PHP - Overwrite Data Stored On A Db

 wrote a stored procedure this morning and i don’t know how to get the values out of it through a class function in php or phpmyadmin.

here is what i wrote :

public function totalProcedures($friend_name,$session_id) 
{ /* *query to fetch stored procedure */ 
try { 
//executing the stored procedure 
$sql_sp="CALL timeline (:friend, :session,@updates, @group_posts)";
$stmt_sp= $this->_db->prepare($sql_sp); 
$stmt_sp->bindValue(":friend",$friend_name);
$stmt_sp->bindValue(":session",$session_id); 
$stmt_sp->execute();
$rows=$stmt_sp->fetch(PDO::FETCH_ASSOC); 
$stmt_sp->closeCursor(); // closing the stored procedure 
//trying to get values from OUT parameters.
$stmt_sp_2=$this->_db->prepare("select @updates,@group_posts");
$stmt_sp_2->execute();
return $stmt_sp_2->fetch(PDO::FETCH_ASSOC);
} catch (PDOException $ei)
{
echo $ei->getMessage(); } 
}

can someone helpme how to get results.

here is the storedprocedu

DELIMITER $$
CREATE DEFINER=`root`@`localhost` PROCEDURE `timeline`(IN `friend` VARCHAR(255), IN `session_id` VARCHAR(255), OUT `updates` VARCHAR(62555), OUT `group_posts` VARCHAR(62555))
BEGIN


select * FROM updates where author in (friend,session_id)  order by time desc limit 5;



select * FROM group_posts where author_gp in (friend,session_id) order by pdate desc limit 5;
END$$
DELIMITER ;

i get the result in php myadmin as follows:

 how do i do this inside a php class function.

CALL timeline('shan2batman','aboutthecreator', @updates, @group_posts);

 

hi all, i have written a seating plan page for my website which allows users to click on a seat and that seat is then allocated to there username, however theres nothing stopping a user changing the URL to a seat thats been taken and "taking" that seat from someone else.

heres my code for my reserve_seat.php

<?PHP
session_start();
/* get user id */
$user_id = $_SESSION['username'];

/* get the seat number */
$seat_id = $_GET['seat'];

/* connect to data base */
require ('./secure/connect.php');


/* create query */
$query = "UPDATE seats_table set taken = FALSE, user_id = '0' WHERE user_id = '$user_id'";
$query2 = "UPDATE seats_table set taken = TRUE, user_id = '$user_id'  WHERE id = '$seat_id'";
/* $query3 = "UPDATE users set signed_up = '3' WHERE username = '$user_id'"; */


/* execute the query */
$result = mysql_query($query);
$result2 = mysql_query($query2);
/* $result3 = mysql_query($query3); */


/* advise user their seat has been reserved */
include 'seating.php';

?>

so if a user reserves seat 28 the url is http://localhost/reserve_seat.php?seat=26, but theres nothing stopping another user typing this url and "stealing" this seat

i need some kind of IF statement before the sql queries that checks to see if the seats "taken" column is 1 or 0 bearing in mind there is 49 seats but im lost at how to write it. any help would be great

Lee

Hello there,

I have some code here which sends a number of variables from flash to SQL...

I would simply like to add the functionality to overwrite records which have the same 'name' or 'pseudo'... can anyone help me please ? Thanks in advance Martin


<?php

$pseudo=$_POST['var1'];
$score=$_POST['var2'];
$table = $_POST['tab'];

$dategame = $_POST['tempjoueur'];
//$micro = microtime();
//$dategame = time()."".substr($micro, 2, 6);

$_COOKIE['User'] = $_SERVER['REMOTE_ADDR'];
$envoie = InsertDatas($table, "name, score, dategame", "'".$pseudo."','".$score."','".$dategame."'");
if ($envoie) {
print_r("OK, $pseudo, $score, $dategame,$ipclient");
}
else { echo "BAD, $pseudo, $score, $dategame,$ipclient"; }
?>

Hello. i am building a facility for members of my website to upload profile pictures.

