ialsoagree

Hello all, I go by IAlsoAgree and given by my profile I've been here for a little while. I don't believe I've ever introduced myself. I'm 24 years old and I taught myself PHP and MySQL about 3-4 years ago. Most of my work has been hobby related but I have done a few payed projects as well. I know from use and classes HTML and CSS although I hate doing design work, I'm also well versed in Javascript and AJAX as well as XML and Lua. I live in New York and am currently a senior in college and will be graduating with a degree in chemistry. I've applied for the US Navy (was turned down for interviews for NUPOC :'( ) but will be reapplying for the Surface Warfare Officer and Supply Officer positions. I would love to serve on a nuclear submarine. I got help with a couple questions when I first joined, and have been trying to help out others in the (many, many) months since.

IP's can't be stored as ints. You should change the column definition. It appears that the IP is used as part of a primary key, so I would suggest setting the column as a char(15). As for the time, if you know how to use unix timestamps, use time(); instead of date("m/d/y", time());.

Since IP is not defined as a string, you're going to have trouble putting '82.0.154.172' into that column. =) Also, your time is getting formatted as month/day/year $time = date("m/d/y",time()); But the column is looking for a unix timestamp: time().

If it was a waste of time, we wouldn't be here answering questions, so no worries. The first thing that comes to mind, what are the database column definitions?

$result = $mysqli->query($query) or die(mysqli_error($mysqli)); $mysqli->query only returns an object for select (and show, describe, or explain) statements. Everything works fine until here: $row = $result->fetch_object(); The query was an insert, so $result isn't an object, thus, call to a member function on a non-object.

$member becomes an array whose indexes are the names of the columns that were returned in $result, and the values of those indexes are the values that were in the database for the given row. The session index MEMBER_ID gets set to the member_id that was in the MySQL database.

No, as I indicated this script must be in the sw.php file (and any other file that the user would see in their browser's navigation bar that needs this functionality). Sorry if I didn't emphasize that more clearly.

This is an SQL query that tells a databse to return all columns in all rows where the login column is equal to the $login variable, and the passwd column is equal to the md5 encrypted string produced with $_POST['password']. md5 is a form of one-way encryption (data can be encrypted with md5, but once encrypted, it is very hard or impossible to decrypt) that is often used for the encryption of things like passwords that never need to be decrypted again.

As to the code you guessed at you. You're correct EXCEPT that no error is outputted, the error is saved to be outputted later. As to the 2nd chunk of code, this code starts a new session (a way of keeping track of people on the website), checks if the MEMBER_ID has been set and isn't just an empty string. If it HASN'T been set, or if it IS an empty string, it stops executing the script immediately with no error message.

In my haste, I forgot a small detail, apologies, try this instead: $current_file = basename(__FILE__); $key = NULL; $value = NULL; $get_string = ''; $start = TRUE; foreach ($_GET as $key => $value) { if ($start) { $get_string .= '?'; $start = FALSE; } else $get_string .= '&'; $get_string .= $key.'='.$value; } $current_page = $current_file.$get_string;

The double equal needs to be in there, = is an assign operator that will always be true when assigning a string to a variable. You should not change the ==.

You have to define $current_page yourself. There's quite a few different ways to do this, and it will depend on what is most efficient for you. One method if executed from sw.php would be: $current_file = basename(__FILE__); $key = NULL; $value = NULL; $get_string = ''; $start = true; foreach ($_GET as $key => $value) { if ($start) { $get_string .= '?'; } else { $get_string .= '&'; $get_string .= $key.'='.$value; } $current_page = $current_file.$get_string;

This code checks if the $login variable has information in it and if it doesn't, it adds a message to the next index of $errmsg_arr and sets $errflag to true. It then checks password as above and takes the same steps if password doesn't have any information in it. If $errflag is true, $errmsg_arr is stored in the current session, specifically $_SESSION['ERRMSG_ARR'], this data is forcibly saved to the session prior to script end (specifically this is useful if your website has frames, otherwise it's unnecessary but not harmful), the user is redirected to login.php and the script ends immediately.

No, the website I worked with was not using any rss feed or any PHP script that reads external files or allows file uploads other than images.

The date function expects a unix time stamp (the number of seconds since January 1st 1970 GMT). If you plan to do a lot of your date handling in PHP, it's often better to store the time in the database as an int(11) and a unix timestamp. PHP gives you the current unix time stamp with time(). If you want to convert your MySQL time to a unix timestamp, I'd suggest doing it in PHP with strtotime($mysql_date).

