jcbones

You need to make sure you disable magic_quotes_gpc. You cannot disable it at runtime, you can only strip the slashes that it applies, so if you have server access, then disable it. This function has been depreciated in PHP5.3 and removed in PHP5.4. runtime fix *FROM MANUAL <?php if (get_magic_quotes_gpc()) { $process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST); while (list($key, $val) = each($process)) { foreach ($val as $k => $v) { unset($process[$key][$k]); if (is_array($v)) { $process[$key][stripslashes($k)] = $v; $process[] = &$process[$key][stripslashes($k)]; } else { $process[$key][stripslashes($k)] = stripslashes($v); } } } unset($process); } ?>

No, not only will that not run how you think it will, it will not even parse.

Inside your while loop, concatenate the string. <?php //syntax highlighting $facebook_links = NULL; //start a variable (else you will get a notice that it is undefined). while($row = mysql_fetch_row($result)) { $fburl = $row[4]; $name = $row[1]; $href = "href=\"$fburl\""; $link = "<li><a $href>$name</a></li>"; echo $link; echo "\n"; $facebook_links .= '<br />' . $link; //concatenate variables with .= } echo $facebook_links; //echo the links AFTER the while loop.

At the very top of your script (below the opening PHP tag), put: error_reporting(-1); ini_set('display_errors',1); echo '<pre>' . print_r($_POST,true) . '</pre>'; This will tell you if you are getting errors on the page (missing variables, etc), and what form information is reaching the page.

echo $results[0]['in']; Will give you

Well, I had a long reply listed, then accidentally closed the window. But, I now see it is almost in-line with Psycho's post. But here it is, using a little AJAX to flesh it out a bit. <?php $directory = 'path/to/directory/'; //path to the directory (must have trailing slash). $file_name = 'test3.php'; //the name of the current file (assigns to javascript function. $list_of_files = glob($directory . '*.[wW][aA][vV]'); //get a list of files that reside in the directory. This will pick any file that ends in .WAV or .wav, it will also automatically pick them up, as they are added. $list_of_files = array_filter($list_of_files,'is_file'); //just in case a directory skipped through. if(!empty($_GET['name'])) { //if the get parameter exists, and isn't empty. if(in_array($_GET['name'],$list_of_files)) { //and the get parameter exists in the file array. echo '<object id="myMovie" classid="CLSID:CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA" height="250" width="540"> <param name="controls" value="ImageWindow"> <param name="console" value="_master"> <param name="center" value="true"> <embed name="myMovie" src="' . $_GET['name'] . '" height="250" width="540" nojava="true" controls="ImageWindow" console="_master" center="true" pluginspage="http://www.real.com/"></embed> </object>'; //echo the object to the page. exit(); //and end the script. } else { //else someone sent the wrong file to the get parameter. echo '<p>Invalid File!</p>'; //so tell them it is invalid! exit();//then end the script. } } foreach($list_of_files as $file) { //for each file, create a link. $links[] = $file . ' <a href="javascript:void(0);" onclick="play_file(\'' . $file . '\');">Play Now!</a>'; //links held in an array. } $file_links = (is_array($links)) ? implode('<br /><br />',$links) : 'No Files Present!'; //you can implode the links any way you like, I just double spaced them. //this is heredoc syntax, and is used to output the css styling (to make it look similar to a button, you may need to play with it), the javascript to load the file, and populates the links. //Upon clicking the Play Now link, the browser will request the object from the server, which will load through AJAX, so the page will not refresh. echo <<<EOF <style type="text/css"> a:link { display: block; width: 8em; height: 1.5em; background-color: #999999; border-top: 1px solid #CCCCCC; border-right: 1px solid #333333; border-bottom: 1px solid #333333; border-left: 1px solid #CCCCCC; text-decoration: none; color: #000000; cursor: default; } </style> <script type="text/javascript" src="http://code.jquery.com/jquery-1.7.2.min.js"></script> <script type="text/javascript"> function play_file(file) { $.get("{$file_name}",{name: file}, function(data) { $('#play_file').html(data); }); } </script> <div id="file_links">{$file_links}</div> <div id="play_file"> </div> EOF; ?> BTW, I put a $file_name variable in there, which should hold the value of what you name the file (including ext), this is for the JQuery function, and only because I dislike $_SERVER['PHP_SELF'] even if it would be a problem in this instance.

