PHP - Grab Ip Address From Url - Prevent Sql Injection
I have the following code ($c2 is my connection variable):
Code: [Select] $host = $_GET['host']; $loginQuery = mysql_query("SELECT * FROM sessions WHERE hostname LIKE '". $host ."' ORDER BY id DESC", $c2) or print(mysql_error()); In the URL, someone were to put host=127.0.0.1', they would have an error message spit out to them (something along the lines of: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''127.0.0.1'' ORDER BY id DESC' at line 1), indicating a SQL Injection exploit. How would I go about fixing this, and also preventing SQL Injection? Thanks a bunch, Mark Similar TutorialsBased on the comments on my previous question, took some tutorials on how to avoid injections on query. Does the code below prevents against it in any way.? Secondly, can you recommend a good article that writes well in how to secure input data by users. Please be kind with your comments.😉😉. Thankks in advance.
The code works fine. <?php include 'db.php'; error_reporting(E_ALL | E_WARNING | E_NOTICE); ini_set('display_errors', TRUE);  if(isset($_POST['submit']))  {     $username = $_POST['username']; $password =  ($_POST['password']); $sql = "SELECT * FROM customer WHERE username = ?"; $stmt = $connection->prepare($sql); $stmt->bind_param('s', $username); $stmt->execute(); $result = $stmt->get_result(); $count =  $result->num_rows;   if($count == 1)              { while ($row = $result->fetch_assoc())  {   if ($row['status'] == 'blocked')  {  echo'your account is suspended'   session_destroy();   exit();  }  else if($row['status'] == 'active') { if($username !== $row['username'])  { echo '<script>swal.fire("ERROR!!", " Username is not correct. Check Again", "error");</script>'; } if($password !== $row['password']) {  echo'<script>swal.fire("ERROR!!!", "Your Password is Incorrect. Check Again.", "error");</script>';     } if($username == $row['username'] && $password == $row['password']) { header('Location:cpanel/'); else { } }//if count }//while loop }//submit ?>  Will this prevent a SQL injection? I am guessing the answer is no because it is too simple. // retrieve form data ========================================== $ama = $_POST['ama']; // Check for alphanumeric characters ===================================== $string = "$ama"; $new_string = preg_replace("/[^a-zA-Z0-9\s]/", "", $string); // echo $new_string; // Send query =========================================================== $query = "SELECT * FROM members WHERE ama='$new_string'"; if (!mysql_query($query)){ die('Error :' .mysql_error()); } Our admin panel for a gaming community was recently hit by a successful MySQL injection attack. Here are the parameters they entered into forms to gain access. Code: [Select] ${99319+100354} Code: [Select] <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE acunetix [ <!ENTITY acunetixent SYSTEM "http://testphp.vulnweb.com/dot.gif"> ]> <xxx>&acunetixent;</xxx> Not sure which one worked, or how they even managed to POST to that page. But how do these two strings work? What do they do? $_POST['user_name'] = "CLUEL3SS"; $_POST['user_pass'] = "test123"; $_POST['confirm_pass'] = "test123"; $_POST['user_email'] = "user@email.com"; $_POST['confirm_pass'] = 'user@email.com'; function testFunc($inputVars){ foreach($inputVars as $key=>$value){ $escapeData[$key] = mysql_real_escape_string($value); } return $escapeData; } var_dump(testFunc($_POST)); I'm trying to make a user system for my site and I want to make sure its secure enough to void off injection attackers. Any useful advice and and suggestions would be greatly appreciated! Thanks! shouldnt this add a ip address into my data base on row "login_ip"? does putting that = sign between the two saying for it to add it? I appreciate if anyone can help me with this Code: [Select] if(empty($row['login_ip'])){ $row['login_ip'] = $_SERVER['REMOTE_ADDR'];} Hello, I have a syntax error on line 203 that is causing my code NOT work. Could someone please look at it and tell me what is wrong & more important how to fix it? Below is what I am getting. This " ~ " is server path info " Parse error: syntax error, unexpected $end in /~ /~ /~ /phptestform/real_form_processing.php on line 203" Also, how do I prevent "header injection", to keep my mail form from being open to abuse by spammers? thanks mrjap1 Code: [Select] <?php # Script if (isset($_POST['submit'])) { // Handle the form. // Register the user in the database. require_once ('mysql_connect_page.php'); // Connect to the db. // Create a function for escaping the data. function escape_data ($data) { global $dbc; // Need the connection. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysql_real_escape_string($data, $dbc); } // End of function. $message = NULL; // Create an empty new variable. // Check for a first name. if (empty($_POST['first_name'])) { $fn = FALSE; $message .= '<p>You forgot to enter your first name... its Required!</p>'; } else { $fn = escape_data($_POST['first_name']); } // Check for a last name. if (empty($_POST['last_name'])) { $ln = FALSE; $message .= '<p>You forgot to enter your last name... its Required!</p>'; } else { $ln = escape_data($_POST['last_name']); } // Check for an email address. if (empty($_POST['email'])) { $e = FALSE; $message .= '<p>You forgot to enter your email address... its Required!</p>'; } else { $e = escape_data($_POST['email']); } // Check for a address. if (empty($_POST['address'])) { $u = FALSE; $message .= '<p>You forgot to enter your address... its Required!</p>'; } else { $u = escape_data($_POST['address']); } // Check for a country. if (empty($_POST['country'])) { $u = FALSE; $message .= '<p>You forgot to enter your country... its Required!</p>'; } else { $u = escape_data($_POST['country']); } if ($salutation && $first_name && $last_name && $address && $city && $state_province && $zip_code && $email && $zip_code && $newsletter && $registration_date ) { // If everything's OK. $query = "SELECT id FROM visitors WHERE address='$address'"; $result = @mysql_query ($query); // Run the query. if (mysql_num_rows($result) == 0) { // Make the query. This code is what you will use to prevent duplicate of usernames $query = "INSERT INTO `mrjap1_database`.`visitors` (`id` , `salutation` , `first_name` , `last_name` , `address` , `city` , `state_province` , `zip_code` , `country` , `email` , `newsletter` , `registration_date`) VALUES ( NULL , '$_POST[salutation]', '$_POST[first_name]', '$_POST[last_name]', '$_POST[address]', '$_POST[city]', '$_POST[state_province]', '$_POST[zip_code]', '$_POST[country]', '$_POST[email]', '$_POST[newsletter]', '$_POST[registration_date]' , NOW() )"; $result = @mysql_query ($query); // Run the query. if ($result) { // If it ran OK. exit(); // Quit the script. } else { // If it did not run OK. $message = '<p>You could not be registered due to a system error. We apologize for any inconvenience.</p><p>' . mysql_error() . '</p>'; } mysql_close(); // Close the database connection. } else { $message .= '<p>Please try again.</p>'; } } // End of the main Submit conditional. // Print the error message if there is one. if (isset($message)) { echo '<font color="red">', $message, '</font>'; } ?> <?php // ALL THE SUBJECT and EMAIL VARIABLES $emailSubject = 'MY TEST EMAIL SCRIPTING!!! '; $webMaster = 'myemailaddress@gmail.com'; // GATHERING the FORM DATA VARIABLES $salutation = $_POST['salutation']; $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $address = $_POST['address']; $city = $_POST['city']; $state_province = $_POST['state_province']; $zip_code = $_POST['zip_code']; $country = $_POST['country']; $email = $_POST['email']; $newsletter = $_POST['newsletter']; $registration_date = $_POST['registration_date']; $date = date ("l, F jS, Y"); $time = date ("h:i A"); $body = <<<EOD <br /><hr><br /> <strong>Salutation: </strong>$salutation <br /> <strong>First Name:</strong>$first_name <br /> <strong>Last Name: </strong>$last_name <br /> <strong>Address: </strong>$address <br /> <strong>City: </strong>$city <br /> <strong>State_Province: </strong>$state_province <br /> <strong>Zip Code: </strong>$zip_code <br /> <strong>Country: </strong>$country <br /> <strong>Email:</strong> $email <br /> <strong>Zip Code:</strong> $zip_code <br /> <strong>Newsletter:</strong> $newsletter <br /> <strong>Registration Date:</strong> $date at $time <br /> EOD; // THIS SHOW ALL E-MAILED DATA, ONCE IN THE E-MAILBOX AS READABLE HTML $headers = "From: $email\r\n"; $headers .