|
PHP - Sprintf();
This looks perfect but for some reason it's not functioning. Could someone help fixing this.
$resultF =sprintf("SELECT * FROM xy_db WHERE clubname ='%s'", mysql_real_escape_string($data3)); $resultFin = mysql_query($resultF); if (mysql_num_rows ($resultf) > 0){ $register = "Retry."; echo($register); } else { $go =sprintf("INSERT INTO ab_db (surnamez, firstnamez) VALUES ('%s', '%s'", mysql_real_escape_string($data1), mysql_real_escape_string($data2)); $result = mysql_query($go); Thank you. Ruth. \-) Similar TutorialsHi guys, I had my code working fine as a login page untill I added sprintf and mysql_real_escape_string and since then when i test the form to login, server keep loading and then come up with this msg Fatal error: Maximum execution time of 30 seconds exceeded in ../Dashboard/index.php on line 35 which is (Line 35) Quote while($row=mysql_fetch_array(mysql_query($getpin))){ I have my code below, can u please help me what is wrong? im coding in dreamweaver and it doesnt have any error in there. Code: [Select] <?php include ('includes/db/db.php'); ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-type" content="text/html; charset=utf-8" /> <title></title> <link rel="stylesheet" href="./css/reset.css" type="text/css" media="screen" title="no title" /> <link rel="stylesheet" href="./css/text.css" type="text/css" media="screen" title="no title" /> <link rel="stylesheet" href="./css/form.css" type="text/css" media="screen" title="no title" /> <link rel="stylesheet" href="./css/buttons.css" type="text/css" media="screen" title="no title" /> <link rel="stylesheet" href="./css/login.css" type="text/css" media="screen" title="no title" /> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /></head> <body> <div id="login"> <h1>Dashboard</h1> <?php if (isset($_POST['login']) && $_POST['login']){ $email=addslashes(strip_tags($_POST['email'])); $in_password=addslashes(strip_tags($_POST['password'])); $pin=addslashes(strip_tags($_POST['pin'])); $password=md5($in_password); if (!$email || !$in_password || !$pin) echo "<div class='error'>Please fill all required fields</div>"; else{ $getpin=sprintf("SELECT * FROM users WHERE UserEmail='%s' AND UserPassword='%s'", mysql_real_escape_string($email) , mysql_real_escape_string($password)); while($row=mysql_fetch_array(mysql_query($getpin))){ $pin_email=$row['UserEmail']; $pin_id=$row['UserId']; $pin_company_id=$row['company_id']; $pass=$row['UserPassword']; } $get=sprintf("SELECT pin FROM company WHERE company_id='%s' AND active='%s'", mysql_real_escape_string($pin_company_id), mysql_real_escape_string(1)) ; while($row=mysql_fetch_array(mysql_query($get))){ $pin_num= $row['pin']; } if($password==$pass && $pin_num==$pin && $email==$pin_email) { echo"success"; } else { echo "<div class='error'>Login Failed, Login details are incorrect!</div>"; } } } ?> <div id="login_panel"> <form action="" method="post" accept-charset="utf-8" /> <div class="login_fields"> <div class="field"> <label for="email">Email</label> <input type="text" name="email" value="" id="email" tabindex="1" placeholder="email@example.com" /> </div> <div class="field"> <label for="password">Password <small><a href="forgotpassword.php">Forgot Password?</a></small></label> <input type="password" name="password" value="" id="password" tabindex="2" placeholder="password" /> <div class="field"> <label for="pin">Pin Number</small></label><input type="password" name="pin" value="" id="password" tabindex="2" placeholder="pin"/> </div> </div> </div> <!-- .login_fields --> <div class="login_actions"> <input type="submit" name="login" value="Login" class="btn btn-grey"/> </div> </form> </div> <!-- #login_panel --> </div> <!-- #login --> </body> </html> thanks you all in advance. Hey everyone, I've come around this problem quite a few times now, so I'm looking for a cleaner way to do what I always resort to. Here's my scenario: The following line is fairly straightforward: $sql_where = " WHERE SUBSTRING(name,1,1) = '".$c."' "; But sometimes I need to explode on some values, rising a need for multiple instances of the above, as in MYSQL's WHERE bla = 1 || WHERE bla = 2 || WHERE bla = 3 Of course, I could always write it out manually, like this: foreach($c as $v) { $sql_str .= "WHERE SUBSTRING(name,1,1) = '".$v."' "; } But I want my code to be more modular. The only solution I've been using so far is something like this: $where_start = "WHERE SUBSTRING(name,1,1) = '"; $where_end = "' "; foreach($c as $v) { $sql_str .= $where_start . $v . $where_end; } I find this technique a bit ridiculous and I was wondering if there was a similar method as say when you want to sprintf like this: $v = 'Bla bla %s bla'; sprintf($str, $v); So my question is basically this: is there any way to use a sprintf-like function that will concatenate variables inside variables? Thanks for any suggestions or input. Set up Windows Vista * XAMPP 1.7.3, including: * Apache 2.2.14 (IPv6 enabled) + OpenSSL 0.9.8l * MySQL 5.1.41 + PBXT engine * PHP 5.3.1 * phpMyAdmin Ultimate objective: I want to insert session data into multiple tables whilst ensuring that the data is in the appropriate column. Problem: I managed to insert the data into the correct tables and column, but after reading various forums I have been given the impression that if I was to have multiple site users the data's columns could get muddled up if they execute the script at the same time (hope I'm making sense, say if I'm not). The suggested method was mysql_insert_id() but I do not know how to make this work with in conjunction with sprintf(). As I said the script worked before I added the code with the star by it in an attempt to reach my ultimate objective. <?php //let's start our session, so we have access to stored data session_start(); session_register('membership_type'); session_register('terms_and_conditions'); include 'db.inc.php'; $db = mysql_connect('localhost', 'root', '') or die ('Unable to connect. Check your connection parameters.'); mysql_select_db('ourgallery', $db) or die(mysql_error($db)); //let's create the query $query = sprintf("INSERT INTO subscriptions ( name, email_address, membership_type) VALUES ('%s','%s','%s')", mysql_real_escape_string($_SESSION['name']), mysql_real_escape_string($_SESSION['email_address']), mysql_real_escape_string($_SESSION['membership_type'])); //let's run the query $result = mysql_query($query, $db) or die(mysql_error($db)); *mysql_real_escape_string($_SESSION['name']) = mysql_insert_id($db);* $query = sprintf("INSERT INTO site_user_info ( terms_and_conditions, name_on_card, credit_card_number ) VALUES ('%s','%s','%s')", *mysql_real_escape_string($_SESSION['name']),* mysql_real_escape_string($_SESSION['terms_and_conditions']), mysql_real_escape_string($_POST['name_on_card']), mysql_real_escape_string($_POST['credit_card_number']), mysql_real_escape_string($_POST['credit_card_expiration_data'])); //let's run the query $result = mysql_query($query, $db) or die(mysql_error($db)); *mysql_real_escape_string($_SESSION['credit_card_number']) = mysql_insert_id($db);* $query = sprintf("INSERT INTO card_numbers ( credit_card_expiration_data) VALUES ('%s')", *mysql_real_escape_string($_POST['credit_card_number']),* mysql_real_escape_string($_POST['credit_card_expiration_data'])); $result = mysql_query($query, $db) or die(mysql_error($db)); echo '$result'; ?> All the other facets of the script work but I get the following error message with the above script: Fatal error: Can't use function return value in write context in C:\x\xampp\htdocs\form_process.php on line 27 But it's not so much the error message its the ultimate objective. Any help appreciated. |
|||||||