PHP - A Href Link Not Working

Hi people,

I've been having trouble with this for a while now. Basically, i have this website: http://el07jpg.info . You can log in with username:doctor1 password:password1

Once you've logged on, u can click on "Patients". Then, if you click on a patient, it shows their info. Then at the bottom, I have links to glucose readings and heart rate readings... but when I click on either of those links, it goes back to the main page, showing all the patients..

The weird thing is that I got this to work for the first step, u click on the <a href> link of a patient, and it brings you to their page. Then I've done the EXACT same thing to link to the glucose or heart rate readings of that specific patient, but it doesn't work. I really can't see what i've done wrong. Although I noticed in the address bar, when I click on glucose readings for example, the url is http://el07jpg.info/index.php?op=patients&id=&reading=glucose (id should be equal to a number, like id=4, but there's no number... Any help would be much appreciated! Cheers! Code for op_patients.php page:


<?php

//Page if a set of records is selected from a single patient's page

if ($_REQUEST[reading]+0) {

        $GLOBALS['html']['css'][]="default.css";
   $reading_source=$_REQUEST[reading]+0;
   $sql="select * from {$reading_source}_readings where patientRFID='{$patient[patientRFID]}' ";
   $results=mysql_select_assoc($sql);
   if (!$results){
      $GLOBALS[err][]="No records exist!";
      exit;
   }
   
   $GLOBALS['html']['title']="Patient: {$patient[first_name]} {$patient[last_name]}'s {$reading_source} readings ";
       
        echo $reading_source;
}

//Page if a single patient is selected

if ($_REQUEST[id]+0) {

        $GLOBALS['html']['css'][]="default.css";
   $id=$_REQUEST[id]+0;
   $sql="select * from patients where doctorID='{$_SESSION[user][id]}' and patientID='$id' ";
   $patient=mysql_select_assoc($sql);
   if (!$patient){
      $GLOBALS[err][]="The patient can't be found!";
      exit;
   }
   
   $GLOBALS['html']['title']="Patient: {$patient[last_name]}, {$patient[first_name]} ";
       
   $output.="
        <br>
        <table border='1' cellpadding='5' cellspacing='5' width='600'>
        <tr><td rowspan=6><img src=\"$patient[photo]\"> </td>
        <th>Name: </th><td>{$patient[first_name]} {$patient[last_name]} </td></tr>
        <tr><th>D.O.B: </th><td>{$patient[dob]} </td></tr>
        <tr><th>Email: </th><td>{$patient[email]} </td></tr>
        <tr><th>Phone Number: </th><td>{$patient[phone_no]}</td></tr>
        <tr><th>Address: </th><td>{$patient[address]}</td></tr>
        <tr><th><br> Comments:<br> </th>
        <td>{$patient[comments]} </td></tr>
        </table>

        <table border='1' cellpadding='5' cellspacing='5' width='600'>
        <tr><th colspan=3><br>Medical Readings<br><br></th></tr>
        <tr>
        <td align='center' width='300'>
        <a href='index.php?op=patients&id={$v[patientID]}&reading=glucose'>Glucose Readings</a>
        </td>
   <td colspan=2 align='center' width='300'>
   <a href='index.php?op=patients&id={$v[patientID]}&reading=heart'>Heart Rate Readings</a>
   </td>
   </tr> 
        </table>
   ";

   echo $output;
        exit;
}

//Main Page showing all patients

$GLOBALS['html']['title']="Patients";
$GLOBALS['html']['css'][]="default.css";

if(!$_SESSION[user][id]) {
        $er="Access Denied! Please Log in.";
        echo "<div style='color:red;'>$er</div>";
} else {


$sql="select * from patients where doctorID='{$_SESSION[user][id]}' order by last_name";
$d=mysql_getarray_assoc($sql);
$output='';
foreach ($d as $v){
   $output.="
   <tr><td>
   <a href='index.php?op=patients&id={$v[patientID]}'>{$v[last_name]}, {$v[first_name]}</a>
   </td></tr>
   ";
}

echo "
<table width=80% align=left border='1' cellpadding='5' cellspacing='5' width='100%'>
<tr><th class=popupheader align='left'>
Patient Name<br><br>
</th></tr>
$output
</table>
";

}


?>

Hello Everyone,

I'm using PHP with MySQL.  One of the fields in the database is website.  The code I'm using is as follows:

variable:

$web=mysql_result($result,$i,"web");

html/php code:

<td><font face="Arial, Helvetica, sans-serif"><a href="<? echo "$web"; ?>">Website</a></font></td>

What it should do is have the clickable word Website with the correct url from the database.  Instead it's repeating the website the page is on.  For example it's doing this:

http://mywebsite/www.enteredwebsite.com

Any help is appreciated.

