PHP - Incorrect Query?

Hi all

My site is build using php includes. the index.php file contains code like
<?php
if(@$_GET['page'] == "web-design"){
   include("includes/web-design.php");
} else if(@$_GET['page'] == "hosting"){
   include("includes/hosting.php");   
}
 else {
    include("includes/home.php");
 }
?>

I have created a sub domain blog.maplewebdesign.co.uk and a sub dircetory named blog. The link to this part of my site doesn't use includes, I want it to link directly to that sub directories index.php page.
This works fine, but then when I click on a different link anywhere on the site my url is as follows
www.maplewebdesign.co.uk/blog/index.php?page=home

For some reason it is keeping the blog/ in the URL

If you want to see go to
http://www.maplewebdesign.co.uk/blog/
then click on a differnt link and check out the URL

What am I doing wrong?

Thanks
Adi

I have a small bit of jquery code that is not working:

$(function() {

$(‘’[name=\'pet_type\']”).change(function() {

    $(‘’[name=\'breed\']”).removeAttr(‘disabled’);

    $(‘’[name=\'breed\']”).children(‘data-pet-type[name!=\'’ + $(this).val() + ‘\']’).hide();

    $(‘’[name=\'breed\']”).children(‘data-pet-type[name=\'’ + $(this).val() + ‘\']’).show();

});

});

My javascript is not good at all, so cannot spot errors?   Any help would be much appreciated!   Thanks

I have a register page that MD5 Hash's the users password and a login which also does this. However, no matter what I try it always says incorrect password. Even when I remove the MD5.


Register Code:

Code: [Select]
<?php

error_reporting (E_ALL ^ E_NOTICE);

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member System - Register</title>
</head>
<body>
<?php


if ( $_POST['registerbtn'] ){
$getuser = $_POST['user'];
$getemail = $_POST['email'];
$getpass = $_POST['pass'];
$getretypepass = $_POST['retypepass'];

if ($getuser){
if ($getemail){
if ($getpass){
if ($getretypepass){
if ( $getpass === $getretypepass ){
if ( (strlen($getemail) >= 7) && (strstr($getemail, "@")) && (strstr($getemail, ".")) ){
require("./connect.php");

$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){
$query = mysql_query("SELECT * FROM users WHERE email='$getemail'");
$numrows = mysql_num_rows($query);
if ($numrows == 0){


$password = md5(md5("kjfiufj".$password."Fj56fj"));
$date = date("F d, Y");
$code = md5(rand());

mysql_query("INSERT INTO users VALUES (
'', '$getuser', '$password', '$getemail', '0', '$code', '$date'
)");

$query = mysql_query("SELECT * FROM users WHERE username='$getuser'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){

$site = "http://c3221281.web44.net/";
$webmaster = "Simon <admin@simon.com>";
$headers = "From: $webmaster";
$subject = "Activate Your Account";
$message = "Thanks for registering. Click the link below to activate your account.\n";
$message .= "$site/activate.php?user=$getuser&code=$code\n";
$message .= "You must activate your account to login.";

if ( mail($getemail, $subject, $message, $headers) ){
$errormsg = "You have been registered. You must activate your account from the activation link sent to <b>$getemail</b>.";
$getuser = "";
$getemail = "";
}
else
$errormsg = "An error has occueed. Your activation email was not sent.";

}
else
$errormsg = "An error has occured. Your account was not created.";

}
else
$errormsg = "There is already a user with that email.";
}
else
$errormsg = "There is already a user with that username.";

mysql_close();
}
else
$errormsg = "You must enter a valid email address to register.";
}
else
$errormsg = "Your passwords did not match.";
}
else
$errormsg = "You must retype your password to register.";
}
else
$errormsg = "You must enter your password to register.";
}
else
$errrosmg = "You must enter your email to register.";
}
else
$errormsg = "You must enter your username to register.";
}