It works, but what I want to do is have the below script check and overwrite the previous file if they want to update it. As you will see it enforces the image to be named after the username.

Code: [Select]
function findexts ($filename) { $filename = strtolower($filename) ;
        $exts = split("[/\\.]", $filename) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts;
        }
        $ext = findexts ($_FILES['uploaded']['name']);

        //$ran = rand () ;
        $ran2 = $eo_user_name.".";
        $target = "../images/eoprofile/"; //This assigns the subdirectory you want to save into... make sure it exists!
        $target = $target . $ran2.$ext;  //This combines the directory, the random file name, and the extension

         if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) {
             echo "The file has been uploaded as ".$ran2.$ext; }
             else { echo "Sorry, there was a problem uploading your file."; }
Help appreciated.

Thanks...

Hi,

I've got a FORM Setup. The form has a current image and an option to add a new image (In place of that image)

The form fields in question are :
Code: [Select]
<input type="hidden" name="image_url" value="<?php echo $row_select_propertyimages['image_url']; ?>" />
<input type="file" name="new_image_url" class="inputfile" />
I've setup an IF Statement, to check that if new_image_url ISNT set, then to keep the current image. Otherwise, overwrite it with new_image_url. When I dont choose to upload a new file, The code works correctly.

The code is as follows.
Code: [Select]
if(empty($_POST['new_image_url'])) {
    $image_url = $row_select_propertyimages['image_url'];
} else {
    $image_url = $_FILES['new_image_url'];
}

The data then gets input to a Database. But at the moment, It is not overwriting what is currently there. Can anyone help me on this?

My full code is :
Code: [Select]
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$colname_select_propertyimages = "-1";
if (isset($_GET['image_id'])) {
  $colname_select_propertyimages = $_GET['image_id'];
}
mysql_select_db($database_db_connect, $db_connect);
$query_select_propertyimages = sprintf("SELECT * FROM image WHERE image_id = %s", GetSQLValueString($colname_select_propertyimages, "int"));
$select_propertyimages = mysql_query($query_select_propertyimages, $db_connect) or die(mysql_error());
$row_select_propertyimages = mysql_fetch_assoc($select_propertyimages);
$totalRows_select_propertyimages = mysql_num_rows($select_propertyimages);

mysql_select_db($database_db_connect, $db_connect);
$query_select_property = "SELECT property.property_id, property.property_name FROM property ";
$select_property = mysql_query($query_select_property, $db_connect) or die(mysql_error());
$row_select_property = mysql_fetch_assoc($select_property);
$totalRows_select_property = mysql_num_rows($select_property);

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "addproperty")) {

if(empty($_POST['new_image_url'])) {
    $image_url = $row_select_propertyimages['image_url'];
} else {
    $image_url = $_FILES['new_image_url'];
}
echo $image_url;

$updateSQL = sprintf("UPDATE image SET image_url=%s, image_desc=%s, image_disphome=%s, image_property_id=%s WHERE image_id=%s",
                       GetSQLValueString($image_url, "text"),
                       GetSQLValueString($_POST['image_desc'], "text"),
                       GetSQLValueString(isset($_POST['image_disphome']) ? "true" : "", "defined","'Y'","'N'"),
                       GetSQLValueString($_POST['image_property_id'], "int"),
                       GetSQLValueString($_POST['image_id'], "int"));

  mysql_select_db($database_db_connect, $db_connect);
  $Result1 = mysql_query($updateSQL, $db_connect) or die(mysql_error());

//  $updateGoTo = "success_editproperty.php";
//  if (isset($_SERVER['QUERY_STRING'])) {
//    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
//    $updateGoTo .= $_SERVER['QUERY_STRING'];
//  }
//  header(sprintf("Location: %s", $updateGoTo));
}
?>

Many Thanks in advance.