Hey all,

I'm working on a website to show various products.  I am using PHP, HTML, MySQL.  I have a products page which shows a table of products (either all or just products from a specific category).  Currently, the page works fine, shows an image, brand, name, and price of each product.  However, when I have tried to make the image and the brand and name a link, it doesn't fully work.  In the page source it will show correctly, but on the webpage itself I cannot click on the links.  I have scoured various forums and manuals and have tried all the various ways to code the <a href=> but it still does not work right.  Here's a snippet of the code with the link...

Code: [Select]
/*Other code above for MySQL queries, HTML table etc*/

<td>
<?php
echo '<a href="details.php?id=' . $row['id'] . '"><img src="resize.php?id=' . $row['id'] . '"/></a>';
?>
</td>
<td>
<?php
echo "<a href=\"details.php?id=" . $row['id'] . "\">" . $row['brand'] . "<br>" . $row['name'] . "</a><br>";
echo "Price: $" . $row['price'] . "<br>";
?>
</td>

I have even tried putting the <a href="details.php?id=<?php echo $row['id']; ?> ... </a> just between the <td> and </td>.  I still can't click the links on the page, even though they are technically there.  The page source will show <a href="details.php?id=1"> ... =2"> ... =3"> ... etc for each product that is displayed.  If I actually type details.php?id=1 in my browser and go back to the products page the text will change color to the "visited link" color.

Any insight into my dilemma?
Thanks in advance...

This works:
Code: [Select]
form action="http://localhost/mysite/css/screen.css" method="post">
This does not work:
Code: [Select]
<?php
$link_1 = "http://localhost/mysite/css/screen.css" ;
$link_2 = '"' . "http://localhost/mysite/css/screen.css" .'"' ;
?>

<form action=<?php echo $link_1;?>  method="post">
<form action=<?php echo $link_2;?>  method="post">
Why do neither of the PHP variables work?

Thanks!

here's my code that i've used to send an email.

Code: [Select]
$link = "<a href=\"http://www.example.com/" . $num . "\">" . $num . "</a>";

$query = "SELECT content FROM emails";
$result = mysql_query($query) or die();
$email_content = mysql_result($result, 0);
$email = sprintf($email_content, $first, $name, $from, $link, $record, $rec, $inc, $max);
$email_body = stripslashes(htmlentities($email, ENT_QUOTES, 'UTF-8'));

// this is sent to another php script via post....

$subject = $_POST['subject'];
$message = nl2br(html_entity_decode($_POST['email_body']));
$to = "me@whatever.com";
$charset='UTF-8';
$encoded_subject="=?$charset?B?" . base64_encode($subject) . "?=\n";
$headers="From: " . $userEmail . "\n"
. "Content-Type: text/html; charset=$charset; format=flowed\n"
. "MIME-Version: 1.0\n"
. "Content-Transfer-Encoding: 8bit\n"
. "X-Mailer: PHP\n";
mail($to,$encoded_subject,$message,$headers);
   

in the db, emails.content is of the text type and contains several lines of text with %4$s which inserts the value of $link into the body.  when the email arrives, there is a link and it appears fine, with the value of $num hyperlinked.  however when you click on it it doesn't go anywhere.  when copying the link location from the email it gives me

x-msg://87/%22http://www.example.com/16

what is x-msg?  how can i get this to work properly?

Hi guys; 

I've managed to find my way into something of a maze. 

<td> <a href="'Details/21/index.php'"?id= . $id .'>" . $row['id'] . "</a> </td> 

I'm looking at this line in the code. I realise it's currently in the wrong syntax but I'm just trying multiple different variations.

