PHP - Escape Function And Java Script Insertion

I want to id each comment so that where any member response on a comment, the INSERT and the SELECT knows where to display the responses, to what comment the responses belong to. t. it is like creating an id for each comment so the SELECT display each responses below in its messages. but i don't know if it is an html, php or javascript issue to handle below there are two forms, the parent form and the responses form below each comment form, I want the responses to display below each comment to what it belongs too. I have some tables structure problems and some html issues. the javascript is working for the parent comment it is working perfectly but for the second form the responses form it is not displaying below the comments.
Code: [Select]
<?php 
$id = $_GET['id']; // this id of the user being commented in the user table I guess I will need that id to identify which user is being commented "profile" that's the id of his profile
     if (isset($_SESSION['id'])) {    
     $userid = $_SESSION['id']; 
     $username = $_SESSION['name']; }
      else {

       // do this
     
      }
     // the userid contains the id and name of the user commenting "the user logged in".
     
     if ($_POST['comment_field_1'] != ""){

 

         $comment_field_1 = $_POST['comment_field_1'];
 $comment_field_1 = stripslashes($comment_field_1);
 $comment_field_1 = strip_tags($comment_field_1);
 $comment_field_1 = mysql_real_escape_string($comment_field_1);
 $comment_field_1 = eregi_replace("'", "&#38;#38;#39;", $comment_field_1);
 
 $sql = mysql_query("INSERT INTO comments (mem_id,commented_men_id, the_message,parent_id, message_date) 
     VALUES('$userid','$idc','$comment_field_1', $parent_id now())")  
     or die (mysql_error());
 
     // i guess the $parent_id should be initialize somewhere in the top with a value of 0 or 1 depending weather it is a response or a comment.
    }
    
         // men_id is the field of the $userid, commented_men_id is the field for the commented on, $idc variable etc...

    if ($_POST['comment_field_2'] != ""){  // responses form field

 

         $comment_field_2 = $_POST['comment_field_2'];
 $comment_field_2 = stripslashes($comment_field_2);
 $comment_field_2 = strip_tags($comment_field_2);
 $comment_field_2 = mysql_real_escape_string($comment_field_2);
 $comment_field_2 = eregi_replace("'", "&#38;#38;#39;", $comment_field_2);
 
 $sql = mysql_query("INSERT INTO comments (mem_id,commented_men_id, the_message,sub_commented_id, message_date) 
     VALUES('$userid','$idc','$comment_field_1', $sub_commented_id now())")  
     or die (mysql_error());
 
     // here instead of $parent_id I use field created for responses to tag a comment as a response should be initialize somewhere in the top with a value of 0 or 1 depending weather it is a response or a comment. I am not sure weather I should leave the parent_id variable or come with this new field $sub_commented_id. What do you think?
    }
    
         // men_id is the field of the $userid, commented_men_id is the field for the commented on, $idc variable etc...
    
    
    if (isset($_SESSION['id'])) {

if ($_SESSION['id'] == $userid ) {
 $the_message_form = ' 


    comment (220 char max)
    <form align="left" id="comment" action="profile.php?id='.$idc.'" method="post" enctype="multipart/form-data" name="message_from">
    <textarea type="text" id="text1" name="comment_field_1" rows="3" style="width:97%;"></textarea>
    
     <input class="commentinput" name="submit" type="button"  value="submit comment" align="left" />
    
    </form>';

      }
    } 

    $sql1 = mysql_query("SELECT id, mem_id, commented_men_id, the_message,parent_id, message_date FROM comments WHERE commented_men_id='$idc' ORDER BY message_date DESC LIMIT 20")or die ( mysql_error () );
     $i = 0;
    while($row = mysql_fetch_array($sql1)){
     $j = $i++;
     $message_id = $row["id"];
     $uid = $row["mem_id"];
     $the_message= $row["the_message"];
     $message_date = $row["message_date"];
     $message_date = strftime("%b %d, %Y, %Y %I:%M:%S %p", strtotime($message_date));
    
    
     $sql_mem_data = mysql_query("SELECT id, name FROM users WHERE id='$uid' LIMIT 1");
     while($row2 = mysql_fetch_array($sql_mem_data)){
     $uid = $row2["id"];
     $ufirstname = $row2["name"];
     $ufirstname =  mb_strimwidth($ufirstname, 0, 20, '&hellip;');
    