$form = "<form action='./register.php' method='post'>
<table>
<tr>
<td></td>
<td><font color='red'>$errormsg</font></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='user' value='$getuser' /></td>
</tr>
<tr>
<td>Email:</td>
<td><input type='text' name='email' value='$getemail' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='pass' value='' /></td>
</tr>
<tr>
<td>Retype:</td>
<td><input type='password' name='retypepass' value='' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='registerbtn' value='Register' /></td>
</tr>
</table>
</form>";

echo $form;

?>
</body>
</html>





Login Code:

Code: [Select]

<?php
error_reporting (E_ALL ^ E_NOTICE);
session_start();
$userid = $_SESSION['userid'];
$username = $_SESSION['username'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Member System - Login</title>
</head>
<body>
<?php

if ($username && $userid){
echo "You are already logged in as <b>$username</b>. <a href='./member.php'>Click here</a> to go to the member page.";
}
else{
$form = "<form action='./login.php' method='post'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='user' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='loginbtn' value='Login' /></td>
</tr>
<tr>
<td><a href='./register.php'>Register</a></td>
<td><a href='./forgotpass.php'>Forgot your password?</a></td>
</tr>
</table>
</form>";

if ($_POST['loginbtn']){
$user = $_POST['user'];
$password = $_POST['password'];

if ($user){
if ($password){
require("connect.php");

$password = md5(md5("kjfiufj".$password."Fj56fj"));


// make sure login info correct
$query = mysql_query("SELECT * FROM users WHERE username='$user'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
$row = mysql_fetch_assoc($query);
$dbid = $row['id'];
$dbuser = $row['username'];
$dbpass = $row['password'];
$dbactive = $row['active'];

if ($password == $dbpass){
if ($dbactive == 1){
// set session info
$_SESSION['userid'] = $dbid;
$_SESSION['username'] = $dbuser;

echo "You have been logged in as <b>$dbuser</b>. <a href='./member.php'>Click here</a> to go to the member page.";

}
else
echo "You must activate your account to login. $form";
}
else
echo "You did not enter the correct password. $form";
}
else
echo "The username you entered was not found. $form";

mysql_close();
}
else
echo "You must enter your password. $form";
}
else
echo "You must enter your username. $form";
}
else
echo $form;
}
?>
</body>
</html>





Many thanks for your time and help,

So I am trying to make an incorrect password message but the message never appears. My code:

<?
require "./includes/config.php";
$LS->init();
if(isset($_POST['act_login'])){
 $user=$_POST['login'];
 $pass=$_POST['pass'];
 if($user=="" || $pass==""){
   $msg=array("Error", "Username / Password Wrong !");
 }
 else
 {
  if(!$LS->login($user, $pass)){
   $msg=array("Error", "Username / Password Wrong !");
  }
 }
}
?>

Currently I have 5 entries in my table.

Entring this query displays all five in the correct order.

Code: [Select]
SELECT * FROM products ORDER BY count DESC LIMIT 16


However, using this code, the first result is omitted and the last four are displayed.



$query="SELECT * FROM products ORDER BY count DESC LIMIT 16";
$result = mysql_query($query);
$row = mysql_fetch_array($result);

echo '<div>';
while ($row = mysql_fetch_array($result))
{
echo '<div>'.$row[product].'</div> <div>'.$row[count].'</div>';
}
echo '</div>';



Can someone help me find my error?
Thanks

i am writing this script for use as an include in joomla and the directphp plugin so in my joomla article i have:
Code: [Select]
<?php
include 'test/conducttest.php';
conducttest();
?>
Ok now my issue!
the form in this function is passing only the values for the last item in the loop rather than for the selected radio item when submitted.
so when say for example the radio selected is:
ID TEST TYPE UNIQUE TEST ID AVAILABLE 5    Adolescent Clinical 50021629 1
and the last item in the list is:
ID TEST TYPE UNIQUE TEST ID AVAILABLE 4 Adult Clinical 12341629 1
When the form is submitted even if the 1st item is selected, it returns the value for the second one. I am sorta new to php so any suggestions will be appreciated.
Here is my full code:
Code: [Select]
<?php
function conducttest() {
    //GET JOOMLA USER ID & USERNAME FOR LOGGED USER
    $user =& JFactory::getUser();
    $userID = $user->id;
    
