So, I have a simple script that allows you to choose between any of your "team names". When you choose and sumbit, it is then supposed to do a php setcookie with the value of the selection which is a hashed version of the team name.
Here is the relevant code:
<?php
include 'include/db.php';
if(isset($_POST['submitteam'])) {
$team_hash = $_POST['teams'];
setcookie('ver_aet', $team_hash, time()+2592000);
header('Location: index.php');
}
$email = $_COOKIE['ver_ame'];
//Find the User Id from the Email Hash
$sql_finduid = "SELECT * FROM users_sensitive WHERE email_hash = '$email'";
$sql_finduid_result = mysql_query($sql_finduid);
while ($row = mysql_fetch_array($sql_finduid_result)) {
$user_id = $row['user_id'];
} //End Find User Id
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
//Find the Team Id from the User Id above
$sql_findteams = "SELECT * FROM team_members WHERE user_id = '$user_id'";
$sql_findteams_result = mysql_query($sql_findteams);
if(mysql_num_rows($sql_findteams_result) < 1){
header('Location: registerteam.php?ver_ame=' . $email);
} else {
while ($row = mysql_fetch_array($sql_findteams_result)) {
$team_id = $row['team_id'];
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
if((mysql_num_rows($sql_findteams_result)) <= 1) {
$sql_findteamname = "SELECT * FROM teams WHERE team_id = '$team_id'";
$sql_findteamname_result = mysql_query($sql_findteamname);
while ($row = mysql_fetch_array($sql_findteamname_result)) {
$team_name = $row['team_name'];
$team_hash = $row['team_name_hash'];
}
setcookie('ver_aet', $team_hash, time()+2592000);
header('Location: index.php');
} else {
//setcookie('ver_ame', $teamname_hash, time()+2592000);
//setcookie('ver_aet', $email, time()+2592000);
//header('Location: index.php'); ?>
and the HTML
Select the team you would like to view: <br />
<form method="post" action="<?PHP echo $_SERVER['PHP_SELF']; ?>">
<select name="teams">
<?PHP
$sql_findteams = "SELECT * FROM team_members WHERE user_id = '$user_id'";
$sql_findteams_result = mysql_query($sql_findteams);
while ($row = mysql_fetch_array($sql_findteams_result)) {
$team_id = $row['team_id'];
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
$sql_findteamname = "SELECT * FROM teams WHERE team_id = '$team_id'";
$sql_findteamname_result = mysql_query($sql_findteamname);
while ($row = mysql_fetch_array($sql_findteamname_result)) {
$team_name = $row['team_name'] . " ";
$team_hash = $row['team_name_hash'] . "<br />";
?>
<option value="<?= $team_hash; ?>"><?= $team_name . $team_hash; ?></option>
<?PHP
}
}
?>
</select>
<input type="submit" name="submitteam" value="Submit" />
</form>
</div>
</div>
</div>
basically, "if the submit button is clicked, set the cookie for the name of the team. If not clicked, continue. Find the cookie of your email, find out how many teams you belong to, if there is one team, make that your team cookie and continue, if not, show all available teams and allow the user to select one. loop"
I currently have the $team_hash echoing just to show that it is pulling the correct hash number (and it is). When I hit submit, it loops to the top of the page and does the setcookie statement. It sets a cookie but the cookie seems to end up having random percent signs throughout it after it is set.
What should be set: d2fea5c982b6cb3f5bffc4998d96cbe5
What is actually set: d2fea5c982b6cb3f5bffc4998d96cbe5%3Cbr+%2F%3E
Where are these extra things coming from?
The problem is that you're adding <br /> at the end of the hash when you're doing $team_hash = $row['team_name_hash'] . "<br />"; and when you're setting the value of the option, you're using $team_hash which contains a <br />. When you're doing the set cookie, the <br /> gets URL encoded hence why it's at the end of your cookie.
Simple change the line to:
$team_hash = $row['team_name_hash'];
You have a <br/> in there somehow, and PHP is url encoding it.
Right here
$team_hash = $row['team_name_hash'] . "<br />";
Related
I have a two forms from one form. I can sucessfully store the data to database.when that form submitted user will directed to the second form. I am passing variable $uniqueid in the url from first form to second form. But, when I tried stored the data of the second form into the database that relevant to the same user its not stored.
I want to store mobile number of the user from second page.databse column also mobile number.