At the moment I'm actually just trying to make it go to a static link but my real goal is to - get it to pick up the id number, of the id row I click, and concatenate that with the rest of my address string. Then use that as the href. 

Something like this: -

"'Details/' + $id + '/index.php'"

It's really confusing me though inside this loop and for some reason the id number is being picked up as an int, by the looks of things. It's getting above my level of understanding. 

Any chance one of you masters would through a n00b a lifeline? 

 

This is my code below 

 

<!DOCTYPE html>
<html>
<head>
	<title>LifeSaver DB</title>
	<h1> LifeSaver Database </h1>
</head>
<body>
	<table>
		<tr>
			<th>Id</th>
			<th>Location</th>					
			<th>Initials</th>
			<th>TimeStamp</th>
			<th>Notes</th>					
		</tr>
		<?php
		$conn = mysqli_connect("localhost", "meh", "pas", "DB"); 
		// Check connection
		if ($conn->connect_error) {
			die("Connection failed: " . $conn->connect_error);
			}
			
		$sql = "SELECT * FROM LifeSaver1 ORDER BY id DESC";
		$result = $conn->query($sql);
		
		if ($result->num_rows > 0) {
			// output data of each row
			while($row = $result->fetch_assoc()) {
				
				//for href row
				$id = $row['id'];
				$Footage = ['Footage'];
				
				echo 
				"<tr>
					<td> <a href="'Details/21/index.php'"?id= . $id .'>" . $row['id'] . "</a> </td>                
					<td>" . $row["Location"] . "</td>		
					<td>" . $row["Initials"]. "</td>
					<td>" . $row["TimeStamp"]. "</td>	
					<td>" . $row["Notes"] . "</td>
							
				</tr>";}
				
				//show table
				echo "</table>";
				} else { echo "0 results"; }
			$conn->close();

	?>
	</table>
</body>
<style>
	
table, td, th {
  border: 1px solid black;
  margin: auto;
}

table {
  border-collapse: collapse;
color: #000;   <!--font colour -->
font-family: monospace;
font-size: 18px;
text-align: center;}

th {
background-color: #337AFF;
color: white;
font-weight: bold; }

tr:nth-child(odd) {background-color: #add8e6}


</style>
</html>

 

Edited February 8, 2020 by JonnyDriller

Hi all

I have a page which has the following link on it:

<a href="view-listings.php?live&id=<?php echo $showlistings['id'] ?>" title="Click here to make this listing live"><img src="../images/not-live.gif" width="20" title="Click here to make this listing live" alt="Click here to make this listing live" /></a>

Which runs this part of the script:

if (isset($_GET['live'])) {
$liveid = $_GET['id'];
   mysql_query("UPDATE `listings` SET live = 1 WHERE id = '".$liveid."'");
   header ("Location: view-listings.php");
}

Which works great on Safari but it says "Page cannot be displayed" on a PC running Internet Explorer 8?

Please help!

Pete

The link in the email is showing up as plain text and not as a link.  How do I fix this?

if($notify === true)
   {
      $sender = fetch_user_info(fetch_username_by_id ($user_info['uid']));
      $receiver = fetch_user_info(fetch_username_by_id ($uid));
      
      $sender['displayName']       = ucwords("{$sender['firstname']} {$sender['lastname']}");
      $receiver['displayName']   = ucwords("{$receiver['firstname']} {$receiver['lastname']}");
      
      $body = "<table>Hi ${receiver['firstname']},\n
      \n
      <a href=\"http://mysite.com/u/{$sender['username']}\" title=\"Go to {$sender['displayName']}'s profile\">{$sender['displayName']}</a> would like to be.\n
      Please sign in to .\n
      \n
      The who</table>";
   
   mail($receiver['email'], 'fssd', $body, 'From: noreply@site.com');
   // return $sender;
   }

Hello all,

I'm new to any kind of coding, but I recently graduated college with an English degree and decided to try to become a technical writer, but quickly realized I would need to learn some basic coding to publish stuff as many companies are moving away from paper.  Anyway, that's the background to why I'm about to ask a really simple question:

