dpedroia

Well folks, it looks like we've encountered an ID-10-T error. My link for subtracting wins, for example, was: <a href="manageteam.php?team=<?php echo $teamRow['id']['id']; ?>&subtractwin=1">[Deduct Win]</a> Looks like I had two ['id'] entries in the link that was messing up the link somehow.. deleted one of them and it's good to go. On to better times!

First, I meant to say I have fields in my database called 'games', 'wins' and 'losses'. They are all in the 'teams' table. Sorry! Okay, this is odd. Yesideez, when I added the echo line and echoed the query for addwin it was showing the Team ID of 15, which is the ID of a team in my database. However, I use the same query for subtractwin but only change the '+' to a '-' and the query that's echoed then shows a Team ID of 1.. not 15. It seems that all of the 'add' features work.. but the 'subtract' ones reset the Team ID being used to '1' instead of whatever the Team ID should really be. Query being echoed when I add a win: UPDATE `teams` SET `wins` = `wins` + 1 WHERE `id` = '15'; Query being echoed when I subtract a win: UPDATE `teams` SET `wins` = `wins` + 1 WHERE `id` = '1'; Thing is, I ran the query manually from phpMyAdmin and I can add and subtract fine.. values are changing and it's all good. It's only when I click 'Subtract Win' through the webpage that it resets the Team ID back to 1 and does not work. I attached a screenshot of my `teams` table. Thanks. [attachment deleted by admin]

I have tables in my MySQL database called "games", "wins" and "losses". I'm attempting to write SQL queries that will increment or decrement a value depending on what link is clicked from the main page. My SQL queries are as follows: <?php require_once('config.php'); if ( !isset($_SESSION['user']) ) { include('login.php'); exit; } $sql = 'select * from `teams` WHERE `id` = \'' . mysql_real_escape_string($_GET['team']) . '\''; $res = mysql_query($sql); //if ( mysql_num_rows($res) == 0 ) { include('index.php'); exit; } $row_team = mysql_fetch_array($res); if ( isset($_GET['addgame']) ) { $sql = 'UPDATE `teams` SET `games` = `games` + 1 WHERE `id` = \'' . mysql_real_escape_string($_GET['team']) . '\''; mysql_query($sql); } if ( isset($_GET['subtractgame']) ) { $sql = 'UPDATE `teams` SET `games` = `games` - 1 WHERE `id` = \'' . mysql_real_escape_string($_GET['team']) . '\''; mysql_query($sql); } if ( isset($_GET['addwin']) ) { $sql = 'UPDATE `teams` SET `wins` = `wins` + 1 WHERE `id` = \'' . mysql_real_escape_string($_GET['team']) . '\''; mysql_query($sql); } if ( isset($_GET['subtractwin']) ) { $sql = 'UPDATE `teams` SET `wins` = `wins` - 1 WHERE `id` = \'' . mysql_real_escape_string($_GET['team']) . '\''; mysql_query($sql); } if ( isset($_GET['addloss']) ) { $sql = 'UPDATE `teams` SET `losses` = `losses` + 1 WHERE `id` = \'' . mysql_real_escape_string($_GET['team']) . '\''; mysql_query($sql); } if ( isset($_GET['subtractloss']) ) { $sql = 'UPDATE `teams` SET `losses` = `losses` - 1 WHERE `id` = \'' . mysql_real_escape_string($_GET['team']) . '\''; mysql_query($sql); } $sql = 'select * from `teams` WHERE `id` = \'' . mysql_real_escape_string($_GET['team']) . '\''; $res = mysql_query($sql); $row_team = mysql_fetch_array($res); ?> For some reason, I can increment the amount of games, wins or losses as many times as I want.. it'll be updated in the database and the changes will be reflected on the page. However, when I go to subtract a game, win or loss, it seems to leave null values as if there are no games, wins or losses at all. For example, say the site outputs the Yankees have 10 wins and 2 losses. When "[Add Win]" is clicked, the win total will increase to 11 and such changes will be displayed on the site. But, when "[Deduct Win]" is clicked, it seems to cancel out every value for the number of games, wins and losses and just outputs nothing.. Is there a reason for this? My addition is working fine, it's the subtraction that's messed up.. but it should work based on what I see. Thanks.

