|
PHP - Confirmation Of My Regex Attempt
I have possible HTTP_REFERER values such as the following:
[HTTP_REFERER] => http://www.example.com/lib/index.php?cid=components&controller=data&id=17&roles_id=15 [HTTP_REFERER] => http://www.example.com/lib/index.php?cid=createhelpI am just trying to get the value of "cid" Note that this applies to a TinyMCE plugin, and my $_GET variable does not include "cid". Looking at my $_SERVER array, HTTP_REFERER is the only element that includes "cid". I am also not concerned about spoofing HTTP_REFERER. I am getting the value of "cid" as follows. Is this the right way to do so? $RegExp = '/index\.php\?cid=([^&]+)/'; preg_match($RegExp, $_SERVER['HTTP_REFERER'], $matches); exit($matches[1]); Similar TutorialsHi all. I`m starting with the php programming and i try to create a simple questionnaire i want to ask few questions with few possible answers could anyone give me any sample how the code should look like, i`ve created few quetsions but they are all seperate code, how can i put them together into one code? any suggestions? Thanks Hey guys! In my tutorials they were putting together a login system. After I watched the tutorial I decided to put one together that was my own. also, the tutorial only used MD5. After I read the post on the top of this forum about MD5 I decided to give salt a go on my own to see if I could pull it off. I'd like to hear what more experienced coders have to say about my code, but I'd appreciate it if you went easy on me lol. I'm quite happy with myself that I put this together all on my own and it works, I have tested it with my database lol. Code: (php) [Select] <?php //Check for form values in POST array// if (isset($_POST['username'])&& isset($_POST['password'])){ //strip tags and whitespace from user// if(!empty($_POST['username'])){ $T_user = strip_tags($_POST['username']); $user = str_replace(' ','',$T_user); }else{ $user = false; } //strip tags and spaces// if(!empty($_POST['password'])){ $T_pass = strip_tags($_POST['password']); $T2_pass = str_replace(' ', '', $T_pass); //Generate SALT and encrypt// $salt = 'angelinajolie'; $pass = md5($T2_pass.$salt); }else{ $pass = false; } //Check User and Pass for NULL then query database// if($pass || $user != false){ $query = "SELECT id FROM users WHERE username = '$user' AND password ='$pass'"; $query_run = mysql_query($query); $query_rows = mysql_num_rows($query_run); if($query_rows == 0){ echo 'Password and/or Username are invalid!'; echo $query_rows; }else if ($query_rows != 0){ echo 'Welcome back!'; } }else{ echo 'Must specify Username and Password!'; } } ?> <form action="<?php echo $current_file; ?>" method="POST"> Username: <input type="text" name="username" /> Password: <input type="password" name="password" /> <input type="submit" value="Login" /> </form> Lately I've been telling myself to start touching up my security when it comes to passwords, so here I am with another question on PHPFreaks. I've read several salting guides, but I still have a few lingering questions. One of which is: once a salt has been created (see my function below), do I store it in a column named "salt" for each user in the "users" table? It seems like if a hacker got a hold of the database information, they could just ignore the salt and go straight to deciphering a user's hashed password. Just curious about that... Now, onto my simple function I decided to write to give this a try: function generateSalt($username) { //length of salt $char_max = 21; $char_list = array('A', 'B', 'C', 'D', 'G', 'Z', rand(0,200), 9, 8, 6, rand(3,55), rand(7, 1444)); //random numbers and letters will be appended to this variable $gen_chars = ''; for($x = 0; $x < 10; $x++) { $gen_chars .= $char_list[rand(0, count($char_list))]; } //random addition to salt $gen_chars = hash(sha256, $gen_chars); //shorten then hash -- max 5 chars $shorten_user = substr(sha1(strpos($username, 0, 3)), 0, 5); //salt var $salt = $gen_chars.$shorten_user.date('M-d-Y h:m:s'); $salt = substr(hash(sha256, $salt), 0, $char_max); return $salt; } Any feedback regarding this function? I've read that MD5 isn't really reliable, and people should be using SHA256, so I decided to go with that. I also tried to make each user's salt really random and unique. But how does this affect the user's password or make it any securer if I can't combine the salt and password? I know for a fact that I'm missing a piece of information or doing something wrong, so if anyone could help me out: that'd be very appreciated. I stumbled across this site after being slammed hard elsewhere for being a novice and really not knowing what I am doing. What I have read so far is more encouraging. I just wrote my first program in php and it is not working at all right now. All it keeps doing is opening window after window until I force the browser to close. I am using a Mac running Yosemite and using MAMP. Hopefully that is enough background.
