steff_dk

I get this error: [quote]Warning: Unknown: Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0[/quote] -when I run this script: [code]<?PHP //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('bestyrelse')){ //the session variable is registered, the user is allowed to see anything that follows $titel = $_POST['titel']; $fornavn = $_POST['fornavn']; $efternavn = $_POST['efternavn']; $adresse = $_POST['adresse']; $postnr = $_POST['postnr']; $postby = $_POST['postby']; $mailadresse = $_POST['mailadresse']; $enhed = $_POST['enhed']; $cpr = $_POST['cpr']; $bestyrelse = $_POST['bestyrelse']; $senior = $_POST['senior']; $noter = $_POST['noter']; //set the database connection variables $dbHost = "localhost"; $dbUser = "mydomain_dk"; $dbPass = "password"; $dbDatabase = "mydomain_dk"; //connect to the database $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); $newpass = rand(1001, 9999); mysql_query("INSERT INTO medlemmer(titel, fornavn, efternavn, adresse, postnr, postby, mailadresse, enhed, cpr, bestyrelse, senior, noter, md5pass) VALUES('$titel', '$fornavn', '$efternavn', '$adresse', '$postnr', '$postby', '$mailadresse', '$enhed', '$cpr', '$bestyrelse', '$senior', '$noter', md5('$newpass'))", $db); $ID=mysql_insert_id(); mysql_query("UPDATE medlemmer set md5user=MD5('$ID') WHERE ID='$ID'") or die(mysql_error()); print("<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' ><head><meta http-equiv='content-type' content='text/html; charset=iso-8859-1' /><style type='text/css' title='currentStyle' media='screen'> @import 'css/frameinframesource.css'; </style></head><body style='background-color: #FFFFFF'><div>"); if($bestyrelse == 'on'){$bestyrelse="Ja";} else{$bestyrelse="Nej";} if($senior == 'on'){$senior="Ja";} else{$senior="Nej";} print("<h3><span>Medlemsoplysninger for medlemsnr $ID</span></h3><br><br>"); print("<p class='p2'><span><table border='0' style='border-collapse: collapse' bordercolor='#111111' width='350' cellpadding='2' id='viewuser'><tr><td colspan='2'>$titel $fornavn $efternavn</td></tr><tr><td colspan='2'>$adresse</td></tr><tr><td colspan='2'>$postnr $postby<br><br><br></td></tr><tr><td>mailadresse</td>"); print("<td>$mailadresse</td></tr><tr><td>Enhed</td><td>$enhed</td></tr><tr><td>CPR</td><td>$cpr</td></tr><tr><td>Noter</td><td>$noter</td></tr><tr><td>Senior: $senior</td><td>Bestyrelse: $bestyrelse</td></tr><tr><td colspan='2'><br><br>Brugeren er oprettet<br>og kan logge på med brugernavn: $ID<br>og password: '$newpass'</td></tr><tr><td colspan='2'><br><br><a href='edituser.php?medlemID=$ID'>Redigér</a></td></tr></table></span></p>"); print("</div></body></html>"); } else{ //the session variable isn't registered, send them back to the login page header( "Location: source.php?textID=1" ); } ?>[/code] I set my sessions like this: [code] //start the session and register a variable   session_start();   session_register('username');[/code] What's that about?

Beautiful!  :D It works flawlessly! Thanks mate Edit: to cope with months with an initial zero, e.g. "04" -> "4" [code]echo "<b>".$months[intval($dates['1'])]." ".$dates['0']."</b>";[/code]

I get an error here: [code]echo "<b>".$months[$dates['1']]." ".$dates['0']"</b>";[/code] Tried this without luck: [code]echo "<b>&nbsp;$months[$dates['1']]&nbsp;$dates['0']</b>";[/code] Can't figure out why, though  ???