    
     }
    
     $messageDisplayList .= '
           <table width="100%" align="center" cellpadding="4" bgcolor="#CCCCCC" style="margin-bottom:0.5em">
            <tr>
              <td width="auto" height="auto" bgcolor="#EFEFEF" style="vertical-align:top"><a width="auto" height="auto" title="'.$row2["name"] .' "href="profile.php?id='.$uid .'&name='.$row2["name"].'">' .$user_pic. '</a><br />
              </td>
              <td width="93%" bgcolor="#EFEFEF"><a href="profile.php?id='.$uid.'">' . $ufirstname . ' </a> &bull; <span style="font-size:10px; font-weight:bold; color:#A6A6A6;">' . $message_date . '</span><br />
      <p id="only">    ' . $the_message . '</p><span class="comment">&bull;<a style="padding-left:3.5px; color:#0099ff" href ="">Comment</a></span><div class="commentForm"><form align="left" id="bring" action="profile.php?id='. $uid .'" method="post" enctype="multipart/form-data" name="message_from">
    <textarea name="comment_field_2" type="text" id="text2" rows="3" style="width:100%; height:30px;"></textarea>
     <input id="bringinput" name="submit" type="button" value="submit" align="left" />
    </form></div>
     </td>
      </tr>
          </table> <br/>';
       }
       $sql_sub_coment = mysql_query ("SELECT id, mem_id, commented_men_id, sub_commented_id, the_message, message_date FROM comments WHERE sub_commented_id='$blabid3' AND sub_commented_id != 0 ORDER BY blab_date DESC LIMIT 20");
     while($row3= mysql_fetch_array($sql_sub_coment)){
     $$message_id3 = $row3_sub["id"];
     $uid3 = $row3_sub["mem_id"] ;
     $the_message3 = $row3_sub["the_message"];
     $message_date3 = $row3_sub["message_date"];
     $message_date3 = strftime("%b %d, %Y, %Y %I:%M:%S %p", strtotime($blab_date3));
     $sql_mem_data = mysql_query("SELECT id, name FROM user WHERE id='$uid3' LIMIT 1");
     while($row4 = mysql_fetch_array($sql_mem_data)){
     $uid4 = $row4["category_id"];
     $ufirstname2 = $row4["name"];
     $ufirstname2 =  mb_strimwidth($ufirstname2, 0, 20, '&hellip;');
    
    }
        $$messageDisplayList2 .= '<table width="100%" align="center" cellpadding="4" bgcolor="#CCCCCC" style="margin-bottom:0.5em">
            <tr>
              <td width="auto" height="auto" bgcolor="#FFFFFF"><a width="auto" height="auto" title="'.$row3["name"] .' "href="profile.php?category_id='.$uid4 .'">' .$blabber_pic2. '</a><br />
              </td>
              <td  width="93%" bgcolor="#EFEFEF"><a href="profile.php?id='.$uid4.'">' . $ufirstname2 . ' </a> &bull; <span style="font-size:10px; font-weight:bold; color:#A6A6A6;">' . $message_date3 . '</span><br /><p id="submessage">' . $the_message3 . '</p>
              </td>
            </tr>
          </table>';

?>

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title></title>
    <link rel="stylesheet" href="style/style.css" type="text/css" media="screen" />
   
    <script type="text/javascript" src="jquery.js"></script>
    <script type="text/javascript">
    $(document).ready(function(){
    $(".commentForm").hide();
      $(".comment").bind('click', function(){
          $(this).nextAll(".commentForm:first").slideToggle();
    return false;
    });
    var html = $("#text1").html();
       $(".blabinput").click(function() {
    console.log("AJAX EVENT OCCURED")
           $.post($('#comment').attr("action"),
                  $("#comment").serialize(),
               
    function(html) {
              // Find the first table after the form in the HTML from the server and append it to the form on the page.
   
              $(html) .find('form + table').insertAfter('#comment').after('<br />');
     
           });
           });
    var html2 = $("#text2").html();
       $(".bringinput").click(function() {
    console.log("AJAX EVENT OCCURED")
           $.post($('#bring').attr("action"),
                  $("#bring").serialize(),
               
    function(html2) {
              // Find the first table after the form in the HTML from the server and append it to the form on the page.
   