While most of you post made sense, I question this one: I would be pretty upset if I didn't get a login error, but just kept looking at a screen with my credentials on it. Pretty sure it wouldn't take me long to leave.

OK, so the function should return true if the login is successful, and false if it fails at ANY POINT. <?php function check_user($user,$password) { $password = md5($password); //example should use a better engine. $sql = "SELECT id FROM user WHERE name = '" . mysql_real_escape_string($user) . "' AND password = '$password'"; $result = mysql_query($sql) or trigger_error(mysql_error()); if(mysql_num_rows($result) == 1) { return true; } return false; } if($_SERVER['REQUEST_METHOD'] == 'POST' && (!empty($_POST['username']) && !empty($_POST['password']))) { if(check_user($_POST['username'],$_POST['password'])) { header('Location: http://mysite.com/successful_login.html'); } else { header('Location: http://mysite.com/login_failed.php?error=wrong%20username%20or%20password'); } }

I had this response ready, and there was 1 glaring problem in your code block, so I will post what I had. 1. mysql_real_escape_string is for escaping for database INSERTION, not SELECTION. (glaring problem). 2. You are creating the table inside the while LOOP, instead of just creating a new table row. It should be close to: <html> <head> <title>Untitled Document</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFFFF" text="#000000"> <?php include_once "init.php"; //include this file. $query = "SELECT * FROM car_info WHERE make='chevrolet'"; //build database query string. $result = mysql_query($query) or trigger_error(mysql_error()); // for development only; remove when in production (run query string, throw an error if it fails.) if(msyql_num_rows($result) > 0) { //if database returns at least 1 row. echo "<table border='1'>"; //build the table element. echo "<tr> <th>ID</th> <th>Year</th> <th>Make</th> <th>Model</th> <th>Price</th> <th>Exterior Color</th> <th>Interior Color</th> <th>Engine</th> <th>Tranmission</th> <th>Fuel Type</th> <th>Mileage</th> <th>State</th> <th>City</th> </tr>"; //build table header row. while ($row = mysql_fetch_assoc($result)) { //while there are rows available in the result resource. //make variables (optional). $id = $row['id']; $year = $row['year']; $make = $row['make']; $model = $row['model']; $price = $row['price']; $extcolor = $row['exteriorcolor']; $intcolor = $row['interiorcolor']; $engine = $row['engine']; $trans = $row['transmission']; $fuel = $row['fueltype']; $mileage = $row['mileage']; $state = $row['state']; $city = $row['city']; //echo each table row. echo <<<EOT <tr> <td>{$id}</td> <td>{$year}</td> <td>{$make}</td> <td>{$model}</td> <td>{$price}</td> <td>{$extcolor}</td> <td>{$intcolor}</td> <td>{$engine}</td> <td>{$trans}</td> <td>{$fuel}</td> <td>{$mileage}</td> <td>{$state}</td> <td>{$city}</td> </tr> EOT; } //all table rows have been echo'd echo "</table>"; //so close the table. } ?> </body> </html>

Some would argue that OOP is to much overhead for a simple site. But, I would say that OOP scales better, and is easier to take a simple site to a complex one. On the flip side, I think it is easier to understand OOP, if you know what the general coding does. So, I would start with simple procedural code, then move up to OOP after you become better versed in procedural. In answer to your example: What do YOU need it to return? true? false? 1? 0?, it is up for you to decide how to use the information that is returned. What do you want to do if the login fails? What do you want to do if the login is successful? Generally it goes: 1. User enters form data 2. Upon submission, server checks form data against database. 3. Success sends to another page, Failure points back to form with error message

Clearly this is a bluff, as the 4 aces have already been played.

You need to open the connection with: $conn->Open($connStr); Although, you should be including a username and password in there. COM

Thanks Phillip, It seems that a long running firefox plugin was the issue, resetting firefox fixed the problem.

Loaded up the freaks forum today, only to have a ugly white screen. Seems firefox cannot find the css file, nor the first script file. Problems After further investigation. (copy/paste to a new window), it seems these url's are missing something (dunno what was changed). These URL's work

Do you have a plugins folder? Does the plugins folder have other folders inside them? Is the plugins folder readable? Is the plugins folder residing inside the same folder as the running script?