This is my code
<?php
include_once 'dbconnect.php';
$a = $_GET['uniquekey'];
if(isset($_POST['btn-signup']))
{
$mobilenumber = $_POST['mobilenumber'];
$xxx = mysql_query("SELECT * FROM who WHERE uniquekey = '$a'")or die(mysql_error());
$yyy = mysql_fetch_row($xxx);
if(mysql_num_rows($xxx) > 0) {
$aaa = mysql_query("INSERT INTO who(mobilenumber) VALUES('$mobilenumber')");
}
else{
echo 'wrong';
}
}
?>
$xxx = mysql_query("SELECT * FROM who WHERE uniquekey = '$a'")or die(mysql_error());
$yyy = mysql_fetch_row($xxx);
if(mysql_num_rows($xxx) > 0) {
$aaa = mysql_query("UPDATE who setmobilenumber='$mobilenumber' where uniquekey = '$a' ");
}
else{
echo 'wrong';
}
Here you can use update query for update user mobile number.
include_once 'dbconnect.php';
$a = $_GET['uniquekey'];
if(isset($_POST['btn-signup']))
{
$mobilenumber = $_POST['mobilenumber'];
$xxx = mysql_query("SELECT * FROM who WHERE uniquekey = '$a'")or die(mysql_error());
$yyy = mysql_fetch_row($xxx);
if($yy>0)
{
$update="update who set mobilenumber=$mobilenumber where uniquekey='$a'";
$query=mysql_query($update);
}
else
{
echo "wrong";
}
}
<?php
include 'config.php'; //connect to db
if(isset($_REQUEST["pwd"]) && isset($_REQUEST["name"])) {
$password = $_REQUEST['pwd']; //pass from previous page
$name = $_REQUEST['name']; //pass from previous page
$checkUserPass = mysql_query("SELECT * FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'", $conn); //check if the user exist
if(mysql_num_rows($checkUserPass) == 1) {
$personnelId = mysql_query("SELECT PersonnelID FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'", $conn); //query user id
while($row = mysql_fetch_assoc($personnelId)) {
echo $row['PersonnelD']; // print user id
}
mysql_close($conn);
//echo "<br/><br/>";
//echo "<script>alert('Logged In.')</script>";
//header("Refresh: 1; url=profile/profile.php?id="'.$id.');
//header('Refresh: 1; url=test.php?id=$personnelId');
} else {
echo "<br/><br/>";
echo "<script>alert('Wrong Password.')</script>";
header('Refresh: 1; url=personnelselect.php');
}
}
?>
i cannot echo the $row['PersonnelD'] the page shows blank. i cannot understand where did i go wrong. this page quesion have been solved
Looks like you have mistake in code:
echo $row['PersonnelD'];
shouldn't it be following?
echo $row['PersonnelID'];
check the mysql_fetch_assoc() function may be its parameter is empty so it can't enter the while loop
Try to debug and check the values came in the variables using var_dump() function. Ex: var_dump($row); in while loop.
In both your querys, you have
"SELECT * FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'"
It should be:
"SELECT * FROM validPersonnel WHERE Passkey = '".$password."' and Name = '".$name."';"
PHP doesn't recognize the $var unless you close the quotes. The period adds the $var to the string.
I'm working on a project where a user can click on an item. If the user clicked at it before , then when he tries to click at it again it shouldn't work or INSERT value on the DB. When I click the first item(I'm displaying the items straight from database by id) it inserts into DB and then when I click at it again it works(gives me the error code) doesn't insert into DB. All other items when I click at them , even if I click for the second, third, fourth time all of it inserts into DB. Please help guys. Thanks
<?php
session_start();
$date = date("Y-m-d H:i:s");
include("php/connect.php");
$query = "SELECT * FROM test ORDER BY `id` ASC LIMIT 3";
$result = mysql_query($query);
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
$submit = mysql_real_escape_string($_POST["submit"]);
$tests = $_POST["test"];
// If the user submitted the form.
// Do the updating on the database.