I wrote a login script, and it rejects people correctly who don't have the correct credentials, and it accepts the people that do, but while the failed attempts send the appropriate alert (the alert also pops up when u first open the page, which if you all can figure out why and stop it, that would be awesome, but its not the main problem), for those who do log in it does not send them to the link that I'm trying to send them to upon log in.  Instead, they stay on the same page, but the login text boxes are gone.  Any help would be appreciated, thanks.  Here is the code:
<html>
<body style="background-color:rgb(240,230,200);font-family:Times;font-size:110%;">
<p style="text-align:center;font-family:Arial;font-size:250%"> ///text removed for privacy///</p>
<p style="text-align:center;font-family:Arial;font-size:200%"> ////text removed for privacy </p>
<CENTER><img src="////removed for privacy/////" width="700" height="500"/></Center>
<p style="text-align:center;"> To access the site, please use enter your User ID and Password. </p>
<center>
<?php error_reporting (E_ALL ^ E_NOTICE); ?>
<?php
session_start();
include("passwords.php");
if ($_POST["ac"]=="log") { 
     if ($USERS[$_POST["username"]]==$_POST["password"]) {
          $_SESSION["logged"]=$_POST["username"];
     } else {
          echo 'Please enter a vaild Username and Password';
     };
};
if (array_key_exists($_SESSION["logged"],$USERS))   
    header("index.html");
    else {
    echo "<script>alert('Please enter valid Username and Password')</script>";
     echo '<form action="login.php" method="post"><input type="hidden" name="ac" value="log"> ';
     echo 'Username: <input type="text" name="username" /><br />';
     echo 'Password: <input type="password" name="password" /><br />';
     echo '<input type="submit" value="Login" />';
     echo '</form>';
   }
?>
</center>
</body>
</html>

I have to make a calendar which can go back & forth between years and months. when you click on the month it is supposed to show the calendar of that month and the year you clicked.

you can view the site where i can put the php.
http://helios.ite.gmu.edu/~easad/lab7.php

Thanks a bunch!

Code: [Select]

 
 if ($_GET["year"]=="")
{
$year=date("Y");
$previousYear = $year-1;
$nextYear = $year+1;
}
else
{
$year=$_GET["year"];
$previousYear = $year-1;
$nextYear = $year+1;

}

 if ($_GET["month"]=="")
{
$month=date("n");

}
else
{
$month=$_GET["month"];


}

This link is driving me crazy

<a id ="savepdf" href="invoice.php?invoice_id=<?=$invoiceID?>"value="Save This Invoice"><button class="block" id ="printbtn" onclick="myFunction()";>Save Invoice</button></a>

 

when a user selects this link it works ok saves a pdf file to a folder on server.

i want to relocate after link submitted.

If i use this link it does redirect but does not save the pdf file to folder on server

<a id ="savepdf" href="invoice.php?invoice_id=<?=$invoiceID?>"value="Save This Invoice" onclick="window.location.href='mypage.php'; ;return false;"><button class="block" id ="printbtn" onclick="myFunction()";>Save Invoice</button></a>

my registration script for my website, does sent activation link to newly registered user's for some reason.  can some one please help me, i have stay up all-night just to figure out the problem. any help appreciated    

<?php
$from = ""; // Initialize the email from variable
// This code runs only if the username is posted
if (isset ($_POST['username'])){

    $username = preg_replace('#[^A-Za-z0-9]#i', '', $_POST['username']); // filter everything but letters and numbers
    $gender = preg_replace('#[^a-z]#i', '', $_POST['gender']); // filter everything but lowercase letters
    $b_m = preg_replace('#[^0-9]#i', '', $_POST['birth_month']); // filter everything but numbers
     $b_d = preg_replace('#[^0-9]#i', '', $_POST['birth_day']); // filter everything but numbers
    $b_y = preg_replace('#[^0-9]#i', '', $_POST['birth_year']); // filter everything but numbers
     $email1 = $_POST['email1'];
     $email2 = $_POST['email2'];
     $pass1 = $_POST['pass1'];
     $pass2 = $_POST['pass2'];

     $humancheck = $_POST['humancheck'];

