pengu

put <?php } ?> at the end of ur form. you opened a if statement and didn't close it also in your textarea remove the " /> after the php, because it just displays within the textarea

Is there an easier method to do this? The tables are absolute, they arent going to change, so.. not going to change that part. But I've tried to make this secure. $q should not have to be escaped because it's not going into query.. is that correct? I just have a whole heap of querys and IF statements. P.S Sorry for the long code.. <?php /************************************************** Page: wardrobe.php Created on: 01/07/2009 Last modified: 24/07/2009 Modified by: Jamie Ross Created by Jamie Ross of http://www.deadendcafe.net **************************************************/ //db connection.. include('-------'); include('links.php'); $q = $_GET['q']; $item = $_GET['item']; switch ($q) { case 'equip': mysql_real_escape_string($item); if (empty($item)) { echo "No item was selected."; exit(); } $sql = "SELECT itemid,item_type,item_name,style_points FROM item WHERE itemid = '".$item."'"; $result = mysql_query($sql); if (mysql_num_rows($result) != 1) { echo "No item was found. "; exit(); } $row = mysql_fetch_assoc($result); $item_type = $row['item_type']; $item_name = $row['item_name']; $item_points = $row['style_points']; $sql = "SELECT id,shirt,pants,shoes,ring,necklace FROM users WHERE id = '".$_SESSION['myid']."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $shirt = $row['shirt']; $pants = $row['pants']; $shoes = $row['shoes']; $ring = $row['ring']; $necklace = $row['necklace']; if ($item_name == $shirt || $item_name == $pants || $item_name == $shoes || $item_name == $ring || $item_name == $necklace) { echo "You already have this item equiped."; exit(); } if ($item_type == 1) { $sql = "SELECT style_points FROM item WHERE item_name = '".$shirt."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $i_points = $row['style_points']; $sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); $sql = "UPDATE users SET shirt = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); echo "You have equiped your ".$item_name."."; exit(); } if ($item_type == 2) { $sql = "SELECT style_points FROM item WHERE item_name = '".$pants."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $i_points = $row['style_points']; $sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); $sql = "UPDATE users SET pants = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); echo "You have equiped your ".$item_name."."; exit(); } if ($item_type == 3) { $sql = "SELECT style_points FROM item WHERE item_name = '".$shoes."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $i_points = $row['style_points']; $sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); $sql = "UPDATE users SET shoes = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); echo "You have equiped your ".$item_name."."; exit(); } if ($item_type == 4) { $sql = "SELECT style_points FROM item WHERE item_name = '".$ring."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $i_points = $row['style_points']; $sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); $sql = "UPDATE users SET ring = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); echo "You have equiped your ".$item_name."."; exit(); } if ($item_type == 5) { $sql = "SELECT style_points FROM item WHERE item_name = '".$necklace."'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); $i_points = $row['style_points']; $sql = "UPDATE users SET style_points = style_points - ".$i_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); $sql = "UPDATE users SET necklace = '".$item_name."', style_points = style_points + ".$item_points." WHERE id='".$_SESSION['myid']."'"; $result = mysql_query($sql); echo "You have equiped your ".$item_name."."; exit(); } break; default: echo '<html><head></head><body><center><table width="800px"><tr><td colspan="4" align="center"><h1>'.$_SESSION['username'].'\'s wardrobe</h1></td>'; echo '</tr><tr><th>ITEM ID</th><th>ITEM NAME</th><th>STYLE POINTS</th><TH> </th></tr>'; $sql = "SELECT * FROM wardrobe WHERE user_id = '" . $_SESSION['myid'] . "'"; $result = mysql_query($sql); while($row = mysql_fetch_array($result)) { echo "<tr>"; echo "<td align='center'>" . $row['itemid'] . "</td>" ; echo "<td align='center'>" .$row['item_name'] . "</td>"; echo "<td align='center'>" .$row['style_points'] . "</td>"; echo "<td align='center'><a href='wardrobe.php?q=equip&item=".$row['itemid']."'>equip</a></td>"; echo "</tr>"; } echo '</table></center></body></html>'; break; } ?>

Thanks.

Hey guys, My friends and I have a project going on currently and one of our mates has designed a system up for leveling up, items and such. (oh it's a game project) The way hes done it is with percent (which annoys me, but it's possible I'm sure), 1 being 100% 0.2 being 20% ect. Now all values are stored in a database, we have a lot of calculations going on, so I want to make sure before the table is updated all values are 2 decimal points I think e.g 0.20 or 0.02 <- never go past those 2 digits. Now I've seen float() used for this I believe? Do all math kind of things have to be functions? Cheers, Pengu.

hey mate, you forgot a ";" i'd recommend going to http://w3schools.com/php/default.asp - got a lot of great information on the website <input type="hidden" name="name" value="<?php echo $_POST['name']; ?>" <form id="form1" name="form1" method="post" action="submit.php"> Name: <label> <input type="hidden" name="name" value="<?php echo $_POST['name']; ?>" </label> <p> <label> <input type="submit" name="button" id="button" value="Submit" /> </label> </p> </form>

My theory was correct. Thanks for your help guys. Do a COUNT to get total number, do some maths and bam! LIMIT $a, $b

$page = "blabla.php"; $_SESSION['bla'] = $page; if(!isset($_SESSION['loggedIn'])) { header("Location: login.php"); } //then somewhere else on another page couldn'tyou just codezzzz header("Location: $_SESSION['bla']"); I don't know if this would be possible because you'd have to be constantly updating that particular session.

