PHP - I Need A Second Set Of Eyes Please
Ok, I have been coding for a long time, but recently discovered I was doing things very sloppy and not very secure because register globals was on and I didn't know better.
I am now in a globals off and having issues with a few scripts. In this case I am using post data and trying to retrieve data from a mysql db. The error is "Notice: Undefined variable: Item_Number in C:\wamp\www\MasterRetail\productupdate.php on line 8" I have searched and all the help I have found has not been of help, so I think I am probably over looking something fairly trivial. <?php $db = mysql_connect("localhost", "username here", ""); mysql_select_db("tablename",$db); // Get Variables Here. $_POST['Item_Number'] = '$Item_Number'; if ($Item_Number) { if ($submit) { $sql = "UPDATE products SET Item_Number='$Item_Number',Page_Number='$Page_Number',ShortDescription='$ShortDescription',LongDescription='$LongDescription',Units='$Units',WholesalePrice='$WholesalePrice',RetailPrice='$RetailPrice',Heading='$Heading',TOCListing='$TOCListing',CrossSell1='$CrossSell1',CrossSell2='$CrossSell2',SubCatalog1='$SubCatalog1',SubCatalog2='$SubCatalog2',SubCatalog3='$SubCatalog3',InStock='$InStock',DateVerified='$DateVerified',KeyWords='$KeyWords',SubCat1PN='$SubCat1PN',SubCat2PN='$SubCat2PN',SubCat3PN='$SubCat3PN',PublicView='$PublicView',PhoneOrderOnly='$PhoneOrderOnly',Active='$Active' WHERE Item_Number='$Item_Number'"; $result = mysql_query($sql) or die($sql.'failed because '.mysql_error()); echo "Client Updated."; } else { // query the DB $sql1 = "SELECT * FROM products WHERE Item_Number='$Item_Number'"; $result = mysql_query($sql1) or die($sql1.'failed because '.mysql_error()); $myrow = mysql_fetch_array($result); ?> And here is what the URL looks like "http://sandbox/masterretail/productupdate.php?Item_Number=34240" Please help so I can continue learning, I so far have fixed about 85% of the flaws I had in the application.. Similar TutorialsParse error: syntax error, unexpected '{' in /home/content/54/6407054/html/test/adupload.php on line 31 <? include 'include/config.php'; $email = $_POST['email']; $code = $_POST['code']; $link = $_POST['link']; $sql = ( "SELECT * FROM ads WHERE email='$email' and code='$code' "); $result = mysql_query($sql); $count = mysql_num_rows($result); if ((($_FILES["file"]["type"] == "image/gif") || ($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/jpg") || ($_FILES["file"]["type"] == "image/pjpeg")) && ($_FILES["file"]["size"] < 5000000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { $_FILES["file"]["name"] = str_replace(" ", "_", $_FILES["file"]["name"]); if (file_exists("images/ads/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else ($count==1) { move_uploaded_file($_FILES["file"]["tmp_name"], "images/ads/" . $_FILES["file"]["name"]); $name = $_FILES["file"]["name"]; } header("Location: http://www.google.com"); } } } else { echo "Invalid file"; } ?> line 31 is here 29: && ($_FILES["file"]["size"] < 5000000)) 30: 31: { 32: 33: if ($_FILES["file"]["error"] > 0) I have a simple login - logout script as it stands working fine.. I can loggin get the proper message, choose to logout get the proper message and all sessions are being destroyed proper.. problem is when I try to go back directly to the member.php page it's given me an error of Notice: Undefined index: username in C:\wamp\www\protek\member.php on line 4 but still also telling me I have to be logged in to view this file <?php session_start(); if ($_SESSION['username']) { echo "Welcome, ".$_SESSION['username']."!<BR>"; echo "<a href=\"logout.php\">LOGOUT</a>"; } else { die("Your Have To Be Logged In To View This Page"); } ?> Hi Guys, What am I missing here Code: [Select] $lside_content2 .= "<tr><td> <a class=\"bl\" href = \"quiz_int3.php?id=$row[id]&pagenum=$pagenum\" target='_self'> $row[title]</a> ". echo ThumbsUp::item($row['id']); ."</p></td></tr>"; } I'm getting this error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING thank you for your help! Can anyone see any reason why the inputs in this form do not save any values entered into the database. Yet the selects and textareas do! Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Job Sheet</title> <link rel="stylesheet" type="text/css" href="styles.css"> </head> <body> <?php if(isset($_POST['submitform'])) { include('config-jobs.php'); //Parse & Escape form values $jobclient = mysql_real_escape_string(trim($_POST['jobclient'])); $jobbriefedby = mysql_real_escape_string(trim($_POST['jobbriefedby'])); $jobmanager = mysql_real_escape_string(trim($_POST['jobmanager'])); $jobdesc = mysql_real_escape_string(trim($_POST['jobdesc'])); $jobdate = mysql_real_escape_string(trim($_POST['jobdate'])); $joblocation = mysql_real_escape_string(trim($_POST['joblocation'])); $jobbrief = mysql_real_escape_string(trim($_POST['jobbrief'])); $jobassets = mysql_real_escape_string(trim($_POST['jobassets'])); //Create & Run insert query $query = "INSERT INTO jobnumbers (jobclient, jobbriefedby, jobmanager, jobdesc, jobdate, joblocation, jobbrief, jobassets) VALUES ('$jobclient', '$jobbriefedby', '$jobmanager', '$jobdesc', '$jobdate', '$joblocation', '$jobbrief', '$jobassets')"; $result = mysql_query($query); if (!$result) { //Query failed, display error echo"Error: <br />\n" . mysql_error() . "<br />\nQuery:<br />\n{$query}\n"; } else { //Display job id of inserted record. $id = mysql_insert_id(); $jobid = str_pad($id, 6, '0', STR_PAD_LEFT); $jobnum = "{$jobclient}-{$jobid}"; $query2 = "UPDATE jobnumbers SET jobnum = '$jobnum' WHERE jobid = '$id'"; $result2 = mysql_query($query2); if(!result2) { //Query failed, display error echo"Error 2: <br />\n" . mysql_error() . "<br />\nQuery:<br />\n{$query}\n"; }else{ echo"A new job has been added to the system. The ref number is $jobnum."; } } } ?> <div id="job-sheet"> <div id="job-sheet-inner"> <h1 class="job-sheet-h1">Job Sheet</h1> <h2 class="job-sheet-h2">No work will be accepted without a completed job sheet</h2> <form action="#" method="post"> <table cellpadding="0" cellspacing="0"> <tr> <td class="job-sheet-td-left">Client:</td> <td class="job-sheet-td-right"> <select id="jobclient" name="jobclient" class="job-sheet-select"> <?php include('config-jobs.php'); // Retrieve data from database $sql=" SELECT * FROM clients ORDER BY client_name ASC "; $result=mysql_query($sql); // Start looping rows in mysql database. while($rows=mysql_fetch_array($result)){ ?> <option value="<?php echo $rows['client_code']; ?>"><?php echo $rows['client_name']; ?></option> <?php // close while loop } // close connection mysql_close(); ?> </select> </td> </tr> <tr> <td class="job-sheet-td-left">Briefed By:</td> <td class="job-sheet-td-right"> <select id="jobbriefedby" name="jobbriefedby" class="job-sheet-select"> <?php include('config-clients.php'); // Retrieve data from database $sql=" SELECT staff_name FROM staff_list ORDER BY staff_name ASC "; $result=mysql_query($sql); // Start looping rows in mysql database. while($rows=mysql_fetch_array($result)){ ?> <option><?php echo $rows['staff_name']; ?></option> <?php // close while loop } // close connection mysql_close(); ?> </select> </td> </tr> <tr> <td class="job-sheet-td-left">Account Manager:</td> <td class="job-sheet-td-right"> <select id="jobmanager" name="jobmanager" class="job-sheet-select"> <?php include('config-clients.php'); // Retrieve data from database $sql=" SELECT staff_name FROM staff_list ORDER BY staff_name ASC "; $result=mysql_query($sql); // Start looping rows in mysql database. while($rows=mysql_fetch_array($result)){ ?> <option><?php echo $rows['staff_name']; ?></option> <?php // close while loop } // close connection mysql_close(); ?> </select> </td> </tr> <tr> <td class="job-sheet-td-left">Job Description:</td> <td class="job-sheet-td-right"><input type="text" id="jobdesc" name"jobdesc" class="job-sheet-input" value="Test Description" /></td> </tr> <tr> <td class="job-sheet-td-left">Date Required:</td> <td class="job-sheet-td-right"><input type="text" id="jobdate" name"jobdate" class="job-sheet-input" value="Test Date" /></td> </tr> <tr> <td class="job-sheet-td-left">Assets Located:</td> <td class="job-sheet-td-right"><input type="text" id="joblocation" name"joblocation" class="job-sheet-input " value="digital/kisumu/images/spring-summer-images" /></td> </tr> <tr> <td class="job-sheet-td-top" colspan="2">Brief:</td> </tr> <tr> <td class="job-sheet-td-bot" colspan="2"><textarea id="jobbrief" name="jobbrief" class="job-sheet-text" >Include as much information as possible</textarea></td> </tr> <tr> <td class="job-sheet-td-top" colspan="2">Assets Required:</td> </tr> <tr> <td class="job-sheet-td-bot" colspan="2"><textarea id="jobassets" name="jobassets" class="job-sheet-text">Include details of any logos, fonts, images, colours etc.</textarea></td> </tr> <tr> <td class="job-sheet-bot" colspan="2"><input type="submit" id="submitform" name="submitform" class="job-sheet-submit" value="Submit Job" /></td> </tr> </table> </form> </div><!-- /job-sheet-inner --> </div><!-- /job-sheet --> </body> </html> I am trying to update task based progress updates. I've got a very simple database that needs to be updated with:
