PHP - How To Avoid Overwritting Variable Value
Hello, I have a form that has a preview, before user can preview the form inputs he must login. If he is logedin, he can see preview and continue to editing form, but after user is finished with editing his values he is redirected to "preview" page for which he must be logged in. But the problem is that variables are "empty" after redirecting back to preview.
$_POST['email'] is received from login.php $_SESSION['code'] is 5 digit code generated at start, it isn't important in this issue. Here's the code: preview.php Code: [Select] $id_user= 0; $code = $_SESSION['code']; $email = $_POST['email']; $_SESSION['email_login'] = $email; So now you can see that $email and $_SESSION['email_login'] are empty because when redirecting from "editing" to preview $_POST['email'] can't be found... Similar TutorialsTrying to make my code more secure. This is what I currently have, which is not secure by any means: Code: [Select] $query1 = "SELECT COLUMN_NAME, DATA_TYPE, ORDINAL_POSITION, COLUMN_DEFAULT, CHARACTER_MAXIMUM_LENGTH, IS_NULLABLE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='$table'"; // Run PRO query $qresult1 = sqlsrv_query($dbPRO, $query1); if ($qresult1 === false) { exitWithSQLError('Retrieving schema failed.'); } This is how I changed it, Code: [Select] $query1 = "SELECT COLUMN_NAME, DATA_TYPE, ORDINAL_POSITION, COLUMN_DEFAULT, CHARACTER_MAXIMUM_LENGTH, IS_NULLABLE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=?"; $params = array(1, $table); // Run PRO query $qresult1 = sqlsrv_query($dbPRO, $query1, $params); if ($qresult1 === false) { exitWithSQLError('Retrieving schema failed.'); } but I'm getting this error: Code: [Select] SQL-Status: 22018 Code: 245 Message: [Microsoft][SQL Server Native Client 10.0][SQL Server]Conversion failed when converting the nvarchar value 'sysrscols' to data type int Please notice I am using sqlsrv_query function because my database engine is MS-SQL 2008. That's why I'm a bit confused. Most documentation online is pointed to MySQL. exitWithSQLError is a customized function of mine, so please ignore. Any help or hints is appreciated, Thanks, I'm just looking for some tips here. I am developing and selling an eccommerce shopping cart software package, and it has been received very well from the early adopters. There's just one small problem that prevents the software from being a truly out-of-the-box solution: the include path. Not all users have access to their php.ini file, and it's not always a php.ini file anyway. So this is something the installation is unable to set for the customer. I'm using object-oriented PHP5 stuff, so I have a folder named "classes" with all the relevant stuff in there. I am unable to search for paths to the folder and hard-code those into source files (there are ajax calls and other fun stuff; hard to know the exact relation to the path). I guess I could use set_include_path on the top of a bunch of files, but that is a small performance hit (and totally inelegant code). I could put the folder path in the database somewhere and query for it (and cache it so it's not a performance hit). None of this stuff seems good. The path seems like the best solution. Unless you have better ideas.... I'm learning functions and I'm working on a rating script. This is a small test script that works, you can try it out yourself: <?php // Rating System function while_test (){ $a = 1; $b = 4; $t_id = 1; global $likes; global $dislikes; global $con_id; while ($a++ <= $b){ echo "<center>"; echo "<table><tr><td>Table: </td></tr>"; echo "<tr><td>This is a table test </td></tr>"; echo "<tr><td><form action='' method='post'>"; echo "<button type='submit' name='likes' value='Y'>likes</button>"; echo "<button type='submit' name='dislikes' value='N'>dislikes</button>"; echo "<input type='hidden' name='hidden_id' value='" . $t_id . "' /></form></td></tr></table>"; echo "</center><br /><br />"; $t_id++; $likes = $_POST['likes']; $dislikes = $_POST['dislikes']; $con_id = $_POST['hidden_id']; } } while_test(); if ($likes) { echo "likes it: " . $likes . " con_id: " . $con_id; } elseif ($dislikes) { echo "dislikes it: " . $dislikes . " con_id: " . $con_id; } ?