PHP - Input Validation In The Php Manual
Where in the PHP manual can I find information about input validation? I looked and I seem to not find it.
I am intending to create my own email input validation. Similar TutorialsHello Guys... I need help about my validate scripts... $(document).ready(function(){ //Validation jQuery.validator.addMethod('validIPurl', function(value) { var ip = '^([01]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]).([01]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]).([01]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]).([01]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])$'; var URL = /^(http|https)?:\/\/[a-zA-Z0-9-\.]+\.[a-z]{2,4}/; //HOW TO JOIN AND VALIDATE BOTH VARIABLE IP AND URL???? } }, 'Invalid Address'); //if(/^(http|https|ftp):\/\/[a-z0-9]+([\-\.]{1}[a-z0-9]+)*\.[a-z]{2,5}(:[0-9]{1,5})?(\/.*)?$/i) $(".myfirstform").validate( { rules: { ip: { validIPurl: true } }, ); },I use jquery.validate javascripts to validate user input.. I also try to create if..else to join IP and URL but the control statement not working Hope you guys can help for the solution... i'm really sorry, if there is a word that makes you confused. Code: [Select] <?php $ip = $_SERVER['REMOTE_ADDR']; if($_POST['hapus']=='Hapus') { $qDelDetail = mysql_query("DELETE FROM tbl_u_pekerjaan WHERE id_u_pekerjaan = '".$_POST['id_u_pekerjaan']."'"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <style> .suggestion { position:absolute; background-color:#eee; border:1px solid #CCC; display: none; width:400px; } .suggestion ul{ margin : 0 ; padding : 5px 5px ; } .suggestion ul li{ padding-top : 2px ; cursor : pointer ; list-style : none ; } .suggestion ul li:hover{ cursor : pointer ; list-style : none ; color : red ; /*font-weight : bold ;*/ } #form1 #pagu1 { border: 1px solid #999999; height: 21px; width: 355px; } </style> </head> <body> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td class="border_all" height="34" bgcolor="#CCCCCC"><strong><img src="image/icon_1.png" align="absmiddle" width="22" height="22" /> Pemeliharaan Komputer </strong></td> </tr> <tr> <td><hr size="1" color="#999999" /></td> </tr> <tr> <td> <table width="100%" border="0" cellspacing="2" cellpadding="3"> <form id="form1" name="form1" method="post" action=""> <tr> <td width="30%">Tahun Anggaran</td> <td width="2%">:</td> <td width="68%"><select name="thn_anggaran" id="thn_anggaran"> <?php $thn_on = date("Y"); ?> <option value="<?=$thn_on;?>"><?=$thn_on;?></option> <?php for($i = 2000; $i <= $thn_on; $i++) { ?> <option value="<?=$i;?>"><?=$i;?></option> <?php } ?> </select></td> </tr> <tr> <td width="30%">Jenis Anggaran</td> <td width="2%">:</td> <td width="68%"><select name="id_jns_anggaran"> <?php include "conn_ra.php"; ?> <?php $qRea = mysql_query("SELECT * FROM tbl_jns_anggaran ORDER BY id_jns_anggaran ASC"); while($dtRea = mysql_fetch_array($qRea)) { ?> <option value="<?=$dtRea['id_jns_anggaran'];?>"><?=$dtRea['nm_jns_anggaran'];?></option> <?php } ?> </select></td> </tr> <tr> <td align="left" valign="top">Nama Program</td> <td align="left" valign="top">:</td> <td align="left" valign="top"><input type="text" id="kd_program" name="kd_program" size="8" onkeyup="javascript:suggestme('program');" autocomplete="off" /> <input type="text" id="nm_program" name="nm_program" size="50" onkeyup="javascript:suggestme('program');" autocomplete="off" /> <div id="suggestion_program" class="suggestion"></div></td> </tr> <tr> <td align="left" valign="top">Nama Kegiatan</td> <td align="left" valign="top">:</td> <td align="left" valign="top"><input type="text" id="kd_kegiatan" name="kd_kegiatan" size="8" onkeyup="javascript:suggestme('kegiatan');" autocomplete="off" /> <input type="text" id="nm_kegiatan" name="nm_kegiatan" size="50" onkeyup="javascript:suggestme('kegiatan');" autocomplete="off" /> <div id="suggestion_kegiatan" class="suggestion"></div></td> </tr> <tr> <td align="left" valign="top">Nama Sub Kegiatan</td> <td align="left" valign="top">:</td> <td align="left" valign="top"><input type="text" id="kd_sub_kegiatan" name="kd_sub_kegiatan" size="8" onkeyup="javascript:suggestme('sub_kegiatan');" autocomplete="off" /> <input type="text" id="nm_sub_kegiatan" name="nm_sub_kegiatan" size="50" onkeyup="javascript:suggestme('sub_kegiatan');" autocomplete="off" /> <div id="suggestion_sub_kegiatan" class="suggestion"></div></td> </tr> <tr> <td align="left" valign="top">MAK</td> <td align="left" valign="top">:</td> <td align="left" valign="top"><input type="text" id="kd_mak" name="kd_mak" size="8" onkeyup="javascript:suggestme('mak');" autocomplete="off" /> <input type="text" id="nm_mak" name="nm_mak" size="50" onkeyup="javascript:suggestme('mak');" autocomplete="off" /> <div id="suggestion_mak" class="suggestion"></div></td> </tr> <!