Database name: progress
1. ID (auto increment)
2. admin (name of the project manager)
3. adminid (ID of the project manager in the project manager db)
4. member (name of the member of the project in the members db)
4. project (particular project being updated)
5. status (progress of the project as a number between 10 and 90)
6. timestamp
I have the following php script update insert a new line into my progress table:
if (!empty($_POST['progress'])) { if(Input::exists()) { if(Token::check(Input::get('token'))) { $adminprogress = Input::get('admin'); $adminidprogress = Input::get('adminid'); $memberprogress = Input::get('member'); $projectprogress = Input::get('project'); $statusprogress = Input::get('status'); $timestamp = date('Y-m-d H:i:s'); $progressupdate = DB::getInstance()->insert(progress, array( 'admin' => $adminprogress, 'adminid' => $adminidprogress, 'member' => $memberprogress, 'project' => $projectprogress, 'status' => $statusprogress, 'timestamp' => $timestamp )); Redirect::to('memberattire1.php'); } } }And I have the following code in the body of my page: <form method="post" action=""> <label> <select name="status"> <option value=choose>---Please Select---</option> <option value = "0">(10%) Bunker Registered</option> <option value = "10">(20%) First discussions held</option> <option value = "20">(30%) Initial research undertaken</option> <option value = "30">(40%) Ideas shared</option> <option value = "40">(50%) Enquiries made</option> <option value = "50">(60%) Results of enquiries shared</option> <option value = "60">(70%) Preferences shared</option> <option value = "70">(80%) Decisions made</option> <option value = "80">(90%) Decisions being executed</option> <option value = "90">(100%) Project Completed</option> </select> </label> <br><br> <input type="hidden" name="member" value="<?php echo $membername; ?>"> <input type="hidden" name="admin" value="<?php echo $admin; ?>"> <input type="hidden" name="adminid" value="<?php echo $adminid; ?>"> <input type="hidden" name="project" value="attire1"> <input type="hidden" name="token" value="<?php if(isset($token)) { echo $token; } else { echo $token = Token::generate(); } ?>" > <input type="submit" value="Submit Update" name="progress"> </form>I know my $membername, $admin and $adminid are ok because I can simply echo them out to confirm them, so there is something silly in my coding that I've overlooked. Can someone with a fresh pair of eyes see a typo or missed semi-colon or whatnot? Many thanks for any help. Parse error: syntax error, unexpected '(', expecting T_STRING or T_VARIABLE or T_NUM_STRING... I'm getting this error for this line: if ((int)$row['loyalty']<20) Thanks in advanced. Code: [Select] <?php session_start(); $successMsg = ''; $staff_id = $_SESSION['sid']; include_once "scripts/connect_to_mysql.php"; $customer_id = $_GET['cid']; $customer_id = mysql_real_escape_string($customer_id ); $customer_id = eregi_replace("`", "", $customer_id); $cust_project_id = $_GET['pid']; $cust_project_id = mysql_real_escape_string($cust_project_id ); $cust_project_id = eregi_replace("`", "", $cust_project_id); if (isset($_POST['billing_contact_fax_form_field_box'])){ $billing_contact_fname_form_field_box = $_POST['billing_contact_fname_form_field_box']; $billing_contact_lname_form_field_box = $_POST['billing_contact_lname_form_field_box']; $billing_contact_address_form_field_box = $_POST['billing_contact_address_form_field_box']; $billing_contact_city_form_field_box = $_POST['billing_contact_city_form_field_box']; $billing_contact_state_form_field_box = $_POST['billing_contact_state_form_field_box']; $billing_contact_zip_form_field_box = $_POST['billing_contact_zip_form_field_box']; $billing_contact_email_form_field_box = $_POST['billing_contact_email_form_field_box']; $billing_contact_phone_form_field_box = $_POST['billing_contact_phone_form_field_box']; $billing_contact_fax_form_field_box = $_POST['billing_contact_fax_form_field_box']; $billing_contact_pref_meth_contact_form_field_box = $_POST['billing_contact_pref_meth_contact_form_field_box']; $billing_contact_cc_billed_form_field_box = $_POST['billing_contact_cc_billed_form_field_box']; $sql = mysql_query("UPDATE billing_info SET contact_fname='$billing_contact_fname_form_field_box',contact_lame='$billing_contact_lname_form_field_box',address='$billing_contact_address_form_field_box',city='$billing_contact_city_form_field_box',state='$billing_contact_state_form_field_box',zip='$billing_contact_zip_form_field_box',email='$billing_contact_email_form_field_box',phone='$billing_contact_phone_form_field_box',fax='$billing_contact_fax_form_field_box',pref_meth_contact='$billing_contact_pref_meth_contact_form_field_box',cc_billed='$billing_contact_cc_billed_form_field_box' WHERE proj_id='$cust_project_id'"); $successMsg = '<p style="font-family:Myriad Web Pro" style="font-size:10px" style="color:#666">You have successfully updated the company\'s General Information.<br /><br /> <a href="javascript:window.close();">Close</a></p>'; echo $successMsg; exit(); } ?> I have played around with this for SOOOOO long. I have 2 other scripts that are almost exact replicas of this script. Only difference is they are communicating with a different table...but its basically the EXACT same structure of code and functions. My tables consist of some int values, some varchar values, and the data submitted in these variables should get written to the table where the project ID is = to the id I'm working with. All of that seems to be working fine but whenever I enter the info into the form and submit, NOTHING gets written to my table....I'm completely STUMPED and P-O'd that I just wasted a complete 2 hours doing guess and check and cross comparing scripts. I can't find a thing!!!! Below is my html.....hopefully someone smarter than me can put 2 and 2 together because obviously I am an idiot!!!! Also its organized so well that you would think diagnosing the issue would be simple....not the case. I am totally and utterly stumped. I will even add my other code that works to show you what I mean. Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link rel="stylesheet" type="text/css" href="style.css"/> <script type="text/javascript"> <!-- Form Validation --> function validate_form ( ) { valid = true; if ( document.form.billing_contact_fname_form_field_box.value == "" ) { alert ( "Please fill out the First Name field." ); valid = false; } if ( document.form.billing_contact_lname_form_field_box.value == "" ) { alert ( "Please fill out the Last Name field." ); valid = false; } if ( document.form.billing_contact_address_form_field_box.value == "" ) { alert ( "Please fill out the Address field." ); valid = false; } if ( document.form.billing_contact_city_form_field_box.value == "" ) { alert ( "Please fill out the City field." ); valid = false; } if ( document.form.billing_contact_state_form_field_box.value == "" ) { alert ( "Please fill out the State field." ); valid = false; } if ( document.form.billing_contact_zip_form_field_box.value == "" ) { alert ( "Please fill out the Zip field." ); valid = false; } if ( document.form.billing_contact_email_form_field_box.value == "" ) { alert ( "Please fill out the Email field." ); valid = false; } if ( document.form.billing_contact_phone_form_field_box.value == "" ) { alert ( "Please fill out the Phone field." ); valid = false; } if ( document.form.billing_contact_fax_form_field_box.value == "" ) { alert ( "Please fill out the Fax field." ); valid = false; } return valid; } <!-- Form Validation --> </script> </head> <body> <div id="pg_container"> <!--PAGE CONTAINER--> <div id="pgbdy_container"> <div id="pgbdy"> <div id="bdy_header"></div> <div id="bdy_content_area"> <div id="bdy_content_general_info"> <div id="bdy_form_header"> <p> Please complete the Billing Information form below.<br /> <i>Fields marked with a</i> <b>*</b> <i>are required fields.</i> </p> </div> <form action="" method="post" enctype="multipart/form-data" id="form" name="form" onsubmit="return validate_form ( );"> <!--BILLING CONTACT FIRST NAME--> <div id="billing_contact_fname_form"> <div id="billing_contact_fname_form_text"> <p>*First Name:</p> </div> <div id="billing_contact_fname_form_field"> <input name="billing_contact_fname_form_field_box" type="text" /> </div> </div> <!