> I've gotten recommended before not use globals, because the projects would become unmanageable, and I'm wondering how would I be able to avoid using globals in this example? I'm able to in-ject variables through the parenthesis, but I'm not able to out-ject variables, if that makes sense. (?) At least it doesn't work for me. How would I use those three variables $likes, $dislikes and $con_id outside the function without setting them as globals, what would be good practice? I have a sorting functionality, the code is he <?php $select_category = $_REQUEST['sort_category']; $sort_date_var = $_REQUEST['sort_date']; $sort_submit = $_POST['sortSubmit']; // Connect to the database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); if (($select_category == 'All') || (!isset($select_category)) && (!isset($sort_date_var))) { // Retrieve the chosen category from MySQL $query = "SELECT * FROM con"; $data = mysqli_query($dbc, $query); //Loop through the array of data while ($row = mysqli_fetch_array($data)) { echo "<table class='knuffixTable'>"; // Display the score data echo "<tr><td class='knuffix_name'>"; echo "<strong>" . htmlentities($row['name']) . "</strong><br /></td></tr>"; echo "<tr><td class='knuffix_contribution'><pre>" . $row['contribution'] . "</pre><br /></td></tr>"; echo "<tr><td class='knuffix_categoryDate'>" . $row['category'] . " | " . date('M d, Y', strtotime($row['contributed_date'])) . " </td></tr>"; echo "</table>"; } mysqli_close($dbc); } elseif (isset($select_category) && !isset($sort_date_var)) { // Retrieve the chosen category from MySQL $query = "SELECT * FROM con WHERE category = '$select_category'"; $data = mysqli_query($dbc, $query) or die (mysqli_error($dbc)); //Loop through the array of data while ($row = mysqli_fetch_array($data)) { echo "<table class='knuffixTable'>"; // Display the score data echo "<tr><td class='knuffix_name'>"; echo "<strong>" . htmlentities($row['name']) . "</strong><br /></td></tr>"; echo "<tr><td class='knuffix_contribution'><pre>" . $row['contribution'] . "</pre><br /></td></tr>"; echo "<tr><td class='knuffix_categoryDate'>" . htmlentities($row['category']) . " | " . date('M d, Y', strtotime($row['contributed_date'])) . " </td></tr>"; echo "</table>"; } mysqli_close($dbc); } elseif (!isset($select_category) && isset($sort_date_var)) { // Retrieve the chosen category from MySQL $query = "SELECT * FROM con ORDER BY contributed_date $sort_date_var"; $data = mysqli_query($dbc, $query) or die (mysqli_error($dbc)); //Loop through the array of data while ($row = mysqli_fetch_array($data)) { echo "<table class='knuffixTable'>"; // Display the score data echo "<tr><td class='knuffix_name'>"; echo "<strong>" . htmlentities($row['name']) . "</strong><br /></td></tr>"; echo "<tr><td class='knuffix_contribution'><pre>" . $row['contribution'] . "</pre><br /></td></tr>"; echo "<tr><td class='knuffix_categoryDate'>" . htmlentities($row['category']) . " | " . date('M d, Y', strtotime($row['contributed_date'])) . " </td></tr>"; echo "</table>"; } mysqli_close($dbc); } elseif (isset($select_category) && isset($sort_date_var)) { // Retrieve the chosen category from MySQL $query = "SELECT * FROM con WHERE category = '$select_category' ORDER BY contributed_date $sort_date_var"; $data = mysqli_query($dbc, $query) or die (mysqli_error($dbc)); //Loop through the array of data while ($row = mysqli_fetch_array($data)) { echo "<table class='knuffixTable'>"; // Display the score data echo "<tr><td class='knuffix_name'>"; echo "<strong>" . htmlentities($row['name']) . "</strong><br /></td></tr>"; echo "<tr><td class='knuffix_contribution'><pre>" . $row['contribution'] . "</pre><br /></td></tr>"; echo "<tr><td class='knuffix_categoryDate'>" . htmlentities($row['category']) . " | " . date('M d, Y', strtotime($row['contributed_date'])) . " </td></tr>"; echo "</table>"; } mysqli_close($dbc); } ?