In my PHP script, there are 3 echo, based on the conditionals
echo "Error"
echo "User already existed"
echo "Success"
One of the echo will be passed to my android apps, if (s.equals("Success")), where s is the echo message.
But the echo I got when the registration success is <br />, according to the logcat. For User already existed have no problem.
Since s is not Success, I can't start another activity which is depended on the string. Can anyone explain how the break tag got echoed? The registration information successfully inserted into database, though.
elseif ($roleID == "C") {
$sql6 = "SELECT runnerID FROM tr_customer WHERE customerID = '$newID'";
$check4 = mysqli_fetch_array(mysqli_query($con,$sql6));
if(!isset($check4)) {
// add into db
$customerID = $roleID . $newID;
$sql7 = "INSERT INTO tr_customer(customerID, name, phoneNo, locationID, roleID, email) VALUES ('$customerID', '$name', '$phoneNo', '$locationID', '$roleID', '$email')";
if(mysqli_query($con,$sql7)) {
echo "Success";
}
} else {
$newID = checkExist();
}
I would examine the code where the variable is defined. If you could post that part of the code as an edit then perhaps someone can review it for you as well. There is just not enough information here to discern where your error is coming from.
EDIT:
Consider changing the way you check for a successful update.
$result = mysqli_query($con,$sql7);
if(mysqli_num_rows($result) == 1){
echo "Success";
}
Related
I'm trying to check posts to see whether they mention another user, by using #username. I want to replace that with a link to the user's profile.
This is what I've got... I haven't got any errors, but usernames just go through as text without the link. I feel like $getUsers/$gU isn't returning the results to $checkString, but I can't see anything wrong.
function post()
{
global $me;
if($_POST['message'])
{
$getUsers = mysql_query("SELECT user_id, user_name FROM users");
while($gU = mysql_fetch_array($getUsers))
{
$checkString = strpos($_POST['message'], "#".$gU['user_name']."");
if($checkString !== false)
{
$replaceFrom = "#".$gU['user_name']."";
$replaceTo = "<a href=\'/user.php?id=".$gU['user_id']."\'>".$gU['user_name']."</a>";
$checked = str_replace($replaceFrom, $replaceTo, $_POST['message']);
}
else
{
$checked = $_POST['message'];
}
}
mysql_query("INSERT INTO test_table VALUES ('', '".$me['user_id']."', '".$_POST['topic']."', '".$checked."', UNIX_TIMESTAMP())");
index();
}
else {
echo "
<form action='?action=insert' method='post'>
<input type=text name=topic maxlength=40>
<br><textarea name=message cols=80 rows=9></textarea>
<br><input type='submit' STYLE='color: black; background-color: white;' value='Submit' class='btn'>
</form>
";
}
}
mysql_query("INSERT INTO test_table VALUES ('', '".$me['user_id']."', '".$_POST['topic']."', '".$_POST['message']."', UNIX_TIMESTAMP())");
should be
mysql_query("INSERT INTO test_table VALUES ('', '".$me['user_id']."', '".$_POST['topic']."', '".$checked."', UNIX_TIMESTAMP())");
As your user table will eventually grow, I'd suggest compiling a set of potential usernames by searching for #(\w+), preparing a statement looking for that username, iterating through the results and replacing all instances for every returned row with the link.
I think you could have simplify your question by excluding the MySQL part. From what I understand you are trying to replace user mention with an HTML anchor tag.
Instead of looping through all the available users you can use preg_replace_callback() to check if any tagged user exists in system.
Please review the example code below. To simplify things I have created two functions. parseTag() will inject the HTML anchor link if the user exist, otherwise the original tag will be kept. getUserId() will return the user id it exists in the system instead:
<?php
function parseTag($tagInfo){
list($fullTag, $username) = $tagInfo;
$uid = getUserId($username);
if ($uid) {
return "<a href='/url/to/user/{$uid}'>{$fullTag}</a>";
}
return $fullTag;
}
function getUserId($username){
$userList = [null, 'john', 'mary'];
return array_search($username, $userList);
}
$comment = "Hello #john, #doe does not exists";
$htmlComment = preg_replace_callback("/#([\w]+)/", "parseTag", $comment);
echo $htmlComment;
Output:
Hello <a href='/url/to/user/1'>#john</a>, #doe does not exists
Hello iam trying to create a disciplinary system. i created a table where accused and the victim had to put their information. I have created another table for report and i have failed to combine all the information given in the first table into one doc file so that i can use it in report. I need help?
enter code here
if(isset($_POST['call'])){
$accused = $_POST['dss'];
$report= $_POST['cas'];
$action = $_POST['uect'];
$u_cat = intval($_POST[id]);
if($report ==''){
echo "<font color='Green'><b>Please fill in the Report!</b></font>";
}else{
if($u_cat) $insert = "update discip_report set accused_student='$accused', case='$report', action_taken='$action' where id='$u_cat'";
else $insert = "insert into discip_report(accused_student, report, action_taken, date) values('$accused','$report', '$action', NOW())";
$run = mysql_query($insert);
if ($run) {
echo "<font color='Green'><b>The Category was added</b></font>";
}else{
echo "<font color='Green'><b>The Category was not added</b></font>";
}
}
}
?>
Okay, so, I'm checking whether to see if random data selected from a php array already exists within my database.
