php if statement and comparison value - php

<?php
error_reporting(0);
session_start();
if(!$_SESSION["login"]){
print '<script type="text/javascript">';
print 'alert("You need to login first")';
print '</script>'; echo '<meta http-equiv="REFRESH" content="0;url=home.php">';
die();
}
?>
<?php
//This is the book stuff
ob_start();
#error_reporting(0);
$host="localhost"; // Host name
include 'databaselogin.php';
$db_name="X"; // Database name
$tbl_name="Books"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$id = $_GET["id"];
$sql = 'SELECT * FROM Books WHERE `id` = '.$id.' LIMIT 1';
$result=mysql_query($sql) or die(mysql_error());
while($rows = mysql_fetch_array($result)){
?>
<?
//this is user stuff.
ob_start();
error_reporting(0);
$host="localhost"; // Host name
include 'databaselogin.php';
$currentuser = $_SESSION["id"];
$db_name="X"; // Database name
$tbl_name="users"; // Table name
$tbl_name="Books"; // Table name
/*
if ($rows['userid'] != $currentusers)
{
print '<script type="text/javascript">';
print 'alert("you dont have permissions")';
print '</script>'; echo '<meta http-equiv="REFRESH" content="0;url=home.php">';
}
*/
?>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Silent Generation</title>
<link rel="stylesheet" href="styles.css" type="text/css" media="screen" />
<link rel="stylesheet" type="text/css" href="print.css" media="print" />
<!--[if IE]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->
<!--script section-->
<script type="text/javascript">
</script>
<!--end script section-->
</head>
<body>
<div id="wrapper"><!-- #wrapper -->
<header><!-- header -->
<h1>Silent Generation</h1>
<h2>Would it be too chezy to say silent but deadly</h2>
</header><!-- end of header -->
<nav><!-- top nav -->
<div class="menu">
<ul>
<li>Home</li>
<li>Sell</li>
<li>Buy</li>
<li>Stores</li>
<li>Donate</li>
<li>Contact Us</li>
<li>Support</li>
</ul>
</div>
</nav><!-- end of top nav -->
<section id="main"><!-- #main content and sidebar area -->
<section id="content"><!-- #content -->
<article>
<form method="GET" action="editadd.php" name="add" id="add">
Book Name:
<div align="center" style="margin-top:-15px;">
<input type="text" name="name" id="name" value="<?echo $rows["name"];?>"/></div>
Author's Name: <div align="center" style="margin-top:-15px;"><input type="text" name="author" id="author" value="<?echo $rows["author"];?>"></div>
ISBN: <div align="center" style="margin-top:-15px;"><input type="text" name="ISBN" id="ISBN" value="<?echo $rows["ISBN"];?>"></div>
Edition : <div align="center" style="margin-top:-15px;"><input type="text" name="edition" id="edition" value="<?echo $rows["edition"];?>"></div>
Contact info:<div align="center" style="margin-top:-15px;"> <input type="text" name="contact" id="contact" value="<?echo $rows["contact"];?>" /></div>
