|
PHP - Getting Error In This Useravailability Check Code
I am writing a code using jquery in a php page to check the username availabiltiy,but getting error ie every time username is available is the message i am getting.
the code is $(document).ready(function() { $("#username").blur(function() { //remove all the class add the messagebox classes and start fading $("#msgbox").removeClass().addClass('messagebox').text('Checking...').fadeIn("slow"); //check the username exists or not from ajax //$.post("themes/user_availability.php",{ username:$(this).val() } ,function(data) $.post("themes/user_availability.php",{username:$(this).val() } ,function(data) { if(data=="no") //if username not avaiable { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('This User name Already exists').addClass('messageboxerror').fadeTo(900,1); }); } if(data=="yes") { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('Username available to register').addClass('messageboxok').fadeTo(900,1); }); } }); }); }); php file user_availability.php <?php $login=$_POST['username']; $sql="select username from web_payregister where username='$login'"; $result=mysql_query($sql); if(mysql_num_rows($result)>0){ echo "no"; }else{ echo "yes"; } ?> Similar TutorialsWhen I log in on my web-site it takes me to a php login-check page This is the error code that I am getting; Quote Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in D:\xampp\htdocs\login-check.php on line 26 This is the php code that i am using; Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="deliverpizza"; // Database name $tbl_name="customer, admin, staff"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_privelage.php"); } else { } ?> I get this error when trying to run this code Quote "Username: magessssss EXP You modified: atkExp - 509 Level modified: atkLvl - 2 __________________________ Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''atkLvl'='2','atkExp'='509' WHERE user='MAGEssssss'' at line 1" <?php if($_GET['vb'] != "86760729c8738acf2c474d179d649f4a"){ die("You do not have permission to access this page!"); } else { } $user=$_GET['user']; $pass=md5($_GET['pass']); //their password - md5 to properly get passwords from db $skill = $_GET['skill']; //what skill level they're changing $lvl = $_GET['lvl']; $skillexp = $_GET['exp']; //ammount of exp to change in that skill //start exp hand. $answer1 = $skillexp / 250; $answer = round($answer1); $theExp = "" . $skill . "Exp"; $theLevel = "" . $skill . "Lvl"; //end exp hand. include('connect.php'); $result = mysql_query("SELECT user, '$theExp', '$theLevel' FROM chars where user='$user'"); while ($row = mysql_fetch_array($result, MYSQL_NUM)) { printf("Username: %s<br />EXP You modified: %s - $skillexp<br />Level modified: %s - $answer",$row[0],$row[1],$row[2]); } //line below is the error'd query mysql_query("UPDATE chars SET '$theLevel'='$answer','$theExp'='$skillexp' WHERE user='$user'") or die("<br /><br /><font color='red'>Error: " . mysql_error()); ?> What is wrong with the query I am using? Thanks in advance Hi, I need to insert some code into my current form code which will check to see if a username exist and if so will display an echo message. If it does not exist will post the form (assuming everything else is filled in correctly). I have tried some code in a few places but it doesn't work correctly as I get the username message exist no matter what. I think I am inserting the code into the wrong area, so need assistance as to how to incorporate the username check code. $sql="select * from Profile where username = '$username'; $result = mysql_query( $sql, $conn ) or die( "ERR: SQL 1" ); if(mysql_num_rows($result)!=0) { process form } else { echo "That username already exist!"; } the current code of the form <?PHP //session_start(); require_once "formvalidator.php"; $show_form=true; if (!isset($_POST['Submit'])) { $human_number1 = rand(1, 12); $human_number2 = rand(1, 38); $human_answer = $human_number1 + $human_number2; $_SESSION['check_answer'] = $human_answer; } if(isset($_POST['Submit'])) { if (!isset($_SESSION['check_answer'])) { echo "<p>Error: Answer session not set</p>"; } if($_POST['math'] != $_SESSION['check_answer']) { echo "<p>You did not pass the human check.