    //GET JOOMLA DATABASE OBJECTS
    $db =& JFactory::getDBO();
    
    //NEW TESTS QUERY (what purchased test are available for use with 'item_available' == '1' {unused test} and matching current 'user_id')
    $new_query =    "
                SELECT *
                FROM crt_transactionHistory
                WHERE user_id = ".$userID." AND item_available = '1'
                ORDER BY item_name, id
                ";
    $db->setQuery($new_query);
    $new = $db->loadAssocList();
    
    //OPEN TESTS QUERY (what purchased test are available for use with 'item_available' == '2' {resume test} and matching current 'user_id')
    $resume_query =    "
                SELECT *
                FROM crt_transactionHistory
                WHERE user_id = ".$userID." AND item_available = '2'
                ORDER BY item_name, id
                ";
    $db->setQuery($resume_query);
    $resume = $db->loadAssocList();
    
        //DISPLAY use_test FORM
        if(!isset($_POST['test'])) {
            //SELECT FORM: WHICH TEST WOULD YOU LIKE TO USE?
            echo '
                <fieldset>
                <table>
                <form method="post" action="'.$PHP_SELF.'">';
                if (empty($new)) {
                    echo '
                    <th colspan="3"align="left">NO NEW TESTS AVAILABLE</th>';
                }
                else {     
                    echo '
                    <th colspan="3"align="left">NEW TESTS AVAILABLE</th>
                    <tr>
                        <td width="75px">SELECT</td>
                        <td width="50px">ID</td>
                        <td width="150px">TEST TYPE</td>
                        <td width="150px">UNIQUE TEST ID</td>
                    <tr>';
                    foreach ($new as $result1) {
                    echo ' 
                    <tr>
                        <td><input type="radio" value="' .$result1['id']. '" name="test_id"></td>
                        <td>'.$result1['id'].'</td>
                        <td><input type="hidden" value="'.$result1['item_name'].'" name="item_name">'.$result1['item_name'].'</td>
                        <td><input type="hidden" value="'.$result1['item_number'].'" name="item_number">'.$result1['item_number'].'</td>
                        <input type="hidden" value="'.$result1['item_available'].'" name="item_available">
                        <input type="hidden" value="'.$userID.'" name="userID">
                    <tr>';   
                    }
                }
                echo '
                </table>
                <hr />
                <table>';
                if (empty($resume)) {
                    echo '
                    <th colspan="3"align="left">NO TESTS TO RESUME</th>';
                }
                else {     
                    echo '
                    <th colspan="3"align="left">RESUME TEST</th>
                    <tr>
                        <td width="75px">SELECT</td>
                        <td width="50px">ID</td>
                        <td width="150px">TEST TYPE</td>
                        <td width="150px">UNIQUE TEST ID</td>
                    <tr>';
                    foreach ($resume as $result2) {
                    echo ' 
                    <tr>
                        <td><input type="radio" value="' .$result2['id']. '" name="test_id"></td>
                        <td>'.$result2['id'].'</td>
                        <td><input type="hidden" value="'.$result2['item_name'].'" name="item_name">'.$result2['item_name'].'</td>
                        <td><input type="hidden" value="'.$result2['item_number'].'" name="item_number">'.$result2['item_number'].'</td>
                        <input type="hidden" value="'.$result2['item_available'].'" name="item_available">
                        <input type="hidden" value="'.$userID.'" name="userID">
                    <tr>';   
                    }
                }
                echo '
                </table>
                </fieldset>
                <input type="submit" name="test" value="Conduct Test" />
                </form>
                ';                
            }
        //NOW A TEST HAS BEEN SELECTED FOR USE
        if(isset($_POST['test'])) {
            $test_id = $_POST['test_id'];
            $item_name = $_POST['item_name'];
            $item_number = $_POST['item_number'];
            $item_available = $_POST['item_available'];
            $userID = $_POST['userID'];
            echo $test_id.'<br />';
            echo $item_name.'<br />';
            echo $item_number.'<br />';
            echo $item_available.'<br />';
            echo $userID.'<br />';
            //IF THIS IS A NEW TEST...
            if ($item_available == "1") {
                echo 'new test';
            }
            //IF WE ARE RESUMING A TEST...
            elseif ($item_available == "2") {
                echo 'resume test';
            }
        }
}
?>

Incorrect login attempt 1
        \/
Incorrect login attempt 2
        \/
Incorrect login attempt 3  -->>  ?forgot your login details?