if (!empty($submit)) {
if (count($tests) > 0) {
foreach ($tests as $test_id => $test_value) {
$match = "SELECT user_id, match_id FROM match_select";
$row1 = mysql_query($match)or die(mysql_error());
while ($row2 = mysql_fetch_assoc($row1)) {
$user_match = $row2["user_id"];
$match = $row2['match_id'];
}
if ($match == $test_id) {
echo "You have already bet.";
} else {
switch ($test_value) {
case 1:
mysql_query("UPDATE test SET win = win + 1 WHERE id = '$test_id'");
mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')");
break;
case 'X':
mysql_query("UPDATE test SET draw = draw + 1 WHERE id = '$test_id'");
mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')");
break;
case 2:
mysql_query("UPDATE test SET lose = lose + 1 WHERE id = '$test_id'");
mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')");
break;
default:
}
}
}
}
}
echo "<h2>Seria A</h2><hr/>
<br/>Welcome,".$username."! <a href='php/logout.php'><b>LogOut</b></a><br/>";
while ($row = mysql_fetch_array($result)) {
$id = $row['id'];
$home = $row['home'];
$away = $row['away'];
$win = $row['win'];
$draw = $row['draw'];
$lose = $row['lose'];
echo "<br/>",$id,") " ,$home, " - ", $away;
echo "
<form action='seria.php' method='post'>
<select name='test[$id]'>
<option value=\"\">Parashiko</option>
<option value='1'>1</option>
<option value='X'>X</option>
<option value='2'>2</option>
</select>
<input type='submit' name='submit' value='Submit'/>
<br/>
</form>
<br/>";
echo "Totali ", $sum = $win+$lose+$draw, "<br/><hr/>";
}
} else {
$error = "<div id='hello'>Duhet te besh Log In qe te vendosesh parashikime ndeshjesh<br/><a href='php/login.php'>Kycu Ketu</a></div>";
}
?>
Your problem is here :
$match = "SELECT user_id, match_id FROM match_select";
$row1 = mysql_query($match)or die(mysql_error());
while ($row2 = mysql_fetch_assoc($row1)) {
$user_match = $row2["user_id"];
$match = $row2['match_id'];
}
You are not checking it correctly. You have to check if the entry in match_select exists for the user_id and the match_id concerned. Otherwise, $match would always be equal to the match_id field of the last inserted row in your database :
$match = "SELECT *
FROM `match_select`
WHERE `user_id` = '<your_id>'
AND `match_id` = '$test_id'";
$matchResult = mysql_query($match)or die(mysql_error());
if(mysql_num_rows($matchResult)) {
echo "You have already bet.";
}
By the way, consider using PDO or mysqli for manipulating database. mysql_ functions are deprecated :
http://www.php.net/manual/fr/function.mysql-query.php
validate insertion of record by looking up on the table if the data already exists.
Simplest way for example is to
$query = "SELECT * FROM match_select WHERE user_id = '$user_id'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0)
{
// do not insert
}
else
{
// do something here..
}
In your form you have <select name='test[$id]'> (one for each item), then when you submit the form you are getting $tests = $_POST["test"]; You don't need to specify the index in the form and can simply do <select name='test[]'>, you can eventually add a hidden field with the id with <input type="hidden" value="$id"/>. The second part is the verification wich is not good at the moment; you can simply check if the itemalready exist in the database with a query
i am creating a friend request page that it need to take the friends request as an array than separate each username by a comma.
i do not know what to use the implode or the explode i did use both but neither one give me the result as i want
when i press the accpet button i get this error
Warning: implode(): Invalid arguments passed in C:\wamp\www\Unnamed Site 2\resources\friend_requests.php on line 59
can anyone help me ???
friend_request.php
<?php
session_start();
if($sessionlogin = isset($_SESSION['login']))
{
$login = ($_SESSION['login']);
$userid = ($_SESSION['user_id']);
$login_user = ($_SESSION['username']);
$fname = ($_SESSION['first_name']);
$lname = ($_SESSION['last_name']);
$sessionaddres =($_SESSION['address']);
// require_once('header.php');
require_once('for members/scripts/connect.php');
//find friend request
$findrequests = mysql_query("SELECT * FROM friend_requests WHERE user_from = '$login_user'") or die(mysql_error());
$numrows = mysql_num_rows($findrequests);
if($numrows == 0)
{
echo "YOU HAVE no friend Requests at this time";
$user_from = "";
}
else
{
while($get_row = mysql_fetch_assoc($findrequests))
{
$id = $get_row['id'];
$user_to = $get_row['user_from'];
$user_from = $get_row['user_to'];
echo '' . $user_from . ' wants to be friend' . '<br />';
//var_dump($user_from);
//var_dump($user_to);
//echo "your user_to is '$user_to'";
//echo "your user_from is '$user_from'";
?>
<?php
if(isset($_POST['acceptrequest'.$user_from]))
{
//select the friend array row from the logged in user