= "Content-type: text/html\r\n"; $success = mail($webMaster, $emailSubject, $body, $headers); // THE RESULTS OF THE FORM RENDERED AS PURE HTML $theResults = <<<EOD <!DOCTYPE HTML> <html lang="en"> <head> <style type="text/css"> body { font-family:Arial, Helvetica, sans-serif; font-size:11px; font-weight:bold; } #thankyou_block { width: 400px; height: 250px; text-align:center; border: 1px solid #666; padding: 5px; background-color: #0CF; border-radius:8px; -webkit-border-radius:8px; -moz-border-radius:8px; -opera-border-radius:8px; -khtml-border-radius:8px; box-shadow:0px 0px 10px #000; -webkit-box-shadow: 0px 0px 10px #000; -moz-box-shadow: 0px 0px 10px #000; -o-box-shadow: 0px 0px 10px #000; margin: 25px auto; } p { font-family: Arial, Helvetica, sans-serif; font-size: 14px; line-height: 18px; letter-spacing:1px; color: #333; } </style> <meta charset="UTF-8"> <title>THANK YOU!!!</title> </head> <body> <div id="thankyou_block"> <br><br><br> <h1>CONGRATULATIONS!!</h1> <h2>YOUR FORM HAS BEEN PROCESSED!!!</h2> <p>You are now registered in our Database...<br> we will get back to you very shortly.<br> Please have a very wondeful day.</p> </div> </body> </html> EOD; echo "$theResults"; ?> I have a form with PHP validation and also a mysqli query checking for duplicates in the database for mailing address and email address in mysql.
It works fine but the customers are adding spaces in the mailing address for example 111 mailing address A V E, 1 1 1 ma iling address A V E etc. and my sql query doesn't see that as an address that's a duplicate.
Their alslo adding email address like my@emailaddress.com and m.y@emailaddress.com, m.y.2@emailaddress.com etc to bypass that comparision also.
Is there anyway to stop this from happening?
Ok, so basically I have every column in the link below to work right and have the data for each column displayed....except for "Person" column. http://trigamer.com/forums/newest.php?fid=1 If you check there, you can see the posts, but not the poster. I'm thinking the 7th line from the bottom is the issue? Below is the PHP code for that section: Code: [Select] <!-- list threads--> <?php if($threads) {?> <tbody> <?php while($thread = mysql_fetch_array($threads) ){ #get last user to post $last_user = fetch("SELECT user FROM posts WHERE tid = ".$thread["tid"]." ORDER BY dateline DESC LIMIT 1"); if(!$last_user) $last_user = array(); ?> <tr bgcolor="#202025"> <td class="threadIcon"><img src="/images/posticon.png" /></td> <td class="threadTitle"><a href="replythread.php?tid=<?php echo $thread["tid"];?>"><?php echo $thread["title"];?></a></td> <td class="threadReplies"><font color=white><?php echo $thread["replies"];?></font></td> <td><font color=white><?php echo $last_user[0];?></font></td> <td><font color=white><?php echo date("m-d-Y",$thread["dateline"]);?></font></td> </tr> <?php } ?> </tbody> <?php }?> <!-- //end list threads--> Hi Everyone I am looking to just grab the first element of an array and do something to it but i only want this extra bit off code on the first value off the array. Here is my array echo "<pre>"; print_r($_SESSION); echo "</pre>"; Array ( [attach] => Array ( ) [backups-2] => true [dnb] => true [house] => true [tech-house] => true [uk-garage] => true [uk-grime] => true [uk-hip-hop] => true [uncategorized] => true [warehouse] => true [value] => Array ( [0] => Array ( [tune_name] => Music/dnb/Abort_Delta Heavy_192.mp3 [tune] => http://isdmusic.s3.amazonaws.com/Music/dnb/Abort_Delta Heavy_192.mp3 [submit] => Listen ) [1] => Array ( [tune_name] => Music/dnb/Acid Bath (Northern Lights remix)_Twisted Individual_192.mp3 [tune] => http://isdmusic.s3.amazonaws.com/Music/dnb/Acid Bath (Northern Lights remix)_Twisted Individual_192.mp3 [submit] => Listen ) [2] => Array ( [tune_name] => Music/dnb/Awkward_Inside Info_192.mp3 [tune] => http://isdmusic.s3.amazonaws.com/Music/dnb/Awkward_Inside Info_192.mp3 [submit] => Listen ) [3] => Array ( [tune_name] => Music/dnb/Awkward_Inside Info_192.mp3 [tune] => http://isdmusic.s3.amazonaws.com/Music/dnb/Awkward_Inside Info_192.mp3 [submit] => Listen ) ) ) so i just what to effect the first value what to and autostart to it??? Here is my code. session_start(); header("Content-type: text/xml"); $xml_output = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n"; $xml_output .