PHP - Confusion

Ok I have this form with 6 fields that the user enters a geocaching code.  In the database I have a table called cacheinfo.  There are 6 enteries in the database in this table. Now Im trying to confirm that each field entered matches the right geo code.  I have it working but I feel that its a very bad way of doing it my way. 

can someone please show me a better way as I have other situations I do something simliar and its just getting silly.  Here is the code;


if(isset($_POST['nextbtn'])){
$cache1 = trim($_POST['cache1']);
$cache2 = trim($_POST['cache2']);
$cache3 = trim($_POST['cache3']);
$cache4 = trim($_POST['cache4']);
$cache5 = trim($_POST['cache5']);
$cache6 = trim($_POST['cache6']);

$cache1 = mysql_real_escape_string($cache1);
$cache2 = mysql_real_escape_string($cache2);
$cache3 = mysql_real_escape_string($cache3);
$cache4 = mysql_real_escape_string($cache4);
$cache5 = mysql_real_escape_string($cache5);
$cache6 = mysql_real_escape_string($cache6);

$FetchCache = mysql_query("SELECT * FROM cacheInfo WHERE cacheInfoID='1'") or die('can not find cache information');
$cache1 = mysql_fetch_array($FetchCache);
if($cache1 !==$cache1['cacheCode']){
$url = "/register-cache.php?error=true";        
header("Location: $url");  
}


$FetchCache = mysql_query("SELECT * FROM cacheInfo WHERE cacheInfoID='2'") or die('can not find cache information');
$cache2 = mysql_fetch_array($FetchCache);
if($cache2 !==$cache2['cacheCode']){
$url = "/register-cache.php?error=true";        
header("Location: $url");  
}


$FetchCache = mysql_query("SELECT * FROM cacheInfo WHERE cacheInfoID='3'") or die('can not find cache information');
$cache3 = mysql_fetch_array($FetchCache);
if($cache3 !==$cache3['cacheCode']){
$url = "/register-cache.php?error=true";        
header("Location: $url");  
}

$FetchCache = mysql_query("SELECT * FROM cacheInfo WHERE cacheInfoID='4'") or die('can not find cache information');
$cache4 = mysql_fetch_array($FetchCache);
if($cache4 !==$cache4['cacheCode']){
$url = "/register-cache.php?error=true";        
header("Location: $url");  
}

$FetchCache = mysql_query("SELECT * FROM cacheInfo WHERE cacheInfoID='5'") or die('can not find cache information');
$cache5 = mysql_fetch_array($FetchCache);
if($cache5 !==$cache5['cacheCode']){
$url = "/register-cache.php?error=true";        
header("Location: $url");  
}


$FetchCache = mysql_query("SELECT * FROM cacheInfo WHERE cacheInfoID='6'") or die('can not find cache information');
$cache6 = mysql_fetch_array($FetchCache);
if($cache6 !==$cache6['cacheCode']){
$url = "/register-cache.php?error=true";        
header("Location: $url");  
}
// If all match now run the rest of my code......
}

I am very confused at an example in a book I am reading called Beggining PHP regarding XML-RPC requests. I will write the code below:


function send($remoteServer, $remotePort, $fullXMLRPCRequest) {
     $headers = '';
     $data = '';
     $socket = fsockopen($remoteServer, $remotePort);
     fwrite($socket, $fullXMLRPCRequest);
     while ($str = trim(fgets($socket))) { // why doesn't this exhaust the returned call??
          $headers .= $str . "\n";
     }
     while (!feof($socket)) {
          $data .= fgets($socket);
     }
     fclose($socket);
     return $data;
}



The question I have is notice how there are two while statements and they both access the same resource ($socket). So how can there be two while statements?? Wouldn't the first while statement exhaust the resource and there would be nothing on the second while statement? I hope this makes sense. It's sort of like saying while(x < 10) { //execute... ++x; } then another while statement while(x < 10) { //execute... ++x; }

Well then wouldn't the second while statement not execute? I hope I made sense.

Thanks for all the help in advance. Obviously knowing XML-RPC would help in answering this question, hopefully most of you are familiar with it.

why does

Code: [Select]
while($random_user_TOTAL_COUNT <= 15 && $random_user_INFO = $random_user_USERS->fetch_object()){
work, but

Code: [Select]
while($random_user_INFO = $random_user_USERS->fetch_object() && $random_user_TOTAL_COUNT <= 15){
doesn't.

why???

After reading the PHP guide that actually seems way more useful then online tutors.
Im starting to see why PHP is confusing me now. My way of thinking is way off on how the script reads stuff.

when I read this code I think the output should be Bob
cause echo reads $foo which equals bob and thats the end of it.
but the output is actually My name is bob

can someone please help me understand the error of my thinking in how this works. would be most appreciated.

Code: [Select]
<?php
$foo = 'Bob';              // Assign the value 'Bob' to $foo
$bar = &$foo;              // Reference $foo via $bar.
$bar = "My name is $bar";  // Alter $bar...

echo $foo;                 // $foo is altered too.
?>

Hi,

I am writing a script for invoicing various contractor jobs.

