PHP - Moved: Hello. Just Joined And Need Guidance, Or A Little Bit Of Help Please.

Hi there,
is it possible to join a variable and a string inside a $_POST variable inside a mysql query (UPDATE in this case)

Here is what i am trying to accomplish:

$update = "UPDATE mona SET STKFF='$_POST[$counter."NAME"]' WHERE id='$userid'";

if (!mysql_query($update))
  {
  die('Error: ' . mysql_error());
  }
else echo " <br> Update Complete";

Its the '$_POST[$counter."NAME"]' bit that im worried about, is this possible without having to do:
$foo=$counter."NAME"
'$_POST[$foo]'


Thanks
Chris

Back with a new problem. 

I have 8 tables interconnected. 

Table#1 - Users
user_id | name

Table#2 - user_categories
id | user_id | category_id

Table#3 - user_cities
id | user_id | city_id

Table#4 - user_dates
id | user_id | dates_available

Table#5 - categories
category_id | category_name

Table#6 - cities
city_id | city_name

Table#7 - provinces
province_id | province_name

Table#8 - categories
country_id | country_name

Each user will have multiple categories, cities and available dates listed in these tables. I simply want to retrieve and list each user and their data on a page. 

Here's my query.

$url_city = 1;
$url_category = 2;
$url_date = '2021-07-19';

$find_records = $db->prepare("SELECT user_categories.*, categories.*, user_cities.*, cities.*, provinces.*, countries.*, user_dates.*, users.* FROM users
LEFT JOIN user_categories ON users.user_id = user_categories.user_id
LEFT JOIN user_cities ON users.user_id = user_cities.user_id
LEFT JOIN user_dates ON users.user_id = user_dates.user_id
LEFT JOIN categories ON user_categories.category_id = user_categories.category_id
LEFT JOIN cities ON user_cities.city_id = cities.city_id
LEFT JOIN provinces ON cities.province_id = provinces.province_id
LEFT JOIN countries ON provinces.country_id = countries.country_id
WHERE user_cities.city_id = :city_id AND user_categories.category_id = :category_id AND user_dates.date_available = :date_available GROUP BY users.user_id");
$find_records->bindParam(':city_id', $url_city);
$find_records->bindParam(':category_id', $url_category);
$find_records->bindParam(':date_available', $url_date);
$find_records->execute();
$result_records = $find_records->fetchAll(PDO::FETCH_ASSOC);
if(count($result_records) > 0) {
	foreach($result_records as $row) {

		$user_id    	  =	$row['user_id'];
        $name    		  =	$row['name'];

        $country_id       =	$row['country_id'];
        $country_code     =	$row['country_code'];
        $country_name     =	$row['country_name'];

        $province_id      =	$row['province_id'];
        $province_code    =	$row['province_code'];
        $province_name    =	$row['province_name'];

        $city_id          =	$row['city_id'];
        $city_name        =	$row['city_name'];

        $category_id      =	$row['category_id'];
        $category_name    =	$row['category_name'];

     }
}

There are no errors but the above query would only return a single row with only 1 "user" despite having multiple users in the "users" table. If I remove the GROUP BY, then it'll return multiple rows of the same user instead of all the relevant users.

So what do you think I am doing wrong with my query? 

Edited July 20 by imgrooot

Hi,    I have the following query 

SELECT 
user_details.User_club_ID, 
user_details.fname, 
user_details.lname, 
user_details.email, 
user_details.club_No 
club.CLUBCODE, 
club.club_id
FROM user_details, club
WHERE club_id = $cid AND user_details.club_No = club.CLUBCODE AND user_status = 'active'";

which I converted to a prepared statement as 

SELECT 
user_details.User_club_ID, 
user_details.fname, 
user_details.lname, 
user_details.email, 
user_details.club_No 
club.CLUBCODE, 
club.club_id
FROM user_details, club
WHERE club_id = ? AND user_details.club_No = club.CLUBCODE AND user_status = ?";

Please note that user_status is a field in the table user_details. The original query (non -PDO) works correctly.   I want to know if this is correct and that the comparison in the WHERE clause  i.e. user_details.club_No = club.CLUBCODE is security safe. If not then how should this be modified.   Also if there is a better way to write this statement, kindly show that as well.  Thanks    Thanks all !
Edited by ajoo, 11 December 2014 - 02:35 AM.

I have created a script that will upload and reminder images.
Currently, the script gives each image a common name (myPhotoSample) and a timestamp.

Now, I want to replace the timestamp with a number so that each image is listed sequentially with more easily recognized values (1,2,3,etc).