I know this is an introduction area, so I will also post this in another forum in case this is closed for being off topic.
This is a login file to connect to the server:
<?php // login.php
// Get connection information
echo <<<_END
<form method = "post" action = "login.php">
<pre>
<input type = "text" name = "localhost" />host server<br />
<input type = "text" name = "username" />Username<br />
<input type = "text" name = "password" /><br />
<br />
<input type = "submit" value = "submit" />
</form>
_END
$db_server = sanitize_string($localhost);
$db_username = sanitize_string($username);
$db_password = sanitize_string($password);
/*
$user = 'root';
$password = 'root';
$db = 'rpsls';
$host = 'localhost';
$port = 3306;
$link = mysql_connect(
"$host:$port",
$user,
$password
);
$db_selected = mysql_select_db(
$db,
$link
);
*/
mysql_connect($db_server, $db_username, $db_password) or die(mysql_error());
// Create rpsls table if it does not exist
$tbl = "rpsls";
$query = "CREATE TABLE rpsls(human VARCHAR(10), computer VARCHAR(10), outcome VARCHAR(5),
action VARCHAR(15));
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Paper", "Lose", "Covers");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Scissors", "Win", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Lizard", "Win", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Rock", "Spock", "Lose", "Vaporizes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Rock", "Win", "Covers");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Scissors", "Lose", "Cuts");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Lizard", "Lose", "Eats");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Paper", "Spock", "Win", "Disproves");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Lizard", "Win", "Decapitates");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Spock", "Lose", "Smashes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Rock", "Lose", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Scissors", "Paper", "Win", "Cuts");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Spock", "Win", "Poisons");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Rock", "Lose", "Crushes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Paper", "Win", "Eats");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Lizard", "Scissors", "Lose", "Decapitates");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Rock", "Win", "Vaporizes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Paper", "Lose", "Disproves");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Scissors", "Win", "Smashes");
INSERT INTO rpsls (human, computer, outcome, action) VALUES ("Spock", "Lizard", "Lose", "Poisons");";
check_table($tbl, $query);
// Create choices table if it does not exist
$tbl = "choices";
$query = "CREATE TABLE choices(id SMALLINT, choice VARCHAR(10));
INSERT INTO choices (id, choice) VALUES (1, "Rock");
INSERT INTO choices (id, choice) VALUES (2, "Paper");
INSERT INTO choices (id, choice) VALUES (3, "Scissors");
INSERT INTO choices (id, choice) VALUES (4, "Lizard");
INSERT INTO choices (id, choice) VALUES (5, "Spock");";
check_table($tbl, $query);
// Sanitize user input
function sanitize_string($var)
{
$var = stripslashes($var);
$var = htmlentities($var);
$var = strip_tags($var);
return $var;
}
function check_table($tbl, $query){
$db = new mysqli(...);
$result = $db->query("SHOW TABLES LIKE "$tbl);
if ($result->num_rows == 0){
mysql_query($query);
}
}
?>
and this is the program:
<?php
// log into server and database
require_once 'login.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to MySQL: " . mysql_error());
$conn = mysql_connect($db_server, $db_username, $db_password) or die(mysql_error());
$db_database = 'rpsls';
mysql_select_db($db_database) or die("Unable to select database: " . mysql_error());
// Start Game
ready_to_play();
// Rock Paper Scissors Lizard Spock game
function rock_paper_scissors_lizard_spock()
{
$human = human_play();
$computer = computer_play();
game_outcome($human, $computer);
play_again();
// Start Game Function
function ready_to_play(){
echo <<<_END
<form method = "post" action = "rpsls.php">
<h2>Ready to play Rock, Paper, Lizard, Spock?</h2>
<hr>
<table>
<tr>
<td><input type = "radio" name = "ready" value = "Yes" />Yes</td>
<td><input type = "radio" name = "ready" value = "No" />No</td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
if ($ready == "Yes"){
$query = "CREATE TABLE gameResults (
games SMALLINT NOT NULL,
win SMALLINT NULL,
loss SMALLINT NULL,
draw SMALLINT NULL,
PRIMARY KEY (games))";
mysql_query($query);
rock_paper_scissors_lizard_spock();
}else{
close_rpsls();
}
}
// Play Again
// Start Game Function
function play_again()
{
echo <<<_END
<form method = "post" action = "rpsls.php">
<h2>Play Again?</h2>
<hr>
<table>
<tr>
<td><input type = "radio" name = "ready" value = "Yes" />Yes</td>
<td><input type = "radio" name = "ready" value = "No" />No</td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
if ($ready == "Yes"){
rock_paper_scissors_lizard_spock();
}else{
close_rpsls();
}
}
// Human Play Selection
function human_play()
{
echo <<<_END
<form method = "post" action = "rpsls.php">