What's the most effecient way of achieving this?
Is it to:
1. create a session for the user who hasn't logged in
2. the user login fails once, session['fail']=1
3. the user login fails twice, session['fail']=2
4. the user login fails for a third time pushing the session['fail'] count to three:
              this triggers an 'if' on the index.php prompting the user to retrieve their details through the "forgot login details system"

However if the session['fail'] count never reaches 3 then this temp session is destroyed and the proper one created allowing the user into the site??

As usual any pointers into the correct direction here would be very much appreciated (and i try to repay by answering other peoples questions [where i can  ])

Hello folks,

I've got a problem with a search script. It's searching a db containing various properties (as in buildings) and it's not quite returning the correct results. The search form asks that you select a house type (4 options, all of which are tick boxes) and then the last part of the form is select how many bedrooms you'd like (which is a drop-down list featuring numbers 2-5)

What should happen is someone selects one or more of the tick boxes and then the number of bedrooms and it returns all the house types that were ticked but only those with the number of bedrooms that were specified in the original search. Currently the results are correct in that they're showing the correct house types, but the number of bedrooms isn't right. e.g. if you chose 2 bedrooms in the search it shows those, as well as 3, 4 and 5 bedrooms in the results.

Can't figure it out but it will be something to do with && and OR in my search script. Can anyone suggest a tweak to this that might work? (I'm using the $_GET function because the search form is in a Flash movie)

$Result = mysql_query("select * from property_names where TownHouse = '$_GET[TownHouse]' OR Apartment = '$_GET[Apartment]' OR Detached = '$_GET[Detached]' OR SemiDetached = '$_GET[SemiDetached]' && visible= 'Yes' && bedrooms = '$_GET[Bedrooms]' && bedrooms = '$_GET[Bedrooms]'")

As expected when a die statement is triggered, my script is exited and ALL of the fields that have been filled in on my form are wiped clean. 
This however is proving to be annoying for users making mistakes. 
Is there a way to keep the data in the correctly filled in fields, and to just wipe or highlight the incorrectly filled in fields?