--BILLING CONTACT FIRST NAME--> <!--BILLING CONTACT LAST NAME--> <div id="billing_contact_lname_form"> <div id="billing_contact_lname_form_text"> <p>*Last Name:</p> </div> <div id="billing_contact_lname_form_field"> <input name="billing_contact_lname_form_field_box" type="text" /> </div> </div> <!--BILLING CONTACT LAST NAME--> <!--BILLING CONTACT ADDRESS NAME--> <div id="billing_contact_address_form"> <div id="billing_contact_address_form_text"> <p>*Address:</p> </div> <div id="billing_contact_address_form_field"> <input name="billing_contact_address_form_field_box" type="text" /> </div> </div> <!--BILLING CONTACT ADDRESS NAME--> <!--BILLING CONTACT CITY NAME--> <div id="billing_contact_city_form"> <div id="billing_contact_city_form_text"> <p>*City:</p> </div> <div id="billing_contact_city_form_field"> <input name="billing_contact_city_form_field_box" type="text" /> </div> </div> <!--BILLING CONTACT CITY NAME--> <!--BILLING CONTACT STATE NAME--> <div id="billing_contact_state_form"> <div id="billing_contact_state_form_text"> <p>*State:</p> </div> <div id="billing_contact_state_form_field"> <input name="billing_contact_state_form_field_box" type="text" /> </div> </div> <!--BILLING CONTACT STATE NAME--> <!--BILLING CONTACT ZIP NAME--> <div id="billing_contact_zip_form"> <div id="billing_contact_zip_form_text"> <p>*Zip:</p> </div> <div id="billing_contact_zip_form_field"> <input name="billing_contact_zip_form_field_box" type="text" /> </div> </div> <!--BILLING CONTACT ZIP NAME--> <!--BILLING CONTACT EMAIL NAME--> <div id="billing_contact_email_form"> <div id="billing_contact_email_form_text"> <p>*Email:</p> </div> <div id="billing_contact_email_form_field"> <input name="billing_contact_email_form_field_box" type="text" /> </div> </div> <!--BILLING CONTACT EMAIL NAME--> <!--BILLING CONTACT PHONE NAME--> <div id="billing_contact_phone_form"> <div id="billing_contact_phone_form_text"> <p>*Phone:</p> </div> <div id="billing_contact_phone_form_field"> <input name="billing_contact_phone_form_field_box" type="text" /> </div> </div> <!--BILLING CONTACT PHONE NAME--> <!--BILLING CONTACT FAX NAME--> <div id="billing_contact_fax_form"> <div id="billing_contact_fax_form_text"> <p>Fax:</p> </div> <div id="billing_contact_fax_form_field"> <input name="billing_contact_fax_form_field_box" type="text" /> </div> </div> <!--BILLING CONTACT FAX NAME--> <!--BILLING CONTACT PREFERRED METHOD OF CONTACT NAME--> <div id="billing_contact_pref_meth_contact_form"> <div id="billing_contact_pref_meth_contact_form_text"> <p>*Preferred Method of Contact:</p> </div> <div id="billing_contact_pref_meth_contact_form_field"> <select name="billing_contact_pref_meth_contact_form_field_box"> <option value="Email">Email</option> <option value="Phone">Phone</option> <option value="Fax">Fax</option> <option value="">Physical Mail</option> </select> </div> </div> <!--BILLING CONTACT PREFERRED METHOD OF CONTACT NAME--> <!--BILLING CONTACT CREDIT CARD OR BILLED NAME--> <div id="billing_contact_cc_billed_form"> <div id="billing_contact_cc_billed_form_text"> <p>*Will the customer pay with Credit Card or will they be billed (Credit must be approved before ordering)?</p> </div> <div id="billing_contact_cc_billed_form_field"> <select name="billing_contact_cc_billed_form_field_box"> <option value="Credit Card">Credit Card</option> <option value="Billed">Billed</option> </select> </div> </div> <!--BILLING CONTACT CREDIT CARD OR BILLED NAME--> <!-- SUBMIT BUTTON --> <div id="submit_billing_info"> <input name="submit_billing_info" type="submit" /> </div> <!-- SUBMIT BUTTON --> </form> </div> </div> </div> </div> <!