I have fields for date assigned and date completed. Both are timestamp with timezone columns in a postgresql table

My goal is to have a cron job which selects the records from the table on the dates the invoices are due and includes the proper jobs-- i.e. the ones that are completed prior to the due date and time(5PM on the first and 15th of each month)

That is where I am running into confusion as to how to store the time/tz and then select it in the future so everything is correct

This is what I have right now:

Code: [Select]
$assignmenttype, "miles" => $miles, "notes" => $notes, "dateassigned" => "{$assignmenty1}-{$assignmentm1}-{$assignmentd1} $time1:00 America/Chicago", "datecompleted" => "{$completedassignmenty1}-{$completedassignmentm1}-{$completedd1} $time2:00 America/Chicago");
    $res = pg_insert($conn, 'assignments', $invoicearray);

Hi
How can i see which category is being used in rss feed, this is my code to parse one rss feed.

$feed_url = "http://www.foo.com/feed/";
$xml = simplexml_load_file($feed_url);
foreach ($xml->channel->item as $item) { 
$ns_content = $item->children('http://purl.org/rss/1.0/modules/content/');
$title = $item->title; // This is title
$desc = $ns_content->encoded; // This is description
$category =""; // Here i am stuck, how can i get category associated with this feed
}


How can i see its category, i see in source code it looks like this and even categories have sub categories which looks same, i wants categories names to display wihich is associated with feed:

<category><![CDATA[Health]]></category> 
<category><![CDATA[Men]]></category> 


thanks for any help.

hey,
I started creating this page that is suppose to upload pdf files, it opens the file upload box but when i click to submit the file nothing happens. I have checked the folder and no file goes in it. I don't know what i am doing wrong.

Can anyone help please?

Code: [Select]
<?php
session_start();
if($_SESSION['name']=="hollywincote")
{
echo "Welcome ".$_SESSION['name'];
echo "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;";
echo "<A href = \"login.php?do=logout\">logout</A>";
}
else
{
header("Location:login.php");
}

$page_title= 'Holly Wincote | Login';

include('includes/header.html');

?>
<div class="leftcontent">
<h2>Administrator Panel</h2>


<?php

//check if the form has been submitted:
if(isset($_POST['submitted'])) {

//check for an uploaded file:
if(isset($_FILES['upload'])) {

//validate the type. Should be pdf, doc or rtf.

$allowed = array('application/pdf');

if(in_array($_FILES['upload']['type'], $allowed)) {

//move the file over.
if(move_uploaded_file($_FILES['upload']['name'], "../hollywincote/uploads/{$_FILES['upload']['name']}")) {

echo '<p><em>The file has been uploaded</em></p>';

} //end of move... IF


} else {

echo '<p>Please upload a PDF.</p>';

}

} //end of isset($_FILES['upload']) IF.

//check for an error:
if($_FILES['upload']['error'] >0) {

echo '<p>The file could not be uploaded because: <strong>';

//print a message based upon the error.

switch ($_FILES['upload']['error']) {

case 1:

print 'the file exceeds the upload_max_filesize setting in php.ini.';

break;

case 2:

print 'the file exceeds the MAX_FILE_SIZE setting in the html form.';

break;

case 3:

print 'the file was only partially uploaded.';

break;

case 4:

print 'no file was uploaded.';

break;

case 6:

print 'no temporary folder was available.';

break;

case 7:

print 'unable to write to the disc.';

break;

case 8:

print 'file upload stopped.';

break;

default:

print 'a system error occured.';

break;

} //end of switch

echo '</strong></p>';


} //end of error IF.

//delete the file if it still exists
if(file_exists($_FILES['upload']['tmp_name'])) {

unlink ($_FILES['upload']['tmp_name']);

}

}//end of submitted conditional

?>

<form enctype="multipart/form-data" action="admin_panel.php" method="post">

<input type="hidden" name="MAX_FILE_SIZE" value="5242488">

<fieldset>

<legend>Select a PDF to be uploaded:</legend>

<p><b>File:</b> <input type="file" name="upload"/></p>

</fieldset>

<div align="center">

<input type="submit" name="submitted" value="submit"/>

</div>

<input type="hidden" name="submitted" value="TRUE"/>

</form>


</div><div class="clear"></div>

</div>

<?php

include ('includes/footer.html');

?>
thanks

Janette

Hi, I'm a PHP beginner using Julie Meloni Sams Teach yourself to help me.
My confusion is with this script
<?php

$file_dir ="/path/to/upload/directory" ;

foreach($_FILES as $file_name => $file_array)
{
echo "path: ".$file_array["tmp_name"]."<br/>\n" ;
echo "name: ".$file_array["name"]."<br/>\n" ;
echo "type: ".$file_array["type"]."<br/>\n" ;

echo "File name is" . " ". $file_name ;