Yup - here's the code: [code]<?php //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('username')){ //the session variable is registered, the user is allowed to see anything that follows //set connect attributes $dbHost = "localhost"; $dbUser = "mydomain_dk"; $dbPass = "password"; $dbDatabase = "mydomain_dk"; //create connection $link_id = mysql_connect($dbHost, $dbUser, $dbPass) or die (mysql_error()); //select database or catalog mysql_select_db($dbDatabase, $link_id); //sql statement to variable $sql="SELECT ID, dato, titel, tilmelding FROM arrangementer WHERE dato >= CURDATE() ORDER BY dato"; //return result set to php $result=mysql_query($sql, $link_id) or die (mysql_error()); print("<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>"); print("<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' >"); print("<head><meta http-equiv='content-type' content='text/html; charset=iso-8859-1' />"); print("<style type='text/css' title='currentStyle' media='screen'> @import 'css/frameinframesource.css'; </style>"); print("</head><body style='background-color: #FFFFFF'><div><h3><span>Arrangementer<br></span></h3><p class='p1'><span>"); print("<table border='0' cellspacing='0' style='border-collapse: collapse' bordercolor='#111111' width='350' id='arr_table'>"); if (!$result) echo "<TR><TD width=200><font face=arial>Henter resultat</TD>"; while (list ($ID, $dato, $titel, $tilmelding) = mysql_fetch_row ($result)) { //hvor mange er tilmeldt $antal=mysql_query("select * from tilmeldinger where arrangementID='$ID'", $link_id); $rowCheck = mysql_num_rows($antal); print("<tr><td>$dato</td><td>$titel</td><td><a href='viewarr.php?ID=$ID'><img src='grafik/tilmeld.gif' border='0'></a>&nbsp;($rowCheck)</td></tr>"); } //close table tag and page print("</table></span></p></div></body></html> "); //free result set mysql_close(); } else{ //the session variable isn't registered, send them back to the login page Print("FEJL! Du er ikke logget ind opdater siden og log ind."); } ?>[/code]

Hi all! I have a page where events are sorted by date like so: 2006-11-08 - Event 1 2006-11-12 - Event 2 2006-12-02 - Event 3 2006-12-05 - Event 4 2006-12-22 - Event 5 ... and so on ... The list is just the straight output from a sql clause like "select the_date, the_title from event_table order by the_date" with some <tr>'s and <td>'s in between. I want to add a header into this list for each month so it will look like this instead: [b]NOVEMBER 2006[/b] 2006-11-08 - Event 1 2006-11-12 - Event 2 [b]DECEMBER 2006[/b] 2006-12-02 - Event 3 2006-12-05 - Event 4 2006-12-22 - Event 5 ... and so on ... How is this done??  ???

Excellent! It works now!  ;)

What's wrong with the below code? If $R1 is V1 it inserts the value alright - if $R1 is V2 nothing happens... I have tried changing the mysql_query() to print() and I can see the SQL code looks fine  ??? [code]if($R1=='V1'){ //set the database connection variables $dbHost = "localhost"; $dbUser = "thedomain_com"; $dbPass = "pass"; $dbDatabase = "thedomain_com"; //connect to the database $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); mysql_query("INSERT INTO tilmeldinger(medlemID, arrangementID) VALUES($medlemID, $arrangementID)", $db); //Go back to admin page header( "Location: viewarr.php?ID=$arrangementID" ); } elseif($R1=='V2'){ //set the database connection variables $dbHost = "localhost"; $dbUser = "thedomain_com"; $dbPass = "pass"; $dbDatabase = "thedomain_com"; //connect to the database $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); mysql_query("DELETE * FROM tilmeldinger WHERE medlemID = $medlemID AND arrangementID = $arrangementID", $db); //Go back to admin page header( "Location: viewarr.php?ID=$arrangementID" ); }[/code]

Cool  :D It works - Cheers!