Sorry for the late reply. Since I'm on a shared hosting account the company could not universally kill register_globals, so I turned them off manually using a php.ini file and setting: No problems yet. Hopefully this was the fix needed.. will report back if further issues arise. Thanks again for the help thus far.

If register_globals are on (what does a phpinfo() statement show for register_globals?), when you use extract on each row from your query, it is setting $user and that would be setting $_SESSION['user'] with the last value retrieved from the database. If you are going to use extract(), you should use it with a prefix (see the EXTR_PREFIX_ALL setting) so that there is no chance that it will overwrite any of your existing variables. phpinfo() is showing: 'Local Value | Master Value' for On and On, respectively ..so apparently register_globals is on. I'm relatively new to PHP and don't really understand the prefix part. I've read a bit on EXTR_PREFIX_ALL and understand I should modify extract to something like the following: extract($row, EXTR_PREFIX_ALL, 'row') Does this look right? Ah. I am referencing the instructions found on w3schools.com but do not understand Example 2 and how, why or where 'dup' comes into play for that particular example.

Thanks, just checked and searched the entire root folder containing all website files for instances of "$_SESSION" and the only two places where _$SESSION['user'] could even remotely potentially be taking on another value is in mysa-events.php and login.php, as seen below: mysa-events.php <?php $user = $_SESSION['user']; $max_col = 100; $query = "SELECT * FROM events WHERE user = $user"; $result = mysql_query($query) or die(mysql_error()); echo "<table class='sortable tableFormat' cellspacing=5> <tr> <th>Event ID </th> <th>Event Name </th> <th>Sport </th> <th>State </th> <th>Venue </th> <th>Date </th> <th>Manage </th> </tr>"; $col = 0; while($row = mysql_fetch_array($result)) { extract($row); $col++; echo "<tr> <td><a href=events.php?event=$id>$id</a> </td> <td>$eventname </td> <td>$sport </td> <td>$state </td> <td>$venue </td> <td>$month/$day/$year </td> <td><a href=manageevent.php?event=$id>Manage</a> </td> </tr>"; } echo"</table>"; ?> login.php <?php require_once('config.php'); if ( isset($_POST['Login']) ) { $sql = 'SELECT * FROM `users` where `email` = \'' . mysql_real_escape_string($_POST['Username']) . '\' and `password` = \'' . mysql_real_escape_string($_POST['Password']) . '\''; $res = mysql_query($sql); if ( mysql_num_rows($res) != 0 ) { $row = mysql_fetch_array($res); $_SESSION['user'] = $row['id']; header('Location:index.php'); exit; } else { echo "<center><br><p class=loginfailure>Invalid login. Please check your credentials and try again.</p><br> </center>";?><?php } } ?> These instances are $user = $_SESSION['user']; in mysa-events.php and $_SESSION['user'] = $row['id']; in login.php, and are the only calculations involving $_SESSION['user'];. All other instances are in if-statements checking if the user is logged in and wouldn't in any way alter the value of $_SESSION['user'];.

Well although it looked like the problem was resolved by forcing all users/visitors to 'www', it apparently wasn't. I was just clicking around on the site and noticed the problem still exists with being able to view other users' events. Does anyone have any further opinions as to why this could be happening? I modified my .htaccess file as stated before to force all visitors to 'www'. My login.php file is: <?php require_once('config.php'); if ( isset($_POST['Login']) ) { $sql = 'SELECT * FROM `users` where `email` = \'' . mysql_real_escape_string($_POST['Username']) . '\' and `password` = \'' . mysql_real_escape_string($_POST['Password']) . '\''; $res = mysql_query($sql); if ( mysql_num_rows($res) != 0 ) { $row = mysql_fetch_array($res); $_SESSION['user'] = $row['id']; header('Location:index.php'); exit; } else { echo "<center><br><p class=loginfailure>Invalid login. Please check your credentials and try again.</p><br> </center>";?><?php } } ?>

(Unintentional bump; could not modify my previous reply) So I added the following to my .htaccess: RewriteEngine On RewriteCond %{HTTP_HOST} ^yourdomain\.com$ [NC] RewriteRule ^(.*)$ http://www.yourdomain.com/$1 [R=301,L] ..and now all non-WWW visits are being forced to .WWW.. I had some issues with the same events being displayed but cleared my cookies and tried again.. all seems to be well I'll wait 24 hours to see if everything remains the same. Thanks to all who assisted thus far. Hoping the issue is now resolved for good!