     $email1 = stripslashes($email1);
     $pass1 = stripslashes($pass1);
     $email2 = stripslashes($email2);
     $pass2 = stripslashes($pass2);

     $email1 = strip_tags($email1);
     $pass1 = strip_tags($pass1);
     $email2 = strip_tags($email2);
     $pass2 = strip_tags($pass2);

     // Connect to database
     include_once "scripts/connect_to_mysql.php";
     $emailCHecker = mysql_real_escape_string($email1);
    $emailCHecker = str_replace("`", "", $emailCHecker);
    // Database duplicate username check setup for use below in the error handling if else conditionals
    $sql_uname_check = mysql_query("SELECT username FROM myMembers WHERE username='$username'");
     $uname_check = mysql_num_rows($sql_uname_check);
     // Database duplicate e-mail check setup for use below in the error handling if else conditionals
     $sql_email_check = mysql_query("SELECT email FROM myMembers WHERE email='$emailCHecker'");
     $email_check = mysql_num_rows($sql_email_check);

     // Error handling for missing data
     if ((!$username) || (!$gender) || (!$b_m) || (!$b_d) || (!$b_y) || (!$email1) || (!$email2) || (!$pass1) || (!$pass2)) {

     $errorMsg = 'ERROR: You did not submit the following required information:<br /><br />';

     if(!$username){
       $errorMsg .= ' * User Name<br />';
     }
     if(!$gender){
       $errorMsg .= ' * Gender: Confirm your sex.<br />';
     }
    if(!$b_m){
       $errorMsg .= ' * Birth Month<br />';
     }
    if(!$b_d){
       $errorMsg .= ' * Birth Day<br />';
     }
    if(!$b_y){
       $errorMsg .= ' * Birth year<br />';
     }
    if(!$email1){
       $errorMsg .= ' * Email Address<br />';
     }
    if(!$email2){
       $errorMsg .= ' * Confirm Email Address<br />';
     }
    if(!$pass1){
       $errorMsg .= ' * Login Password<br />';
     }
    if(!$pass2){
       $errorMsg .= ' * Confirm Login Password<br />';
     }

     } else if ($email1 != $email2) {
              $errorMsg = 'ERROR: Your Email fields below do not match<br />';
     } else if ($pass1 != $pass2) {
              $errorMsg = 'ERROR: Your Password fields below do not match<br />';
     } else if ($humancheck != "") {
              $errorMsg = 'ERROR: The Human Check field must be cleared to be sure you are human<br />';
     } else if (strlen($username) < 4) {
              $errorMsg = "<u>ERROR:</u><br />Your User Name is too short. 4 - 20 characters please.<br />";
     } else if (strlen($username) > 20) {
              $errorMsg = "<u>ERROR:</u><br />Your User Name is too long. 4 - 20 characters please.<br />";
     } else if ($uname_check > 0){
              $errorMsg = "<u>ERROR:</u><br />Your User Name is already in use inside of our system. Please try another.<br />";
     } else if ($email_check > 0){
              $errorMsg = "<u>ERROR:</u><br />Your Email address is already in use inside of our system. Please use another.<br />";
     } else { // Error handling is ended, process the data and add member to database
     ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

     $email1 = mysql_real_escape_string($email1);
     $pass1 = mysql_real_escape_string($pass1);

     // Add MD5 Hash to the password variable
     $db_password = md5($pass1);

    // Convert Birthday to a DATE field type format(YYYY-MM-DD) out of the month, day, and year supplied
    $full_birthday = "$b_y-$b_m-$b_d";

     // GET USER IP ADDRESS
     $ipaddress = getenv('REMOTE_ADDR');

     // Add user info into the database table for the main site table
     $sql = mysql_query("INSERT INTO myMembers (username, gender, birthday, email, password, ipaddress, sign_up_date)
     VALUES('$username','$gender','$full_birthday','$email1','$db_password', '$ipaddress', now())")
     or die (mysql_error());

     $id = mysql_insert_id();

    // Create directory(folder) to hold each user's files(pics, MP3s, etc.)
     mkdir("members/$id", 0755);

