PHP - Stripslashes In Mysql Query Var

If you also have any feedback on my code, please do tell me. I wish to improve my coding base.

Basically when you fill out the register form, it will check for data, then execute the insert query. But for some reason, the query will NOT insert into the database. In the following code below, I left out the field ID. Doesn't work with it anyways, and I'm not sure it makes a difference.

Code:

  Code: [Select]
mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)");
Full code:

Code: [Select]
<?php
include_once("includes/config.php");
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><? $title; ?></title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>
 
<div id="wrap">
 
<div id="header">
<h1><? $title; ?></h1>
<h2><? $description; ?></h2>
</div>
 
<? include_once("includes/navigation.php"); ?>
 
<div id="content">
<div id="right">
<h2>Create</h2>
<div id="artlicles">
<?php
 
if(!$_SESSION['user'])
{
 
        $username = mysql_real_escape_string($_POST['username']);
        $password = mysql_real_escape_string($_POST['password']);
        $name = mysql_real_escape_string($_POST['name']);
        $server_type = mysql_real_escape_string($_POST['type']);
        $description = mysql_real_escape_string($_POST['description']);
 
        if(!$username || !$password || !$server_type || !$description || !$name)
        {

        echo "Note: Descriptions allow HTML. Any abuse of this will result in an IP and account ban. No warnings!<br/>All forms are required to be filled out.<br><form action='create.php' method='POST'><table><tr><td>Username</td><td><input type='text' name='username'></td></tr><tr><td>Password</td><td><input type='password' name='password'></td></tr>";
        echo "<tr><td>Sever Name</td><td><input type='text' name='name' maxlength='35'></td></tr><tr><td>Type of Server</td><td><select name='type'>
       
        <option value='Any'>Any</option>
        <option value='PvP'>PvP</option>
        <option value='Creative'>Creative</option>
        <option value='Survival'>Survival</option>
        <option value='Roleplay'>RolePlay</option>
       
        </select></td></tr>
       
        <tr><td>Description</td><td><textarea maxlength='1500' rows='18' cols='40' name='description'></textarea></td></tr>";
        echo "<tr><td>Submit</td><td><input type='submit'></td></tr></table></form>";
        }
        elseif(strlen($password) < 8)
        {
        echo "Password needs to be higher than 8 characters!";
        }
        elseif(strlen($username) > 13)
        {
                echo "Username can't be greater than 13 characters!";
        }
        else
        {
                $check1 = mysql_query("SELECT username,name FROM servers WHERE username = '$username' OR name = '$name' LIMIT 1");
               
                if(mysql_num_rows($check1) < 0)
                {
                        echo "Sorry, there is already an account with this username and/or server name!";
                }
                else
                {
                        $ip = $_SERVER['REMOTE_ADDR'];

                        mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)");
                        echo "Server has been succesfully created!";
                }
        }
       
}
else
{
        echo "You are currently logged in!";
}
 
?>
</div>
</div>
 
<div style="clear: both;"> </div>
</div>
 
<div id="footer">
<a href="http://www.templatesold.com/" target="_blank">Website Templates</a> by <a href="http://www.free-css-templates.com/" target="_blank">Free CSS Templates</a> - Site Copyright MCTop
</div>
</div>
 
</body>
</html>

Simple question about slashes.

If a user uses slashes in their text will all of them be removed using 'stripslashes' function or only the ones that have the  '
to the right of the slashes. ?

sorry posted before its time.....


peoples names like...



o'grady

o'murphy

shows on the screen as

o\'grady

and

o\'murphy

I'm restarting this under a new subject b/c I learned some things after I initially posted and the subject heading is no longer accurate.

What would cause this behavior - when I populate session vars from a MYSQL query, they stick, if I populate them from an MSSQL query, they drop.

It doesn't matter if I get to the next page using a header redirect or a form submit.  I have two session vars I'm loading from a MYSQL query and they remain, the two loaded from MSSQL disappear. 

I have confirmed that all four session vars are loading ok initially and I can echo them out to the page, but when the application moves to next page via redirect or form submit, the two vars loaded from MSSQL are empty. 

Any ideas?

Hi there, I am executing this query in the code below, it executes as I want it except when it gets the title, it doesnt get the title for that row it just gets it from the first row in the table... if that makes sense... what is going on?

