|
PHP - Using Session Array Input To Sql Database
I am trying to create a website that after you receive an email you have to use the email address and password to confirm account. Then the next page allows you to change your password. I want to save the users email from the first page and use it in the SQL statement in the second page to locate the user in the DB and update the data.
There must be some problem with the way I have my code logically set up. It will make it to the 2nd step but then it will go back to the main email confirmation page. <?php include('common.php'); include('db.php'); session_start(); session_register('umail'); session_register('password'); session_register('pwd1'); session_register('pwd2'); if(!isset($_POST['email']) && !isset($_POST['password'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "BLOCKED URL"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> Email: <input type="text" name="email" size="8" /> password:<input type="password" name="password" size="8" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? exit; } else { $umail = $_SESSION['umail'] = $_POST['email']; $password = $_SESSION['password'] = $_POST['password']; dbConnect("web2"); $sql ="SELECT * FROM `user` WHERE email ='$umail'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if(!$result) error('Contact DB admin'); if($result='') error('not in db'); if($_SESSION['umail'] != $row['email'] && $_SESSION['password'] != $row['password']) error('Wrong email or password'); } if(!isset($_POST['pwd1']) && !isset($_POST['pwd2'])) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "BLOCKED URL"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> password: <input type="text" name="pwd1" size="8" /> password confirmation:<input type="password" name="pwd2" size="8" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? } else { $pwd1 = $_SESSION['pwd1'] = $_POST['pwd1']; $pwd2 = $_SESSION['pwd2'] = $_POST['pwd2']; if($_SESSiON['pwd1'] == $_SESSION['pwd2']) { dbConnect("web2"); mysql_query("UPDATE user SET password ='$pwd1' WHERE email ='$umail'"); $sql="SELECT * FROM 'user' WHERE email='$umail'"; $result = mysql_query($sql); $row = mysql_fetch_assoc($result); if($_SESSION['pwd1'] != $row['password']) { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "(BLOCKED URl"> <html> <head> This is a test of my patience</head> <meta http-equov="Content-Type" content="text/html; charset=iso-8859-1"/> </head> <body> <form method="post" action="<?=$_SERVER['PHP_SELF']?>"> password: <input type="text" name="pwd1" size="8" /> password confirmation:<input type="password" name="pwd2" size="8" /> <input type ="submit" name ="submit" value ="submit" /> </form> </body> </html> <? } else { error(' the man'); session_unset(); session_destroy(); } } } ?> Similar TutorialsBefore I get into my problem a couple of things. First, this is a work project. My organization cannot afford a full time developer so as a database guy I'm being asked to develop a web based data system using php/html/mysql/javacript/etc. So I am not asking anyone to help me cheat or violate an honor code for a school project. Also I am having to learn PHP on the fly, by the seat of my pants. Second, my organization is using a version of PHP older that 5.5.X and I am powerless to update the version. So I know that some of the syntax I am using has been deprecated in more recent PHP versions. I don't mean to sound snarky or ungrateful but I really need some help solving this problem versus unhelpful comments about deprecated code. Third I am adapting code from the guys at TechStream so H/T to them. Here is what I am trying to build. My office helps other offices in my large organization manage their records through the creation of a file plan. We are currently using a clunky, user-unfriendly Access database that was created back in 2009. I am tasked to transition that Access hoopty into a proper, web-based, user friendly system. The index.php form page consists of 2 parts. You can see the original TechStream demo he http://demo.techstre...ssing-with-PHP/ I've adapted the top part of the form ("Travel Information") for my users to enter information about their office such as Office Name, Office Code, Office Chief, Creator (the user), Status and date. I've adapted the bottom part of the form ("Passenger Details") to be "Folder Details". This is an html table where users can add up to 10000 rows to list all the folders for their office by entering the folder name in the text box and then assign descriptors to each folder using the drop down menus. I've changed the drop down menus to reflect the descriptors we need, i.e. file-series, classification, media type. The user needs the flexibility to add folders as the number of folders will vary between offices. This adding and deleting of folders is accomplished dynamically through a javascript script.js file. Now, here's my problem. When the user clicks submit button that fires a php script that runs an insert into query to place the array data into the backend mysql database. However, when the foreach loop is only inserting the office office from the top portion of the form with the first folder in the bottom portion of the form. In other words let's say the user fills out the top part with his office information and then adds 5 folders into the html table at the botton. The first folder will be inserted into the database table with both office information and folder information. However the subsequent 4 folders will have their folder information inserted into the table but the office information fields will be null. The office information needs to be inserted with each folder the user adds to the html table piece. I suspect that my foreach loop is only capturing that office information on the first iteration of the loop and then flushing or deleting the office information after the first loop. Also, I suspect there is some disconnect between the html table for entering individual folders and the top part of the form that is not in html format. Any help I can get is most welcome. Thanks in advance! Code is below. index.php <?php
session_start();
if(!isset($_SESSION['myusername'])) {
header('Location:index.php');
}
echo $_SESSION['myusername'];
echo '<a href="logout.php"><span>Logout</span></a></li>';
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Records Management File Plan Application</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link rel="stylesheet" type="text/css" href="css/default.css"/>
<script type="text/javascript" src="js/script.js"></script>
</head>
<body>
<form action="InsertFileDetailArraytoDB.php" class="register" method="POST">
<h1>Office File Plan Application/h1>
<fieldset class="row1">
<legend>Office Information</legend>
<p>
<label>Office Code *
</label>
<input name="officecode[]" type="text" required="required"/>
<label>Date*
</label>
<select class="date" name="day[]">
<option value="1">01
</option>
<option value="2">02
</option>
<option value="3">03
</option>
<option value="4">04
</option>
<option value="5">05
</option>
<option value="6">06
</option>
<option value="7">07
</option>
<option value="8">08
</option>
<option value="9">09
</option>
<option value="10">10
</option>
<option value="11">11
</option>
<option value="12">12
</option>
<option value="13">13
</option>
<option value="14">14
</option>
<option value="15">15
</option>
<option value="16">16
</option>
<option value="17">17
</option>
<option value="18">18
</option>
<option value="19">19
</option>
<option value="20">20
</option>
<option value="21">21
</option>
<option value="22">22
</option>
<option value="23">23
</option>
<option value="24">24
</option>
<option value="25">25
</option>
<option value="26">26
</option>
<option value="27">27
</option>
<option value="28">28
</option>
<option value="29">29
</option>
<option value="30">30
</option>
<option value="31">31
</option>
</select>
<select name="month[]">
<option value="1">January
</option>
<option value="2">February
</option>
<option value="3">March
</option>
<option value="4">April
</option>
<option value="5">May
</option>
<option value="6">June
</option>
<option value="7">July
</option>
<option value="8">August
</option>
<option value="9">September
</option>
<option value="10">October
</option>
<option value="11">November
</option>
<option value="12">December
</option>
</select>
<select name="year[]">
<option value="2013">2013
</option>
<option value="2014">2014
</option>
<option value="2015">2015
</option>
<option value="2016">2016
</option>
</select>
</p>
<p>
<label>Office Chief*
</label>
<input name="officechief[]" required="required" type="text"/>
<label>Status*
</label>
<select name="status[]">
<option value="Draft">Draft
</option>
<option value="Submitted">Submitted
</option>
<option value="Approved">Approved
</option>
</select>
</p>
<p>
<label>Creator *
</label>
<input name="creator[]" required="required" type="text"/>
</p>
<div class="clear"></div>
</fieldset>
<fieldset class="row2">
<legend>Folder Details</legend>
<p>
<input type="button" value="Add Folder" onClick="addRow('dataTable')" />
<input type="button" value="Remove Folder" onClick="deleteRow('dataTable')" />
<p>(All actions apply only to entries with check marked check boxes.)</p>
</p>
<table id="dataTable" class="form" border="1">
<tbody>
<tr>
<p>
<td><input type="checkbox" required="required" name="chk[]" checked="checked" /></td>
<td>
<label>Folder Name</label>
<input type="text" required="required" name="BX_NAME[]">
</td>
<td>
<label for="BX_fileseries">File Series</label>
<select id="BX_fileseries required="required" name="BX_fileseries[]">
<option>100-01-Inspection and Survey/PII-NO</option>
<option>200-02-Credit Card Purchases/PII-NO</option>
<option>300-07-Time and Attendance/PII-YES</option>
</td>
<td>
<label for="BX_classification">Classification</label>
<select id="BX_classification" name="BX_classification" required="required">
<option>Unclassified</option>
<option>Confidential</option>
<option>Secret</option>
<option>Top Secret</option>
<option>Ridiculous Top Secret</option>
<option>Ludicrous Top Secret</option>
</select>
</td>
<td>
<label for="BX_media">Media</label>
<select id="BX_media" name="BX_media" required="required">
<option>Paper</option>
<option>Shared Drive</option>
<option>Film</option>
<option>Floppy Disk</option>
<option>Mixed</option>
<option>Other</option>
</select>
</td>
</p>
</tr>
</tbody>
</table>
<div class="clear"></div>
</fieldset>
<input class="submit" type="submit" value="File Plan Complete »" />
<div class="clear"></div>
</form>
</body>
</html>
PHP script with foreach loop to loop through the array from index.php and insert into database: InsertFileDetailArrayToDB.php /*
When the user has finished entering their folders, reviewed the form inputs for accuracy and clicks the submit button, this will loop through all folder entries and using the SQL insert into query will place them in the database. When it completes data insertion it will redirect the user back to the file detail input form*/
<?php
/*this part requires the user to be logged in and allows their user name to be included in the insert into query.
If you remove the "ob_start();" piece it will screw up the header statement down at the botton.
See the comments by the header statement for an explanation of its purpose*/
ob_start();
session_start();
if(!isset($_SESSION['myusername'])) {
header('Location:index.php')
}
/*these two lines would ordinarily display the user name and a link a
allowing the user to log out. However this php script does not output anything
so the user will never it.*/
echo $_SESSION['myusername'];
echo '<a href="logout.php"><span>Logout</span></a></li>';
?>
<?php
/*this include statement connects this script to the MySQL database
so the user form inputs can be inserted into the file_plan_details
table*/
include ('database_connection.php');
foreach($_POST['BX_NAME'] as $row=>$BX_NAME)
{
$BX_NAME1 = mysql_real_escape_string($_POST['BX_NAME');
$officecode1 = mysql_real_escape_string($_POST['officecode'][$row]);
$username1 = mysql_real_escape_string($_SESSION['myusername'][$row]);
$day1 = mysql_real_escape_string($_POST['day'][$row]);
$month1 = mysql_real_escape_string($_POST['month'][$row]);
$year1 = mysql_real_escape_string($_POST['year'][$row]);
$creator1 = mysql_real_escape_string($_POST['creator'][$row]);
$officechief1 = mysql_real_escape_string($_POST['officechief'][$row]);
$status1 = mysql_real_escape_string($_POST['status'][$row]);
$BX_fileseries1 = mysql_real_escape_string($_POST['BX_fileseries'][$row]);
$BX_classification1 = mysql_real_escape_string($_POST['BX_classification'][$row]);
$BX_media1 = mysql_real_escape_string($_POST['BX_media'][$row]);
$fileplandetailinsert1 = "INSERT INTO file_plan_details (folder_name, office_code, user_name, day, month, year, creator, office_chief, status, file_series, classification, media)
VALUES ('$BX_NAME1','$officecode1','$username1','$day1','$month1','$year1','$creator1','$officechief1','$status1','$BX_fileseries1','$BX_classification1','$BX_media1')";
mysql_query($fileplandetailinsert1);
}
/*this header statement redirects the user back to the folder detail input form after it inserts data into the db
After I build a main navigation page, I will switch out index.php with whatever I name
the script that will produce the main navigation page*/
header('Location:index.php');
?>
script.js
function addRow(tableID) {
var table = document.getElementById(tableID);
var rowCount = table.rows.length;
if(rowCount < 10000){ // limit the user from creating fields more than your limits
var row = table.insertRow(rowCount);
var colCount = table.rows[0].cells.length;
for(var i=0; i<colCount; i++) {
var newcell = row.insertCell(i);
newcell.innerHTML = table.rows[0].cells[i].innerHTML;
}
}else{
alert("Maximum Passenger per ticket is 5.");
}
}
function deleteRow(tableID) {
var table = document.getElementById(tableID);
var rowCount = table.rows.length;
for(var i=0; i<rowCount; i++) {
var row = table.rows[i];
var chkbox = row.cells[0].childNodes[0];
if(null != chkbox && true == chkbox.checked) {
if(rowCount <= 1) { // limit the user from removing all the fields
alert("Cannot Remove all the Passenger.");
break;
}
table.deleteRow(i);
rowCount--;
i--;
}
}
}
Edited by mac_gyver, 17 December 2014 - 01:13 PM. code tags around posted code please So, I have two forms.. One for displaying a submitted name. And one for displaying an array of submitted words. At the very top of my index.php, I have: Code: [Select] <?php session_start(); And only in my Second form, for displaying array of words, I've put a 'clear' button to clear the array, which works : Code: [Select] elseif (isset($_POST['reset'])) { $_SESSION['words'] = ''; unset($_SESSION['words']); session_destroy(); } Problem: When I've submitted a name in the First form, and then submit a word in the Second form, the name of the First form disappears! This is also happening the other way, as well as using the reset button for the Second form. Should I use Two Sessions? Is this possible? And how do I do it? Thanks. I am having a very strange issue on one server. I have the same code in a development server running fine, but in my prod server it is failing. Here is the main issue: I have a user authentication routine that accepts UserID and Password from a form and validates it against a MySQL database. So to start, UserId and Password are entered via POST variables as is standard: $UserId=@$_POST['UserId']; $Password=@$_POST['Password']; The Password is encrypted using a standard crypt method such as: $encrypt = crypt($Password,'6!68$7435!'); And this is stored in a MySQL database. This part is working fine, that is, the password is encrypted in value and stored in the MySQL database as 'epasswd'. On login, I am using session, so a standard session_start() and eventual session_destroy() on logout are used. The reason I mention this is because I suspect my issue is session related. So normally this works well. User logs in and I check credentials as follows in one part of my auth routine: elseif(UserAuth($UserId,$Password)){ $UserLogin=$UserId; session_start(); $_SESSION['UserLogin'] = $UserLogin; sql_insertActivity(); header("Location: home.php"); And the auth routine is as follows: <? function UserAuth($UserId,$Password){ global $conn; $Stmt="select epasswd from Users where UserId='$UserId' and Approved='1' or Approved='-1' or Approved='-2'"; $Result = mysql_query($Stmt, $conn) or die(mysql_error()); $Result=mysql_fetch_row($Result); $epasswd=$Result[0]; $retval=($epasswd==crypt($Password,$epasswd)); return($retval); } ?> So I am checking for a valid UserID and Password on form input, and I have a few other variables set for approved status. The retval checks the password they enter versus the encrypted value for a match. This usually works well. Then login occurs and session started, etc. Here is the issue. I added a quick admin routine a little while ago which helps reset a user's password to a temporary value. Once this value is set, along with a setting of approved=-1 in my database, then the user is re-directed to a Change Password screen to update his or her password. *Note: I changed the value to 'Charlie' for this discussion purpose. Here is that quick admin routine I run when I need to change a User to a temp setting: // ----- Establish database connection ----- require "../inc_php/inc_mysql_prod.php"; // $UserId=@$_GET['UserId']; $Password='Charlie'; $encrypt = crypt($Password,'6!68$7435!'); $sql = "UPDATE Users set epasswd='$encrypt', approved='-1' where UserId='$UserId'"; mysql_query($sql, $conn) or die(mysql_error()); So this does work as I validate the UserID is updated in the MySQL database along with an encrypted value for 'Charlie'. However, this is where things breakdown going forward. When the user logs in with the temp credentials, and enters in the Change password routine, their new password is saved in the table. However, when logging back in with the new credentials, the new password is not valid. And what's odd is that 'Charlie', the temp password, works for them on login and nothing else, no matter how many times they change the password in the form. So seems a case of session management out of control? What is the issue? I am defining session on all Php pages used, and have a logout to destroy session, etc. The temp password routine is something I run as an admin in the system and it doesn't have a session start statement. And I am not defining any global vars for Password. I lloked into session management and tried some UNSET paths and such, but may not be doing this correctly. Also I did a complete stop apache, remove all php sess_ files, restart and to no avail. I tried the clear my client side cookies deal in the browser, and still the same problem. What is odd is that this same set of code works fine on my other server, but breaks down on the mirrored server. They are essentially twins in all setup. Some minor differences between the two servers regarding PHP setup that might(?) make a difference. DEV server: SERVER_SOFTWARE Apache/2.2.3 (Red Hat) PROD server: (server showing the issues): SERVER_SOFTWARE Apache/2.2.3 (CentOS) HTTP_COOKIE PHPSESSID=3gocr0hhelvsjjlt63pp4qlnp3 _REQUEST["PHPSESSID"] 3gocr0hhelvsjjlt63pp4qlnp3 _COOKIE["PHPSESSID"] 3gocr0hhelvsjjlt63pp4qlnp3 _SERVER["HTTP_COOKIE"] PHPSESSID=3gocr0hhelvsjjlt63pp4qlnp3 Thanks appreciate the help! -Eddie I am a little experienced with PHP sessions, but not totally as I haven't got my head completely around its logic yet, as your about to see. I wonder wondering how I can go about adding a session entity from a HTML form input? I'm guessing it will be something like: $_POST['name'] => $_SESSION['delivery']['name']; Then, to echo the session entity, you would simply do something like: echo $_SESSION['delivery']['name']; ? Hi A part of my site allows users to send messages to other users. When a member is logged on, they see a panel on the left with a link to the messages page. If there is a message they have not seen, it looks like messages(1). As this panel is on every page, the message(1) is displayed on every page. My question is a general one which i've always wondered about - I determine whether all messages have been read or not from the database. Should I go once to the database when user logs on, and save this value to a session, or should i go to the database each time the member goes to a new page.... The reason I ask is because I am saving a lot of data in the session already so where do I draw the line between saving stuff to a session and just repeatedly going to the database.. I have these two files and I need to solve the problem that I need the user data in the role column to be taken when logging in. I have written it so that the data can be extracted from the database, but it does not work for me that it is “forwarded” from process.php to admin.php . Please don’t know what the error is that the admin.php file doesn’t want to load $ _SESSION['Role'] from process.php ? Thanks to everyone for helping and here is the code: process.php
<?php
require_once('connect.php');
session_start();
if(isset($_POST['Login']))
{
if(empty($_POST['Username']) || empty($_POST['Password']))
{
header("location:index.php?Empty= Please Fill in the Blanks");
}
else
{
$query="select * from role_test where Username='".$_POST['Username']."' and Password='".md5($_POST['Password'])."'";
$result=mysqli_query($con,$query);
if(mysqli_fetch_assoc($result))
{
$_SESSION['User']=$_POST['Username'];
while($row = mysqli_fetch_array($result) ){
$_SESSION['Role']=$row['role'];
}
header("location:admin.php");
}
else
{
header("location:index.php?Invalid= Please Enter Correct User Name and Password ");
}
}
}
else
{
echo 'Not Working Now Guys';
}
?>
admin.php
<?php
session_start();
if(!(isset($_SESSION['User'])))
{
header("Location: index.php");
exit(0);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Role</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
</head>
<body>
<?php
$_SESSION['Role']=$role;
echo $role;
?>
</body>
</html>
Hey guys, I'm working a project that requires sessions be stored within the database, as the project I'm working on is on a shared host. But I'm having a problem with getting the data of a session in the database, the other fields like session_id, session_updated, session_created are working fine. I think I've got a bug in my code, but I just can't detect it (frustrating). Database connection class db extends mysqli { private $host; private $user; private $pass; private $db; function __construct( $host='localhost', $user='user', $pass='pass', $db='website' ) { $this -> host = $host; $this -> user = $user; $this -> pass = $pass; $this -> db = $db; parent::connect( $host, $user, $pass, $db ); if( mysqli_connect_error( ) ) { die( 'Connection error ('.mysqli_connect_errno( ).'): '.mysqli_connect_error( ) ); } } function __destruct( ) { $this -> close( ); } } Session handler class sessionHandler { private $database; private $dirName; private $sessTable; private $fieldArray; function sessionHandler() { // save directory name of current script $this -> database = new db; $this -> dirName = dirname(__file__); $this -> sessTable = 'sessions'; } function open( $save_path, $session_name ) { return TRUE; } function close() { //close the session. if ( !empty( $this -> fieldarray ) ) { // perform garbage collection $result = $this->gc( ini_get ( 'session.gc_maxlifetime' ) ); return $result; } return TRUE; } function read( $session_id ) { $sql = " SELECT * FROM sessions WHERE session_id=( '$session_id' ) LIMIT 1 "; $result = $this -> database -> query( $sql ); if( $result -> num_rows > 0 ) { $data = $result -> fetch_array( MYSQLI_ASSOC ); $this -> fieldArray = $data; $result -> close(); return $data; } return ""; } function write( $session_id, $session_data ) { //write session data to the database. if ( !empty( $this -> fieldArray ) ) { if ( $this -> fieldArray['session_id'] != $session_id ) { // user is starting a new session with previous data $this -> fieldArray = array(); } } $this -> fieldArray['session_id'] = $session_id; $this -> fieldArray['session_data'] = $session_data; $this -> fieldArray['session_updated'] = time(); $this -> fieldArray['session_created'] = time(); $session_id = $this -> database -> escape_string( $session_id ); $session_data = $this -> database -> escape_string( $session_data ); $session_updated = time(); $session_created = time(); $sql = " INSERT INTO sessions ( session_id, session_data, session_updated, session_created ) VALUES ( '$session_id', '$session_data', '$session_updated', '$session_created' ) "; if( $this -> database -> query( $sql ) !== TRUE ) { return FALSE; } return TRUE; } function destroy( $session_id ) { $sql = " DELETE FROM sessions WHERE session_id=('$session_id') "; if( $this -> database -> query( $sql ) !== TRUE ) { return FALSE; } return TRUE; } function gc( $max_lifetime ) { return TRUE; } function __destruct() { //ensure session data is written out before classes are destroyed //(see http://bugs.php.net/bug.php?id=33772 for details) @session_write_close(); } } The call $session_class = new sessionHandler; session_set_save_handler( array( &$session_class, 'open' ), array( &$session_class, 'close' ), array( &$session_class, 'read' ), array( &$session_class, 'write' ), array( &$session_class, 'destroy' ), array( &$session_class, 'gc' ) ); if( !session_start() ) { exit(); } Any help at all would be appreciated. Kind Regards Mike Hi, I'm working with sessions for the first time and have been able to put a member's id into the database. However, when I try and put their display name into the database I got a message saying Unknown column 'xyz' in 'field list' xyz was the display name for the session. Just can't seem to see what I'm doing wrong. In the code below, I even tried changing $_SESSION['member_display_name'] to $_SESSION['member_id'], in which case the correct id was inserted into both the member_id and the member_display_name fields in the database, so I know the table is set up correctly. Any tips? Code: [Select] //**********************SEND TO DATABASE**************************** include 'mysql_connect.php'; $query = "INSERT INTO uploads (date, member_id, upload_name, upload_title, upload_type, subject, topic, year, status, keywords, description, member_display_name, firstname, lastname)" . "VALUES (NOW(), ".$_SESSION['member_id'] . ",'$upload_nameX', '$upload_title', '".$EXPLODED_STRING[1]."', '$subject', '$topic', '$year', '$status', '$keywords', '$description', ".$_SESSION['member_display_name'] . ", '$firstname', '$lastname')"; //if($query){echo 'data has been placed'} mysql_query($query) or die(mysql_error()); $upload_id = mysql_insert_id(); //***********************END OF DATABASE CODE*********************** Anyone could help or giude how to secure this script by storing session into database?
login.php
<?php
//Start session
session_start();
//Include database connection details
require_once('config.php');
//Get ip
function get_client_ip() {
$ipaddress = '';
if ($_SERVER['HTTP_CLIENT_IP'])
$ipaddress = $_SERVER['HTTP_CLIENT_IP'];
else if($_SERVER['HTTP_X_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
else if($_SERVER['HTTP_X_FORWARDED'])
$ipaddress = $_SERVER['HTTP_X_FORWARDED'];
else if($_SERVER['HTTP_FORWARDED_FOR'])
$ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
else if($_SERVER['HTTP_FORWARDED'])
$ipaddress = $_SERVER['HTTP_FORWARDED'];
else if($_SERVER['REMOTE_ADDR'])
$ipaddress = $_SERVER['REMOTE_ADDR'];
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);
$ip = get_client_ip();
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
/* if($login != '' || $password != '') {
if($login !='admin' && $ip !=''.$log_ip.''){
$errmsg_arr[] = 'Your IP <b>'.$ip.'</b> is not recognized...';
$errflag = true;
}
}
*/
//If there are input validations, redirect back to the login form
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
//header("location: index.php");
echo ('<meta http-equiv="refresh" content="0;url=index.php">');
exit();
}
//Create query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".$_POST['password']."'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
session_regenerate_id();
$member = mysql_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
$_SESSION['SESS_LOGIN_NAME'] = $member['login'];
$_SESSION['SESS_PASS'] = $member['passwd'];
session_write_close();
//header("location: member-index.php");
echo ('<meta http-equiv="refresh" content="0;url=member-index.php">');
exit();
}else {
//Login failed
//header("location: login-failed.php");
echo ('<meta http-equiv="refresh" content="0;url=login-failed.php">');
exit();
}
}else {
die("Query failed");
}
?>
auth.php (included on top of all php pages
<?php
//Start session
session_start();
//Check whether the session variable SESS_MEMBER_ID is present or not
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
//header("location: access-denied.php");
echo ('<meta http-equiv="refresh" content="0;url=access-denied.php">');
exit();
}
?>
Well, I have been able to create a registration and login page. Now I am trying to make an "Edit Profile" page but I can't seem to be able to pull up their primary key field which is called "userID" and I need help doing this. How would I get it from the MySQL database? Hello all, I have an error handler that I need to append messages to (First name not right, Last name not right, etc) I'm using a session array to handle all error messages titled GORB. How come this code won't work? $_SESSION['GORB']['message'][] = "First name wrong"; $_SESSION['GORB']['message'][] = "Last name wrong"; How can I get it to work? I already have the handler output written and functioning fine, I just need to get it to loop over an array of errors instead of just one. Came a long way with the code since Friday and have another issue.
I can echo the session username on my pages but not into the insert command to the database. I need this so when a user logs in only their data will be seen. Here is the code pages.
Here is the page code this does echo the username
Logged in as <?php echo "$username"; ?>
<?php
// Start session
session_start() ;
$username = $_SESSION['username'];
// Include required functions file
require_once('include/db/functions.inc.php') ;
// Check login status ... if not logged in, redirect to login screen
if (check_login_status() == false) {
redirect('login.php') ;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Add A New Tank(WAD)</title>
<style type="text/css"></style>
</head>
<body>
<p align="center"><a href="../test/index.php">Home</a> | <a href="../test/register.php">Register</a> | <a href="../test/login.php">Login</a> | <a href="../test/tank.php">Add Tank</a> | <a href="../test/fish.php">Add Fish</a> | <a href="../test/plants.php">Add Plants</a> | <a href="../test/water-test.php">Add Water Test</a> | <a href="../test/include/login/logout.inc.php">Logout</a></p></p>
<p>Logged in as <?php
echo "$username";
?> </p>
<table width="810" border="2" align="center">
<tr>
<td>
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="center" bgcolor="#FFFFFF" scope="col"><h2><b>Your Tanks(WAD)</b></h2></td>
</tr>
<form action="/test/include/tank/tank.inc.php" method="post" name="tank" id="tank">
<table border="2" align="center" cellpadding="0">
<tr>
<td><div align="left"><b>Tank Name: </b> </div></td>
<td><div align="left">
<input type="text" name="tankname" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Date Filled With Water: </b> </div></td>
<td><div align="left">
<input type="text" name="date" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Length: </b> </div></td>
<td><div align="left">
<input type="text" name="length" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Depth: </b> </div></td>
<td><div align="left">
<input type="text" name="depth" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Height: </b> </div></td>
<td><div align="left">
<input type="text" name="height" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Volume: </b> </div></td>
<td><div align="left">
<input type="text" name="volume" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Type of Tank: </b> </div></td>
<td><div align="left">
<input type="text" name="type" size="25" />
</div></td>
</tr>
<tr>
<td></div></td></tr>
<tr>
<td><div align="left"><b>Notes: </b> </div></td>
<td><div align="left">
<p>
<textarea name="notes" cols="50" rows="10"></textarea>
</p>
</div></td>
</tr>
<tr>
<th colspan="2"><p>
<input type="submit" value="Add New Tank" />
</p></th>
</tr>
</table>
</form>
<tr>
<td align="center" valign="top" bgcolor="#FFFFFF"><div align="center"><font size="2"> © 2014 <a href="http://www.pctechtime.com">PC TECH TIME</a> </font> </div></td>
</tr>
</table>
<tr>
<td></td></td></tr>
<tr>
<td></tr></td></tr>
</table>
</body>
</html>
This is tank.inc.php which works except for the username being inserted into the database. I did try removing the mysqli_close($con); but that didn't help. I did have it working when I removed the mysqli_close($con); but then I logged out and then back in and it stopped?
<?php
include_once "../../../test/include/db/db.inc.php";
// escape data and set variables
$tankname = mysqli_real_escape_string($con, $_POST['tankname']);
$date = mysqli_real_escape_string($con, $_POST['date']);
$length = mysqli_real_escape_string($con, $_POST['length']);
$depth = mysqli_real_escape_string($con, $_POST['depth']);
$height = mysqli_real_escape_string($con, $_POST['height']);
$volume = mysqli_real_escape_string($con, $_POST['volume']);
$type = mysqli_real_escape_string($con, $_POST['type']);
$notes = mysqli_real_escape_string($con, $_POST['notes']);
$username = $_SESSION['username'];
// # setup SQL statement
$sql="INSERT INTO tank (tankname, username, date, length, depth, height, volume, type, notes)
VALUES ('$tankname', '$username', '$date', '$length', '$depth', '$height', '$volume', '$type', '$notes')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo 'New Tank Added ';
mysqli_close($con);
?>
I'm helping out a friend who owns a boarding kennel. She would like an online site where she or a client can register, add their dogs to their profile and other info. I know CSS and HTML but have very, very little experience in PHP, I figured it would be fun to give this a try and learn something new. So far I've managed to create a register and log in area, and now I'm trying to make it possible for someone to add a dog breed from a drop down list to their "page" after they've logged in. I cannot get the data to insert into that specific user's table. I'm trying to use the session id and session username as the variable, and this is where the problem comes in. If I type the userid and the username out then the data will update fine...but that's not practical. I need it to know which user is logged in and update them accordingly. Anyway, what I'm typing here makes sense in my head but I've been staring at this computer all day and it's possible I'm way out in left field, so here's the code to see for yourself. (chances are it's something totally obvious....or I have stuff in there that doesn't belong, I haven't a clue.) Thank you in advance to anyone willing to help me out! The form <?php session_start(); $_SESSION['userid']=$userid;?> <html><body> <h4></h4> <form action="process.php" method="post"> <select name="breed" id="breed"> <option value="collie">Collie</option> <option value="aussie">Aussie</option> </select> <select name="sex"> <option>Dog</option> <option>Bitch</option> </select> <input type="submit" /> </form> </body></html> The php for that form <?php session_start(); $_SESSION['userid']=$userid; $_SESSION['Username']=$username;?> <html><body> <?php $host="localhost"; // Host name $username="silver_phptest"; // Mysql username $password="bowser"; // Mysql password $db_name="silver_phptestingbase"; // Database name $tbl_name="users"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Get values from form $breed=$_POST['breed']; // Insert data into mysql mysql_query("UPDATE users SET dogs = '$breed' WHERE userID = '$userid'"); // close connection mysql_close(); ?> </body></html> Hola, I'm trying to create a web form to insert info into my database using session variables. I'm at my wits end at this point. The reset button does its job but when you click submit it doesn't do anything. I'm using the template from the lynda.com essential php web form tutorials. Any help would be appreciated Here is the client-side header code I'm working with, <?php header("Expires: Thu, 17 May 2001 10:17:17 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 session_start(); if (!isset($_SESSION['SESSION'])) require ( "include/session_init.php"); $arVal = array(); require_once("include/session_funcs1.php"); // make sure the seesion vars are initialized... reset ($arVal); while (list ($key, $val) = each ($arVal)) { if (!isset($_SESSION[$key])) $_SESSION[$key] = ""; } if ($_SESSION["eventgenre_sel"] == "") $_SESSION["eventgenre_sel"] = 0; // if the bFlg is true then some validation problems in the data. // namely a blank field or a submission without the feedback page. // just present a general error... $flg = ""; $error = ""; if (isset($HTTP_GET_VARS["flg"])) $flg = $HTTP_GET_VARS["flg"]; switch ($flg) { case "red": $error = "<br><font class=\"txt12_red\">Please fill out all the required fields.<br>Please Try Again.<BR></font>"; break; case "blue": $error = "<br><font class=\"txt12_red\">Your Session has Expired.<br>Please Try Again.</font><BR>"; break; case "pink": $error = "<br><font class=\"txt12_red\"><BR>The Special Code you entered is not valid.<br>Please Try Again or Leave that field blank.</font><BR>"; break; case "white": $error = "<br><font class=\"txt12_red\"><BR>The fields are too long for our Database.<br>Please correct your data via this form.</font><BR>"; break; default: $error = ""; } ?> <?php echo $_SERVER['SCRIPT_NAME']."<BR>"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="stylesheet" type="text/css" href="detect800.css"/> <link rel="stylesheet" type="text/css" href="detect1024.css"/> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript" src="detect.js"></script> <link href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.2/themes/base/ui.all.css" rel="stylesheet" type="text/css" /> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js" type="text/javascript"></script> <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.0/jquery-ui.min.js" type="text/javascript"></script> <script src="jquery.ui.datetimepicker.js" type="text/javascript"></script> <script type="text/javascript"> $(function() { $('#eventdate').datetimepicker(); }); </script> <script src="imageflow.js" type="text/javascript"></script> <script src="highslide-full.js" type="text/javascript"></script> <script src="autosuggest.js" type="text/javascript"></script> <script type="text/javascript"> hs.graphicsDir = 'graphics/'; </script> <script language="javascript"> function SubmitForm() { var form = document.forms[0]; var bRequired = true; if((form.eventname.value.length < 1) || (form.eventvenue.value.length < 1) || (form.eventdate.value.length < 1) || (form.eventgenre.value.length < 1) || (form.eventprice.value.length < 1) || (form.eventpromoter.value.length < 1) || (form.eventflyer.value.length < 1)) { alert("Please fill out all the required fields."); bRequired = false; } if (!bRequired) return false; form.eventgenre_sel.value = form.state.selectedIndex; form.submit(); } function ResetForm() { var form = document.forms[0]; form.eventname.value = ""; form.eventvenue.value = ""; form.eventdate.value = ""; form.eventgenre.value = ""; form.eventprice.value = ""; form.eventpromoter.value = ""; form.eventflyer.value = ""; form.eventgenre_sel.value = ""; } </script> </head> This is the client side form code <form action="scripts/register.php" method="post" name="userevent" id="userevent"> <input name="eventgenre_sel" type="hidden" id="eventgenre_sel" value="<?php echo $_SESSION['eventgenre_sel'] ?>" /> <?php echo $error; ?> <fieldset> <label for="eventname" accesskey="n" ><span>Event Name</span> <input type="text" name="eventname" id="eventname" value="<?php echo $_SESSION['eventname_sel'] ?>" size="32" maxlength="30" /></label> <div id="autosuggest"><ul><li></li></ul></div> <label for="eventvenue" accesskey="v" ><span>Event Venue</span> <input type="text" name="eventvenue" id="eventvenue" size="32" value="<?php echo $_SESSION['eventvenue'] ?>" maxlength="30" /></label> <script type="text/javascript"> var venues = new Array("Republik", "HiFi Club", "Bamboo Tiki Room", "Tantra", "Jubilee Auditorium", "Ironwood Stage & Grill", "Broken City", "Soda", "Amsterdam Rhino", "Olympic Plaza", "Stampede Casino", "Habitat Living Sound", "Cantos Music Foundation", "Flames Central", "Prince's Island Park", "Beat Niq Jazz & Social Club", "Giuseppe's Italian Market", "BLVD", "Fourth on 4th", "Opus on 8th", "Local 510", "Local 522", "Raw Bar", "Jupiter Restaurant & Bar", "Vern's", "Lord Nelson's", "Kings Head Pub", "Blind Beggar Pub", "Viscous Circle", "Milk Tiger Lounge", "Pengrowth Saddledome", "Tubby Dog", "Marquee Room", "Distillery Public House", "Cafe Koi", "Mikey's Juke Joint & Eatery", "Palomino", "Atlantic Trap & Gill", "Drake Inn", "Radiopark Music Room", "Rusty Cage South", "Big Al's Good Times Bar", "Rose & Crown", "Tudor Rose Pub", "Elbow River Casino & Lounge", "Rusty Cage Central", "Rusty Cage South", "Rusty Cage North", "Olive Grove", "Shamrock Hotel", "Woody's Taphouse Southland", "Woody's Taphouse Country Hills", "Murrieta's West Coast Bar & Grill", "Stageline Saloon", "Pig & Pint", "Ranchman's", "Red Pepper Pub", "Stavro's Steak House & Lounge Ranchlands", "Stageline Saloon", "Whiskey"); new AutoSuggest(document.getElementById("eventvenue"),venues); </script> <label for="eventdate" accesskey="d" ><span>Event Date</span> <input type="text" name="eventdate" id="eventdate" value="<?php echo $_SESSION['eventdate'] ?>" size="32" maxlength="30" /></label> <label for="eventgenre" accesskey="g" ><span>Event Genre</span> <select name="eventgenre" id="eventgenre"> <option value="none">--select one--</option> <option value="HipHop">Hip-Hop</option> <option value="Funk">Funk</option> <option value="Soul">Soul</option> <option value="Metal">Metal</option> <option value="Punk">Punk</option> <option value="Blues">Blues</option> <option value="Jazz">Jazz</option> <option value="Trance">Trance</option> <option value="Breaks">Breaks</option> <option value="Electro">Electro</option> <option value="House">House</option> <option value="DNB">Drum'N'Bass</option> <option value="Dubstep">Dubstep</option> <option value="Lounge">Lounge</option> <option value="Top40">Top 40</option> </select> </label> <label for="eventprice" accesskey="p" ><span id="eventprice">Event Price</span> <input type="text" name="eventprice" id="eventprice" value="<?php echo $_SESSION['eventprice'] ?>" size="6" maxlength="4"/></label> <label for="eventpromoter" accesskey="c" ><span id="eventpromoter">Event Promoter</span> <input type="text" name="eventpromoter" id="eventpromoter" value="<?php echo $_SESSION['eventpromoter'] ?>" size="25" maxlength="23"/></label> <label for="eventflyer" accesskey="f" ><span id="eventflyer">Event Flyer (jpg or png MAX 300kb)</span> <input type="file" name="eventflyer" id="eventflyer" value="<?php echo $_SESSION['eventflyer'] ?>" size="25" maxlength="23"/></label> <input type="button" name="Reset" value="Reset" onclick="ResetForm();"> <input type="button" name="Submit" value="Submit" onsubmit="return validateForm(this);" onclick="SubmitForm(); return false; " > </fieldset> </form> <script language="javascript"> // set the selection box values... var form = document.forms[0]; form.eventgenre.selectedIndex = parseInt("<?php echo $_SESSION['eventgenre_sel'] ?>"); </script> And this is the server-side code. <?php $debug = FALSE; /************************************************************ Adjust the headers... ************************************************************/ header("Expires: Thu, 17 May 2001 10:17:17 GMT"); // Date in the past header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified header ("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header ("Pragma: no-cache"); // HTTP/1.0 /***************************************************************************** Check the session details. we will store all the post variables in session variables this will make it easier to work with the verification routines *****************************************************************************/ session_start(); if (!isset($_SESSION['SESSION'])) require_once( "include/session_init.php" ); $arVal = array(); require_once("include/session_funcs1.php"); reset ($_POST); while (list ($key, $val) = each ($_POST)) { if ($val == "") $val = "NULL"; $arVals[$key] = (get_magic_quotes_gpc()) ? $val : addslashes($val); if ($val == "NULL") $_SESSION[$key] = NULL; else $_SESSION[$key] = $val; if ($debug) echo $key . " : " . $arVals[$key] . "<br>"; } /********************************************************************************************** Make sure session variables have been set and then check for required fields otherwise return to the registration form to fix the errors. **********************************************************************************************/ // check to see if these variables have been set... if ((!isset($_SESSION["eventname"])) || (!isset($_SESSION["eventvenue"])) || (!isset($_SESSION["eventdate"])) || (!isset($_SESSION["eventgenre"])) || (!isset($_SESSION["eventprice"])) || (!isset($_SESSION["eventpromoter"])) || (!isset($_SESSION["eventflyer"]))) { resendToForm("?flg=red"); } // form variables must have something in them... if ($_SESSION['eventname'] == "" || $_SESSION['eventvenue'] == "" || $_SESSION['eventdate'] == "" || $_SESSION['eventgenre'] == "" || $_SESSION['eventprice'] == "" || $_SESSION['eventpromoter'] == "" || $_SESSION['eventflyer'] == "") { resendToForm("?flg=red"); } // make sure fields are within the proper range... if (strlen($_SESSION['eventname']) > 35 || strlen($_SESSION['eventvenue']) > 35 || strlen($_SESSION['eventdate']) > 35 || strlen($_SESSION['eventgenre']) > 35 || strlen($_SESSION['eventprice']) > 35 || strlen($_SESSION['eventpromoter']) > 35 || strlen($_SESSION['eventflyer']) > 35 ) { resendToForm("?flg=white"); } /********************************************************************************************** Insert into the database... **********************************************************************************************/ $query = "INSERT INTO td_events (seventname, seventvenue, seventdate, seventgenre, seventprice, seventpromoter, seventflyer) " ."VALUES (".$arVals['eventname'].", ".$arVals['eventvenue'].", ".$arVals['eventdate'].", ".$arVals['eventgenre'] .", ".$arVals['eventprice'].", ".$arVals['eventpromoter'].", ".$arVals['eventflyer'].")"; //echo $query; $result = mysql_query($query) or die("Invalid query: " . mysql_error() . "<br><br>". $query); $insertid = mysql_insert_id(); /*** This following function will update session variables and resend to the form so the user can fix errors ***/ function resendToForm($flags) { reset ($_POST); // store variables in session... while (list ($key, $val) = each ($_POST)) { $_SESSION[$key] = $val; } // go back to the form... //echo $flags; header("Location: ./user_registration.php".$flags); exit; } ?> <p>SUCCESS!<br> The event was entered in the database!<br> You probably want to redirect to a thank you page or send an email to the user for confirmation.<br> <br> <br> Here are the variables...<br> <?php reset ($arVals); while (list ($key, $val) = each ($arVals)) { echo $key . " : " . $arVals[$key] . "<br>"; } echo "<br><br>The SQL Statment was:<br>"; echo $query."<br><br><br><br>"; ?> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <p> </p> <?php /********************************************************************************************** CREATES THUMBNAIL **********************************************************************************************/ //define a maxim size for the uploaded images define ("MAX_SIZE","1024"); // define the width and height for the thumbnail // note that theese dimmensions are considered the maximum dimmension and are not fixed, // because we have to keep the image ratio intact or it will be deformed define ("WIDTH","500"); define ("HEIGHT","650"); // this is the function that will create the thumbnail image from the uploaded image // the resize will be done considering the width and height defined, but without deforming the image function make_thumb($img_name,$filename,$new_w,$new_h) { //get image extension. $ext=getExtension($img_name); //creates the new image using the appropriate function from gd library if(!strcmp("jpg",$ext) || !strcmp("jpeg",$ext) || !strcmp("JPG",$ext)) $src_img=imagecreatefromjpeg($img_name); if(!strcmp("png",$ext) || !strcmp("PNG",$ext)) $src_img=imagecreatefrompng($img_name); //gets the dimmensions of the image $old_x=imageSX($src_img); $old_y=imageSY($src_img); // next we will calculate the new dimmensions for the thumbnail image // the next steps will be taken: // 1. calculate the ratio by dividing the old dimmensions with the new ones // 2. if the ratio for the width is higher, the width will remain the one define in WIDTH variable // and the height will be calculated so the image ratio will not change // 3. otherwise we will use the height ratio for the image // as a result, only one of the dimmensions will be from the fixed ones $ratio1=$old_x/$new_w; $ratio2=$old_y/$new_h; if($ratio1>$ratio2) { $thumb_w=$new_w; $thumb_h=$old_y/$ratio1; } else { $thumb_h=$new_h; $thumb_w=$old_x/$ratio2; } // we create a new image with the new dimmensions $dst_img=ImageCreateTrueColor($thumb_w,$thumb_h); // resize the big image to the new created one imagecopyresampled($dst_img,$src_img,0,0,0,0,$thumb_w,$thumb_h,$old_x,$old_y); // output the created image to the file. Now we will have the thumbnail into the file named by $filename if(!strcmp("png",$ext)) imagepng($dst_img,$filename); else imagejpeg($dst_img,$filename); //destroys source and destination images. imagedestroy($dst_img); imagedestroy($src_img); } // This function reads the extension of the file. // It is used to determine if the file is an image by checking the extension. function getExtension($str) { $i = strrpos($str,"."); if (!$i) { return ""; } $l = strlen($str) - $i; $ext = substr($str,$i+1,$l); return $ext; } // This variable is used as a flag. The value is initialized with 0 (meaning no error found) // and it will be changed to 1 if an error occurs. If the error occurs the file will not be uploaded. $errors=0; // checks if the form has been submitted if(isset($_POST['Submit'])) { //reads the name of the file the user submitted for uploading $image=$_FILES['eventflyer']['name']; // if it is not empty if ($image) { // get the original name of the file from the clients machine $filename = stripslashes($_FILES['eventflyer']['name']); // get the extension of the file in a lower case format $extension = getExtension($filename); $extension = strtolower($extension); // if it is not a known extension, we will suppose it is an error, print an error message // and will not upload the file, otherwise we continue if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "JPG") && ($extension != "PNG") && ($extension != "png")) { echo '<h1>Unknown extension!</h1>'; $errors=1; } else { // get the size of the image in bytes // $_FILES[\'image\'][\'tmp_name\'] is the temporary filename of the file in which // the uploaded file was stored on the server $size=getimagesize($_FILES['eventflyer']['tmp_name']); $sizekb=filesize($_FILES['eventflyer']['tmp_name']); //compare the size with the maxim size we defined and print error if bigger if ($sizekb > MAX_SIZE*500) { echo '<h1>You have exceeded the size limit!</h1>'; $errors=1; } //we will give an unique name, for example the time in unix time format $image_name=$filename; //the new name will be containing the full path where will be stored (images folder) $newname="flyers/".$image_name; $copied = copy($_FILES['eventflyer']['tmp_name'], $newname); //we verify if the image has been uploaded, and print error instead if (!$copied) { echo '<h1>Copy unsuccessfull!</h1>'; $errors=1; } else { // the new thumbnail image will be placed in images/thumbs/ folder $thumb_name='flyers/thumb_'.$image_name; // call the function that will create the thumbnail. The function will get as parameters // the image name, the thumbnail name and the width and height desired for the thumbnail $thumb=make_thumb($newname,$thumb_name,WIDTH,HEIGHT); }} }} //If no errors registred, print the success message and show the thumbnail image created if(isset($_POST['Submit']) && !$errors) { echo "<h1>Thumbnail created Successfully!</h1>"; echo '<img src="'.$thumb_name.'">'; } ?> This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=343257.0 Unfortunately I have no code for this yet cuz I don;t even know if its possible... I am programming an application that is used by a couple of stores, which could end up being a lot of stores. Anyways, the basis is that the stores would, though a separate application (and therefore separate database) create a username and password, I now want to use this username and password to do the following 1. Allow them to login to my application using the same username and password 2. I want the store the username in a session to pull tables based on the username from my database For instance, a user has the login store123, after loggin in it now pulls the information from the tables store123_items, store123_prices, store123_settings, etc. Now my database will have quite a lot of store###_tables I am, sadly, a noobie to PHP and I do recall seeing an article (somewhere on the net, and I stupidly forgot to bookmark it, knowing I would need it eventually) on how to access multiple databases easily. Now because they are both under my account I can use the same username and password for both, its accessing the MySQL username/password database and storing the info I know I am lacking on how to do it. Any ideas? how do i set a session array? e.g. set session with variable $value = 13. then set the next $value = 15 . = 13 and [1]=15 how do i set this session. up? so it keeps on updating the array why is it that i have to click add to cart 2 time inorder for the eventname and eventinfo to show up if i click one time it add to the cart but it shows nothing Code: [Select] <?php //if user attempts to add something to the cart if (isset($_POST['tid'])) { $tid = $_POST['tid']; $howmany = $_POST['howMany']; $wasFound = false; $i = 0; // If the cart session variable is not set or cart array is empty if (!isset($_SESSION["cart"]) || count($_SESSION["cart"]) < 1) { // RUN IF THE CART IS EMPTY OR NOT SET $_SESSION["cart"] = array(1 => array("item_id" => $pid, "quantity" => $howmany)); } else { // RUN IF THE CART HAS AT LEAST ONE ITEM IN IT foreach ($_SESSION["cart"] as $each_item) { $i++; while (list($key, $value) = each($each_item)) { if ($key == "item_id" && $value == $tid) { //there will recive a message $msg = "Item is already in the cart"; $wasFound = true; } // close if condition } // close while loop } // close foreach loop if ($wasFound == false) { array_push($_SESSION["cart"], array("item_id" => $tid, "quantity" => $howmany)); } } header("location: cart.php"); exit(); } ?> <?php //render the cart for the user to view on the page $cartOutput = ""; $cartTotal = ""; $product_id_array = ''; if (!isset($_SESSION["cart"]) || count($_SESSION["cart"]) < 1) { $cartOutput = "<h2 align='center'>Your shopping cart is empty</h2>"; } else { // Start the For Each loop $i = 0; foreach ($_SESSION["cart"] as $each_item) { $item_id = $each_item['item_id']; $sql = mysql_query("SELECT * FROM events WHERE id='$item_id' LIMIT 1"); while ($row = mysql_fetch_array($sql)) { $eventname = $row["eventname"]; $eventinfo = $row["eventinfo"]; $studentsprice = $row["studentsprice"]; } //adding the price of the tickets //getting the total $totalprice = $studentsprice * $howmany; setlocale(LC_MONETARY, "en_US"); //this will amke it so it looks like real money $totalprice = money_format("%10.2n", $totalprice ); $cartOutput = ""; //this is the table the will replace the table row below //this is in order $cartOutput.= "<tr>"; $cartOutput .= "<td>".$eventname."</td>"; $cartOutput .= "<td>".$eventinfo."</td>"; $cartOutput .= "<td>".$studentsprice."</td>"; $cartOutput .= "<td>".$howmany."</td>"; $cartOutput .= "<td>".$totalprice."</td>"; $cartOutput .= "<td>".X."</td>"; $cartOutput .= "</tr>"; } } ?> ok, so I have this code to start with: Code: [Select] <?php session_start(); // Must start session first thing /* Created By Adam Khoury @ www.flashbuilding.com -----------------------June 20, 2008----------------------- */ // Here we run a login check if (!isset($_SESSION['username'])) { echo 'Please <a href="/login.php">log in</a> to access your account'; exit(); } //Connect to the database through our include include_once "connect_to_mysql_1.php"; // Place Session variable 'id' into local variable $username1 = $_SESSION['username']; ?> <?php // Query member data from the database and ready it for display $sql = mysql_query("SELECT hometown, about, month, day, year, id FROM general WHERE user='$username1'"); while($row = mysql_fetch_array($sql)){ $userid = $row["userid"]; $hometown = $row["hometown"]; $about = $row["about"]; $month = $row["month"]; $day = $row["day"]; $year = $row["year"]; $userid1 = $row["id"]; } $sql = mysql_query("SELECT * from sessions WHERE username='$username1'"); while($row = mysql_fetch_array($sql)){ $name1 = $row["name"]; } ?> <?php if($month == "January"){ $month2 =="1";}else if($month =="February"){$month2 =="2";}else if($month =="March"){$month2 =="3";}else if($month =="April"){$month2 =="4";}else if($month =="May"){$month2 =="5";}else if($month =="June"){$month2 =="6";}else if($month =="July"){$month2 =="7";}else if($month =="August"){$month2 =="8";}else if($month =="September"){$month2 =="9";}else if($month =="October"){$month2 =="10";}else if($month =="November"){$month2 =="11";}else if($month =="December"){$month2 =="12";} ?> <?php // Query member data from the database and ready it for display $sql = mysql_query("SELECT * from pics WHERE user='$username1'"); while($row = mysql_fetch_array($sql)){ $link123 = $row["link"]; } ?> <?php if(isset($_SESSION['username'])) { $query = "SELECT sport FROM sports where user ='$username1'"; $result = mysql_query($query) or die('Error : ' . mysql_error()); // create the article list while($row = mysql_fetch_array($result, MYSQL_NUM)) { list($sport) = $row; $cs .= "$sport<br> "; }} ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Untitled Document</title> <script src="SpryAssets/SpryTabbedPanels.js" type="text/javascript"></script> <script language="javascript" type='text/javascript'> function hideDiv() { if (document.getElementById) { // DOM3 = IE5, NS6 document.getElementById('hideShow').style.visibility = 'hidden'; } else { if (document.layers) { // Netscape 4 document.hideShow.visibility = 'hidden'; } else { // IE 4 document.all.hideShow.style.visibility = 'hidden'; } } } function showDiv() { if (document.getElementById) { // DOM3 = IE5, NS6 document.getElementById('hideShow').style.visibility = 'visible'; } else { if (document.layers) { // Netscape 4 document.hideShow.visibility = 'visible'; } else { // IE 4 document.all.hideShow.style.visibility = 'visible'; } } } </script> <script language="javascript" type='text/javascript'> function hideDiv1() { if (document.getElementById) { // DOM3 = IE5, NS6 document.getElementById('apDiv4').style.visibility = 'hidden'; } else { if (document.layers) { // Netscape 4 document.apDiv4.visibility = 'hidden'; } else { // IE 4 document.all.apDiv4.style.visibility = 'hidden'; } } } function showDiv1() { if (document.getElementById) { // DOM3 = IE5, NS6 document.getElementById('apDiv4').style.visibility = 'visible'; } else { if (document.layers) { // Netscape 4 document.apDiv4.visibility = 'visible'; } else { // IE 4 document.all.apDiv4.style.visibility = 'visible'; } } } </script> <style type="text/css"> #apDiv1 { position:absolute; left:0px; top:0px; width:100%; height:50px; z-index:1; background-color: #000; padding: 0px; text-align: left; } #menu { position:absolute; top:15px; width:411px; height:34px; z-index:41; right: 0px; } </style> <link rel="stylesheet" href="css/structure.css" type="text/css" /> <link rel="stylesheet" href="css/form.css" type="text/css" /> <!-- JavaScript --> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/ libs/jquery/1.3.0/jquery.min.js"></script> <script type="text/javascript"> $(function() { $(".submit").click(function() { var name = $("#name").val(); var dataString = 'name='+ name; if(name=='') { $('.success').fadeOut(200).hide(); $('.error').fadeOut(200).show(); } else { $.ajax({ type: "POST", url: "join.php", data: dataString, success: function(){ $('.success').fadeIn(200).show(); $('.error').fadeOut(200).hide(); $(document).ready(function(){ $('#submit').click(function(){ var a = $("#name").val(); if(a != "") { $.post("join.php",{ }, function(response){ $('#posting').prepend($(response).fadeIn('slow')); $("#name").val("what's on your mind?"); }); } }); }); } }); } return false; }); }); </script> <style type="text/css"> .error{ color:#d12f19; font-size:12px; } .success{ color:#006600; font-size:12px; } </style> <link href="Spry-UI-1.7/css/Menu/basic/SpryMenuBasic.css" rel="stylesheet" type="text/css" /> <script src="Spry-UI-1.7/includes/SpryDOMUtils.js" type="text/javascript"></script> <script src="Spry-UI-1.7/includes/SpryDOMEffects.js" type="text/javascript"></script> <script src="Spry-UI-1.7/includes/SpryWidget.js" type="text/javascript"></script> <script src="Spry-UI-1.7/includes/SpryMenu.js" type="text/javascript"></script> <script src="Spry-UI-1.7/includes/plugins/MenuBar2/SpryMenuBarKeyNavigationPlugin.js" type="text/javascript"></script> <script src="Spry-UI-1.7/includes/plugins/MenuBar2/SpryMenuBarIEWorkaroundsPlugin.js" type="text/javascript"></script> <style type="text/css"> /* BeginOAWidget_Instance_2141544: #MenuBar */ /* Settable values for skinning a Basic menu via presets. If presets are not sufficient, most skinning should be done in these rules, with the exception of the images used for down or right pointing arrows, which are in the file SpryMenuBasic.css These assume the following widget classes for menu layout (set in a preset) .MenuBar - Applies to all menubars - default is horizontal bar, all submenus are vertical - 2nd level subs and beyond are pull-right. .MenuBarVertical - vertical main bar; all submenus are pull-right. You can also pass in extra classnames to set your desired top level menu bar layout. Normally, these are set by using a preset. They only apply to horizontal menu bars: MenuBarLeftShrink - The menu bar will be horizontally 'shrinkwrapped' to be just large enough to hold its items, and left aligned MenuBarRightShrink - Just like MenuBarLeftShrink, but right aligned MenuBarFixedLeft - Fixed at a specified width set in the rule '.MenuBarFixedLeft', and left aligned. MenuBarFixedCentered - - Fixed at a specified width set in the rule '.MenuBarFixedCentered', and centered in its parent container. MenuBarFullwidth - Grows to fill its parent container width. In general, all rules specified in this file are prefixed by #MenuBar so they only apply to instances of the widget inserted along with the rules. This permits use of multiple MenuBarBasic widgets on the same page with different layouts. Because of IE6 limitations, there are a few rules where this was not possible. Those rules are so noted in comments. */ #MenuBar { background-color:#000000; font-family: Arial, Helvetica, sans-serif; /* Specify fonts on on MenuBar and subMenu MenuItemContainer, so MenuItemContainer, MenuItem, and MenuItemLabel at a given level all use same definition for ems. Note that this means the size is also inherited to child submenus, so use caution in using relative sizes other than 100% on submenu fonts. */ font-weight: normal; font-size: 16px; font-style: normal; padding:0; border-color: #000000 #000000 #000000 #000000; border-width:0px; border-style: none none none none; } /* Caution: because ID+class selectors do not work properly in IE6, but we want to restrict these rules to just this widget instance, we have used string-concatenated classnames for our selectors for the layout type of the menubar in this section. These have very low specificity, so be careful not to accidentally override them. */ .MenuBar br { /* using just a class so it has same specificity as the ".MenuBarFixedCentered br" rule bleow */ display:none; } .MenuBarLeftShrink { float: left; /* shrink to content, as well as float the MenuBar */ width: auto; } .MenuBarRightShrink { float: right; /* shrink to content, as well as float the MenuBar */ width: auto; } .MenuBarFixedLeft { float: left; width: 80em; } .MenuBarFixedCentered { float: none; width: 80em; margin-left:auto; margin-right:auto; } .MenuBarFixedCentered br { clear:both; display:block; } .MenuBarFixedCentered .SubMenu br { display:none; } .MenuBarFullwidth { float: left; width: 100%; } /* Top level menubar items - these actually apply to all items, and get overridden for 1st or successive level submenus */ #MenuBar .MenuItemContainer { padding: 0px 0px 0px 0px; margin: 0; /* Zero out margin on the item containers. The MenuItem is the active hover area. For most items, we have to do top or bottom padding or borders only on the MenuItem or a child so we keep the entire submenu tiled with items. Setting this to 0 avoids "dead spots" for hovering. */ } #MenuBar .MenuItem { padding: 0px 24px 0px 0px; background-color:#000000; border-width:0px; border-color: #cccccc #ffffff #cccccc #ffffff; border-style: none solid none solid; } #MenuBar .MenuItemFirst { border-style: none none none none; } #MenuBar .MenuItemLast { border-style: none solid none none; } #MenuBar .MenuItem .MenuItemLabel{ text-align:center; line-height:1.4em; color:#ffffff; background-color:#000000; padding: 6px 15px 6px 39px; width: 10em; width:auto; } .SpryIsIE6 #MenuBar .MenuItem .MenuItemLabel{ width:1em; /* Equivalent to min-width in modern browsers */ } /* First level submenu items */ #MenuBar .SubMenu .MenuItem { font-family: Arial, Helvetica, sans-serif; font-weight: normal; font-size: 14px; font-style: normal; background-color:#ffffff; padding:0px 2px 0px 0px; border-width:0px; border-color: #cccccc #cccccc #cccccc #cccccc; /* Border styles are overriden by first and last items */ border-style: solid solid none solid; } #MenuBar .SubMenu .MenuItemFirst { border-style: solid solid none solid; } #MenuBar .SubMenu .MenuItemFirst .MenuItemLabel{ padding-top: 6px; } #MenuBar .SubMenu .MenuItemLast { border-style: solid solid solid solid; } #MenuBar .SubMenu .MenuItemLast .MenuItemLabel{ padding-bottom: 6px; } #MenuBar .SubMenu .MenuItem .MenuItemLabel{ text-align:left; line-height:1em; background-color:#ffffff; color:#333333; padding: 6px 12px 6px 5px; width: 7em; } /* Hover states for containers, items and labels */ #MenuBar .MenuItemHover { background-color: #666666; border-color: #cccccc #cccccc #cccccc #cccccc; } #MenuBar .MenuItemWithSubMenu.MenuItemHover .MenuItemLabel{ background-color: #666666; /* consider exposing this prop separately*/ color: #ffffff; } #MenuBar .MenuItemHover .MenuItemLabel{ background-color: #666666; color: #ffffff; } #MenuBar .SubMenu .MenuItemHover { background-color: #666666; border-color: #666666 #cccccc #cccccc #cccccc; } #MenuBar .SubMenu .MenuItemHover .MenuItemLabel{ background-color: #666666; color: #ffffff; } /* Submenu properties -- First level of submenus */ #MenuBar .SubMenuVisible { background-color: #ffffff; min-width:0%; /* This keeps the menu from being skinnier than the parent MenuItemContainer - nice to have but not available on ie6 */ border-color: #ffffff #ffffff #ffffff #ffffff; border-width:0px; border-style: none none none none; } #MenuBar.MenuBar .SubMenuVisible {/* For Horizontal menubar only */ top: 100%; /* 100% is at the bottom of parent menuItemContainer */ left:0px; /* 'left' may need tuning depending upon borders or padding applied to menubar MenuItemContainer or MenuItem, and your personal taste. 0px will left align the dropdown with the content area of the MenuItemContainer. Assuming you keep the margins 0 on MenuItemContainer and MenuItem on the parent menubar, making this equal the sum of the MenuItemContainer & MenuItem padding-left will align the dropdown with the left of the menu item label.*/ z-index:10; } #MenuBar.MenuBarVertical .SubMenuVisible { top: 0px; left:100%; min-width:0px; /* Do not neeed to match width to parent MenuItemContainer - items will prevent total collapse */ } /* Submenu properties -- Second level submenu and beyond - these are visible descendents of .MenuLevel1 */ #MenuBar .MenuLevel1 .SubMenuVisible { background-color: #ffffff; min-width:0px; /* Do not neeed to match width to parent MenuItemContainer - items will prevent total collapse*/ top: 0px; /* If desired, you can move this down a smidge to separate top item''s submenu from menubar - that is really only needed for submenu on first item of MenuLevel1, or you can make it negative to make submenu more vertically 'centered' on its invoking item */ left:100%; /* If you want to shift the submenu left to partially cover its invoking item, you can add a margin-left with a negative value to this rule. Alternatively, if you use fixed-width items, you can change this left value to use px or ems to get the offset you want. */ } /* IE6 rules - you can delete these if you do not want to support IE6 */ /* A note about multiple classes in IE6. * Some of the rules above use multiple class names on an element for selection, such as "hover" (MenuItemHover) and "has a subMenu" (MenuItemWithSubMenu), * giving the selector '.MenuItemWithSubMenu.MenuItemHover'. * Unfortunately IE6 does not support using mutiple classnames in a selector for an element. For a selector such as '.foo.bar.baz', IE6 ignores * all but the final classname (here, '.baz'), and sets the specificity accordingly, counting just one of those classs as significant. To get around this * problem, we use the plugin in SpryMenuBarIEWorkaroundsPlugin.js to generate compound classnames for IE6, such as 'MenuItemWithSubMenuHover'. * Since there are a lot of these needed, the plugin does not generate the extra classes for modern browsers, and we use the CSS2 style mutltiple class * syntax for that. Since IE6 both applies rules where * it should not, and gets the specificity wrong too, we have to order rules carefully, so the rule misapplied in IE6 can be overridden. * So, we put the multiple class rule first. IE6 will mistakenly apply this rule. We follow this with the single-class rule that it would * mistakenly override, making sure the misinterpreted IE6 specificity is the same as the single-class selector, so the latter wins. * We then create a copy of the multiple class rule, adding a '.SpryIsIE6' class as context, and making sure the specificity for * the selector is high enough to beat the single-class rule in the "both classes match" case. We place the IE6 rule at the end of the * css style block to make it easy to delete if you want to drop IE6 support. * If you decide you do not need IE6 support, you can get rid of these, as well as the inclusion of the SpryMenuBarIEWorkaroundsPlugin.js script. * The 'SpryIsIE6' class is placed on the HTML element by the script in SpryMenuBarIEWorkaroundsPlugin.js if the browser is Internet Explorer 6. This avoids the necessity of IE conditional comments for these rules. */ .SpryIsIE6 #MenuBar .MenuBarView .MenuItemWithSubMenuHover .MenuItemLabel /* IE6 selector */{ background-color: #666666; /* consider exposing this prop separately*/ color: #ffffff; } .SpryIsIE6 #MenuBar .MenuBarView .SubMenu .MenuItemWithSubMenuHover .MenuItemLabel/* IE6 selector */{ background-color: #666666; /* consider exposing this prop separately*/ color: #ffffff; } .SpryIsIE6 #MenuBar .SubMenu .SubMenu /* IE6 selector */{ margin-left: -0px; /* Compensates for at least part of an IE6 "double padding" version of the "double margin" bug */ } /* EndOAWidget_Instance_2141544 */ #apDiv2 { position:absolute; left:5px; top:75px; width:591px; height:284px; z-index:2; } #hideShow { position:absolute; left:84px; top:211px; width:506px; height:47px; z-index:2; } #apDiv3 { position:absolute; left:4px; top:354px; width:306px; height:45px; z-index:3; } #apDiv4 { position:absolute; left:82px; top:275px; width:290px; height:34px; z-index:4; } #apDiv5 { position:absolute; left:17px; top:205px; width:861px; height:172px; z-index:2; } .fullname { position:relative; left:0px; width:100px; height:30px; z-index:4; top:25px; background-color:black; color:white; text-align: center; } #apDiv5 #TabbedPanels1 .TabbedPanelsContentGroup .TabbedPanelsContent.TabbedPanelsContentVisible #form1 table tr td { text-align: right; } </style> <script type="text/xml"> <!-- <oa:widgets> <oa:widget wid="2141544" binding="#MenuBar" /> </oa:widgets> --> </script> <link href="SpryAssets/SpryTabbedPanels.css" rel="stylesheet" type="text/css" /> <style type="text/css"> #apDiv6 { position:absolute; left:4px; top:54px; width:162px; height:147px; z-index:3; } </style> </head> <body onLoad="javascript:TabbedPanels1.showPanel(<?php echo $_COOKIE['index'];?>)"> <?php $birthday1 = "$year-$month2-$day"; ?> <div id="apDiv1"> <div id="menu"> <ul id="MenuBar" class="MenuBarHorizontal"> <li><a href="index.php">Home</a> </li> <li><a href="profile.php">Profile</a></li> <li><a class="MenuBarItemSubmenu" href="#">Account</a> <ul> <li><a href="settings.php">Account Settings</a> </li> <li><a href="privacy.php">Privacy Settings</a></li> <li><a href="logout.php">Logout</a></li> </ul> </li> </ul> <script type="text/javascript"> // BeginOAWidget_Instance_2141544: #MenuBar var MenuBar = new Spry.Widget.MenuBar2("#MenuBar", { widgetID: "MenuBar", widgetClass: "MenuBar MenuBarRightShrink", insertMenuBarBreak: true, mainMenuShowDelay: 100, mainMenuHideDelay: 200, subMenuShowDelay: 200, subMenuHideDelay: 200 }); // EndOAWidget_Instance_2141544 </script> </div> <a href="/main.php" onmouseout="MM_swapImgRestore()" onmouseover="MM_swapImage('Image1','','/hover.png',1)"><img src="/main.png" name="Image1" width="600" height="50" border="0" id="Image1" /></a> </div> <?php // Process the form if it is submitted if ($_POST['general']) { $city1 = $_POST['city']; $hometown1 = $_POST['hometown']; $about1 = $_POST['about']; $sql = mysql_query("UPDATE general SET city='$city1', hometown='$hometown1', about='$about1' WHERE id='$userid1'")or die(mysql_error()); $message ='Your Account info has been saved'; echo "<font color = 'red'>"; echo $message; echo "</font>"; } // close if post ?> <div id="apDiv5"> <div id="TabbedPanels1" class="VTabbedPanels"> <ul class="TabbedPanelsTabGroup"> <li class="TabbedPanelsTab" tabindex="0">Basic Info</li> <li class="TabbedPanelsTab" tabindex="0">Profile Picture</li> <li class="TabbedPanelsTab" tabindex="0">Sports</li> <li class="TabbedPanelsTab" tabindex="0">Activities</li> <li class="TabbedPanelsTab" tabindex="0">Contact Info</li> </ul> <div class="TabbedPanelsContentGroup"> <div class="TabbedPanelsContent"><form id="form1" name="form1" method="post" action=""> <label for="city"></label> <table width="496" border="0" cellspacing="2" cellpadding="0"> <tr> <td width="157" scope="col">Current City:</td> <td width="333" scope="col"><div align="left"> <input type="text" name="city" id="city" value="<?php echo $city; ?>" /> </div></td> </tr> <tr> <td>Hometown:</td> <td><div align="left"> <label for="hometown"></label> <input type="text" name="hometown" id="hometown" value="<?php echo $hometown; ?>" /> </div></td> </tr> <tr> <td>Birthday:</td> <td><div align="left"><?php echo $month;?> <?php echo $day; ?>, <?php echo $year; ?></div></td><tr><td></td><td> <div align="left"><?php //calculate years of age (input string: YYYY-MM-DD) function birthday ($birthday){ list($year,$month,$day) = explode("-",$birthday); $year_diff = date("Y") - $year; $month_diff = date("m") - $month; $day_diff = date("d") - $day; if ($day_diff < 0 || $month_diff < 0) $year_diff--; return $year_diff; } echo birthday($birthday1). " years old"; ?></div></td></tr></td> </tr> <tr> <td>About Me: </td> <td><label for="about"></label> <textarea name="about" id="about" cols="45" rows="5"></textarea></td> </tr> <tr> <td> </td> <td><div align="left"><input name="general" id="general" type="submit" value="Save information" class="fullname" /></div></td> </tr> <tr> <td> </td> <td> </td> </tr> </table> </form></div> <div class="TabbedPanelsContent"><form enctype="multipart/form-data" action="profile.php" method="POST"> <input type="hidden" name="MAX_FILE_SIZE" value="900000000000000000000000000000000000000000000000000000000000000000000000000" /> Choose a file to upload: <div id="dynamicInput"> <p>Entry 1</p> <p> <br> <input type="file" name="uploadedfile[]"> </p> </div> <input type="submit" value="Upload File" id="submit" name="submit" /> </form> <?php if($_POST['submit']){ // Where the file is going to be placed $target_path = 'images/'.$username1.'/'; foreach ($_FILES["uploadedfile"]["name"] as $key => $value) { $uploadfile = $target_path . basename($_FILES["uploadedfile"]["name"][$key]); $uploadfile1 = basename($_FILES["uploadedfile"]["name"][$key]); //echo $uploadfile; if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'][$key], $uploadfile)) { $sql = mysql_query("UPDATE pics SET link='$uploadfile', name='$uploadfile1' WHERE user='$username1'")or die(mysql_error()); $sql = mysql_query("UPDATE facebook_posts SET pic='$uploadfile' WHERE f_name='$name1'")or die(mysql_error()); $sql = mysql_query("UPDATE facebook_posts_comments SET pic='$uploadfile' WHERE f_name='$name1'")or die(mysql_error()); echo $value . ' uploaded<br>'; } } } ?> </div> <div class="TabbedPanelsContent"><form autocomplete="off" enctype="multipart/form-data" method="post" name="form"> <div class="info" style="padding-left:20px"> <h2> </h2> <div></div> <div> <p>Sport: <input id="name" name="name" type="text" class="field text medium" value="" maxlength="255" tabindex="1" /> </p> <p></p> </div> <div></div> </div> <div class="buttons"> <input type="submit" value="Submit" style=" background:#0060a1; color:#FFFFFF; font-size:14px; border:1px solid #0060a1; margin-left:12px" class="submit" name="submit" id="submit"/><span class="error" style="display:none"> Please Enter Valid Data</span><?php if($_POST['submit']){ ?><span class="success" style="display:none"> ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// <?php $sql123 = mysql_query("SELECT id, sport, user FROM sports WHERE user='$username1'"); while($row = mysql_fetch_array($sql123)){ $id = $row["id"]; $sport1 .= $row["sport"]; $user = $row["user"];} echo $sport1; ;} ?></span> </div> </form></div> <div class="TabbedPanelsContent">Content 4</div> <div class="TabbedPanelsContent">Content 5 </div> </div> </div> </div> <div id="posting" align="center"> <?php include_once "posting.php"; ?> </div> <div id="apDiv6"><?php echo '<img src="'.$link123.'" width="162""/>'; ?></div> <script type="text/javascript"> var TabbedPanels1 = new Spry.Widget.TabbedPanels("TabbedPanels1"); </script> </body> </html> My goal is to make it so that where the really long comment(well with no words), is at that it runs after the ajax at the begining of the script so that the database input it does shows up in that result. here is the code of join.php Code: [Select] <?php session_start(); // Must start session first thing /* Created By Adam Khoury @ www.flashbuilding.com -----------------------June 20, 2008----------------------- */ // Here we run a login check if (!isset($_SESSION['username'])) { echo 'Please <a href="/login.php">log in</a> to access your account'; exit(); } //Connect to the database through our include include_once "connect_to_mysql_1.php"; // Place Session variable 'id' into local variable $username1 = $_SESSION['username']; ?> <?php // Query member data from the database and ready it for display $sql = mysql_query("SELECT hometown, about, month, day, year, id FROM general WHERE user='$username1'"); while($row = mysql_fetch_array($sql)){ $userid = $row["userid"]; $hometown = $row["hometown"]; $about = $row["about"]; $month = $row["month"]; $day = $row["day"]; $year = $row["year"]; $userid1 = $row["id"]; } $sql = mysql_query("SELECT id, sport, user FROM sports WHERE user='$username1'"); while($row = mysql_fetch_array($sql)){ $id = $row["id"]; $sport1 = $row["sport"]; $user = $row["user"]; } if($_POST) { $sport=$_POST['name']; mysql_query("INSERT INTO sports (id, sport, user) VALUES ('$userid1', '$sport', '$username1')"); }else { } ?> <html> <head> </head> <body> <?php echo $sport1; ?> </body> </html> I hope this makes sense. so once again, I need the results that the code by the long comment(sorta) will basically run after the ajax uses join.php to input info into the dbase. or is there a better way to do this? currently the results are loading even before the page loads. so that it returns the results when it is supposed to, it just didn't query the database at the right time. I'm trying to learn how to code the proper way. There's a few things im worried about,but overall im worried about clogging up the server. so what should i keep in mind while coding, to avoid this? I'm thinking, keep insert and update to a minimum? as in, when possible, use session to keep track of data until i absolutly have to add that data to a database? is that a correct thought? what about once the data is in the database, how much trouble is it to ask for the selected data inside a database? should i be worried about overdoing request of data from databases? on the other hand, should i be worried about having too many sessions travelling around with a user. why? Im just asking to get a better feel for how to do things the proper way, i would hate to have a website built, only to find out that what i built is only a bat, that would bash the hell out of a server i wanted to put it on. |
|||||||