PHP - Add To Database When User Downloads A File
I would like to be able to add a yes/no to a field in a 'user' database when a logged in user clicks on a link to download a file.
The site I have built stores docs and applications. and my client would like to know which user has downloaded a certain application (clicked on a button to 'download' and installer file. Is this possible? Similar Tutorials
Query About How To Retrieve A Password From The Database And Compare To The One The User Has Entered
Is there a way (in PHP) to prompt to download file regardless of it's type? I have taken someone's suggestions and put files in a folder with HTAccess protection. ALL I want to do is just grab the files and prompt download (regardless of what the type of file is), is there an easy way to do this in PHP. I'm creating a CSV file on the fly for download in the backend - a stock management function. The script works fine extracting from the database fine and creates the CSV. But the next step of the script is to download the file using: header('Content-type: application/octet-stream'); header('Content-Disposition: attachment; filename="' . $filename . '"'); This works, in as much as it downloads the file specified by $filename but when I open the file it's empty and the File Size in properties is 0. But if I go into my FTP and download the file it contains all the data as expected? Anyone have any ideas whats wrong? Thoughts I've had: File size too large would using ob_start('ob_gzhandler'); help? Or is there an INI setting? File encoding needs to be set? UTF8? Content Type should be text/csv? Thanks So, I have a script that works downloading a file - excerpt below: Code: [Select] header("Pragma: public"); header("Expires: 0"); header('Content-type: "application/octet-stream"'); header("Cache-Control: private",false); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); $f = "Content-Disposition: attachment; filename=\"".$myfile['downloadname'].".".$myfile['ext']."\""; header($f); header("Content-Transfer-Encoding: binary"); header("Content-Length: ".filesize($file)); ob_clean(); flush(); readfile("$file"); exit(); I record elsewhere in a mysql database when the script is started. In addition, I'd like to be able to record whether the download completes (successfully or otherwise). As it is, the script can run and the user press cancel and it looks like a download but isn't. Is this possible? If so, how? Your help, as ever, gratefully received. Hi guys, I was just wondering if anyone could help me. I've got a My_SQL database containing articles, a summary for the article and a date. I have a basic CMS system set-up, but I want to create a script that when users sign up to a mail list it forwards the summary and dates of the articles database. If that makes sense? But I only want it to forward the most recent 5 rows. I'm pretty new to PHP and I've been mostly following tutorials thus far, but this is quite specific. Thanks in advance! I have created a button which when pressed should present the user with their details (whoever is logged in), here is the form code: <form id="form1" name="form1" method="post" action="getdetails.php"> <input type="submit" name="Get Details" value="Get Details" /> </label> </p> </form> Here is the getdetails.php file <?php mysql_connect("localhost","root",""); mysql_select_db("test"); $username = $_POST['textfield']; echo '</br>'; $query = mysql_query("SELECT * FROM membersdetails WHERE name=`$username` "); while($result = mysql_fetch_array($query)) { //display echo $result['firstname']; echo $result['surname']; } ?> Its not workin at all I have attacthed the error i am getting Any help please? Hello every body....
I'm creating a simple php project where the user will be able to choose option from dropdown menu and the query will be executed accordingly..
The html form is shown below....