-- <tr> <td align="left" valign="top"><strong>Pagu</strong></td> <td align="left" valign="top"><strong>:</strong></td> <td align="left" valign="top"><div id="pagu1"></div> <input name="pagu" type="text" id="pagu" size="60" maxlength="250" /></td> </tr> --> <tr> <td width="30%"> Komputer </td> <td width="2%">:</td> <td width="68%"><select name="id_inventaris" id="id_inventaris"> <?php include "conn.php"; if(isset($_POST['id_inventaris'])) { $qKomputer = mysql_query("SELECT a.id_inventaris, a.nmr_inventaris, a.merk, a.type, a.processor_type FROM v_inventaris a WHERE id_inventaris = '".$_POST['id_inventaris']."'"); $dtKomputer = mysql_fetch_array($qKomputer); ?> <option value="<?=$dtKomputer['id_inventaris']?>"><?=$dtKomputer['nmr_inventaris'];?> | <?=$dtKomputer['merk'];?> <?=$dtKomputer['type'];?> <?=$dtKomputer['processor_type'];?></option> <?php }else { ?> <option>-Pilih Komputer-</option> <?php } ?> <?php $qKomputer = mysql_query("SELECT a.id_inventaris, a.nmr_inventaris, a.merk, a.type, a.processor_type FROM v_inventaris a WHERE EXISTS ( SELECT b.id_inventaris FROM tbl_memiliki b WHERE a.id_inventaris = b.id_inventaris ) ORDER BY id_inventaris ASC"); while($dtKomputer = mysql_fetch_array($qKomputer)) { ?> <option value="<?=$dtKomputer['id_inventaris']?>"><?=$dtKomputer['nmr_inventaris'];?> | <?=$dtKomputer['merk'];?> <?=$dtKomputer['type'];?> <?=$dtKomputer['processor_type'];?></option> <? } ?> </select> </td> </tr> <tr> <td>Jenis Pemeliharaan </td> <td>:</td> <td><select name="id_jenis" id="id_jenis"> <?php include "conn.php"; if(isset($_POST['id_jenis'])) { $qJenis = mysql_query("SELECT * FROM tbl_jenis WHERE id_jenis = '".$_POST['id_jenis']."'"); $dtJenis = mysql_fetch_array($qJenis); ?> <option value="<?=$dtJenis['id_jenis'];?>"><?=$dtJenis['nm_jenis'];?></option> <?php }else { ?> <option>-Pilih Jenis Pemeliharaan-</option> <?php } ?> <?php $qJenis = mysql_query("SELECT * FROM tbl_jenis ORDER BY id_jenis ASC"); while($dtJenis = mysql_fetch_array($qJenis)) { ?> <option value="<?=$dtJenis['id_jenis'];?>"><?=$dtJenis['nm_jenis'];?></option> <? } ?> </select> </td> </tr> <tr> <td>No. Surat/Memo</td> <td>:</td> <td><input name="no_surat" type="text" id="no_surat" size="50" /></td> </tr> <tr> <td>Tanggal Surat/Memo </td> <td>:</td> <td><input name="tgl_surat" type="text" id="tgl_surat" size="10" value="<?=$_POST['tgl_surat'];?>" /> <script language="JavaScript" type="text/javascript"> new tcal ({ // form name 'formname': 'form1', // input name 'controlname': 'tgl_surat' }); </script></td> </tr> <tr> <td>Asal Surat </td> <td>:</td> <td><input name="asal_surat" type="text" id="asal_surat" size="50" /></td> </tr> <tr> <td>Penanggung Jawab Pemeliharaan </td> <td>:</td> <td><select name="nip" id="nip"> <?php if(isset($_POST['nip'])) { $qNip = mysql_query("SELECT * FROM tbl_pegawai WHERE nip = '".$_POST['nip']."'"); $dtNip = mysql_fetch_array($qNip); ?> <option value="<?=$dtNip['nip'];?>"><?=$dtNip['nama'];?></option> <?php }else { ?> <option>-Pilih Penanggung Jawab Pemeliharaan-</option> <?php } ?> <?php $qNip = mysql_query("SELECT * FROM tbl_pegawai ORDER BY nama ASC"); while($dtNip = mysql_fetch_array($qNip)) { ?> <option value="<?=$dtNip['nip'];?>"><?=$dtNip['nama'];?></option> <? } ?> </select> </td> </tr> <tr> <td>No. SPK/Kuitansi </td> <td>:</td> <td><input name="no_spk" type="text" id="no_spk" size="50" /></td> </tr> <tr> <td>Tanggal SPK/Kuitansi </td> <td>:</td> <td><input name="tgl_pemeliharaan" type="text" id="tgl_pemeliharaan" size="10" value="<?=$_POST['tgl_pemeliharaan'];?>" /> <script language="JavaScript" type="text/javascript"> new tcal ({ // form name 'formname': 'form1', // input name 'controlname': 'tgl_pemeliharaan' }); </script></td> </tr> <tr> <td align="left" valign="top">Nama Rekanan </td> <td align="left" valign="top">:</td> <td align="left" valign="top"><input name="nm_rekanan" value="<?=$_POST['nm_rekanan'];?>" type="text" id="nm_rekanan" size="35" /></td> </tr> <tr> <td> </td> <td> </td> <td><input type="submit" name="Submit" value="Simpan" /></td> </tr> <?php if($_POST['Submit']=='Simpan') { // data sudah ada atau belum $qCr = mysql_query("SELECT id_pemeliharaan FROM tbl_pemeliharaan WHERE tgl_pemeliharaan = STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y') AND id_jenis = '".$_POST['id_jenis']."' AND nm_rekanan = '".$_POST['nm_rekanan']."' AND id_pemeliharaan = '".$_POST['id_pemeliharaan']."'"); $dtCr = mysql_num_rows($qCr); if($dtCr <= 0) { /* $qId = mysql_query("SELECT id_pemeliharaan FROM tbl_pemeliharaan ORDER BY id_pemeliharaan DESC"); $dtId = mysql_fetch_array($qId); $id_pemeliharaan = $dtId[0] + 1; $id_realisasi_anggaran = $dtId[0] + 1; $qInsertData = mysql_query("INSERT INTO tbl_pemeliharaan(id_pemeliharaan, id_inventaris, id_jenis, nip, tgl_input, tgl_pemeliharaan, nm_rekanan, no_surat, tgl_surat, asal_surat, no_spk) VALUES('".$id_pemeliharaan."', '".$_POST['id_inventaris']."', '".$_POST['id_jenis']."', '".$_POST['nip']."', CURRENT_DATE(), STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y'), '".$_POST['nm_rekanan']."', '".$_POST['no_surat']."', STR_TO_DATE('".$_POST['tgl_surat']."','%m/%d/%Y'), '".$_POST['asal_surat']."', '".