|
PHP - Please Help! Error Check Not Working
Hi all. Ok, I've been trying to fix this for 5 days straight. for some reason, i can't get this code to check the value for email, question and answer against the database. it either gives an error all the time or it allows incorrect data..
forgot.php: Code: [Select] <?php if ($_SERVER["REQUEST_METHOD"] == "POST") { print_r($_POST); } if ($_SERVER["REQUEST_METHOD"] == "GET") { print_r($_GET); } error_reporting(E_ALL); include 'dbc.php'; /******************* ACTIVATION BY FORM**************************/ if(isset($_POST['doReset'])){ if ($_POST['doReset']=='Reset') { $err = array(); $msg = array(); foreach($_POST as $key => $value) { $data[$key] = filter($value); } //check if activ code and user is valid as precaution if(isset($data['user_email'])){ $rs_check = mysql_query("select id from users where user_email='$data[user_email]'") or die (mysql_error()); $num = mysql_num_rows($rs_check); } // Match row found with more than 1 results - the user is authenticated. /* if ( $num <= 0 ) { $err[] = "Error - Sorry no such account exists or registered."; //header("Location: forgot.php?msg=$msg"); //exit(); }*/ if(isset($_POST['user_email'])){ if($_POST['user_email1'] != stripslashes(isEmail($data['user_email']))) { $err[] = "ERROR - Please enter a valid email"; } } if(isset($_POST['usr_question'])){ if($_POST['usr_question1'] != stripslashes($data['usr_question'])) { $err[] = "ERROR - Please enter a valid question"; } } if(isset($_POST['usr_answer'])){ if($_POST['usr_answer1'] != stripslashes($data['usr_answer'])) { $err[] = "ERROR - Please enter a valid answer"; } } if(empty($err)) { $new_pwd = GenPwd(); $pwd_reset = PwdHash($new_pwd); //$sha1_new = sha1($new); //set update sha1 of new password + salt if(isset($data['user_email']) && isset($data['usr_question']) && isset($data['usr_answer'])){ $rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE user_email='$data[user_email]' AND usr_question='$data[usr_question]' AND usr_answer='$data[usr_answer]'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); echo "Here is your new password:<br>\r\n" .$new_pwd."<br>\r\n"; } } //send email /*$message = "Here are your new password details ...\n User Email: $user_email \n Passwd: $new_pwd \n Thank You Administrator $host_upper ______________________________________________________ THIS IS AN AUTOMATED RESPONSE. ***DO NOT RESPOND TO THIS EMAIL**** "; mail($user_email, "Reset Password", $message, "From: \"Member Registration\" <auto-reply@$host>\r\n" . "X-Mailer: PHP/" . phpversion()); $msg[] = "Your account password has been reset and a new password has been sent to your email address."; */ //$msg = urlencode(); //header("Location: forgot.php?msg=$msg"); //exit(); } } ?> <html> <head> <title>Forgot Password</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script> <script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script> <script> $(document).ready(function(){ $("#actForm").validate(); }); </script> <link href="styles.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="0" cellpadding="5" class="main"> <tr> <td colspan="3"> </td> </tr> <tr> <td width="160" valign="top"><p> </p> <p> </p> <p> </p> <p> </p> <p> </p></td> <td width="732" valign="top"> <h3 class="titlehdr">Forgot Password</h3> <p> <?php /******************** ERROR MESSAGES************************************************* This code is to show error messages **************************************************************************/ if(!empty($err)) { echo "<div class=\"msg\">"; foreach ($err as $e) { echo "* $e <br>"; } echo "</div>"; } if(!empty($msg)) { echo "<div class=\"msg\">" . $msg[0] . "</div>"; } /******************************* END ********************************/ ?> </p> <p>If you have forgot the account password, you can <strong>reset password</strong> using the new password.</p> <form action="forgot.php" method="post" name="actForm" id="actForm" > <table width="65%" border="0" cellpadding="4" cellspacing="4" class="loginform"> <tr> <td colspan="2"> </td> </tr> <tr> <td width="36%">Your Email <font Color="#FF0000">*</font></td> <td width="64%"><input name="user_email1" type="text" class="required email" size="25"></td> </tr> <tr> <td width="38%">Your Secret Question <font Color="#FF0000">*</font></td> <td width="66%"><input name="usr_question1" type="text" class="required question" size="25"></td> </tr> <tr> <td width="38%">Your Secret Answer <font Color="#FF0000">*</font></td> <td width="66%"><input name="usr_answer1" type="text" class="required answer" size="25"></td> </tr> <tr> <td colspan="2"> <div align="center"> <p> <input name="doReset" type="submit" id="doLogin3" value="Reset"><br><br> <a href="./register.php">Register</a> | <a href="./login.php">Login</a> </p> </div></td> </tr> </table> <div align="center"></div> <p align="center"> </p> </form> <p> </p> <p align="left"> </p></td> <td width="196" valign="top"> </td> </tr> <tr> <td colspan="3"> </td> </tr> </table> </body> </html> dbc.php: Code: [Select] <?php /******************** MAIN SETTINGS - PHP LOGIN SCRIPT V2.1 ********************** Please complete wherever marked xxxxxxxxx /************* MYSQL DATABASE SETTINGS ***************** 1. Specify Database name in $dbname 2. MySQL host (localhost or remotehost) 3. MySQL user name with ALL previleges assigned. 