--PAGE CONTAINER--> </div> </body> </html> Now here is the code that works in its entirety....please note that the above is broken up just as it would be seen on the page. PHP at the top and then the HTML. It mimics the script I am about to paste below. Please help meeeeeeee!!!! Code: [Select] <?php session_start(); $successMsg = ''; $staff_id = $_SESSION['sid']; include_once "scripts/connect_to_mysql.php"; $customer_id = $_GET['cid']; $customer_id = mysql_real_escape_string($customer_id ); $customer_id = eregi_replace("`", "", $customer_id); $cust_project_id = $_GET['pid']; $cust_project_id = mysql_real_escape_string($cust_project_id ); $cust_project_id = eregi_replace("`", "", $cust_project_id); if (isset($_POST['company_name'])){ $company_name = ereg_replace("[[^A-Z a-z0-9]]", "", $_POST['company_name']); // filter everything but numbers and letters $customer_fname = ereg_replace("[^A-Z a-z0-9]", "", $_POST['customer_fname']); // filter everything but spaces, numbers, and letters $customer_lname = ereg_replace("[^A-Z a-z0-9]", "", $_POST['customer_lname']); // filter everything but spaces, numbers, and letters $customer_address = ereg_replace("[^A-Z a-z0-9]", "", $_POST['customer_address']); // filter everything but spaces, numbers, and letters $customer_city = ereg_replace("[^A-Z a-z0-9]", "", $_POST['customer_city']); // filter everything but numbers and letters $customer_state = ereg_replace("[^A-Z a-z0-9]", "", $_POST['customer_state']); // filter everything but numbers and letters $customer_zip = ereg_replace("[^A-Za-z0-9]", "", $_POST['customer_zip']); // filter everything but numbers and letters $customer_email = stripslashes($_POST['customer_email']); $customer_email = strip_tags($customer_email); $customer_email = mysql_real_escape_string($customer_email); $customer_phone = ereg_replace("[^A-Za-z0-9]", "", $_POST['customer_phone']); // filter everything but spaces, numbers, and letters $customer_fax = ereg_replace("[^A-Za-z0-9]", "", $_POST['customer_fax']); // filter everything but spaces, numbers, and letters $cust_pre_meth_contact = $_POST['cust_pre_meth_contact']; // filter everything but spaces, numbers, and letters $date_of_entry = date("F j, Y, g:i a"); $sql = mysql_query("UPDATE company_info SET company_name='$company_name',contact_fname='$customer_fname',contact_lname='$customer_lname', address='$customer_address', city='$customer_city', state='$customer_state', zip='$customer_zip', email='$customer_email', phone='$customer_phone', fax='$customer_fax',pref_meth_contact='$cust_pre_meth_contact',entry_date='$date_of_entry' WHERE proj_id='$cust_project_id'"); $successMsg = '<p style="font-family:Myriad Web Pro" style="font-size:13px" style="color:#666">You have successfully updated <b>' . $company_name . '\'s</a></b> Company Information.<br /><br /> <a href="javascript:window.close();">Close</a></p>'; echo $successMsg; exit(); } $sql = mysql_query("SELECT * FROM company_info WHERE proj_id='$cust_project_id' LIMIT 1"); while ($row = mysql_fetch_array($sql)) { $company_name = $row["company_name"]; $company_contact_fname = $row["contact_fname"]; $company_contact_lname = $row["contact_lname"]; $company_address = $row["address"]; $customer_city = $row["city"]; $customer_state = $row["state"]; $customer_zip = $row["zip"]; $customer_email = $row["email"]; $customer_phone = $row["phone"]; $customer_fax = $row["fax"]; $cust_pre_meth_contact = $row["pref_meth_contact"]; $cust_entry_date = $row["entry_date"]; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> <link rel="stylesheet" type="text/css" href="style.css"/> <script type="text/javascript"> <!-- Form Validation --> function validate_form ( ) { valid = true; if ( document.form.company_name.value == "" ) { alert ( "Company Name field must not be blank." ); valid = false; } if ( document.form.customer_fname.value == "" ) { alert ( "Customer Address field must not be blank." ); valid = false; } if ( document.form.customer_lname.value == "" ) { alert ( "Customer Address field must not be blank." ); valid = false; } if ( document.form.customer_address.value == "" ) { alert ( "Customer Address field must not be blank." ); valid = false; } if ( document.form.customer_city.value == "" ) { alert ( "Customer City field must not be blank." ); valid = false; } if ( document.form.customer_state.value == "" ) { alert ( "Customer State field must not be blank." ); valid = false; } if ( document.form.customer_zip.value == "" ) { alert ( "Customer Password field must not be blank." ); valid = false; } if ( document.form.customer_email.value == "" ) { alert ( "Customer Email field must not be blank." ); valid = false; } if ( document.form.customer_phone.value == "" ) { alert ( "Customer Phone field must not be blank." ); valid = false; } if ( document.form.customer_fax.value == "" ) { alert ( "Customer Fax field must not be blank." ); valid = false; } return valid; } <!-- Form Validation --> </script> </head> <body> <div id="pg_container"> <!