Hooch

Hey all. I'm trying something new here. I am using a variable in the update command. See code below $update = mysql_query("Update headers set '$set' = '$text', tour = '$rrr'")or die('Error : ' .mysql_error()); The $set has to be this way. But I am getting an error....Error : You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''edit' = 'Up to 36 Characters allowed', tour = '3'' at line 1 It is selecting all the info right. $set should be "edit" $text should be "Up to 36 Characters allowed" $rrr should be 3 How should this be entered?Thank you very much.Hooch

Hello, everyone. I just wanted to bump this last reply I had. Will this work, or is the new part wrecking my other code?Thank you.

If you use FireFox, it has an FTP addon with the browser.I have been using it for a cpl months now. Very handy indeed.https://addons.mozilla.org/firefox/684/Enjoy

Thanks guys. Awsome help. This will go into my little binder of PHP how to's. ***EDIT*** I edited out some code so it would be easier/quicker to read. One of the bits I took out was include 'clean.php'; clean.php:<?php//Found this on the net, not sure who is original author. Thank you mystery coder.function clean($string){$string = addslashes($string);$string = strip_tags($string);$string = htmlspecialchars($string);$string = trim($string);return $string;}?> This is then implemented here... $tour = clean($_POST['tour']); Could I just add "mysql_real_escape_string" to the clean.php?Like so.. <?php//Found this on the net, not sure who is original author. Thank you mystery coder.function clean($string){$string = addslashes($string);$string = mysql_real_escape_string($string);$string = strip_tags($string);$string = htmlspecialchars($string);$string = trim($string);return $string;}?> Muchos Gracias.

Hi all. I have had very good success lately with my recent help from this website. I have a couple sections where my DB's are being updated.Both work perfect. I have 1 final DB update script to complete, but it will not updatethe DB. I know the variables are working all the way up to this line of code, so it seems the problem is here. Thing is, it's the same as my otherupdates. Only the tables and variables are changed to suit the presentneeds. $update = mysql_query("Update studios set tour = '$tour', studio = '$studio', address = '$address', where id = '$_GET[edit]'"); Because I "echo" them to test right before. I know the POST and all info from the preceding page work too. Since I "echo" that in the table. (not in code now)I am stumped. Here is the full code. (edited out needless clutter)Thank you for any help. <? ob_start(); session_start(); include '../includes/config.php';if($_GET[edit]) { if (!$_POST[update]) { $r = mysql_fetch_array($rr); ?><form method="POST"> <table border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#000000" bgcolor="#999999" class="black-10"> <tr> <td colspan="3" align="center" bgcolor="#B51628" class="box-header-white"> <b>Studio # <? echo $r[studio]?> From the <? echo $r[tour]?> Tour</b> </td> </tr> <tr> <td width="" align="center"><strong>TOUR</strong></td> <td width="" align="center"><strong>STUDIO #</strong> </td> <td width="" align="center"><strong>ADDRESS</strong></td> </tr> <tr> <td align="left"> <select name="tour" class="txtbox"> <option value="<? echo $r[tour]; ?>" selected="selected"><? echo $r[tour]; ?></option> <option value="1">Garden Path</option> <option value="2">Autumn Leaves</option> <option value="3">Country Christmas</option> </select> </td> <td align="center"><input size="3" name="studio" value=" <? echo $r[studio]; ?> " class="txtbox"></td> <td align="left"><input size="50" name="address" value=" <? echo $r[address]; ?> " class="txtbox"></td> </tr> <tr> <td colspan="3" align="center" bgcolor="#B51628"> <input type="submit" name="update" value="Update" class="txtbox"> </td> </tr> </table> </form> <? } else { include '../includes/clean.php';$tour = clean($_POST['tour']);$studio = clean($_POST['studio']);$address = clean($_POST['address']);$update = mysql_query("Update studios set tour = '$tour', studio = '$studio', address = '$address', where id = '$_GET[edit]'"); echo ("<p></p><center><b>Success!!</b>"); echo("<br><a href=\"studios.php\" target\"_parent\" class=\"tia\">BACK</a></center>"); } } ?>

Thank you for taking the time to read my post and replying, but your answers have nothing to do with my question.