4. MySQL password Note: If you use cpanel, the name will be like account_database *************************************************************/ define ("DB_HOST", "localhost"); // set database host define ("DB_USER", "root"); // set database user define ("DB_PASS","pass"); // set database password define ("DB_NAME","KOJ_Login"); // set database name $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection."); $db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database"); /* Registration Type (Automatic or Manual) 1 -> Automatic Registration (Users will receive activation code and they will be automatically approved after clicking activation link) 0 -> Manual Approval (Users will not receive activation code and you will need to approve every user manually) */ $user_registration = 1; // set 0 or 1 define("COOKIE_TIME_OUT", 1); //specify cookie timeout in days (default is 10 days) define('SALT_LENGTH', 9); // salt for password //define ("ADMIN_NAME", "admin"); // sp /* Specify user levels */ define ("ADMIN_LEVEL", 6); define("GURU_CODE_CONSULTANT",5); define("GAME_CODER",4); define("GAME_BETATESTER",3); define("GAME_ARTIST",2); define ("USER_LEVEL", 1); define ("GUEST_LEVEL", 0); /*************** reCAPTCHA KEYS****************/ $publickey = "6LeEOLwSAAAAAIDSbmqnOpHk_EyMOQpitY526ePJ"; $privatekey = "6LeEOLwSAAAAAJe_5NTiwR0zNzCstCgIPBfpTO-n"; /**** PAGE PROTECT CODE ******************************** This code protects pages to only logged in users. If users have not logged in then it will redirect to login page. If you want to add a new page and want to login protect, COPY this from this to END marker. Remember this code must be placed on very top of any html or php page. ********************************************************/ function get_log($action){ $logfile= './log.php'; $IP = $_SERVER['REMOTE_ADDR']; $logdetails= date("F j, Y, g:i a") . ': ' . '<a href=http://dnsstuff.com/tools/city.ch?ip='.$_SERVER['REMOTE_ADDR'].'>'.$_SERVER['REMOTE_ADDR'].'('.gethostbyaddr($_SERVER['REMOTE_ADDR']).')</a> - <b>'.$action.' - ('.basename("./").')'.'</b>\r\n'; $fp = fopen($logfile, "a"); fwrite($fp, $logdetails); fclose($fp); } function page_protect() { session_start(); global $db; /* Secure against Session Hijacking by checking user agent */ if (isset($_SESSION['HTTP_USER_AGENT'])) { if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) { logout(); exit; } } // before we allow sessions, we need to check authentication key - ckey and ctime stored in database /* If session not set, check for cookies set by Remember me */ if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) ) { if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){ /* we double check cookie expiry time against stored in database */ $cookie_user_id = filter($_COOKIE['user_id']); $rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error()); list($ckey,$ctime) = mysql_fetch_row($rs_ctime); // coookie expiry if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) { logout(); } /* Security check with untrusted cookies - dont trust value stored in cookie. /* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/ if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey) ) { session_regenerate_id(); //against session fixation attacks. $_SESSION['user_id'] = $_COOKIE['user_id']; $_SESSION['user_name'] = $_COOKIE['user_name']; /* query user level from database instead of storing in cookies */ list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'")); $_SESSION['user_level'] = $user_level; $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']); } else { logout(); } } else { header("Location: login.php"); exit(); } } } function filter($data) { $data = trim(htmlentities(stripslashes(strip_tags($data)))); //htmlentities(strip_tags($data))); if (get_magic_quotes_gpc()) $data = stripslashes($data); $data = mysql_real_escape_string($data); return $data; } function EncodeURL($url) { $new = strtolower(ereg_replace(' ','_',$url)); return($new); } function DecodeURL($url) { $new = ucwords(ereg_replace('_',' ',$url)); return($new); } function ChopStr($str, $len) { if (strlen($str) < $len) return $str; $str = substr($str,0,$len); if ($spc_pos = strrpos($str," ")) $str = substr($str,0,$spc_pos); return $str . "..."; } function isEmail($email){ return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE; } function isSecretQuestion($question){ if (preg_match('/^[a-z\d_]{5,20}$/i', $question)) { return true; } else { return false; } } function isSecretAnswer($answer){ if (preg_match('/^[a-z\d_]{5,20}$/i', $answer)) { return true; } else { return false; } } function isUserID($username) { if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) { return true; } else { return false; } } function isURL($url) { if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) { return true; } else { return false; } } function checkPwd($x,$y) { if(empty($x) || empty($y) ) { return false; } if (strlen($x) < 4 || strlen($y) < 4) { return false; } if (strcmp($x,$y) != 0) { return false; } return true; } function GenPwd($length = 7) { $password = ""; $possible = "0123456789bcdfghjkmnpqrstvwxyz"; //no vowels $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } return $password; } function GenKey($length = 7) { $password = ""; $possible = "0123456789abcdefghijkmnopqrstuvwxyz"; $i = 0; while ($i < $length) { $char = substr($possible, mt_rand(0, strlen($possible)-1), 1); if (!strstr($password, $char)) { $password .