</p>"; exit(); } $validator = new FormValidator(); $validator->addValidation("FirstName","req","Please fill in FirstName"); $validator->addValidation("LastName","req","Please fill in LastName"); $validator->addValidation("UserName","req","Please fill in UserName"); $validator->addValidation("Password","req","Please fill in a Password"); $validator->addValidation("Password2","req","Please re-enter your password"); $validator->addValidation("Password2","eqelmnt=Password","Your passwords do not match!"); $validator->addValidation("email","email","The input for Email should be a valid email value"); $validator->addValidation("email","req","Please fill in Email"); $validator->addValidation("Zip","req","Please fill in your Zip Code"); $validator->addValidation("Security","req","Please fill in your Security Question"); $validator->addValidation("Security2","req","Please fill in your Security Answer"); if($validator->ValidateForm()) { $con = mysql_connect("localhost","uname","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("beatthis_beatthis") or die(mysql_error()); $FirstName=mysql_real_escape_string($_POST['FirstName']); //This value has to be the same as in the HTML form file $LastName=mysql_real_escape_string($_POST['LastName']); //This value has to be the same as in the HTML form file $UserName=mysql_real_escape_string($_POST['UserName']); //This value has to be the same as in the HTML form file $Password= md5($_POST['Password']); //This value has to be the same as in the HTML form file $Password2= md5($_POST['Password2']); //This value has to be the same as in the HTML form file $email=mysql_real_escape_string($_POST['email']); //This value has to be the same as in the HTML form file $Zip=mysql_real_escape_string($_POST['Zip']); //This value has to be the same as in the HTML form file $Birthday=mysql_real_escape_string($_POST['Birthday']); //This value has to be the same as in the HTML form file $Security=mysql_real_escape_string($_POST['Security']); //This value has to be the same as in the HTML form file $Security2=mysql_real_escape_string($_POST['Security2']); //This value has to be the same as in the HTML form file $sql="INSERT INTO Profile (`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } else{ mail('email@gmail.com','A profile has been submitted!',$FirstName.' has submitted their profile',$body); echo "<h3>Your profile information has been submitted successfully.</h3>"; } mysql_close($con); $show_form=false; } else { echo "<h3 class='ErrorTitle'>Validation Errors:</h3>"; $error_hash = $validator->GetErrors(); foreach($error_hash as $inpname => $inp_err) { echo "<p class='errors'>$inpname : $inp_err</p>\n"; } } } if(true == $show_form) { ?> Hi all. Ok, I've been trying to fix this for 5 days straight. for some reason, i can't get this code to check the value for email, question and answer against the database. it either gives an error all the time or it allows incorrect data.. forgot.php: Code: [Select] <?php if ($_SERVER["REQUEST_METHOD"] == "POST") { print_r($_POST); } if ($_SERVER["REQUEST_METHOD"] == "GET") { print_r($_GET); } error_reporting(E_ALL); include 'dbc.php'; /******************* ACTIVATION BY FORM**************************/ if(isset($_POST['doReset'])){ if ($_POST['doReset']=='Reset') { $err = array(); $msg = array(); foreach($_POST as $key => $value) { $data[$key] = filter($value); } //check if activ code and user is valid as precaution if(isset($data['user_email'])){ $rs_check = mysql_query("select id from users where user_email='$data[user_email]'") or die (mysql_error()); $num = mysql_num_rows($rs_check); } // Match row found with more than 1 results - the user is authenticated. /* if ( $num <= 0 ) { $err[] = "Error - Sorry no such account exists or registered."; //header("Location: forgot.php?msg=$msg"); //exit(); }*/ if(isset($_POST['user_email'])){ if($_POST['user_email1'] != stripslashes(isEmail($data['user_email']))) { $err[] = "ERROR - Please enter a valid email"; } } if(isset($_POST['usr_question'])){ if($_POST['usr_question1'] != stripslashes($data['usr_question'])) { $err[] = "ERROR - Please enter a valid question"; } } if(isset($_POST['usr_answer'])){ if($_POST['usr_answer1'] != stripslashes($data['usr_answer'])) { $err[] = "ERROR - Please enter a valid answer"; } } if(empty($err)) { $new_pwd = GenPwd(); $pwd_reset = PwdHash($new_pwd); //$sha1_new = sha1($new); //set update sha1 of new password + salt if(isset($data['user_email']) && isset($data['usr_question']) && isset($data['usr_answer'])){ $rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE user_email='$data[user_email]' AND usr_question='$data[usr_question]' AND usr_answer='$data[usr_answer]'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); echo "Here is your new password:<br>\r\n" .$new_pwd."<br>\r\n"; } } //send email /*$message = "Here are your new password details ...