I need to select lastnames from the user table. Thing is, as new people join this needs to be dynamic. I can't be re-scripting everytime someone joins the site.Thanks though.

This site has some nice tutorials.http://www.phpeasystep.com/phptu/1.html

Hey all. I had some help here a few months ago for splitting up a users database. The script works (thanks justsomeguy) but it needs a bit of tweaking. I'm not sure how to extract the info though. The original post is here http://w3schools.invisionzone.com/index.ph...ic=4306&hl= This splits the last names up into the 2 columns fine, but it goes left then right side.Like this: Mike Alba --- Bill Baker Deb Chant --- Frank Dempsy Carol Fritz --- Gary HughsBut I need it like so: Mike Alba --- Frank Dempsy Bill Baker --- Carol Fritz Deb Chant --- Gary HughsI have no idea how to extract from the DB. Is it just a normal "SELECT * FROM users ORDER BY lastname ASC"Then have some fancy way to echo? Or does the selection from the DB need to be more involved?Thank you for your time and help. Hooch

Ding goes the bell. Thanks.. gotcha now.

Wow, thanks guy! This would be a good way to pw protect a page too. But if the $salt has the users ip and time of registration, when he/shelogs in 5 days later the pw will now be different to the db one, correct?

Yes, anything else I change works. I'm thinking of not having the password changeon the edit profile page. Just have a link to achange password page. This would fix the whole problem.

lolIf they are an actual member of the organization, I will give themthe address/password to the register.php. Then they can becomea member of the website too.

It will be a list of all members. The site is for a local Artists group. So a lot of personal info will be shown. Name, address, phone etc. Mind you only members will be allowed to join the site. I will have the register.php page pw protected.

ah...good point. The last name is displayed in a members area, would thisbe a problem?

Hey all. I am finishing up my edit_profile.php page. I have everything working except the password part. It seems the browser is remembering the last password I enteredin a login. But I have the following code that is suppose to putthe MD5 protected password in it's spot. <input size="30" type="password" name="password" value="<? echo $profile[password]; ?>" class="txtbox"> I have a check in place that can tell if the password has been changed or not, soit knows whether or not to change it in the database. But if your password is changedthen say you go back to the edit_profile.php page 2 minutes later to change something else,the browser remembers the old password. It does not echo out the MD5 password from thedatabase. Then it changed the password back to the 1st one I logged in with. Confusing question..let me know if it needs more explanation.Thank you,HoochEDIT** FYI I have this at the top of every page on my site ob_start(); session_start();

I have read MD5 is not secure on it's own. So using "Salt" will help this problem.I was wondering if someone could look to see ifI am using it correctly. The following code would be in the register.php page. <?PHP//clean functionfunction clean($string){$string = addslashes($string);$string = strip_tags($string);$string = htmlspecialchars($string);$string = trim($string);return $string;} if ($_POST[register]) { $username = clean($_POST['username']); $password = clean($_POST['password']); $a = $password; $salt = 'e$+i7*'; //can be anything random $hash = md5($a.$salt); $password = $hash; $update = mysql_query("UPDATE users SET password = '$password' WHERE username = '$logged[username]'"); //rest of code?> How does that look??Thank you.

That was it guys. Thank you very much.

I added the capitol extension for the jpegs. Still a no go. $allowed_file_type = array('image/jpeg', 'image/JPEG', 'image/jpg', 'image/JPG'); IE still says my_pic.jpg is the wrong file type.Anyone know what is going on here?P.S Is this line ok? if (($limit_file_type == "yes") && (!in_array($_FILES['file']['type'],$allowed_file_type)))

Thanks yoshida, I'll give it a try.I did not make the whole code myself. It is stuff I have learned from multiple sitesmulled together to fit my needs. Feel free to use it though....it's nice to hear someonecompliment my work. Hooch