Price: <div align="center" style="margin-top:-15px;"> <input type="text" name="price" id="price" / value="<?echo $rows["price"];?>"></div>
Comments: <div align="center"><textarea id="comments" name="comments" rows="13" cols="80" ><?echo $rows["comment"];?> </textarea></div>
<div align="center"><input type="submit" value="Submit" style="width:660px;height:70px;"/></div>
<input type="hidden" name="id" value="<?echo $rows["id"];?>" />
</form>
current user: <?echo $currentuser;?>
posted by: <?echo $rows['userid']?>
<?
}
ob_end_flush();
if ( intval($rows['userid']) == intval($currentusers))
{echo "true";}
else
{echo "fasle";}
?>
</article>
<pre>
</pre>
</section><!-- end of #content -->
<aside id="sidebar"><!-- sidebar -->
<?php
error_reporting(0);
session_start();
if(!$_SESSION["login"]){
?>
<h3>Login</h3>
<form method="post" ACTION="login.php">
E-mail
<input type="text" id="myusername" name="myusername" />
<br/>
<br/>
Password <input type="password" id="mypassword" name="mypassword" />
<br/>
<br/>
<INPUT TYPE="submit" VALUE="Submit" />
<br/>
<input TYPE="button" VALUE="Password?"onclick="javascript:document.location='lostpass.php'; return false; "/>
</form>
<pre>
</pre>
<h3>Register</h3>
<form method="post" action="register.php" name="register" id="register">Name <br/><input type="text" id="name" name="name" ><br/>
Email <br/> <input type="text" id="email" name="email"><br/>
School <br/> <select name="school" id="school">
<option value='Sierra College'>Sierra College</option>
<option value='American River'>American River</option>
<option value='UC Davis'>UC Davis</option>
<option value='UCLA'>UCLA</option>
<option value='UCSD'>UCSD</option>
</select><br/>
Password <br/> <input type="password" id="password" name="password"><br/>
Conform Password <br/> <input type="password" id="password2" name="password2"><br/>
<br/>
<input type="submit" value="Submit">
<input type="reset" value="Clear">
</form>
<?}else{?>
<h3>Welcome</h3> <?php echo $_SESSION["username1"] ?>
Logout
<?}
?>
<h3>Connect With Us</h3>
<ul>
<li>Twitter</li>
<li>Facebook</li>
</ul>
</aside><!-- end of sidebar -->
</section><!-- end of #main content and sidebar-->
<footer>
<section id="footer-area">
<section id="footer-outer-block">
<aside class="footer-segment">
<h4>Joubin Jabbari</h4>
<p>© 2011 Silentgen.com
presents a site by a student for students.
</p>
</aside><!-- end of #fourth footer segment -->
</section><!-- end of footer-outer-block -->
</section><!-- end of footer-area -->
</footer>
</div><!-- #wrapper -->
<!-- Free template created by http://freehtml5templates.com -->
</body>
</html>
The above is my entire code.... the fist few blocks of php is all you need to look at. All I want to is to make sure that the person is trying to edit this post is the person that has posted it. otherwise, they need to be rerouted else where.