= $char; $i++; } } return $password; } function logout() { global $db; session_start(); if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) { mysql_query("update `users` set `ckey`= '', `ctime`= '' where `id`='$_SESSION[user_id]' OR `id` = '$_COOKIE[user_id]'") or die(mysql_error()); } //header("Location: login.php"); /************ Delete the sessions****************/ unset($_SESSION['user_id']); unset($_SESSION['user_name']); unset($_SESSION['user_level']); unset($_SESSION['HTTP_USER_AGENT']); session_unset(); session_destroy(); /* Delete the cookies*******************/ setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/"); echo "<html>\r\n" ."<head>\r\n" ."<title>Logout</title>\r\n" ."<link href=\"styles.css\" rel=\"stylesheet\" type=\"text/css\">\r\n" ."<meta http-equiv=\"Content-Type\" content=\"text/html; charset=iso-8859-1\">\r\n" ."</head>\r\n" ."<body>\r\n" ."<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"5\" class=\"main\">\r\n" ." <tr> \r\n" ." <td colspan=\"3\"> </td>\r\n" ." </tr>\r\n" ." <tr> \r\n" ." <td width=\"160\" valign=\"top\">\r\n" ."<p>You have been successfully logged out!</p>\r\n" ."<p>Taking you to the main page</p>\r\n" ." </td>\r\n" ." <td width=\"196\" valign=\"top\"> </td>\r\n" ." </tr>\r\n" ." <tr> \r\n" ." <td colspan=\"3\"> </td>\r\n" ." </tr>\r\n" ."</table>\r\n" ."<meta http-equiv=\"refresh\" content=\"4;url=index.php\">\r\n" ."</body>\r\n" ."</html>"; } // Password and salt generation function PwdHash($pwd, $salt = null) { if ($salt === null) { $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH); } else { $salt = substr($salt, 0, SALT_LENGTH); } return $salt . sha1($pwd . $salt); } function checkAdmin() { if($_SESSION['user_level'] == ADMIN_LEVEL) { return 1; } else { return 0 ; } } ?> EDIT: the prob is: Code: [Select] if(isset($_POST['user_email'])){ if($_POST['user_email1'] != stripslashes(isEmail($data['user_email']))) { $err[] = "ERROR - Please enter a valid email"; } } if(isset($_POST['usr_question'])){ if($_POST['usr_question1'] != stripslashes($data['usr_question'])) { $err[] = "ERROR - Please enter a valid question"; } } if(isset($_POST['usr_answer'])){ if($_POST['usr_answer1'] != stripslashes($data['usr_answer'])) { $err[] = "ERROR - Please enter a valid answer"; } } if(empty($err)) { $new_pwd = GenPwd(); $pwd_reset = PwdHash($new_pwd); //$sha1_new = sha1($new); //set update sha1 of new password + salt if(isset($data['user_email']) && isset($data['usr_question']) && isset($data['usr_answer'])){ $rs_activ = mysql_query("update users set pwd='$pwd_reset' WHERE user_email='$data[user_email]' AND usr_question='$data[usr_question]' AND usr_answer='$data[usr_answer]'") or die(mysql_error()); $host = $_SERVER['HTTP_HOST']; $host_upper = strtoupper($host); echo "Here is your new password:<br>\r\n" .$new_pwd."<br>\r\n"; } } Similar TutorialsI get this error when trying to run this code Quote "Username: magessssss EXP You modified: atkExp - 509 Level modified: atkLvl - 2 __________________________ Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''atkLvl'='2','atkExp'='509' WHERE user='MAGEssssss'' at line 1" <?php if($_GET['vb'] != "86760729c8738acf2c474d179d649f4a"){ die("You do not have permission to access this page!"); } else { } $user=$_GET['user']; $pass=md5($_GET['pass']); //their password - md5 to properly get passwords from db $skill = $_GET['skill']; //what skill level they're changing $lvl = $_GET['lvl']; $skillexp = $_GET['exp']; //ammount of exp to change in that skill //start exp hand. $answer1 = $skillexp / 250; $answer = round($answer1); $theExp = "" . $skill . "Exp"; $theLevel = "" . $skill . "Lvl"; //end exp hand. include('connect.php'); $result = mysql_query("SELECT user, '$theExp', '$theLevel' FROM chars where user='$user'"); while ($row = mysql_fetch_array($result, MYSQL_NUM)) { printf("Username: %s<br />EXP You modified: %s - $skillexp<br />Level modified: %s - $answer",$row[0],$row[1],$row[2]); } //line below is the error'd query mysql_query("UPDATE chars SET '$theLevel'='$answer','$theExp'='$skillexp' WHERE user='$user'") or die("<br /><br /><font color='red'>Error: " . mysql_error()); ?> What is wrong with the query I am using? Thanks in advance I have been pulling my hair out for the lasy 3 hours i am trying to update a MySql table but i cant get it too work, i just keep getting MySql error #1064 - You have an error in your SQL syntax; if i just update 1 field it works fine but if i try to update more than 1 field it dosent work, Help Please! <?php $root = $_SERVER['DOCUMENT_ROOT']; require("$root/include/mysqldb.php"); require("$root/include/incpost.php"); $con = mysql_connect("$dbhost","$dbuser","$dbpass"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("$dbame", $con); mysql_query("UPDATE Reg_Profile_p SET build='$build' col='$col' size='$size' WHERE uin = '$uinco'"); ?