<h2>Let's Play Rock, Paper, Lizard, Spock</h2>
<hr>
<table>
<tr>
<td><input type = "radio" name = "human" value = "Rock" />Rock</td>
<td><input type = "radio" name = "human" value = "Paper" />Paper</td>
</tr>
<tr>
<td><input type = "radio" name = "human" value = "Scissors" />Scissors</td>
<td><input type = "radio" name = "human" value = "Lizard" />Lizard</td>
</tr>
<tr>
<td colspan = "2"><input type = "radio" name = "human" value = "Spock" />Spock</td>
</tr>
<tr>
<td colspan = "2"><hr></td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
return $human;
}
// Computer Play Selection
function computer_play()
{
$play = rand(1,5);
$query = "SELECT choice FROM choices WHERE number = $play";
$computer = mysql_query($query);
return $computer;
}
// Game Outcome Function
function game_outcome($human, $computer)
{
$win = $loss = $draw = 0
if ($human == $computer){
echo "Draw<br />";
echo "We both played ".$human;
$draw = 1;
}else{
$query = "SELECT outcome, action FROM rpsls WHERE human = $human AND computer = $computer";
$results = mysql_query($query);
$results2 = mysql_fetch_array($results);
$outcome = $results2[0];
$action = $results2[1];
if ($outcome == "Win"{
echo "You Win!!!<br />"
echo "Your ".$human. " ".$action." my ".$computer."<br />";
$win = 1;
}else{
echo "You Lose/.<br />
echo "My ".$computer." ".$action." your ".$human."<br />";
$loss = 1;
}
}
$query = "INSERT INTO gameResults VALUES".(NULL, '$win', '$loss', '$draw')";
mysql_query($query);
}
// Game Statistics Function
function game_statistics ()
{
$query = "SELECT * FROM gameResults";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
$games = $rows;
$win = $loss = $draw = 0;
for ($index = 0; $index < $rows; ++$index){
$row = mysql_fetch_row($result);
$win = $win + $row[1];
$loss = $loss + $row[2];
$draw = $draw + $row[3];
}
echo <<<_END
<table>
<tr>
<td>Games</td>
<td>Win</td>
<td>Loss</td>
<td>Draw</td>
</tr>
<tr>
<td>$games</td>
<td>$win</td>
<td>$loss</td>
<td>$draw</td>
</tr>
</table>
_END
}
// Print Statistics and close the game
function close_rpsls(){
echo <<<_END
<form method = "post" action = "rpsls.php">
<h3>Are you sure you want to quit?</h3>
<hr>
<table>
<tr>
<td><input type = "radio" name = "ready" value = "Yes" />Yes</td>
<td><input type = "radio" name = "ready" value = "No" />No</td>
</tr>
<tr>
<td colspan = "2"><input type = "submit" value = "Play!" /></td>
</tr>
</table>
</form>
_END
if ($ready == "No"){
rock_paper_scissors_lizard_spock();
}else{
$query = "DROP TABLE gameResults";
mysql_query($query);
}
}
// close connection
mysql_close($conn);
?>
Please forgive my novice errors and help me figure out what is wrong with this program.
Thank you.
Here is the contents of the error log:
141104 18:36:26 mysqld_safe Starting mysqld daemon with databases from /Applications/MAMP/db/mysql141104 18:36:28 [Warning] Setting lower_case_table_names=2 because file system for /Applications/MAMP/db/mysql/ is case insensitive 141104 18:36:28 [Note] Plugin 'FEDERATED' is disabled. 141104 18:36:28 InnoDB: The InnoDB memory heap is disabled 141104 18:36:28 InnoDB: Mutexes and rw_locks use GCC atomic builtins 141104 18:36:28 InnoDB: Compressed tables use zlib 1.2.3 141104 18:36:28 InnoDB: Initializing buffer pool, size = 128.0M 141104 18:36:28 InnoDB: Completed initialization of buffer pool 141104 18:36:28 InnoDB: highest supported file format is Barracuda. 141104 18:36:32 InnoDB: Waiting for the background threads to start 141104 18:36:33 InnoDB: 5.5.38 started; log sequence number 1711074 141104 18:36:33 [Note] Server hostname (bind-address): '0.0.0.0'; port: 8889 141104 18:36:33 [Note] - '0.0.0.0' resolves to '0.0.0.0'; 141104 18:36:33 [Note] Server socket created on IP: '0.0.0.0'. 141104 18:36:35 [Note] Event Scheduler: Loaded 0 events 141104 18:36:35 [Note] /Applications/MAMP/Library/bin/mysqld: ready for connections. Version: '5.5.38' socket: '/Applications/MAMP/tmp/mysql/mysql.sock' port: 8889 Source distribution At the fear of bothering all you, I will post here hoping that I am in the write section. I am new to php and mysql. I am using such to develope a webpage for my new business. I do believe that my php scripting is turned on because I have one script that "works". However when I take the wheel and write a script of my own and try to view it all I get is a blank white page and no errors nor anything that I wanted to display. I have tried numerous attempts at tiring to get anything to show up all I can ever seem to do is "echo" something anything else is null in displaying. Please feel free to take a look. http://72.28.26.162/rc/ phpinfo.php is accessible if you insert it after the last / (http://72.28.26.162/rc/phpinfo.php) I am at a loss. I have spent hours looking for something I miss during set up or with my procedure. I thank whomever my help me in advance. I am running ubuntu server 10 Apache/2.2.16 port 80 (Please advise if you need anything else) thanks Hi guys, I am creating a piece of code that blocks a user a for 48 hours after attempting to login 5 times with the wrong password, within a 24hour period. If the user logs in successful within the 24hr and, it should reset the attempt count.