Can you be more specific with LIMIT is what I mean and you'd make the '10' a variable? somepage.php?start=1 $start = $_GET['start']; $sql = "BLA BLA BLA LIMIT 0, ".$start.""; See that kind of thing,but changing what the limits are, depending on those variables.

I'll explain a bit better, I have a user database with 50 users in it for example, they're ordered by some sort of ranking. I only want to display 10 per page. And I'd like a ">>" next page kind of thing. Could this be achieved by using MySQL to do a COUNT of id's or usernames (doesn't really matter)? And then could I do use LIMIT to display the next 10 and the next 10 on the page? Hopefully this makes sense. id rank 1 1 7 2 3 3 - Page 2 >>

2 different forms then? Make them select there method of payment first and depending on what that is, invoice or payson will determine what form they're presented with.

I'd recommend reading the errors and doing as they say. One of your variables isn't defined at all. Is $PHPSESSID suppose to be a session thing? $_SESSION['id'] maybe? If not, it's not defined.

I hope I'm reading your question right. Could you just put it into a $_SESSION ?

What is the best method for security? At present I'm using mysql_real_escape_string for my login to protect it from "sql injection".

It depends on what you want to do mate. Go through http://w3schools.com/sql/default.asp this to learn SQL queries.

Why not remove C1 C2 and C3 and call it sex. Then you can have "male" or "female" Then change your options. <form action="email-form.php" method="post"> <input type="checkbox" name="sex" value="female">Female <input type="checkbox" name="sex" value="male">Male </form> $sql = "SELECT email FROM contacts WHERE notify = 'Y' AND sex = 'male'";

Change <select name='signoff_status'> <option value='a' selected>Active</option> <option value='s' >Remove</option> </select> To this.. (I think) <select name='signoff_status'> <option value='a' selected='selected'>Active</option> <option value='s' >Remove</option> </select> It may or may not be making something not work.

I always thought it was something like <option selected="selected"> so I think the problem is the "<option value='a' selected>Active</option>" assuming of course the form is made correctly.

$boot = "mysql_query(SELECT Boot FROM gebruikers WHERE hash = '".mysql_real_escape_string($_SESSION['sig'])."')"; Try putting it in the " and " like I've done there.

$passReset = mysql_query("UPDATE users SET password='$db_password',FLAG='1' WHERE email_address='$email_address'"); Pretty sure it's just separated by a comma.

could you show a bit more information mate? you'll have to use the mail() function. http://au.php.net/manual/en/function.mail.php

add it to the top of your code, because it submits on itself html is a bit blah but..<button type=submit>Send Mail!</button> $action = $_GET['action']; <input type='submit' name='submit' value='submit'>

thanks for your help guys echo "<a href=\"javascript:popUp('email.php')\">Email</a>" ; worked

Umm this is where the problem is, I forgot to fix this up before. It only displays javascript:popUp( when you hover over it. <?php echo "<a href='javascript:popUp('email.php')'>Email</a>"; ?> edit: Just went over what you said, I will try it. Edit2: thank you so much seventheyejosh, it worked a treat.

Hey guys, Question about the echo function. I'm putting some HTML within the variable. Having trouble with the javascript so the codes with the " " and I'm using ' ' for anything else, but then I run into the problem of javascript using ' ' within " " tags. The $message is used in an echo statement further down the page. Is there a way around this? <?php session_start(); if ($_SESSION['logged_in'] == false) { $message="<div class='login'><form id='login-form' method='post' action='login.php'><fieldset><h2>Login to Web Site</h2><p>Username: <input type='text' name='username' id='username' size='17' /></p><p>Password: <input type='password' name='password' id='password' size='17'/></p><input type='submit' name='submit' id='submit' value='Login' /></fieldset></form></div>" ; } else { $message="<div class='login'><div id='login-form'><fieldset><h2>Welcome " . $_SESSION['username'] . "</h2><p><a href='javascript:popUp(email.php)'>Email</a> <a href='logout.php'>Logout</a></p></fieldset></div></div>" ; } ?>

Ignore that.. I've changed the code and have it fully functioning now. As soon as someone mentioned you can't return more than one thing I changed bits and pieces. Err.. thanks for your help anyways guys, but the best method is to sit there and fiddle with it, I'm sure I'll be asking more questions soon. Cheers, Pengu