Code: [Select]
<?php
require'styles/top.php';
?>
<br>

<center><table border='0' width='100%' style='text-align:center; font-weight:bold;'>
<tr>
<td width='33%'>Subject</td>
<td width='33%'>From</td>
<td width='33%'>Date</td>
</tr>
</table></center>
<br>
<?php
  $query = mysql_query("SELECT * FROM messages WHERE to_user='$username' ORDER BY message_id DESC") or trigger_error('Error: ' . 

mysql_error()); 
$numrows = mysql_num_rows($query);
if ($numrows > 0){

while ($row = mysql_fetch_assoc($query)){
$id = $row['message_id'];
$from = $row['from_user'];
$to = $row['to_user'];
$title - $row['message_title'];
$content = nl2br($row['message_content']);
                    $date = $row['date'];
echo"<center><table border='0' width='100%' style='text-align:center; font-weight:bold;'>
<tr>
<td width='33%'>$title</td>
<td width='33%'>$from</td>
<td width='33%'>$date</td>
</tr>
</table></center>
<br>";



}
}
else
echo '';

?>
</div>




<div id='left'>

</div>

<div id='right'>

</div>

Hi,

Relative newbie here pulling his hair out!

I've just started to attempt to build a stock control system for my parent's business and am having problems.

I'm building a (what I though) simple page that will just return all the info from a table.

Each stock item has it's own stock code (5 characters) and also a barcode.

There may be more than one barcode assigned to each stock item so I created a seperate table with just two fields - barcode and stockcode - the barcode obviously has to be unique but the stockcode doesn't.

The way I have done it is with a form where you can enter the stock code - this then becomes $STOCKCODE and the rest of the page displays the result for that code - so far so good.

Now I want it to see if the data entered into the form is greater than 5 characters. If it is it will then assume that you have entered a barcode and look for the stockcode from the other table and assign that to $STOCKCODE instead.

The code below is the part that isn't working. Entering a stock code brings up the correct result, but enter a barcode and it just returns an incorrect product (always the same incorrect product irrespective of what you type in). Executing the barcode lookup query directly in mysql on it's own works and generates the correct stock code but there's something awry in the way I've done it that I can't seem to work out. The "echo "not recognised" at the end doesn't work either.
Googling the problem had just confused me even more!

Any help would be appreciated!

Cheers

Code: [Select]
//retrieve form result
$getcode=$_POST['item_entry'];

//Count characters in form result
$num_char=strlen($getcode);

//barcode lookup query
$result = mysql_query("SELECT barcode.SKU FROM barcode WHERE $getcode = 'barcode.BARCODE'");

//se if the entered data was a stockcode or a barcode
if ($num_char == 5) {$STOCKCODE=$getcode;}

elseif ($num_char > 5) {$STOCKCODE=mysql_fetch_assoc($result);}

else echo "not recognised";

Hi   I need a sql query help from you guys.   It is a sql query for get all upline referrer details from database for particular person   when new person register his details are storing in wp_members_tbl with uername, password, firstname, lastname, email, phone, address, referrer etc.   Below the query is for user   $wp_aff_members_db = $wpdb->get_row("SELECT * FROM $members_table_name WHERE refid = '".$_SESSION['user_id']."'", OBJECT);   And below the query is for this user's upline referrer   $wp_aff_members_db = $wpdb->get_row("SELECT * FROM $members_table_name WHERE refid = '$referrer'", OBJECT);   Now i need the query for find and get this referrer's upline referrer.   Please help me with a solution   Regards
Edited by rajasekaran1965, 23 October 2014 - 10:09 AM.

Hello!

Please help... I am trying to use the script below to get results from a mysql database based on a query of the form fields (the names of which are displayed near the top of the script as POST items)

When a location or age etc. is entered into the form, I want the script to search for records which meet those criteria. At the moment the script works but only does so if all the values are entered to match what is in the database. e.g. if the location england and the age 22 was entered into the form, and that matched the value in the database, then at the moment, the script will display the result, but if only the location is entered in the form without any value for age/genre etc. then no results are displayed.

Any help would be very welcome as I have search high and low for a solution on google... which doesn't seem to exist...

I'm not that experienced with php/mysql but am learning on the job so any helpful prompts as to terms etc. would help!

Thanks!