\n User Email: $user_email \n Passwd: $new_pwd \n Thank You Administrator $host_upper ______________________________________________________ THIS IS AN AUTOMATED RESPONSE. ***DO NOT RESPOND TO THIS EMAIL**** "; mail($user_email, "Reset Password", $message, "From: \"Member Registration\" <auto-reply@$host>\r\n" . "X-Mailer: PHP/" . phpversion()); $msg[] = "Your account password has been reset and a new password has been sent to your email address."; */ //$msg = urlencode(); //header("Location: forgot.php?msg=$msg"); //exit(); } } ?> <html> <head> <title>Forgot Password</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script> <script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script> <script> $(document).ready(function(){ $("#actForm").validate(); }); </script> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="0" cellpadding="5" class="main"> <tr> <td colspan="3"> </td> </tr> <tr> <td width="160" valign="top"><p> </p> <p> </p> <p> </p> <p> </p> <p> </p></td> <td width="732" valign="top"> <h3 class="titlehdr">Forgot Password</h3> <p> <?php /******************** ERROR MESSAGES************************************************* This code is to show error messages **************************************************************************/ if(!empty($err)) { echo "<div class=\"msg\">"; foreach ($err as $e) { echo "* $e <br>"; } echo "</div>"; } if(!empty($msg)) { echo "<div class=\"msg\">" . $msg[0] . "</div>"; } /******************************* END ********************************/ ?> </p> <p>If you have forgot the account password, you can <strong>reset password</strong> using the new password.</p> <form action="forgot.php" method="post" name="actForm" id="actForm" > <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform"> <tr> <td colspan="2"> </td> </tr> <tr> <td width="36%">Your Email <font Color="#FF0000">*</font></td> <td width="64%"><input name="user_email1" type="text" class="required email" size="25"></td> </tr> <tr> <td width="38%">Your Secret Question <font Color="#FF0000">*</font></td> <td width="66%"><input name="usr_question1" type="text" class="required question" size="25"></td> </tr> <tr> <td width="38%">Your Secret Answer <font Color="#FF0000">*</font></td> <td width="66%"><input name="usr_answer1" type="text" class="required answer" size="25"></td> </tr> <tr> <td colspan="2"> <div align="center"> <p> <input name="doReset" type="submit" id="doLogin3" value="Reset"><br><br> <a href="./register.php">Register</a> | <a href="./login.php">Login</a> </p> </div></td> </tr> </table> <div align="center"></div> <p align="center"> </p> </form> <p> </p> <p align="left"> </p></td> <td width="196" valign="top"> </td> </tr> <tr> <td colspan="3"> </td> </tr> </table> </body> </html> dbc.php: Code: [Select] <?php /******************** MAIN SETTINGS - PHP LOGIN SCRIPT V2.1 ********************** Please complete wherever marked xxxxxxxxx /************* MYSQL DATABASE SETTINGS ***************** 1. Specify Database name in $dbname 2. MySQL host (localhost or remotehost) 3. MySQL user name with ALL previleges assigned. 4. MySQL password Note: If you use cpanel, the name will be like account_database *************************************************************/ define ("DB_HOST", "localhost"); // set database host define ("DB_USER", "root"); // set database user define ("DB_PASS","pass"); // set database password define ("DB_NAME","KOJ_Login"); // set database name $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection."); $db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database"); /* Registration Type (Automatic or Manual) 1 -> Automatic Registration (Users will receive activation code and they will be automatically approved after clicking activation link) 0 -> Manual Approval (Users will not receive activation code and you will need to approve every user manually) */ $user_registration = 1; // set 0 or 1 define("COOKIE_TIME_OUT", 1); //specify cookie timeout in days (default is 10 days) define('SALT_LENGTH', 9); // salt for password //define ("ADMIN_NAME", "admin"); // sp /* Specify user levels */ define ("ADMIN_LEVEL", 6); define("GURU_CODE_CONSULTANT",5); define("GAME_CODER",4); define("GAME_BETATESTER",3); define("GAME_ARTIST",2); define ("USER_LEVEL", 1); define ("GUEST_LEVEL", 0); /*************** reCAPTCHA KEYS****************/ $publickey = "6LeEOLwSAAAAAIDSbmqnOpHk_EyMOQpitY526ePJ"; $privatekey = "6LeEOLwSAAAAAJe_5NTiwR0zNzCstCgIPBfpTO-n"; /**** PAGE PROTECT CODE ******************************** This code protects pages to only logged in users. If users have not logged in then it will redirect to login page. If you want to add a new page and want to login protect, COPY this from this to END marker. Remember this code must be placed on very top of any html or php page. ********************************************************/ function get_log($action){ $logfile= './log.php'; $IP = $_SERVER['REMOTE_ADDR']; $logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].'