can someone please help, i am trying to get the column 'privellages' (i know its spelt wrong) to update in my table 'ptb_permissions' when a link is clicked.
basically i've done this before for loads of other things and its worked fine its just this not working for some reason.
users are notified in their inbox when a user sends a request to view their pictures. and the user will have two links one to approve or one to delete the request.
if they click approve then this should update the enum colum 'privellages' from 0 to 1.
this is not working. im not getting any errors im just not getting anything happening. please can someone show me where im going wrong thanks.
Yes this is ok
contents of approve_priv_pix.php;
<?php
require_once("session.php");
require_once("functions.php");
require('_config/connection.php');
approve_pix ($_GET['picture'], $_SESSION['user_id']);
header("Location: {$_SERVER['HTTP_REFERER']}");
?>
mysql function:
function approve_pix($picture, $user) {
global $connection;
global $_SESSION;
$query = "UPDATE ptb_permissions
SET privellages='1'
WHERE id=$picture
AND to_user_id=$user";
mysql_query($query, $connection);
}
$_GET['picture'] should be $_GET['pix']
Also double check your privellages column enum values.
Yes this is ok
Here you have pix as a key, but in approve_priv_pix.php you are taking picture id from $_GET['picture']. Suppose it should be replaced with $_GET['pix']
Also, not sure why do you have <?php echo $pix['user_id']; ?> in link code. Possibly it should be something like <?php echo $pix['picture_id']; ?>
Additionally, you code is opened to sql injections. Here:
$query = "UPDATE ptb_permissions
SET privellages='1'
WHERE id=$picture
AND to_user_id=$user";
Instead of that you should better do:
$query = "UPDATE ptb_permissions
SET privellages='1'
WHERE id=" .mysql_real_escape_string($picture) . "
AND to_user_id=" .mysql_real_escape_string($user);
More details about mysql_real_escape_string. Take a look at warning message on top of that page. mysql extension is deprecated and will be remove soon. For new projects you should better use PDO or MySQLi extensions.
Another note: global $_SESSION; is not needed at all. It is accessible form any place in PHP by default.
im not getting any errors im just not getting anything happening
To see all errors you should set error_reporting to E_ALL (in your ini file or directly in code). With this option enabled you would see all notices/warnings/errors.
Related
Using a plugin I'm able to use PHP on page by using [insert_php] as a tag however, whenever I try using SQL it doesn't seem to work.
I tried using:
global $wpdb;
$prepared = $wpdb->get_row(
"SELECT SiteID, SiteName
FROM $wpdb->Site
WHERE SiteID = 1");
echo $prepared->SiteName;
echo "test";
All I'm getting is test on the page and I've tested to see if my sql statement was at fault and it seems to be working fine so I'm guessing there's an issue with $wpdb or the way I'm outputting the data.
WordPress.org has a lot of detailed information in their reference.
I think attempting to refer to $wpdb->Site is a likely suspect for why your code is not working. You will need to know the exact fields in the table to pull your information.
Here is a reference for the wp_site table. I think you're actually looking for the 'domain' field, not 'sitename'.
Try replacing $wpdb->Site with the actual name of the table. I also get errors like that at first since $wpdb->table_name only works with the default wp tables.
EDIT
It should be something like this:
SELECT SiteID, SiteName FROM Site WHERE SiteID = 1
I am trying to register a button click on my website using PHP.The click downloads a file to client's machine. Database connection was tested before and it works fine. I just need to register that click into DB. Here is my code, could you guide me through?
echo '<div id="fdbox1"><h2>Details</h2><p> Download full details in PDF format ('.$file_size.')</p></div>';
if(isset($_GET['dl']))
{
$server = "xx.xxx.xx.xxx";
$dbusername = "xxxx";
$dbpassword = "xxxx";
$database = "xxxx";
$dbcon = new mysqli($server,$dbusername,$dbpassword, $database);
$userid = $_SESSION['suserid'];
$date_downloaded = date('Y-m-d H:i:s');
$sql = "INSERT INTO external_activity (
userid,
saleid,
activity,
date_register,
) VALUES (
'".$userid."',
'".$ref_no."',
'".'Downloaded file'."',
'".$date_downloaded."'