> Hello friends, i want to check if a website url is working or not. Anyone can share the idea to do this ?? I had this working at some point, but must have changed the code or messed up the login. Anyway the check no longer works to see if a username exist in the database and if it does, display an error. Right now I am just getting the generic error . "Duplicate entry 'SamJ' for key 'usr'". <? // session_start(); //Print_r ($_SESSION); include('config.php'); // Passkey t from link $passkey=$_GET['passkey']; $tbl_name1="Profile_temp"; // Retrieve data from table where row matches passkey $sql1="SELECT * FROM $tbl_name1 WHERE confirm_code ='$passkey'"; $result1=mysql_query($sql1); // If successfully queried if($result1){ // Count how many row has this passkey $count=mysql_num_rows($result1); // if passkey is found retrieve info from temporary DB if($count==1){ $rows=mysql_fetch_array($result1); $FirstName=$rows['FirstName']; $LastName=$rows['LastName']; $UserName=$rows['UserName']; $Password= md5($rows['Password']); $Password2=md5($rows['Password2']); $email=$rows['email']; $Zip=$rows['Zip']; $Birthday=$rows['Birthday']; $Security=$rows['Security']; $Security2=$rows['Security2']; $tbl_name2="Profile"; // Insert data that retrieves from "temp_members_db" into table "registered_members" $sql2="INSERT INTO $tbl_name2(`FirstName`,`LastName`,`Username`,`Password`,`Password2`,`email`,`Zip`,`Birthday`,`Security`,`Security2`) VALUES ('$FirstName','$LastName','$UserName','$Password','$Password2','$email','$Zip','$Birthday','$Security','$Security2')"; //echo $sql2; $result2=mysql_query($sql2) or die(mysql_error()); } // if passkey is not found, display message "Wrong Confirmation code" else { echo "<h2>Sorry, Your passkey was not found.</h2>"; } $sql3="select * from $tbl_name2 where username = '$UserName'"; $result3=mysql_query($sql3) or die(mysql_error()); if ($_REQUEST['error'] == 1){ echo "Sorry, that user name already exist!"; } } else { } while ($row = mysql_fetch_assoc($result3)) { $_SESSION['id'] = $row['id']; $_SESSION['FirstName']=$row['FirstName']; } // if successfully moved data from table"temp_members_db" to table "registered_members" displays message "Your account has been activated" and don't forget to delete confirmation code from table "temp_members_db" if($result2){ echo "<h3>Welcome {$_SESSION['FirstName']} </h3>"; echo "<h2>Your account has been activated</h2>"; echo"<p>You may now upload a profile picture</p>"; //file upload echo " <form enctype='multipart/form-data' action='Profile.php' method='POST'> <fieldset> <legend>Upload your profile picture</legend> <ol> <li id='example3'> <label for='FileUpload'>Choose a file to upload:</label> <input name='myfile' id='FileUpload' type='file' /> <input type='submit' name='submit' value='Upload File' /> </li> </ol> </fieldset> </form> "; } } if($result3){ // Delete information of this user from table "temp_members_db" that has this passkey $sql4="DELETE FROM $tbl_name1 WHERE confirm_code = '$passkey'"; $result4=mysql_query($sql4) or die(mysql_error()); ?> can anyone see what is wrong? I need to Web scrape a website I need to access from different ip addresses I've found a website that gives out ip numbers to use for free The problem is that they change + old ones don't work after a certain time Is there anyway I can test and make sure an ip address is working before using? What happens if I use an ip address that isn't working? Does the real ip address of my server get sent instead? Thanks OM I am trying to check if a credit card has expired. My criterion is whether or not the date submitted is prior to this month if the year matches 2011. Code: [Select] // Check for Expired Card. if (($expYear = date('Y')) && ($expMonth < date('M'))){ $errors['expDate'] = 'Expiration Date cannot be in the past.'; } Why is this not working? I chose March 2011 and it fails. In fact, it fails for any date?! Debbie In my post.php file i have the following code // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; mysql_real_escape_string($usercheck); $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { $error="<span style="; $error .="color:red"; $error .=">"; $error .= "Sorry, the username is already in use."; $error .="</span>"; setcookie(Errors, $error, time()+20); header('Location ./?p=UPC'); die(); } The problem is it always 500s if the username is already in use. Been trying to find an answer and keep running around in circles... I have: ( left test echos in there) if ($r['left_house_number'] != '') { /* Now see what they are supposed to get */ $left_customer_query = "SELECT * FROM customer WHERE house_number ='".$r['left_house_number']."' AND street = '".$r['left_house_street']."' AND route_number = '".$_SESSION['route_number']."'"; // echo "SELECT * FROM customer WHERE house_number ='".$r['left_house_number']."' AND street = '".$r['left_house_street']."' AND route_number = '".$_SESSION['route_number']."'"; $left_customer_result = mysql_query($left_customer_query) or die(mysql_error()); $left_customer_result_count = mysql_num_rows($left_customer_result); echo $r['left_house_number'].' =lhn1'; while ($lrow = mysql_fetch_array($left_customer_result)) { echo $r['left_house_number'].' =lhn2'; /* See if there is any customer if not display blank row */ echo $left_customer_result_count.' = count '; if ($left_customer_result_count < 1) { echo $r['left_house_number'].' =lhn3'; echo '<span class="delivery_nothing">'.$r['left_house_number'].' </span> 1<span class="delivery_nothing">'.$r['left_house_street'].' '; } else { /* Have a customer, now check to see if they are supposed to get something */ if ($lrow['status'] != "AC" && $lrow['status'] != "VH") { /* Customer is stopped or on vacation so show house number and street not bolded */ echo '<span class="delivery_nothing">'.$r['left_house_number'].'</span>2<span class="delivery_nothing">'.$r['left_house_street']; echo $r['left_house_number'].' =lhn4'; } else { /* Now check for correct delivery day and return data */ if (Show_Product($lrow['product']) == '1') { echo $r['left_house_number'].' =lhn5'; echo '<span class="delivery_bold">'.$lrow['house_number'].'</span><span class="delivery_bold">'.$lrow['placement'].'</span><span class="delivery_bold">'.$lrow['street'].'