$_POST['no_spk']."')")or die(mysql_error()); include "include/conn_ra.php"; $qInsertData = mysql_query("INSERT INTO tbl_realisasi_anggaran(thn_anggaran, id_jns_anggaran, kd_program, kd_kegiatan, kd_sub_kegiatan, kd_bas, tgl_realisasi) VALUES('".$_POST['thn_anggaran']."', '".$_POST['id_jns_anggaran']."', '".$_POST['kd_program']."', '".$_POST['kd_kegiatan']."', '".$_POST['kd_sub_kegiatan']."', '".$_POST['kd_bas']."', STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y'))")or die(mysql_error()); */ $qId = mysql_query("SELECT id_pemeliharaan FROM tbl_pemeliharaan ORDER BY id_pemeliharaan DESC"); $dtId = mysql_fetch_array($qId); $id_pemeliharaan = $dtId[0] + 1; include("conn_ra.php"); $kd_sub_sistem = "PMKOM-".$id_pemeliharaan; //kd sub sistem di sistem anggaran $queryAlokasi = "SELECT alokasi_anggaran FROM tbl_alokasi_anggaran WHERE thn_anggaran = '".$_POST['thn_anggaran']."' AND id_jns_anggaran = '".$_POST['id_jns_anggaran']."' AND kd_program = '".$_POST['kd_program']."' AND kd_kegiatan = '".$_POST['kd_kegiatan']."' AND kd_sub_kegiatan = '".$_POST['kd_sub_kegiatan']."' AND kd_bas = '".$_POST['kd_mak']."' AND pj_anggaran = 'Bagian Sistem Informasi'"; $qAlokasi = mysql_query($queryAlokasi); $dtAlokasi = mysql_fetch_array($qAlokasi); $queryRealisasi = "SELECT realisasi_anggaran FROM tbl_realisasi_anggaran WHERE thn_anggaran = '".$_POST['thn_anggaran']."' AND id_jns_anggaran = '".$_POST['id_jns_anggaran']."' AND kd_program = '".$_POST['kd_program']."' AND kd_kegiatan = '".$_POST['kd_kegiatan']."' AND kd_sub_kegiatan = '".$_POST['kd_sub_kegiatan']."' AND kd_bas = '".$_POST['kd_mak']."' AND pj_anggaran = 'Bagian Sistem Informasi'"; $qRealisasi = mysql_query($queryRealisasi); $dtRealisasi = mysql_fetch_array($qRealisasi); $sisaAnggaran = $dtAlokasi['alokasi_anggaran'] - $dtRealisasi['realisasi_anggaran']; $qInsertAnggaran = mysql_query("INSERT INTO tbl_realisasi_anggaran(thn_anggaran, id_jns_anggaran, kd_program, kd_kegiatan, kd_sub_kegiatan, kd_bas, kd_sub_sistem, pj_anggaran, tgl_realisasi) VALUES('".$_POST['thn_anggaran']."', '".$_POST['id_jns_anggaran']."', '".$_POST['kd_program']."', '".$_POST['kd_kegiatan']."', '".$_POST['kd_sub_kegiatan']."', '".$_POST['kd_mak']."', '".$kd_sub_sistem."', 'Bagian Sistem Informasi', STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y'))") or die(mysql_error()); mysql_close($link1); include("conn.php"); /* $qInsertData = mysql_query("INSERT INTO tbl_pemeliharaan(thn_anggaran, id_jns_anggaran, kd_program, kd_kegiatan, kd_sub_kegiatan, kd_bas, id_pemeliharaan, id_kendaraan, id_jenis, nip, tgl_input, tgl_pemeliharaan, nm_bengkel, no_surat, tgl_surat, asl_surat, no_spk, pagu) VALUES('".$_POST['thn_anggaran']."', '".$_POST['id_jns_anggaran']."', '".$_POST['kd_program']."', '".$_POST['kd_kegiatan']."', '".$_POST['kd_sub_kegiatan']."', '".$_POST['kd_mak']."','".$id_pemeliharaan."', '".$_POST['id_kendaraan']."', '".$_POST['id_jenis']."', '".$_POST['nip']."', CURRENT_DATE(), STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y'), '".$_POST['nm_bengkel']."', '".$_POST['no_surat']."', STR_TO_DATE('".$_POST['tgl_surat']."','%m/%d/%Y'), '".$_POST['asl_surat']."', '".$_POST['no_spk']."', '".$sisaAnggaran."')") or die(mysql_error()); */ if(empty($_POST['thn_anggaran']) OR empty($_POST['id_jns_anggaran']) OR empty($_POST['kd_program']) OR empty($_POST['kd_kegiatan']) OR empty($_POST['kd_sub_kegiatan'])OR empty($_POST['kd_mak'])OR empty($_POST['id_inventaris'])OR empty($_POST['id_jenis'])OR empty($_POST['no_surat'])OR empty($_POST['tgl_surat'])OR empty($_POST['asal_surat'])OR empty($_POST['nip'])OR empty($_POST['no_spk'])OR empty($_POST['tgl_pemeliharaan'])OR empty($_POST['nm_rekanan'])) { echo '<script>alert("Data masih ada yang kosong!");</script>'; echo '<html><head> <meta http-equiv="refresh" content="0;url=index.php?p=tambah_pemeliharaan"> </head></html>'; } elseif($qInsertData = mysql_query("INSERT INTO tbl_pemeliharaan(thn_anggaran, id_jns_anggaran, kd_program, kd_kegiatan, kd_sub_kegiatan, kd_bas, id_pemeliharaan, id_inventaris, id_jenis, nip, tgl_input, tgl_pemeliharaan, nm_rekanan, no_surat, tgl_surat, asal_surat, no_spk) VALUES('".$_POST['thn_anggaran']."', '".$_POST['id_jns_anggaran']."', '".$_POST['kd_program']."', '".$_POST['kd_kegiatan']."', '".$_POST['kd_sub_kegiatan']."', '".$_POST['kd_mak']."','".$id_pemeliharaan."', '".$_POST['id_inventaris']."', '".$_POST['id_jenis']."', '".$_POST['nip']."', CURRENT_DATE(), STR_TO_DATE('".$_POST['tgl_pemeliharaan']."','%m/%d/%Y'), '".$_POST['nm_rekanan']."', '".$_POST['no_surat']."', STR_TO_DATE('".$_POST['tgl_surat']."','%m/%d/%Y'), '".$_POST['asal_surat']."', '".$_POST['no_spk']."')") or die(mysql_error())) /*if($qInsertData) {*/ ?>{ <script type="text/javascript"> var answer = confirm("Input data berhasil, Lanjutkan ke uraian pekerjaan ?") if (answer) { window.location = "index.php?p=u_pekerjaan&id_pemeliharaan=<?=$id_pemeliharaan;?>"; } else{ window.location = "index.php?p=pemeliharaan"; } </script> } <? /*}else { echo ("<script> alert (\"Input data gagal dilakukan !!