hmm... perhaps trying if ( intval($rows['userid']) == intva($currentusers))
Ok, you were using the wrong variable name. It is meant to by $currentuser not $currentusers.
if ( $rows['userid'] == $currentuser)
echo "true";
else
echo "false";


based on your variable name your $currentusers is an array of users, if so you can check if a value exists in it with in_array($value,$array);
if not, you have named your variable in a bad manner =D, maybe it's a type problem. cast both of them to int values with intval function
if(inval($rows['userid']) == intval($currentusers))


Nothing is wrong with your conditional statement, so it must be an issue with what is being stored in $currentusers and $rows['userid']. Can you provide more code specific to the values being assigned to those two variables?
EDIT: You have a typo in your code. You're comparing to "$currentusers" instead of "$currentuser". Try this:
if ( intval($rows['userid']) == intval($currentuser))
{echo "true";}
else
{echo "fasle";}

Related

Why are my search results not visible under the search form?

hoping somebody is able to help!
I have created a search form to enable a user to search for a specific assessment day using the name, date and the company it is for.
The results of this search should appear below the form used to generate the search. However, at the moment, when the search button is selected the form just refreshes and does not show any results?
Can anyone advise? Code below:
<?php
if(isset($_GET['submit'])){
require_once 'connect.php';
if(isset($_GET['nameofassessmentday'])) {
if(isset($_GET['dateofassessmentday'])) {
if(isset($_GET['companyname'])) {
$nameofassessmentday = $db-> real_escape_string($_GET['nameofassessmentday']);
$dateofassessmentday = $db-> real_escape_string($_GET['dateofassessmentday']);
$companyname = $db-> real_escape_string($_GET['companyname']);
$query = $db->query ("
SELECT Name, Company
FROM assessment_day_details
WHERE Name LIKE '{$nameofassessmentday}'
AND Company LIKE '{$companyname}'
AND Date_of_Day = '{$dateofassessmentday}'
");
}
}
}
?>
<div class="result-count">
Found <?php echo $query->num_rows; ?> results.
</div>
<?php
if($query-> num_rows) {
while($r = $query->fetch_object()) {
?>
<div class="result">
<?php echo $r->Name; ?>
<?php echo $r->Company; ?>
</div>
<?php
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Assess Existing Assessment Day-Search</title>
<link rel="stylesheet" href="style.css">
</head>
<?php
include 'function.php';
}
?>
<body>
<div id="form">
<form method="get">
<p>
<label>Name of Assessment Day:</label>
<input type="text" id="nameofassessmentday" name="nameofassessmentday" required/>
</p>
<p>
<label>Date of Assessment Day:</label>
<input type="date" id="dateofassessmentday" name="dateofassessmentday" required />
</p>
<p>
<label>Company Name :</label>
<input type="text" id="companyname" name="companyname" required/>
</p>
<p>
<input type="submit" id="btn" value="Search" />
</p>
</form>
</div>
</body>
</html>
Also, just one additional question for future reference. Is there anyway I would be able to hyperlink a search result to go to a particular page?
Thanks in advance!
And as some further information, prior to trying to get the search results to show in the same webpage, I had the below two pages and it worked perfectly.
<!DOCTYPE html>
<html>
<head>
<title>Assess Existing Assessment Day-Search</title>
<link rel="stylesheet" href="style.css">
</head>
<?php
include 'function.php';
?>
<body>
<div id="form">
<form action="search.php" method="get">
<p>
<label>Name of Assessment Day:</label>
<input type="text" id="nameofassessmentday" name="nameofassessmentday" required/>
</p>
<p>
<label>Date of Assessment Day:</label>
<input type="date" id="dateofassessmentday" name="dateofassessmentday" required />
</p>
<p>
<label>Company Name :</label>
<input type="text" id="companyname" name="companyname" required/>
</p>
<p>
<input type="submit" id="btn" value="Search" />
</p>
</form>
</div>
</body>
</html>
<?php
require_once 'connect.php';
include 'function.php';
if(isset($_GET['nameofassessmentday'])) {
if(isset($_GET['dateofassessmentday'])) {
if(isset($_GET['companyname'])) {
$nameofassessmentday = $db-> real_escape_string($_GET['nameofassessmentday']);
$dateofassessmentday = $db-> real_escape_string($_GET['dateofassessmentday']);
$companyname = $db-> real_escape_string($_GET['companyname']);
$query = $db->query ("
SELECT Name, Company
FROM assessment_day_details
WHERE Name LIKE '{$nameofassessmentday}'
AND Company LIKE '{$companyname}'
AND Date_of_Day = '{$dateofassessmentday}'
");
}
}
}
?>
<div class="result-count">
Found <?php echo $query->num_rows; ?> results.
</div>
<?php
if($query-> num_rows) {
while($r = $query->fetch_object()) {
?>
<div class="result">
<?php echo $r->Name; ?>
<?php echo $r->Company; ?>
</div>
<?php
}
}
?>