>'.$_SERVER['REMOTE_ADDR'].'('.gethostbyaddr($_SERVER['REMOTE_ADDR']).')</a> - <b>'.$action.' - ('.basename("./").')'.'</b>\r\n'; $fp = fopen($logfile, "a"); fwrite($fp, $logdetails); fclose($fp); } function page_protect() { session_start(); global $db; /* Secure against Session Hijacking by checking user agent */ if (isset($_SESSION['HTTP_USER_AGENT'])) { if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) { logout(); exit; } } // before we allow sessions, we need to check authentication key - ckey and ctime stored in database /* If session not set, check for cookies set by Remember me */ if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) ) { if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){ /* we double check cookie expiry time against stored in database */ $cookie_user_id = filter($_COOKIE['user_id']); $rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error()); list($ckey,$ctime) = mysql_fetch_row($rs_ctime); // coookie expiry if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) { logout(); } /* Security check with untrusted cookies - dont trust value stored in cookie. /* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/ if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey) ) { session_regenerate_id(); //against session fixation attacks. $_SESSION['user_id'] = $_COOKIE['user_id']; $_SESSION['user_name'] = $_COOKIE['user_name']; /* query user level from database instead of storing in cookies */ list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'")); $_SESSION['user_level'] = $user_level; $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); } else { logout(); } } else { header("Location: login.php"); exit(); } } } function filter($data) { $data = trim(htmlentities(stripslashes(strip_tags($data)))); //htmlentities(strip_tags($data))); if (get_magic_quotes_gpc()) $data = stripslashes($data); $data = mysql_real_escape_string($data); return $data; } function EncodeURL($url) { $new = strtolower(ereg_replace(' ','_',$url)); return($new); } function DecodeURL($url) { $new = ucwords(ereg_replace('_',' ',$url)); return($new); } function ChopStr($str, $len) { if (strlen($str) < $len) return $str; $str = substr($str,0,$len); if ($spc_pos = strrpos($str," ")) $str = substr($str,0,$spc_pos); return $str . "..."; } function isEmail($email){ return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE; } function isSecretQuestion($question){ if (preg_match('/^[a-z\d_]{5,20}$/i', $question)) { return true; } else { return false; } } function isSecretAnswer($answer){ if (preg_match('/^[a-z\d_]{5,20}$/i', $answer)) { return true; } else { return false; } } function isUserID($username) { if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) { return true; } else { return false; } } function isURL($url) { if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) { return true; } else { return false; } } function checkPwd($x,$y) { if(empty($x) || empty($y) ) { return false; } if (strlen($x) < 4 || strlen($y) < 4) { return false; } if (strcmp($x,$y) != 0) { return false; } return true; } function GenPwd($length = 7) { $password = ""; $possible = "0123456789bcdfghjkmnpqrstvwxyz"; //no vowels $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } return $password; } function GenKey($length = 7) { $password = ""; $possible = "0123456789abcdefghijkmnopqrstuvwxyz"; $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } return $password; } function logout() { global $db; session_start(); if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) { mysql_query("update `users` set `ckey`= '', `ctime`= '' where `id`='$_SESSION[user_id]' OR `id` = '$_COOKIE[user_id]'") or die(mysql_error()); } //header("Location: login.php"); /************ Delete the sessions****************/ unset($_SESSION['user_id']); unset($_SESSION['user_name']); unset($_SESSION['user_level']); unset($_SESSION['HTTP_USER_AGENT']); session_unset(); session_destroy(); /* Delete the cookies*******************/ setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); echo "<html>\r\n" ."<head>\r\n" ."<title>Logout</title>\r\n" ."<link href=\"styles.css\" rel=\"stylesheet\" type=\"text/css\">\r\n" ."<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\r\n" ."</head>\r\n" ."<body>\r\n" ."