)){ $amount = $row['ct_qty']; } }else{ $amount = "0"; } return $amount; }?>

I have the following code: <?php ini_set ("display_errors", "1"); error_reporting(E_ALL); //this returns the name of the image $name = $_FILES['uploadfile']['name']; //get the extension of the image $ext = substr($name,-3); //We will add some secruity here, make sure the extension is an image file extension if($ext == "gif" || $ext == "jpg" || $ext == "png" || $ext == "peg"){ //The part the user selected to insert the image into $area = $_POST['catagory']; //more security, make sure 'catagory' is actually a choice offered and not a mysql query (or something else entered) if (!in_array($area, array("Sofas","Beds and Bunks","Dressers and Cabinets","Side Tables and Desks"))) { header ("Location: index.php"); } //set vars in here $wantedname = $_POST['name']; // This is the temporary file created by PHP $uploadedfile = $_FILES['uploadfile']['tmp_name']; //below changes the files name if ($name != $wantedname){ $name = $wantedname; } list($width,$height)=getimagesize($uploadedfile); $newwidth = 100; $newheight = 100; //copy the file to were we want it now //die($name); rename("$uploadedfile", "images/" . $area . "/". $name . $ext); //lets resize it now!! $path = "images/$area"."/". $name . "." . $ext; $src = imagecreatefromjpeg($path); list($width,$height)=getimagesize($path); $tmp=imagecreatetruecolor($newwidth,$newheight); imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height); }else{ header ("Location: index.php"); } ?> and i had it working, but no for some reason it dosnt work i get these following errors:

Bah, curse my bad vison dont mind this i figured out i forgot the "!" infront of strstr <?php if ($_POST['preview']){ $website = $_POST['website']; $name = $_POST['name']; $adress = $_POST['adress']; $email = $_POST['email']; $phone = $_POST['phone']; if (strstr($website,"http://") ){ $website = "http://" . $website; } ?>

I was not saying your wrong, i was taking a guess, im not sure how exactly to do this and almost nothin on jquery and javascript. Ill try it though

do people not need javascript enabled for that to work? I know there is a way to do this in php i've seen this done before. - i dont know any jquery.

I got a form on a page (ill post code below) and it has two buttons a Preview button, and a submit button i know how to setup the submit button, but i want the Preview button to reload the page and put the info the in the text boxes to variables, but i dont know how to go about it, heres my form: <table width="780" border="0" cellpadding="5" cellspacing="5"> <tr> <td><div align="center"></div></td> </tr> <tr bgcolor="#E6E6E6"> <td height="138" align="center"><div align="center" class="style1"><html> <title>Registration Page</title> <body> <h1>Stayner.ca Buisness Register</h1> <p><br /> </p> <form id="form1" name="form1" method="post" action="index.php"> <table border="0" align="left" cellpadding="3" cellspacing="0"> <tr> <td>Buisness Name:</td> <td><input name="name" type="text" id="name" value="<? echo $form->value("user"); ?>" maxlength="30" /></td> </tr> <tr> <td>Buisness Adress:</td> <td><input name="adress" type="text" id="adress" value="<? echo $form->value("pass"); ?>" maxlength="30" /></td> </tr> <tr> <td> Contact Email:</td> <td><input name="email" type="text" id="email" value="<? echo $form->value("email"); ?>" maxlength="50" /></td> </tr> <tr> <td> Contact Phone:</td> <td><input name="phone" type="text" id="phone" value="<? echo $form->value("email"); ?>" maxlength="50" /></td> </tr> <tr> <td>Website:</td> <td><input name="website" type="text" id="website" value="<? echo $form->value("email"); ?>" maxlength="50" /></td> </tr> </table><p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <label> <input type="submit" name="preview" id="preview" value="Preview Display" /> </label> <label> <input type="submit" name="submit" id="submit" value="Submit Buisness" /> </label> </form> <p> </p></td> </tr> </table>

well you certianally cleaned up my code, however if you look at (http://www.stayner.ca/TEST/index2.php the "1" is still far away from the 2.