Hi every body.I'm new to php and this site.this code I've written is for uploading file and I want it to don't overwrite files with the same name.I thought I told it to with file exists.but doesn't work.can't figure out where the problem is.Sorry for my English and Thanks!   <?php
    function upload($file,$dest){
        $a=explode('.', $file['name']);
        $filename=$a[0];
        $ext=$a[1];
        $add=microtime();
        if (file_exists($file['name'])) {
                $filename=$add.$filename.$ext;
            }
        if(move_uploaded_file($file['tmp_name'],$dest.$file['name'])){
            echo 'File Uploaded';
        }    
        print_r($file['name']);
    }
    /*
    Array
(
    [picture] => Array
        (
            [name] => Chrysanthemum.jpg
            [type] => image/jpeg
            [tmp_name] => C:\Users\NOVINP~1\AppData\Local\Temp\php\upload\phpFA89.tmp
            [error] => 0
            [size] => 879394
        )
    */
?>
<html>
<head>
<title>File Upload</title>
</head>
<body>
    <?php
        if($_FILES['picture']['name']){
            upload($_FILES['picture'],'upload/');
        }
    ?>
    <form action="" method="post" enctype="multipart/form-data">
        <table width="500" align="center">
            <tr>
                <td><input type="file" name="picture"></td>
            </tr>
            <tr>
                <td><input type="submit" value="Upload" name="submit"></td>
            </tr>
            <tr>
                <td><input type="hidden" name="form" value="1"></td>
            </tr>
        </table>
    </form>
</body>
</html>

Hi,

I have a page where a user can change his password

what i want to acheive is a way of checking the database if the text the user has entered in the textboxes already exist in the db, and if it does exist change a certain part.

for example the user goes to the address, types in the email, user name and password twice.  if the username and email match in the db i would like the password to write over the old password that was in the db.

i keep confusing myself when i think i know what im doing but i keep stumbling.

i know this sounds a bit confusing so please ask if you need more understanding.

so far ive got:

Code: [Select]
    <?php
$n=$_POST['uname'];
$e=$_POST['email'];

if( $_POST['submitted'] == 'yes' ) {
     if( $_POST['pass_1'] != $_POST['pass_2'] ) {
          // fields don't match, so do something to indicate the error . . .
  
  echo '<p>Passwords Do Not Match</p>';
     }
 // connect to the db
 include('config.php');
 $query="select * from user where uname='$n' and email='$e'";
 $result=mysql_query($query);
 
}
?>
<form action="" method="post">
<input type="text" name="uname" id="uname" size="30">
<input type="text" name="email" id="email" size="30">
<input type="password" name="pass_1" />
<input type="password" name="pass_2" />
<input type="hidden" name="submitted" value ="yes" />
<input type="submit" name="submit" value="Change Password" />
</form>
just by looking at my code again i think its not right at all, the first php bit is only checking the password textboxes. i think i need to remove my email and username out of that form and put them in another. am i right?  sorry im not that good at php or mysql

thanks in advance and sorry for such a long read

This topic has been moved to MySQL Help.

http://www.phpfreaks.com/forums/index.php?topic=348130.0

I'm working on a project and cannot figure out why one piece of code works in one project but not in this one.

Code: [Select]
$username = "voltageme5";
$result = $mysqli->query("call usernameCheck($username)");

returns
string(43) "Unknown column 'voltageme5' in 'field list'"

Here is the stored routine:

Code: [Select]
CREATE PROCEDURE `database`.`table` (IN memUsername varchar(45))
BEGIN
select count(*) as total from members where username = memUsername;
END

Whats weird is that in the PHP code if i replace the variable with a string, it works. It's only with the variable in the call that it errors out like that. I'm new to this stored procedure thing so I'm sure I'm missing something stupid.

The path to a image is stored in a variable and I need to display this image in the email. Can someone help me.

This is my current attempt and nothing is happening. But the variable passes the URL correctly.