My concern is the effect this could have if several uploads were coincidentally started simultaneously.

I doubt the script (or directory) would allow duplicate names to be rendered, so would I lose files because of overwriting?

If 3 uploads of 10 images each were all started at exactly midnight what could go wrong? How can I best resolve the risk and ensure that I get 30 complete files sequentially numbered?
 

It's always these seemingly simple tasks that become challenges.

I got a good handle on how to watermark some photos (thanks to respondents to my previous post) and developed a script that calls a function that uses imagettftext()

Essentially, I can upload multiple images and watermark them before they reach their destination folder.

Good stuff.

Now, I got this crazy idea of watermarking them with a sequence number, so that if I grab 12 images, each will be labeled with it's sequence number (rather than a standard text watermark).

I placed $count++ in my script, and then used $count as my $watermark both inside imagettftext and as a variable.

It didn't work.

The closest I got was after placing $count++ inside a watermark function, but. of course, that merely labeled each photo with a "1" (bc each call of the function was a new iteration. 

Can someone please offer some direction here.

Thanks.

 

Hello:

I am very new to PHP. I have done a few basic feedback forms, but that's it.

I have done Classic ASP for years, and am trying to switch over to PHP.

I wanted to see what it would take to make a basic CMS that would allow users to update page content from an admin panel.

Very much like the attached .JPG demo.

Is there existing code available like what I'm trying to do?

I can post the ASP version code if it will help.

I assume it would need a database, but I have only used DNS-less connections with Access - not anything PHP related.

I know the site is hosted on justhost.com, and justhost.com uses unix servers.

Any assistance would be appreciated!

I am trying to set up a class for my database connection. I have it working one way, this is a completely new method I am trying to learn. I have a file called MyClasses.php and in that file I did this. (I am following a not very well done tutorial)

Code: [Select]

class MySQLDatabase
{
private $connection;

function __construct(){
$this->open_connection();
}
public function open_connection(){
$this->connection = new MySQLi('localhost','MyDatabase','password','billpay') or die($mysql->error);
}
}
$database = new MySQLDatabase();

then in my index page where I want to begin by doing a query on the database, I did this

Code: [Select]
<?php include MyClasses.php ?>

$result = $database->query("SELECT * FROM names") or die($mysql->error);


but that gives me this error

Fatal error: Call to undefined method MySQLDatabase::query() in C:\wamp\www\BillPay\index.php

I can't figure out how to get past it.

I'm looking for some direction as I approach a new challenge.

I have a table named friends_and_family and it contains name, email, and age fields.

I'm planning a party and want to invite 10 of the people that are between 20 and 35 years old.

The format I am considering would query the table and provide a list of those members that fit the age requirement.

I would like to generate that result (which I should be capable of handling) so that each person listed has a checkbox next to their name.

I imagine I will be creating a resultant form, so that I can then evaluate the result and select the checkboxes for those specific people that I want to invite.

Upon submission, an email will be sent to the people with selected checkboxes.

How should I approach this best?

A for each loop? Implode an array? 

I'm not very good with AJAX, so I'm thinking along these lines.

 

 

Hi guys,

I need some help from you pro's please with converting code from a TPL template file to PHP.

My client has payment gateway scripts in an ecommerce site that he wants to offer to other merchants.  The code currently is in numerous TPL files (currently being used in Opencart).

What is involved in converting to plain ol' PHP?  Do I need the TPL files at all?  Can I rename the TPL extension to PHP as it looks like they contain PHP code??


Example of one of the TPL's is below:

 
<form action="<?php echo $action; ?>" method="post" id="checkout">
  <input type="hidden" name="instId" value="<?php echo $merchant; ?>" />
  <input type="hidden" name="cartId" value="<?php echo $order_id; ?>" />
  <input type="hidden" name="amount" value="<?php echo $amount; ?>" />
  <input type="hidden" name="currency" value="<?php echo $currency; ?>" />
  <input type="hidden" name="desc" value="<?php echo $description; ?>" />
  <input type="hidden" name="name" value="<?php echo $name; ?>" />
  <input type="hidden" name="address" value="<?php echo $address; ?>" />
  <input type="hidden" name="postcode" value="<?php echo $postcode; ?>" />
  <input type="hidden" name="country" value="<?php echo $country; ?>" />
  <input type="hidden" name="tel" value="<?php echo $telephone; ?>" />
  <input type="hidden" name="email" value="<?php echo $email; ?>" />
  <input type="hidden" name="testMode" value="<?php echo $test; ?>" />
</form>
<div class="buttons">
  <table>
    <tr>
      <td align="left"><a onclick="location = '<?php echo $back; ?>'" class="button"><span><?php echo $button_back; ?></span></a></td>
      <td align="right"><a onclick="$('#checkout').submit();" class="button"><span><?php echo $button_confirm; ?></span></a></td>
    </tr>
  </table>
</div>


