[Adding GD and Image functions in a website]

Read this sticky

[Please help with special characters]

Actually, I wouldn't use output escaping there. That's where I'd validate the input, to make sure it conforms to the expected formats.

 

Only when sending the data to the SQL (query) would I escape it, to prevent both SQL injections and mangling the content when sent to other systems (like the browser, in case of validation errors).

 

Valid point. Since there was nothing in between the variable declarations and the actual query, I failed to notice the need for that comment. But very worth pointing out. Good catch.

[Please help with special characters]

[PHP user login system on HTML site]

The basics:

Sign up: load users info into db

Login: check login credentials against said db. Set a $_SESSION variable or cookie

To restrict a page: Check said $_SESSION variable or cookie

 

You are going to have to learn some php here; or pay someone to do it for you..there's a freelance section if your interested in that option.

[Please help with special characters]

For each of these

 

$id_categoria=$_POST["id_categoria"];
$id_subcategoria=$_POST["id_subcategoria"];
$articulo_tit=$_POST["articulo_tit"];
$articulo_descripcion=$_POST["articulo_descripcion"];
$articulo_novedad=$_POST["articulo_novedad"];
$articulo_visible=$_POST["articulo_visible"];
$articulo_oferta=$_POST["articulo_oferta"];

it would be

$id_categoria=mysql_real_escape_string($_POST["id_categoria"]);
[...]

Then just use the variables as you normally would.

 

Deprecated means they will stop supporting it soon so you should switch to the mysqli group of functions. Here's a link to get you started: mysqli.

[Please help with special characters]

mysql_real_escape_string

 

But note that the normal mysql functions are deprecated and you should switch to the mysqli extension.

[how to make my search engine work?]

I didn't look too close, but your query should be failing due to the mal-formed WHERE statement.

 

Try this:

WHERE departure_airport ='$depAirport' AND arrival_airport = '$arrAirport' AND departure_date ='$dDate' 

 

Turn on error reporting, it would have caught that.

[You have an error in your SQL syntax]

Escape your data. It would help if you posted code though

[Can someone tell me what the error is in this PHP '$_GET if else' code]

Also, check out this indented version

$banned = array('Main_Page','Community_portal','Current_events','Special:RecentChanges','Help:Contents','Special:WhatLinksHere/Help:Contents','Special:Upload,Special:SpecialPages','itsmywiki.com:Privacy_policy','itsmywiki.com:About','itsmywiki:General_disclaimer','Special:Preferences,Special:Watchlist','Special:Contributions/itsmywiki.com','Special:UserLogout&returnto=Special%3AContributions%2F$','User:$,User_talk:$');
$allowed = array('edit','history');
if (in_array($_GET['title'], $banned)) {
 // do nothing
} else {
if (in_array($_GET['action'], $allowed)) {
// do nothing
}
else {
echo '<center><div class="fb-comments" data-width="800" data-num-posts="100" data-colorscheme="dark"></div></center>';
}
}

 

if the $_GET['title'] is in that array, you do nothing. Try negating that (!in_array())

[Can someone tell me what the error is in this PHP '$_GET if else' code]

Your OP checked both $_GET['title'] and $_GET['action']. In this most recent version, you check action in both cases. Was that an intentional change?

[Can someone tell me what the error is in this PHP '$_GET if else' code]

Most likely, your desired titles and actions are being treated as strings; that's what it looks like to me. You either need to test for each one, or make an array out of the values and use in_array.

 

Ex:

$allowed = array('edit','history');
if (in_array($_GET['action'], $allowed)) {
// show comment code
}

 

Something like that...

[Can someone tell me what the error is in this PHP '$_GET if else' code]

Is that a nested if/else in the OP? If so I believe you're missing a closing brace ( } ). I only see one

[Adding records to database]

In addition to what Barand and PaulRyan said, add a $ to the variable you're passing into add_to_table()

 

$table_nm = 'session_entry';
add_to_table(table_nm);
echo "Back";

[Problem with "strange" but simple issue... simpel for some, not me :)]

Yeah, you're query is failing. $id needs to be in wrapped in single quotes if used as a value in the WHERE...that's my guess.

[Help with OOP, calling parent function from child class?]

I'm glad I posted this, instead of writing a bunch of code just to re-write this.

 

Trial and error is a great learning method really

[Help with OOP, calling parent function from child class?]