> With this code I'm able to: - showcase every category by DEFAULT when someone comes to the page. - sort only by category, - sort only by date, - sort by category AND date, The problem is as you can see I have a lot of duplicate code, if I for example want to change the table that is being printed out, I have to change it on all of them. I'd like to ask how I could avoid this duplicate code. Can I for example just have the table ONE TIME at a separate place and then insert the REFERENCE _after_ the query in each if statement? Like this: if (($select_category == 'All') || (!isset($select_category)) && (!isset($sort_date_var))) { // Retrieve the chosen category from MySQL $query = "SELECT * FROM con"; $data = mysqli_query($dbc, $query); table_here(); } elseif (isset($select_category) && !isset($sort_date_var)) { // Retrieve the chosen category from MySQL $query = "SELECT * FROM con WHERE category = '$select_category'"; $data = mysqli_query($dbc, $query) or die (mysqli_error($dbc)); table_here(); } I'm just coding since 2 month so I don't know how do it, maybe I can do it with functions? I've tried doing it with functions, but I got an error since the function doesn't contain any query statement and only the table because it was trying to fetch. it looked like this: function table_here () { //Loop through the array of data while ($row = mysqli_fetch_array($data)) { echo "<table class='knuffixTable'>"; // Display the score data echo "<tr><td class='knuffix_name'>"; echo "<strong>" . htmlentities($row['name']) . "</strong><br /></td></tr>"; echo "<tr><td class='knuffix_contribution'><pre>" . $row['contribution'] . "</pre><br /></td></tr>"; echo "<tr><td class='knuffix_categoryDate'>" . $row['category'] . " | " . date('M d, Y', strtotime($row['contributed_date'])) . " </td></tr>"; echo "</table>"; } mysqli_close($dbc); } Array ( [0] => Virender Sehwag|||http://abc.xyz.com/Virender-Sehwag [1] => Sachin Tendulkar|||http://abc.xyz.com/Sachin-Tendulkar ) foreach($array as $arr) { $topics=explode ('|||', $array); echo '<li>' .'<a rel="nofollow" target="_new" href="'.$topics[1].'"><span class="title">'.html_entity_decode($topics[0], ENT_NOQUOTES, "UTF-8").'</span></a>|</li>'; How to avoid '|' for the last element of any aaray. Also if array contains only 1 element '|' should not appear. For eample, In the browser it should display as "Virender Sehwag | Sachin Tendulkar". If the array contains only 1 element then, In the browser it should display as Virender Sehwag if array contains 3 elements, Virender Sehwag | Sachin Tendulkar | someword Hello Everyone, I m making an attendance application. I have an issue with following code, Code: [Select] <?php session_start(); require_once("conf.php"); mysql_select_db('site'); $subjects=$_GET['sublen']; $username=$_SESSION['user']; for($i=1;$i<=$subjects;$i++) { $subject=$_GET[',Sub'.$i]; $query="INSERT INTO Subjects(id,Subjects,User,Classs) VALUES($i,'$subject','$username','F.Y.B.Sc')"; $true=mysql_query($query) or die("Cannot Store subjects".mysql_error()); } ?> <html> <head> <link href="../css/style.css" type="text/css" rel="stylesheet" /> <script type="text/javascript" src="../js/jquery.js"></script> </head> <body> <div id="main"> <div id="logo"> KiMi... </div> <div id="header"> <ul> <li><a href="index.html">Home</a></li> <li><a href="php/subjectsTable.php">Create Subjects</a></li> <li><a href="html/form.html">Contact Us</a></li> <li><a href="html/register.php">Register!</a></li> </ul> </div> <div id="nav"> </div> <div id="content"> <?php if($true) { echo "<div id='dynamicDiv'>"; echo "<div> Subjects stored Successfully!</div></br></br>"; $query="SELECT * FROM Subjects Where User='$username'"; $result=mysql_query($query) or die("Cannot Fetch Data"); echo "<table id='table'>"; echo "<tr><td> </td><td>Subjects</td><td>Class</td></tr>"; while($row=mysql_fetch_array($result)) { echo "<tr><td><input type='checkbox' name='box[]'/> </td>"; echo "<td>"; echo $row['Subjects']; echo "</td>"; echo "<td>"; echo $row['Classs']; echo "</td>"; echo "</tr>"; } echo "</table>"; echo "</div>"; } ?> </div> <div id="footer"> © Copyright Amit K. Goda 2011-2012 </div> </div> </body> </html> In the above code i m storing data into database which has been passed into $_GET array. The Code is this Quote <?php session_start(); require_once("conf.php"); mysql_select_db('site'); $subjects=$_GET['sublen']; $username=$_SESSION['user']; for($i=1;$i<=$subjects;$i++) { $subject=$_GET[',Sub'.