<select name='movie_name'> <option value='ALL'>All</option> <option value='blah'>Blah blah </option> <option value='blah'>Blah blah </option> ... </select> <select name='movie_genre'> <option value='ALL'>All</option> <option value='Horror'>Horror</option> <option value='Anime'>Anime</option> ... </select> <select name='movie_cast'> <option value='ALL'>All</option> <option value='john'>john</option> <option value='Katrina'>Blah blah Katrina</option> ... </select>If the user select "ALL" then, all the resuls will be displayed according to the selected options AND again If the user select "different" options then, all the resuls matcing from the database will be shown... Tha database schema is shown below | id | movie_name| movie_genre | movie_cast | 1 | Hello Brother | Comedy | Salman Khan | 2 | Blah blah | ALL | Blah blah | 3 | ALL | ALL | ALL | 4 | Blah Blah | Blah Blah | ALL * here "ALL" is a specific text which may or may not be present in the rows.... Thank u in advance.... just wandering if this can be done and if so do you know were i can read about this or have any suggestion? i have a database with all are clients data that we store in it. I can now let them log into a php search screen that they can pull data from and see what we have stored. I would like to restrict what info they can pull by the user name they log in with, so they are not pulling other client info when they do the search. the user database and company database are two different ones. they search by box number and i would like to restrict what it pulls up by company name depending on if the user logged in has rites to that company info. so if jane doe logged in and she was a member of soso company when she did a box search she would only see what was from soso company instead of how it is now it pulls from soso, DD, and all the company's. Thanks in advance I built an application for a client of mine using PHPRunner about 3 years ago. It has functioned perfectly right up to today when they notified me that they were unable to Export any records. I have attached the error report that comes up when you run Export function. According to the report it is unable to find a file or path. I have been on to server with FTP client and all the paths, files and contents are present. Can anyone please give me any advise on what might suddenly cause this error after many years. All other functionality of the Database is fine. Many thanks, Carl. Edited August 1, 2019 by wscwt01 Spelling error This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=347193.0 hi i had database with field of name,title,post,content i want to fetch the post and content for a specific user from giving name of that user by form help me to get that ps just give me idea to how to do that/ Code: [Select] <form id="form1" name="form1" method="post" action="view.php"> <label>Name <input type="text" name="textfield" /> </label> <p> <label> <input type="submit" name="Submit" value="Submit" /> </label> </p> </form> I'm creating a newsletter and the unsubscribe isn't deleting the database entry like I'm asking it to. Everything else works fine, it even successfully says the user has been removed, but it doesn't actually delete the database entry. I've spent two days trying to figure out why. Here's the code:
Newsletter sign up: <?php //DB Connect Info $servername = ""; $database = ""; $username = ""; $password = ""; // Create connection $conn = mysqli_connect($servername, $username, $password, $database); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } /*$createTable = $conn->prepare ("CREATE TABLE IF NOT EXISTS email_user ( id int(11) NOT NULL AUTO_INCREMENT, email varchar(200) NOT NULL, hash varchar(250) NOT NULL, PRIMARY KEY (id) )"); $createTable->execute(); */ function input_security($data) { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); return $data; } $email = input_security($_POST['email']); $insertData = input_security($insertData); if(isset($_POST['submit'])) { extract($_POST); if($email!="") : $email=mysqli_real_escape_string($conn,$email); $emailval = '/^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$/'; if(preg_match($emailval, $email)) : $db_check=$conn->query("SELECT * FROM email_user WHERE email='$email'"); $count=mysqli_num_rows($db_check); if($count< 1) : $hash=md5($email.time()); $link = '/unsubscribe.php?key='.$hash; // Change your domain $fetch=$conn->query("INSERT INTO email_user(email,hash) VALUES('$email','$hash')"); $to="$email"; //change to ur mail address $strSubject="Maintenance Fee Relief, LLC | Email Subscription"; $message = '<p>Thank you for subscribing with us.</p>' ; $message .= '<p>Click here to unsubscribe your email : <a href="'.$link.'">unsubscribe</p>' ; $headers = 'MIME-Version: 1.0'."\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1'."\r\n"; $headers .= "From: info@"; $mail_sent=mail($to, $strSubject, $message, $headers); $msg_sucess="Your request has been accepted!."; else : $msg="This $email email address is already subscribe with us."; endif; else : $msg="Please enter your valid email id"; endif; else : $msg="Please fill all mandatory fields"; endif; } ?