I also have 3 PHP files as well, which look like (example):

<?php
class ControllerPaymentOnlineVoucher extends Controller {
protected function index() {

$this->data['button_confirm'] = $this->language->get('button_confirm');
$this->data['button_back'] = $this->language->get('button_back');

$this->load->model('checkout/order');

$order_info = $this->model_checkout_order->getOrder($this->session->data['order_id']);

$this->load->library('encryption');

$this->data['action'] = 'https://www.domain-removed.com/purchaseAndRedeem.php';

$this->data['merchant'] = $this->config->get('onlineVoucher_merchant');
$this->data['order_id'] = $order_info['order_id'];
$this->data['amount'] = $order_info['total'];
$this->data['currency'] = $order_info['currency'];
$this->data['description'] = $this->config->get('config_store') . ' - #' . $order_info['order_id'];
$this->data['name'] = $order_info['payment_firstname'] . ' ' . $order_info['payment_lastname'];

if (!$order_info['payment_address_2']) {
$this->data['address'] = $order_info['payment_address_1'] . ', ' . $order_info['payment_city'] . ', ' . $order_info['payment_zone'];
} else {
$this->data['address'] = $order_info['payment_address_1'] . ', ' . $order_info['payment_address_2'] . ', ' . $order_info['payment_city'] . ', ' . $order_info['payment_zone'];
}

$this->data['postcode'] = $order_info['payment_postcode'];

$payment_address = $this->customer->getAddress($this->session->data['payment_address_id']);

$this->data['country'] = $payment_address['iso_code_2'];
$this->data['telephone'] = $order_info['telephone'];
$this->data['email'] = $order_info['email'];
$this->data['test'] = $this->config->get('onlineVoucher_test');

$this->data['back'] = $this->url->https('checkout/payment');

$this->id       = 'payment';
$this->template = $this->config->get('config_template') . 'payment/onlineVoucher.tpl';

$this->render();

}

public function callback() {

if (isset($this->request->post['callbackPW']) && ($this->request->post['callbackPW'] == $this->config->get('onlineVoucher_password'))) {
$this->language->load('payment/onlineVoucher');

$this->data['title'] = sprintf($this->language->get('heading_title'), $this->config->get('config_store'));

if (!isset($this->request->server['HTTPS']) || ($this->request->server['HTTPS'] != 'on')) {
$this->data['base'] = HTTP_SERVER;
} else {
$this->data['base'] = HTTPS_SERVER;
}

$this->data['charset'] = $this->language->get('charset');
$this->data['language'] = $this->language->get('code');
$this->data['direction'] = $this->language->get('direction');

$this->data['heading_title'] = sprintf($this->language->get('heading_title'), $this->config->get('config_store'));

$this->data['text_response'] = $this->language->get('text_response');
$this->data['text_success'] = $this->language->get('text_success');
$this->data['text_success_wait'] = sprintf($this->language->get('text_success_wait'), $this->url->https('checkout/success'));
$this->data['text_failure'] = $this->language->get('text_failure');
$this->data['text_failure_wait'] = sprintf($this->language->get('text_failure_wait'), $this->url->https('checkout/payment'));

$this->data['button_continue'] = $this->language->get('button_continue');

if (isset($this->request->post['transStatus']) && $this->request->post['transStatus'] == 'Y') { 
$this->load->model('checkout/order');

$this->model_checkout_order->confirm($this->request->post['cartId'], $this->config->get('onlineVoucher_order_status_id'));

$message = '';

if (isset($this->request->post['transId'])) {
$message .= 'transId: ' . $this->request->post['transId'] . "\n";
}

if (isset($this->request->post['transStatus'])) {
$message .= 'transStatus: ' . $this->request->post['transStatus'] . "\n";
}

if (isset($this->request->post['countryMatch'])) {
$message .= 'countryMatch: ' . $this->request->post['countryMatch'] . "\n";
}

if (isset($this->request->post['AVS'])) {
$message .= 'AVS: ' . $this->request->post['AVS'] . "\n";
}

if (isset($this->request->post['rawAuthCode'])) {
$message .= 'rawAuthCode: ' . $this->request->post['rawAuthCode'] . "\n";
}

if (isset($this->request->post['authMode'])) {
$message .= 'authMode: ' . $this->request->post['authMode'] . "\n";
}

if (isset($this->request->post['rawAuthMessage'])) {
$message .= 'rawAuthMessage: ' . $this->request->post['rawAuthMessage'] . "\n";
}

if (isset($this->request->post['wafMerchMessage'])) {
$message .= 'wafMerchMessage: ' . $this->request->post['wafMerchMessage'] . "\n";
}

