Hobbyist_PHPer

Thanks, I thought about using fetch in that manner, but I couldn't comprehend how I could have multiple row result sets, the way it looks, but sure enough, as it loops, the variable changes each time... Thanks for all of your help, it is much appreciated.

For the life of me, I can't seem to figure out the correct syntax, to make this code work... $sql = "SELECT AgenciesAgents.AgentID, Agents.AgentFirstName, Agents.AgentLastName FROM AgenciesAgents LEFT JOIN Agents ON AgenciesAgents.AgentID = Agents.AgentID WHERE AgenciesAgents.AgencyID = ? "; if ($stmt = $mysqli -> prepare($sql)) { $stmt->bind_param("i", $AgencyID); $stmt->execute(); while ($row = $stmt -> fetch_assoc()) { echo '<p><span style="vertical-align: top; color: #515151;">'.$row['AgentLastName'].', '.$row['AgentFirstName'].'</span><a href="agency-agent-correlations.php?function=deletecorrelation&agencyid='.$AgencyID.'&agentid='.$row['AgentID'].'" onclick="return confirm(\'Are you certain you wish do delete this agent?\');"> <img src="images/delete_icon.png" width="20" height="20" /></a></p>'; } $stmt -> close(); }

On that top query, I use query, but on the other one I use prepare, I'm assuming that if I have variables in the sql, then I use prepare, but if I don't, then I use query, is that correct?

So what you're saying is, don't close the connection until the end of the page, after all of the queries on that page are completed?

You know, I'm glad you brought that up, because I was thinking the same thing, so how do you go ahead and open it back up, because in the connection file is where it is originally instantiated...

I'm not really sure what's going on, but I have been replacing all of my mysql queries with mysqli, and so far it is working fine, until I got to this one in particular... I am getting this error... "Warning: mysqli::prepare(): Couldn't fetch mysqli" and this error... "Warning: mysqli::close(): Couldn't fetch mysqli" I researched that problem, but none of what others had to say about fixing it, applied nor worked for me. What's funny about it is that just above that query, is another query in which has no problems... Here's the top query that works fine: $sql = "SELECT * FROM Agencies ORDER BY AgencyName ASC"; if ($result = $mysqli -> query($sql)) { while ($row = $result -> fetch_assoc()) { echo '<option value="'.$row['AgencyID'].'">'.$row['AgencyName'].'</option>'; } $result -> free(); } $mysqli -> close(); Now here's the query that is throwing the errors: $sql = "SELECT AgenciesAgents.*, Agents.AgentFirstName, Agents.AgentLastName FROM AgenciesAgents LEFT JOIN Agents ON AgenciesAgents.AgentID = Agents.AgentID WHERE AgenciesAgents.AgencyID = ? "; if ($stmt = $mysqli -> prepare($sql)) { $stmt->bind_param("i", $AgencyID); $stmt->execute(); while ($row = $stmt -> fetch_assoc()) { echo '<p><span style="vertical-align: top; color: #515151;">'.$row['AgentLastName'].', '.$row['AgentFirstName'].'</span><a href="agency-agent-correlations.php?function=deletecorrelation&agencyid='.$AgencyID.'&agentid='.$row['AgentID'].'" onclick="return confirm(\'Are you certain you wish do delete this agent?\');"> <img src="images/delete_icon.png" width="20" height="20" /></a></p>'; } $stmt -> free(); } $mysqli -> close();

Damn, you're right, I see what I did, thanks.

Hello everyone, so I just had PHP 5.5.5 installed on my server so that I could take advantage of the new password hashing API, but I'm having problems, it's not validating as true... Here's my login script code <? if (isset($_POST['loginform'])) { session_start(); require "../includes/connection.inc"; require "../includes/functions.php"; $Uname = clean($_POST['Username']); $Username = strtolower($Uname); $Password = clean($_POST['Password']); $sql = "SELECT ExaminerID, ExaminerName, ExaminerEmail, ExaminerPassword FROM Examiners WHERE ExaminerUsername = ? AND ExaminerPassword = ?"; if ($stmt = $mysqli -> prepare($sql)) { $stmt -> bind_param("ss", $Username, $Password); $stmt -> execute(); $stmt -> bind_result($ExaminerID, $ExaminerName, $ExaminerEmail, $ExaminerPassword); $stmt -> fetch(); if (password_verify($Password, $ExaminerPassword)) { session_regenerate_id(); $_SESSION['ExaminerID'] = $ExaminerID; $_SESSION['ExaminerName'] = $ExaminerName; $_SESSION['ExaminerEmail'] = $ExaminerEmail; session_write_close(); $stmt -> close(); $mysqli -> close(); header("location: https://*****************/index.php"); } else { $stmt -> close(); $mysqli -> close(); header("location: login.php?failed"); exit(); } } else { $stmt -> close(); $mysqli -> close(); header("location: login.php?failed"); exit(); } } ?>

WHAT?!?

Thank you... I thought I could just save code by putting it together... Obviously I was wrong... Your suggestion fixed it, thank you very much...

Thank you for the link, however I have no idea what that was...

