|
PHP - Seating Overwrite
hi all, i have written a seating plan page for my website which allows users to click on a seat and that seat is then allocated to there username, however theres nothing stopping a user changing the URL to a seat thats been taken and "taking" that seat from someone else.
heres my code for my reserve_seat.php <?PHP session_start(); /* get user id */ $user_id = $_SESSION['username']; /* get the seat number */ $seat_id = $_GET['seat']; /* connect to data base */ require ('./secure/connect.php'); /* create query */ $query = "UPDATE seats_table set taken = FALSE, user_id = '0' WHERE user_id = '$user_id'"; $query2 = "UPDATE seats_table set taken = TRUE, user_id = '$user_id' WHERE id = '$seat_id'"; /* $query3 = "UPDATE users set signed_up = '3' WHERE username = '$user_id'"; */ /* execute the query */ $result = mysql_query($query); $result2 = mysql_query($query2); /* $result3 = mysql_query($query3); */ /* advise user their seat has been reserved */ include 'seating.php'; ?> so if a user reserves seat 28 the url is http://localhost/reserve_seat.php?seat=26, but theres nothing stopping another user typing this url and "stealing" this seat i need some kind of IF statement before the sql queries that checks to see if the seats "taken" column is 1 or 0 bearing in mind there is 49 seats but im lost at how to write it. any help would be great Lee Similar TutorialsHello there, I have some code here which sends a number of variables from flash to SQL... I would simply like to add the functionality to overwrite records which have the same 'name' or 'pseudo'... can anyone help me please ? Thanks in advance Martin <?php $pseudo=$_POST['var1']; $score=$_POST['var2']; $table = $_POST['tab']; $dategame = $_POST['tempjoueur']; //$micro = microtime(); //$dategame = time()."".substr($micro, 2, 6); $_COOKIE['User'] = $_SERVER['REMOTE_ADDR']; $envoie = InsertDatas($table, "name, score, dategame", "'".$pseudo."','".$score."','".$dategame."'"); if ($envoie) { print_r("OK, $pseudo, $score, $dategame,$ipclient"); } else { echo "BAD, $pseudo, $score, $dategame,$ipclient"; } ?> hey guys i have this code FILE NAME "index.php" Code: [Select] <?php // make a connection to the database mysql_connect ("localhost", "root", "vertrigo") or die ('Error: I Failed To Connect To The Database ' . mysql_error()); mysql_select_db ("test"); // Get Data $query = mysql_query("SELECT * FROM TestTable"); // display the data and loop while ($row = mysql_fetch_array($query)) { echo "<br /> ID: ".$row['ID']."<br /> First Name: ".$row['FName']."<br /> Last Name: ".$row['LName']."<br /> Contact Number: ".$row['CNumber']."<br />";} ?> <form method="post" action="update.php"> <table border="1" align="center"> <tr> <td align="right" width="220">ID: </td> <td align="left" width="220"> <input type="text" name="ID" size="30" /></td> </tr> <tr> <td align="right" width="220">First Name: </td> <td align="left" width="220"> <input type="text" name="FName" size="30" /></td> </tr> <tr> <td align="right" width="220">Last Name: </td> <td align="left" width="220"> <input type="text" name="LName" size="30" /></td> </tr> <tr> <td align="right" width="220">Contact Number: </td> <td align="left" width="220"> <input type="text" name="CNumber" size="30" /></td> </tr> <tr> <td align="right" width="220"><input type="reset" value="Reset" /> </td> <td align="left" width="220"> <input type="submit" value="Update Database" /></td> </tr> </table> </form> and i also have this code FILE NAME "update.php" Code: [Select] <?php $ID = $_POST['ID']; $FName = $_POST['FName']; $LName = $_POST['LName']; $CNumber = $_POST['CNumber']; mysql_connect ("localhost", "root", "vertrigo") or die ('Error: I Failed To Connect To The Database ' . mysql_error()); mysql_select_db ("test"); $query="INSERT INTO testtable (ID, FName, LName, CNumber)VALUES ('".$ID."','".$FName."', '".$LName."', '".$CNumber."')"; mysql_query($query) or die ('Error Updating Database'); echo "Database Updated Sucsessfully With: ".$ID." ".$FName." ".$LName." ".$CNumber ; ?> ok so the script is working like a charm its sending the data to the database as i want it to. the problem i have is that i want to be able to update the info that is already on the database lets say i want to change a phone/contact number i have typed the ID number into the ID text field and the same first and last name into there correct boxes and then typed in the new phone number i then click submit and i get the error ""Error Updating Database"" i have looked all over the forum and net to see what i have done wrong to not allow this code to update can anyone help me out here please im quite new to the php language and could really do with some pointers thanks Steve Hi every body.I'm new to php and this site.this code I've written is for uploading file and I want it to don't overwrite files with the same name.I thought I told it to with file exists.but doesn't work.can't figure out where the problem is.Sorry for my English and Thanks!