> <div class="newsletter-sign-up-header-form"> <div id="logerror"><?php echo @$msg; ?><?php echo @$msg_sucess; ?></div> <form method="post"> <span><input type="email" name="email" placeholder="Email Address - Join Newsletter" class="newsletter-sign-up-header-email" required></span> <span><button name="submit" value="submit" title="Submit" class="newsletter-sign-up-header-submit-button">Submit</button></span> </form> </div> <?php //DB Connect Info $servername = ""; $database = ""; $username = ""; $password = ""; // Create connection $conn = mysqli_connect($servername, $username, $password, $database); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } ?> <?php if(@$_GET['key']!=""): $hash=mysqli_real_escape_string($conn,$_GET['key']); $fetch=$conn->query("SELECT * FROM email_user WHERE hash = '$hash'"); $count=mysqli_num_rows($fetch); if($count==1) : $row=mysqli_fetch_array($fetch); $conn->query("DELETE email_user WHERE id='$user_id'"); $msg="Your email id unsubscribe with us"; else : $msg="Please click valid link."; endif; else : header("Location:404.php"); endif; ?> <!doctype html> <html lang="en"> <head> <title>Unsubscribe</title> </head> <body> <div align="center"> <h2><?php echo $msg; ?></h2> <a href="https://www.--.com">--.com</a> </div> Quote
Im trying to create a website where users login, and then when they add a new entry to the database there name is put as the author. This is how my tables are set up. One table is named job and has the columns id, jobtext, jobdate, and authorid. Another table is called author. This table contains the columns id, username, password, and name. Authorid from the job table matches with id from the author table. When a user logins in this code is used to register the name...session_start(); $_SESSION['myusername'] = $_POST['myusername']; $_SESSION['mypassword'] = $_POST['mypassword']; header("location: index.php"); } else { echo "Wrong Username or Password"; } This is the form users use to add a new entry... if (isset($_GET['add'])) { $pagetitle = 'New Job'; $action = 'addform'; $text = ''; $authorid = ''; $id = ''; $button = 'Add job'; include $_SERVER['DOCUMENT_ROOT'] . '/jobs/includes/db.inc.php'; // Build the list of authors $sql = "SELECT id, name FROM author"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of authors.'; include 'error.html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $authors[] = array('id' => $row['id'], 'name' => $row['name']); } // Build the list of categories $sql = "SELECT id, name FROM category"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of categories.'; include 'error.html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $categories[] = array( 'id' => $row['id'], 'name' => $row['name'], 'selected' => FALSE); } include 'form.html.php'; exit(); } if (isset($_GET['addform'])) { include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php'; $text = mysqli_real_escape_string($link, $_POST['text']); $author = mysqli_real_escape_string($link, $_POST['author']); if ($author == '') { $error = 'You must choose an author for this job. Click ‘back’ and try again.'; include 'error.html.php'; exit(); } $sql = "INSERT INTO job SET jobtext='$text', jobdate=CURDATE(), authorid='$author'"; if (!mysqli_query($link, $sql)) { $error = 'Error adding submitted job.'; include 'error.html.php'; exit(); } $jobid = mysqli_insert_id($link); if (isset($_POST['categories'])) { foreach ($_POST['categories'] as $category) { $categoryid = mysqli_real_escape_string($link, $category); $sql = "INSERT INTO jobcategory SET jobid='$jobid', categoryid='$categoryid'"; if (!mysqli_query($link, $sql)) { $error = 'Error inserting job into selected category.'; include 'error.html.php'; exit(); } } } header('Location: .'); exit(); } Form.html.php = <?php include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/helpers.inc.php'; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title><?php htmlout($pagetitle); ?></title> <meta http-equiv="content-type" content="text/html; charset=utf-8"/> <style type="text/css"> textarea { display: block; width: 100%; } </style> </head> <body> <?php session_start(); ?> <h1><?php htmlout($pagetitle); ?></h1> <form action="?<?php htmlout($action); ?>" method="post"> <div> <label for="text">Type your job he </label> <textarea id="text" name="text" rows="3" cols="40"><?php htmlout($text); ?></textarea> </div> <div> <label for="author">Author:</label> <select name="author" id="author"> <option value="">Select one</option> <?php foreach ($authors as $author):?> <option value="<?php htmlout($author['id']); ?>"<?php if ($author['id'] == $authorid) echo ' selected="selected"'; ?>><?php htmlout($author['name']); ?></option> <?php endforeach; ?> </select> </div> <fieldset> <legend>Categories:</legend> <?php foreach ($categories as $category): ?> <div><label for="category<?php htmlout($category['id']); ?