Very interesting, I would've never considered that as a possible reason. I tried 'mydomain.com/...' and 'www.mydomain.com/...' and did notice a difference.. definitely will give this a shot and I'll report back with the results.

Hmm, did that and it seems to be randomly alternating between 6 and 7 still. It doesn't seem to be happening after any certain number of page clicks, refreshes, etc., and happens on more than the mysa-events.php page (I've noticed the ID changing on all of the Standings pages as well using that line of code).

Okay, I added: $user = $_SESSION['user']; ...above... $max_col = 100; $query = "SELECT * FROM events WHERE user = $user"; $result = mysql_query($query) or die(mysql_error()); ...to get... $user = $_SESSION['user']; $max_col = 100; $query = "SELECT * FROM events WHERE user = $user"; $result = mysql_query($query) or die(mysql_error()); ..in mysa-events.php, but the issue still seems to be present. I'm logged into the test account and the events under 'Manage Your Events' continuously rotate between "The Fens Showdown" and "I'm Hungry for French Fries" (both test events). In my database, the 'test@test.com' account has a user ID of 7. The event "The Fens Showdown" was created by the user with an ID of 6. "I'm Hungry for French Fries" was created by the user with an ID of 7. After clicking around and going back to mysa-events.php nearly 50 times I've only seen those two events alternate.. don't know if this is a coincidence or if the other event, "Public Event", is not showing for a reason.

Ah, the $user variable isn't "declared" anywhere, per se.. I'm relatively new to PHP, but I've added (and forgot to put in my initial post): <?php if ( isset($_SESSION['user']) ) { ..to the mysa-events.php page. I'd assumed $user would read the 'user' ID and thus output that particular user's events. I guess this is definitely where the issue lies. Now, I believe what I need to do is modify: $query = "SELECT * FROM events WHERE user = $user"; ..by declaring what $user is, but I'm unsure of how to set $user to the user ID of the person logged in. As for ensuring manageevent.php will only output your events, I'll have a check to make sure the user logged in's user ID matches the user ID of the event creator, but that's yet to come. Thanks again.