)";
$dbcon->query($sql);
$dbcon->close();
}
If using jquery is an option, you could create a "register_click.php", paste the if(isset($_GET['dl'])) stuff inside and call it via ajax using an onclick listener that you will have to create and bind to the anchor.
You could do it with POST data instead of GET.
$i = 0;
if $_POST['submit'] {
$i++;
$number_of_times_clicked = $number_of_times_clicked_stored_into_database + $i;
}
After that restore the new value back into the database. If you really want the onclick you need javascript. PHP is unable to check when a button is clicked, since the code only works once when the page is loaded.
This is too long for a comment.
The & in your code might give you some problems, I said "might". If so, then consider changing those to & (ampersands).
Should it be the case, then you could change:
echo '<div id="fdbox1"><h2>Details</h2><p> Download full details in PDF format ('.$file_size.')</p></div>';
to:
echo '<div id="fdbox1"><h2>Details</h2><p> Download full details in PDF format ('.$file_size.')</p></div>';
Then you will need to check and see if each GET array is is set/not empty with isset() and !empty().
References:
http://php.net/manual/en/function.isset.php
http://php.net/manual/en/function.empty.php
I only see if(isset($_GET['dl'])) as a single array, so it's unsure as to how you're wanting to fetch the other GET arrays in your URL and if you did set those.
Your present code (if it's the full code), will throw a few notices about certain variables not being defined.
For example, the if(isset($_GET['dl'])) and using the other GET arrays, would look like this:
if( isset($_GET['f']) && !empty($_GET['l']) && !empty($_GET['dl']) ){
// do something inside here
}
You also need to make sure that the session was indeed started with session_start(); and to be included inside all files using sessions.
Reference:
http://php.net/manual/en/function.session-start.php
This is usually the first line under the opening PHP tag.
<?php
session_start();
// rest of your code
The $userid = $_SESSION['suserid']; needs to have a value/equal something, so that is unknown as to whether or not there is indeed a value for it.
Error reporting will be of help here for you, as will checking for errors against your query.
References:
http://php.net/manual/en/function.error-reporting.php
http://php.net/manual/en/mysqli.error.php
You also have a trailing comma in date_register, < and that needs to be removed, as I already stated in comments.
That alone would have thrown a syntax error.
The use of '".'Downloaded file'."' is unclear. If you just want to insert the Downloaded file as a string, then you can just place it inside single quotes 'Downloaded file' and do:
$sql = "INSERT INTO external_activity (
userid,
saleid,
activity,
date_register
) VALUES (
'".$userid."',
'".$ref_no."',
'Downloaded file',
'".$date_downloaded."'
)";
Make sure that the date_register column type is DATE and not VARCHAR or other format. Although VARCHAR would not throw an error, it's best to use MySQL's built-in dating functions; that column's type is unknown.
Now, make sure that the userid column is not an AUTO_INCREMENT'ed column, otherwise your code will fail.
If the ultimate goal here is to "UPDATE" that userid column, then use just that, UPDATE:
http://dev.mysql.com/doc/refman/5.7/en/update.html
You also need to make sure that all columns' types are correct and have a length long enough to accomodate the incoming data and that there are no characters that MySQL will complain about, such as apostrophes.
Escaping those with a prepared statement will ensure that it doesn't throw/cause a syntax error and is something you should be using in order to help prevent against an SQL injection and you are open to one right now.
References:
https://en.wikipedia.org/wiki/Prepared_statement
https://en.wikipedia.org/wiki/SQL_injection
This is the best way that I can offer for the question, given the information left in the question.