>"><input type="checkbox" name="categories[]" id="category<?php htmlout($category['id']); ?>" value="<?php htmlout($category['id']); ?>"<?php if ($category['selected']) { echo ' checked="checked"'; } ?>/><?php htmlout($category['name']); ?></label></div> <?php endforeach; ?> </fieldset> <div> <input type="hidden" name="id" value="<?php htmlout($id); ?>"/> <input type="submit" value="<?php htmlout($button); ?>"/> </div> </form> </body> </html> Right now, under authors, it displays all the authors in the database. I want it to just show/submit the authorid of the logged in user. Hi, I have created a session based logon system using php and MYSQL from some tutorials I found online which is working very successfully. I can log on and of and move through different pages with no problems. My query is how do I output or display the information that is specific to the user which is currently logged on and block access to any other users information. I am quite sure there is a simple solution that is escaping me. If you could point me in the right direction it would be greatly appreciated. Thanks in advance Unfortunately I have no code for this yet cuz I don;t even know if its possible... I am programming an application that is used by a couple of stores, which could end up being a lot of stores. Anyways, the basis is that the stores would, though a separate application (and therefore separate database) create a username and password, I now want to use this username and password to do the following 1. Allow them to login to my application using the same username and password 2. I want the store the username in a session to pull tables based on the username from my database For instance, a user has the login store123, after loggin in it now pulls the information from the tables store123_items, store123_prices, store123_settings, etc. Now my database will have quite a lot of store###_tables I am, sadly, a noobie to PHP and I do recall seeing an article (somewhere on the net, and I stupidly forgot to bookmark it, knowing I would need it eventually) on how to access multiple databases easily. Now because they are both under my account I can use the same username and password for both, its accessing the MySQL username/password database and storing the info I know I am lacking on how to do it. Any ideas? Hi all, I've got a website for an event, each team have their details on a page which are recalled from a SQl database. But I'm wanting to create a password input box for each team, so when they enter the correct password they are taken to a page containing forms where they can edit the team details. Here is the page with the users details on where they anter the password: http://www.wharncliffenetwork.co.uk/wrc/entered/team.php?id=8 I'm not sure how to code it, Can an IF statement be used? Anyone got any pointers? I'f been unsuccessful in finding a tutorial or something similar. Hope that makes sense :S Cheers. Hi everyone! I'm getting the error "Access denied for user ''@'localhost' to database 'crystalair'" (crystalair is the name of my database) whenever I submit my form which inserts a new row to the database table "order". The same happens when I try to retrieve data from the table using select query. However, I can successfully perform operations (select, insert) in my other pages which involves another database table "user". If this is a connection error, how can I successfully perform operations with another table? Also, my connection query does not return an error. I have also checked to make sure my user has been granted "All Privileges" in the phpmyadmin. I've run out of ideas. Can you please help? Thanks a lot. I have two tables. Table Name:Users Fields: User_name user_email user_level pwd 2.Reference Fields: refid username origin destination user_name in the users table and the username field in reference fields are common fields. There is user order form.whenever an user places an order, refid field in reference table will be updated.So the user will be provided with an refid Steps: 1.User needs to log in with a valid user id and pwd 2.Once logged in, there will be search, where the user will input the refid which has been provided to him during the time of order placement. 