Hello all. I hope Santa was good to all. I am starting to update a site I volunteer for. The site has been totally updated by myself, but I am wanting to make it more user friendly so the members can upload and manage their own info. Here is my upload script. Firefox uploads perfectly. But IE says it's trying to upload a wrong file. But it is actually the .jpg that Firefox successfully uploaded earlier. Hmm.. Is there something I am missing here?? Here is the code.. <?phpob_start(); session_start(); include("config.php"); //include("online.php");if($logged[username]){$a = $_POST['picture']; if ($a == 0) { echo "<link href=\"style.css\" rel=\"stylesheet\" type=\"text/css\" />"; echo "<center><br><br>Please define where the picture is to go. <br><a href=\"upload.php\" class=\red-medium-14\">Click to go back</a></center>"; } else { $upload_dir = "../images/users/"; $size_bytes = 1048576; $limit_file_type = "yes"; $allowed_file_type = array('image/jpeg', 'image/jpg'); $size = $_FILES['file']['size']; if ($size > $size_bytes) { echo "<link href=\"style.css\" rel=\"stylesheet\" type=\"text/css\" />"; echo "<br><center>File is Too Large. It must be <b>$size_bytes</b> bytes, or less.<br>"; echo "<a href=\"upload.php\" class=\red-medium-14\">Back</a></center>"; exit(); } if (($limit_file_type == "yes") && (!in_array($_FILES['file']['type'],$allowed_file_type))) { echo "<link href=\"style.css\" rel=\"stylesheet\" type=\"text/css\" />"; echo "<br><center>Wrong file type.<br>"; echo "<a href=\"upload.php\"class=\red-medium-14\>Back</a></center>"; exit(); } $path = $upload_dir."/".$logged['username']."/pic".$a.".jpg"; if($file !=none) { if(copy($HTTP_POST_FILES['file']['tmp_name'], $path)) { echo "<link href=\"style.css\" rel=\"stylesheet\" type=\"text/css\" />"; echo "<center><BR><BR><b>Success</b><BR/>"; echo "<a href=\"../login.php\"class=\"red-medium-14\">CPanel</a><BR/><BR/>"; echo "File Size :".$HTTP_POST_FILES['file']['size']." bytes<BR/><BR/>"; echo "<img src=\"$path\"><br/></center>"; } else { echo "Error "; echo ("<a href=\"upload.php\" class=\"red-medium-14\">Back</a></center>"); } }}}else{echo "<link href=\"style.css\" rel=\"stylesheet\" type=\"text/css\" />";echo "<br><center><b>You must be logged in!!</b><br>";echo "<a href=\"../index.php\" class=\"red-medium-14\">Back</a></center>";}?> Thank you for any help.

Thanks guy!! It's in place now. Could you please explain '" . mysql_real_escape_string($del_id) . "'

Perfect. Thank you!!

I am making an admin area, and am close to finishing. I was wanting the ability to delete users. The deletion code is within a searchquery. The admin can either edit or delete the user. The edit link works perfect. The delete link kinda works. It's deleting the person who is doing the deletion. (The admin pages are using cookies.) Here's the config.php file <? ob_start(); $conn = mysql_connect("localhost","*&*&*","****"); mysql_select_db(*****) or die(mysql_error()); $logged = MYSQL_QUERY("SELECT * from users WHERE id='$_COOKIE[id]' AND password = '$_COOKIE[pass]'"); $logged = mysql_fetch_array($logged); ?> Then I use ob_start(); at the top of the admin pages. Here is how I select the row to delete. <a href="delete_chk.php?id=<? echo $row['id']; ?>" class="link">Delete</a> Then here is my delete_chk.php page <?phpinclude '../includes/config.php';$sql="DELETE FROM users WHERE id='$id'";$result=mysql_query($sql);// if query successful do this if($result){echo "Delete Successful";echo "<BR>";echo "<a href='admin.php'>Back to main page</a>";}else {echo "ERROR";}mysql_close();?> Somehow the logged in Admin's id is getting deleted, and not the one that is selectedfrom the search query. While still in the search query page, the link to the deletion is still ok...it's show the selected user when you hover over the delete link. Once I am directed to the delete_chk.php page, that seems to be the error. I hope I have explained well. Thank you for any help. Hooch

Scrolling favicon....Do tell.