DavidAM

It is at the very top of the topic.

How do you figure? We have here a PHP string, using double quotes; with an SQL string, using single quotes; and the need to embed a single-quote inside the SQL string. For mySql, that would be : $sql = "INSERT INTO `forums` VALUES(3, 2, 1, 'Success!', 'You\'ve successfully installed RCS. Wewt!', 9, 1, 1);" Since the backslash is inside of a double-quoted string and is immediately before a single-quote, it does not have any special meaning in PHP. So it must not be escaped for PHP. It is being escaped, once, for mySQL. Unless the PDO extension requires additional escaping for some strange reason, this is all that is needed.

@Turd - I don't know about PDO, but the other sql extensions I have worked with (mysql and mysqli) do not promote SQL errors to PHP errors. You have to actually use the sql extension's error function to get the error message. @OP - The third INSERT statement on that fifth table looks invalid to me. I don't think you have escaped the single-quote correctly (unless that was a cut-n-paste issue with the post). INSERT INTO `forums` VALUES(3, 2, 1, 'Success!', 'You\\''ve successfully installed RCS. Wewt!', 9, 1, 1); Shouldn't that be 'You\'ve successfully ...?

In the past, one of the browsers (can you guess which one?), submitted all of the buttons no matter which one you clicked. So, if you have a form with multiple <BUTTON> elements to submit it (for different actions), it was impossible to tell which one the user choose. I don't know if the more recent versions of IE behave differently or not; and I have not tested in other browsers recently, either. Basically, I quit using multiple BUTTONS when I discovered this problem.

if(isset($_GET['id'])) is looking for the id value to be in the URL. <form method="post" action="inc/update.inc.php"> does NOT have an id value in the URL, so there will be no $_GET['id'] Perhaps, your if test should be checking $_POST. However, if there is an "id" field on the form, then isset() will return true, even if it is blank. You may need to check it for empty as well: if ( (isset($_POST['id'])) and (! empty($_POST['id'])) )

Outlook will do that when it has trouble understanding the MIME data. I'll give you a few suggestions, but don't throw away the code you already have until we get this working. I have never actually run into this problem, but I've been reading through the RFC's lately. 1) You have referenced $path and $path_name in the code. Do both of these variables exist? or is one of them a typo. 2) In the MIME data, when you specify the filename, be sure you are only supplying a filename (and extension). Do not supply the directory names. You cannot control the directory on the client, so there is no sense in specifying them. I mention this, because you use $path with file_get_contents() and that one should have the directory path. 3) I don't think you need the second boundary. You specify this part of the message as "multi-part/alternative", but you are not supplying any alternative to the HTML. If you are going to put a plain text message in there as well, then OK; but if HTML is the only format you are providing, then I don't think you need the second boundary: take out the "alternative" content-type header and boundary 2, then move the HTML content headers up below the boundary 1. 4) Make sure that your HTML message does NOT have any NON-ASCII text in it. Since you specified the encoding as 7-bit, you need to use 7-bit. If you need UTF-8 (or some other multi-byte character set) then you will need to encode the attachment in some way or use htmlentities() on the content only (not on the HTML tags). 5) Make sure you use CRLF (\r\n) as the line ending. In emails, the line ending should be CRLF. Your here-docs are probably using LF ("\n") alone. 6) Make sure your HTML message is broken up into lines (with CRLF, if possible). The mail specification says lines should not be longer than 78 characters (plus the CRLF line-ending) and must not be longer than 998 characters (plus the CRLF). 7) Put double-quotes around the filenames in the content headers So, I think your message body should look like this: This is a multi-part message in MIME format. --$boundary1 Content-Type: text/html; charset=ISO-8859-1; Content-Transfer-Encoding: 7bit $html_message --$boundary1 Content-Type: application/octet-stream; name="$path" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="$path_name" $fileContent --$boundary1--