Code: [Select]
<TABLE BORDER='0'>
<TR>
<TD align='left' width='370'><img src='".$dis_logoimg."' width='370' height='86' /></TD>
</TR>
</TABLE>

Hi Everyone,

I have this php page that runs couple of MS SQL stored procedures to fetch me values from SQL Server, however I have run into a problem where not more then 2 stored procedures are executed at same time. For instance below mentioned code only fetches me values for 1st and 2nd SP's. If I need values from the 3rd stored procedure then I would have to comment either one of the first two stored procedure.   Can someone please tell me what is that I am doing wrong.   I am relatively new to PHP, so please be gentle. Any help would be highly appreciated.

Thanks.

<?php


if($conn = mssql_connect('host', 'user', 'pass')) echo 'Connected to SQLEXPRESS<BR>';
if(mssql_select_db("database",$conn)) echo 'Selected DB: SomeDatabase<BR>';

$variable1=something;

$sql_statement =  mssql_init("stored_procedure1 '$variable1'", $conn);
$result=mssql_execute($sql_statement);

$x=0;

while ($row = mssql_fetch_assoc($result))
    {
    $column2[$x]= $row['column2'];
    $column1= $row['column1'];
    
$x++; }

    
echo "Value 1: $column1      </br>";
echo "Value 2: $column2[0]  </br>";
echo "Value 3: $column2[1]  </br>";
echo "Value 4: $column2[2]  </br>";
echo "Value 5: $column2[3]  </br>";
echo "Value 6: $column2[4]  </br>";
echo "Value 7: $column2[5]  </br>";


mssql_free_statement($sql_statement);



$sql_statement =  mssql_init("stored_procedure2 '$variable1'", $conn);
$result=mssql_execute($sql_statement);


$x=0;

while ($row = mssql_fetch_assoc($result))
    {
    $someval1[$x]= $row['somecolumn1'];
    $someval2[$x]= $row['somecolumn2'];
    $someval3= $row['somecolumn3'];
    $someval4= $row['somecolumn4'];
    $someval5= $row['somecolumn5'];
    $someval6= $row['somecolumn6'];

$x++; }

    
echo "Something1: $someval1[0]</br>";
echo "Something2: $someval3 </br>";
echo "Something3: $someval2[0] </br>";
echo "Something4: $someval4 </br>";
echo "Something5: $someval6 </br>";
echo "Something6: $someval5 </br>";


mssql_free_statement($sql_statement);


$sql_statement =  mssql_init("stored_procedure3 '$variable1'", $conn);
$result=mssql_execute($sql_statement);


$x=0;

while ($row = mssql_fetch_assoc($result))
    {
    $somevaluecheck= $row['somecolumncheck'];

$x++; }
    
echo "SomethingCheck: $somevaluecheck </br>";


mssql_free_statement($sql_statement);


?>

Hello,

Here's my system. Once a user is successfully logged in, a new instance of a User class is created. The constructor of this class grabs the details of the logged-in user from a database and stores them inside properties in the User class.

The problem is, obviously I'd want to access these properties from any page I require them to be able to display user data, so I looked into storing the User object in a Session.

When I tried implementing this, I ran into a bunch of errors and I couldn't figure it out.

Here's an example:

After a user has logged in, I had the following code:
Code: [Select]
$_SESSION['user'] = new User($this->username);
I was under the impression that this assigns a user object to a session. But it's not working as I receive this error:

Quote

Notice: Undefined index: user in ../v2/admin/index.php on line 18



Then on the page I want to display the name of the current user logged-in, I had this code:
Code: [Select]
$_SESSION['user']->get_Name();
But then I get this error:
Quote

Fatal error: Call to a member function get_IP() on a non-object in ../v2/admin/index.php on line 18



Can tell me what I have to do, to make this work?


Thanks.

How can I run php code that is stored in a database?

I have my pages created by grabbing the contents of a pageBody mySQL table cell, but some pages require further php to be able to display correctly.

For example, I have a players page, which will list all players, and some information about them. The players and information is all saved in a players table in my database (separate to the pages table where pageBody is stored). I use simple php to grab all the players and format all of their information so it can be displayed on the page.