    //!!!!!!!!!!!!!!!!!!!!!!!!!    Email User the activation link    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    $to = "$email1";

    $from = $dyn_www; // $adminEmail is established in [ scripts/connect_to_mysql.php ]
    $subject = 'Complete Your ' . $dyn_www . ' Registration';
    //Begin HTML Email Message
    $message = "Hi $username,

   Complete this step to activate your login identity at $dyn_www

   Click the line below to activate when ready

   http://$dyn_www/activation.php?id=$id&sequence=$db_password
   If the URL above is not an active link, please copy and paste it into your browser address bar

   Login after successful activation using your:
   E-mail Address: $email1
   Password: $pass1

   See you on the site!";
   //end of message
   $headers  = "From: $from\r\n";
    $headers .= "Content-type: text\r\n";

    mail($to, $from, $subject, $message, $headers);

   $msgToUser = "<h2>One Last Step - Activate through Email</h2><h4>$username, there is one last step to verify your email identity:</h4><br />
   In a moment you will be sent an Activation link to your email address.<br /><br />
   <br />
   <strong><font color=\"#990000\">VERY IMPORTANT:</font></strong>
   If you check your email with your host providers default email application, there may be issues with seeing the email contents.  If this happens to you and you cannot read the message to activate, download the file and open using a text editor.<br /><br />
   ";

   include_once 'msgToUser.php';
   exit();

   } // Close else after duplication checks

} else { // if the form is not posted with variables, place default empty variables so no warnings or errors show

     $errorMsg = "";
      $username = "";
     $gender = "";
     $b_m = "";
     $b_d = "";
     $b_y = "";
     $email1 = "";
     $email2 = "";
     $pass1 = "";
     $pass2 = "";
}

?>

Hey there guys, small problem here that I can't seem to figure out. I am in the process of programming a database with user-access control.  I have the log-in system working great, but the logout link, which is located next to the logged-in username seems to not be echoing correctly. It is loading the 'Logout' text in text-form only, not link-form....

Any ideas on what may be causing this small glitch?? Thanks!!   

I have attached relevant code for said part for reference.


<img src="images/username.png" height="20" width="20">&nbsp;<b>Welcome</b> <?php echo ("<font color=#9e0219>$username</font>");?>, <?php echo '<a href="logout.php">Logout</a>';?>

for some reason the password reset part of my site has stopped working and I am very sure that nothing has been altered in the related files since they was created.

a visitor clicks 'reset password' link on our site and is taken to the following file which initiates the reset password routine.  the visitor would get a link they need to click for the password to be altered and emailed to them.

this first file does update the database with a `changeofpasswordcode`and this is emailed as it should be.

Code: [Select]
<?PHP
  include('includes/connection.php');
  include('includes/functions.php');
  date_default_timezone_set('Europe/London');

  if(isset($_POST['reset']) && trim($_POST['reset']) == 'Reset Password') {

    $email    = mysql_real_escape_string($_POST['email']);

    $checkConfirmed = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verifyCode != '' LIMIT 1");
$checkEmail = mysql_query("SELECT account_id FROM customers WHERE email='$email' LIMIT 1");
$checkVerify = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verified='No' LIMIT 1");
    $checkBanned = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND suspended='Yes' LIMIT 1");

    if(!$email) {
      $thisError = 'Please enter your e-mail address.';
    } else if(! mysql_num_rows($checkEmail)) {
      $thisError = 'That email address is not registered with us.';
    } else if(mysql_num_rows($checkConfirmed)) {
      $thisError = 'Your email address has not been verified, please check your email and following instructions within.';
    } else if(mysql_num_rows($checkVerify)) {
      $thisError = 'Your account has not been approved by an Admin.';
    } else if(mysql_num_rows($checkBanned)) {
      $thisError = 'Your account has been suspended by an Admin.';
    } else {
      //
    }
  }