The issue I'm having ATM is that with the attempt count, It is only updating the first row of that user, if i attempt more times. Here is an example of whats going on:
User - Time - Attempt- count()
User 1 10:00pm Attempt 1 (5)
User 1 10:02pm Attempt 2 (4)
User 1 10:04pm Attempt 3 (3)
User 1 10:06pm Attempt 4 (2)
User 1 10:07pm Attempt 5 (1)
User 2 10:15pm Attempt 1 (2)
User 2 10:20pm Attempt 2 (1)
As you can see, all the attempts will increment (the numbers in the bracket) but the latest attempt will be set to one. How do I get it so that all the attempts are incremented so it looks like this.
User - Time - Attempt- count()
User 1 10:00pm Attempt 1 (5)
User 1 10:02pm Attempt 2 (5)
User 1 10:04pm Attempt 3 (5)
User 1 10:06pm Attempt 4 (5)
User 1 10:07pm Attempt 5 (5)
User 2 10:15pm Attempt 1 (2)
User 2 10:20pm Attempt 2 (2)
Here is a snippet of my code:
if (!$pw_ok) {
if (isset($_SERVER["REMOTE_ADDR"])) {
$str_RemoteHost = $_SERVER["REMOTE_ADDR"];
} else {
$str_RemoteHost = '';
}
$qry_WriteToDatabase = " INSERT INTO cms_user_login_attempts
(
cula_user_id,
cula_date_time,
cula_remote_host,
cula_attempt_count
)
VALUES (
" . $db->SQLString($row->user_id) . ",
Now(),
" . $db->SQLString($str_RemoteHost, true) . ",
'cula_attempt_count'
)";
$db->query($qry_WriteToDatabase);
$qry_UpdateCount = " UPDATE
cms_user_login_attempts
SET
cula_attempt_count = cula_attempt_count + 1
WHERE
cula_user_id = " . $db->SQLString($row->user_id) . " ";
$db->query($qry_UpdateCount);
$qry_CheckDatabase = " SELECT
CASE WHEN count(*) >= 5 THEN 0 ELSE 1 END as allowed_login
FROM
cms_user_login_attempts
WHERE
cula_date_time >= DATE_SUB(CURRENT_TIMESTAMP, interval 48 hour)
AND
cula_user_id = " . $db->SQLString($row->user_id) . "";
$rs_CheckDatabase = $db->query($qry_CheckDatabase);
if (! (isset($qry_CheckDatabase) && $qry_CheckDatabase)) {
$errors->defineError("invalid_user_pass", "Too many attempts, account locked for 48hours.", array("username","password"));
}
}
Edited by Navees_, 08 January 2015 - 06:15 PM. hope you all had a good Christmas/New Year. What I am trying to do is to submit as POST values to database_write.php, from within the while statement. What is happening is I am getting the second row of data every time I change the primary button.
Currently database_write.php is just doing print_r($_POST), And my array is always the same, no matter which select box I choose from. How can I get the values to be associated with the row I am currently changing? Any help would be great, thanks.