$i]; $query="INSERT INTO Subjects(id,Subjects,User,Classs) VALUES($i,'$subject','$username','F.Y.B.Sc')"; $true=mysql_query($query) or die("Cannot Store subjects".mysql_error()); } ?> the data is stored but the issue is, since i have data coming in $_GET array when i reload my page the same data is stored again inmy database. So any suggesstions how can i avoid that??? Any Help will be highly appreciated 1 - I am using phpmailer to send an email to a people without defining the $headers = 'From:" , so the From section of the email is showing default server aekcom@xenon.sfdns.net , the email didn't go to Junk box, I am so happy. 2 - Then I apply $headers .= 'From: Pflik <admin@pflik.com>'; on the php mailer now. The email go to Junk box now. I am sad. My question : How do I change the default email server of my hosting aekcom@xenon.sfdns.net into admin@pflik.com ? If I can change it, then the email won't go to junk box anymore. Hi guys, first of all, sorry for my bad english I have a question, As title, how can i avoid html tags in a text passed by $_POST method? htmlentities() is one way, i think, but... there's another way to avoid me to use that? I don't like to decode again every text! Edit: is strip_tags(); good for this purpose? Hello, I never really gave a serious thought to the above question until now that I'm trying to actually launch a live site. Well I'm sure most of you are familiar with this situation, where a user my enter a wrong, non existent url, whose root happens to be your domain name. For example, instead of entering domain.com/greetings, the user may wrongly type domain.com/grewtings . How can I make my site to redirect such erroneous urls to my homepage, instead of to my webhost's homepage with an error message? Appreciate all answers. Hi, Does anyone know why session variables might disappear after a form submits data to a third party site (salesforce), which then redirects to the ThankYou page on the original site? Both the form page and the thankyou page have session_start(); at the top. It works fine if I process the form locally, but now I'm supposed to have Salesforce's site process the form, but my thankyou page still needs to read the cookies from the form page in order to display some dynamic links in the text. But now when the thankyou page appears, the session variables seem to have been destroyed. I have a query that gets staff on a particular day then performs a while loop selecting each member that works on that day and the times they work between. I have a for loop in that while loop that lists apointment times for each staff member every 15mins between the times they work, this works fine. I then have in the for loop a while loop that checks for existing appontments in the appointment table and changes the appointment slot for times that are booked to booked. I have found though that the second while loops causes doubling of results when an appointment is found, so I need to work out how to restructure this code so that i dont get the doubling effect of result. you can see the result of the script here http://justrelax.net.au/datetest.php and the code that causes the problem is // convert to US format $input="$month/$day/$year"; // readable date $readDATE="$day/$month/$year"; // convert for mysql date $sqlDATE="$year-$month-$day"; // get day of the week $weekday=date(l, strtotime($input)); echo $weekday."<br/>"; // get working staff from staff table $staffSQL=mysql_query("SELECT * FROM staff WHERE ".