you have to add '%' when you use LIKE in query
check here https://www.w3schools.com/sql/sql_like.asp

Unable to get jQuery validation to work

I am using php and CodeIgniter. I am a novice at both of these (career VB.Net and C# developer). However, trying to create a basic registration form, I'm having a hard time getting jQuery validation to work.
header.php
<?php defined('BASEPATH') OR exit('No direct script access allowed'); ?><!DOCTYPE html>
<html>
<head>
<?php if(isset($title)) {?>
<title>Discuss Cards - <?php echo $title ?></title>
<?php } else { ?>
<title>Discuss Cards</title>
<?php } ?>
<link rel="stylesheet" href="<?php echo base_url();?>styles/forum.css" type="text/css"><script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"> </script>
<script src="<?php echo base_url();?>js/jquery.validate.min.js"></script>
</head>
<body>
<?php if(isset($title)) {?>
<h1><?php echo $title?></h1>
<?php } ?>
<?php if (isset($page_description)) {?>
<p id="page_description"><?php echo $page_description?></p>
<?php } ?>
create.php
<script>
$("#createaccount").validate();
</script>
<?php $attributes = array('id'=>'createaccount');
echo form_open('user/create_account',$attributes); ?>
<?php echo form_label('Email','txtEmail');?>
<br />
<?php $data = array('type'=>'email','name'=>'txtEmail','id'=>'txtEmail','maxlength'=>'50','minlength'=>'2');
echo form_input($data); ?>
<br /><br />
<?php echo form_label('Username','txtUsername');?>
<br />
<?php $data = array('name'=>'txtUsername','id'=>'txtUsername','maxlength'=>'50','minlength'=>'5');
echo form_input($data); ?>
<br /><br />
<?php echo form_label('Password','pswPassword');?>
<br />
<?php $data = array('name'=>'pswPassword','id'=>'pswPassword');
echo form_password($data); ?>
<br /><br />
<?php echo form_label('Confirm Password','pswConfirmPassword');?>
<br />
<?php $data = array('name'=>'pswConfirmPassword','id'=>'pswConfirmPassword');
echo form_password($data); ?>
<br /><br />
<input type="submit" value="Register" name="Register" />
<?php echo form_close();?>
footer.php
<strong>© 2016</strong>
</body>
</html>
result...
<!DOCTYPE html>
<html>
<head>
<title>Discuss Cards - Create New Account</title>
<link rel="stylesheet" href="http://[::1]/forum/styles/forum.css" type="text/css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>
<script src="http://[::1]/forum/js/jquery.validate.min.js"></script>
</head>
<body>
<h1>Create New Account</h1>
<script>
$("#createaccount").validate();
</script>
<form action="http://[::1]/forum/index.php/user/create_account" id="createaccount" method="post" accept-charset="utf-8">
<label for="txtEmail">Email</label>
<br>
<input type="email" name="txtEmail" value id="txtEmail" maxlength="50" minlength="2">
<br>
<br>
<label for="txtUsername"></label>
<br>
<input type="text" name="txtUsername" value id="txtUsername" maxlength="50" minlength="5">
<br>
<br>
<label for="pswPassword">Password</label>
<br>
<input type="password" name="pswPassword" value id="pswPassword">
<br>
<br>
<label for="pswConfirmPassword">Confirm Password</label>
<br>
<input type="password" name="pswConfirmPassword" value id="pswConfirmPassword">
<br>
<br>
<input type="submit" value="Register" name="Register">
</form>
<strong>© 2016</strong>
</body>
</html>
Now, the links to the js and css files are correct. I used the example from http://jqueryvalidation.org/documentation/:
<form class="cmxform" id="commentForm" method="get" action="">
<fieldset>
<legend>Please provide your name, email address (won't be published) and a comment</legend>
<p>
<label for="cname">Name (required, at least 2 characters)</label>
<input id="cname" name="name" minlength="2" type="text" required>
</p>
<p>
<label for="cemail">E-Mail (required)</label>
<input id="cemail" type="email" name="email" required>
</p>
<p>
<label for="curl">URL (optional)</label>
<input id="curl" type="url" name="url">
</p>
<p>
<label for="ccomment">Your comment (required)</label>
<textarea id="ccomment" name="comment" required></textarea>
</p>
<p>
<input class="submit" type="submit" value="Submit">
</p>
</fieldset>
</form>
<script>
$("#commentForm").validate();
</script>
However, I feel that I'm missing something because it's not working. When I use their demo (http://jqueryvalidation.org/files/demo/), a new label is created under the input area which displays the error. However, when I test my code (Notepadd++, latest version of Google Chrome, WAMPServer 2.5), I only get Chrome validation. Could someone point out to me what I'm doing incorrect? Thanks.