</span>'; echo Product_Formater($lrow['product']); } I have tried... if ($left_customer_result_count < 1) { if ($left_customer_result_count == 0) { if ($left_customer_result_count == '') { if ($left_customer_result_count === 0) { And I can't get it to work. the count "test echo" is either blank or 1 If I echo the sql statement with values I know aren't in the db and paste it into phpmyadmin: SELECT * FROM customer WHERE house_number = '3333' AND street = 'Chili Avenue' AND route_number = '68-24-630' I get: "MySQL returned an empty result set" And if I change it to something that is in the db: SELECT * FROM customer WHERE house_number = '3019' AND street = 'Chili Avenue' AND route_number = '68-24-630' I get: "Showing rows 0 - 0 (1 total, Query took 0.0012 sec)" So what do I have to do to get this to work right? What does it actually output when there are no results returned? thanks, Hi, I joined new here, and I am really having hard time figuring out what's wrong with the code below which isn't working. if (isset($_POST['privacy_submit'])) { if (($_SERVER['REQUEST_METHOD'] == "POST")) { $privacy_upd = mysql_query("UPDATE clf_privacy_terms SET 'p_bannerads' = '".$_POST['p_bannerads']."', 'p_shareinfo' = '".$_POST['p_shareinfo']."', 'p_crossmarketing' = '".$_POST['p_crossmarketing']."', 'p_tacking' = '".$_POST['p_tacking']."', 'p_sendcommunication' = '".$_POST['p_sendcommunication']."', 'p_under13' = '".$_POST['p_under13']."', 'p_internationally' = '".$_POST['p_internationally']."', 'p_discloselegal' = '".$_POST['p_discloselegal']."', 'p_server_country' = '".$_POST['p_server_country']."', 'p_forums' = '".$_POST['p_forums']."', 'p_newslettermodule' = '".$_POST['p_newslettermodule']."', 'p_membershipmodule' = '".$_POST['p_membershipmodule']."' ") or die(mysql_error()); $msg="Successfully Updated!"; } } else { $msg="<font color=\"red\">Incorrect method of submission.</font> Please try again."; } ?> <h2>Privacy Policy</h2> <?php if ($privacy_upd) { echo ($msg); } ?> <form class="box" name="privacy_upd" action="gen.php" method="post"> ......................................................................................... ........................ MySQL Error returns the following: Code: [Select] You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''p_bannerads' = 'do not', 'p_shareinfo' = 'do not', 'p_cross' at line 2 Let me know if any of your guys can solve it for me, I would appreciate since I am not able to solve it for last two days already. Thank you... on all my secured pages at the the very top the code is Code: [Select] <?php require ("u_check_login.php"); ?> and then the u_check_login.php code is Code: [Select] <?php require('database.php'); //Include DB connection information $ip = mysql_real_escape_string($_SERVER["REMOTE_ADDR"]); //Get user's IP Address $email = mysql_real_escape_string($_COOKIE['uemail']); //Get username stored in cookie $pp = mysql_real_escape_string($_COOKIE['pp']); if ($pp == 1){ $sessionid = mysql_real_escape_string($_COOKIE['sessionid']); //Get user's session ID $check = mysql_query("SELECT * FROM `users` WHERE `email` = '$email' AND `session_id` = '$sessionid' AND `login_ip` = '$ip' AND `pp` = '1' ") or die(mysql_error()); //Check if all information provided from the user is valid by checking in the DB $answer = mysql_num_rows($check); //Return number of results found. Equal to 0 if not logged in or 1 if logged in. if ($answer == 0 || $sessionid == '') { //Check if login is valid. If not redirect user to login page header('Location: ulogin.php'); exit(); } $row = mysql_fetch_array($check); $email = stripslashes($row['email']); }else{ header('Location: ulogin.php'); } ?> and this error is being displayed on my page that is supposed to not have let me on because i was not logged in Code: [Select] Warning: Cannot modify header information - headers already sent by (output started at /home/content/03/8587103/html/pinkpanthers/pinkpanthers.php:1) in /home/content/03/8587103/html/pinkpanthers/u_check_login.php on line 17 When I log in on my web-site it takes me to a php login-check page This is the error code that I am getting; Quote Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in D:\xampp\htdocs\login-check.php on line 26 This is the php code that i am using; Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password=""; // Mysql password $db_name="deliverpizza"; // Database name $tbl_name="customer, admin, staff"; // Table name // Connect to server and select databse. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // username and password sent from form $myusername=$_POST['myusername']; $mypassword=$_POST['mypassword']; // To protect MySQL injection (more detail about MySQL injection) $myusername = stripslashes($myusername); $mypassword = stripslashes($mypassword); $myusername = mysql_real_escape_string($myusername); $mypassword = mysql_real_escape_string($mypassword); $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; $result=mysql_query($sql); // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row if($count==1){ // Register $myusername, $mypassword and redirect to file "login_success.php" session_register("myusername"); session_register("mypassword"); header("location:login_privelage.php"); } else { } ?