I'm making a form to database thingo and I was wondering about the add slashes stuff.

Do I have to accept data from the form using somthing like this

$strContent = $_POST["txt_Message"];

then pass it to the slash removing thingo, or can I just accept it using

$strContent = addslashes(trim($_POST["txt_Message"]));

Either will work. The values of the $_POST array can be used just like any other variable or array. Personally, I find the latter option better since it uses slightly fewer server resources and should be a little quicker.

Don't forget to validate the input to the script though - ensure that the user isn't just chucking in gibberish to your script.

Thanks mang. I thought that would be the case by the look of the code. I've got 36 fields to put throught and I though it would be doubling up doing it the first way.. Now I will also go and update that script I copied that from :)
By validation you mean on the form? I've got that in place.

yeah validating on the form, but not just javascript validation on the submit page, you want to check each and every variable coming from the form to make sure it's legit. make sure register globals is turned off. This will force you to do it properly ( or at least hack in something to get around it and end up in the same boat ).

Yep, you want to validate the form info on the form processing page as well. Validate each field and ensure that it contains correct information. Validate each fields and ensure that it doesn't contain any nasty characters or PHP or HTML code. Validate the page that the form came from to minimise the chance of injection attacks. Validate, validate, validate!!!

Oh god - I feel dirtier than a bloated, jumping Steve Balmer at a PDC...

New problem.. What I am trying to figure out is to show a single record using information from the URL.. for example http://www.sss.com/myscript.php?id=2

I've tried using the tutorial from here http://www.freewebmasterhelp.com/tutorials/phpmysql/6

but it didn't work. This is my code, minus the sensitive bitsmysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query="SELECT * FROM Newusers WHERE Count='$id'";
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

echo "<b><center>Showing New Jobs</center></b><br><br>";

$i=0;
while ($i < $num) {

$first=mysql_result($result,$i,"field7");
$last=mysql_result($result,$i,"field8");
$day=mysql_result($result,$i,"field3");
$month=mysql_result($result,$i,"field4");
$year=mysql_result($result,$i,"field5");

echo "<p></p><b>$first $last</b><br> $day $month $year</p>";

$i++;
}
Anyone point me in the right direction? I've been using "showform.php?id=2" to try and get it to show that record.

i might be wrong, but don't you need to get the id off the url string first?

$_GET["id"];

you should check if magic_quotes is on, and possibly make a function to handle if it is turned on/off without you knowing.

One of my old sites went seriously fubar when we upgraded php and didnt realise it overwrote the php.ini file, enabling magic_quotes.

try $_REQUEST["id"];
should get you working :)

global variables when turned off requires _REQUEST
You can do with a function as well:

function Request($varname)
{
$data = $_REQUEST[$varname];
$data = strip_tags($data);
$data = trim($data);
return($data);
}

$id=Request("id");

If you have not decalred what $id is before, see one of the above posts. If you have, try this nugget:

Replace:

$query="SELECT * FROM Newusers WHERE Count='$id'";

With:

$query="SELECT * FROM Newusers WHERE Count=" . $id;

If you haven't declared $id, use this code:

$query="SELECT * FROM Newusers WHERE Count=" . $_REQUEST['id'];


:: Edit ::

In any case, you really should learn about the powers of shoving your MySQL results in associative arrays. Easiest and most efficient way of dumping your output ever!

Behold, complete code rewrite with more error checking!:

mysql_connect(localhost, $username, $password) or die("Could not connect to the database: " . mysql_error());;
mysql_select_db($database) or die("Unable to select database");

$query="SELECT * FROM Newusers WHERE Count=" . $id;
$result=mysql_query($query);

while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
echo "<p></p><b>" . $row['field7'] . " " . $row['field8'] . "</b><br />" . $row['field3'] . " " . $row['field4'] . " " $row['field5'] . "</p>";
}


This code would work even better if you had proper column names in yoru db, which brings me to my next point...

Secondly, you probably should use more intelligent variable names - having "id" as your request variable makes sense if you're pulling out a row id from the table (if this is the case, then why do you need to have a loop when processing the output, and why don't you use MySQL to limit the amount of results that it retrieves to 1 to save database searching time? If this is not the case, why is your database table column called count instead of id or something else that matches the rough definition of id?).

the thing I am making is for a new user system so we'll have jobs that are new, in progress and complete. THis means that sometimes more than one job will have to be shown in the results. As for the naming.. well Im still a n00b at this so I am just going with what make sense. For instance the count is the auto-increments for the records I put in. Seemed logical to name it this :P

let's do it right mr pirate. Have you got a design document that specifies what you're trying to achieve? if not do one.

then post it here along with your current table structure.

the thing I am making is for a new user system so we'll have jobs that are new, in progress and complete. THis means that sometimes more than one job will have to be shown in the results. As for the naming.. well Im still a n00b at this so I am just going with what make sense. For instance the count is the auto-increments for the records I put in. Seemed logical to name it this :P

OK, knowing that, your $id will only ever return one value from the database (if it's autoincrementing, each value in the column must be unique) makes for even less code...


mysql_connect(localhost, $username, $password) or die("Could not connect to the database: " . mysql_error());;
mysql_select_db($database) or die("Unable to select database");

$query="SELECT * FROM Newusers WHERE Count=" . $id . "LIMIT 1";
// Note the LIMIT 1 - it forced MySQL to only return 1 row as a result!