A bit too long for a comment, but not sure if it is the only problem. The first thing I see is that the
<script>
$("#createaccount").validate();
</script>
is located before the form with id="createaccount". This means this javascript code is parsed and run before the element exists inside the DOM.
In order to run this JS when the DOM is loaded, you then need to wrap it into this specific jquery part :
$( document ).ready( function( ) {
$("#createaccount").validate();
}
(And ideally you put all JS at the end of the page, before the closing </body> tag)

Uploading file to MySQL blob field file_get_contents(): failed (from input type="file")

I am uploading a file from my local directory to a MySQL Databases' MEDIUMBLOB field using file_get_contents and I am receiving the following error:
Warning: file_get_contents(test.txt): failed to open stream: No such file or directory in C:\xampp\htdocs\Craisins\forms\new_scenario.php on line 265
Yet the file is definitely there since I pick it with input type="file"
This seemed to be working yesterday and now suddenly today it's no longer working correctly and I'm not sure why.
Here is the full file:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<!--Normal CSS Sheets-->
<link rel="stylesheet" type="text/css" href="../includes/style.css">
<link rel="stylesheet" type="text/css" href="../includes/style_form.css">
<!--BSM Select CSS Sheet-->
<link rel="stylesheet" type="text/css" href="../includes/bsmselect/css/jquery.bsmselect.css">
<!--jQuery-->
<script src="../includes/jquery-2.1.4.min.js"></script>
<!--jQuery for BSMSelect-->
<script src="../includes/bsmselect/js/jquery.bsmselect.js"></script>
<!--jQuery selector for BSMSelect-->
<script>
$(document).ready(function() {
$("select[multiple]").bsmSelect();
});
</script>
<style type="text/css">
<!--
.style1
{
font-size: 12px;
font-weight: bold;
}
textarea
{
resize: none;
}
-->
<?php include ("../includes/formSuccess.php");
include ("../includes/sql.php");
require_once "../WindowsAzure/WindowsAzure.php";
use WindowsAzure\Common\ServicesBuilder;
use WindowsAzure\Blob\Models\CreateContainerOptions;
use WindowsAzure\Blob\Models\PublicAccessType;
use WindowsAzure\Common\ServiceException;
?>
</style>
<title>****</title>
</head>
<body>
<div id="pageContainer">
<!--This section is for the upper half of the page. From the "Title" bar up.-->
<?php include ("../includes/formNav.php");?>
<!--End of the Header Section-->
<br>
<!--This section is where we add the main content for the page.-->
<div id="contentArea">
<div id="mainContentAdmin">
<h1 style="text-align:center">Add New Scenario</h1>
<?php
// display form if user has not clicked submit
if (!isset($_POST["btn_submit"]))
{
?>
<!--This will be the form that will hold the information of the entire page.-->
<form class="elegant-aero" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<p>
<!--Scenario Title-->
<label>
<span>Title:</span>
<input type="text" name="title" placeholder="Enter the full scenario name here">
</label>
<!--Scenario Description-->
<label>
<span>Description:</span>
<textarea name="desc" placeholder="Enter the scenario description here"></textarea>
</label>
<!--Scenario Times-->
<label id="time">
<span>Estimated Times:</span>
<!--Scenario Execution Time-->
<b>Execution:</b>
<input type="number" name="execHr" min="0" placeholder="Hours">
<input type="number" name="execMin" min="1" placeholder="Minutes">
<br><br>
<!--Scenario Debriefing Time-->
<b>Debriefing:</b>
<input type="number" name="debriHr" min="0" placeholder="Hours">
<input type="number" name="debriMin" min="0" placeholder="Minutes">
</label>
<br>
<!--Origin-->
<label>
<span>Origin:</span>
<input type="text" name="origin" placeholder="Enter the origin here (if any)">
</label>
<!--Target Users-->
<label>
<span>Target Users:</span>
<select name="users[]" multiple="multiple" title="Please select user type...">
<?php
selectMySQL("valid_trainee_type","trainee_type");
?>
</select>
</label>
<br>
<!--Capabilities-->
<label>
<span style="">Capabilities Required:</span>
<select name="capabilities[]" multiple="multiple" title="Please select capabilities...">
<?php
selectMySQL("valid_capability","name");
?>
</select>
</label>
<br>
<!--Prerequisites-->
<label>
<span style="">Prerequisite Knowledge:</span>
<select name="prerequisites[]" multiple="multiple" title="Please select prerequisites...">
<?php
selectMySQL("valid_prerequisite","prerequisite");
?>
</select>
</label>
<br>
<!--Equipment-->
<label>
<span>Equipment Required:</span>
<select name="equipment[]" multiple="multiple" title="Please select equipment...">
<?php
selectMySQL("valid_equipment","equipment");
?>
</select>
</label>
<!--Parameters-->
<label>
<span>Parameters to Monitor:</span>
<select name="parameters[]" multiple="multiple" title="Please select parameters...">
<?php
selectMySQL("valid_parameter","parameter");
?>
</select>
</label>
<br>
<!--Learning Objectives-->
<label>
<span>Learning Objectives:</span>