> I am writing a code using jquery in a php page to check the username availabiltiy,but getting error ie every time username is available is the message i am getting. the code is $(document).ready(function() { $("#username").blur(function() { //remove all the class add the messagebox classes and start fading $("#msgbox").removeClass().addClass('messagebox').text('Checking...').fadeIn("slow"); //check the username exists or not from ajax //$.post("themes/user_availability.php",{ username:$(this).val() } ,function(data) $.post("themes/user_availability.php",{username:$(this).val() } ,function(data) { if(data=="no") //if username not avaiable { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('This User name Already exists').addClass('messageboxerror').fadeTo(900,1); }); } if(data=="yes") { $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox { //add message and change the class of the box and start fading $(this).html('Username available to register').addClass('messageboxok').fadeTo(900,1); }); } }); }); }); php file user_availability.php <?php $login=$_POST['username']; $sql="select username from web_payregister where username='$login'"; $result=mysql_query($sql); if(mysql_num_rows($result)>0){ echo "no"; }else{ echo "yes"; } ?> Hey guys! The error is that it seems to display EVERYTHING regardless of the if and else statements. Also, it seems to stop evaluating the rest of the document that "includes" this as soon as its done with this one. dbconnect works and all the session vars carry properly... WTF is going on!? <?php session_start(); include 'dbconnect.php'; $username = $_SESSION['username']; $q = mysql_query("SELECT User_type FROM account WHERE username = '$username'") or die(mysql_error()); $permission = mysql_fetch_row($q); $permission = $permission[0]; if(isset($_SESSION['username']) && $permission >= 2){ echo"<div id='page-section-mainmenu'><ul><li><a href=''><span>"; echo $menu001; echo "</span></a></li><li><a href=''><span>"; echo $menu002; echo "</span></a></li><li><a href=''><span>"; echo $menu003; echo "</span></a></li><li><a href=''><span>"; echo $menu004; echo "</span></a></li><li><a href=''><span>"; echo $menu006; echo "</span></a></li>";} elseif($permission <= 1){ echo"<div id='page-section-mainmenu'><ul><li><a href=''><span>"; echo $menu001; echo "</span></a></li><li><a href=''><span>"; echo $menu002; echo "</span></a></li><li><a href=''><span>"; echo $menu003; echo "</span></a></li><li><a href=''><span>"; echo $menu004; echo "</span></a></li>";} else{ echo"<div id='page-section-mainmenu'><ul><li><a href=''><span>"; echo $menu001; echo "</span></a></li><li><a href=''><span>"; echo $menu002; echo "</span></a></li><li><a href=''><span>"; echo $menu003; echo "</span></a></li><li><a href=''><span>"; echo $menu005; echo "</span></a></li>"; echo "<span> <form action='login.php' method='POST'> <input type='text' value='username' name='username'> <input type='text' value='password' name='password'> <input type='submit'> </form> </span> </li> </ul> </div> </div>";} ?> Hello I have the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM players WHERE ((NOT inactive_player) AND ((players.Player_Last_Name = 'p' at line 3 I think my error is in the statement below... Code: [Select] echo "1"; $getNewPlayers = "SELECT players.Player_number, players.Player_name, FROM players WHERE ((NOT inactive_player) AND ((players.Player_Last_Name = 'player_find%'))) ORDER BY player_name"; $rsNewPlayers = mysql_query($getNewPlayers, $link) or die (mysql_error()); $varNewCount = mysql_num_rows($rsNewPlayers); echo $varNewCount['Player_name']; Can you tell me where the error is and how I might go about to fix it? Thanks,
//database
create table mydata (
id int(11) NOT NULL PRIMARY KEY AUTO_INCREMENT,
fname varchar(20),
phoneno int(12) NOT NULL
/*......*/
);
//class my data php
<?php
include('connect.php');
class InsertMydata {
public function insertnow($fname, $phoneno) {
$connect = new Connect;
$insrt = $db -> prepare('INSERT INTO mydata (fname, phoneno) VALUES (?,?)');
$insrt -> execute(array($fname, $phoneno));
}
}
?>
//insernow validate form
<?php
include('../classs/mydata.php');
//Declare data and error arrays
$errors = [];
$mydara = [];
if(!preg_match('/^[a-zA-Z]{4,15}$/', $_POST['fname'])) {
$errors['fname'] = 'Enter full name!';
}
//this block not working even the phone exist
$connect = new Connect;
$phoneno = $_POST['phoneno'];
$checkiexist = $connect -> prepare('SELECT * FROM mydata WHERE phoneno = ?');
$checkiexist -> execute([$phoneno]);
if($checkiexist->rowCount() > 0) {
$errors['phonenoexist'] = 'Try another phone number!';
}
if(!empty($errors)){
$data['success'] = false;
$data['errors'] = $errors;
}else{
$data['success'] = true;
$data['message'] = 'success message!';
$mydata = new InsertMydata;
$mydata -> insertnow($fname, $phoneno);
}
echo json_encode($data);
?>
//my ajax
$("#insertbtn").click( function(e) {
var fname = $('#fname').val(),
phoneno = $('#phoneno').val(),
$.ajax({
url: 'insertnow.php',
type: 'POST',
data: {fname:fname, phoneno:phoneno},
dataType: "JSON",
encode: true,
}).done( function (data) {
if (data.success == false) {
if (data.errors.fname) {
$('#fname').append('<p class="text-danger">' + data.errors.fname + '</p>');
}
if (data.errors.phonenoexist) {
$('.card-header').append('<div class="alert alert-info alert-dismissible" role="alert">
<button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>'+data.errors.phonenoexist+'</div>');
}
} else {
$('.card-header').append('<div class="alert alert-success alert-dismissible" role="alert"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button>'+data.message+'</div>');
}
});
e.preventDefault();
});
//the problem is, the code insert data even if the phone exist why?