3.Now User is able to view all the details for any refid 3.Up to this we have completed. Query: Now we need to retrieve the details based on the user logged in. For eg: user 'USER A' has been provided with the referenceid '1234' during the time of order placement user 'USER B' has been provided with the referenceid '2468' during the time of order placement When the userA login and enter the refid as '2468' he should not get any details.He should get details only for the reference ids which is assigned to him. I'm making a login area for the hotels in a booking system, where they enter their hotels' information, policy, and room rates but I want to make the room rates when it appears for clients, it appears with a percentage (commission) added to what the Hotel representative will enter So what's better? it should be added in the admin area of the hotels and gets saved in the database with the commission or I should add it in the booking form so the code grab the rate from the database, multiply it by the percentage and echo the result? Before I get into my problem a couple of things. First, this is a work project. My organization cannot afford a full time developer so as a database guy I'm being asked to develop a web based data system using php/html/mysql/javacript/etc. So I am not asking anyone to help me cheat or violate an honor code for a school project. Also I am having to learn PHP on the fly, by the seat of my pants. Second, my organization is using a version of PHP older that 5.5.X and I am powerless to update the version. So I know that some of the syntax I am using has been deprecated in more recent PHP versions. I don't mean to sound snarky or ungrateful but I really need some help solving this problem versus unhelpful comments about deprecated code. Third I am adapting code from the guys at TechStream so H/T to them. Here is what I am trying to build. My office helps other offices in my large organization manage their records through the creation of a file plan. We are currently using a clunky, user-unfriendly Access database that was created back in 2009. I am tasked to transition that Access hoopty into a proper, web-based, user friendly system. The index.php form page consists of 2 parts. You can see the original TechStream demo he http://demo.techstre...ssing-with-PHP/ I've adapted the top part of the form ("Travel Information") for my users to enter information about their office such as Office Name, Office Code, Office Chief, Creator (the user), Status and date. I've adapted the bottom part of the form ("Passenger Details") to be "Folder Details". This is an html table where users can add up to 10000 rows to list all the folders for their office by entering the folder name in the text box and then assign descriptors to each folder using the drop down menus. I've changed the drop down menus to reflect the descriptors we need, i.e. file-series, classification, media type. The user needs the flexibility to add folders as the number of folders will vary between offices. This adding and deleting of folders is accomplished dynamically through a javascript script.js file. Now, here's my problem. When the user clicks submit button that fires a php script that runs an insert into query to place the array data into the backend mysql database. However, when the foreach loop is only inserting the office office from the top portion of the form with the first folder in the bottom portion of the form. In other words let's say the user fills out the top part with his office information and then adds 5 folders into the html table at the botton. The first folder will be inserted into the database table with both office information and folder information. However the subsequent 4 folders will have their folder information inserted into the table but the office information fields will be null. The office information needs to be inserted with each folder the user adds to the html table piece. I suspect that my foreach loop is only capturing that office information on the first iteration of the loop and then flushing or deleting the office information after the first loop. Also, I suspect there is some disconnect between the html table for entering individual folders and the top part of the form that is not in html format. Any help I can get is most welcome. Thanks in advance! Code is below. index.php <?php session_start(); if(!isset($_SESSION['myusername'])) { header('Location:index.php'); } echo $_SESSION['myusername']; echo '<a href="logout.php"><span>Logout</span></a></li>'; <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Records Management File Plan Application</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <link rel="stylesheet" type="text/css" href="css/default.css"/> <script type="text/javascript" src="js/script.js"></script> </head> <body> <form action="InsertFileDetailArraytoDB.php" class="register" method="POST"> <h1>Office File Plan Application/h1> <fieldset class="row1"> <legend>Office Information</legend> <p> <label>Office Code * </label> <input name="officecode[]" type="text" required="required"/> <label>Date* </label> <select class="date" name="day[]"> <option value="1">01 </option> <option value="2">02 </option> <option value="3">03 </option> <option value="4">04 </option> <option value="5">05 </option> <option value="6">06 </option> <option value="7">07 </option> <option value="8">08 </option> <option value="9">09 </option> <option value="10">10 </option> <option value="11">11 </option> <option value="12">12 </option> <option value="13">13 </option> <option value="14">14 </option> <option value="15">15 </option> <option value="16">16 </option> <option value="17">17 </option> <option value="18">18 </option> <option value="19">19 </option> <option value="20">20 </option> <option value="21">21 </option> <option value="22">22 </option> <option value="23">23 </option> <option value="24">24 </option> <option value="25">25 </option> <option value="26">26 </option> <option value="27">27 </option> <option value="28">28 </option> <option value="29">29 </option> <option value="30">30 </option> <option value="31">31 </option> </select> <select name="month[]"> <option value="1">January </option> <option value="2">February </option> <option value="3">March </option> <option value="4">April </option> <option value="5">May </option> <option value="6">June </option> <option value="7">July </option> <option value="8">August </option> <option value="9">September </option> <option value="10">October </option> <option value="11">November </option> <option value="12">December </option> </select> <select name="year[]"> <option value="2013">2013 </option> <option value="2014">2014 </option> <option value="2015">2015 </option> <option value="2016">2016 </option> </select> </p> <p> <label>Office Chief* </label> <input name="officechief[]" required="required" type="text"/> <label>Status* </label> <select name="status[]"> <option value="Draft">Draft </option> <option value="Submitted">Submitted </option> <option value="Approved">Approved </option> </select> </p> <p> <label>Creator * </label> <input name="creator[]" required="required" type="text"/> </p> <div class="clear"></div> </fieldset> <fieldset class="row2"> <legend>Folder Details</legend> <p> <input type="button" value="Add Folder" onClick="addRow('dataTable')" /> <input type="button" value="Remove Folder" onClick="deleteRow('dataTable')" /> <p>(All actions apply only to entries with check marked check boxes.)</p> </p> <table id="dataTable" class="form" border="1"> <tbody> <tr> <p> <td><input type="checkbox" required="required" name="chk[]" checked="checked" /></td> <td> <label>Folder Name</label> <input type="text" required="required" name="BX_NAME[]"> </td> <td> <label for="BX_fileseries">File Series</label> <select id="BX_fileseries required="required" name="BX_fileseries[]"> <option>100-01-Inspection and Survey/PII-NO</option> <option>200-02-Credit Card Purchases/PII-NO</option> <option>300-07-Time and Attendance/PII-YES</option> </td> <td> <label for="BX_classification">Classification</label> <select id="BX_classification" name="BX_classification" required="required"> <option>Unclassified</option> <option>Confidential</option> <option>Secret</option> <option>Top Secret</option> <option>Ridiculous Top Secret</option> <option>Ludicrous Top Secret</option> </select> </td> <td> <label for="BX_media">Media</label> <select id="BX_media" name="BX_media" required="required"> <option>Paper</option> <option>Shared Drive</option> <option>Film</option> <option>Floppy Disk</option> <option>Mixed</option> <option>Other</option> </select> </td> </p> </tr> </tbody> </table> <div class="clear"></div> </fieldset> <input class="submit" type="submit" value="File Plan Complete »" /> <div class="clear"></div> </form> </body> </html>PHP script with foreach loop to loop through the array from index.php and insert into database: InsertFileDetailArrayToDB.php /* When the user has finished entering their folders, reviewed the form inputs for accuracy and clicks the submit button, this will loop through all folder entries and using the SQL insert into query will place them in the database. When it completes data insertion it will redirect the user back to the file detail input form*/ <?php /*this part requires the user to be logged in and allows their user name to be included in the insert into query. If you remove the "ob_start();" piece it will screw up the header statement down at the botton. See the comments by the header statement for an explanation of its purpose*/ ob_start(); session_start(); if(!isset($_SESSION['myusername'])) { header('Location:index.php') } /*these two lines would ordinarily display the user name and a link a allowing the user to log out. However this php script does not output anything so the user will never it.*/ echo $_SESSION['myusername']; echo '<a href="logout.php"><span>Logout</span></a></li>'; ?> <?php /*this include statement connects this script to the MySQL database so the user form inputs can be inserted into the file_plan_details table*/ include ('database_connection.php'); foreach($_POST['BX_NAME'] as $row=>$BX_NAME) { $BX_NAME1 = mysql_real_escape_string($_POST['BX_NAME'); $officecode1 = mysql_real_escape_string($_POST['officecode'][$row]); $username1 = mysql_real_escape_string($_SESSION['myusername'][$row]); $day1 = mysql_real_escape_string($_POST['day'][$row]); $month1 = mysql_real_escape_string($_POST['month'][$row]); $year1 = mysql_real_escape_string($_POST['year'][$row]); $creator1 = mysql_real_escape_string($_POST['creator'][$row]); $officechief1 = mysql_real_escape_string($_POST['officechief'][$row]); $status1 = mysql_real_escape_string($_POST['status'][$row]); $BX_fileseries1 = mysql_real_escape_string($_POST['BX_fileseries'][$row]); $BX_classification1 = mysql_real_escape_string($_POST['BX_classification'][$row]); $BX_media1 = mysql_real_escape_string($_POST['BX_media'][$row]); $fileplandetailinsert1 = "INSERT INTO file_plan_details (folder_name, office_code, user_name, day, month, year, creator, office_chief, status, file_series, classification, media) VALUES ('$BX_NAME1','$officecode1','$username1','$day1','$month1','$year1','$creator1','$officechief1','$status1','$BX_fileseries1','$BX_classification1','$BX_media1')"; mysql_query($fileplandetailinsert1); } /*this header statement redirects the user back to the folder detail input form after it inserts data into the db After I build a main navigation page, I will switch out index.php with whatever I name the script that will produce the main navigation page*/ header('Location:index.php'); ?>script.js function addRow(tableID) { var table = document.getElementById(tableID); var rowCount = table.rows.length; if(rowCount < 10000){ // limit the user from creating fields more than your limits var row = table.insertRow(rowCount); var colCount = table.rows[0].cells.length; for(var i=0; i<colCount; i++) { var newcell = row.insertCell(i); newcell.innerHTML = table.rows[0].cells[i].innerHTML; } }else{ alert("Maximum Passenger per ticket is 5."); } } function deleteRow(tableID) { var table = document.getElementById(tableID); var rowCount = table.rows.length; for(var i=0; i<rowCount; i++) { var row = table.rows[i]; var chkbox = row.cells[0].childNodes[0]; if(null != chkbox && true == chkbox.checked) { if(rowCount <= 1) { // limit the user from removing all the fields alert("Cannot Remove all the Passenger."); break; } table.deleteRow(i); rowCount--; i--; } } } Edited by mac_gyver, 17 December 2014 - 01:13 PM. code tags around posted code please Hi, after following lots of advice and changing to MySqli I am running into a few probs. This is me just probably missing something stupid, I know what I want, but can't figure out what query I should use and where I should place it. All the queries I have tried have failed.
I just need a query that gets the $current_stored_password from the password field on the database, to confirm the last check
elseif ($current_password !== $current_stored_password) { include 'includes/overall/header.php'; echo $current_password . ' AND ' . $_POST['current_password'] . ' Password and password again do not match'; include 'includes/overall/header.php'; }Here is the whole script. <?php session_start(); error_reporting(0); //ini_set('display_errors', '1'); require( 'database.php' ); $username = $_SESSION['loggedinuser']; $current_stored_password = $_SESSION['password']; $current_password = $_POST['current_password']; $password = mysqli_real_escape_string($con, md5( $_POST['password'])); $password_again = mysqli_real_escape_string($con, md5( $_POST['password_again'])); // Run checks if (isset($_POST['current_password'], $_POST['password'], $_POST['password_again'])) { if( strlen( $_POST['current_password'] ) < 8 ) { include('includes/overall/header.php'); echo "Password Must Be 8 or More Characters."; include('includes/overall/footer.php'); } elseif( strlen( $_POST['password'] ) < 8 ) { include('includes/overall/header.php'); echo "Password Must Be 8 or More Characters."; include('includes/overall/footer.php'); } elseif ( strlen( $_POST['password_again'] ) < 8 ) { include('includes/overall/header.php'); echo "Password Must Be 8 or More Characters."; include('includes/overall/footer.php'); } elseif ($password !== $password_again) { include 'includes/overall/header.php'; echo ' Password and password again do not match'; include 'includes/overall/header.php'; } elseif ($current_password !== $current_stored_password) { include 'includes/overall/header.php'; echo $current_password . ' AND ' . $_POST['current_password'] . ' Password and password again do not match'; include 'includes/overall/header.php'; } else { // Define a query to run $query = "UPDATE `user` SET `password` = '$password' WHERE `username` = '$username'"; // Query the database $result = mysqli_query($con,$query); // Check if the query failed if( !$result ) { die('There was a problem executing the query ('.$query.'):<br>('.mysqli_errno($con).') '.mysqli_error($con)); } else { include 'includes/overall/header.php'; echo 'Password has been changed'; include 'includes/overall/footer.php'; } } } // Close the connection mysqli_close($con); ?>At the moment the message displayed when the form is submitted is echo $current_password . ' AND ' . $_POST['current_password'] . ' Password and password again do not match';How do I retrieve the password from the database to compare against the current password entered by the user? Any help is much appreciated. PS. Yes I know I have repeated code and that md5 is not secure, but I am just building onto a template I got and will be making changes to shorten the code and secure the password soon |