I know about 100 times more php then html because i didnt really learn html. But i got the following code that needs rearranged. if you look at (www.stayner.ca/TEST/) about one quarter the way down the page, near the "Questions Answers" part there are numbers ( currently 1 2 3 4) problem is 1 is spaced super far from the rest of the numbers I have located the problem to the part that displays: "Pages 1 2 3 4" is apart of the "Questions Answers" table so i need to rearrange this and create a new table for the numbers. But i dont really know php and was hoping somone could do it for me?: <td height="226" colspan="5" rowspan="4" valign="top" background="images/index-3_13.gif"><br> <table width="467" border="0" align="center" cellpadding="5" cellspacing="5"> <tr> <td width="366" bgcolor="#E6E6E6"><div align="left"><strong>Question:</strong></div></td> <td width="85" bgcolor="#E6E6E6"><div align="center"><strong>Answered?</strong></div></td> </tr> <tr><?php if(isset($_GET['page'])) { $page = $_GET['page']; }else{ $page = 1; } $tolimit = 4; $showend = $page * $tolimit; $showstart = $showend - 4; //Get all Topics (Parentid = 0) $getthreads="SELECT * FROM forumtutorial_posts WHERE parentid ='0' ORDER BY parentid DESC LIMIT $showstart, $tolimit"; $findamount = mysql_query($getthreads) or die (mysql_error());//for showing the four newest posts //the code below will be used to determine how many pages to show $query= "SELECT COUNT(*) as cnt FROM forumtutorial_posts";//efficant way of counting rows $query2 = mysql_query($query) or die (mysql_error());//because we dont want to call it yet we set it to another variable $row = mysql_fetch_array($query2); $num_rows=$row['cnt']; $pagestoshow = floor($num_rows/$tolimit); //grab all the content while($r=mysql_fetch_array($findamount)) { //the format is $variable = $r["nameofmysqlcolumn"]; - makes it easier to call later CAUSE IM LAZY!! $answer=$r["answered"]; $title=$r["title"]; $id=$r["postid"]; if ($answer == 0){ $answer = "no"; }else{ $answer = "yes"; } ?> <td bgcolor="#FFFFFF"><div align="left" class="style17"><a href="showquestion.php?page=<?=$id?>"><?=$title?></a></div></td> <td bgcolor="#FFFFFF"><div align="center" class="style17"><?=$answer?></div></td> </tr> <?php } print "<td>Page: </td>"; for ($i = 1; $i <= $pagestoshow; $i++){ print "<td><a href= 'index.php?page=$i'> $i </a></td>"; } ?> </tr> <tr> <?php if ($session->logged_in){?> <td bgcolor="#FFFFFF">Have a question you would like answered?, <a href="questionform.php">Click Here</a></td> <?php }else{?> <td bgcolor="#FFFFFF">You must be logged in to ask a question, to log in <a href="login.php">Click Here</a></td> <?php } ?> <td bgcolor="#FFFFFF"><div align="center">N/A</div></td> </tr> </table> <strong><br> </strong></td> </tr> <tr>

Well mabey my title exagerates a little much, but in the end im not getting the proper numbers. Im trying to paginate or whatever its called with four topics on a page. I have done this before and i know my only problem is getting the number of topics from my database, can somone figure out were i messed up?: <?php if(isset($_GET['id'])) { $page = $_GET['id']; }else{ $page = 1; } $tolimit = 4; $showend = $page * $tolimit; $showstart = $showend - 4; //Get all Topics (Parentid = 0) $getthreads="SELECT * FROM forumtutorial_posts WHERE parentid ='0' ORDER BY parentid DESC LIMIT $showstart, $tolimit"; $findamount = mysql_query($getthreads) or die (mysql_error()); $num_rows = mysql_num_rows($findamount); print sizeof($num_rows); $pagestoshow = floor($tolimit/$num_rows); //grab all the content while($r=mysql_fetch_array($findamount)) { //the format is $variable = $r["nameofmysqlcolumn"]; - makes it easier to call later CAUSE IM LAZY!! $answer=$r["answered"]; $title=$r["title"]; $id=$r["postid"]; if ($answer == 0){ $answer = "no"; }else{ $answer = "yes"; } ?> <td bgcolor="#FFFFFF"><div align="left" class="style17"><a href="showquestion.php?page=<?=$id?>"><?=$title?></a></div></td> <td bgcolor="#FFFFFF"><div align="center" class="style17"><?=$answer?></div></td> </tr> <?php } print "<td>Page: </td>"; for ($i = 1; $i <= $pagestoshow; $i++){ print "<td><a href= 'index.php?page=$i'> $i </a></td>"; P.S idk what these #160 things are they just appeared on their own.

using your code to set vars i could do this right: if ($a = mysql_fetch_assoc($q)) { $title = $a['title']; $message = $a['post'];

yes

well now i get output: