PHP - Query Mysql From Url Parameter

If you also have any feedback on my code, please do tell me. I wish to improve my coding base.

Basically when you fill out the register form, it will check for data, then execute the insert query. But for some reason, the query will NOT insert into the database. In the following code below, I left out the field ID. Doesn't work with it anyways, and I'm not sure it makes a difference.

Code:

  Code: [Select]
mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)");
Full code:

Code: [Select]
<?php
include_once("includes/config.php");
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><? $title; ?></title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>
 
<div id="wrap">
 
<div id="header">
<h1><? $title; ?></h1>
<h2><? $description; ?></h2>
</div>
 
<? include_once("includes/navigation.php"); ?>
 
<div id="content">
<div id="right">
<h2>Create</h2>
<div id="artlicles">
<?php
 
if(!$_SESSION['user'])
{
 
        $username = mysql_real_escape_string($_POST['username']);
        $password = mysql_real_escape_string($_POST['password']);
        $name = mysql_real_escape_string($_POST['name']);
        $server_type = mysql_real_escape_string($_POST['type']);
        $description = mysql_real_escape_string($_POST['description']);
 
        if(!$username || !$password || !$server_type || !$description || !$name)
        {

        echo "Note: Descriptions allow HTML. Any abuse of this will result in an IP and account ban. No warnings!<br/>All forms are required to be filled out.<br><form action='create.php' method='POST'><table><tr><td>Username</td><td><input type='text' name='username'></td></tr><tr><td>Password</td><td><input type='password' name='password'></td></tr>";
        echo "<tr><td>Sever Name</td><td><input type='text' name='name' maxlength='35'></td></tr><tr><td>Type of Server</td><td><select name='type'>
       
        <option value='Any'>Any</option>
        <option value='PvP'>PvP</option>
        <option value='Creative'>Creative</option>
        <option value='Survival'>Survival</option>
        <option value='Roleplay'>RolePlay</option>
       
        </select></td></tr>
       
        <tr><td>Description</td><td><textarea maxlength='1500' rows='18' cols='40' name='description'></textarea></td></tr>";
        echo "<tr><td>Submit</td><td><input type='submit'></td></tr></table></form>";
        }
        elseif(strlen($password) < 8)
        {
        echo "Password needs to be higher than 8 characters!";
        }
        elseif(strlen($username) > 13)
        {
                echo "Username can't be greater than 13 characters!";
        }
        else
        {
                $check1 = mysql_query("SELECT username,name FROM servers WHERE username = '$username' OR name = '$name' LIMIT 1");
               
                if(mysql_num_rows($check1) < 0)
                {
                        echo "Sorry, there is already an account with this username and/or server name!";
                }
                else
                {
                        $ip = $_SERVER['REMOTE_ADDR'];

                        mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)");
                        echo "Server has been succesfully created!";
                }
        }
       
}
else
{
        echo "You are currently logged in!";
}
 
?>
</div>
</div>
 
<div style="clear: both;"> </div>
</div>
 
<div id="footer">
<a href="http://www.templatesold.com/" target="_blank">Website Templates</a> by <a href="http://www.free-css-templates.com/" target="_blank">Free CSS Templates</a> - Site Copyright MCTop
</div>
</div>
 
</body>
</html>

I have the following code just to insert a username and hashed password into the database but somehow I am getting this error and I couldn't find out where I am doing it wrong...can someone please give me a hand?   I tried it in two ways and both errors... the first few lines are just connecting database which worked fine and a password.php so I can use password_hash() with my php version

$hash = password_hash('xx', PASSWORD_BCRYPT, array('cost' => 10));
$username = 'xx';


$insertQuery = $db->prepare("
		INSERT INTO et_todo (username, password)
		VALUES (:username, :hash)
	");

$insertQuery->execute(array(
		'username' => $username,
		'password' => $hash
	));

also tried

$hash = password_hash('xx', PASSWORD_BCRYPT, array('cost' => 10));

$insertQuery = $db->prepare("
		INSERT INTO et_todo (username, password)
		VALUES ('xx', :hash)
	");

$insertQuery->execute(array(
		'username' => 'xx',
		'password' => $hash
	));

Hello,   I recently posted here about an issue I was having with my database orientated products page.   I have now run into another problem where say if, /db.php was typed or /db.php?p=IDoNotExist was typed, it returns blank.   I have in my code the desired content to be displayed, but it just doesn't seem to want to make a show.   I was also wondering if it is possible to show different content for whatever the URL is, so for no parameter, the content about the products, and a non existent one, maybe "Product not found"?   Here is my code:

<?php
	$db=mysql_connect  ("localhost", "webwibco_charlie",  "Hello123") or die ('I cannot connect to the database  because: ' . mysql_error()); 
	$mydb=mysql_select_db("webwibco_products"); 

	include("header.php");

	$status = htmlspecialchars( @$_GET ['p'] );

	if ($status == "floorpuzzles") {

		     echo "<h1>Our Floor Puzzles</h1>";
		$sql="SELECT  ID, Name, Tags, Description, Category FROM products WHERE Category LIKE '%" . FloorPuzzles .  "%'"; 
		$result=mysql_query($sql); 
		while($row=mysql_fetch_array($result)){ 
			$Name  =$row['Name'];
			$ID  =$row['ID']; 
			$Description  =$row['Description'];  
			echo "<div class=\"box\">";
			echo "<h1>$Name</h1>";
			echo "<div class=\"floorbox\"><a href=\"?p=$ID\"><img src=\"images/products/catalogue/big/floorpuzzles/$ID.jpg\" class=\"small\"></a></div>";
			echo "<h2>$Description</h2>";
			echo "</div>";
		}
?>
<?
}else{



	if ($status == $_GET["p"]) {
		$sql="SELECT  ID, Name, Tags, Description, Pieces, Size, Barcode, Category FROM products WHERE ID = '" . $_GET['p'] .  "'";   
		$result=mysql_query($sql);   
		while($row=mysql_fetch_array($result)){  
			$Name  =$row['Name'];
			$ID  =$row['ID']; 
			$Description  =$row['Description']; 
			$Pieces  =$row['Pieces']; 
			$Size  =$row['Size']; 
			$Barcode  =$row['Barcode'];   
			echo "<div class=\"1\">";
			echo "<h1>$Name</h1>";
			echo "<div class=\"bigbox\">";
			echo "<div class=\"floorbox\"><img src=\"images/products/catalogue/big/floorpuzzles/$ID.jpg\" class=\"big\"></div>";
			echo "</div>";
			echo "</div>";
			echo "<div class=\"2\">";
			echo "<p>Puzzle Pieces: $Pieces</p>
				  <p>Puzzle Size: $Size</p>
				  <p>Barcode: $Barcode</p>";
			echo "</div>"; 
		} 
		}else{
?>
<?
			echo"<h1>Our Products</h1>
				<p>Our jigsaw puzzles are hand cut by skilled craftsmen and therefore each one is unique with self-correcting pieces. There is a strict quality control process at all stages by our highly experienced staff. The puzzles are durable and provide fun and excitement, enhancing learning and a child’s development.<p>
				<p>All of our jigsaws are made using materials from sustainable resources grown in managed forests. Where possible we support companies in the UK and source our components locally, most of our suppliers are in the East Midlands, many in Derbyshire and Nottinghamshire. We keep packaging to a minimum and take our environmental and ethical responsibilities very seriously.</p>
				<p>Reducing waste and recycling was a way of life for us before it became fashionable. We are constantly searching for new ideas and consult teachers when developing our jigsaws, which are often used within the national curriculum.</p> 
				<p>As well as making our own range, we manufacture for leading suppliers to the education market. Check for \"Made in Britain\" and it is probably made by us.</p>
				<p>We have a wide variety of products available for viewing, from classic floor puzzles to innovative inset trays. You can take a look at all our products on this page, simply use the navigation buttons to your left.</p>";

				
				}}

include("footer.php");
?>

The final echo is what I wish to be displayed on the URL without or with an invalid parameter.   Here is my site URL: http://www.webwib.co...saws/search.php (note that only the "Floor Puzzles" category has content within it).   Thank you in advance for assistance.

I'm restarting this under a new subject b/c I learned some things after I initially posted and the subject heading is no longer accurate.

What would cause this behavior - when I populate session vars from a MYSQL query, they stick, if I populate them from an MSSQL query, they drop.

It doesn't matter if I get to the next page using a header redirect or a form submit.  I have two session vars I'm loading from a MYSQL query and they remain, the two loaded from MSSQL disappear. 

I have confirmed that all four session vars are loading ok initially and I can echo them out to the page, but when the application moves to next page via redirect or form submit, the two vars loaded from MSSQL are empty. 

Any ideas?

hi guys, im new to this forum

I'm new also to php, I need help from you guys:

I want to display personal information from a certain person (the data is on the mysql database) using his name as a link:

example:
               (index.php)
               names
                          1. Bill Gates
                          2. Mr. nice Guy
           
i want to click Bill Gates
 
   (output.php)
     Name: Bill Gates
     Country:xxxx
     Age: xx   
                 etc.

How can i make this or how to learn this?
   
                 

             
               

   
       

Hi all,

I have a database with 2 tables, 'users' and 'battles'. The site pulls 2 random peoples pictures and lets the user choose who they think would win the battle. So if user1 is using the site it might show pictures for user5 and user3. If the user1 chooses that user5 wins then an entry is made into the 'battles' table like this :

voter     win      lose
user1    user5   user3

Any ideas what query I can use so it only shows 2 people that the user hasnt compared before ?

As if its doing this : choose 2 id's from 'users' that user1 hasnt compared before

Hope that makes sense.

Many thanks,

Scott

I have the following MYSQL Query:

Basically, the query will not work when i add quotes to the string. I want it to select from e-mails database where subject LIKE '%"$stringservername"%'

If I do just '%$SERVERNAME%' it works :S - And the mysql data includes the quotes.

I use the $strongservername to add the quotes.


$stringservername = "&quot$servername&quot";
$stringjobname = "&quot$vjobname&quot";

$queryemails = mysql_query("SELECT * FROM `emails` WHERE `subject` like '$searchstatus' AND `subject` like '%$stringservername%' AND `subject` like '%$stringjobname%' AND `fromemail` = '$matchfrom'");



Any suggestions?

Thankyou

$loc="SELECT * FROM table WHERE username='a', id='1' AND uin='123'";
$get=myspl_query($loc) or die(mysql_error());

Please somone tell me the right command as how to use multiple AND in mysql query.

Thanks

I have a query which when I run in phpmyadmin it returns the results I want.

When I put it into PHP I get no results can someone tell me what I'm doing wrong?

Code: [Select]
<?php include("config.php"); ?>
<?php
// sending query
$sql = mysql_query("SELECT dayname((date(FROM_UNIXTIME(dateline)))) as 'Day Of Week', date((date(FROM_UNIXTIME(dateline)))) as 'Date', count(*) as 'Number of Opened Tickets', ( select count(ticketmaskid) from swtickets where date(FROM_UNIXTIME(swtickets.lastactivity)) = Date and isresolved=1 ) as 'Number of Closed Tickets' from swtickets where ((date(FROM_UNIXTIME(dateline)) between (DATE_SUB(CURDATE(), INTERVAL (IF(DAYOFWEEK(CURDATE())=1, 9, DAYOFWEEK(CURDATE()))) DAY)) and (DATE_ADD(CURDATE(), INTERVAL (6 - IF(DAYOFWEEK(CURDATE())=1, 8, DAYOFWEEK(CURDATE()))) DAY)) )) group by date(FROM_UNIXTIME(dateline))");
?>

<?php echo $sql; ?>

All it returns is: Resource id #4

When in phpmyadmin I get:

Hello!  First post.  I am trying to code out a news website (kinda)  I can't seem to fetch the news articles out of SQL.  What am I doing wrong?

(start is fetched by $_REQUEST.  Assume it is 1)
$end=$start+5;
$stories = mysql_query("SELECT * FROM 'stories' DESC ORDER BY id LIMIT $start, $end");
$num = mysql_num_rows($stories);
print $num;

Hi All,

Wondered if someone could help me out with a sql query that I am having difficulty with?

My database consists of 3 tables, clients, video, category.  The video table stores the primary key value of the clients table and the category table as a foreign key.  What I am trying to achieve is return all the videos that are associated to a particular client and group them under the relevant category.  If there are now videos that match the category then I do not want to display the category.  Here is my code so far:
Code: [Select]
  <?php
$sql = "SELECT category.cat_id, category.name AS catname FROM category";
$result = mysql_query($sql) or die (mysql_error());
while($categoryrow = mysql_fetch_assoc($result)) { ?>
    </p>
<div class="themeheader"><h5><?php echo $categoryrow['catname']; ?></h5></div>
<Br />
<?php
$vsql = "SELECT video.video_id, video.title, video.description, video.thumbnail FROM video WHERE video.cat_id = '" . $categoryrow['cat_id'] . "' AND video.client_id = $customerid ORDER BY video.video_id DESC";
$vresult = mysql_query($vsql) or die (mysql_error());
?>
<div class="videos">
<ul>
<?php
while($videorow = mysql_fetch_assoc($vresult)) {
?>
                <li id="categoryList"><a href="film-details.php?video_id=<?php echo $videorow['video_id']; ?>"><img src="+_1m4g35/<?php echo $videorow['thumbnail']; ?>" alt="<?php echo $videorow['title']; ?>" title="<?php echo $videorow['title']; ?>" width="291" height="142" border="0" /></a>
  <h2><?php echo $videorow['title']; ?></h2>
                  <p><?php $limit = 100;
  if (strlen($videorow['description']) > $limit)
  $description = substr($videorow['description'], 0, strrpos(substr($videorow['description'], 0, $limit), ' ')) . '... <a href="film-details.php?video_id='.$videorow['video_id'].'">read more</a>';
  echo $description;
   ?>
                  </p>
<?php } //end video loop?>
</ul>
<br class="clearfloat" />
</div>
<?php } //end category loop ?>
  </div>