1 - When posting source code, use the code tags. That's the button up above the textarea with the hash-mark ("#") on it. Or, if you're like me and don't want to waste the time to move your hand to the mouse and back, you type "[" (left-square bracket), "code", "]" (right-square bracket). And then close the code with "[" "/code" "]" --- Obviously, without all the spaces and quotes Using the code tags will help even more than colorizing your code! 4 - Remove the "@" (error suppression construct) in @session_start() and anywhere else that you have it in your code. Fix the errors, warnings, notices, whatever don't hide them. And while we are talking about not suppressing errors, add the code to show them at the beginning of your script: error_reporting(E_ALL); ini_set('display.errors', 1); Now, on your second and subsequent pages, this line of code: $_SESSION['dis']=$_POST['disciplines']; is causing you problems. Since page "2" is not POSTed, the $_POST array does not exist and you are clearing the value that you assigned on page "1". You need to make this assignment conditionally: if (isset($_POST['disciplines'])) $_SESSION['dis']=$_POST['disciplines']; Note: you should be getting an error on that line warning about referencing an index that does not exist. (If you have error reporting turned on). Additional Issues: You are placing the user supplied value directly into your query, which will leave you open to sql injection or failed queries. You need to escape that value: "select * from student_master where Disciplines='" . mysql_real_escape_string($_SESSION['dis']) . "' LIMIT $offset,$rowsPerPage" You should avoid $_SERVER[php_SELF] or sanitize it first. This value comes from the user and can create problems. If you clean all that up, and still have problems, post the newest code, along with any error messages in their entirety.

First, in development and testing, you should use error_reporting(E_ALL); so you can see ALL errors and warnings. The problem with the image attachment is the result of a bad tutorial. There are several problems with that code. Here is your code, with markers for my comments: $headers .= 'MIME-Version: 1.0'."\r\n"; $headers .= 'From:[email protected]'."\r\n".'X-Mailer: PHP/'."\r\n". phpversion(); /* 1 */ $headers .= 'Content-Type: multipart/mixed; boundary=\"".$uid.\"\r\n\r\n'; $headers .= '--'.$uid.'\r\n'; /* 2 */ $headers .= 'Content-Transfer-Encoding: 7bit\r\n\r\n'; $headers .= 'Content-Type: application/octet-stream; name = '.$file_name.'\r\n'; /* 4 */ $headers .= 'Content-type: text/html; charset=iso-8859-1'."\r\n"; $headers.= 'Content-Dispostion: attachment; file='.$file_name.'\r\n'; $headers .= $content.'\r\n\r\n'; $headers .= '--'.$uid.'--'; /* 3 */ $headers .="Content-Type: image/jpg; file=".$file_name."\"\"\r\n"; 1) This is the last entry that is a valid mail header. Every thing below this is part of the MIME message body. The person who wrote this tutorial is trying to force that by putting the two CRLF's at the end of the line. In raw email text, this indicates the end of the headers. However, putting the message body in the headers is bad practice (IMHO). The specification says that headers can appear in any order, so the php mail() function (and underlying system sendmail function) is free to rearrange the stuff that you tell it is headers. Also, the function may or may not try to clean up your headers by removing extra line-endings -- testing on my current version of PHP indicates that it does not, but I don't know about other past or future versions. Oh yeah, and the 'Date:' header is going to have to be added somewhere, so what if it sticks it in the middle of your stuff? 2) Here you indicate that the (image) data is encoded in 7-bit ASCII. In fact, you encoded it with base64_encode() earlier in your code. This line should read: Content-Transfer-Encoding: base64 3) This MIME header is trying to specify the filename for the following data. However, it appears after the closing boundary and is therefore not part of the message at all. Note, also, that your message body ($message in your code) will appear after this line, again, after the closing boundary so it will not be part of the MIME message either. 3) Also, you embedded two double-quotes immediately after the filename. I don't know why, unless you were trying to put the filename inside double quotes, in which case, you need to move one of them. 4) This line indicates you are about to send content that is HTML, however it is contradicting the line immediately above it that says you are about to send an octet-stream. Wikipedia has a good example of what Mulipart Messages should look like. Here it is: Note: the #-1-# are NOT part of the message I added them for discussion below: #-1-# MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=frontier This is a message with multiple parts in MIME format. #-2-# --frontier #-3-# Content-Type: text/plain This is the body of the message. --frontier #-3-# Content-Type: application/octet-stream Content-Transfer-Encoding: base64 PGh0bWw+CiAgPGhlYWQ+CiAgPC9oZWFkPgogIDxib2R5PgogICAgPHA+VGhpcyBpcyB0aGUg Ym9keSBvZiB0aGUgbWVzc2FnZS48L3A+CiAgPC9ib2R5Pgo8L2h0bWw+Cg= --frontier-- #-3-# 1) The following two lines are HEADER lines and are followed by a blank line. 2) This is the first part of the body. This plain text line is not strictly required, but gives users a plain text message if their mail client cannot decode the MIME content. 3) This is the boundary between the multiple parts of the MIME message. You will note that the last one has an extra "--" at the end, which indicates that it is the end of the MIME message. Basically, each part of a Multipart MIME Message is formatted link a "micro-email" (if I may coin a term). There is a boundary line that indicates, well, a boundary between the multiple parts. Then there are some headers indicating the content type, encoding, disposition, etc. Then a blank line indicating the end of the headers; and finally, the content in whatever encoding you specified. The last part is followed by another boundary, with the extra "--" to indicate that the MIME is finished.