= '<playlist version="1" xmlns="http://xspf.org/ns/0/">\n'; $xml_output .= "<trackList>\n"; $xml_output .= "\t<track>\n"; $xml_output .= "\t\t<location>" . $_SESSION['value'][0]['tune_name'] . "</location>\n"; $xml_output .= "\t\t<creator>sdf</creator>\n"; $xml_output .= "\t\t<album>sdf</album>\n"; $xml_output .= "\t\t<title>" . $_SESSION['value'][0]['tune_name'] . "</title>\n"; $xml_output .= "\t\t<annotation>I love this song</annotation>\n"; $xml_output .= "\t\t<duration>32000</duration>\n"; $xml_output .= "\t\t<image>covers/smetana.jpg</image>\n"; $xml_output .= "\t\t<info></info>\n"; $xml_output .= "\t\t<link>" . $furl . "</link>\n"; $xml_output .= "\t</track>\n"; foreach ($_SESSION['value'] as $value) { $furl = "http://isdmusic.s3.amazonaws.com/".urlencode($value['tune_name']); if(preg_match("/\.mp3$/i", $furl)) { $xml_output .= "\t<track>\n"; $xml_output .= "\t\t<location>" . $furl . "</location>\n"; $xml_output .= "\t\t<creator>" . $value['tune_name'] . "</creator>\n"; $xml_output .= "\t\t<album>" . $value['tune_name'] . "</album>\n"; $xml_output .= "\t\t<title>" . $value['tune_name'] . "</title>\n"; $xml_output .= "\t\t<annotation>I love this song</annotation>\n"; $xml_output .= "\t\t<duration>32000</duration>\n"; $xml_output .= "\t\t<image>covers/smetana.jpg</image>\n"; $xml_output .= "\t\t<info></info>\n"; $xml_output .= "\t\t<link>" . $furl . "</link>\n"; $xml_output .= "\t</track>\n"; } } $xml_output .= "</trackList>"; echo $xml_output; Thanks Hi,I
I'm trying to setup Paypal Pro on a website - have everything working - but need to grab the 4th & 6th key values from the results given from the Paypal response and having difficulty with the task.
See the code that prints the response and the response sent from Paypal below - I need to grab the values for [TRXRESULT] and [TRXRESPMSG]
echo('<pre>'); print_r($PayFlow->getResponse()); echo('</pre>');and here's the response I get from Paypal on script execution - this is an example of a failed transaction: Paypal Response Array ( [RESULT] => 36 [RPREF] => RPC5B24581A2 [RESPMSG] => Transaction failed: Fail to obtain approval for the online transaction [TRXRESULT] => 23 [TRXPNREF] => EUJPC36F2092 [TRXRESPMSG] => Invalid account number: Unsupported Credit Card type )Again, I want to grab the values from [TRXRESULT] and [TRXRESPMSG] and assign them to local variables so i can work with them within the local php script. Example: $trxresult and $trxrespmsg Here's part of the class (file name is Class.Payflow.php find on Github) that pertains to this snippet of code in question: Class.Payflow.php /** * @uses Gets the response from Paypal. * @access Public * @param None. * @return Array/String - Returns an array of Paypal's response or empty string if not return. * @example $PayFlow->getResponse(); */ public function getResponse() { if($this->response) { return $this->response; } else { return ''; } }Thanks in advance for help w/this one! I'm trying to build a calculator for a game...but I'm stuck on the extracting part. I don't really know how to go about it (so if you know of a tutorial/handbook please link), but how I would I extract this data: //data to extract $name = "Robin hood hat" $currentprice = "3.3m" $change = "+11.5k" //display echo $name echo $currentprice echo $change from: http://itemdb-rs.runescape.com/results.ws?query=robin hood hat I know about get_file_contents and doing it line by line...but that turns into a pain with many things to grab. Is there a way of grabbing it by table definition similarly to the way Google Docs does? Google Docs link format: =Index(ImportHtml("http://itemdb-rs.runescape.com/results.ws?query=Robin hood hat", "table", 2),2,4) This goes to the 2nd table, 2nd row, and 4th column for the "Change" data. I want to be able to grab any new images uploaded and display them right away on the front page, at the moment I can grab the id of each but that won't update the gallery. Once 4 images are uploaded, the next one to be uploaded pushes the last out of the gallery.