<textarea name="object" placeholder="Please list the learning objectives for the procedure..."></textarea>
</label>
<!--Setting-->
<label>
<span>Setting:</span>
<textarea name="set" placeholder="Please describe the ideal setting for the procedure..."></textarea>
</label>
<!--Preparation-->
<label>
<span>Preparation Required:</span>
<textarea name="prep" placeholder="Please list any steps that are required in order to perform this procedure..."></textarea>
</label>
<!--Participants-->
<label>
<span>Participants Required:</span>
<textarea name="part" placeholder="Please list the participants that will be required in order to perform this procedure..."></textarea>
</label>
<!--Patient Information-->
<label>
<span id="patient">Patient Information:</span>
<br>
<!--Patient Name-->
<b>Name</b>
<input type="text" name="patName" style="width:63%;" placeholder="Enter the patient's full name here">
<!--Patient Vitals-->
<b>Vitals</b>
<select name="patSex" style="width:15%;" title="Male or Female?">
<option value="male">male</option>
<option value="female">female</option>
</select>
<b>Age</b>
<input name="patAge" type="text" style="width:5%;">
<b>Height</b>
<input type="text" name="patHt" style="width:6%;" placeholder="(in)">
<b>Weight</b>
<input type="text" name="patWt" style="width:6%;" placeholder="(lbs)">
<span style="width: 30%; border-right:0; margin-right:0; padding-right: 5px;">Other Info</span>
<textarea style="width:63%;" name="patInfo" placeholder="Any other medical details?"></textarea>
</label>
<!--Scoring-->
<label>
<span>Scoring:</span>
<textarea name="score" placeholder="Please detail the scoring rubric for this scenario..."></textarea>
</label>
<!--Debrief-->
<label>
<span>Debrief:</span>
<textarea name="debrief" placeholder="Please detail the debriefing process for this scenario..."></textarea>
</label>
<!--Scenario File-->
<label>
<span>Scenario Details:</span>
<br>
<input type="file" name="fileScenDetails" value="Upload File">
<br>
<textarea name="textScenDetails" placeholder="Please any other scenario details here..."></textarea>
</label>
<!--Submit Button-->
<label>
<span> </span>
<input type="submit" name="btn_submit" class="button" value="Add Scenario"/>
</label>
</p>
</form>
<?php
} //end if
else
{
//Setup the MySQL server
$servername = "localhost";
$username = "root";
$password = "****";
$dbname = "****";
//Create connection to the MySQL server
$conn = new mysqli($servername, $username, $password, $dbname);
//Check connection
if($conn -> connect_error)
{
die("Connection failed: " . $conn -> connect_error);
} //end if
//Organize Execution Time
$exec_time = "00:".$_POST['execHr'].":".$_POST['execMin'];
//Organize Debriefing Time
$debrif_time = "00:".$_POST['debriHr'].":".$_POST['debriMin'];
//Organize BLOB
$blob = addslashes(file_get_contents($_POST['fileScenDetails']));
$sql="INSERT INTO scenario (title, description, est_scenario_time, est_debriefing_time,
origin, objectives, setting, preparation, participants,
patient_name, patient_sex, patient_age, patient_height,
patient_weight, patient_info, scoring, debrief,
scenario_file, scenario_text)
VALUES ('".$_POST['title']."','".$_POST['desc']."', '$exec_time', '$debrif_time',
'".$_POST['origin']."','".$_POST['object']."',
'".$_POST['set']."','".$_POST['prep']."',
'".$_POST['part']."','".$_POST['patName']."',
'".$_POST['patSex']."','".$_POST['patAge']."',
'".$_POST['patHt']."','".$_POST['patWt']."',
'".$_POST['patInfo']."','".$_POST['score']."',
'".$_POST['debrief']."','$blob',
'".$_POST['textScenDetails']."');";
if($conn->query($sql) === TRUE) {
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
} //end else
$conn->close();
/*
//Insert Target Users (Trainee Types)
insert_Scen_Dev('scenario','title', 'title','users',
'valid_trainee_type','trainee_type', 'scenario_trainee_type',
'scenario_id', 'valid_trainee_type_id');
//Insert Capabilities
insert_Scen_Dev('scenario','title', 'title','capabilities',
'valid_capability','name', 'scenario_capabilities',
'scenario_id', 'valid_capability_id');
//Insert Prerequisites
insert_Scen_Dev('scenario','title', 'title','prerequisites',
'valid_prerequisite','prerequisite', 'scenario_prerequisites',
'scenario_id', 'valid_prerequisite_id');
//Insert Equipment
insert_Scen_Dev('scenario','title', 'title','equipment',
'valid_equipment','equipment', 'scenario_equipment',
'scenario_id', 'valid_equipment_id');
//Insert Parameters
insert_Scen_Dev('scenario','title', 'title','parameters',
'valid_parameter','parameter', 'scenario_parameters',
'scenario_id', 'valid_parameter_id');
*/
echo "<div class='sqlSuccess'>A new Scenario has been added!</div>";
} //end else
?>
</div>
</div>
<!--End of the Content Section-->
<!--This section is for the lower half of the page. From the copyright bar down.-->
<div id="footer">
<div id="footerCenter">
Copyright ©
<script language="javascript" type="text/javascript">
var today = new Date();
var year = today.getFullYear();
document.write(year);
</script>
</div>
</div>
<!--End of the Footer Section-->
</div>
</body>