}
?>
What I don't understand is the foreach statement

foreach($_FILES as $file_name => $file_array)
$_FILES is an associative array, right? So $filename should represent the key id  and $file_array the value.
but she is using the $file_array as if it is an array and accessing the values with associative index which confuses.
I mean, let's say I declared a normal array.
$array = array("Sarah" => "Jane", "John Smith") ;
if i wanted to use a foreach loop i would do it like so
foreach($array as $fname => $surname)
{
 echo $fname  ;
   echo $surname ;

}
$fname will print the first name and surname surname.
I didn't use an indices to access the values.

foreach($_FILES as $file_name => $file_array)
can someone explain this to me? Thanks

I'm fairly new to this and I have looked around but I can't find much information on it. Basically I know what an array and a function is but I'm currently working through an oop login and register sytem and I am seeing this quite a lot:   function myFunction($myVariable = array()){   $Firstvariable = $myVariable[0]; $Secondvariable = $myVariable[1];   //etc   }   This is really confusing me and I can't see any examples in any tutorial sites or books of an array and a function being used like this. Can someone just explain how something like this would work in simple terms? I have also checked the manual but I can't see an example an array being used like this. Any help would be much appreciated. Thanks.

This topic has been moved to MySQL Help.

http://www.phpfreaks.com/forums/index.php?topic=343994.0

Ok here is what I am a little confused about, dealing with md5 for example

- the md5 of anything generates a 32 character hash
- I have a login form that supplies a user and pass to check in the database
- user password stored as hash in database, so that protects visual of seeing the database, if it was somehow possible
- now on submission I process that form

Code: [Select]
<?php
// some random salt
$salt="2bhga6YHJuhyhshabshbnla;";
// user password 10 digits
$pass="bLac123Kow"
// hash the password
$hash=md5($salt.$pass);
// query db to compare user and hash
$sql=mysql_query("SELECT * FROM users WHERE user='$user' AND pass='$hash'");
// process result
if match login
else
use ip logging and ban after 5 attempts for 15mins
redirect with error

Ok my point of confusion is even with the hashing, the task for the hacker is only trying to find a matching or similar original password that generates the same 32 character md5 hash is it not?

As every attempt made would use the same process script in my login already applying the salt for them for the comparison in a brute force attack.
Lets assume the attacker has already guessed a user name and uses that for all the attempts.

I am also aware that I have used a 10 character password which increases the brute force attack time.

So no matter how I process the password with hashing, I have to do the same process in my login form processing to compare it to the stored hash or they wont match?

Is that how it works or have I got that wrong?

I am just looking for the best way to setup a login system, as I have used the above method for quite some time and not really sure if it is effective, and want to understand it better, am I using the md5 setup the best or right way?

Hey, I'm trying to create an object oriented webpage, with just some basic features, like creating a user, logging in, admin restricted pages.
However I'm stuck at this point.
This is my code:
class_user.php
Code: [Select]
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . "/includes/class_database.php";
?>



<?php

class User {

    private $database;
    
    public    function __construct(MySqlDatabase $database) { //Type Hinting
    $this->database = $database;
    }
    
    public function find_all() {
    $result = $this->database->db_query("SELECT * FROM users");
    return $result;    
    }
    
    public function find_by_id($id=1) {
    $result = $this->database->db_query("SELECT * FROM users WHERE id={$id}");
    $final = mysqli_fetch_array($result);
    return $final;    
    }
}
?>class_database.php
Code: [Select]
<?php
include_once $_SERVER['DOCUMENT_ROOT'] . "/includes/values.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/includes/class_user.php";
?>

<?php

class MySqlDatabase extends MySQLi {
    
    function __construct() {
        //Check if constants are missing
        if (defined(!DB_USERNAME) || defined(!DB_SERVER) || 
            defined(!DB_PASSWORD) || defined(!DB_NAME)) {
            die("One or more of the database constants are missing: " . mysqli_errno);
            }
            
        //Establish connection if constants are present using the parent class
        parent::__construct(DB_SERVER, DB_USERNAME, DB_PASSWORD, DB_NAME);
        
        //Echo error message if connection has failed
        if ($this->connect_errno) {
            die("Database connection has failed: " . $this->connect_errno);
            }
    
    
    }

    public function db_query($sql) {
    $result = mysqli_query($this->connection, $sql);
        if (!$result) {
            die("Database query failed: " . $this->errno);
        }
    return $result;
    
}

    public function query_prep($value) {
    $result = mysqli_real_escape_string($this->connection, $value);
        if (!$result) {
            die("Preparing query failed: " . $this->errno);
        }
    return $result;
}  
}
?>Calling externally:
Code: [Select]
<?php
$database = new MySqlDatabase();
$user = new User($database);
$found = $user->find_all();
?>This is the error I'm getting:
Quote

Warning: mysqli_query() expects parameter 1 to be mysqli, null given in C:\xampp\htdocs\includes\class_database.php on line 28
Database query failed: 0


I've tried everything I can come up with, but still I'm stuck at this error.