Again; check for errors. That is one of the most important things that needs to be done during the development of your code.
I want to make a table with all chat messages that have been send to the server.
I got the table working but now i want to get when i click a user name like 'demo' it shows all chat messages that have been send by 'demo'
Im using this table: http://almsaeedstudio.com/AdminLTE/pages/tables/data.html
How do i get when i click like the username 'demo' a bootstrap alert box pops up with all the by user send messages appear? I mean like 'USERNAME GET FROM TABLE SHOUTS SHOUT_NAME=DEMO' and it shows all messages.
How do i do that?
Disabled form fields do NOT submit with the rest of the form:
<textarea name="shout_name" class="form-control" disabled><?php echo etc...
^^^^^^^^^^
You don't show how/where you define $shout and $shout_name, but most likely you're not validating the form input at all, and are almost certainly vulnerable to sql injection attacks.
You haven't defined the variable for $shout_name, only for:
$shout = mysqli_real_escape_string($dbc, $_POST['shout']);
where you may have meant to use or meant to add it:
$shout_name = mysqli_real_escape_string($dbc, $_POST['shout_name']);
in relation to (null, '$shout', NOW(), '$shout_name')
which is why after adding error reporting (as stated in comments between you and I), have received an undefined variable warning.
Also make sure you have initialized the session with session_start(); since you are using sessions.
Try printing $shout_name. Maybe your $_POST is incorrect.
You seem to be grabbing $_POST['shout'] into your $shout variable, but then using a $shout_name variable for the insert. Try:
$shout_name = mysqli_real_escape_string($dbc, $_POST['shout']);
Try this field with a standard post. Turn it into an input and see if it works. It could be a number of things. However try and get something in the database and build on that. If you can't get a standard one in you know there there is a problem elsewhere with your code.
I currently have a list of users in my mysql database. One of the columns is "type". I am trying to display certain data if type is equal to admin. If type is equal to anything else, it should just echo an error message.
Unfortunately, I have tried multiple methods but it just does not seem to be working out for me. Can anyone help me get this to work properly?
This is what I have, but obviously I am doing something wrong....
<?php
$usertype = $_SESSION['type'];
if ($usertype == "admin" ){
?>
admin stuff only goes here
<?
}
else
{
echo "not priveleged usertype";
}
?>
EDIT:
The following code works when displaying via username, however, I need content displayed by usertype, not the username.
<?php
if($_SESSION['user']['username'] == "oneoftheadminusernames" )
{
?>
Each page has to start with
<?php
#session_start();
?>
otherwise, php does not "see" the sessions contents. So that's probably it.
The # prevents the php error: A session has already been started... by the way.
Now, every page that uses the session must have this directive at the top.
At least, in a quick example, that reproduces your error perfectly.
If you are saving each logged in users type field in $_SESSION['type'] variable than the code you are writing is correct. Or if you are storing type in another variable than you that variable to check.
i have an idea like add a field EnableFlag in the table. if enablee flag is set to 1 consider it as a admin else as a User;
I'm probably going to make myself look like a fool with my horrible scripting but here we go.
I have a form that I am collecting a bunch of checkbox info from using a binary method. ON/SET=1 !ISSET=0
Anyway, all seems to be going as planned except for the query bit. When I run the script, it runs through and throws no errors, but it's not doing what I think I am telling it tom which is updating the specified fields within the DB.
I've hard coded the desired values into the query and it DOES update the DB. Relying on the variables I believe I've established and am then calling upon in the query does NOT update the DB.
I've also tried echoing all the needed variables after the script runs and exiting right after so I can audit them... and they're all there. Here's an example.