There are several problems with this code. At first, file won't upload unless you specify a correct enctype attribute on a form element:
<form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Also the file address is available under $_FILES['fileScenDetails']['tmp_name'], not under $_POST['fileScenDetails'], so:
$blob = addslashes(file_get_contents($_FILES['fileScenDetails']['tmp_name']));
Note, that you should check if file upload was successfull, as otherwise your code will trigger warning (eg. when user won't specify file). Add something like this:
if(isset($_FILES['fileScenDetails']['error']) && UPLOAD_ERR_OK == $_FILES['fileScenDetails']['error']) {
// do your stuff here
} else {
// display 'no-file' error to the user
}
Also, you should definitely check if the specified file was really uploaded, to avoid stealing your code with malformed requests. Check is_uploaded_file function here: http://php.net/manual/en/function.is-uploaded-file.php
There are also some possible SQL injections and other security issues.

Can you see a logic error

I have this script:
<?php
/**
* The template for displaying all pages.
* Template Name: modify.php
* This is the template that displays all pages by default.
* Please note that this is the WordPress construct of pages
* and that other 'pages' on your WordPress site will use a
* different template.
*
* #package WordPress
* #subpackage Twenty_Twelve
* #since Twenty Twelve 1.0
*/
get_header(); ?>
<div id="primary" class="site-content">
<div id="content" role="main">
<?php while ( have_posts() ) : the_post(); ?>
<?php get_template_part( 'content', 'page' ); ?>
<?php comments_template( '', true ); ?>
<?php endwhile; // end of the loop. ?>
<?php
$user_id = get_current_user_id();
if($user_id==0)
{
echo "Login please";
exit;
}
mysql_connect("localhost", "", "") or die (mysql_error());
#echo "Connected to MYSQL ";
mysql_select_db("derp") or die (mysql_error());
#echo "Connected to Data Base";
/*$query = "SELECT * FROM addserverame WHERE userId='{$user_id}'";
$result = mysql_query ($query) or die (mysql_error());*/
if(!isset($_POST['submit'])) {
$q = "SELECT * FROM addserverame WHERE ID = $_GET[id] AND userId='{$user_id}'";
$result = mysql_query ($q);
$person = mysql_fetch_array ($result);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Add Your Server</title>
<link rel="stylesheet" type="text/css" href="view.css" media="all">
<script type="text/javascript" src="view.js"></script>
</head>
<body id="main_body" >
<img id="top" src="top.png" alt="">
<div id="form_container">
<h1><a>Modify Server</a></h1>
<form id="form_606591" class="appnitro" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<div class="form_description">
<h2>Add Your Server</h2>
<p></p>
</div>
<ul >
<li id="li_1" >
<label class="description" for="servername">Server Name </label>
<div>
<input id="element_1" name="Servername" class="element text medium" type="text" maxlength="255" value="<?php echo $person['servername']; ?>"/>
</div><p class="guidelines" id="guide_1"><small>Enter your server name here NOT your server address.</small></p>
</li> <li id="li_2" >
<label class="description" for="Serveraddress">Server Address </label>
<div>
<input id="element_2" name="Serveraddress" class="element text medium" type="text" maxlength="255" value="<?php echo $person['serveraddress']; ?>"/>
</div><p class="guidelines" id="guide_2"><small>This will the DNS name of your server</small></p>
</li> <li id="li_3" >
<label class="description" for="Portnumber">PortNumber </label>
<div>
<input id="element_3" name="Portnumber" class="element text medium" type="text" maxlength="255" value="<?php echo $person['portnumber']; ?>"/>
</div><p class="guidelines" id="guide_3"><small>This will be the port your server is using.</small></p>
</li> <li id="li_4" >
<label class="description" for="Description">Server Description </label>
<div>
<textarea id="element_4" name="Description" class="element textarea medium" value ="<?php echo $person['description']; ?>"></textarea>
</div><p class="guidelines" id="guide_4"><small>Enter server description/rules here.</small></p>
</li>
<li class="buttons">
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input id="saveForm" class="button_text" type="submit" name="submit" value="Modify" />
</li>
</ul>
</form>
<div id="footer">
</div>
</div>
</body>-
</html>
<?
if(isset($_POST['submit'])) {
$u = "UPDATE addserverame SET `servername`='$_POST[Servername]', `serveraddress`='$_POST[Serveraddress]', `portnumber`='$_POST[Portnumber]', `description`='$_POST[Description]' WHERE ID = $_POST[id] AND userId='{$user_id}'";
mysql_query($u) or die (mysql_error());
echo "Server Info Has Been Modified";
}
?>
</div><!-- #primary -->
</div><!-- Content -->
<?php //endif; ?>
<?php get_footer(); ?>
I cant figure what, if any what the logical errors are.
Whats meant to happen
the user chooses to update a table if the table is theirs they should be able to edit it and update the table.
Whats happening
the user will try and edit it but it will not update there is no successful modify echo and they are redirected to the front page.
Can any one in all there wisdom explain to me why this is happening instead of what i want to happen.
Thanks
Ben

the probab cause for your form t fail is that the form is not runing in your default page thatts routing to somewhere in your index page as gives you the php file thats executing and that the index.php so the main cause may be your form action i.e. you are using action in your form like
action="<?php echo $_SERVER['PHP_SELF']; ?>"
so it might be redirecting to your home page i.e. index.php so place your form action blank might this help you

How to pass an image value from one form to another form?