              $(html2) .find('form + table').insertAfter('#bring').after('<br />');
     
           });
           });
        });



That's what I have so far. the first form the parent form is submitting and posting with the jquery of id #message, then the #bring id for the id of the second form or the response form is not working properly, it is inserting but posting the comment in the p tags with id only., that's where the parent comment post not the response comment form. it should post below but, somehow I have the html and the jquery mess up. Need help in there.

the comment text is sliding toggling but the second time I click on, meaning sometimes it won't toggle the first time I click on it. But the main issue now is getting the responses form displaying below and Ajaxing without browser refresh.

Hello Guys,
With this code I am able to match two strings, where one of them is standard and the other is changeable. This doesn't matter. What it does matter that I want to insert the values into a database consisted of a number of columns. As you can see in the code every iteration it gives one value of the whole insertion.
I hope I made my question clear.
Code: [Select]
<?php
preg_match_all('/\b(' . implode("|", array_map("preg_quote", $dictionary)) . ')/i', $file, $foundwords);
$sim = array_count_values($foundwords[0]);
$max = max ($sim);
foreach ($sim as $key=> $value) {
$norm = ($value/$max);
echo $key. " = $norm </br>";
}
$foundwords[0] = array_flip ($foundwords[0]);
ksort($foundwords[0]);
foreach ($foundwords[0] as $key=> $value) {
echo "<br/>$key "; // [color=red]after here how can I insert all the values in one row[/color]
 } 
?>

I am a newbie to php.. Used to do work in Cold Fusion and I cannot figure out what I am doing with a registration page I have created. I am looking to have the page insert into two databases, which it is doing, and then redirect to the main member's page. I have been looking for something and have not found anything here or online that works for me.

I understand that you cannot use header() after any type of html or echo, but I have tried .js and other methods. I am not throwing errors, just no redirect... Also I am interested in hearing how bad my code is... any positive criticism is appreciated, as I am still learning 

Here is my code:

Code: [Select]
<?php include("dbc.php");


?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Registration Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <link rel="stylesheet" href="style.css" type="text/css" charset="utf-8">
<link rel="stylesheet" href="styles.css" type="text/css" charset="utf-8">

//Some Javascript...



</script>
</head>
<body>
//Some Styling...
    <!-- content goes here -->
 


<h1>Register</h1>
<?php
ob_start();
error_reporting(0);
$_POST = array_map('secure', $_POST);
 if($_POST['submit'])
{
$user_name = mysql_real_escape_string($_POST['user_name']);
$query = mysql_query("SELECT * FROM xxxxusers WHERE user_name='$user_name'");
$query = mysql_query("SELECT * FROM xxxusers WHERE user_name='$user_name'");
if(mysql_num_rows($query) != 0)
{
echo "<div style="font-size: 9pt; font-weight: bold;color: red;">Username already exists</div>";
}
else
{

$user_password = mysql_real_escape_string($_POST['user_password']);
$user_pass = mysql_real_escape_string($_POST['user_pass']);
$user_email = $_POST['user_email'];
$query = mysql_query("SELECT * FROM xxxxusers WHERE user_email='$user_email'");
$query = mysql_query("SELECT * FROM xxxusers WHERE user_email='$user_email'");
if(mysql_num_rows($query) != 0)
{
echo "<div style="font-size: 9pt; font-weight: bold;color: red;">Email already exists</div>";
}
else
{

$enc_password = md5($user_password);
$enc_password = md5($user_pass);

if($user_name && $user_password && $user_pass && $user_email)
{ 

if (strlen($user_name)>20)
{
echo  "<div style="font-size: 9pt; font-weight: bold;color: red;">Your Name is Too Long</div>";
}

$email = htmlspecialchars($_POST['user_email']);
if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/",$email))
{
    echo  "<div style="font-size: 9pt; font-weight: bold;color: red;">E-mail address not valid</div>";
}
{
require "dbc.php";

mysql_query("INSERT INTO xxxxusers
stuff....) VALUES(stuff....) ") 
or die(mysql_error());  

mysql_query("INSERT INTO xxxusers
stuff....) VALUES(stuff....) ") 
or die(mysql_error()); 
}