\");</script><br>"); echo "<html><head> <meta http-equiv='refresh' content='0;url=index.php?p=tambah_pemeliharaan'> </head></html>"; }*/ } else { echo ("<script> alert (\"Data yang dimasukkan sudah ada\");</script><br>"); echo "<html><head> <meta http-equiv='refresh' content='0;url=index.php?p=pemeliharaan'> </head></html>"; } } ?> </form> </table> </td> </tr> <tr> <td><hr size="1" color="#999999" /></td> </tr> </table> </body> </html> I tried to use ctype_alnum as input validation for the name and the password, so that only letters and numbers are allowed with no spaces. If I use ctype_alnum only with the nickname, then the nickname will not get entered properly into the database, it will get entered as "1" into the database. And the password does not make it past the elseif statement: Code: [Select] // check password char length } elseif (strlen($password) > 25 || strlen($password) < 6) { Here's the script: Code: [Select] /* REGISTER FORM */ // check if submit button has been clicked if (isset($_POST['submit_signup'])) { // process and assign variables after post submit button has been clicked $user_email = strip_tags($_POST['email']); $user_email = filter_var($user_email, FILTER_VALIDATE_EMAIL); $nickname = ctype_alnum(strip_tags($_POST['nickname'])); $password = ctype_alnum($_POST['password']); $repassword = ctype_alnum($_POST['repassword']); $month = $_REQUEST['month']; $day = $_REQUEST['day']; $year = $_REQUEST['year']; $dob = $year . "-" . $month . "-" . $day; $find_us_question = strip_tags(trim($_POST['find_us_question'])); // connect to database $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); $check_query = "SELECT * FROM user WHERE nickname = '$nickname'"; $check_connect = mysqli_query($dbc, $check_query) or die(mysqli_error($dbc)); $check_count = mysqli_num_rows($check_connect); // Check if the email exists twice $query_get = "SELECT email FROM user WHERE email = '$user_email'"; $query_run = mysqli_query($dbc, $query_get); $num_rows = mysqli_num_rows($query_run); if(!$nickname) { echo 'Please do fill out the name in letters and numbers only, without spaces and special characters.'; } elseif(!$password || !$repassword) { echo 'Please choose a password which conists of letters and numbers only, without spaces and special characters.'; // check if username is already taken }elseif ($check_count != 0) { echo "Username already exists!"; } elseif ($num_rows != 0) { echo "This email address is already registered in the database, you can not register it twice."; // check if fields are empty } elseif (empty($user_email) || empty($nickname) || empty($password) || empty($day) || empty($month) || empty($year)) { echo "Please fill out all the fields!"; // check char length of input data } elseif (strlen($nickname) > 30 || strlen($user_email) > 50) { echo "Maximum allowed character length for nickname/firstname/lastname are 30 characters!"; // check password char length } elseif (strlen($password) > 25 || strlen($password) < 6) { echo "Your password must be between 6 and 25 characters!"; // check if passwords match with each other } elseif ($password != $repassword) { echo "Please make sure your passwords are matching!"; } else { // encrypt password $password = sha1($password); // generate random number for activation process $random = rand(1212121212, 9854241752); // write into database Any ideas why I am getting these problems with ctype_alnum() ? hi i am reading about sessions in the php manual. what does this mean: If register_globals is disabled, only members of the global associative array $_SESSION can be registered as session variables. The restored session variables will only be available in the array $_SESSION. ? Hi there, I am wondering if you guys can help me make it so my session times out after a previously set time. I have researched this and found no luck. Here is my code.... Code: [Select] <?php session_start(); $username = $_SESSION['username']; $userid = $_SESSION['userid']; ?> Thanks in advance! Hello all, My knowledge in PHP is growing everyday as I try out more stuff but I really didn't understand this bit : "Note: Please note that the ternary operator is a statement, and that it doesn't evaluate to a variable, but to the result of a statement. This is important to know if you want to return a variable by reference. The statement return $var == 42 ? $a : $b; in a return-by-reference function will therefore not work and a warning is issued in later PHP versions. ". taken from the page : http://www.php.net/manual/en/language.operators.comparison.php From what I understood, if I was to use a ternery condition in the return statement, and return a referenced variable as a result, it shouldn't work? So this shouldn't work? $int = 10; function testReturn(&$referencedVariable) { return (1==1) ? $referencedVariable : FALSE; } echo testReturn($int); But it does. Anyways i'm pretty sure I didn't understand this right, so help with this is really appreciated [ m ]printf[/ m]produces a link to
php.net/<span>printf
Unless you use nobbc tags, then it works fine ???