= assign == compare === strict compare

Is this on a local machine, or on a web host? This is basically saying that the server cannot find the mysql socket(file, not port). Either: A. The socket file is in another location. ie /tmp/mysql.socket B. The MySQL installation is hosed.

Or, you could have just changed the query slightly, and add some slight validation. Staying away from running two queries (reducing overhead), and making it efficient. <?php $sql = "SELECT c.cat_id,c.cat_name,c.cat_visibility,i.category_id FROM item_category AS i LEFT JOIN category AS c ON i.category_id = c.cat_id WHERE i.item_id = $edit_id"; $result = mysql_query($sql) or trigger_error($sql . ' has encountered an error.<br />' . mysql_error()); if(mysql_num_rows($result) > 0) { while($row = mysql_fetch_assoc($result)) { $checked = ($row['cat_id'] == $row['category_id']) ? 'checked="checked"' : NULL; echo "<input type=\"checkbox\" name=\"item_cat[]\" value=\"{$row['cat_id']}\" $checked /> {$row['cat_name']}<br />"; } }

You should really be using a JOIN query. MySQL is a relational database, and this is where it really shines. <?php $sql = "SELECT c.cat_id,c.cat_name,c.cat_visibility FROM category AS c JOIN item_category AS i ON i.category_id = c.cat_id WHERE i.item_id = $edit_id"; $result = mysql_query($sql) or trigger_error($sql . ' has encountered an error.<br />' . mysql_error()); if(mysql_num_rows($result) > 0) { while($row = mysql_fetch_assoc($result)) { echo "<input type=\"checkbox\" name=\"item_cat[]\" value=\"{$row['cat_id']}\" checked=\"checked\" /> {$row['cat_name']}<br />"; } } If that throws an error, please post the code and the error(complete) back here.

That should not work, cannot believe that it does. mysql_result REQUIRES 2 arguments, the resource, and the row. The field is optional. I normally do not repeat myself, but you are just setting yourself up for problems in the future, as this is bad coding practices. (*NOTE: when viewing the manual, any arguments surrounded in [ and ] is optional, they will also have the default value given, in this case it is 0 for the 3rd argument). //at the very least, gives you the count. mysql_result($login_query,0); //if you want the userid; mysql_query($login_query,0,1); I personally would also check to see if the query returned rows, instead of checking to make sure it wasn't false. Not real sure why you would check to see if a result resource was equal to 1, when it could never equal 1 since it is a result resource. It can exists, therefore equal TRUE, or not exist therefore equal FALSE. Once again, that is my personal taste, I've seen plenty of "coders" that check it the way you have, I just don't agree that it is right.

Don't worry, everyone that works with teenagers, can't stand them. They can be great entertainment though.

mysql_result requires AT LEAST 2 parameters, there is an optional 3rd.

bind_param will fail, as you only passed 22 types (1st param), but 23 variables to it. You are also sending your fourth variable as a blob, which chunks it out. Pretty sure you have to send that with mysqli-stmt.send_long_data(), but I could be wrong on that.

Can you log into the MySQL console? Windows: ->cmd ->cd (to your mysql directory) ex. wamp is C:/wamp/bin/mysql/mysql(version)/bin/ ->mysql -u php24sql -p; it will prompt you for a password. If you are not using one, hit enter and it will let you in, or throw an error. I hope this was clear for you. *note, if you are using wampserver, you can just choose the mysql console from the tray.

Try this: UN-TESTED! <?php //syntax highlighting. function set($table) { $result = mysql_query("SHOW COLUMNS FROM $table"); //no need to select all data, just get the column info. while ($row = mysql_fetch_assoc($result)) { //loop through the data resource. $name = $row['Field']; //pull out the field name. $nameB = $_POST[$name]; //get the form data that matches the field name. if(strtolower($name) <> 'id'){ //if the field is not 'id', case sensitive here. might want to do a strtolower() on the field name. $columns[] = $name; //store the columns in an array. $values[] = $nameB; //store the values in an array. Indexes will match the column name. } //close if. } //close while; $q = "INSERT INTO $table(" . implode(',',$columns) . ") VALUES ('" . implode('\',\'',$values) . "')"; //implode the data into your query string. mysql_query($q) or trigger_error('(' . $q . ') has encountered the error: <br />' . mysql_error()); //run the query, trigger an error if it fails. } //close function.