At the moment, I only have 2 images on the db, but I want it ready to be used by a community
<form action="<? echo $_SERVER['PHP_SELF']; ?>" method="post" enctype="multipart/form-data"> Upload:<br><br> <input type="file" name="image"><br><br> <input type="submit" name="submit" value="Upload"> </form> <?php if(isset($_POST['submit'])) { mysql_connect("localhost","____","____"); mysql_select_db("moduni_images"); $imageName = mysql_real_escape_string($_FILES["image"]["name"]); $imageData = mysql_real_escape_string(file_get_contents($_FILES["image"]["tmp_name"])); $imageType = mysql_real_escape_string($_FILES["image"]["type"]); if(substr($imageType,0,5) == "image") { mysql_query("INSERT INTO `images` VALUES('','$imageName','$imageData')"); echo "Image uploaded!"; } else { echo '<br>O<font color="#8B0000">nly images are allowed!</font>'; } } ?> <?php mysql_connect("localhost","____","____"); mysql_select_db("moduni_images"); if(isset($_GET['id'])) { $id = mysql_real_escape_string($_GET['id']); $query = mysql_query("SELECT * FROM `images` WHERE `id`='$id'"); while($row = mysql_fetch_assoc($query)) { $imageData = $row["image"]; } header("content-type: image/jpeg"); echo $imageData; } else { echo "Error!"; } ?> <div id="user-gallery"> <h2>Gallery</h2> <div class="img"> <a href="scripts/show_image.php?id=2" data-lightbox="image-1"> <img src="scripts/show_image.php?id=2" width="125px" height="71px"> </a> </div> <div class="img"> <a href="scripts/show_image.php?id=2" data-lightbox="image-1"> <img src="scripts/show_image.php?id=2" width="125px" height="71px"> </a> </div> <div class="img"> <a href="scripts/show_image.php?id=2" data-lightbox="image-1"> <img src="scripts/show_image.php?id=2" width="125px" height="71px"> </a> </div> <div class="img"> <a href="scripts/show_image.php?id=2" data-lightbox="image-1"> <img src="scripts/show_image.php?id=2" width="125px" height="71px"> </a> </div> </div> For example: $text = preg_replace_callback( "/([@][a-zA-Z-0-9]+)/" , "umentions", $text, 1);That 1 parameter means the maximum times it will iterate right? So If I'm doing: @Nexus @Cupcake @George it will return: My problem is. I only want it to iterate over the last match in my function: function umentions($matches){ vdump($matches); return "(here you would replace: ".$matches[0]." with something)"; }How is it possible to use limit, and only iterate the last match not the first? Edited by Monkuar, 22 January 2015 - 08:46 AM. ok, so how can I grab $value before the form submits and I want to put it into the image field: Code: [Select] <?php include_once "secure/connect_to_mysql.php"; function genRandomString($length = 20) { $characters = '0123456789'; $string =''; for ($p = 0; $p < $length; $p++) { $string .= $characters[mt_rand(0, strlen($characters))]; } return $string; } if ($_POST['submit']) { $name = $_POST['name']; $id = $_POST['id']; $image = $_POST['image']; $event = $_POST['event']; $template = 'Templates/index.php'; $picture = '$name.png'; $id = genRandomString(); //this could be the uploaded picture //we need just the filename - no extension $picture_name = pathinfo($picture, PATHINFO_FILENAME); $sql = "INSERT INTO pictures (name, id, image, event) VALUES('$name', '$id','$image','$event')"; $rs = mysql_query($sql) or die ("Problem with the query: $sql<br>" . mysql_error()); echo mysql_error(); $target_path = "images/"; foreach ($_FILES["uploadedfile"]["name"] as $key => $value) { $uploadfile = $target_path . basename($_FILES[uploadedfile][name][$key]); //echo $uploadfile; if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'][$key], $uploadfile)) { echo $value . ' uploaded<br>'; } } copy($template, "$name.php"); } ?> <form action="new.php" method="post" enctype="multipart/form-data"><input name="name" type="text" /><input name="id" type="hidden" value=<?php echo $id; ?> /><br /> <input name="event" type="text" /><input name="image" type="text" value="images/<?php echo $value; ?>" /><input type="hidden" name="MAX_FILE_SIZE" value="900000000000000000000000000000000000000000000000000000000000000000000000000" /> Choose a file to upload: <div id="dynamicInput"> Entry 1<br><input type="file" name="uploadedfile[]"> </div> <input type="button" value="Add another text input" onClick="addInput('dynamicInput');"> <br /><input name="submit" type="submit" value="submit" /></form> if I do it after the form submits then it shows up, is there a way to make it appear before it submits....like a second field echoing what the first field has typed it and it updates "live"? Hello,
I want to grab some data from this site, using a script.