You might need to show us your current code. However, I suspect the problem is that you are not clearing out the variables when the athlete changes. When using a JOIN, you can get multiple rows for the same (in this case) athlete, showing different (in this case) disciplines. You need to track which athlete you are dealing with and break-up the output when it changes. Something like: // This is psuedo-code, it WILL NOT RUN $currentID = null; while ($row = fetch_assoc($queryResource)) { if ($currenID != $row['id']) { if (!empty($currentID)) { # output the data for the previous ID } $currentID = $row['id]; $baseData = // Collect the name and stuff that does not change $moreData = ''; // Clear the variable holding the additional stuff } $moreData .= $row['whatever']; } // At this point we have not output the last set of data, so ... if (!empty($currentID)) { # output the data for the previous ID }

At around line 62, when the insert fails, add the line below. Then post the SQL and the error message. There is either an error in the INSERT statement, or a duplicate key issue (or something else). echo "$value"." not inserted"; # This is line 62 echo $insert_sql . '<BR>' . mysql_error(); Nevermind Your INSERT is OUTSIDE of the foreach loop, so it is only being called once. You need to work on your code formatting so you can see where loops and things close. Here is that segment of code reformatted so you can see where the loop ends: $images = scandir($dirname); //use scandir to find all the files that have been unzipped into the directory, and then do a foreach loop that enters the image file locations into your mysql database echo "Number of pics uploaded: " . count(array($images)); echo '<html>'; foreach ($images as $value) { $url = trim($urldirectory)."/".trim($value); echo '<img src="http://example.com/' . $dirname . '/' . $value . '"< /img>'; } # END OF FOREACH LOOP echo '</html>'; $insert_sql = "INSERT INTO pics (taken, location, subject, url) VALUES ('$taken', '$location', '$subject' , '$url');"; if (mysql_query($insert_sql)) { echo "$value"." inserted successfully!"; } else { echo "$value"." not inserted"; } You could move the insert into the loop. Of course just saying that will start a small brush fire. The preferred (and more advanced) way is to collect the values you want to insert and do one insert after the loop: $images = scandir($dirname); //use scandir to find all the files that have been unzipped into the directory, and then do a foreach loop that enters the image file locations into your mysql database echo "Number of pics uploaded: " . count(array($images)); echo '<html>'; $dbValues = array(); foreach ($images as $value) { $url = trim($urldirectory)."/".trim($value); echo '<img src="http://example.com/' . $dirname . '/' . $value . '"< /img>'; $dbValues[] = sprintf("('%s', '%s', '%s', '%s')", mysql_real_escape_string($taken), mysql_real_escape_string($location), mysql_real_escape_string($subject), mysql_real_escape_string($url)); } echo '</html>'; $insert_sql = "INSERT INTO pics (taken, location, subject, url) VALUES " . implode(',',$dbValues); if (mysql_query($insert_sql)) { echo "pics inserted successfully!"; } else { echo "pics not inserted"; } Note: You are not escaping the values you are putting into the query. This could break the query, or worse, allow for SQL injection attacks. You should use mysql_real_escape_string. $insert_sql = "INSERT INTO pics (taken, location, subject, url) VALUES ('" . mysql_real_escape_string($taken) . "', '" . mysql_real_escape_string($location) . "', '" . mysql_real_escape_string($subject) . "' , '" . mysql_real_escape_string($url) . "');"; As to the spaces in the URL. You need to echo out the value and post it in a code block so we can see what it is and possibly where it comes from. Line 54 should definitely NOT be leaving spaces between those two elements that you are concatenating.

Notice in the error message there is no space between "events" and "ON". In your code, you have concatenated the "FROM" clause and the "ON" clause without any space between them. So the value of $query is: SELECT members.first_name, members.last_name, members.bio_body, events.event, events.pbFROM members LEFT JOIN eventsON members.id = events.id" There is also no space between "events.pb" and "FROM". When using concatenation to build a query, you should always either end every line with a space or start every line with a space. Pick one style and use it every time. Spaces are cheap and usually cause no trouble. If you can't find any, I have some extras in the other room I'll be glad to send to you. $query = "SELECT members.first_name, members.last_name, members.bio_body, events.event, events.pb ". "FROM members LEFT JOIN events ". "ON members.id = events.id";