Code: [Select]
<?php 
 function checkPostcode (&$toCheck) 
 { 
 $alpha1 = "[abcdefghijklmnoprstuwyz]";                           
 $alpha2 = "[abcdefghklmnopqrstuvwxy]";                          
 $alpha3 = "[abcdefghjkstuw]";                                   
 $alpha4 = "[abehmnprvwxy]";                                       
 $alpha5 = "[abdefghjlnpqrstuwxyz]";                               
 $pcexp[0] = '^('.$alpha1.'{1}'.$alpha2.'{0,1}[0-9]{1,2})([0-9]{1}'.$alpha5.'{2})$';  
 $pcexp[1] =  '^('.$alpha1.'{1}[0-9]{1}'.$alpha3.'{1})([0-9]{1}'.$alpha5.'{2})$';
 $pcexp[2] =  '^('.$alpha1.'{1}'.$alpha2.'[0-9]{1}'.$alpha4.')([0-9]{1}'.$alpha5.'{2})$';
 $pcexp[3] =  '^(gir)(0aa)$';  
 $pcexp[4] = '^(bfpo)([0-9]{1,4})$';
 $pcexp[5] = '^(bfpo)(c\/o[0-9]{1,3})$'; 
 $Postcode = strtolower($toCheck);
 $Postcode = str_replace (' ', '', $Postcode);
 $valid = false;
 foreach ($pcexp as $regexp) {    
 if (ereg($regexp,$Postcode, $matches)) {      
 $toCheck = strtoupper ($matches[1] . ' ' . $matches [2]);    
 $toCheck = ereg_replace ('C\/O', 'c/o ', $toCheck);
 $valid = true;
 break;     
 }  
 }  
 if ($valid){return true;} else {return false;};
 }
if(isset($_POST['submit']))
{
$drop = mysql_real_escape_string($_POST['drop_1']);
$tier_two = mysql_real_escape_string($_POST['Subtype']);
$Name = mysql_real_escape_string($_POST["Name"]);
$Phone = mysql_real_escape_string($_POST["Phone"]);
$Email = mysql_real_escape_string($_POST["Email"]);
$Postcode = mysql_real_escape_string($_POST["Postcode"]);
$Website = mysql_real_escape_string($_POST["Website"]);
if($Name == '')
{
die ("<div class=\"form\">You did not complete the name field, please try again</div>");
}
elseif  ($Phone == '' or (preg_match("/^([1]-)?[0-9]{3}-[0-9]{3}-[0-9]{4}$/i", $Phone)))
{
die("<div class=\"form\"> You completed the telephone field incorrectly, please try again</div>");
}
elseif  ($Email == '' or (!filter_var($Email, FILTER_VALIDATE_EMAIL)))
{
die("<div class=\"form\"> You completed the Email field incorrectly, please try again</div>");
}    
elseif  ($Postcode == '' or (!checkPostcode($Postcode)))
{
die("<div class=\"form\"> You did not complete the Postcode field correctly, please try again</div>");
}   
elseif  ($Website == '' or (!preg_match("~^[a-z0-9.-]+\.(com|org|net|edu|co.uk)~i", $Website)))
{   
die("<div class=\"form\">You completed the website field incorrectly, please try again</div>");
}
else
{
echo("<div id=\"formtwo\">Thankyou for submiting your details, you will be added to our directory shortly</div>");
}
$query = ("INSERT INTO business (`id`, `Name`,  `Type`, `Subtype`, `Phone`, `Email`, `Postcode`, `WebAddress`, `Confirmed`)
  VALUES ('NULL', '$Name', '$drop', '$tier_two' , '$Phone', '$Email', '$Postcode', '$Website', 'Yes')");
mysql_query($query) or die ( "<br>Query: $query<br>Error: " .mysql_error());
}
?>

Here is my code:
// Start MySQL Query for Records
$query = "SELECT codes_update_no_join_1b" .
"SET orig_code_1 = new_code_1,
       orig_code_2 = new_code_2" .
"WHERE concat(orig_code_1, orig_code_2) = concat(old_code_1, old_code_2)";
$results = mysql_query($query) or die(mysql_error());
// End MySQL Query for Records


This query runs perfectly fine when run direct as SQL in phpMyAdmin, but throws this error when running in my script??? Why is this???

Code: [Select]
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= new_code_1, orig_code_2 = new_code_2WHERE concat(orig_code_1, orig_c' at line 1