Here is the code for the snippet that is not working.
$check = "SELECT * FROM contest WHERE Loser = '".$input[$rand_keys[$i]]."' AND Hamantha = '".$input[$rand_keys[$i+30]]."'";
$rs = mysqli_query($con, $check);
$data = mysqli_fetch_array($rs, MYSQLI_NUM);
if ($data[$i] > 1){
while($data[$i] > 1){
echo'DO NOT USE THIS GUESS';
$rand_keys2 = array_rand($input, 2);
$input[$rand_keys[0]] = $input[$rand_keys[$i]];
$input[$rand_keys[1]] = $input[$rand_keys[$i + 30]];
}
echo $input[$rand_keys2[0]];
echo '-';
echo $input[$rand_keys2[1]];
echo '<br>';
} else {
echo $input[$rand_keys[$i]];
echo '-';
echo $input[$rand_keys[$i + 30]];
echo'<br>';
}
it displays the data that doesn't exist correctly, but when it does exist, the code under the 'if' doesn't run. I put error_reporting on, and all the lines that the data does exist for, it shows an error for all those lines, which is good, it's finding the lines that do exist within the database, yet the stuff under the if don't run why? Like it doesn't display 'DO NOT USE THIS GUESS' ect.
Edit: Here is a picture of the problem i.imgur.com/F35vGzO.png
As you see if found the first guess to be good, while the second guess was already used, but it didn't display the messages i wanted it to.
Ok, changing my above query state to this worked perfectly.
$query = mysqli_query($dbl, "SELECT * FROM `tblUser` WHERE email='".$email."'");
if(mysqli_num_rows($query) > 0){
echo "email already exists";
}....
In a mysql table, i have 3 fields. user_to, user_from and id. The variables are all correct and should be inserting the correct data.
When a button is clicked, named 'poke', it should insert the cookie that stores the session of who did it and the person who was poked. It doesn't seem to be inserting and I am stuck :(
$cookie = $_SESSION['user_login'];
//Poke code
if (#$_POST['poke']) {
$check_if_poked = mysql_query("SELECT * FROM pokes WHERE user_to='$username' && user_from='$added_by'");
$num_poke_found = mysql_num_rows($check_if_poked);
if ($num_poke_found == 1) {
echo "Come on! Give the guy a chance!";
}
else
if ($username == $cookie) {
echo "You cannot Jab yourself.";
}
else
{ $poke_user = mysql_query("INSERT INTO `pokes` ('user_from', 'user_to') VALUES ('$cookie', '$username')") or trigger_error(mysql_error());
echo "$username has been jabbed.";
}
}
You used wrong quotes with fields in MySQL query.
//your wrong variant
"INSERT INTO `pokes` ('user_from', 'user_to') VALUES ('$cookie', '$username')"
//right variant
"INSERT INTO `pokes` (`user_from`, `user_to`) VALUES ('$cookie', '$username')"
Quotes like ' mean values and quotes like ` mean fields in SQL syntax
<?php
if ($_POST['poke']) {
#ref to the current user
$from = $_SESSION['user_login'];
#ref to the (poked user)
$to = $_POST['poked_user_id'];
if($from == $to){
echo "you cant poke yourself!";
}
else{
#ADVICE: USE PDO OR MYSQLI INSTEAD OF MYSQL
$check_if_poked = mysql_query("SELECT * FROM pokes WHERE user_to='$to' AND user_from='$from'");
if(mysql_num_rows($check_if_poked)){
echo "Come on! Give the guy a chance!";
}
else{
if(mysql_query("INSERT INTO `pokes` (`user_from`, `user_to`) VALUES ('$from', '$to')")){
echo "$to has been jabbed.";
}
else{
trigger_error(mysql_error());
}
}
}
}
?>
This started off as a comment - but it's getting too long to fit.
A session is not the same thing as a username - your post is very confused.
Leaving aside the wrong quotes (which is why your code is not doing what you expect)....