$get_friend_check = mysql_query("SELECT friend_array FROM user WHERE user_name = '$login_user'") or die(mysql_error());
$get_friend_row = mysql_fetch_assoc($get_friend_check);
$friend_array = $get_friend_row['friend_array'];
$friendArray_explode = implode(",", $friend_array);
$friend_array_count = count($friendArray_explode);
//select the friend array row from the user who sent the friend request
$get_friend_check_friend = mysql_query("SELECT friend_array FROM user WHERE user_name = '$user_from'") or die(mysql_error());
$get_friend_row_friend = mysql_fetch_assoc($get_friend_check_friend);
$friend_array_friend = $get_friend_row_friend['friend_array'];
$friendArray_explode_friend = implode(",", $friend_array_friend);
$friend_array_count_friend = count($friendArray_explode_friend);
if($friend_array == "")
{
$friendArray_count = count(NULL);
}
//var_dump($friendArray_count);
if($friend_array_friend == "")
{
$friendArray_count_friend = count(NULL);
}
if (#$friendArray_count == NULL)
{
$add_friend_query = mysql_query("UPDATE user SET friend_array = CONCAT(friend_array, '$user_from') WHERE user_name = '$login_user'");
}
if(#$friendArray_count_friend == NULL)
{
$add_friend_query = mysql_query("UPDATE user SET friend_array = CONCAT(friend_array, '$user_to') WHERE user_name = '$user_from'");
}
/*
if(#$friendArray_count >= 1)
{
$add_friend_query = mysql_query("UPDATE user SET friend_array = CONCAT(friend_array, ',$user_from') WHERE user_name = '$login_user'");
}
/*
if(#$friendArray_count_friend >= 1)
{
$add_friend_query = mysql_query("UPDATE user SET friend_array = CONCAT(friend_array, ',$user_to') WHERE user_name = '$user_from'");
}
*/
// for delete request
$delete_request = mysql_query("DELETE FROM friend_requests WHERE user_to = '$user_to' && user_from = '$user_from'") or die(mysql_error());
echo "YOU are now friends!!";
//header("Location: friend_requests.php");
}
if(isset($_POST['ignorerequest'.$user_from]))
{
$ignore_request = mysql_query("DELETE FROM friend_requests WHERE user_to = '$user_to' && user_from = '$user_from'") or die(mysql_error());
echo "Request ignored !!";
header("Location: friend_requests.php");
}
?><br />
<br />
<br />
<br />
<br />
<form action="friend_requests.php" method="post">
<input type="submit" name="acceptrequest<?php echo $user_from; ?>" value="Accept">
<input type="submit" name="ignorerequest<?php echo $user_from; ?>" value="Ignor">
</form>
<?php
}
}
}
?>
try this
$get_friend_check = mysql_query("SELECT friend_array FROM user WHERE user_name = '$login_user'") or die(mysql_error());
$your_array = array();
while ($get_friend_row = mysql_fetch_array($get_friend_check)) {
$your_array[] = $get_friend_row['friend_array'];
}
$friendArray_explode = implode(",", $your_array);
echo $friendArray_explode;
you could also use implode in mysql directly
like that
$get_friend_check = mysql_query("SELECT group_concat(friend_array SEPARATOR ',')
FROM user WHERE user_name = '$login_user'")
or die(mysql_error());
My users have a user_ID when logging in and this appears within the URL. However when moving to a page from 'myaccount.php' when the next form has been saved (thesis.php) the same ID should still be in the URL and therefore the correct data they inputted should be under their own ID in the database. At the moment the thesis.php page just refreshes with the following code:
$err = array();
$result = mysql_query("SELECT `id` FROM `users` WHERE `banned` = '0' ORDER BY
`id` DESC");
if(isset($_SESSION['user_id']))
if(empty($_SESSION['$user_id'])) { // user not logged in; redirect to somewhere else }
if (!empty($_POST['doThesis']) && $_POST['doThesis'] == 'Save')
{
list($id) = mysql_fetch_row($result);
session_start();
// this sets variables in the session
$_SESSION['user_id'] = $id;
foreach($_POST as $key => $value)
$stamp = time();
$ckey = GenKey();
mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'")
or die(mysql_error());
$row = mysql_fetch_array($result);
print_r($row);
if(empty($err)) {
$thesis_Name = mysql_real_escape_string($_POST['thesis_Name']);
$abstract = mysql_real_escape_string($_POST['abstract']);
$sql_insert = "INSERT into `thesis`
(`user_id`,`thesis_Name`,`abstract` )
VALUES
('$id','$thesis_Name','$abstract') ";
mysql_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error());
}
header("Location: myaccount.php?id=' . $_SESSION[user_id] .'");
exit();
}
}
HTML:
<p align="center">
<input name="doThesis" type="submit" id="doThesis" value="Save">
</p>
I believe you need to call session_start() before you can do isset($_SESSION['blah']).
Try shifting session_start(); to the top of the file
<?php
session_start();
.....
the rest of your code
session_start(); Must be at the top;
if you want to pass the id var in the URL use
<a href='myaccount.php?id=<? echo $id; ?>'>