Hello all,   Based on the suggestion of you wonderful folks here, I went away for a few days (to learn about PDO and Prepared Statements) in order to replace the MySQLi commands in my code. That's gone pretty well thus far...with me having learnt and successfully replaced most of my "bad" code with elegant, SQL-Injection-proof code (or so I hope).   The one-and-only problem I'm having (for now at least) is that I'm having trouble understanding how to execute an UPDATE query within the resultset of a SELECT query (using PDO and prepared statements, of course).   Let me explain (my scenario), and since a picture speaks a thousand words I've also inlcuded a screenshot to show you guys my setup:   In my table I have two columns (which are essentially flags i.e. Y/N), one for "items alreay purchased" and the other for "items to be purchased later". The first flag, if/when set ON (Y) will highlight row(s) in red...and the second flag will highlight row(s) in blue (when set ON).   I initially had four buttons, two each for setting the flags/columns to "Y", and another two to reverse the columns/flags to "N". That was when I had my delete functionality as a separate operation on a separate tab/list item, and that was fine.   Now that I've realized I can include both operations (update and delete) on just the one tab, I've also figured it would be better to pare down those four buttons (into just two), and set them up as a toggle feature i.e. if the value is currently "Y" then the button will set it to "N", and vice versa.   So, looking at my attached picture, if a person selects (using the checkboxes) the first four rows and clicks the first button (labeled "Toggle selected items as Purchased/Not Purchased") then the following must happen:   1. The purchased_flag for rows # 2 and 4 must be switched OFF (set to N)...so they will no longer be highlighted in red. 2. The purchased_flag for row # 3 must be switched ON (set to Y)...so that row will now be highlighted in red. 3. Nothing must be done to rows # 1 and 5 since: a) row 5 was not selected/checked to begin with, and b) row # 1 has its purchase_later_flag set ON (to Y), so it must be skipped over.   Looking at my code below, I'm guessing (and here's where I need the help) that there's something wrong in the code within the section that says "/*** loop through the results/collection of checked items ***/". I've probably made it more complex than it should be, and that's due to the fact that I have no idea what I'm doing (or rather, how I should be doing it), and this has driven me insane for the last 2 days...which prompted me to "throw in the towel" and seek the help of you very helpful and intellegent folks. BTW, I am a newbie at this, so if I could be provided the exact code, that would be most wonderful, and much highly appreciated.   Thanks to you folks, I'm feeling real good (with a great sense of achievement) after having come here and got the great advice to learn PDO and prepared statements.   Just this one nasty little hurdle is stopping me from getting to "end-of-job" on my very first WebApp. BTW, sorry about the long post...this is the best/only way I could clearly explaing my situation.   Cheers guys!

case "update-delete":
	if(isset($_POST['highlight-purchased'])) 
		{
			// ****** Setup customized query to obtain only items that are checked ******
			$sql = "SELECT * FROM shoplist WHERE";
					for($i=0; $i < count($_POST['checkboxes']); $i++)
						{
							$sql=$sql . " idnumber=" . $_POST['checkboxes'][$i] . " or";
						}
					$sql= rtrim($sql, "or");
											
			$statement = $conn->prepare($sql);
			$statement->execute();
																						
			// *** fetch results for all checked items (1st query) *** //
			$result = $statement->fetchAll();

			$statement->closeCursor();
											
			// Setup query that will change the purchased flag to "N", if it's currently set to "Y"
			$sqlSetToN = "UPDATE shoplist SET purchased = 'N' WHERE purchased = 'Y'";
											
			// Setup query that will change the purchased flag to "Y", if it's currently set to "N", "", or NULL
			$sqlSetToY = "UPDATE shoplist SET purchased = 'Y' WHERE purchased = 'N' OR purchased = '' OR purchased IS NULL";

			$statementSetToN = $conn->prepare($sqlSetToN);
			$statementSetToY = $conn->prepare($sqlSetToY);
											
			/*** loop through the results/collection of checked items ***/
			foreach($result as $row)
				{
					if ($row["purchased"] != "Y")
						{
							// *** fetch one row at a time pertaining to the 2nd query *** //
							$resultSetToY = $statementSetToY->fetch();
															
							foreach($resultSetToY as $row)
								{															
									$statementSetToY->execute();																
								}
						}
					else
						{
							// *** fetch one row at a time pertaining to the 2nd query *** //
							$resultSetToN = $statementSetToN->fetch();
															
							foreach($resultSetToN as $row)
								{															
									$statementSetToN->execute();																
								}
						}
				}
				break;
		}

 CRUD Queston.png   20.68KB   0 downloads    

If you also have any feedback on my code, please do tell me. I wish to improve my coding base.

Basically when you fill out the register form, it will check for data, then execute the insert query. But for some reason, the query will NOT insert into the database. In the following code below, I left out the field ID. Doesn't work with it anyways, and I'm not sure it makes a difference.