$this->model_checkout_order->update($this->request->post['cartId'], $this->config->get('onlineVoucher_order_status_id'), $message, FALSE);

$this->data['continue'] = $this->url->https('checkout/success');

$this->template = $this->config->get('config_template') . 'payment/onlineVoucher_success.tpl';
  
   $this->render();
} else {
     $this->data['continue'] = $this->url->https('checkout/payment');

$this->template = $this->config->get('config_template') . 'payment/onlineVoucher_failure.tpl';
  
   $this->render();
}
}
}
}
?>



Any guidance would be highly appreciated...

Phil

Helo - Total newbie here, so please keep that in mind.  I'd really appreciate some wisdom from someone here as to how you would improve this form:

<?php
$email = $_POST['email'];
$message = $_REQUEST['message'];
$message = $_POST['date'];
$message .= $_POST['location'];
$message .= $_POST
['comments'];

mail( "testing@gmail.com, 5602346789@metropcs.com", "General Inquiry",
$message, "From: $email" );
header( "Location: thankyou.html" );
?>


*******************************html******************************
<HEAD><title>Hi</title<HEAD><BODY BGCOLOR="lightgray"><br><br><center><br><br><form method="post" action="sendmail2.php"><table cellspacing="5" cellpadding="5" border="0">
      <tr>
         <td valign="top"><font face="arial">
            <strong>Contact email:</strong><br>
         </td>
         <td valign="top"><font face="arial">
            <input type="text" name="email" size="50" value="" />
            
         </td>
      </tr><tr><td valign="top"><font face="arial">
            <strong>Date:</strong>
         </td>
         <td valign="top"><font face="arial">
            <input type="text" name="date"  size="50" value="" />
            
         </td>
         
      </tr>   <tr><td valign="top"><font face="arial">
            <strong>location:</strong><br>
         </td>
         <td valign="top">
            <input type="text" name="location" size="50" value="" />
            
         </td>
         
      </tr>
      <tr>
         <td valign="top"><font face="arial">
            <strong>Comments:</strong><br><font color="black">
         </td>
         <td valign="top">
            <textarea name="comments" rows="6" cols="40"></textarea>
            
         </td>
      </tr>
      
   
      <tr>
         <td colspan="2" align="center">
            <input type="submit" value=" Submit Form " />
         </td>
      </tr>
   </table>
</form></center></body>

Gday,
I'm trying to add a contact form on my site using a PHP script I downloaded from the web. I have tweaked the script, but I have never used PHP before and haven't got the time to learn it yet. Could someone please help me to get this working, I have added a subject drop down field that I would like to add validation to force the user to choose one, and I'd like the subject they choose to appear in the subject field of the resulting email. Once the PHP script has run and the email has been sent I'd like the text at the bottom to appear on the original page. At the moment when i click submit it just goes to the php page and shows three lines of the error message text.
Here is the relevant code:

This form is placed within a static html page:

Code: [Select]
<form name="contactform" method="post" action="send_form_email.php" style="text-align:left;">
          <label for="first_name">First name <span class="red">*</span></label>
          <input name="first_name" type="text" value="please enter your first name" size="30" maxlength="75" onclick="document.contactform.first_name.value='';" />
          <br/>
          <label for="last_name">Last name <span class="red">*</span></label>
          <input name="last_name" type="text" value="please enter your last name" size="30" maxlength="75" onclick="document.contactform.last_name.value='';" />
          <br/>
          <label for="email" style="margin-right:32px;">Email <span class="red">*</span></label>
          <input name="email" type="text" value="please enter your email address" size="30" maxlength="75" onclick="document.contactform.email.value='';" />
          <br/>
          <label for="phone_number" style="margin-right:34px;">Phone</label>
          <input name="phone_number" type="text" value="please enter your phone number" size="30" maxlength="75" onclick="document.contactform.phone_number.value='';" />
          <br/>
          <label for="email_subject" style="margin-right:19px;">Subject <span class="red">*</span></label>
          <select name="email_subject" style="margin-bottom:10px;">
          <option value="Choose one">Choose one</option>
            <option value="Lost my password">Lost my password</option>
            <option value="Gardening advice">Gardening advice</option>
            <option value="Order status">Order status</option>
            <option value="Web feedback">Web feedback</option>
            <option value="Customer Service">Customer Service</option>
            <option value="Product feedback">Product feedback</option>
            <option value="Other">Other</option>
          </select>
          <br/>
          <label for="comments">Queries/Comments <span class="red">*</span></label>
          <textarea rows="10" cols="50" wrap="virtual" name="comments"
          onclick="document.contactform.comments.value='';" style="margin-bottom:5px;">Please type your query or comments here</textarea>
          <input type="submit" value="Submit" />
      </form>


and here is the seperate php script that is used:

