russthebarber

I have a form file upload page. When I hit submit it posts data to php which uploads an image. Then from this .php page I click an ok button which sends me back to my form upload (posting some data with me). I can then repeat the process and upload more files...all working ok so far. On the upload page, I also have a list of all the files I've uploaded. I am using jquery ajax to post data to another php file which changes some things in my database relating to those files and fires response data back to my form. This page also does some other tasks that require reloading the page. Because the page has post data, I am getting the "To display this page, Firefox must send information that will repeat any action (such as a search or order confirmation) that was performed earlier." message. Can anyone think of a way around the problem without using normal php posts for the whole thing or using ajax for the whole thing. All tasks need to be performed on this one page.

Yep, you're all right. I don't need the hidden field at all. Thanks.

Thanks.

I have a site where users have a username, password and user_id (primary key auto generated). Every user has related products that are specific to that user. I'd like to know if anyone has any thoughts on if the following is a secure way to send info from page to page or if there is a better way: If a user is logged in, the user_id is stored in a var and is sent in a hidden form input from page to page (not alone very secure, I know). This var can then be used to see which products belong to that user, but only after a login check has been made in the backend to see if that user_id matches the logged in user. $postUserId = $_POST['$postUserId'];//passed from page to page if($session->is_logged_in()) { $serverUserId = $session->user_id;// user_id from database of user data if ($postUserId == $serverUserId ){ // all is OK }else{ // all is not OK } }else{ echo "not logged in"; } Anyone looking at the source code can only see the user_id and can't do anthing with it as the checks are made by the session data backend..... or have I missed something? Is this really secure?

Thanks for the tip. You've prompted me to start reading up a bit on PHP security and bad coding.

I've just noticed my folders had spaces in the names so of course they didn't have the same name. I thought that was impossible so it's the first place I looked. I trimmed my $_POST variables and the problem has been solved now. Thanks. What did you mean allowing the user to dfine userId.... the user doesn't define his or her own id.

I have a form for uploading pictures. The form sends a file and a user_id to a .php file which among other things, does the following: 1. creates a folder based on the user_id 2. uploads the file to it If the folder exists already, there is a warning message. This all works fine. <?php $uploadedfile = $_POST['uploadedfile']; $userId = $_POST['userId']; echo $userId."<br />"; if ($_FILES["file"]["error"] > 0){ echo "Error: " . $_FILES["file"]["error"] . "<br />"; } else{ $thisdir = getcwd();//finds absolute path of this file //does folder exist if(file_exists($thisdir."/images"."/userFotos".$userId)) { echo "Folder based on userId exists already <br />"; }else{ //create new folder based on userId echo "This directory is: ".$thisdir."<br />"; /* create subfolder and make world-writable (CHMOD 0777). Tell me if success or failure... */ if(mkdir($thisdir ."/images"."/userFotos".$userId , 0777)){ echo "Directory".$thisdir ."/images"."/userFotos".$userId." has been created successfully...<br />"; }else{ echo "Failed to create directory..."; } } // etc etc. All works OK There is then a button which sends the user id back to the uploads page if the user wishes to upload more images: <form action="uploadTheFile.php" method="post" accept-charset="utf-8"> <input type="hidden" name="userId" value="<?php echo $userId; ?> " id="userId"> <input type="submit" value="Back to image uploads"> </form> Then the user can do it all again. The problem is that the second time the user browses an image and sends to the php file for folder creation/image upload I have the following problems: 1. The warning message saying that the folder already exists doesn't show up. 2. php creates a second folder with the same name and uploads the image there. Can anyone tell me why this is happening? Here is the original form... <?php $userId = $_POST['userId']; echo $userId."<br />"; ?> <form action="uploadTheFile_submit.php" method="post" enctype="multipart/form-data"> Choose a file to upload: <input name="uploadedfile" type="file" /> <input type="hidden" name="userId" value="<?php echo $userId; ?>" id="userId" /> <input type="submit" value="Upload File" /> </form>

Brilliant. Thanks salathe.

I'll try and explain it another way. If you look at the keys (dates) in $priceArr, you'll see that there are three dates in September....the 13th, 14h and 20th. This information is in $dateArr. The question is if $dateArr didn't exist how would I create it in php from $priceArr?

I have an associative array with dates and prices: $priceArr=array("2012-9-13"=>"34.00", "2012-9-14"=>"35.00", "2012-9-20"=>"36.00", "2012-10-21"=>"37.00", "2012-10-28"=>"38.00", "2012-10-29"=>"38.00"); I'm looking for the best solution. I need to loop through the array and explode just the keys that have a 9 in the middle (i.e. are in September). Then I just need the date value in a new array....which should look like this when finished: $dateArr=array("13", "14", "20"); The exploding and pushing items into the second array I can do, it's just dealing with the key from the associative array that's new and confusing territory for me.