I have a website setup here: http://www.vyfx.com/sportaccess/ There is a test account of: 'test@test.com | test' should it help in troubleshooting this issue.. When users login to the site (still under construction) they have the ability to create events. The Create Event can be found by hovering over 'Events' at the top and selecting Create Event. All events are linked to the logged-in user's unique "user ID", which is a field labeled 'id' in the `users` table of the MySQL database. The problem is this.. once a user has created an event, they may view their event(s) in the 'My Account > My SportAccess > Manage Your Events' page. However, although the correct events are listed initially and nothing seems to be of an issue, clicking around other pages in the site and returning to the 'Manage Your Events' page will often display another user's events instead. Obviously this is an issue because I don't want users to be able to manage other users' events or information. I don't know why this could be happening but am thinking along the lines of a loop somewhere that may be incrementing the $id variable, thus displaying another user's information.. The code I have for 'mysa-events.php', the page where this is occurring, is: <?php require_once('config.php'); $max_col = 100; $query = "SELECT * FROM events WHERE user = $user"; $result = mysql_query($query) or die(mysql_error()); echo "<table class='sortable tableFormat' cellspacing=5> <tr> <th>Event ID </th> <th>Event Name </th> <th>Sport </th> <th>State </th> <th>Venue </th> <th>Date </th> <th>Manage </th> </tr>"; $col = 0; while($row = mysql_fetch_array($result)) { extract($row); $col++; echo "<tr> <td><a href=events.php?event=$id>$id</a> </td> <td>$eventname </td> <td>$sport </td> <td>$state </td> <td>$venue </td> <td>$month/$day/$year </td> <td><a href=manageevent.php?event=$id>Manage</a> </td> </tr>"; } echo"</table>"; ?> My 'config.php' file is: <?php session_start(); $conn = mysql_connect('ADDRESS','USERNAME','PASSWORD'); mysql_select_db('sportaccess'); ?> The code for the Create Event page, 'createevent.php', is: <?php require_once('config.php'); if ( !isset($_SESSION['user']) ) { include('login.php'); exit; } if ( isset($_POST['Submit']) ) { if ( trim($_POST['EventName']) == '' ) { $error['eventname'] = 1; } if ( trim($_POST['Venue']) == '' ) { $error['venue'] = 1; } if ( !isset($error) ) { echo "<center><br><p class=success>You have successfully created an event.</p><br> </center>"; $sql = 'INSERT INTO `events` (`user`,`eventname`,`sport`,`state`,`venue`,`month`,`day`,`year`,`pubpriv`) values (\'' . mysql_real_escape_string($_SESSION['user']) . '\',\'' . mysql_real_escape_string($_POST['EventName']) . '\',\'' . mysql_real_escape_string($_POST['Sport']) . '\',\'' . mysql_real_escape_string($_POST['State']) . '\',\'' . mysql_real_escape_string($_POST['Venue']) . '\',\'' . mysql_real_escape_string($_POST['Month']) . '\',\'' . mysql_real_escape_string($_POST['Day']) . '\',\'' . mysql_real_escape_string($_POST['Year']) . '\',\'' . mysql_real_escape_string($_POST['PubPriv']) . '\')'; $res = mysql_query($sql) or die(mysql_error()); ?> <?php } else { if ( isset($error['eventname']) ) { echo "<center><br><p class=loginfailure>You must enter a name for your event.</p><br> </center>"; ?> <?php } if ( isset($error['venue']) ) { echo "<center><br><p class=loginfailure>You must enter a venue for your event.</p><br> </center>"; ?> <?php } if ( isset($error['event']) ) { echo "<center><br><p class=loginfailure>There were errors creating your event. Please try again.</p><br> </center>"; ?> <?php } } } ?> <form name="form1" method="post" action=""> <strong>Creating your event is quick and easy.</strong><br><br> <label> Event Name:<br> <input type="text" name="EventName" id="EventName"> </label> <br> <br> <label> Sport:<br> <select name="Sport" id="Sport"> <option value="Baseball">Baseball</option> <option value="Basketball">Basketball</option> <option value="Football">Football</option> <option value="Hockey">Hockey</option> </select> </label> <br> <br> State:<br> <label> <select name="State" id="State"> <option value="STATES ARE HERE">STATES ARE HERE</option> </select> </label> <br> <br> Venue / Location:<br> <label> <input type="text" name="Venue" id="Venue"> </label> <br> <br> Event Date:<br> <label> <select name="Month" id="Month"> <option value="1">January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> / <select name="Day" id="Day"> <option value="DAYS OF THE MONTH ARE HERE">DAYS OF THE MONTH ARE HERE</option> </select> / <select name="Year" id="Year"> <option value="2010">2010</option> <option value="2011">2011</option> <option value="2012">2012</option> <option value="2013">2013</option> <option value="2014">2014</option> <option value="2015">2015</option> </select> </label> <br> <br> Public or Private:<br> <label> <select name="PubPriv" id="PubPriv"> <option value="Public">Public</option> <option value="Private">Private</option> </select> </label><br><br> <input type="submit" name="Submit" id="Submit" value="Create Event"> </label> </form> If anybody could provide some guidance as to why the page may be displaying another user's events it would be greatly appreciated. Thank you!

I could kiss you right now. Well maybe not, but regardless this worked.. thanks to everyone for the help. Woo!

I changed my manageteams.php page to: <?php $id = (int) $_GET['team']; $max_col = 100; $query = "SELECT * FROM teams WHERE id=$id"; $result = mysql_query($query) or die(mysql_error()); $wpct = @($wins/$games); echo "Team Name: $teamname<br> Sport: $sport<br> Games: $games<br> Wins: $wins<br> Losses: $losses<br> Winning Percentage: "; echo number_format("$wpct",3); ?> But there is still no output. Ahh! There's probably something simple that I've been overlooking. Any other ideas perhaps?