In a mysql table, i have 3 fields. user_to, user_from and id
... in that case you don't need to check if the row already exists - and not create duplicates. Set up a unique index then...
if (#$_POST['poke'] && ($_SESSION['user_login']!===$username)) {
$qry = "INSERT INTO `pokes` (`user_from`, `user_to`)
VALUES (".mysql_real_escape_string($_SESSION['user_login'])
.", '" . mysql_real_escape_string($username) . "')"
if (mysql_query($qry)){
echo "$username has been jabbed.";
} else if (stristr(mysql_error(), 'duplicate')) {
echo "Come on! Give the guy a chance!";
} else {
echo "It's all gone Pete Tong!";
}
} else if ($_SESSION['user_login']!===$username) {
echo "You cannot Jab yourself.";
}
While it's about the same effort for PHP processing, the DB workload is significantly less. This code also prevents some SQL injection attacks, and has error handling. I presume that $username has been created elsewhere and you don't have register_globals enabled.
I'm VERY new to MySQL and PHP and have been teaching myself for sometime. I'm not expecting anyone to write my code for me, but I am looking for some suggestions on how best to proceed with this script.
I have a set of users that can update their "skill level" on a particular set of products. At the moment, I have all that working. However, I don't want the user to have to update every skill level each time they submit.
So, in other words, I want them to be able to leave a field blank, but populate other fields with their skill level, thus only updating the fields they have input.
I'm doing this all on a dev server so here is my code that I'm currently working with.
mysql_connect("127.0.0.1","root","time2start") or die("Connection Failed");
mysql_select_db("joomla_dev_15") or die ("Database Connection Failed");
$user = $_POST['user'];
$USP = $_POST['USP'];
$USPV = $_POST['USPV'];
$VSP = $_POST['VSP'];
echo "$user<br />";
echo "$USP<br />";
echo "$USPV<br />";
echo "$VSP<br />";
$query = "UPDATE `joomla_dev_15`.`enterprise_storage` SET `$user` = '$USP' WHERE `enterprise_storage`.`id` = 1;";
if(mysql_query($query))
{
echo "updated<br />";
}else{
echo "FAILURE";
}
$query = "UPDATE `joomla_dev_15`.`enterprise_storage` SET `$user` = '$USPV' WHERE `enterprise_storage`.`id` =2;";
if(mysql_query($query))
{
echo "updated<br />";
}else{
echo "FAILURE";
}
$query = "UPDATE `joomla_dev_15`.`enterprise_storage` SET `$user` = '$VSP' WHERE `enterprise_storage`.`id` =3;";
if( mysql_query($query) )
{
echo "updated<br />";
}else{
echo "FAILURE";
}
Any help or suggestions would be greatly appreciated!
Maybe I'm not understanding this fully, but checking you variables before the UPDATE statement should be enough.
$user = $_POST['user'];
$USP = $_POST['USP']; // Make sure to escape this
if (!empty(trim($USP))) { // Added a trim so that when space is entered, it will still be considered empty
$query = "UPDATE `joomla_dev_15`.`enterprise_storage` SET `$user` = '$USP' WHERE `enterprise_storage`.`id` = 1;";
if(mysql_query($query))
{
echo "updated<br />";
}else{
echo "FAILURE";
}
}
else {
echo "Empty String. Nothing to Do"
}
I was able to figure it out in a way that was satisfactory for me.
Keep in mind, that this code is not necessarily sanitized or secure from malicious attacks, this is simply a dev server so I could prove the concept, and I WILL come back later and secure it.
Also, I've taught myself, so this is most likely not the most efficient way to do this
In order to get the current default values of the user's skills, I had to run this query
$result = mysql_query("SELECT id , user FROM enterprise_storage WHERE id =1");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row1 = mysql_fetch_array($result);
This allowed me to assign a variable to each row that was returned based on this specific query. So, in this case, the person (named "user" in this example) would return a skill level for Product ID "1"
Once I ran this same query for the few items I wanted to assign variables, I could then place this in my html form as the default value for each text box:
Please enter your skill level on the following products:</br>
USP: <input type="text" name="USP" value=<?php echo $row1[user]?> /><br />
USPV: <input type="text" name="USPV" value=<?php echo $row2[user]?> /><br />
VSP: <input type="text" name="VSP" value=<?php echo $row3[user]?> /><br />
I've omitted the rest of the HTML, because its not relevant right now.
In the end, this solves my problem as it places a default value into the form field, and thus the user doesn't need to update that value if they don't want to.
Thanks for all the suggestions!
Check if the form values are blank and do not post them into the database if they are - also, you really need to look at cleansing user input before putting it into the database. See http://php.net/manual/en/function.mysql-real-escape-string.php for example.