--PAGE CONTAINER--> <div id="pgbdy_container"> <div id="pgbdy"> <div id="bdy_header"></div> <div id="bdy_content_area"> <div id="bdy_content"> <div id="bdy_form_header"> <p> Create a new customer by filling out the form below.<br /> <i>Fields marked with a</i> <b>*</b> <i>are required fields.</i> </p> </div> <form action="edit_company_info.php?sid=<?php echo "$staff_id"; ?>&cid=<?php echo "$customer_id"; ?>&pid=<?php echo "$cust_project_id"; ?>" method="post" id="form" name="form" enctype="multipart/form-data" onsubmit="return validate_form ( );"> <!-- COMPANY NAME --> <div id="company_name_form"> <div id="company_name_text"> <p> Company Name: </p> </div> <div id="company_name_field"> <input name="company_name" type="text" id="company_name" value="<?php echo "$company_name"; ?>" /> </div> </div> <!--COMPANY NAME--> <!-- CUSTOMER FIRST NAME --> <div id="customer_fname_form"> <div id="customer_fname_text"> <p> Contact First Name: </p> </div> <div id="customer_fname_field"> <input name="customer_fname" type="text" id="customer_fname" value="<?php echo "$company_contact_fname"; ?>" /> </div> </div> <!-- CUSTOMER FIRST NAME --> <!-- CUSTOMER LAST NAME --> <div id="customer_lname_form"> <div id="customer_lname_text"> <p> Contact Last Name: </p> </div> <div id="customer_lname_field"> <input name="customer_lname" type="text" id="customer_lname" value="<?php echo "$company_contact_lname"; ?>" /> </div> </div> <!-- CUSTOMER LAST NAME --> <!-- CUSTOMER ADDRESS --> <div id="customer_address_form"> <div id="customer_address_text"> <p> Address: </p> </div> <div id="customer_address_field"> <input name="customer_address" type="text" id="customer_address" value="<?php echo "$company_address"; ?>" /> </div> </div> <!--CUSTOMER ADDRESS--> <!-- CUSTOMER CITY --> <div id="customer_city_form"> <div id="customer_city_text"> <p> City: </p> </div> <div id="company_name_field"> <input name="customer_city" type="text" id="customer_city" value="<?php echo "$customer_city"; ?>" /> </div> </div> <!--CUSTOMER CITY--> <!-- CUSTOMER STATE --> <div id="customer_state_form"> <div id="customer_state_text"> <p> State: </p> </div> <div id="customer_state_field"> <input name="customer_state" type="text" id="customer_state" value="<?php echo "$customer_state"; ?>" /> </div> </div> <!--CUSTOMER STATE--> <!-- CUSTOMER ZIP --> <div id="customer_zip_form"> <div id="customer_zip_text"> <p> Zip: </p> </div> <div id="customer_zip_field"> <input name="customer_zip" type="text" id="customer_zip" value="<?php echo "$customer_zip"; ?>" /> </div> </div> <!--CUSTOMER ZIP--> <!-- CUSTOMER EMAIL --> <div id="customer_email_form"> <div id="customer_email_text"> <p> Email: </p> </div> <div id="customer_email_field"> <input name="customer_email" type="text" id="customer_email" value="<?php echo "$customer_email"; ?>" /> </div> </div> <!--CUSTOMER EMAIL--> <!-- CUSTOMER PHONE--> <div id="customer_phone_form"> <div id="customer_phone_text"> <p> Phone: </p> </div> <div id="customer_phone_field"> <input name="customer_phone" type="text" id="customer_phone" value="<?php echo "$customer_phone"; ?>" /> </div> </div> <!--CUSTOMER PHONE--> <!-- CUSTOMER FAX--> <div id="customer_fax_form"> <div id="customer_fax_text"> <p> Fax: </p> </div> <div id="customer_fax_field"> <input name="customer_fax" type="text" id="customer_fax" value="<?php echo "$customer_fax"; ?>" /> </div> </div> <!--CUSTOMER FAX--> <!-- CUSTOMER PREFERRED METHOD OF CONTACT --> <div id="cust_pre_meth_contact_form"> <div id="cust_pre_meth_contact_text"> <p> What is the customer's preferred method of contact?<br /> <select name="cust_pre_meth_contact"> <option value="Email">Email</option> <option value="Fax">Fax</option> <option value="Phone">Phone</option> <option value="Physical Mail">Physical Mail</option> </select> </p> </div> </div> <!--CUSTOMER PREFERRED METHOD OF CONTACT --> <!-- SUBMIT BUTTON --> <div id="submit_new_customer_form"> <div id="submit_new_customer_button"> <p> <input name="submit_new_customer_info" type="submit" id="submit_new_customer" value="Update Customer Company Info" /> </p> </div> </div> </form> <!--SUBMIT BUTTON--> </div> </div> </div> </div> <!