####FEATURES RECORD UPDATE
### HERE I DECIDE TO RUN THE SCRIPT BASED ON WHETHER AN IMAGE BUTTON WAS USED
if (isset($_POST["button_x"])) {
### HERE I AM ASSIGNING 1 OR 0 TO A VAR BASED ON WHTER THE CHECKBOX WAS SET
if (isset($_POST["pool"])) $pool=1;
if (!isset($_POST["pool"])) $pool=0;
if (isset($_POST["darts"])) $darts=1;
if (!isset($_POST["darts"])) $darts=0;
if (isset($_POST["karaoke"])) $karaoke=1;
if (!isset($_POST["karaoke"])) $karaoke=0;
if (isset($_POST["trivia"])) $trivia=1;
if (!isset($_POST["trivia"])) $trivia=0;
if (isset($_POST["wii"])) $wii=1;
if (!isset($_POST["wii"])) $wii=0;
if (isset($_POST["guitarhero"])) $guitarhero=1;
if (!isset($_POST["guitarhero"])) $guitarhero=0;
if (isset($_POST["megatouch"])) $megatouch=1;
if (!isset($_POST["megatouch"])) $megatouch=0;
if (isset($_POST["arcade"])) $arcade=1;
if (!isset($_POST["arcade"])) $arcade=0;
if (isset($_POST["jukebox"])) $jukebox=1;
if (!isset($_POST["jukebox"])) $jukebox=0;
if (isset($_POST["dancefloor"])) $dancefloor=1;
if (!isset($_POST["dancefloor"])) $dancefloor=0;
### I'VE DONE LOADS OF PERMUTATIONS HERE... HARD SET THE 1/0 VARS AND LEFT THE $estab_id TO BE PICKED UP. SET THE $estab_id AND LEFT THE COLUMN DATA TO BE PICKED UP. ALL NO GOOD. IT _DOES_ WORK IF I HARD SET ALL VARS THOUGH
mysql_query("UPDATE thedatabase SET pool_table='$pool', darts='$darts', karoke='$karaoke', trivia='$trivia', wii='$wii', megatouch='$megatouch', guitar_hero='$guitarhero', arcade_games='$arcade', dancefloor='$dancefloor' WHERE establishment_id='22'");
###WEIRD THING HERE IS IF I ECHO THE VARS AT THIS POINT AND THEN EXIT(); they all show up as intended.
header("location:theadminfilething.php");
exit();
THANKS ALL!!!
I recommend you to use something like:
$fields = array('pool', 'darts', 'karaoke', 'trivia', ...);
foreach ( $fields as $field ) {
$$field = isset($_POST[$field]) ? 1 : 0;
}
instead of 20 lines of ifs.
Your columns are ENUM or int type ? If int - drop apostrophes.
Your code could really use some error checking. Make sure you have activated the displaying of errors in your script.
In your testing environment add this at the top of your main script for instance (if you haven't done something equivalent already):
error_reporting( E_ALL | E_STRICT );
ini_set( 'display_errors', 1 );
Then (although not dependant on the above) make sure you probe the result of the query with something like:
if( false === mysql_query( 'UPDATE ...etc' ) )
{
echo 'query failed with error:' . mysql_error();
}
My guess is it will fail with the error that your column name karaoke is mispelled. But there may be more errors.
Also, hsz' suggestions are spot on (though probably not the root of your problem). Makes for easier to maintain code, and significantly reduces code.
Firstly, construct the sql query string in a variable and then pass it to mysql_query(), comment out the header() line and print out the query for debugging. For example:
...
$sql="UPDATE thedatabase SET pool_table='$pool', darts='$darts', karoke='$karaoke', trivia='$trivia', wii='$wii', megatouch='$megatouch', guitar_hero='$guitarhero', arcade_games='$arcade', dancefloor='$dancefloor' WHERE establishment_id='22'";
print("$sql");
mysql_query($sql);
//header("location:theadminfilething.php");
exit();
...
Secondly, even tho you are exiting the script, its good practice to always match your braces. You are missing the end brace for the if statement at the end of your code.
The value of the $sql variable output you can see if it works by executing it 'manually' thru phpmyadmin or the command line. What happens?