The below code adds a new user to my website. The table holding the members has a primary key named 'ID' that is set to autoincrement. How can I modify the script to update the newly added user (the one with the highest ID) and set the field md5user to the value md5(ID)? I know I have to do something like 'UPDATE members set md5user=MD5('$ID') WHERE ID=$ID' but how do I get the $ID for the newest user? I have tried 'SELECT ID from members ORDER BY ID DESC LIMIT 1' but it doesn't seem to work (unless I'm doing it wrong ...)  ??? Any help will be highly appreciated. [code]<?PHP //start the session session_start(); //check to make sure the session variable is registered if(session_is_registered('bestyrelse')){ //the session variable is registered, the user is allowed to see anything that follows //posted variables $titel = $_POST['titel']; $fornavn = $_POST['fornavn']; $efternavn = $_POST['efternavn']; $adresse = $_POST['adresse']; $postnr = $_POST['postnr']; $postby = $_POST['postby']; $mailadresse = $_POST['mailadresse']; $enhed = $_POST['enhed']; $cpr = $_POST['cpr']; $bestyrelse = $_POST['bestyrelse']; $senior = $_POST['senior']; $noter = $_POST['noter']; //set the database connection variables $dbHost = "localhost"; $dbUser = "thedomain_com"; $dbPass = "thepassword"; $dbDatabase = "thedomain_com"; //connect to the database $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); mysql_query("INSERT INTO members(titel, fornavn, efternavn, adresse, postnr, postby, mailadresse, enhed, cpr, bestyrelse, senior, noter, md5pass) VALUES('$titel', '$fornavn', '$efternavn', '$adresse', '$postnr', '$postby', '$mailadresse', '$enhed', '$cpr', '$bestyrelse', '$senior', '$noter', md5('mentor'))", $db); //View the newly added user page header( "Location: viewnewuser.php" ); } else{ //the session variable isn't registered, send them back to the login page header( "Location: source.php?textID=1" ); } ?>[/code]

Is there some sort of application I can install, that will parse my php, so I can check it without having to upload it to my server? Is the only way to install a server on my desktop pc, or do I have other options? How do you guys check your code? Thx Steff  ;)

SQL injection was a new concept for me. Read this brilliant page afterwards: http://www.unixwiz.net/techtips/sql-injection.html Couldn't I just MD5 both username and password to prevent SQL injection?

I'm using this login script on a page, but I fear I have some serious safety issues: How can I check if the variables were posted from the login.htm page? Other comments on the safety issues are highly appreciated. Gotta stay cracker-safe  ;) Cheers, Steff [code]<?PHP $user = $_POST['username']; $pass = md5($_POST['password']); //set the database connection variables $dbHost = "localhost"; $dbUser = "myUserName"; $dbPass = "myPwd"; $dbDatabase = "somedomain_dk"; //connect to the database $db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database."); mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database."); $result=mysql_query("select * from siteadmins where username='$user' AND password='$pass'", $db); //check that at least one row was returned $rowCheck = mysql_num_rows($result); if($rowCheck > 0){ while($row = mysql_fetch_array($result)){   //start the session and register a variable   session_start();   session_register('username');   //Redirect the user to another page where we will make sure the session 'username' is started.   header( "Location: admin.php" );   }   }   else {   //if nothing is returned by the query, unsuccessful login code goes here...   echo 'Invalid username or password.';   }   ?>[/code]

I have a php page set up in an IFRAME that redirects by means of a: [code]Header(Location: framesource.php?frameID=2);[/code] How can I put a target into that header so it not only redirects the contents of the IFRAME but the entire parent?

Spot on! It was !isset() I needed  ;) Thx a bunch!

[code]$frameID= $_GET['frameID'];[/code] This [i]is[/i] the full script so far. But I can't do a logical test if frameID==false if no variable was passed can I? If I make a page called myphppage.php that has the following code: [code] $frameID= $_GET['frameID']; print("$frameID") [/code] -and access it by the following address: myphppage.php?frameID=TheVariablePassed my browser will show: "TheVariablePassed" If I access it by typing just myphppage.php my browser will show a blank screen. I need to default the variable frameID if no variable was passed.