}
 else echo "<div style="font-size: 9pt; font-weight: bold;color: red;">All Fields Are Required</div>";

}
}
}
ob_end_flush();
 
?>
<form action="register.php" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr>
<td>Username:</td>
<td><input type="text" name="user_name" maxlength="30" value="<?php echo "$user_name"; ?>"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="user_password" maxlength="30" value=""></td>
</tr>
<tr>
<td>Confirm password:</td>
<td><input type="password" name="user_pass" maxlength="30" value=""></td>
</tr>
<tr>
<td>Email address:</td>
<td><input type="text" name="user_email" maxlength="50" value=""<?php echo "$user_email"; ?>""></td
</tr>

<tr><td colspan="2" align="right">
<input type="submit" value="Register!" id="submit" name="submit"></td></tr>
<tr><td colspan="2" align="left"><a href="index.php">Back to Home Page</a></td></tr>
</table>
</form>

Hi Friends !

I need to discuss a problem with you.
When we fill a customer info form, and redirect to other page. but go back by browser's back button and resubmit the form.
In this case duplicate data is inserted. Or when we refresh a page multiple data is inserted, so HOW TO AVOID this terrible problem ?

Code: [Select]
//enter into btree ----------------------------------------------
$sql_plevel='select nlevel from btree where uniqueid = '.$formjoinedunder;
$abc = mysql_query($sql_plevel , $db)
$result_plevel = mysql_fetch_assoc($abc) or die(mysql_error());
$plevel = $result_plevel['nlevel'] + 1;
$insert_btree = 'INSERT INTO btree (uniqueid,nlevel,pside) VALUES
('.$reguniqueid.','.$plevel.','.$formposition.')';
mysql_query($insert_btree , $db) or die(mysql_error());
Can any one please tell me what is the problem in the above code it does not insert into the table btree.

I'm trying to learn writing php scripts with html-simple-dom. I am scrapping my website with html-simple-dom and the below code, but I am running into an issue with inserting the scrapped data into my database.

This code scraps the website and grabs the html data I want.

Code: [Select]
$ret =  $html->find('table[class=data] tr');
foreach($ret as $visitor){
$visitor =  $visitor->find('td','1') . "<br>";
$insert="INSERT INTO $dbtable (visitor) VALUES ('$visitor')";
mysql_query($insert) OR die(mysql_error());
}
But this is being inserted into the database "visitor" field.

Code: [Select]
<td colspan="1" rowspan="1" style="text-align: left;"><a style="border-bottom:1px dotted;" onclick="loadTeamSpotlight(jQuery(this));" rel="HEN" href="javascript:void(0);">HENRY</a></td><br>

I only want "HENRY" to be extracted out of the html code above and inserted into the database table.

Any help would be greatly appreciated, as I have been pulling my hair out trying to figure this out. Do I need to use explode or something?

Thanks,

This topic has been moved to MySQL Help.

http://www.phpfreaks.com/forums/index.php?topic=320009.0

Hi, I have a lovely wordpress theme on my website. Unfortunately I can not get text or the home page itself into the landing page, is there any way to do this at all?  I want to the home page text to sit under the    I have contacted the theme author with no help. I want the text to sit underneath the four image buttons (below banner slider)   This is the website  http://www.cloudchasing.co.uk/   Hope this makes sense, many thanks for help in advance.   Karl

Guys,
I'm not at all able to insert characters like " ' ` and all sorts into my database or it will always return an error. I just created a textarea field in my site of which I just want to istore all those collected datas into my database for later retrieval  and all sorts. Please help!

Hi everyone,

I'm trying to create a site where teachers can upload educational animations (swfs) and source files (.fla's) to a site as a shared resource for others to use in their classrooms.

I've concatinated a random number to both the source file and animation file to circumvent the problem of files with same names being uploaded.

However,  I have one small problem. The source file is not a mandatory upload, so sometimes the $source_file is null. However, with the random number concatinated, $source_fileX is not null.

I tried to write some code saying that if $source_file is null, then $source_fileX should be null, else $source_fileX should be random_number concatinated with $source_file , but it doesn't seem to be working.

The animation files are uploading fine. It's just the source files that are not. Nor is $source_fileX being inserted into the source_file field in the database.

Code below. Thanks in advance.