What I have so far:
<table class="table table-bordered table-hover">
<thead>
<th>Room Number</th>
<th>Primary Caregiver</th>
<th>Seconday Caregiver</th>
</thead>
<tbody class="list">
<?php
$sql = 'SELECT alarm_device_id, alarm_description, alarm_device_type, notes FROM alarm_device where notes in (\'MSU\') ORDER BY alarm_description';
$retval = mysql_query( $sql, $con );
if(! $retval )
{
die('Could not get data: ' . mysql_error());
}
$x=0;
while($row = mysql_fetch_array($retval, MYSQL_ASSOC))
{
$id = $row['alarm_device_id'];
$alarm_description = $row['alarm_description'];
echo '<form id="msu_form">';
echo "<tr><td>{$row['alarm_description']}</td>";
echo "<td>";
$query2 = "SELECT alert_device_id,alert_description FROM alert_device WHERE notes = 'MSU'";
$result2 = mysql_query($query2) or die("Error in alarm_device select:" . mysql_error());
$count2 = mysql_num_rows($result2);
if($count2 > 0)
{
//echo '<select name='.$x.'>';
echo '<select id="Primary" name="primary" onchange="doAjaxPost(this)">';
while($row2 = mysql_fetch_array($result2))
{
echo "<option value=".$row2['alert_device_id'].">".$row2['alert_description']."</option>";
}
echo "</select>";
}else
{
echo "Please update alert device to this area";
}
echo "</td>";
echo "<td>";
$query3 = "SELECT alert_device_id,alert_description FROM alert_device WHERE notes = 'MSU2'";
$result3 = mysql_query($query3) or die("Error in alarm_device select:" . mysql_error());
$count3 = mysql_num_rows($result3);
if($count3 > 0)
{
echo '<select id="Secondary" name="secondary">';
while($row3 = mysql_fetch_array($result3))
{
echo "<option value=".$row3['alert_device_id'].">".$row3['alert_description']."</option>";
}
echo "</select>";
}else
{
echo "Please update alert device to this area";
}
echo "</td>";
$aid = $id + $x;
//echo $aid;
//$ad = $alarm_description + $x;
echo '<input type="hidden" id="ID" name="ID" value="'.$id.'"/>';
//echo '<input type="hidden" id="desc" name="desc" value="'.$ad.'"/>';
//echo '<td>'."<input type='submit' name='btnupdate' value='UPDATE' /></td>";
//echo '<td><input type="button" value="Ajax Request" onClick="doAjaxPost()"></td>';
echo '</form>';
$x = $x+1;
}
?>
<script>
function doAjaxPost() {
// get the form values
var primary = $('#Primary').val();
var secondary = $('#Secondary').val();
var hidden = $('#ID').val();
//var desc = $(sel).parent().nextAll('#desc').val();
$.ajax({
type: "POST",
url: "functions/database_write.php",
data: $('#msu_form').serialize(),
//data: "Primary="+primary+"&Hidden="+hidden+"&Secondary="+secondary,
success: function(resp){
//we have the response
alert("'" + resp + "'");
},
error: function(e){
alert('Error: ' + e);
}
});
}
</script>
</tr>
</tbody>
</table>
Bonjour, I have a form in php (name, adresse ... and Email). Somebody is playing me a joke in sending me about 100 mails a day through my form. It's a joke but at last not really funny. What I am lookink for is lines of PHP codes which control the Email field into the form and would not allow the form to be sent. If you have another solution it's with a great pleasure I will accept it; Thanks a lot My english is definitively french. sorry about it Ener Incorrect login attempt 1 \/ Incorrect login attempt 2 \/ Incorrect login attempt 3 -->> ?forgot your login details? What's the most effecient way of achieving this? Is it to: 1. create a session for the user who hasn't logged in 2. the user login fails once, session['fail']=1 3. the user login fails twice, session['fail']=2 4. the user login fails for a third time pushing the session['fail'] count to three: this triggers an 'if' on the index.php prompting the user to retrieve their details through the "forgot login details system" However if the session['fail'] count never reaches 3 then this temp session is destroyed and the proper one created allowing the user into the site?? As usual any pointers into the correct direction here would be very much appreciated (and i try to repay by answering other peoples questions [where i can ]) I want to query a database (search) and pass the desired columns from the search results to another page like so: Code: [Select] <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //authenticate user require('auth.php'); if (isset($_POST['submit'])) { // Connect to the database. require_once ('config.php'); //Query the database. $sql = "SELECT* FROM members INNER JOIN images ON members.member_id = images_member_id WHERE members.ethnicity = '{$_POST['ethnicity']}'"; $query = mysql_query($sql); if(mysql_num_rows($query) > 0){ while(($row = mysql_fetch_assoc($query)) !