Code:

  Code: [Select]
mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)");
Full code:

Code: [Select]
<?php
include_once("includes/config.php");
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><? $title; ?></title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>
 
<div id="wrap">
 
<div id="header">
<h1><? $title; ?></h1>
<h2><? $description; ?></h2>
</div>
 
<? include_once("includes/navigation.php"); ?>
 
<div id="content">
<div id="right">
<h2>Create</h2>
<div id="artlicles">
<?php
 
if(!$_SESSION['user'])
{
 
        $username = mysql_real_escape_string($_POST['username']);
        $password = mysql_real_escape_string($_POST['password']);
        $name = mysql_real_escape_string($_POST['name']);
        $server_type = mysql_real_escape_string($_POST['type']);
        $description = mysql_real_escape_string($_POST['description']);
 
        if(!$username || !$password || !$server_type || !$description || !$name)
        {

        echo "Note: Descriptions allow HTML. Any abuse of this will result in an IP and account ban. No warnings!<br/>All forms are required to be filled out.<br><form action='create.php' method='POST'><table><tr><td>Username</td><td><input type='text' name='username'></td></tr><tr><td>Password</td><td><input type='password' name='password'></td></tr>";
        echo "<tr><td>Sever Name</td><td><input type='text' name='name' maxlength='35'></td></tr><tr><td>Type of Server</td><td><select name='type'>
       
        <option value='Any'>Any</option>
        <option value='PvP'>PvP</option>
        <option value='Creative'>Creative</option>
        <option value='Survival'>Survival</option>
        <option value='Roleplay'>RolePlay</option>
       
        </select></td></tr>
       
        <tr><td>Description</td><td><textarea maxlength='1500' rows='18' cols='40' name='description'></textarea></td></tr>";
        echo "<tr><td>Submit</td><td><input type='submit'></td></tr></table></form>";
        }
        elseif(strlen($password) < 8)
        {
        echo "Password needs to be higher than 8 characters!";
        }
        elseif(strlen($username) > 13)
        {
                echo "Username can't be greater than 13 characters!";
        }
        else
        {
                $check1 = mysql_query("SELECT username,name FROM servers WHERE username = '$username' OR name = '$name' LIMIT 1");
               
                if(mysql_num_rows($check1) < 0)
                {
                        echo "Sorry, there is already an account with this username and/or server name!";
                }
                else
                {
                        $ip = $_SERVER['REMOTE_ADDR'];

                        mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)");
                        echo "Server has been succesfully created!";
                }
        }
       
}
else
{
        echo "You are currently logged in!";
}
 
?>
</div>
</div>
 
<div style="clear: both;"> </div>
</div>
 
<div id="footer">
<a href="http://www.templatesold.com/" target="_blank">Website Templates</a> by <a href="http://www.free-css-templates.com/" target="_blank">Free CSS Templates</a> - Site Copyright MCTop
</div>
</div>
 
</body>
</html>

I was just wondering if it's possible to run a query on data that has been returned from a previous query?  For example, if I do

Code: [Select]
$sql = 'My query';
$rs = mysql_query($sql, $mysql_conn);

Is it then possible to run a second query on this data such as

Code: [Select]
$sql = 'My query';
$secondrs = mysql_query($sql, $rs, $mysql_conn);

Thanks for any help

Say I have this query:

site.com?var=1

..I have a form with 'var2' field which submits via get.

Is there a way to produce:

site.com?var=1&var2=formdata

I was hoping there would be a quick way to affix, but can't find any info. Also, the query could sometimes be:

site.com?var2=formdata&var=1

I would have to produce:

site.com?var2=updatedformdata&var=1

Is my only option to further parse the query?

I'm trying to update every record where one field in a row is less than the other. The code gets each row i'm looking for and sets up the query right, I hope I combined the entire query into one string each query seperated by a ; so it's like
UPDATE `table` SET field2= '1' WHERE field1= '1';UPDATE `table` SET field2= '1' WHERE field1= '2';UPDATE `table` SET field2= '1' WHERE field1= '3';UPDATE `table` SET field2= '1' WHERE field1= '4';UPDATE `table` SET field2= '1' WHERE field1= '5';
this executes properly if i run the query in phpMyAdmin, however when I run the query in PHP, it does nothing... Any advice?