<?php
if(isset($_POST['email'])) {

// EDIT THE 2 LINES BELOW AS REQUIRED
$email_to = "johnc@diggers.com.au";
$email_subject =  $_REQUEST['email_subject'];


 function died($error) {
// your error code can go here
echo "We are very sorry, but there were error(s) found with the form you submitted. ";
echo "These errors appear below.<br /><br />";
echo $error."<br /><br />";
echo "Please go back and fix these errors.<br /><br />";
die();
}

// validation expected data exists
if(!isset($_POST['first_name']) ||
!isset($_POST['last_name']) ||
!isset($_POST['email']) ||
!isset($_POST['telephone']) ||
!isset($_POST['email_subject']) ||
!isset($_POST['comments'])) {
died('We are sorry, but there appears to be a problem with the form you submitted.');
}

$first_name = $_POST['first_name']; // required
$last_name = $_POST['last_name']; // required
$email_from = $_POST['email']; // required
$telephone = $_POST['telephone']; // not required
$telephone = $_POST['email_subject']; // required
$comments = $_POST['comments']; // required

$error_message = "";
$email_exp = "^[A-Z0-9._%-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$";
  if(!eregi($email_exp,$email_from)) {
   $error_message .= 'The Email Address you entered does not appear to be valid.<br />';
  }
$string_exp = "^[a-z .'-]+$";
  if(!eregi($string_exp,$first_name)) {
   $error_message .= 'The First Name you entered does not appear to be valid.<br />';
  }
  if(!eregi($string_exp,$last_name)) {
   $error_message .= 'The Last Name you entered does not appear to be valid.<br />';
  }
  if(strlen($comments) < 2) {
   $error_message .= 'The Comments you entered do not appear to be valid.<br />';
  }
  $string_exp = "^[0-9 .-]+$";
  if(!eregi($string_exp,$telephone)) {
   $error_message .= 'The Telephone Number you entered does not appear to be valid.<br />';
  }
  if(strlen($error_message) > 0) {
   died($error_message);
  }
$email_message = "Form details below.\n\n";

function clean_string($string) {
  $bad = array("content-type","bcc:","to:","cc:","href");
  return str_replace($bad,"",$string);
}

$email_message .= "First Name: ".clean_string($first_name)."\n";
$email_message .= "Last Name: ".clean_string($last_name)."\n";
$email_message .= "Email: ".clean_string($email_from)."\n";
$email_message .= "Telephone: ".clean_string($telephone)."\n";
$email_message .= "Comments: ".clean_string($comments)."\n";


// create email headers
$headers = 'From: '.$email_from."\r\n".
'Reply-To: '.$email_from."\r\n" .
'X-Mailer: PHP/' . phpversion();
@mail($email_to, $email_subject, $email_message, $headers);  
?>

<!-- include your own success html here -->

Thank you for contacting us. We will be in touch within 72 hours of the next working day.

<?
}
?>


Any help on how to get this going would be greatly appreciated, thanks

I have made a classified website. it works and I am proud of it. But as far as securing it goes, I have done almost nothing and I am sure, if in case the site becomes popular, it would be compromised with ease.

So I have started reading a book ' essential php security' and am reading several articles on php security online , but am still unable to wrap my head around the whole security issue.

Can someone help me ? there are a lot of unfamiliar topics, filtering, escaping , validating, session hijacking etc etc and it all goes over my head.

Its a classified website , considering this on what should I concentrate on as far as security goes ? 
btw what I have managed to do is use mysql_real_escape_string on every var going into a mysql $query.

Thanks

This topic has been moved to Ajax Help.

http://www.phpfreaks.com/forums/index.php?topic=328917.0

The PHP Coding Help section is not the place to recruit someone to work on your project.  It's for answering specific questions about specific code.

This topic has been moved to PHP Freelancing.

http://www.phpfreaks.com/forums/index.php?topic=347446.0

This topic has been moved to PHP Freelancing.

http://www.phpfreaks.com/forums/index.php?topic=331097.0