I think your errors are stemming from here. Not your technical errors, but your logic errors (although probably both).

 

First I have this login page, Where I am creating a connection to the DB and then creating a new user. Then I call the function $user->login();

 

The user should not log itself in. Query the db with the user input and if successful, construct a user/set a cookie/etc. This could be done procedurally, or you could make some sort of Authorization class.

 

This is evident by the need to extend the DB class as a User. As trq noted: is a user a database? No. So it should not extend it; nor have any knowledge of it really.

 

Just my opinion. Hope it helps

[Oop Login And Database]

If I may offer another opinion..

 

I would actually say your user class should have no knowledge of where the data comes from at all. What happens if the business rules change to include csv's? I think you should just pass in an array of data so the user doesn't care where it comes from. Handle the logging in the client code or a mediary class.

 

Just my two cents.

[Php Code Not Pulling Info From Sql Server]

From what I know of mssql, it looks fine, but I have to admit that knowledge is limited. But, we already determined it wasn't the connection or the db, it's the results using this (and btw this tests the connection, not the results)

 

if (!$result) {
die('We have no result so everything after will fail');
}

 

When you loop through your result set here

 

$resultAsArray = array();
while ( $row = sqlsrv_fetch( $result, SQLSRV_FETCH_ASSOC )) {
$resultAsArray []= $row;
}
print_r($resultAsArray);

 

we proved the results are empty with the print_r() statement.

 

So that tells us that the problem is before that, and since it's not with the connection, there's only the query left as far as I know. So that must be failing.

 

Sorry, that's about all I can help with.

[Php Code Not Pulling Info From Sql Server]

Yes $resultAsArray is empty, because it starts out empty. I put my query in to SQL and it pulled my list. My connection to the Database I know works, because I have the same thing for another page and it works fine. But getting this to put into a drop down box does not work. I had something else, but it only worked in Chrome but not IE and that was because I had a table nested into the select, which I have found out is wrong. So someone from another forum suggested this route for the select, but was psuedocode and I had to match up what he had in psuedocode to MSSQL code.

 

Right, so you're while statement is doing nothing. It has no relevant data is what I mean. It never puts anything into $resultAsArray so the problem is there.

[Php Code Not Pulling Info From Sql Server]

So $resultAsArray is empty. That means you got no results from your query. Make sure your SQL or whatever is correct.

[Php Code Not Pulling Info From Sql Server]

OK, revert it back then; I was trying to see if maybe php wasn't parsing that array value.

 

The code if (!$result) just makes sure your connection failed or not, not that you have valid results. Add this right before your form and verify you have results, not just a non-false value

echo "<pre>";
print_r($resultAsArray);
echo "</pre>";

[Php Code Not Pulling Info From Sql Server]

There's not much of a difference here, but try this and let me know what happens. I'm not sure if this is the problem or not, but we have to start somewhere

 

$result = sqlsrv_query($connection,$query);
if(!$result) {
die('We have no result so everything after will fail');
}
// Move the data to a simple array to simplify presentation code.
$resultAsArray = array();
while ( $row = sqlsrv_fetch( $result, SQLSRV_FETCH_ASSOC )) {
$resultAsArray []= $row;
}
/*echo $resultAsArray;*/
?>
<form method="get" action="getlog.php">
<table width="250" border="0">
<tr>
<td>Forte ID:</td>
<td>
<select name="test" id="test">
<?php foreach ($resultAsArray as $row): ?>
<option value="<?php echo {$row['ForteID']};?>"><?php echo $row['ForteID']; ?></option>
<?php endforeach; ?>
</select>

 

PS options don't need a name, and an ID needs to be unique, so I took out the id too.

[Post Checked Values To Mysql Jquery Serialize()]

Pretty much as in changing the "post" to "POST" so it would trigger,

 

That doesn't matter if he uses 'post' in the method. It just has to match.

 

encasing it in PRE tags so it would be more readable

 

That doesn't make anything more functional or more correct

 

then adding the PHP tags so it worked

 

My mistake, I assumed since he was on a php forum...

[Insert Query Help!]

But what does 'doesn't work' mean? You get a white page? No results in your db? What?

[Post Checked Values To Mysql Jquery Serialize()]

Here's pretty much what he was showing you

 

Not pretty much, that's the exact same as I posted.

 

Your button type needs to be set to submit. Right now, it's just a button.

 

Good call