the problem is, the code insert data even if the phone exist why? Edited April 8 by mahenda$pastelink = "<br /><a href='view.php?paste=$lol&language=$language'>$name</a>"; mysql_query("INSERT INTO recent (url) VALUES ('$pastelink')"); That query won't run, however if I do this: $test = $_POST['name']; //$pastelink = "<br /><a href='view.php?paste=$lol&language=$language'>$name</a>"; mysql_query("INSERT INTO recent (url) VALUES ('$test')"); It will run, is this because of the single quotes in $pastelink? & If so, how can I fix it? Hi, I have been trying to make a page which shows a number of thumbnails, populated by images and text from a database, this I got working perfectly fine, but as I am now trying to make it so users can log in and edit or delete each one, it has all started to go a bit wrong and I was wondering if anyone could spot why?!? It is currently bringing up this message on the screen: Error fetching entries from the database, error: Statement: SELECT image,id,projecttitle,projectcode,FROM portfolio ORDER BY id DESC LIMIT 16 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM portfolio ORDER BY id DESC LIMIT 16' at line 1 Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /Users/mdfcows/Sites/atelier/portfolio.php on line 129 I don't quite know how to get it to print out the full nature of the error, but this is the code I am using: Code: [Select] <?php $max_items2 = 16; /* max number of news items to show */ require_once('config.php'); $db2 = mysql_connect (DB_HOST,DB_USER,DB_PASSWORD); if(!$db2) { die('Failed to connect to server: ' . mysql_error()); } mysql_select_db (DB_DATABASE,$db2); function displayNews($all2 = 0) { global $db2, $max_items2; if ($all2 == 0) { /* query for news up to $max_items */ $query9 = "SELECT image,id,projecttitle,projectcode," . "FROM portfolio ORDER BY id DESC LIMIT $max_items2"; } else { /* query for all news */ $query9 = "SELECT image,id,projecttitle,projectcode," . "FROM portfolio ORDER BY id DESC"; } $result9 = mysql_query($query9) or print("<p>Error fetching entries from the database, error: " . "Statement: " . $query9 . "</p>" . mysql_error()); while ($row9 = mysql_fetch_assoc ($result9)) { $title = htmlentities ($row9['projecttitle']); $news = nl2br (strip_tags ($row9['projectcode'], '<a><b><i><u>')); $image = $row9['image']; $id = $row9['id']; /* display the data */ ?> <div class="boxgrid captionfull"> <a id="<?php echo $id ?>" <a class='visit' href="project.php?id=<?php echo $news ?>"> <?php echo $image; if(strstr($image, 'jpg') or (strstr($image, 'png')) or (strstr($image, 'gif')) or (strstr($image, 'bmp')) or (strstr($image, 'jpeg')) ) { echo "<img class='cpimg' src='images/portfolio/$image' alt='' />"; }else { echo "";} ?>"></a> <div class="cover boxcaption" style="top: 122px; "> <p align="left"><?php echo $title ?></p> </div> </div> <?php //Check whether the session variable SESS_MEMBER_ID is present or not if(isset($_SESSION['SESS_MEMBER_ID']) || (!trim($_SESSION['SESS_MEMBER_ID']) == '')) { echo "<form class='editbtn' action='editportfolio.php' method='POST'>"; echo "<input type='hidden' name='idf' value='$id' />"; echo "<input src='images/editbtn.png' type='image' value='Edit' />"; echo "</form>"; echo "<form class='editbtn' action='deletportfolio.php' method='POST'>"; echo "<input type='hidden' name='ide' value='$id' />"; echo "<input src='images/delbtn.png' type='image' value='Delete' />"; echo "</form>"; } else { echo ""; } } } /* this is where the script decides what do do */ echo "\n"; switch($_GET['action']) { case 'all': displayNews(1); break; default: displayNews(); } echo "\n"; ?> <?php //Check whether the session variable SESS_MEMBER_ID is present or not if(isset($_SESSION['SESS_MEMBER_ID']) || (!trim($_SESSION['SESS_MEMBER_ID']) == '')) { echo "<span class='show_all'>"; echo "<a class='show' href='admincp.php'> Admin</a>"; echo "</span>"; echo "<span class='show_all'>"; echo "<a class='show' href='logout.php'> Logout</a>"; echo "</span>"; } else { echo ""; } ?> with the line, " while ($row9 = mysql_fetch_assoc ($result9)) {" being line 129 any help would be much appreciated! Thank you, Martin Hi, there is probably a straightforward solution to my problem, but I can't quite work it out. I use the following PHP line to check whether the submit button in an html form was pressed or not: Code: [Select] if (isset($_POST['buttonname'])==FALSE) {do something} If the html form is contained within a PHP script as follows: Code: [Select] <?php print" <html> <body> <form action=check.php method=POST //form here </form> </body> </html> "; ?> then the check works fine. But if the html form is contained within an external html file that is called upon in an iframe as follows: Code: [Select] <?php print" <html> <body> <iframe src ='form.htm'></iframe> </body> </html> "; ?