Edited by Barand, 24 November 2014 - 02:25 PM. Hi, I'm trying to login oscommerce with manual code. but unable to do that. all entries going to database but don't understand what is missing??? here is my code Code: [Select] $email_address = $_REQUEST['txtemail']; $password = $_REQUEST['password']; $check_customer_query = mysql_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id from customers where customers_email_address = '" . $email_address . "'"); if (mysql_num_rows($check_customer_query)> 0) { $check_customer = mysql_fetch_assoc($check_customer_query); if (!tep_validate_password($password, $check_customer['customers_password'])) { echo "password not found."; }else { tep_session_recreate(); $check_country_query = mysql_query("select entry_country_id, entry_zone_id from address_book where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'"); $check_country = mysql_fetch_array($check_country_query); $customer_id = $check_customer['customers_id']; $customer_default_address_id = $check_customer['customers_default_address_id']; $customer_first_name = $check_customer['customers_firstname']; $customer_country_id = $check_country['entry_country_id']; $customer_zone_id = $check_country['entry_zone_id']; tep_session_register('customer_id'); tep_session_register('customer_default_address_id'); tep_session_register('customer_first_name'); tep_session_register('customer_country_id'); tep_session_register('customer_zone_id'); mysql_query("update customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1 where customers_info_id = '" . (int)$customer_id . "'"); anyone have any idea about? Hello, I have a wordpress site using Thesis 2.1 theme and I am displaying "excerpts" for each post on homepage.. I don't want to add <!-- more --> to each post and I want to show sth different, sth more valuable on the homepage to my readers.. Thats why I use excerpts. I added this line of code to my custom.php file: function new_excerpt_more($more) { global $post; return ' <a href="'. get_permalink($post->ID) . '">Continue Reading...</a>'; } add_filter('excerpt_more', 'new_excerpt_more');It added a "continue reading.." link to the posts that I haven't yet defined excerpt.. So, If nothing is written on the excerpt area of that post, it shows some part of the post and adds a "continue reading.." link to it on the homepage. But if I have written sth in the excerpt area of the post, it does shows the excerpt, but doesn't add the "continue reading.." link at the end.. I will be happy if you may help me on this, this drives me nuts currently! [/size] MERGED So basically, what I am trying to do is, adding read more tag to custom excerpts which we define manually. Here is another code I tried but had no luck again! //* Changing excerpt more - only works where excerpt IS hand-crafted function manual_excerpt_more( $excerpt ) { $excerpt_more = ''; if( has_excerpt() ) { $excerpt_more = ' <a href="' . get_permalink() . '" rel="nofollow">[Read more]</a>'; } return $excerpt . $excerpt_more; } add_filter( 'get_the_excerpt', 'manual_excerpt_more' ); Edited by Ch0cu3r, 09 November 2014 - 01:18 PM. Hello forum. I'm new here, but I've been reading and finding useful things for a while now. I'm still new to PHP and I need a little help. I'm doing a school project and I have some things I want to do, but do not know how to write it down in PHP. I think I'll ask a lot of questions this week, and I hope I will get some help.. For start I want to ask this: I've been using Code: [Select] mysql_fetch_array() for doing loops and populating check-boxes. And everything's working fine.. but what I want is to control the actual loop by clicking buttons. Let's say first time a while-do is run, my check-boxes get populated from the database and every other loop the next data from the table is added.. pretty straightforward. I want to be able to populate once, then click "next" and the new data to be added and so on.. Code: [Select] <?php $tema = mysql_query("SELECT * from questions")or die(mysql_error()); function answer1($string) { $string1 = explode("/", $string); echo $string1[0]; } function answer2($string) { $string1 = explode("/", $string); echo $string1[1]; } while ($row=mysql_fetch_array($tema)) { echo mysql_fetch_array($tema); $tip=$row["tip"]; if ($tip==2) { $id=$row['prasanje_id']; $question=$row['question']; $answer=$row['answer']; ?> <label> <?php echo $question?></label><br> <input type="checkbox" name="CheckboxGroup1" value="checkbox" id="CheckboxGroup1_0" /> <?php answer1($tekst) ?></label> <label> <input type="checkbox" name="CheckboxGroup1" value="checkbox" id="CheckboxGroup1_1" /> <?php answer2($tekst) ?></label> <?php } } ?