1) The From header must be a valid email address. You can add a display name, if desired: From: "ABC Website" <[email protected]> This is the most likely reason that the message is not being sent. 2) You left out the "\r\n" after the X-Mailer header. This causes the Content-Type header to not be seen as a header but as part of the value of the X-Mailer header. This will cause the message to be improperly formatted on some (if not all) mail clients. By the way, there is no need to include the Reply-To header, unless you want replies to go to someone other than the From address. Why not just use From: "abc.co.in" <[email protected]>

A temp table is used internally by the database engine, it is not something you can query (unless of course you did a SELECT INTO TEMPORARY TABLE command). The results should have been displayed. It could be that the front-end timed out and did not get the results. Try running an EXPLAIN on the query. Then post the query itself and the results of the EXPLAIN command. You may need to post your table structures as well. There are several possible reasons for the problem, most likely: 1) you left out a JOIN and generated a Cartesian product; OR 2) you need to define indexes on fields that are being joined or used in conditionals;

@.josh Does this include the multi-byte versions; i.e. mb_ereg_match? I ask this because I have never seen the mb_ereg* functions mentioned in relation to any discussion on regular expressions. I just think it would be good to make the sticky "complete" by mentioning these one way or the other. I came across them (in the manual) recently. while I was reworking my site into utf-8.

Me, too. See http://forums.phpfreaks.com/index.php?topic=364706.msg1727968#msg1727968

$count = 0; while ($x >= 30) { $count = $count + 1; $x = $x - 30; } unset($x); echo $count;

If you are trying to find ONE record that is in ONE table or the OTHER, you would have to use a UNION and select from BOTH tables independently. Having said that, I must say this: you do not want to do that! You should have ONE table for users -- ALL login information will be in this table. If you have different data requirements for players vs. managers, then you create TWO ADDITIONAL tables players and managers which have the user.id as a foreign key to the users table. The users table would also need a flag to indicate whether the user is a player or a manager.

return! I knew I was leaving something out, but couldn't remember it. onSubmit: Good point. That is really where it belongs.

$0.02 Make sure the TEXTAREA is inside the FORM tags

This line: $getFM = $_GET['fm']; Is setting the variable to null if the value is not in the URL, then you set the session value to this variable (which sets it to null as well). It is also throwing a warning about an undefined index. You need to turn on error reporting. To do what you are trying to do, you could try: $getFM = (isset($_GET['fm']) ? $_GET['fm'] : (isset($_SESSION['FM']) ? $_SESSION['FM'] : '')); $_SESSION['FM'] = $getFM; Which is the same as: if (isset($_GET['fm'])) { $getFM = $_GET['fm']; } else if (isset($_SESSION['FM'])) { $getFM = $_SESSION['FM']; } else { $getFM = ''; } $_SESSION['FM'] = $getFM;

If you are doing the validation on submit <INPUT type=submit onclick="checkSubmit()"> Then you just have that function (checkSubmit()) return false to prevent the browser from submitting the form. Then the front-end validation shows the error, but the data is not sent to the server. If everything checks out OK, then the function should return true to allow the data to be submitted to the server. Note: I think that is correct, but I usually do it field by field, so I don't remember the exact process.

Along with all the other advice: The back-ticks are completely unnecessary and IMHO make the code harder to read. More importantly --- without seeing your table structure, I have to ask if you are totaling the correct column. If a customer bought 2 books, is the price column the total cost of 2 books, or is it still the unit price (1 book)? If it is the unit price, you need to sum (price * qty) as Total

I haven't worked with .tpl files before, but I know a whole lot of programming languages. Not a single one of them will let you have an elseif without an if before it. If your if is outside of the foreach then this code will never work. You need to re-think your logic. If you provide a little more of the file and a good explanation of what you are trying to accomplish, I'm sure someone here can point you in the right direction.

I'm not sure what you mean by "you get the same error". The server knows nothing about the front-end. All it knows is that a request was made and the data is not valid. There are different ways to do front-end validation. You can do validation on each field as it is entered, you can intercept the submit and validate the data before it goes to the server, or you can combine the two. There are probably other ways as well. If you explain how your validation is done, and where you think the duplicate message will come from, we might be better able to explain it.

If the back-end receives bad data, then the user either ignored the error or has JavaScript turned off. If they ignored the error message then getting it a second time (from the server) is their own fault. If they have JavaScript off, then they never saw the error message in the first place. Don't worry about repeating yourself, just enforce your validation. Always design and develop your pages so they work 100% without JavaScript. Then add JavaScript to enhance the user's experience. Never depend on front-end validation! It is there so the user get's faster responses. The reduced server load is a side-benefit to you.