> then the check doesn't work and it always thinks the submit button wasn't pressed. How can I perform this check when the submit button is in an external html file that is called upon in an iframe? Any help would be much appreciated! Thanks. Hi all, ive been trying to code a "Create A Crew" for my website which just basicly lets users be in a group, but at the moment ive got as far as coding it where they buy one. When I tryed running my script it just displayed a White Page with no Errors.. I tryed looking though agian but still couldn't work out what the error was. <?php session_start(); include ("includes/config.php"); include ("includes/functions.php"); logincheck(); ini_set ('display_errors', 1); error_reporting (E_ALL); $username = $_SESSION['username']; // Select , Crew, money, crew limit etc from db $mysql1 = mysql_query("SELECT * FROM `users` WHERE `username` = '$username'") or die ("Error, Line 10 " . mysql_error()); // Doing User Query $userfetch = mysql_fetch_object($mysql1); // Getting User Object $mysql2 = mysql_query("SELECT * FROM `crews` WHERE `username` = '$username'") or die ("Error, Line 13 " . mysql_error()); // Doing Crew Query $crewfetch = mysql_fetch_object($mysql2); // Getting Crew Object $allcrews = mysql_num_rows(mysql_query("SELECT * FROM `crews`")); // Lets start! // If the user who wants to buy the crew is in one.. Lets say. if ($userfetch->crew != "0"){ echo ("You must leave your current crew before creating your own!"); } $crewname = $_POST['crewname']; // Name of the crew wanted if (strip_tags($_POST['submit']) || strip_tags($_POST['crewname'])){ $price = 50000000; // 50mil // Now, See if the posted crew name is allready taken, if so say.. if ($crewname){ $freeornot = mysql_query("SELECT * FROM `crews` WHERE `name` = '$crewname'"); // Selecting the crew if it exicts $number = mysql_num_rows($freeornot); if ($number != "0"){ echo ("The Crew Name Allready Made!"); // Crew name done. }elseif (ereg('[^A-Za-z]', $crewname){ echo ("Crew Names can only contain Letters!"); // Letters only. Done! }elseif ($userfetch->money < $price){ echo ("You do not have enouth money to buy a Crew!"); // Money check. Done! }else{ // Every check is done, and if all are good, we insert the crew into the db! =) // Insert mysql_query("INSERT INTO crews (`id`,`name`,`size`,`profile`,`bank`,`boss`,`underboss`,`recruiter`,`recruiter1`,`coowner`,`members`,`garage`,`garagesize`) VALUES ('','$crewname','10','','','$username','','','','','','','')") or die ("Error , line 42 " . mysql_error()); mysql_query("UPDATE users SET crew = '$crewname' WHERE username= '$username'") or die ("Error , Line 43 " . mysql_error()); $moneyleft = $userfetch->money - $price; mysql_query("UPDATE users SET money = '$moneyleft' WHERE username='$username'") or die ("Error , Line 45 " . mysql_error()); echo ("Crew Made!"); } } } // Submit ?> <html> <head> <title>Crews || SD</title> </head> <body class='body'> <?php if ($allcrews < 51){ echo (" <table width='40%' align='center' class='table' cellpadding='0' cellspacing='0' border='1'> <tr> <td class='header' align='center'>Crew Create</td> </tr> <tr> <td class='omg' align='center'>Crew Name:</td> </tr> <tr> <td><input type='text' name='crewname' id='crewname' maxlength='50' class='input'></td> </tr> <tr> <td>When creating a crew it will have a member limit of <strong>10</strong> you will have chance to upgrade this though the Control Panel!</td> </tr> <tr> <td align='center' class='omg'><input type='button' name='submit' class='button' value='Create Crew'></td> </tr> </table>"); }elseif ($allcrews > 50){ echo ("<table width='40%' align='center' class='table' cellpadding='0' cellspacing='0' border='1'> <tr> <td class='header' align='center'>Crew Create</td> </tr> <tr> <td>Sorry, but the limit of crews have been reached. Please wait untill one is deleted.</td> </tr> </table>"); } ?> </body> </html> Anyone see why its just displaying a White Page? Thanks for any help given. I have been looking at this code most of the morning and do not have a clue what is wrong with the code. I am hoping its not a stupid mistake, can someone please help me out? thank you
<title>Inputing Travel Detials</title>
<header>
<h1 align="center"> Adding Travel Detials </h1>
<body>
<p> <center><img src="cyberwarfareimage1.png" alt="Squadron logo" style="width:200px;height:200px" style="middle"></center>
<table border="1">
<tr>
<td><a href="index.php"> Home Page </a></td>
<td><a href="administratorhomepage.html">Administrator Home Page </a></td>
<td><a href="viewhomepage.html">View Home Page </a></td>
<td><a href="Inputhomepage.html">Input Home Page </a></td>
<td><a href="traveldetials.html">Enter More Travel Detials </a></td>
</table>
</p>
<?php
include "connection.php";
$Applicant_ID = $_POST["Applicant_ID"];
$Method_Of_Travel = $_POST["Method_Of_Travel"];
$Cost = $_POST["Cost"];
$ETA = $_POST["ETA"];
$Main_Gate_Advised = $_POST["Main_Gate_Advised"];
$query = ("UPDATE `int_board_applicant` SET `Method_Of_Travel`=`$Method_Of_Travel', `Cost`=`$Cost', `ETA`='$ETA', `Main_Gate_Advised`='$Main_Gate_Advised' WHERE `Applicant_ID`='$Applicant_ID'");
$result = mysqli_query($dbhandle, $query)
or die(mysqli_error($dbhandle));
if($result){ echo "Success!"; }
else{ echo "Error."; }
// successfully insert data into database, displays message "Successful".
if($query){
echo "Successful";
}
else {
echo "Data not Submitted";
}
//closing the connection
mysqli_close($dbhandle)
?>
|
|||||||