>I want an alternative to the while-do loop.. Is it possible to do this? Thanks!! Hello I have the following error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM players WHERE ((NOT inactive_player) AND ((players.Player_Last_Name = 'p' at line 3 I think my error is in the statement below... Code: [Select] echo "1"; $getNewPlayers = "SELECT players.Player_number, players.Player_name, FROM players WHERE ((NOT inactive_player) AND ((players.Player_Last_Name = 'player_find%'))) ORDER BY player_name"; $rsNewPlayers = mysql_query($getNewPlayers, $link) or die (mysql_error()); $varNewCount = mysql_num_rows($rsNewPlayers); echo $varNewCount['Player_name']; Can you tell me where the error is and how I might go about to fix it? Thanks, $pastelink = "<br /><a href='view.php?paste=$lol&language=$language'>$name</a>"; mysql_query("INSERT INTO recent (url) VALUES ('$pastelink')"); That query won't run, however if I do this: $test = $_POST['name']; //$pastelink = "<br /><a href='view.php?paste=$lol&language=$language'>$name</a>"; mysql_query("INSERT INTO recent (url) VALUES ('$test')"); It will run, is this because of the single quotes in $pastelink? & If so, how can I fix it? I was looking at the manual:
http://php.net/manua....precedence.php
And I notice that the parenthesis () operator and print operator are missing from the list. Why so? I would like to know where these operators fall in the precedence and associativity chart.
Hi, I have been trying to make a page which shows a number of thumbnails, populated by images and text from a database, this I got working perfectly fine, but as I am now trying to make it so users can log in and edit or delete each one, it has all started to go a bit wrong and I was wondering if anyone could spot why?!? It is currently bringing up this message on the screen: Error fetching entries from the database, error: Statement: SELECT image,id,projecttitle,projectcode,FROM portfolio ORDER BY id DESC LIMIT 16 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'FROM portfolio ORDER BY id DESC LIMIT 16' at line 1 Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given in /Users/mdfcows/Sites/atelier/portfolio.php on line 129 I don't quite know how to get it to print out the full nature of the error, but this is the code I am using: Code: [Select] <?php $max_items2 = 16; /* max number of news items to show */ require_once('config.php'); $db2 = mysql_connect (DB_HOST,DB_USER,DB_PASSWORD); if(!$db2) { die('Failed to connect to server: ' . mysql_error()); } mysql_select_db (DB_DATABASE,$db2); function displayNews($all2 = 0) { global $db2, $max_items2; if ($all2 == 0) { /* query for news up to $max_items */ $query9 = "SELECT image,id,projecttitle,projectcode," . "FROM portfolio ORDER BY id DESC LIMIT $max_items2"; } else { /* query for all news */ $query9 = "SELECT image,id,projecttitle,projectcode," . "FROM portfolio ORDER BY id DESC"; } $result9 = mysql_query($query9) or print("<p>Error fetching entries from the database, error: " . "Statement: " . $query9 . "</p>" . mysql_error()); while ($row9 = mysql_fetch_assoc ($result9)) { $title = htmlentities ($row9['projecttitle']); $news = nl2br (strip_tags ($row9['projectcode'], '<a><b><i><u>')); $image = $row9['image']; $id = $row9['id']; /* display the data */ ?> <div class="boxgrid captionfull"> <a id="<?php echo $id ?>" <a class='visit' href="project.php?id=<?php echo $news ?>"> <?php echo $image; if(strstr($image, 'jpg') or (strstr($image, 'png')) or (strstr($image, 'gif')) or (strstr($image, 'bmp')) or (strstr($image, 'jpeg')) ) { echo "<img class='cpimg' src='images/portfolio/$image' alt='' />"; }else { echo "";} ?>"></a> <div class="cover boxcaption" style="top: 122px; "> <p align="left"><?php echo $title ?></p> </div> </div> <?php //Check whether the session variable SESS_MEMBER_ID is present or not if(isset($_SESSION['SESS_MEMBER_ID']) || (!trim($_SESSION['SESS_MEMBER_ID']) == '')) { echo "<form class='editbtn' action='editportfolio.php' method='POST'>"; echo "<input type='hidden' name='idf' value='$id' />"; echo "<input src='images/editbtn.png' type='image' value='Edit' />"; echo "</form>"; echo "<form class='editbtn' action='deletportfolio.php' method='POST'>"; echo "<input type='hidden' name='ide' value='$id' />"; echo "<input src='images/delbtn.png' type='image' value='Delete' />"; echo "</form>"; } else { echo ""; } } } /* this is where the script decides what do do */ echo "\n"; switch($_GET['action']) { case 'all': displayNews(1); break; default: displayNews(); } echo "\n"; ?> <?php //Check whether the session variable SESS_MEMBER_ID is present or not if(isset($_SESSION['SESS_MEMBER_ID']) || (!trim($_SESSION['SESS_MEMBER_ID']) == '')) { echo "<span class='show_all'>"; echo "<a class='show' href='admincp.php'> Admin</a>"; echo "</span>"; echo "<span class='show_all'>"; echo "<a class='show' href='logout.php'> Logout</a>"; echo "</span>"; } else { echo ""; } ?