Lewis

<?php 

if($_POST) 
{ 
$searchage = $_POST['searchage'];
$searchlocation = $_POST['searchlocation'];
$searchgenre = $_POST['searchgenre']; 
$searchinstrument = $_POST['searchinstrument']; 
$searchexperience = $_POST['searchexperience']; 
 
// Connects to your Database 
mysql_connect("localhost", "user", "pass") or die(mysql_error()); 
mysql_select_db("DB") or die(mysql_error()); 

$query = mysql_query("SELECT * FROM table_user WHERE userage = '".$searchage."' AND userlocation = '".$searchlocation."' AND usergenre = '".$searchgenre."' AND userinstrument = '".$searchinstrument."' AND userexperience = '".$searchexperience."'") or die(mysql_error()); 

$num = mysql_num_rows($query); 

echo "$num results found!<br>"; 

while($result = mysql_fetch_assoc($query)) 
{ 
$username = $result['username']; 
$useremail = $result['useremail'];
$userage = $result['userage'];
$userlocation = $result['userlocation'];
$usergenre = $result['usergenre'];
$userinstrument = $result['userinstrument']; 
$userexperience = $result['userexperience']; 
$userbiography = $result['userbiography']; 

echo "
Name: $username<br> 
Email: $useremail<br>
Age: $userage<br>
Location: $userlocation<br>
Gen  $usergenre<br>
Instrument: $userinstrument<br>
Experience: $userexperience<br>
Biography: $userbiography<br><br>       
"; 
} 


} 

?> 

Query
whats wrong with this query?

$queryreg = mysql_query("UPDATE application SET employer = '$employer' AND eaddy = '$employer_address' AND ecity = '$employer_city' AND estate = '$employer_state' and ezip = '$employer_zip' AND supervisor = '$employer_supervisor'  WHERE appID = '$appID'") or die(mysql_error());

I can't figure it out.

hi dudes
how do i write a mysql query with 3 columns, where the first column is 'year', the second is 'month' (integer) and the third is 'day' (integer), ordered by desc, but with an extra quirk, where if any of the three columns is zero (which means there is no data for that date column - assume i have a year and a month, but no day)?

my code looks like the following
Code: [Select]
ORDER BY exhib_date_year DESC, exhib_date_month DESC, exhib_date_day DESC

Hello... First I should explain what is wrong. I have a database with a table called subs... Within this table I have a unique field called ID, then a fields called member, date(unix timestamp) amount, month, year...

HOWEVER for each month and year there is several entries all with different date stamps. How can I extract the entry with the most recent date???  However there is a catch. I want to view payments made since a certain date but only one per month... Below is my code... I thnk I need to add or change something slightly but i am fairly new to PHP and am totally stuck...

MANY THANKS IN ADVANCE!!! 
Code: [Select]
[php]$query="SELECT * FROM records WHERE section='B' OR section='C' OR section='S' order by section, surname";
$result=mysql_query($query);
for ($row=0;$row<mysql_num_rows($result);$row++){
  $forename=mysql_result($result,$row,'forename');
  $surname=mysql_result($result,$row,'surname');
  $id=mysql_result($result,$row,'id');
  $ref="19nx".$id.substr($forename,0,2).substr($surname,0,2);
  $section=mysql_result($result,$row,'section');
  $giftAid=mysql_result($result,$row,'giftAid');
  if ($giftAid>1){$day=date('d',$giftAid);$month=date('m',$giftAid);$year=date('y',$giftAid);}else{$day="";$month="";$year="";}
  $giftAidName=mysql_result($result,$row,'giftAidName');
  $giftAidComment=mysql_result($result,$row,'giftAidComment');
 
  $subdate=mktime(0,0,0,$submonth,$subday,$subyear);
 $query="SELECT * FROM subs WHERE member='$id' AND date>$subdate Order BY id DESC";
  $subResult=mysql_query($query);
  $subs="";
  for($ss=0;$ss<mysql_num_rows($subResult);$ss++){
  $amount=mysql_result($subResult,$ss,'amount');
  if ($amount==""){$amount='25';}
  $date=date("M/Y",mysql_result($subResult,$ss,'date'));
  $subs=$subs."<a title='$date' alt='$date'>$amount</a>,";
  }[/php]
This outputs a line of results which is right except it shows 2 or 3 for april, 3 or 4 for may anthoer 2 or 3 for june etc...  I hope someone gets my drift!

Hi all,

I have a database with 2 tables, 'users' and 'battles'. The site pulls 2 random peoples pictures and lets the user choose who they think would win the battle. So if user1 is using the site it might show pictures for user5 and user3. If the user1 chooses that user5 wins then an entry is made into the 'battles' table like this :

voter     win      lose
user1    user5   user3

Any ideas what query I can use so it only shows 2 people that the user hasnt compared before ?

As if its doing this : choose 2 id's from 'users' that user1 hasnt compared before

Hope that makes sense.

Many thanks,

Scott

I have a query which when I run in phpmyadmin it returns the results I want.

When I put it into PHP I get no results can someone tell me what I'm doing wrong?

