mekha

mmm ok... i solved it....i created another date field in the table...and when adding a comment...update the date of post field to the same of the comment and order by this field ...thank you man

Sorry man ... not 2 tables...comments and posts in the same table...the post:parent_id = 0 / the comment:parent_id = $postid .... any another suggestions ?

i have 2 tables:1) father table.. (posts table)2)child table.. (comments table)now i ordered the results by (id of father) desc.....now what i want is if comment on some post,,,this post is being the first in the order!..any help please ?what query to use?

i do not get any errors...but the alert isnt work!... i tryed do define thim...and no alert :s

//file upload			    $target = "../uploads/sitefolders/";			    $target2 = time();			    $target3 = basename( $_FILES['uploaded']['name']);			    $rel1 = substr($target3, -3);			    $target = $target . $target2 . "." .$rel1 ; 				 $ok=1;//This is our size condition		 if ($uploaded_size > 350000)		 {				 echo "Your file is too large.<br>";				 $ok=0;		 }//This is our limit file type condition		 elseif ($uploaded_type =="text/php")		 {				 echo "No PHP files<br>";				 $ok=0;		 }//Here we check that $ok was not set to 0 by an error		 elseif ($ok==0)		 {			    echo "Sorry your file was not uploaded";		 }//If everything is ok we try to upload itelse{		 if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target))		 {		 ?>		 <script>alert("okk");</script>		 <?php	    //	  echo "The file ". basename( $_FILES['uploadedfile']['name']). " has been uploaded";			    //header("location:index.php");		 }		 else		 {			    echo "Sorry, there was a problem uploading your file.";		 }}

can u tell me what the problem ?

but if someone else (moderator for example), in mistake added the extra quote ?....i need to protect this :S...for example:if the $_GET us a number...i use (int) before...and the extra quote has no effects on the url and the php codes...so i need to protect strings to

if($act=="edit"){$folderid = (int)$_GET["id"];$sql2 = getfolderbyId();if ($result2 = $mysqli->prepare($sql2)){$result2->bind_param("i",$folderid);$result2->execute();$result2->store_result();$rowsZ2 = $result2->num_rows;}if($rowsZ2>0){$row2 = fetch($result2);}$foldername = $row2[0]["fold_name"];$foldpath = $row2[0]["fold_path"];$foldpic = $row2[0]["fold_pic"];}if($act=="add"){$foldername="";$foldpath="";$foldpic="";}

this is my code:

$act = array('add', 'edit', 'delete');if (isset($_GET['act']) && (in_array($_GET['act'], $act))){    $act = $mysqli->real_escape_string($_GET["act"]);}

and the problem is :

( ! ) Notice: Undefined variable: foldpath in C:\wamp\www\ishort\folders\form.php on line 96

this problem is only when i write the url: form.php?act=add'but if: form.php?act=addthere is no problems

yes!....when i write ( ' ) after the urlli get undefined variables.... because off: act=add moved to be: act=add'so ... add' .. is undefined

there is act in the url....but adter:act=addif i add a quote ("),like this:act=add'its not work!...i did the check (isset)

hi guys,i have this link:xxxxxxx.com/form.php?act=addhow do i protect the $_GET["act"]; ?i tryed:$mysqli->real_escape_string($_GET["act"]);and when i write:xxxxxxx.com/form.php?act=add""""there is problems in the page....i tryed too:mysql_real_escape_string($_GET["act"]);and there is php errors...variables undefined....how can i protect $_GET["act"]?

ok, this is: my query run:

$sqlm = getPageById();									    if ($resultm = $mysqli->prepare($sqlm))									    {											    $mypageid = 216;											    $resultm -> bind_param("i",$mypageid);											    $resultm->execute();   											    $resultm->store_result();											    $rowsm = $resultm->num_rows;									    }									    if($rowsm > 0)									    {											    $rowm = fetch($resultm);											    $pagetitle = $mysqli->real_escape_string($rowm[0]["page_title"]);											    $pageContent = $rowm[0]["page_content"];											    $pageurlname = $mysqli->real_escape_string($rowm[0]["page_name_url"]);											   									    }

the query:

function getPageById()	    {			    $sqlStr = "select * from tbl_pages where page_id = ?";			    return $sqlStr;	    }

this is my $_POST:

$mysqli->real_escape_string ($_POST["page_content"]);

this is my "echo":

$pageContent = $rowm[0]["page_content"];

no results :S birbal i didnt understand you,what do you mean ?

Hi guys , i have a problem with mysqli: i am using a ckeditor....and my database is mysqli using!....now.. in every time i update the row..the ckeditor adding:\\r\\n..for example:upd1:\\r\\nupd2:\\r\\n\\r\\nupd3:\\r\\n\\r\\n\\r\\n ex...... i am using:

[/size][/font]$mysqli->real_escape_string($row["content_in_ckeditor"]);

.. and without clean results :S

mm...ok thanks i succeed

this is where i am showing my results:

<?phpinclude "includes/site_includes.php";?><?php$sql = getfrompages();if ($result = $mysqli->prepare($sql)){$rekza = (int)1;$result->bind_param("i",$rekza);$result->execute();$result->store_result();$rowsZ = $result->num_rows;}if($rowsZ>0){$row = fetch($result);}echo $row[0]["page_title"];echo $site_url;?>

this is the connection:

<?php$dbhost = 'localhost';$dbuser = 'xxx';$dbpass = 'zzzzz';$dbname = 'yyy';      $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);/* check connection */if ($mysqli->connect_errno) {    echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;	 }$mysqli->query("SET NAMES 'utf8' COLLATE 'utf8_general_ci'");?>

this the query:

<?phpfunction getfrompages(){  $sqlStr = "select * from tbl_pages where page_id = ?";  return $sqlStr;}?>

without results too...blank page

i tryed:$row= var_dump($result); .. and no results :S

i have this connection:

<?php$dbhost = 'localhost';$dbuser = 'zzzz_u';$dbpass = 'zzzzzzz';$dbname = 'zzzz_db';  	$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);/* check connection */if ($mysqli->connect_errno) {	echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;	 } $mysqli->query("SET NAMES 'utf8' COLLATE 'utf8_general_ci'");?>

...and site_queries.php:

[/color]<?php		function getfrompages()		{				$sqlStr = "select * from tbl_pages where page_id = ?";				return $sqlStr;		}?>

... and site.php:

<?phpinclude "connection.php";include "site_queries.php";global $mysqli;?><?php$sql = getfrompages();if ($result = $mysqli->prepare($sql)){$rekza = 1;$result->bind_param("i",$rekza);$result->execute();	$result->store_result();$rowsZ = $result->num_rows;}if($rowsZ>0){$row = fetch($result);}echo $row["page_title"];?>

and all the files in the same folder....why my code doesnt work ? the echo ?