But I am stuck right at the beginning. If you go to the site, you can make a selection with the drop-down-boxes and get some output. For example if you select (left side: text on page in dutch / right side: translation in english):
Selecteer competitienaam: Najaarscompetitie 2014 Select league name: Autumn League 2014 Selecteer competitiegroep: Eredivisie dames Select league group: Eredivisie ladies Selecteer weergave: Programma (incl. uitslagen en stand) Select view: Program (including results and position) Optioneel poule filter: De Treffers R Optional group filter: De Treffers R Selecteer poule(s): Eredivisie - Poule A Select group(s): Premier League - Group A I want to grab the output you get after making all the selections. When I look at the webbrowser's page source the selections (drop-down-boxes) are inside an iframe from another domain: <iframe src="http://www.nttb-competitie.nl/" width="100%" height="1200" scrolling="yes" frameborder="0" name="NTTB_Competitie"></iframe>I figured out: First, the script gets url: http://www.nttb-competitie.nl/selectie.php?anr=0And after last selection it gets url: http://www.nttb-competitie.nl/web_programma.php?reset=0&pidString=1009267&sc=0&vastgesteldeAfdelingsnr=0&cnid=10085&cid=10704&view=programma&pf=1269&pid=1009267My problem is when I copy those URL's in a webbroser 's address bar, I get a page with only the words: Ongeldige aanroep!Which means "Invalid Call!" So my question is: How can I grab the data instead of this stupid message? Is it even possible or is it somehow protected? Please help! THSI IS URGENT!! NEEDS TO BE DONE WITHIN NEXT FEW MINUTES! I HAVE BEEN WORKING ON IT FOR WEEKS NOW!!! I have a url get variable from the "uitems" table. it is stored in the url and carries over to the next page. I have tables: "uitems" and "items" the "items" table stors all of the info about the items. the "uitems" table stores where the item is for each certain user. I want to be able to grab the item information from the "items" table with the variable from the "uitems" table. the "uitems" table has the id stored from the "items" table. he items - itemid > the id of the item i want to grab.\ uitems - item id (this is the unique id for the the USERSi tem uitems - theitemid - this is the id of the itemid from the items table/ all i have is the get variable in the url telling what the ITEMID is from the uitems table. i want to grab the items table rows from it with that. PLEASE HELP!! here is my code: bag.php: Code: [Select] <?php session_start(); include("config536.php"); ?> <html> <head> <link rel="stylesheet" type="text/css" href="style.css" /> </head> <?php if(!isset($_SESSION['username'])) { echo "<ubar><a href=login.php>Login</a> or <a href=register.php>Register</a></ubar><content><center><font size=6>Error!</font><br><br>You are not Logged In! Please <a href=login.php>Login</a> or <a href=register.php>Register</a> to Continue!</center></content><content><center><font size=6>Inventory</font><br><br></center></content>"; } if(isset($_SESSION['username'])) { echo "<nav>$shownavbar</nav><ubar><img src=/images/layout/player.gif><a href=status.php>$showusername</a>.......................<img src=/images/layout/coin.gif> $scredits</ubar><content><center><font size=6>Inventory</font><br><br>"; $action = $_GET['action']; $gid = $_GET['usitemid']; $col = "4"; echo "<table border=0>"; echo "<tr>"; if(!isset($action)) { $irow = "SELECT * FROM uitems WHERE username='$showusername' AND location='1'"; $iquery = mysql_query($irow); while($ir = mysql_fetch_array($iquery)) { $uid = $ir['uitemid']; $iid = $ir['theitemid']; $iun = $r['username']; $il = $ir['location']; $tirow = "SELECT * FROM items WHERE itemid='$iid'"; $tiquery = mysql_query($tirow); while($tir = mysql_fetch_array($tiquery)) { $tiid = $tir['itemid']; $tin = $tir['name']; $tiim = $tir['image']; $tid = $tir['description']; $tirr = $tir['rarity']; $tit = $tir['type']; $tiu = $tir['uses']; $tis = $tir['strength']; $tide = $tir['defense']; $tih = $tir['heals']; echo "<td><center><a href=?action=view&usitemid=$uid><img src=/images/items/$tiim></a> ".