Hello Everyone... I'm hoping someone can help me with this table grid, I've been pulling out my hair for a couple days now... I attempted a jQuery solution but could not make it work... So now I'm trying to make it work with just JavaScript... What I'm trying to do is simply allow a user to click on a row to pass an "id" value which would then display the entire data for that "id" ... essentially just a master/detail... Here's my current JavaScript: <script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.1/jquery.min.js"> function SubmitThisForm() { location.href = 'statuses.php'; } </script> And here's the form table row code, notice the onClick in the <tr>: extract($row); $rowCounter += 1; echo '<form action="statuses.php" method="post">'; echo '<input type="hidden" id="ID" name="ID" value="'.$OrderTicketID.'" />'; echo '<tr class="'.OddOrEven($rowCounter).'" style="line-height: 1.75;" onClick="SubmitThisForm(this)">'; echo '<td style="padding-left: 5px;"> </td>'; echo '<td>'.$OrderTicketFirstName.' '.$OrderTicketLastName.'</td>'; echo '<td>'.$BrokerCompanyName.'</td>'; echo '<td>'.$InsuranceCarrier.'</td>'; echo '<td>'.$AgentCompanyName.' '.$AgentName.'</td>'; echo '<td>'.$OrderTicketPolicyType.'</td>'; echo '<td>'.number_format($OrderTicketPolicyAmount, 2).'</td>'; echo '<td>'.$OrderTicketCurrentStatus.'</td>'; echo '<td>'; if($OrderTicketScheduledDateTime != "0000-00-00 00:00:00"){echo date('n-d-Y @ g:i a', strtotime($OrderTicketScheduledDateTime -6));} echo '</td>'; echo '</tr>'; echo '</form>'; By the way, it currently does nothing...

Thank you for pointing me to that, lots of great information... I only have one question, upon successful login, I need some session variables loaded with their counterpart values from the database, and I don't really understand PHP OOP, I prefer procedural ... Could you help me out with this bit of code? First I'll show you the code that I put together from what I learned from your tutorial... if (isset($_POST['op'])) { session_start(); require_once '/home/*****/config.php'; require_once '../includes/functions.php'; require_once '../includes/PasswordHash.php'; ForceHTTPS(); $db = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME); if (mysqli_connect_errno()) fail('MySQL connect', mysqli_connect_error()); $user = get_post_var('Username'); /* Sanity-check the username, don't rely on our use of prepared statements * alone to prevent attacks on the SQL server via malicious usernames. */ if (!preg_match('/^[a-zA-Z0-9_]{1,60}$/', $user)) fail('Invalid username'); $pass = get_post_var('Password'); /* Don't let them spend more of our CPU time than we were willing to. * Besides, bcrypt happens to use the first 72 characters only anyway. */ if (strlen($pass) > 72) fail('The supplied password is too long'); $op = $_POST['op']; if ($op !== 'login') fail('Unknown request'); if ($op === 'login') { $hash = '*'; // In case the user is not found ($stmt = $db->prepare('SELECT * FROM Agents WHERE AgentUsername=?')) || fail('MySQL prepare', $db->error); $stmt->bind_param('s', $user) || fail('MySQL bind_param', $db->error); $stmt->execute() || fail('MySQL execute', $db->error); $stmt->bind_result($hash) || fail('MySQL bind_result', $db->error); if (!$stmt->fetch() && $db->errno) fail('MySQL fetch', $db->error); if ($hasher->CheckPassword($pass, $hash)) { //Login Successful session_regenerate_id(); $_SESSION['AgentID'] = $row['AgentID']; $_SESSION['AgentLicenseCode'] = $row['AgentLicenseCode']; $_SESSION['AgentCompanyName'] = $row['AgentCompanyName']; $_SESSION['AgentName'] = $row['AgentName']; $_SESSION['AgentState'] = $row['AgentState']; session_write_close(); header("location: index.php"); exit(); } else { //Login failed header("location: login.php?failed"); exit(); } unset($hasher); $stmt->close(); } $db->close(); } So you can probably see where I need the variables set, but I'll repeat that part here... if ($hasher->CheckPassword($pass, $hash)) { //Login Successful session_regenerate_id(); $_SESSION['AgentID'] = $row['AgentID']; $_SESSION['AgentLicenseCode'] = $row['AgentLicenseCode']; $_SESSION['AgentCompanyName'] = $row['AgentCompanyName']; $_SESSION['AgentName'] = $row['AgentName']; $_SESSION['AgentState'] = $row['AgentState']; session_write_close(); header("location: index.php"); exit(); }

Hello Everyone... So I've decided to upgrade my current login system that I use for my projects... It uses md5 only ... I've also decided to start using mysqli instead of mysql... I've spent the last few hours pouring through forums and tutorials on the subject of proper hashing and encryption, and honestly am more confused than when I started searching... So I was wondering if I could get some php experts from phpfreaks to give me advice on the method that they feel comfortable with using in their projects... and perhaps a tiny example Here's what I had been using... $Uname = clean($_POST['Username']); $Pword = clean($_POST['Password']); $Username = strtolower($Uname); $Password = md5($Pword); $result = mysql_query("SELECT * FROM Agents WHERE AgentUsername = '$Username' AND AgentPassword = '$Password'") or die(mysql_error()); $rowCounter = mysql_num_rows($result); if($rowCounter == 1) { session_regenerate_id(); $row = mysql_fetch_assoc($result); $_SESSION['AgentID'] = $row['AgentID'];

Thanks again guys