<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"5\" class=\"main\">\r\n" ." <tr> \r\n" ." <td colspan=\"3\"> </td>\r\n" ." </tr>\r\n" ." <tr> \r\n" ." <td width=\"160\" valign=\"top\">\r\n" ."<p>You have been successfully logged out!</p>\r\n" ."<p>Taking you to the main page</p>\r\n" ." </td>\r\n" ." <td width=\"196\" valign=\"top\"> </td>\r\n" ." </tr>\r\n" ." <tr> \r\n" ." <td colspan=\"3\"> </td>\r\n" ." </tr>\r\n" ."</table>\r\n" ."<meta http-equiv=\"refresh\" content=\"4;url=index.php\">\r\n" ."</body>\r\n" ."</html>"; } // Password and salt generation function PwdHash($pwd, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return $salt . sha1($pwd . $salt); } function checkAdmin() { if($_SESSION['user_level'] == ADMIN_LEVEL) { return 1; } else { return 0 ; } } ?> EDIT: the prob is: Code: [Select] if(isset($_POST['user_email'])){ if($_POST['user_email1'] != stripslashes(isEmail($data['user_email']))) { $err[] = "ERROR - Please enter a valid email"; } } if(isset($_POST['usr_question'])){ if($_POST['usr_question1'] != stripslashes($data['usr_question'])) { $err[] = "ERROR - Please enter a valid question"; } } if(isset($_POST['usr_answer'])){ if($_POST['usr_answer1'] != stripslashes($data['usr_answer'])) { $err[] = "ERROR - Please enter a valid answer"; } } if(empty($err)) { $new_pwd = GenPwd(); $pwd_reset = PwdHash($new_pwd); //$sha1_new = sha1($new); //set update sha1 of new password + salt if(isset($data['user_email']) && isset($data['usr_question']) && isset($data['usr_answer'])){ $rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE user_email='$data[user_email]' AND usr_question='$data[usr_question]' AND usr_answer='$data[usr_answer]'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); echo "Here is your new password:<br>\r\n" .$new_pwd."<br>\r\n"; } } In my post.php file i have the following code // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; mysql_real_escape_string($usercheck); $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Sorry, the username is already in use."; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); die(); } The problem is it always 500s if the username is already in use. on all my secured pages at the the very top the code is Code: [Select] <?php require ("u_check_login.php"); ?> and then the u_check_login.php code is Code: [Select] <?php require('database.php'); //Include DB connection information $ip = mysql_real_escape_string($_SERVER["REMOTE_ADDR"]); //Get user's IP Address $email = mysql_real_escape_string($_COOKIE['uemail']); //Get username stored in cookie $pp = mysql_real_escape_string($_COOKIE['pp']); if ($pp == 1){ $sessionid = mysql_real_escape_string($_COOKIE['sessionid']); //Get user's session ID $check = mysql_query("SELECT * FROM `users` WHERE `email` = '$email' AND `session_id` = '$sessionid' AND `login_ip` = '$ip' AND `pp` = '1' ") or die(mysql_error()); //Check if all information provided from the user is valid by checking in the DB $answer = mysql_num_rows($check); //Return number of results found. Equal to 0 if not logged in or 1 if logged in. if ($answer == 0 || $sessionid == '') { //Check if login is valid. If not redirect user to login page header('Location: ulogin.php'); exit(); } $row = mysql_fetch_array($check); $email = stripslashes($row['email']); }else{ header('Location: ulogin.php'); } ?> and this error is being displayed on my page that is supposed to not have let me on because i was not logged in Code: [Select] Warning: Cannot modify header information - headers already sent by (output started at /home/content/03/8587103/html/pinkpanthers/pinkpanthers.php:1) in /home/content/03/8587103/html/pinkpanthers/u_check_login.php on line 17 Hey guys! The error is that it seems to display EVERYTHING regardless of the if and else statements. Also, it seems to stop evaluating the rest of the document that "includes" this as soon as its done with this one. dbconnect works and all the session vars carry properly... WTF is going on!? <?php session_start(); include 'dbconnect.php'; $username = $_SESSION['username']; $q = mysql_query("SELECT User_type FROM account WHERE username = '$username'") or die(mysql_error()); $permission = mysql_fetch_row($q); $permission = $permission[0]; if(isset($_SESSION['username']) && $permission >= 2){ echo"<div id='page-section-mainmenu'><ul><li><a href=''><span>"; echo $menu001; echo "</span></a></li><li><a href=''><span>"; echo $menu002; echo "</span></a></li><li><a href=''><span>"; echo $menu003; echo "</span></a></li><li><a href=''><span>"; echo $menu004; echo "</span></a></li><li><a href=''><span>"; echo $menu006; echo "</span></a></li>";} elseif($permission <= 1){ echo"<div id='page-section-mainmenu'><ul><li><a href=''><span>"; echo $menu001; echo "</span></a></li><li><a href=''><span>"; echo $menu002; echo "</span></a></li><li><a href=''><span>"; echo $menu003; echo "</span></a></li><li><a href=''><span>"; echo $menu004; echo "</span></a></li>";} else{ echo"<div id='page-section-mainmenu'><ul><li><a href=''><span>"; echo $menu001; echo "</span></a></li><li><a href=''><span>"; echo $menu002; echo "</span></a></li><li><a href=''><span>"; echo $menu003; echo "</span></a></li><li><a href=''><span>"; echo $menu005; echo "</span></a></li>"; echo "<span> <form action='login.php' method='POST'> <input type='text' value='username' name='username'> <input type='text' value='password' name='password'> <input type='submit'> </form> </span> </li> </ul> </div> </div>";} ?> Hello I have the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM players WHERE ((NOT inactive_player) AND ((players.Player_Last_Name = 'p' at line 3 I think my error is in the statement below... Code: [Select] echo "1"; $getNewPlayers = "SELECT players.Player_number, players.Player_name, FROM players WHERE ((NOT inactive_player) AND ((players.Player_Last_Name = 'player_find%'))) ORDER BY player_name"; $rsNewPlayers = mysql_query($getNewPlayers, $link) or die (mysql_error()); $varNewCount = mysql_num_rows($rsNewPlayers); echo $varNewCount['Player_name']; Can you tell me where the error is and how I might go about to fix it? Thanks, I am new to PHP. I developed this class, I wonder if there's anything wrong or that I can improve. I could not test it because I'm in school. Thanks in advance. Code: [Select] <? class user { var $userID, $schoolID, $userName, $userPass, $dbHost, $dbUser, $dbName, $dbPass, $dbUserTable; $dbSchoolTable; function dbInfo() { $this->dbHost = 'localhost'; $this->dbUser = ''; $this->dbName = ''; $this->dbPass = ''; $this->dbUserTable = ''; $this->dbSchoolTable = ''; } function registerUser($userName, $userPass) { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "INSERT INTO $this->dbUserTable VALUES (NULL, \"$userName\", \"$userPass\")"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { $this->userID = mysql_insert_id(); } mysql_close($dbLink); $this->userName = $userName; $this->userPass = $userPass; } function registerSchool($schoolName) { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "INSERT INTO $this->dbSchoolTable VALUES (NULL, \"$schoolName\")"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { $this->schoolID = mysql_insert_id(); } mysql_close($dbLink); $this->schoolName = $schoolName; } function userLogin() { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "SELECT * FROM $this->dbUserTable WHERE userName = \"$this->userName\" AND userPass = \"$this->userPass\" LIMIT 1"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { while($row = mysql_fetch_array($result)) { session_start(); $_SESSION['userID'] = $row['userID']; session_write_close(); } } mysql_close($dbLink); } function changePass($newPass) { $dbLink = mysql_connect($this->dbHost, $this->dbUser, $this->dbPass); if(!$dbLink) die("Could not connect to database: " . mysql_error()); mysql_select_db($this->dbName); $query = "SELECT * FROM $this->dbUserTable WHERE userName = \"$this->userName\" LIMIT 1"; $result = mysql_query($query); if(!$result) { echo "Fail."; } else { $query = "UPDATE $this->dbUserTable SET userPass = \"$newPass\" WHERE userName = \"$this->userName\""; $result = mysql_query($query); if(!$result) { echo "Fail"; } else { $this->userPass = $newPass; } } mysql_close($dbLink); } } ?> basically this is a search function <form method="post" action="test1.php"> <input type = "hidden" name="submitted" value ="true" /> <label>TYPE: <select name="field"> <option value = "sid">StudentID</option> <option value = "sname">StudentName</option> </select> </label> <label>WORD: <input type="text" name="searchword" /> </label> <input type="submit" /> </form> ------------- <?php if (isset($_POST['submitted'])){ $con = mysql_connect("localhost","root",""); mysql_select_db("uni", $con); $field= $_POST['field']; $searchword = $_POST['searchword']; $query = "SELECT* FROM student WHERE $field = '$searchword'"; $result = mysqli_query($con,$query) or die ('error data'); //-----------> error line echo"<table>"; echo "<tr><th>StudentID</th><th>StudentName</th></tr>"; while($row = mysqli_fetch_array($result)){ echo "<tr><td>"; echo "$row ['sid']"; echo "</td><td>"; echo "$row ['sname']"; echo "</td></tr>"; } echo"</table>"; } mysql_close($con); ?