== false) { //Redirect to search results page. header("Location: search_results.php?friend='.$row['member_id'].'&me='.$_SESSION['id'].' &pic='.$row['image'].'&name='.$row['username'].'"); } } else { //If no results found. echo 'No results match this search query.' ; } } ?> I get the following error when i try to run the page (by submitting a form from another page which executes this page): Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/a4993450/public_html/profile_search.php on line 31 The culprit line is this one: header("Location: search_results.php?friend='.$row['member_id'].'&me='.$_SESSION['id'].' &pic='.$row['image'].'&name='.$row['username'].'"); As you can see, I eliminated all white space between the variables and concatenations, thinking that that was the problem but I keep getting the error message. I'm at a loss about what to do next. Any help? SET UP: Windows vista # XAMPP 1.7.3, # Apache 2.2.14 (IPv6 enabled) + OpenSSL 0.9.8l # MySQL 5.1.41 + PBXT engine # PHP 5.3.1 # phpMyAdmin Error message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') VALUES ('qwerty','uiop','asd')' at line 2 I'm trying to get this multi page order form to insert information into two tables via a session. But it comes up with the above error message. This script worked perfectly with one table but as soon as I coded he information to go into two tables it screwed up. Is it the sprint <?php //let's start our session, so we have access to stored data session_start(); session_register('membership_type'); session_register('terms_and_conditions'); include 'db.inc.php'; $db = mysql_connect('localhost', 'root', '') or die ('Unable to connect. Check your connection parameters.'); mysql_select_db('ourgallery', $db) or die(mysql_error($db)); //let's create the query $query = sprintf("INSERT INTO subscriptions ( name, email_address, membership_type,) VALUES ('%s','%s','%s')", mysql_real_escape_string($_SESSION['name']), mysql_real_escape_string($_SESSION['email_address']), mysql_real_escape_string($_SESSION['membership_type'])); //let's run the query $result = mysql_query($query, $db) or die(mysql_error($db)); $query = sprintf("INSERT INTO site_user_info ( terms_and_conditions, name_on_card, credit_card_number, credit_card_expiration_data) VALUES ('%s','%s','%s','%s')", mysql_real_escape_string($_SESSION['terms_and_conditions']), mysql_real_escape_string($_POST['name_on_card']), mysql_real_escape_string($_POST['credit_card_number']), mysql_real_escape_string($_POST['credit_card_expiration_data'])); //let's run the query $result = mysql_query($query, $db) or die(mysql_error($db)); echo '$result'; ?> I'm trying to insert into this database: <?php require 'db.inc.php'; $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die ('Unable to connect. Check your connection parameters.'); mysql_select_db(MYSQL_DB, $db) or die(mysql_error($db)); $query = 'CREATE TABLE IF NOT EXISTS subscriptions ( name VARCHAR(50) NOT NULL, email_address VARCHAR(50), membership_type VARCHAR(50), PRIMARY KEY (name) ) ENGINE=MyISAM'; mysql_query($query, $db) or die (mysql_error($db)); // create the user information table $query = 'CREATE TABLE IF NOT EXISTS site_user_info ( name VARCHAR(50) NOT NULL, terms_and_conditions VARCHAR(50) NOT NULL, name_on_card VARCHAR(50), credit_card_number VARCHAR(50), credit_card_expiration_data VARCHAR(50), FOREIGN KEY (name) REFERENCES subscriptions(name) ) ENGINE=MyISAM'; mysql_query($query, $db) or die (mysql_error($db)); echo 'Success!'; ?> What am I doing wrong? is there a code spell checker ? Also should I use the mysql_real_escape_string() on the user input as they become sessions variables or is it okay to wait and clean the input as it gets inserted in the table? Thanks for your help. I have created a registration form for my website. I want that, whenever any user register to my website an automated mail is send to the Email (with an confirmation link of registration) which he had given their.... I am able to send mails via smtp but dont know how to create a confirmation link url... I thought so that it must be the cookie which automatically generated on the registration.. I need your help.. Thanx in advance... Hi all, I have a link that when clicked I it shows a popup box and depending on whether the user clicks yes or no the user script will continue to a php processing page to delete a record. I have made the popup box as shown below but if you click yes OR no the record is still deleted! How can I cancel the page being redirected if the user clicks no? Thanks <head> </style> <script type="text/javascript"> <!