$tir['name']."</center></td>"; $col--; if(!$col) { echo "</tr><tr>"; $col=4; } } } } if(isset($action)) { $iiwuery = "SELECT items.name, uitems.uitemid ". "FROM items, uitems ". "WHERE items.itemid = uitems.theitemid"; $tiresult = mysql_query($iiwuery) or die(mysql_error()); while($brow = mysql_fetch_array($tiresult)){ $cid = $brow['uitemid']; $cin = $brow['name']; } echo "$cid and $cin"; $qer = "SELECT * FROM items WHERE itemid='$cid'"; $tqer = mysql_query($qer); while($rune = mysql_fetch_array($tqer)) { $dtin = $rune['name']; $dtii = $rune['image']; $dtid = $rune['description']; $dtir = $rune['rarity']; $dtty = $rune['type']; echo "<b>$dtin</b><br><br><img src=/images/items/$dtii><br><i>$dtid</i><br><b>Rarity:</b> $dtir<br><b>Item Type:</b> $dtty<br><br><br>"; } } } ?> </html> basically if you read this, then you can see they have a "passing-var.php" and a "catching-var.php" How can i make this happen without the passing-var.php and make the catching-var.php actually GET a variable Hey guys! I haven't really coded teh exact query for this yet. But what I want to do is I want to grab multiple results that are the same and only display one BUT also grab DIFFERENT results from the SAME table the same way. Let me give an example here... Lets say this is my table: id - name - image 1 - apple - apple.gif 2 - grape - grape.gif 3 - orange - orange.gif 4 - apple - apple.gif 5 - apple - apple.gif 6 - orange - orange.gif I want it to diaply like this: Apple -apple.gif- Quantity: 3 Orange -orange.gif- Quantity: 2 Grape -grape.gif- Quantity: 1 My query for LIMIT 1 would look like this, but it only grabs one result toal.. i think.. I would also be grabbing stuff from two different tables, which wouldn't be an issue. in this case, i want to grab the QUANTITY form one table, )the uitems table) and the image and name from the items table) the uitems query is also grabbing theitemid to use with the items table.. Code: [Select] \\ this would be getting the quantity \\ $query = "SELECT * FROM uitems WHERE username='$showusername' AND location='2'"; $thisthat = mysql_query($query); while($row = mysql_fetch_array($thisthat)) { $quantity = $row['quantity']; $getid = $ow['theitemid']; } \\ now getting the item info \\ $itemquery = "SELECT * FROM items WHERE itemid='$getid'"; $item = mysql_query($itemquery); while($thisrow = mysql_fetch_array($item)) { $name = $thisrow['name']; $image = $thisrow['image']; $actualid = $thisrow['itemid']; } So basically, I want to be able to be able to grab one row of every kind that is there. How can I do that? Thanks so much in advance!! =D Right now I have a link list a-z and 0-9. you click one of those links and your taken to page listing all items that start with that character. currently I'm using: Code: [Select] SELECT * FROM my_table where LEFT(`my_item`,1)='$show' ORDER BY my_title ASCall I do right now is just add a link like ?show=a and everything that starts with a is listed. Now here is my problem. I want to listen all items that start with a numeric value listed all on one page instead of being spread across 0-9. If another solution becomes available I'd be more then happy to hear you out. But does anyone know how I can change my query to only list items that start with numbers? Folks, " http://www.example.com/whatever/whatever.htm " how to Grab the Domain name from URLs? like "http://www.example.com" Any suh PHP Cde? |