--PAGE CONTAINER--> </div> </body> </html> I've been hacking at this for 3 hours now.. My syntax seems to be screwed up on something, but I cannot find it for the life of me! Error thrown is obvious I am missing or have something nested wrong! Parse error: parse error in C:\wamp\www\php\php_study\login_processor.php on line 22 Here is my code. Error is being thrown on the line of the elseif statment. <?php include('db_cxn.php'); $cxn = mysqli_connect($host, $user, $pass, $db) or die("Query died: connect"); $sql = "SELECT username FROM users WHERE username = '$_POST[username]'"; $result = mysqli_query($cxn, $sql) or die("Query Died: username"); $num = mysqli_num_rows($result); if ($num > 0) { $sql = "SELECT username FROM users WHERE username='$_POST[username]' AND password=md5('$_POST[password]')"; $result2 = mysqli_query($cxn, $sql) or die("Query died: password"); $num2 = mysqli_num_rows($result2); if ($num2 > 0) { $_SESSION['auth']; $_SESSION['logname'] = $_SESSION['username']; } //if ($num2 > 0) header("Location: the_secret_page.php"); } //if ($num > 0) else { $message1 = "The login name, '$_POST[username]' does not exist in the database. Please try again"; $username = strip_tags(trim($_POST[username])); include('login_form.php'); } //else elseif ($num == 0) { $message1 = "The username you entered does not exist. Please try again.s"; include("login_form.php"); } //elseif ($num == 0) ?> I don't think my form html/php code is necessary, but I'll include it for reference: <h1>Login Form</h1> <?php $fields_1 = array("username" => "User Name", "password" => "Password"); ?> <form method="post" action="login_processor.php"> <fieldset> <legend>Login Form</legend> <?php if (isset($message_1)) { echo "$message_1"; } //if (isset($message_1)) foreach ($fields_1 as $field => $value) { if (preg_match("/pass/i", $field)) $type = "password"; else $type = "text"; echo "<div id='field'> <label for='$field'>$value</label> <input id='$field' name='$field' type='$type' value='" . @$$field . "' size='20' maxlength='50' /> </div>\n"; } //foreach ($fields_1 as $field => $value) ?> <input type="submit" name="Button" value="Login" /> </fieldset> </form> I am trying to insert into my database and it's just not having non of it. No errors are comming up at all, but no data is getting passed through. Code: [Select] if(isset($_POST['sub'])) { include("../scrips/php/cms/database.insert.class.php"); $table = "blog_posts"; $title = $_POST['ArticleTitle']; $img = "2"; $post = $_POST['ArticleBody']; $aurthor_id = "1"; $category_id = "4"; $date_posted = "NOW()"; $values = array("$title","$img","$post","$aurthor_id","$category_id","$date_posted"); $fields = array('title','img','post','aurthor_id','category_id','date_posted'); //echo $values['0']."<br/>".$fields['0']; //$obj->ArticleInsert($table,$fields,$tvalues); $values_imploded = implode("','",$values); $fields_imploded = implode(",",$fields); $i = "INSERT INTO $table ($values_imploded) VALUES ($fields_imploded)"; mysql_query($i) or die( "<br>Query string: <br>Produced error: " . mysql_error() );; } Hello We have a series of sites that use Google API to serve locations stored in local DB, that show google maps from within given PHP pages within our sites (these pages also have other db driven content we wish to keep.... Each 'member' in our sites, they each have a google map shown on each page present for their 'location' menu tab... These calls to the google map API, often goes over our daily allotment of freebie map presentations from the google API It is SE and other Bots that run these view numbers off the charts and prevent the google maps from loading the actual maps - we get a google map err message - advising that maximum views have been reached... (we see this in our server error logs) Thoughts on how i can serve this map code to only legit http requests (human eyes) or at least reduce the burden of bot crawl requests to the google API? here is the code we use to call the maps - We need to encapsulate Google Map Display in a snippet that will block it from getting hit by bots.... Huge Thanks! Code: [Select] <form target="_blank" method="GET" action="http://maps.google.com/maps"> <input type="hidden" name="daddr" value="<? echo "$address, $city, $state $zip $country" ?>"> <?php display_tooltip("Please enter your starting point in the form address, city, state zip country or simply enter your city", "mapdir");?> <input type="text" name="saddr" value="your starting point" onfocus=this.select()> <input class="clickableL" type="submit" value="Map and Directions"> </form> |