-- function confirmation() { var answer = confirm("Are you sure you want to delete the advert?") if (answer){ alert("Your advert has been deleted!") } else{ } } //--> </script> </head> <body> <?php echo "<a href=\"manage-aircraft.php?reg=$reg\">$title</a> <a href=\"works/deleteadvert.php?reg=$reg\" onclick=\"confirmation()\"><img src=\"images/delete.png\" alt=\"Aircraft For Sale\" width=\"15\" height=\"15\" /></a><br>"; ?> </body> Hello all, Im making a Quote Request Form for my dads company. So first they have the actual form then they click submit and it going to a confirmation page so they can review their information, at the confirmation page i want the end user to be able to click confirm and it sends the form to my e-mail. and if they made a mistake to be able to click button saying go back and they just change the information. I tried to set it up that way but when i click submit, it says it submitted and i got the e-mail but none of the info was there, and the back button kept me on the confirmation page but erased all the data. hI, im trying to create a delete confirmation box. This particular line is showing error as below : Parse error: parse error, expecting `','' or `';'' in C:\wamp\www\i-document\search_admin.php on line 103 please help. thankz. echo "<td><a href=" . $rows['url'] . ">" . $rows['url'] . "</a></td>"; echo "<td><a href=edit_doc.php?id=" . $rows['id'] . ">Edit</a></td>"; echo "<td><a href=delete.php?id=" . $rows['id'] ." onClick="return confirm('Are you sure you want to delete?');">Delete</a></td>"; I've got here a code.. So basically this code is for deleting.. i want to set a Confimation popup box With yes or no.. then' When the user click yes, it will redirect to the next page. and if its a no. it would be at the same page. Here's my code. Code: [Select] <form name="formnew" method="post" action="valdelsec.php"> <?php $host="localhost"; $username="root"; $password=""; $db_name="dbsection"; $tbl_name="sections"; mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); $sql="SELECT * FROM $tbl_name"; $result=mysql_query($sql); $count=mysql_num_rows($result); echo '<select style="position:absolute; top:307px; left:302px; width: 254px; height: 21px; font-size:10px;" name="section" onChange="this.name">'; echo "<option size =30 selected>Select</option>"; if(mysql_num_rows($result)) { while($row = mysql_fetch_assoc($result)) { echo "<option>" .$row['Sname']. "</option>"; } echo "</select>"; } else { echo "<option>No Section Present</option></select>"; } ?> <div id="apDiv11"><input type="image" src="images/delete.png" name="Image9" width="170" height="35" border="0" ></div> </form>.. Hoping for your help.. thanks! I'm trying to incorporate a confirmation email function into an existing php script. I have a form that works perfectly, but I can't figure out how to get it to send an email confirmation. Here's the code ... sorry for posting so much of it, but in case I miss anything ... here it is. It's hosted on GoDaddy on a Linux platform ... if that makes any difference. If anyone can enlighten me ... Please Do. Thanks! <?php $d = date("m-d-y H:i:s"); // assign incomming data $CustomerStatus = $_POST["CustomerStatus"]; $Contact = $_POST["Contact"]; $Name = $_POST["Name"]; $an = str_replace(" ", "", $Name); $Company = $_POST["Company"]; $Address = $_POST["Address"]; //$office = $_POST["office"]; $CityStateZip = $_POST["CityStateZip"]; $Phone = $_POST["Phone"]; $Email = $_POST["Email"]; $ResponseType = $_POST["ResponseType"]; $Artwork = $_POST["Artwork"]; $ProjectName = $_POST["ProjectName"]; $DueDate = $_POST["DueDate"]; $EstimateNumber = $_POST["EstimateNumber"]; $PONumber = $_POST["PONumber"]; $Pages = $_POST["Pages"]; $Quantity = $_POST["Quantity"]; $ColorFrontBack = $_POST["ColorFrontBack"]; $FlatSize = $_POST["FlatSize"]; $FoldedSize = $_POST["FoldedSize"]; $StockText = $_POST["StockText"]; $StockCover = $_POST["StockCover"]; $LabelStock = $_POST["LabelStock"]; $Coating = $_POST["Coating"]; $Bindery = $_POST["Bindery"]; $Additional = $_POST["Additional"]; $group1 = $_POST["group1"]; $group2 = $_POST["group2"]; $group3 = $_POST["group3"]; $redirect = $_POST["redirect"]; //$subject = $_POST["Subject"]; /* ************* Begin Configuration ************* */ $relocate = "http://www.xxxxx.com/"; // insert your relocation url here $home = "http://www.xxxxx.com/"; $MOVE_TO_PATH = '/home/content/xxxxx/html/FileUpload/'; $PATH_TO_DIR = 'http://www.xxxxx.com/FileUpload/'; // The following values are used to verify_uploaded_file() as the sizes and types that can be uploaded. $UPLOAD_TYPES['PSD'] = 1; // Allow .psd files $UPLOAD_TYPES['JPG'] = 1; // Allow .jpg files (definition must be upper case) $UPLOAD_TYPES['JPEG'] = 1; // Allow .jpeg files $UPLOAD_TYPES['AI'] = 1; // Allow .ai files $UPLOAD_TYPES['EPS'] = 1; // Allow .eps files $UPLOAD_TYPES['PDF'] = 1; // Allow .pdf files $UPLOAD_TYPES['GIF'] = 1; // Allow .gif files $UPLOAD_TYPES['PNG'] = 1; // Allow .png files $UPLOAD_TYPES['DOC'] = 1; // Allow .doc files $UPLOAD_TYPES['XLS'] = 1; // Allow .xls files $UPLOAD_TYPES['ZIP'] = 1; // Allow .zip files $UPLOAD_TYPES['SIT'] = 1; // Allow .sit files $UPLOAD_TYPES['FLA'] = 1; // Allow .fla files $UPLOAD_SIZES['max'] = 180000000; // Maximum size -- Make sure the file is under 180 MB : 180,000,000 = 180 MB $UPLOAD_SIZES['min'] = 0; // Minimum size -- Arbitrary small file size to distinguish between no file and file submission $sender_name = "Order"; $sender_email = "me@xxxxx.com"; $mailheaders = "Content-Type: text/plain; charset=us-ascii\nFrom: $sender_name <$sender_email>\nReply-To: <$sender_email>\nReturn-Path: <$sender_email>\nX-Mailer: PHP"; //$to = "me@xxxxx.com"; $to = "me@xxxxx.com"; $subject = "Order"; $msg ="$d\n\n"; $msg .= "CustomerStatus: $CustomerStatus\n"; $msg .= "Contact: $Contact\n"; $msg .= "Name: $Name\n"; $msg .= "Company: $Company\n"; $msg .= "Address: $Address\n"; $msg .= "CityStateZip: $CityStateZip\n"; $msg .= "Phone: $Phone\n"; $msg .= "Email: $Email\n"; $msg .= "ResponseType: $ResponseType\n"; $msg .= "Artwork: $Artwork\n"; $msg .= "ProjectName: $ProjectName\n"; $msg .= "DueDate: $DueDate\n"; $msg .= "EstimateNumber: $EstimateNumber\n"; $msg .= "PONumber: $PONumber\n"; $msg .= "Pages: $Pages\n"; $msg .= "Quantity: $Quantity\n"; $msg .= "ColorFrontBack: $ColorFrontBack\n"; $msg .= "FlatSize: $FlatSize\n"; $msg .= "FoldedSize: $FoldedSize\n"; $msg .= "StockText: $StockText\n"; $msg .= "StockCover: $StockCover\n"; $msg .= "LabelStock: $LabelStock\n"; $msg .= "Coating: $Coating\n"; $msg .= "Bindery: $Bindery\n"; $msg .= "Additional: $Additional\n"; $msg .= "group1: $group1\n"; $msg .= "group2: $group2\n"; $msg .= "group3: $group3\n"; $success_block = "<p>Thank you for submitting your information. We will review your information and get back to you within a day or two.</p><br><br>"; /* ************* End Configuration ************* */ Hi all , sorry for posting question again , I really tried this for a whole day already but still can't get any solution... Now I completed my submit form with validation , when I click submit , above the form will echo the values entered by user and a button for confirmation , if everything okay then just click the confirm button , it will update into mysql . (I do this using php function ) But even if I click the confirm button , it will just refresh my page and won't update into mysql . I know that it is because this button has no related to the submit form so there is nothing for it to update , but I still don't know how to find other ways to do it . I even tried to put a disabled button first , when I click submit button then it will allow to click . Hmm...not a good way I know...(and won't works with my limited php knowledge) Can I get a little hints for this problem ? In my submit form Code: [Select] if(isset($_POST['Submit'])) { if($validator->ValidateForm()) { $myfunction->show_confirmation(); } For the function part: ( another php file ) Code: [Select] function show_confirmation(){ echo "Total recipient(s):".count($total)."<br>"; echo "<br>" ; echo "Recipient Number(s):<br>".$_POST['cellphonenumber']."<br>" ; echo "<br>" ; echo "Message:<br>".$_POST['inputtext']."<br>" ; echo "<br>" ; echo "Date:".$_POST['datetime']."<br>" ; echo "<br>"; echo "<br>"; echo " Proceed ?"; echo "<br>"; echo "<form>"; echo "<input type=\"submit\" name=\"Submit2\"> echo "</form>"; if(isset($_POST['Submit2'])) { $this->submit(); } } submit() is just a function that will insert values into mysql table . This is my normal form: After click submit button: So...what should I do to make the Submit2 button works ? Any hints or advices will be greatly appreciate . I'm not asking for a whole complete solution but just some hints...thanks for every reply . |
|||||||