  include('includes/header.php');
?>
<body>

  <div class="headerBar">
<? include('includes/navigation.php');?>
  </div>

  <? headerText(); ?>

  <div class="content">
    <div class="widthLimiter contentStyle">
      <div class="formWrapper" style="width: 500px;">
        <? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?>
        <? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?>
        <span class="subHeader">Initiate Password Reset</span>
<? // password reset
$useremail  = isset($_POST['email']) != '' ? trim($_POST['email']) : '' ;
if ($useremail != "") {
// get email and password and email them
$sql = "SELECT * FROM `customers` WHERE (`email` = '" . mysql_real_escape_string($useremail) . "') LIMIT 1";
$res = mysql_query($sql);
$email = @mysql_result($res, 0 ,'email');
$customerName = @mysql_result($res, 0 ,'fullname');
if(@mysql_num_rows($res) && @mysql_result($res, 0 ,'verified') == "Yes" && @mysql_result($res, 0 ,'suspended') == "No") {
if(@mysql_result($res, 0 ,'changeofpasswordcode') != "") {
$randomcode = @mysql_result($res, 0 ,'changeofpasswordcode');
} else { $randomcode = CreatePasswordResetCode();
}
$_SESSION['customerName'] = $customerName;
$_SESSION['customerEmail'] = $email;
$_SESSION['randomcode'] = $randomcode;
createEmailSend('passwordReset', 'Request to reset your password', 'customer');
$format = 'Y-m-d H:i:s'; $date = date( $format );
// set value in DB that email WAS sent
$sql = "UPDATE `customers` SET `changeofpasswordcode` = '" . $randomcode . "', `newpasswordrequestedon` = '" . $date . "' WHERE `email` = '" . mysql_real_escape_string($email) . "' LIMIT 1";
$res = mysql_query($sql);
?><br /><br /><div>You will shortly receive an email which contains a reset password link,<br>please check your email and click this link to reset your password.<br /><br />A new password will then be emailed to you.</div><?
} else { // not valid username entered.
?><br /><br /><div>If you are having trouble accessing your account please let us know<br />via <a href="mailto:admin@tm2cars.co.uk">email</a> and we shall look into this
    for you A.S.A.P.</div><?
}
} else { ?><br /><br /><div style=""><form method="post" action="">Please enter your Email Address for your account in the<br>field below and click 'Reset' to initiate a password reset.<br /><br /><input name="email" type="text" size="25"><input type="submit" name="reset" value=" Reset Password"></form></div>
  <?
  } ?>
      </div>
    </div>
  </div>
<? include('includes/footer.php');?>
</body>
</html>

once they get their email they click the link which taken them to the next page which would perform the change of password and have it emailed to them.  the link has the correct `changeofpasswordcode` which is in the database but when the link is clicked the page says that the code is not valid as it is not in the DB.  and then it removes the `changeofpasswordcode`

it should only remove the `changeofpasswordcode` once the new password is setup and emailed, so that the link can not be used again.

what i do not understand is why the second file does this, can anyone see what i might be doing wrong ?  or what could be causing this  ?

Code: [Select]
<?PHP
  include('includes/connection.php');
  include('includes/functions.php');
  date_default_timezone_set('Europe/London');

  if(isset($_POST['reset']) && trim($_POST['reset']) == 'Reset') {

    $email    = mysql_real_escape_string($_POST['email']);

    $checkVerify = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND verified='No' LIMIT 1");
    $checkBanned = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND suspended='Yes' LIMIT 1");

    if(!$email) {
      $thisError = 'Please enter your e-mail address.';
    } else if(!$password) {
      $thisError = 'Please enter your password.';
    } else if(mysql_num_rows($checkVerify)) {
      $thisError = 'Your account has not been approved by an Admin.';
    } else if(mysql_num_rows($checkBanned)) {
      $thisError = 'Your account has been suspended by an Admin.';
    } else {
      $password = md5($password);