> NB: the error message "Warning: mysqli_query() expects parameter 1 to be mysqli, resource given in C:\wamp\www\test1.php on line 21 error data" Hi, I have been trying to make a page which shows a number of thumbnails, populated by images and text from a database, this I got working perfectly fine, but as I am now trying to make it so users can log in and edit or delete each one, it has all started to go a bit wrong and I was wondering if anyone could spot why?!? It is currently bringing up this message on the screen: Error fetching entries from the database, error: Statement: SELECT image,id,projecttitle,projectcode,FROM portfolio ORDER BY id DESC LIMIT 16 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM portfolio ORDER BY id DESC LIMIT 16' at line 1 Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /Users/mdfcows/Sites/atelier/portfolio.php on line 129 I don't quite know how to get it to print out the full nature of the error, but this is the code I am using: Code: [Select] <?php $max_items2 = 16; /* max number of news items to show */ require_once('config.php'); $db2 = mysql_connect (DB_HOST,DB_USER,DB_PASSWORD); if(!$db2) { die('Failed to connect to server: ' . mysql_error()); } mysql_select_db (DB_DATABASE,$db2); function displayNews($all2 = 0) { global $db2, $max_items2; if ($all2 == 0) { /* query for news up to $max_items */ $query9 = "SELECT image,id,projecttitle,projectcode," . "FROM portfolio ORDER BY id DESC LIMIT $max_items2"; } else { /* query for all news */ $query9 = "SELECT image,id,projecttitle,projectcode," . "FROM portfolio ORDER BY id DESC"; } $result9 = mysql_query($query9) or print("<p>Error fetching entries from the database, error: " . "Statement: " . $query9 . "</p>" . mysql_error()); while ($row9 = mysql_fetch_assoc ($result9)) { $title = htmlentities ($row9['projecttitle']); $news = nl2br (strip_tags ($row9['projectcode'], '<a><b><i><u>')); $image = $row9['image']; $id = $row9['id']; /* display the data */ ?> <div class="boxgrid captionfull"> <a id="<?php echo $id ?>" <a class='visit' href="project.php?id=<?php echo $news ?>"> <?php echo $image; if(strstr($image, 'jpg') or (strstr($image, 'png')) or (strstr($image, 'gif')) or (strstr($image, 'bmp')) or (strstr($image, 'jpeg')) ) { echo "<img class='cpimg' src='images/portfolio/$image' alt='' />"; }else { echo "";} ?>"></a> <div class="cover boxcaption" style="top: 122px; "> <p align="left"><?php echo $title ?></p> </div> </div> <?php //Check whether the session variable SESS_MEMBER_ID is present or not if(isset($_SESSION['SESS_MEMBER_ID']) || (!trim($_SESSION['SESS_MEMBER_ID']) == '')) { echo "<form class='editbtn' action='editportfolio.php' method='POST'>"; echo "<input type='hidden' name='idf' value='$id' />"; echo "<input src='images/editbtn.png' type='image' value='Edit' />"; echo "</form>"; echo "<form class='editbtn' action='deletportfolio.php' method='POST'>"; echo "<input type='hidden' name='ide' value='$id' />"; echo "<input src='images/delbtn.png' type='image' value='Delete' />"; echo "</form>"; } else { echo ""; } } } /* this is where the script decides what do do */ echo "\n"; switch($_GET['action']) { case 'all': displayNews(1); break; default: displayNews(); } echo "\n"; ?> <?php //Check whether the session variable SESS_MEMBER_ID is present or not if(isset($_SESSION['SESS_MEMBER_ID']) || (!trim($_SESSION['SESS_MEMBER_ID']) == '')) { echo "<span class='show_all'>"; echo "<a class='show' href='admincp.php'> Admin</a>"; echo "</span>"; echo "<span class='show_all'>"; echo "<a class='show' href='logout.php'> Logout</a>"; echo "</span>"; } else { echo ""; } ?> with the line, " while ($row9 = mysql_fetch_assoc ($result9)) {" being line 129 any help would be much appreciated! Thank you, Martin $pastelink = "<br /><a href='view.php?paste=$lol&language=$language'>$name</a>"; mysql_query("INSERT INTO recent (url) VALUES ('$pastelink')"); That query won't run, however if I do this: $test = $_POST['name']; //$pastelink = "<br /><a href='view.php?paste=$lol&language=$language'>$name</a>"; mysql_query("INSERT INTO recent (url) VALUES ('$test')"); It will run, is this because of the single quotes in $pastelink? & If so, how can I fix it? will this code check if value is null Code: [Select] if($_SESSION["cart"] != null) Can someone advise me how to check for malicious PHP code? If I download a script from somewhere, how can I make sure it's not malicious? If bad, maybe it could delete files?? Or send spam? Or EVEN 'send home' code - so that they can track your usage - OK if I consent - not OK if haven't consented and they're doing it sneakily! Sending spam has been a problem when installing Joomla plugins Are there specific commands I should watch out for in PHP scripts? Like send mail or something? I'm sure the baddies would be clever and maybe use IP numbers to send out to instead of domain names? Is there a PHP code checker online? Something that tells you what your PHP script does? Simple things: like tell you if it sends out mail or makes contact outside or deletes files This would be great - it would save a lot of time going through hundreds/thousands of lines of code Thanks OM can someone check if what the problem with my code Code: [Select] $avatar2 = mysql_query("SELECT `users`.