Asking questions is what this website is here for! This code is a function which can be called from elsewhere in your script. If you pass it a string variable it will remove any extra white space at the start and end of the string (IE. extra spaces, returns, tabs etc.), then if the string has been escaped by PHP it will remove the escaping. It then escapes the string for storage into a MySQL database and returns the cleaned up string. You would use it like so: $some_string = 'Some string.'; $cleaned_string = clean($some_string);

Look at your code carefully, replacing it with $value is the ONLY option: foreach ($months as $value) { if($_POST['month'] == $months) echo ''<option value="'.$value.'" selected>'.$value.'</option>'; else echo '<option value="'.$value.'">'.$value.'</option>'; The "foreach" defines $value as the first index of $months (and then loops through each index 1 by 1 redefining $value as it does). foreach ($months as $value) { if($_POST['month'] == $value) echo ''<option value="'.$value.'" selected>'.$value.'</option>'; else echo '<option value="'.$value.'">'.$value.'</option>';

It would probably be better to use different form tags if you want to submit different forums depending on what button is hit (in other words, separate the fields and submit buttons into 2 different form tags). Just as a quick aside though, since it seems to be my favorite thing to point out: using double quotes around a string that doesn't contain text is a waste (albeit a very small amount) of processing power. You're telling PHP to check for PHP variables in the string, but there's no PHP variables there so it's just wasting time. You should instead use single quotes. But in this specific case, the difference in time saved wouldn't even be noticeable. It's more of a "good practice" note, especially if you build highly used or very demanding PHP pages.

An SMTP 503 error is a "mail server requires authentication" error. If you're unfamiliar with how to authenticate, give this link a look: http://email.about.com/od/emailprogrammingtips/qt/PHP_Email_SMTP_Authentication.htm

Depending on the rest of the code, and the exact nature of the problem, it's possible for PHP to return a white page (no HTML). I've had this happen to me once or twice. Although I did totally miss the semicolon and the required param, doh! Thanks for the save mjdamato!

My suggestions won't actually fix any errors as there was nothing expressly wrong with your initial script, it just didn't utilize double quotes efficiently. In order to help you diagnose the problem, we'll need to see more of the PHP in the file.

Change: while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { echo"{$row['email']}, "; } to: $email_list = ''; while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $email_list .= "{$row['email']}, "; } Then change $to = 'eamil1@email.com'; To $to = $email_list; Actually, I'm not entirely sure if this 2nd part will work as I do not normally e-mail multiple users at the same time. Hopefully if it is wrong someone else can point out how to fix it, if no one does and it doesn't work, let me know and I'll get you something that does.

The error doesn't appear to be in this part of the code. Although I do want to point out a couple things. You define a variable as false, then the entire rest of your code is ignored because it's in an if statement that only runs it if the variable defined as false is true: $sticky_ip=false; if($sticky_ip){ Also, when you use single quotes inside double quotes, you don't have to concatenate variables to the string, doing so causes your script to run slower. Double quotes are designed to interpret variables inside them because PHP parses the string: $sqlquery = "SELECT ip_address FROM $table WHERE ip_address = '".$ip."' LIMIT 1;"; Should be: $sqlquery = "SELECT ip_address FROM $table WHERE ip_address = '$ip' LIMIT 1;"; ...and... $sqlquery = "INSERT INTO $table VALUES('".$ip."','".$chosenlink."');"; Should be: $sqlquery = "INSERT INTO $table VALUES('$ip','$chosenlink');";

Is this what you're looking for? <li><a<?php echo (($current_page == 'sw.php?page=home') ? ' class="current_page"' : ''); ?> href="sw.php?page=home">Home</a></li> <li><a<?php echo (($current_page == 'sw.php?page=timeline') ? ' class="current_page"' : ''); ?> href="sw.php?page=timeline">Timeline</a></li> Etc.

I worked on a site not long ago that found a similar bit of cryptic javascript inserted into the bottom of all it's index files (both PHP and HTML). At the same time, many of their users reported that their virus scanners now marked the site as containing malicious code and wouldn't let them access it. I contacted the web host in an attempt to get FTP logs but the host didn't maintain logs for FTP access. In any event, removing the code removed the error message for the users - coincidence, probably not.