Code: [Select]

<?php

$keywords = $_POST["keywords"];
$subject = $_POST["subject"];
$description = $_POST["description"];
$website = $_POST["website"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$school = $_POST["school"];
$animation_file = $_POST["animation_file"];
$source_file = $_POST["source_file"];
$random_digit=rand(00000, 9999);

$animation_fileX=$random_digit . $_FILES['animation_file']['name'];
if($animation_fileX!="")
{
if (!copy($_FILES['animation_file']['tmp_name'], "uploads/$animation_fileX"))
{
echo "failed to copy \n";
}
}

if   ($source_file!="")
{ 
$source_fileX=$random_digit . $_FILES['source_file']['name'];
}
else
{
$source_fileX="";
}

if($source_fileX!="")
{
if (!copy($_FILES['source_file']['tmp_name'], "source_file_uploads/$source_fileX"))
{
echo "failed to copy \n";
}
}


//**********************SEND TO DATABASE****************************

 include 'mysql_connect.php'; 

$query = "INSERT INTO animation_uploads (date, animation_file, source_file, keywords, subject, description, firstname, lastname, school, website)" . "VALUES (NOW(), '$animation_fileX', '$source_fileX',  '$keywords', '$subject' , '$description', '$firstname', '$lastname', '$school' , '$website')";
//if($query){echo 'data has been placed'}
mysql_query($query) or die(mysql_error());

//***********************END OF DATABASE CODE***********************

Hi guys.I am making a Query Analyzer in php which takes the query string inside a form and out puts the result table in that particular page.How do i output the notification by MySQL when you do a successful insertion of data into mysql.i want to know if there are any methods in php which gives you that such as "1 row affected","Query took 0.00sec".Thanks

i am facing a problem regarding the insertion of of link in a text area is not detected but the output is a normal text "unlike facebook comments"
is there any php functions ???
thanks in advance

Hi All,

I am using the PHP Simple HTML DOM parser to connect to a financials website, parse out a companies financial information (Income statement in this case) and then insert the scrapped data into a mysql database that I can then later use to run automated calculations.

Here is the code I have so far:

Code: [Select]
<?php
include_once 'simple_html_dom.php';

//Connect to financial Website and Create DOM from URL
$income_statement = file_get_html('http://www.WEBSITE.com/finance?etc..etc...etc...etc...');

//PULL FINANCIAL DATA
foreach($income_statement->find('td[class]' ) as $lines=>$data) {

echo $data->plaintext . "<br/>";

}

// clean up memory
    $html->clear();
    unset($html);
?>

So far I am able to get output that looks like this:

Code: [Select]
Revenue
336.57
331.52
324.32
319.29
320.40
Other Revenue, Total
-
-
-
-
-
Total Revenue
336.57
331.52
324.32
319.29
320.40
etc.............................
But being a newb I do not understand how I can break each $ value and each - into their own variables and then insert them to their corresponding mysql table fields. During the database insert I would like to ignore field headings from insertion (i.e Revenue, Total Revenue, etc....

Any help would be absolutely amazing, as I have been reading, scripting and searching for information like crazy, but just can't seem to figure it out.

<?php

if(isset($_POST['submit'])){

$uname = $_POST['username'];
$pword = $_POST['password'];

/*** mysql hostname ***/
$hostname = 'localhost';

/*** mysql username ***/
$username = 'root';

/*** mysql password ***/
$password = 'anty90';

try {
    $link = new PDO("mysql:host=$hostname;dbname=gambling", $username, $password);
    /*** echo a message saying we have connected ***/
    echo 'Connected to database<br />';

    /*** INSERT data ***/
    $stmt = $link->prepare("INSERT INTO gamb(username, password) VALUES (?, ?)");
	
	try{
	$stmt->execute(array("$uname", "$pword"));
	} catch(PDOException $e){
	
		echo "Exception caught: $e";
	
	}

    /*** echo the number of affected rows ***/
    //echo $count;

    /*** close the database connection ***/
    $link = null;
    }
catch(PDOException $e)
    {
    echo $e->getMessage();
    }
  
}
?>

<html>

<form action='home.php' method='post'>

<input type="text" name="username" >
<input type="password" name="password" >
<input type="submit" name="submit" value="submit">

</form>

</html>

I'm new to databse programming so I was just wondering if this was vulnerable to sql injection or not.