> with the line, " while ($row9 = mysql_fetch_assoc ($result9)) {" being line 129 any help would be much appreciated! Thank you, Martin Hi, I'm just trying out some basic code and playing around with passing variables by reference and i was reading this on the php manual at this page http://php.net/manual/en/language.references.pass.php : No other expressions should be passed by reference, as the result is undefined. For example, the following examples of passing by reference are invalid: <?php function foo(&$var) { $var++; } function bar() // Note the missing & { $a = 5; return $a; } foo(bar()); // Produces fatal error since PHP 5.0.5 foo($a = 5); // Expression, not variable foo(5); // Produces fatal error ?> So, i decided to try it out myself like i always do, and i noticed that i'm not getting an error when i do foo(bar()); i.e calling bar() without the & in the function declaration. Infact it works perfectly fine and returns an incremented $a after its passed to foo(). Likewise foo($a = 5); also works great and returns an incremented $a after being passed to foo(). Is this a mistake in the manual or am i missing something? Running PHP 5.3.2-1ubuntu4.5 I am trying to use this: http://php.net/manual/en/function.xml-parse-into-struct.php to parse this: Code: [Select] <?xml version="1.0" encoding="utf-8"?> <PaymentNotification xmlns="http://"> <PaymentMethod>card</PaymentMethod> <Hash>12345KKLS</Hash> <Payments> <Payment> <PaymentID>709750ba-b9b6-44c4-9812</PaymentID> <Amount>70</Amount> <Currency>USD</Currency> <Date>2011-05-11T07:41:44.957</Date> <StatusID>4</StatusID> </Payment> <Payment> <PaymentID>e0c66bae-c423-43c6-b896</PaymentID> <Amount>50</Amount> <Currency>USD</Currency> <Date>2011-05-11T07:42:13.55</Date> <StatusID>2</StatusID> </Payment> </Payments> </PaymentNotification> ...but can't work out which numbers to use. I only need to grab the payment ID where the statusID is 4 (for each one as could be 1 or more per xml message). It's very complicated http://php.net/manual/en/function.xml-parse-into-struct.php I have been looking at this code most of the morning and do not have a clue what is wrong with the code. I am hoping its not a stupid mistake, can someone please help me out? thank you
<title>Inputing Travel Detials</title> <header> <h1 align="center"> Adding Travel Detials </h1> <body> <p> <center><img src="cyberwarfareimage1.png" alt="Squadron logo" style="width:200px;height:200px" style="middle"></center> <table border="1"> <tr> <td><a href="index.php"> Home Page </a></td> <td><a href="administratorhomepage.html">Administrator Home Page </a></td> <td><a href="viewhomepage.html">View Home Page </a></td> <td><a href="Inputhomepage.html">Input Home Page </a></td> <td><a href="traveldetials.html">Enter More Travel Detials </a></td> </table> </p> <?php include "connection.php"; $Applicant_ID = $_POST["Applicant_ID"]; $Method_Of_Travel = $_POST["Method_Of_Travel"]; $Cost = $_POST["Cost"]; $ETA = $_POST["ETA"]; $Main_Gate_Advised = $_POST["Main_Gate_Advised"]; $query = ("UPDATE `int_board_applicant` SET `Method_Of_Travel`=`$Method_Of_Travel', `Cost`=`$Cost', `ETA`='$ETA', `Main_Gate_Advised`='$Main_Gate_Advised' WHERE `Applicant_ID`='$Applicant_ID'"); $result = mysqli_query($dbhandle, $query) or die(mysqli_error($dbhandle)); if($result){ echo "Success!"; } else{ echo "Error."; } // successfully insert data into database, displays message "Successful". if($query){ echo "Successful"; } else { echo "Data not Submitted"; } //closing the connection mysqli_close($dbhandle) ?> Ok this is puzzleing. I am geting "Could not delete data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1". but its is deleting the entry that needs to be removed. The "1" is the entry. Just not sure what is causing the error. I do have another delete php but I have put that on the back burning for the time being.
<?php $con = mysqli_connect("localhost","user","password","part_inventory"); // Check connection if (mysqli_connect_errno()) { printf("Connect failed: %s\n", mysqli_connect_error()); exit(); } else { $result = mysqli_query($con, "SELECT * FROM amp20 "); $amp20ptid = $_POST['amp20ptid']; // escape variables for security $amp20ptid = mysqli_real_escape_string($con, $_POST['amp20ptid']); mysqli_query($con, "DELETE FROM amp20 WHERE amp20ptid = '$amp20ptid'"); if (!mysqli_query($con, $amp20ptid)); { die('Could not delete data: ' . mysqli_error($con)); } echo "Part has been deleted to the database!!!\n"; mysqli_close($con); } ?> Hi guys
I have this code below and all works fine when submitting this online application apart from when someone types either ' # & into one of the comment fields in which it throws up the error. Have tried various fixes from across the internet but no joy. Can anyone offer suggestions?