      $checkAccount = mysql_query("SELECT account_id FROM customers WHERE email='$email' AND password='$password' LIMIT 1");
      if(mysql_num_rows($checkAccount)) {
        $_SESSION['FM_user'] = $email;
        header('Location: members.php'); exit;
      } else {
        $thisError = 'Your e-mail address and/or password is incorrect.';
      }
    }
  }

  include('includes/header.php');
?>
<body>

  <div class="headerBar">
<? include('includes/navigation.php');?>
  </div>

  <? headerText(); ?>

  <div class="content">
    <div class="widthLimiter contentStyle">
      <div class="formWrapper">
        <? if(isset($thisError)) { echo '<div class="errorDiv">',$thisError,'</div>'; } ?>
        <? if(isset($thisSuccess)) { echo '<div class="successDiv">',$thisSuccess,'</div>'; } ?>
        <span class="subHeader">Initiate Password Reset</span>
<?
// include("sendmail2010.php");
$securitycode = stripstring($_GET[pwr]);
if ($securitycode != "") { $sql = "SELECT * FROM `customers` WHERE `changeofpasswordcode` = '".mysql_real_escape_string($securitycode)."' LIMIT 1";
$res = mysql_query($sql);
if (@mysql_num_rows($res) && $securitycode != "") {
$customerName = @mysql_result($res, 0 ,'fullname');
$email = @mysql_result($res, 0 ,'email');
$yourpasswordtologin = CreateNewPassword();
$format = 'Y-m-d H:i:s'; $date = date( $format );
$sql = "UPDATE `customers` SET `password` = '" . md5(mysql_real_escape_string($yourpasswordtologin)) . "', `changeofpasswordcode` = '', `newpasswordrequestedon` = '' WHERE `changeofpasswordcode` = '" . mysql_real_escape_string($securitycode) . "' LIMIT 1";
$res = mysql_query($sql);
$_SESSION['customerName'] = $customerName;
$_SESSION['customerEmail'] = $email;
$_SESSION['generatePass'] = $yourpasswordtologin;
createEmailSend('newPassword', 'Your new password', 'customer');
?><div style="margin: 30px;">Thank you for completing your password reset process.<br><br>An email with a randomly generated password has been sent to your email address, please check your email account for this email as you will need this password to access your <?=$_SESSION['siteName'];?> account.<br><br><strong><em>Please check your 'spam folder' in case our emails are showing up there.</em></strong><br><br>You may now <a href="<?=$_SESSION['webAddress'];?>">sign in</a> to your account.</div><?
} else { ?><div style="margin: 20px;">Sorry the link you clicked is and old password reset link or is not valid, please delete the email.<br><br>If you were trying to reset your password, please click the<br>'Member Login' link on our site and then click the 'Reset Password' link.</div><?
}
} ?>
      </div>
    </div>
  </div>
<? include('includes/footer.php');?>
</body>
</html>

Hi all,
I have written a piece of code querying the database to display the last ten posts from different users on a forum/blog. This is displaying the titles of the posts but I am unsure how to create a link (complete novice) to read the content of those posts. I get the syntax etc but can't really get my head around the target, if you catch my drift. I have created a new php file called recentposts but am unsure of how to take it from there. The code for both is below. The first piece of code works fine but when I click read more I am getting an undefined variable message on line 11 (I'm guessing there should be a link between the two pieces of code) and I am getting mysqli_fetch_array() expects parameter 1 to be mysqli_result on line 12. Any thoughts/hints/suggestions welcome. Thanks in advance.

Code: [Select]
<?php
$connection = @mysqli_connect('localhost','root','','BLOG_PROJECT') //Make a connection to the database
or die(mysqli_connect_error("Could not connect to the server")); //If it doesn't connect give the error message
$latestposts= mysqli_query($connection,"SELECT author_id, title FROM blogposts ORDER BY timeofpost DESC LIMIT 9");//Query the database
while($displayposts=@mysqli_fetch_array($latestposts)){ //go and get the information
echo "{$displayposts['title']}</br>";
echo "<a href='recentposts.php'>Read more</a></br>";
} 
?>

And the recentposts.php is

Code: [Select]
<?php
$connection = @mysqli_connect('localhost','root','','BLOG_PROJECT')
or die(mysqli_connect_error("Could not connect to the server"));
$detail= mysqli_query($connection,"SELECT * FROM blogposts WHERE 'title', 'content', 'timeofpost' = $content");
while($singlepage = mysqli_fetch_array($connection,$detail)){
extract($singlepage);
echo "<h2>{$singlepage['title']}</h2></br>";
echo "{$singlepage['content']}</br>";
echo "{$singlepage['timeofpost']}";
}
?>