The above code is the closest I have got but it still outputs the categories even when there are no videos that match the category id and the client id.

Any help in the right direction gratefully received as I am gradually going insane! 

Query
whats wrong with this query?

$queryreg = mysql_query("UPDATE application SET employer = '$employer' AND eaddy = '$employer_address' AND ecity = '$employer_city' AND estate = '$employer_state' and ezip = '$employer_zip' AND supervisor = '$employer_supervisor'  WHERE appID = '$appID'") or die(mysql_error());

I can't figure it out.

Hello,
I have a query where i try to search, but i want to put a limitation, but it doesn't seems to be working :/
Here's my code:

$result = mysql_query("SELECT * FROM clients WHERE staff = 0 AND username LIKE '%" . $keyword .  "%' OR company LIKE '%" . $keyword .  "%' ORcontact LIKE '%" . $keyword .  "%' OR address LIKE '%" . $keyword .  "%' OR email LIKE '%" . $keyword .  "%' OR phone LIKE '%" . $keyword .  "%' ORDER BY phone");


Alright, so i basically want the user to search in all of those fields, however i want it to filter all "staff" members, so it should only view the "0" ones, meaning the clients, only problem that when i run this, all clients gets displayed, also the staff accounts.

Any suggestion?

hi dudes
how do i write a mysql query with 3 columns, where the first column is 'year', the second is 'month' (integer) and the third is 'day' (integer), ordered by desc, but with an extra quirk, where if any of the three columns is zero (which means there is no data for that date column - assume i have a year and a month, but no day)?

my code looks like the following
Code: [Select]
ORDER BY exhib_date_year DESC, exhib_date_month DESC, exhib_date_day DESC

Hello... First I should explain what is wrong. I have a database with a table called subs... Within this table I have a unique field called ID, then a fields called member, date(unix timestamp) amount, month, year...

HOWEVER for each month and year there is several entries all with different date stamps. How can I extract the entry with the most recent date???  However there is a catch. I want to view payments made since a certain date but only one per month... Below is my code... I thnk I need to add or change something slightly but i am fairly new to PHP and am totally stuck...

MANY THANKS IN ADVANCE!!! 
Code: [Select]
[php]$query="SELECT * FROM records WHERE section='B' OR section='C' OR section='S' order by section, surname";
$result=mysql_query($query);
for ($row=0;$row<mysql_num_rows($result);$row++){
  $forename=mysql_result($result,$row,'forename');
  $surname=mysql_result($result,$row,'surname');
  $id=mysql_result($result,$row,'id');
  $ref="19nx".$id.substr($forename,0,2).substr($surname,0,2);
  $section=mysql_result($result,$row,'section');
  $giftAid=mysql_result($result,$row,'giftAid');
  if ($giftAid>1){$day=date('d',$giftAid);$month=date('m',$giftAid);$year=date('y',$giftAid);}else{$day="";$month="";$year="";}
  $giftAidName=mysql_result($result,$row,'giftAidName');
  $giftAidComment=mysql_result($result,$row,'giftAidComment');
 
  $subdate=mktime(0,0,0,$submonth,$subday,$subyear);
 $query="SELECT * FROM subs WHERE member='$id' AND date>$subdate Order BY id DESC";
  $subResult=mysql_query($query);
  $subs="";
  for($ss=0;$ss<mysql_num_rows($subResult);$ss++){
  $amount=mysql_result($subResult,$ss,'amount');
  if ($amount==""){$amount='25';}
  $date=date("M/Y",mysql_result($subResult,$ss,'date'));
  $subs=$subs."<a title='$date' alt='$date'>$amount</a>,";
  }[/php]
This outputs a line of results which is right except it shows 2 or 3 for april, 3 or 4 for may anthoer 2 or 3 for june etc...  I hope someone gets my drift!