i have an image at promotions.php . When i clicked on 'edit' link, the variables like 'title', 'description' and 'image' would be passed on to doEditPromotion.php's page form.
I can pass 'title' and 'description' to be displayed on doEditPromotion.php's page form but not the image value.
Can anyone help me with this? Thanks!
doEditPromotion.php -->
<?php
session_start();
include "dbfunction.php";
$id = $_REQUEST['id'];
$query = "SELECT title, description, image, promotionID FROM promotion WHERE promotionID = '$id'";
$result = mysqli_query($link, $query);
$row = mysqli_fetch_array($result);
$title = $row['title'];
$description = $row['description'];
$image = $row['image'];
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['save']))
{
$title_save = $_POST['title'];
$description_save = $_POST['description'];
$target = 'images/';
$target = $target.basename($_FILES['photo']['name']);
$pic = ($_FILES['photo']['name']);
move_uploaded_file($_FILES['photo']['tmp_name'], $target);
// check that firstname/lastname fields are both filled in
if ($title_save == '' || $description_save == '' || $pic == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
echo $error;
}
else
{
// save the data to the database
$query = "UPDATE promotion SET title = '$title_save', description = '$description_save', image = '$pic' WHERE promotionID = '$id'";
$result = mysqli_query($link, $query);
// once saved, redirect back to the view page
header("Location: promotions.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="codes.css"/>
<link href="styles.css" rel="stylesheet" type="text/css" media="screen" />
<link rel="stylesheet" href="picture-zoom/css/dg-picture-zoom.css" type="text/css" />
<script type="text/javascript" src="picture-zoom/js/external/mootools-1.2.4-core-yc.js"></script>
<script type="text/javascript" src="picture-zoom/js/external/mootools-more.js"></script>
<script type="text/javascript" src="picture-zoom/js/dg-picture-zoom.js"></script>
<script type="text/javascript" src="picture-zoom/js/dg-picture-zoom-autoload.js"></script>
<script>
function myFunction()
{
alert("Are you sure you want to proceed?");
}
</script>
<title>Eco Canteen - Promotions</title>
</head>
<body>
<div id="wrap">
<div id="header">
<div id="logo">
<br/>
<?php
if(isset($_SESSION['username']))
{
?>
<p align="right"><font color="white">Logout</font></p>
<?php
}
else
{
?>
<form align="right" name="form" action="doIndex.php" method="post">
<p><label for="username"><font color="white"> Username: </font></label>
<input name="username" type="text"></input>
<label for="password"><font color="white"> Password: </font></label>
<input name="password" type="password"></input>
<input name="submit" value="Login" type="submit"/></p>
<?php
}
?>
</form>
</div>
<div id='menu'>
<ul>
<li><a href='index.php'><span>Home</span></a></li>
<li><a href='promotions.php'><span>Promotions</span></a></li>
<li><a href='outlets.php'><span>Outlets</span></a></li>
<li><a href='feedback.php'><span>Feedback</span></a></li>
<li class='has-sub '><a href='#'><span>Career</span></a>
<ul>
<li><a href='stall.php'><span>Stall Leasing</span></a></li>
<li><a href='career.php'><span>Career Opportunity</span></a></li>
</ul>
</li>
<li><a href='contactUs.php'><span>Contact Us</span></a></li>
</ul>
</div>
</div>
<br/>
<br/>
<p class="slogan"></p>
<div id="intro">
<h2><b>ECO CANTEEN</b></h2>
</div>
<br/>
<div class="wid_center">
<div id="content">
<div class="gao">
<h3>Promotion > <b>Edit Promotion</b></h3>
<fieldset stype='width:500px'>
<legend><b>Promotion Details</b></legend>
<form method="post" enctype="multipart/form-data">
<table>
<tr>
<td>Promotion Title:</td>
<td><input type="text" name="title" size='36' value="<?php echo $title;?>"/></td>
</tr>
<tr>
<td>Description:</td>
<td><input type="text" name="description" style='width: 300px;height:80px' value="<?php echo $description;?>"/></td>
</tr>
<tr>
<td>Image:</td>
<td><input type='file' name='upfile' id='image' src='images/<?php echo $_REQUEST['$image']?>'></input></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="save" value="Save"/></td>
</tr>
</table>
</form>
</fieldset>
</div>
<br/>
<br/>
<hr class="clear" />
</div>
</div>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<div id="footer">
<p> <br />
Copyright © 2012 EcoCanteen<br />
</p></div>
</div>
</body>
</html>

You named the uploaded file upfile, and then tried to access it as photo. Do print_r($_FILES) and then change one of the following:
$_FILES['photo']['name'] // Either change photo to upfile
...
<input type='file' name='upfile' id='image' src='...' /> // Or upfile to photo

Categories