$weekday." != 'off' AND onLEAVE='no' AND ACTIVE='yes' ORDER BY staffID ASC"); // return results putenv("TZ=Australia/Adelaide"); while ($staff=mysql_fetch_array($staffSQL)) { $name=$staff['staffNAME']; $avail=$staff[$weekday]; $staffID=$staff['staffID']; list($first, $last)=explode(" ", $name); list($in, $out)=explode("-", $avail); $firstTIME="$sqlDATE $in:00"; $lastTIME="$sqlDATE $out:00"; echo "$first is available between $avail on $weekday<br/>"; $in2=strtotime($firstTIME); $out2=strtotime($lastTIME); $stop=$out2-900; echo $in2." - time start - $firstTIME<br/>"; echo $out2." - time finish - $lastTIME<br/>"; for ($inc=$in2;$inc<=$stop;$inc+=900) { $existSQL=mysql_query("SELECT * FROM appointment WHERE date='$sqlDATE' AND staffID='$staffID'"); if (mysql_num_rows($existSQL)>=1) { while ($appointV=mysql_fetch_array($existSQL)) { $resSTART=$appointV['dateTIME']; $length=$appointV['totalTIME']; $resEND=$resSTART+($length*60); if ($inc>=$resSTART && $inc<=$resEND) { echo "Appointment time is ".date("g.i a", $inc)." <font color='red'><< $first BOOKED</font><br/>"; } else if ($inc<$resSTART || $inc>$resEND) { echo "Appointment time is ".date("g.i a", $inc)." <font color='green'><< $first AVAILABLE</font><br/>"; } } } if (mysql_num_rows($existSQL)==0) { echo "Appointment time is ".date("g.i a", $inc)." <font color='green'><< $first AVAILABLE</font><br/>"; } } } could really use some help on this I have been trying different things for a few days now. I have a remote XML file that I try to parse automatically every x minutes. The problem is that it's a bit unstable, so sometimes file_get_contents() times out, other times SimpleXMLElement() fails. I get a few max execution time exceeded (30 sec) every day. Is it possible to return from a function after x seconds, or similar? How can I avoid this? I am very new to error handling. I have also tried using try, but there are other problems (like execution time), and I might be using try wrong, because it still gives errors. A basic example of what fails: Code: [Select] $x = file_get_contents("http://www.example.com/rss.xml"); $r = @new SimpleXMLElement($x); Hello, guys. I'm using the following code to send me an automated mail in case the user find a broken link. But there are 2 problems: 1) after submitting I'd rather not disrupt their game by refreshing the page. So, is there any way to send mail without the post refreshing? 2) if the user hits F5, the page reloads and the code runs again, sending two or more times the same email. How can I avoid duplicated emails caused by manual browser refresh? (the most important solution currently is how to to avoid duplicated entries, in case an ajax solution is too hard to post here.) <form name="fbrlink" action="<?= $_SERVER['PHP_SELF']."?page=ok" ?>" method="post"> <?php echo('<input name="sbrlink" id="B1" type="button" value="broken Link?" style="border:none; background-color:#FFFFFF; font-family:Trebuchet MS; font-size:15px; font-weight:bold; color:#1A4877; cursor:pointer; display:block; text-decoration:underline;" onclick="this.form.submit();"/>'); ?> <?php if ($_SERVER['REQUEST_METHOD'] == 'POST') { if ($_SERVER['QUERY_STRING'] == 'page=ok') { echo '<script type="text/javascript" >confirm("Click OK to notify us.");</script>'; mail("contact@ctt.net","report broken link","Game notified:MarioBros"); echo '<script type="text/javascript" >document.fbrlink.sbrlink.disabled = true;</script>'; ?> <script type="text/javascript" >document.fbrlink.action='<?php echo $a; ?>'; alert('<?php $_SERVER['QUERY_STRING'];?>'); </script> <?php } else {} }else{ } ?> When I submitted my Form & refresh then browser resend all data again into database, So anybody know any solution of this to avoid data resend after refreshing browser.. I make a php application , it has a lot of forms. I want to avoid someones post like ?> or </html> . How can i make it. The Script:
<h1>Do Add a Message to the MySQL Database</h1> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST"> <textarea name="message"></textarea> <br/> <input type="submit" name="submit"/> </form> <?php // The Connection to the Database // Taken Out ?> <?php // To insert the text data into the MySQL database. if(isset($_POST['submit'])){ $tqs = "INSERT INTO messages (`message`) VALUES ('{$_POST['message']}')"; $tqr = mysqli_query($dbc, $tqs) or die(mysqli_error($dbc)); } ?> <?php // To select the text data from the MySQL database. $tqs = "SELECT * FROM messages"; $tqr = mysqli_query($dbc, $tqs); // To print out the text data inside of table on the page. echo "<h1>This Is Where the Messages Gets Printed on Screen</h1>"; echo "<table><tr><td>ID</td><td>The Message</td></tr>"; while($row = mysqli_fetch_assoc($tqr)){ echo "<tr><td>" . $row['id'] . "</td><td>" . $row['message'] . "</td></tr>"; } echo "</table>"; ?