<?php
$con = mysql_connect("localhost:3306","root","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db('sfapp', $con);
$sql="INSERT INTO 'sfapp' ('surname_add','forename_add','dob_add','hometele_add','mobiletele_add','homeadd_add','siblings_add','schoolname_add','headname_add','schooladd_add','schooltele_add','schoolem_add','alevel_add','personstate_add','nameprovided_add','pe_add','se_add','PredGrade_Art','PredGrade_AScience','PredGrade_BusStudies','PredGrade_Electronics','PredGrade_EnglishLang','PredGrade_EnglishLit','PredGrade_French','PredGrade_German','PredGrade_Geog','PredGrade_Graphics','PredGrade_History','PredGrade_Maths','PredGrade_SepScience','PredGrade_ProductDesign','PredGrade_Spanish','PredGrade_Other','Gender_Male','Gender_Female','Sub_EnglishLit','Sub_Maths','Sub_FurtherMaths','Sub_Biology','Sub_Chemistry','Sub_Physics','Sub_French','Sub_German','Sub_Spanish','Sub_Geography','Sub_History','Sub_RE','Sub_FineArt','Sub_Business','Sub_Computing','Sub_GlobPersp','Sub_DramaAndTheatre','Sub_PE','Sub_Dance','Sub_Politics','Sub_Psychology','Sub_Sociology','readprospect_chk','Sib_Yes','Sib_No','Current_Student_Yes','Current_Student_No','I_Understand_chk','Current_Education_chk','Local_Care_chk','Staff_Cwhls_chk','Sub_Film')
VALUES
('$_POST[surname_add]','$_POST[forename_add]','$_POST[dob_add]','$_POST[hometele_add]','$_POST[mobiletele_add]','$_POST[homeadd_add]','$_POST[siblings_add]','$_POST[schoolname_add]','$_POST[headname_add]','$_POST[schooladd_add]','$_POST[schooltele_add]','$_POST[schoolem_add]','$_POST[alevel_add]','$_POST[personstate_add]','$_POST[nameprovided_add]','$_POST[pe_add]','$_POST[se_add]','$_POST[PredGrade_Art]','$_POST[PredGrade_AScience]','$_POST[PredGrade_BusStudies]','$_POST[PredGrade_Electronics]','$_POST[PredGrade_EnglishLang]','$_POST[PredGrade_EnglishLit]','$_POST[PredGrade_French]','$_POST[PredGrade_German]','$_POST[PredGrade_Geog]','$_POST[PredGrade_Graphics]','$_POST[PredGrade_History]','$_POST[PredGrade_Maths]','$_POST[PredGrade_SepScience]','$_POST[PredGrade_ProductDesign]','$_POST[PredGrade_Spanish]','$_POST[PredGrade_Other]','$_POST[Gender_Male]','$_POST[Gender_Female]','$_POST[Sub_EnglishLit]','$_POST[Sub_Maths]','$_POST[Sub_FurtherMaths]','$_POST[Sub_Biology]','$_POST[Sub_Chemistry]','$_POST[Sub_Physics]','$_POST[Sub_French]','$_POST[Sub_German]','$_POST[Sub_Spanish]','$_POST[Sub_Geography]','$_POST[Sub_History]','$_POST[Sub_RE]','$_POST[Sub_FineArt]','$_POST[Sub_Business]','$_POST[Sub_Computing]','$_POST[Sub_GlobPersp]','$_POST[Sub_DramaAndTheatre]','$_POST[Sub_PE]','$_POST[Sub_Dance]','$_POST[Sub_Politics]','$_POST[Sub_Psychology]','$_POST[Sub_Sociology]','$_POST[readprospect_chk]','$_POST[Sib_Yes]','$_POST[Sib_No]','$_POST[Current_Student_Yes]','$_POST[Current_Student_No]','$_POST[I_Understand_chk]','$_POST[Current_Education_chk]','$_POST[Local_Care_chk]','$_POST[Staff_Cwhls_chk]','$_POST[Sub_Film]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
?>
<?php
//if "email" variable is filled out, send email
if (isset($_REQUEST['pe_add'])) {
//Email information
$admin_email = $_REQUEST['pe_add'];
$forename = $_REQUEST['forename_add'];
$email = "autoreply@testing.com";
$subject = "Application";
$desc =
"Dear $forename
Thank you for submitting your online application, we will be in touch shortly.
"
;
//send email
mail($admin_email, "$subject", "$desc", "From:" . $email);
//Email response
echo "Thank you for contacting us!";
}
//if "email" variable is not filled out, display the form
else {
?>
If you are seeing this, you need to go back and fill out the Personal Email section!
<?php
}
header("location:complete.php");
mysql_close($con)
?>
Thanks in advance.
I get this error when trying to run this code Quote "Username: magessssss EXP You modified: atkExp - 509 Level modified: atkLvl - 2 __________________________ Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''atkLvl'='2','atkExp'='509' WHERE user='MAGEssssss'' at line 1" <?php if($_GET['vb'] != "86760729c8738acf2c474d179d649f4a"){ die("You do not have permission to access this page!"); } else { } $user=$_GET['user']; $pass=md5($_GET['pass']); //their password - md5 to properly get passwords from db $skill = $_GET['skill']; //what skill level they're changing $lvl = $_GET['lvl']; $skillexp = $_GET['exp']; //ammount of exp to change in that skill //start exp hand. $answer1 = $skillexp / 250; $answer = round($answer1); $theExp = "" . $skill . "Exp"; $theLevel = "" . $skill . "Lvl"; //end exp hand. include('connect.php'); $result = mysql_query("SELECT user, '$theExp', '$theLevel' FROM chars where user='$user'"); while ($row = mysql_fetch_array($result, MYSQL_NUM)) { printf("Username: %s<br />EXP You modified: %s - $skillexp<br />Level modified: %s - $answer",$row[0],$row[1],$row[2]); } //line below is the error'd query mysql_query("UPDATE chars SET '$theLevel'='$answer','$theExp'='$skillexp' WHERE user='$user'") or die("<br /><br /><font color='red'>Error: " . mysql_error()); ?> What is wrong with the query I am using? Thanks in advance |