This is the flow of information that I would like:
User clicks on players page browser loads content page (this is a template page), and grabs the pageid from $_GET browser then reads pages table in database to get the pageBody associated with the pageid The pageBody will contain more php, which will run the players script to retrieve the list, and display
Doing it the above way will make it much easier to extend the website to include more types of pages that has to run additional php scripts.
The only way I can think of this working is by doing this:
user clicks on players page
browser loads content page, grabs pageid from $_GET browser checks the pageid for the one associated with players (hard coded into the php script) browser then loads the players.php script instead of going to the database This above way means that I will need to edit the index.php page everytime I add a new list type (example, coaches, volunteers etc).

Anyone have any suggestions? I know my question is long, but I was finding it hard to explain it in an easy to understand way, but I'm still not sure if I have :S.

Cheers
Denno

I am trying to make a  setup file for a website I'm developing, and am having the database tables and stored procedures created automatically.  However, I'm having issue getting the stored procedures to be created.  Here is my code:
Code: [Select]
$db->Q("
DELIMITER $$
CREATE PROCEDURE `Database`.`Procedure_Name`(in sp_uid mediumint(20) unsigned, in sp_user varchar(15), in sp_pass varchar(20), in sp_email varchar(30))
BEGIN
Insert Into Table Values (sp_uid, sp_user, md5(sp_pass), sp_email, '1', '1', '0');
Select true;
END$$
");
Assume that the "$db->Q()" works just fine, as I'm having issues no where else with it.  This automatically connects to the database and runs a query with whatever is inside the "()".  The tables are being created just fine, but no stored procedures are being created.  I've tried everything I can think of, and googled my question many different ways without finding an answer or work-through.  Does anyone know what I am doing wrong?

Thanks in advance.

Hey guys,

I have been banging my head against a wall here with this. I am saving my sessions in my database via session_set_save_handler(). So let me walk you through what I have here, what works, and what the issue seems to be.

basically, the problem is the $_SESSION array is empty on page load.

common.php:
I have the open / close / read / write / destroy / and gc functions. These all work properly as when i use a session variable it stores into the database and i can see all of the information in there..

inside of common.php i have session_start().. I am positive that the session_start() is running becasue common.php is included into index.php and i tried adding session_start() to index.php again and i got an E_NOTICE saying the session already began.

(yes, for the read function i am returning a string... i included that below).

for the table itself, i have set the session_data as both text and blob, same issue with both.


index.php:
includes common.php. I know it's included as other aspects of the file are included and work properly.

if i call var_dump($_SESSION) i get an empty array.  and i prited out the session_id() and it matched my session id in the database. and the values that are stored in there are correct. i have for example:

count|i:0

now with that value actually in the database and when calling session_id() and i get the ID that matches in the table. so i will get an E_NOTICE of an undefined index..

i was trying something like:


if(!isset($_SESSION['count']))
     $_SESSION['count'] = 0;
else
     $_SESSION['count']++;

echo $_SESSION['count'];


Everytime the page is reloaded, count is reset to 0.. I can tell that it is reset to 0 as the expired time changes in the database after every load of the page (which is part of the write function).  I double checked that it wasn't a problem for some reason with the ++ by adding in a variable that sets to 1 when in the if, and 0 if in the else, and it always outputs a 1.

i have included here my read function since that apparently is the issue..

function sess_read($sess_id)
{
      global $DB;      

      $sql = "SELECT `session_data` FROM `sessions` WHERE
                session_id = '".$sess_id."' AND
                session_agent = '".$_SERVER["HTTP_USER_AGENT"]."' AND
                session_expire > '".time()."';";                

       $query = $DB->query($sql);       

       if($DB->num_rows($query) > 0)       
       {

       $r = $DB->fetch($query);       
           return settype($r['session_data'], 'string');           

   }       

   

        
       return '';
}

I tried also with removing the agent and expire check to see if it was an issue there but same problem.

I probably have missed something really dumb but i can't for the life of me figure it out and I have googled around for a similar issue. The actual output of the page is correct.. all of the HTML and CSS information loads properly.. no errors are reported (and i have E_ALL on).

Thanks