>1. When I have added text with the form to the MySQL database... 2. ... and I have clicked on "page reload" in Firefox to reload the page... 3. ... then the before submitted text gets submitted again to the MySQL database. So basically, add text with the form to the MySQL database, reload the page in Firefox, and the before added text will get submitted to the MySQL database again. My Question Is: What is the proper way to avoid this? Edited by glassfish, 06 October 2014 - 10:18 AM. I use foreach to echo a list of tags come out of an array as Code: [Select] foreach ($array as $tag) { echo "$tag,"; }This produces "tag1,tag2,tag3,". The problem is the last ",". How to tell the foreach loop to avoid including "," after the last sequence? i have a file connection.php, that contains functions to connect and disconnect from database. the functions are as follows: Code: [Select] <?php //connection.php file function connect() { $con = mysql_connect("localhost","abcd","123456"); if(!$con) die ('Error! could not connect to data to add data'); return $con; } function disconnect($con) { mysql_close($con); } ?> I my intent is to use these functions whenever i would need to connect to database. When i include this file, using include() or require(). I get the warning message, and the page does not redirect to the next page. For example I have created a login page that accepts username and password. The data from this form is "processed" in a login_proc.php file, that redirects the browser to home.php or loginerror.php. But instead of working as I desire, PHP stops with a warning stating the following. Code: [Select] Warning: Cannot modify header information - headers already sent by (output started at /home1/mintoo/public_html/bew_system/login_proc.php:5) in /home1/mintoo/public_html/bew_system/login_proc.php on line 20 How do I avoid this warning? This is the code in login_proc.php for your reference Code: [Select] <?php //login_proc.php include 'resources/connection.php'; $con= connect(); ob_flush(); $uname = mysql_real_escape_string(strip_tags(substr($_POST['uname'],0,30))); $pass = mysql_real_escape_string(strip_tags(substr($_POST['pwd'],0,30))); $query = "select userid from mintoo_db1.tbl_users where userid='$uname' and password='$pass'"; $result = mysql_query($query); $nofrows = mysql_num_rows($result); disconnect($con); if($nofrows == 0) echo '<h2>Incorrect Username or Password</h2><br/><a href="login.php">Try again</a>'; else if($nofrows == 1) header("location: home.php"); else echo '<h2><u> Error-001:</u>An unexpected error has occured. Please go back and try again after some time or contact system administrator</h2>'; ?> EDIT: Solved it Made the following changes to login_proc.php Code: [Select] <?php ob_start(); include 'resources/connection.php'; $con= connect(); $uname = mysql_real_escape_string(strip_tags(substr($_POST['uname'],0,30))); $pass = mysql_real_escape_string(strip_tags(substr($_POST['pwd'],0,30))); $query = "select userid from mintoo_db1.tbl_users where userid='$uname' and password='$pass'"; $result = mysql_query($query); $nofrows = mysql_num_rows($result); disconnect($con); if($nofrows == 0) echo '<h2>Incorrect Username or Password</h2><br/><a href="login.php">Try again</a>'; else if($nofrows == 1) { header("location: home.php"); } else echo '<h2><u> Error-001:</u>An unexpected error has occured. Please go back and try again after some time or contact system administrator</h2>'; ob_flush(); ?> I'm using paypal PDT, so when the user has made payment he gets directed back to my site, on that page it executes a special sql query. I noticed I can refresh the page to make duplicate sql queries. How can I avoid this?? Ok first of all i have this code at the final of my insert and update code.
if (!mysql_query($sql,$conn)) { die('Error: ' . mysql_error($conn)); } else{ header("Location: finalmsj.php?finalmsj=".$hiwu.""); } mysql_close($conn); } |