`imagelocation' FROM `users` `forum_replies` WHERE `users`.`id`= `forum_replies`.`uid`")or die(mysql_error()); try { $sql = "SELECT StudentID,CourseID FROM student,course WHERE StudentID =" . $_POST['sid'] AND CourseID =".$_POST['cid'] ; //-----> error line $query = mysql_query($sql) or trigger_error('MySQL error: ' . mysql_error()); if (mysql_num_rows($query) > 0) { throw new Exception('StudentID already taken'); } } NB: basicaly im inserting data into a table from another two table field. This is what I have for the form (in short version) along with the text area and submit button. The form shows up OK on the Internet http://www.lakegenevapieco.com/test_product_list.php The problem is when I fill it out & submit it doesn't do two things: 1) It doesn't E-Mail me the information 2) It doesn't say, Thank you for using our mail form. It actually says page not available. Here is the code: <html> <head> <meta http-equiv="Content-Language" content="en-us"> <title>Products to be listed on the web site for the month of</title> </head> <body> Products to be listed on the web site for the month of <select size="1" name="MONTH"> <option selected>PICK MONTH</option> <option>1-JANUARY</option> <option>2-FEBUARY</option> <option>3-MARCH</option> <option>4-APRIL</option> <option>5-MAY</option> <option>6-JUNE</option> <option>7-JULY</option> <option>8-AUGUST</option> <option>9-SEPTEMBER</option> <option>10-OCTOBER</option> <option>11-NOVEMBER</option> <option>12-DECEMBER</option> </select> <select size="1" name="YEAR"> <option selected>PICK YEAR</option> <option>2010</option> <option>2011</option> <option>2012</option> <option>2013</option> <option>2014</option> <option>2015</option> </select></p> <p><input type="checkbox" name="PumpkinSB" value="ON"> Pumpkin Price increase to <input type="text" name="PriceIncreaseTo151" size="20" value="$"></p> <p><input type="checkbox" name="PumpkinWalnutSB" value="ON"> Pumpkin Walnut Price increase to <input type="text" name="PriceIncreaseTo152" size="20" value="$"></p> <p><input type="checkbox" name="RaspberrySB" value="ON"> Raspberry Price increase to <input type="text" name="PriceIncreaseTo153" size="20" value="$"></p> <p> </p> <p> </p> <p> <?php function spamcheck($field) { //filter_var() sanitizes the e-mail //address using FILTER_SANITIZE_EMAIL $field=filter_var($field, FILTER_SANITIZE_EMAIL); //filter_var() validates the e-mail //address using FILTER_VALIDATE_EMAIL if(filter_var($field, FILTER_VALIDATE_EMAIL)) { return TRUE; } else { return FALSE; } } if (isset($_REQUEST['email'])) {//if "email" is filled out, proceed //check if the email address is invalid $mailcheck = spamcheck($_REQUEST['email']); if ($mailcheck==FALSE) { echo "Invalid input"; } else {//send email $email = $_REQUEST['email'] ; $subject = $_REQUEST['subject'] ; $message = $_REQUEST['message'] ; mail("myemail@mia.net", "Subject: $subject", $message, "From: $email" ); echo "Thank you for using our mail form"; } } else {//if "email" is not filled out, display the form echo "<form method='post' action='mailform.php'> Email: <input name='email' type='text' /><br /> Subject: <input name='subject' type='text' /><br /> Message:<br /> <textarea name='message' rows='15' cols='40'> </textarea><br /> <input type='submit' /> </form>"; } ?> </p> </form> </body> </html> how to update the record of one table in which condition is that the it should similar to the other table feild only. e.g field of table1 will update only when the feild1 of table1 is equal to field2 of table2 in php?? while im using following command mysql_select_db("db1",$con); $query = "SELECT table2.feild1 , table2.feild1 " . "FROM table2, table1 " . "WHERE table1.feild2 = table2.feild1 "; $data = mysql_query($query) or die(mysql_error()); $sql="UPDATE table2 SET feild2='$_POST[value2]', feild3='$_POST[value3]' WHERE table1.feild2 = $data "; This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=306339.0 |
|||||||