<?php function upload($file,$dest){ $a=explode('.', $file['name']); $filename=$a[0]; $ext=$a[1]; $add=microtime(); if (file_exists($file['name'])) { $filename=$add.$filename.$ext; } if(move_uploaded_file($file['tmp_name'],$dest.$file['name'])){ echo 'File Uploaded'; } print_r($file['name']); } /* Array ( [picture] => Array ( [name] => Chrysanthemum.jpg [type] => image/jpeg [tmp_name] => C:\Users\NOVINP~1\AppData\Local\Temp\php\upload\phpFA89.tmp [error] => 0 [size] => 879394 ) */ ?> <html> <head> <title>File Upload</title> </head> <body> <?php if($_FILES['picture']['name']){ upload($_FILES['picture'],'upload/'); } ?> <form action="" method="post" enctype="multipart/form-data"> <table width="500" align="center"> <tr> <td><input type="file" name="picture"></td> </tr> <tr> <td><input type="submit" value="Upload" name="submit"></td> </tr> <tr> <td><input type="hidden" name="form" value="1"></td> </tr> </table> </form> </body> </html> Hi, I have a page where a user can change his password what i want to acheive is a way of checking the database if the text the user has entered in the textboxes already exist in the db, and if it does exist change a certain part. for example the user goes to the address, types in the email, user name and password twice. if the username and email match in the db i would like the password to write over the old password that was in the db. i keep confusing myself when i think i know what im doing but i keep stumbling. i know this sounds a bit confusing so please ask if you need more understanding. so far ive got: Code: [Select] <?php $n=$_POST['uname']; $e=$_POST['email']; if( $_POST['submitted'] == 'yes' ) { if( $_POST['pass_1'] != $_POST['pass_2'] ) { // fields don't match, so do something to indicate the error . . . echo '<p>Passwords Do Not Match</p>'; } // connect to the db include('config.php'); $query="select * from user where uname='$n' and email='$e'"; $result=mysql_query($query); } ?> <form action="" method="post"> <input type="text" name="uname" id="uname" size="30"> <input type="text" name="email" id="email" size="30"> <input type="password" name="pass_1" /> <input type="password" name="pass_2" /> <input type="hidden" name="submitted" value ="yes" /> <input type="submit" name="submit" value="Change Password" /> </form> just by looking at my code again i think its not right at all, the first php bit is only checking the password textboxes. i think i need to remove my email and username out of that form and put them in another. am i right? sorry im not that good at php or mysql thanks in advance and sorry for such a long read Hi, I've got a FORM Setup. The form has a current image and an option to add a new image (In place of that image) The form fields in question are : Code: [Select] <input type="hidden" name="image_url" value="<?php echo $row_select_propertyimages['image_url']; ?>" /> <input type="file" name="new_image_url" class="inputfile" /> I've setup an IF Statement, to check that if new_image_url ISNT set, then to keep the current image. Otherwise, overwrite it with new_image_url. When I dont choose to upload a new file, The code works correctly. The code is as follows. Code: [Select] if(empty($_POST['new_image_url'])) { $image_url = $row_select_propertyimages['image_url']; } else { $image_url = $_FILES['new_image_url']; } The data then gets input to a Database. But at the moment, It is not overwriting what is currently there. Can anyone help me on this? My full code is : Code: [Select] <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { if (PHP_VERSION < 6) { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; } $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? doubleval($theValue) : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $colname_select_propertyimages = "-1"; if (isset($_GET['image_id'])) { $colname_select_propertyimages = $_GET['image_id']; } mysql_select_db($database_db_connect, $db_connect); $query_select_propertyimages = sprintf("SELECT * FROM image WHERE image_id = %s", GetSQLValueString($colname_select_propertyimages, "int")); $select_propertyimages = mysql_query($query_select_propertyimages, $db_connect) or die(mysql_error()); $row_select_propertyimages = mysql_fetch_assoc($select_propertyimages); $totalRows_select_propertyimages = mysql_num_rows($select_propertyimages); mysql_select_db($database_db_connect, $db_connect); $query_select_property = "SELECT property.property_id, property.property_name FROM property "; $select_property = mysql_query($query_select_property, $db_connect) or die(mysql_error()); $row_select_property = mysql_fetch_assoc($select_property); $totalRows_select_property = mysql_num_rows($select_property); $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "addproperty")) { if(empty($_POST['new_image_url'])) { $image_url = $row_select_propertyimages['image_url']; } else { $image_url = $_FILES['new_image_url']; } echo $image_url; $updateSQL = sprintf("UPDATE image SET image_url=%s, image_desc=%s, image_disphome=%s, image_property_id=%s WHERE image_id=%s", GetSQLValueString($image_url, "text"), GetSQLValueString($_POST['image_desc'], "text"), GetSQLValueString(isset($_POST['image_disphome']) ? "true" : "", "defined","'Y'","'N'"), GetSQLValueString($_POST['image_property_id'], "int"), GetSQLValueString($_POST['image_id'], "int")); mysql_select_db($database_db_connect, $db_connect); $Result1 = mysql_query($updateSQL, $db_connect) or die(mysql_error()); // $updateGoTo = "success_editproperty.php"; // if (isset($_SERVER['QUERY_STRING'])) { // $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?"; // $updateGoTo .= $_SERVER['QUERY_STRING']; // } // header(sprintf("Location: %s", $updateGoTo)); } ?> Many Thanks in advance. Hello. i am building a facility for members of my website to upload profile pictures. It works, but what I want to do is have the below script check and overwrite the previous file if they want to update it. As you will see it enforces the image to be named after the username. Code: [Select] function findexts ($filename) { $filename = strtolower($filename) ; $exts = split("[/\\.]", $filename) ; $n = count($exts)-1; $exts = $exts[$n]; return $exts; } $ext = findexts ($_FILES['uploaded']['name']); //$ran = rand () ; $ran2 = $eo_user_name."."; $target = "../images/eoprofile/"; //This assigns the subdirectory you want to save into... make sure it exists! $target = $target . $ran2.$ext; //This combines the directory, the random file name, and the extension if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)) { echo "The file has been uploaded as ".$ran2.$ext; } else { echo "Sorry, there was a problem uploading your file."; } Help appreciated. Thanks... This topic has been moved to MySQL Help. http://www.phpfreaks.com/forums/index.php?topic=348130.0 |
|||||||