Thanks Jesi. i did indeed misread the part about extract(). I am well on the way to a good solution now though.

OK. That all makes good sense. I'll drop the variable idea completely I think and use extract(). That looks like a brilliantly useful function. I didn't know about it before. A million thanks.

Thanks for the tip, PFMaBiSmAd. My "bob, jim..." example was just to simplify things. But seems to have caused some confusion instead. What I am actually doing is sending a massive amount of form data to a php file and then using this method to give variables appropriate names. So I will actually have two arrays: $varsArr = array("first_name", "last_name", "town"); //etc for 100s of fields $valuesArr = array("Bob", "Johnson", "Miami"); //etc for 100s of fields My vars will then have valid names. But there is probably an even better way of doing this. Maybe a function that receives a JSON array of my form data and converts it all to vars with values? This data will be used to create a new instance of an object later. A user for example.

OK. That's a massive help. Thanks all.

great. Thanks, Spiderwell I have just seen that I can do $$namesArray[1]; to make a variable $jim; But I have bad feeling that there must be a catch. Are there any pitfalls or problems with using this way? Is the way you suggested robuster?

if i have arrays: $namesArray = array("bob", "jim", "alan", "mark"); $agesArray = array("44", "33", "42", "40"); How can I declare a variable using the strings stored in the namesArray as the variable name. For example: $bob = "44"; $jim = "33"; //etc...

Hi, thanks all for the help. I tried various ways of converting to an INT with no success. Now I know the problem. My variable, although it outputs "string" when type tested, is actually an array starting with two curly braces and that is what is confusing php. I've got it sorted now. In case this helps any Contao users trying to write php with contao variables..... Don't do this: $myPageVar = '{{page::id}}';//gives you something php doesn't understand Do this: $myPageVar = $this->replaceInsertTags( '{{page::id}}' ); //for a php friendly variable

I'm having problems with a php variable I am getting from a CMS program (Contao). echo $myPageVar // returns 17 echo gettype($myPageVar); //returns string This seems OK but whenever i convert to an integer I get a value of 0. When I try to use the variable in a condition it also returns false. if ($myPageVar == "17") { //returns false } How do I convert $myPageVar to a useable variable with value = 17?

Ok, I think I have a solution. Maybe it can help somebody else or maybe someone has a better one... public static function advanced_search_all($city, $state, $myFieldNameArray) { $sql = "SELECT * FROM ".self::$table_name." WHERE addressTown='{$city}' AND state='{$state}'"; for ($i=0; $i<count($myFieldNameArray); $i++){ $sql .=" AND ".$myFieldNameArray[$i]."='1'"; } return self::find_by_sql($sql); }

I have a php function that takes two arguments which it uses to make an sql statement: public static function advanced_search($city, $state) { return self::find_by_sql("SELECT * FROM ".self::$table_name." WHERE addressTown='{$city}' AND state='{$state}' AND area='1'"); } My problem is I would like to insert a third variable (actually an array) that the function takes. This array will contain field names that I want to check in the statement to see which of them are equal to "1". The problem is this array might have 1 field name or anything up to 8 field names. I am not sure how to break out of the sql statement to loop through this array. Here is the statement with 3 field names that might help describe what I am trying to do: public static function advanced_search($city, $state, $myFieldNameArray) { return self::find_by_sql("SELECT * FROM ".self::$table_name." WHERE addressTown='{$city}' AND state='{$state}' AND ".$myFieldNameArray[0]."='1' AND ".$myFieldNameArray[1]."='1' AND ".$myFieldNameArray[2]."='1'"); } I hope that's clear enough. What I am struggling with is the syntax for how to break out of the statement and run through a for loop inserting something like this for each field name in the array AND ".$myFieldNameArray[$i]."='1' "

Thanks foe the extra info. I can now see how it works.

In case this helps anyone even sillier than me. I've just tried this: $sql = "SHOW FIELDS FROM apartmentoUsers"; $result = mysql_query($sql); while ($row = mysql_fetch_array($result)) { echo $row[0]; } ....which works.

Here is the last thing I tried. i'm getting closer but need to know what to put in place of xxxx in the while loop to get the field name. $sql = "SHOW FIELDS FROM apartmentoUsers"; $result = mysql_query($sql); while ($row = mysql_fetch_array($result)) { echo xxxxx;//what goes here? }

I don't know what you mean by that. A more in depth answer would be helpful while ($row = mysql_fetch_array($result)) { $product_name = $row['product_name']; } They are not rows so what goes in place of $row and in place of $row['product_name'] for example ???

Can someone please tell me how to use the "SHOW FIELDS FROM $mytable" in php? I understand how the MySql works but need to get these fields back into an array in php. That is the part I am strruggling with.. I normally return rows of data from my table and use a while loop.