Code: [Select]
<?php include("config.php"); ?>
<?php
// sending query
$sql = mysql_query("SELECT dayname((date(FROM_UNIXTIME(dateline)))) as 'Day Of Week', date((date(FROM_UNIXTIME(dateline)))) as 'Date', count(*) as 'Number of Opened Tickets', ( select count(ticketmaskid) from swtickets where date(FROM_UNIXTIME(swtickets.lastactivity)) = Date and isresolved=1 ) as 'Number of Closed Tickets' from swtickets where ((date(FROM_UNIXTIME(dateline)) between (DATE_SUB(CURDATE(), INTERVAL (IF(DAYOFWEEK(CURDATE())=1, 9, DAYOFWEEK(CURDATE()))) DAY)) and (DATE_ADD(CURDATE(), INTERVAL (6 - IF(DAYOFWEEK(CURDATE())=1, 8, DAYOFWEEK(CURDATE()))) DAY)) )) group by date(FROM_UNIXTIME(dateline))");
?>

<?php echo $sql; ?>

All it returns is: Resource id #4

When in phpmyadmin I get:

Hi All,

Wondered if someone could help me out with a sql query that I am having difficulty with?

My database consists of 3 tables, clients, video, category.  The video table stores the primary key value of the clients table and the category table as a foreign key.  What I am trying to achieve is return all the videos that are associated to a particular client and group them under the relevant category.  If there are now videos that match the category then I do not want to display the category.  Here is my code so far:
Code: [Select]
  <?php
$sql = "SELECT category.cat_id, category.name AS catname FROM category";
$result = mysql_query($sql) or die (mysql_error());
while($categoryrow = mysql_fetch_assoc($result)) { ?>
    </p>
<div class="themeheader"><h5><?php echo $categoryrow['catname']; ?></h5></div>
<Br />
<?php
$vsql = "SELECT video.video_id, video.title, video.description, video.thumbnail FROM video WHERE video.cat_id = '" . $categoryrow['cat_id'] . "' AND video.client_id = $customerid ORDER BY video.video_id DESC";
$vresult = mysql_query($vsql) or die (mysql_error());
?>
<div class="videos">
<ul>
<?php
while($videorow = mysql_fetch_assoc($vresult)) {
?>
                <li id="categoryList"><a href="film-details.php?video_id=<?php echo $videorow['video_id']; ?>"><img src="+_1m4g35/<?php echo $videorow['thumbnail']; ?>" alt="<?php echo $videorow['title']; ?>" title="<?php echo $videorow['title']; ?>" width="291" height="142" border="0" /></a>
  <h2><?php echo $videorow['title']; ?></h2>
                  <p><?php $limit = 100;
  if (strlen($videorow['description']) > $limit)
  $description = substr($videorow['description'], 0, strrpos(substr($videorow['description'], 0, $limit), ' ')) . '... <a href="film-details.php?video_id='.$videorow['video_id'].'">read more</a>';
  echo $description;
   ?>
                  </p>
<?php } //end video loop?>
</ul>
<br class="clearfloat" />
</div>
<?php } //end category loop ?>
  </div>

The above code is the closest I have got but it still outputs the categories even when there are no videos that match the category id and the client id.

Any help in the right direction gratefully received as I am gradually going insane! 

I have this query that searches the database based on what the user inputed.

However i'm having the following issues with it:


The query is supposed to look for the name of a city in a database table that stores the city names along with their state and country

CITY STATE COUNTRY
Now i have an input field where the user can search a location and it searches the location from the database. When they search the database the input is in the following format:

city, state, country

I then use the following script to separate them into three fields
Code: [Select]
$split = explode(',', $location); // $location being the city, state, country
$city = $split[0];
$state = $split[1];
$country = $split[2];

Then i use this MySql Query to search the fields to make sure the city and country match
Code: [Select]
$get_location = mysql_query("SELECT * FROM locations WHERE name LIKE '$city' AND country LIKE '$country'") or die(mysql_error());
$tmp_loc = mysql_fetch_assoc($get_location);

This is where the problem beings...if i use "AND" to search both fields i get no results even though there are results in there however if i change it to an "OR" statement it finds teh locations however it doesn't do an accurate search...

for example someone searches for Toledo, Ohio, United States, the user will get Toledo, Spain instead of the right Toledo, since Toled, Spain is at the top of the table

I've been trying to get this but i can't get this to work at all every time i use AND it gives me no results

I hope someone here can check help me out

I am creating a site that has to display 36 images on the screen.  The image name is stored in the database.  My problem is if I have less than 36 images stored I need to display a default image.  here is my current query

$sql="SELECT col_image, col_url from tbl_images WHERE col_active='1' and col_bigimage='0' ORDER BY RAND() limit 36";

so If I only have 20 active images. I need to display 16 default images.  I hope this makes sense.

Bill