$row = mysql_fetch_array(mysql_query($query), MYSQL_ASSOC)
echo "<p></p><b>" . $row['field7'] . " " . $row['field8'] . "</b><br />" . $row['field3'] . " " . $row['field4'] . " " $row['field5'] . "</p>";

ha, you talk like I have a plan. :) Currently this script is something I am doing between jobs. The db is probably a mess.. I've around 35 fields to record from a form. And thats all stored in one table in the database... numbered field 1 to field 35 and a column called count that auto increments.

That code you've shown me Spingo is awesome. Like I said, I am noob at this and really this is only my second hour on this script. I am going to see what I can do with what you've given me and learn myself some more.

I'll try to explain the job, and what I have done.

The job:

To make a form process for adding new users to our systems. The form is just a standard HTML form.

What I have done.

Created the forum and used a script to save the fields to the database.
Created three seperate scripts to show 1. New jobs, 2, jobs in progress and 3 completed jobs.

These are currently in seperate php files, but I hope to combine it all into one once I have it working. I'm pretty sure it can be done and this is going to be another learning process.

If it helps I can post what I have done so far. I learn from example so input like spingos script changes help me a lot.

These are currently in seperate php files, but I hope to combine it all into one once I have it working. I'm pretty sure it can be done and this is going to be another learning process.

It's actually pretty easy...

Structure your file something like this:

$action = $_REQUEST['action'];
switch ($action) {
case "new":
// Code for the New Jobs page
break;
case "progress":
// Code for the Jobs in Progress page
break;
case "complete":
// Code for the Jobs Completed page
break;
default:
// Error page telling user of invalid input
break;
}


Simply have your URL as blah.php?action=new for the New job page, action=progress for the Prgress page, etc. An error page shows up by default if someone doesn't enter in valid info to the script. Don't forget to do your referral checks that I touched on earlier in this thread :)

man thats easier than I expected. I'll go tinker!

I prefer $_POST and $_GET to $_REQUEST.

$_REQUEST takes input from either POSTed form data or the URI (in that order, I think).
$_POST only takes data from a POSTed form.
$_GET only takes data from the URI.

Sometimes it doesn't matter where the data comes from, but often you might not want people fiddling with the URI to try and "find" or "change" things within your site.

Just something to keep in mind.

Also, I usually make an include file for database operations to keep things faster, easier and cleaner:


<?

function Database_Open ($sSQL)
{

global $oResult;

$oConn = mysql_connect("server", "usename", "password") or die ("Unable to connect to database: \n\n" . mysql_error() . "\n\n ...aborting.");
mysql_select_db("database");
$oResult = mysql_query($sSQL);

if (!$oResult)
{
echo "Database failure: '" . mysql_errno() . ": " . mysql_error() . "'<br /><br />\n";
}

}

function Database_Close()
{

if ($oResult) {
// Close connection to database
mysql_close ($oConn);
}

}

?>

And to use it:


$sSQL = "SELECT column1, column2 FROM table ORDER BY column1 ASC";
$oResult = false;

Database_Open($sSQL);

while ($oRecord = mysql_fetch_array($oResult))
{
echo "column1 = " . $oRecord["column1"] . "<br />";
}

Database_Close();
unset ($oRecord);


Just include($_SERVER['DOCUMENT_ROOT'] . "/path/databaseinclude.inc"); the include file on any page that does database calls. It's probably a tiny bit slower with the includes but it shouldn't matter unless you're rebuilding amazon.com.

Thank man :) I will try that out.

I have a new fun problem. For some reason when I save data to the database using this part it drops information. For example if there is two words in the name field, it will only save the first word. Is this due to the addslashes?
<?php

//########## Incoming Data ##########

$add_new = addslashes(trim($_POST["add_new"]));
$lodgedby = addslashes(trim($_POST["lodgedby"]));
$day = addslashes(trim($_POST["day"]));
$month = addslashes(trim($_POST["month"]));
$year = addslashes(trim($_POST["year"]));
$workstationnum = addslashes(trim($_POST["workstationnum"]));
$firstname = addslashes(trim($_POST["firstname"]));
$lastname = addslashes(trim($_POST["lastname"]));
$department = addslashes(trim($_POST["department"]));
$team = addslashes(trim($_POST["team"]));
$role = addslashes(trim($_POST["role"]));
$extension = addslashes(trim($_POST["extension"]));
$phonenumber = addslashes(trim($_POST["phonenumber"]));
$otherdetails1 = addslashes(trim($_POST["otherdetails1"]));
$lanbox = addslashes(trim($_POST["lanbox"]));
$debtrakbox = addslashes(trim($_POST["debtrakbox"]));
$intranetbox = addslashes(trim($_POST["intranetbox"]));
$emailbox = addslashes(trim($_POST["emailbox"]));
$phonebox = addslashes(trim($_POST["phonebox"]));
$fcsbox = addslashes(trim($_POST["fcsbox"]));
$verintbox = addslashes(trim($_POST["verintbox"]));
$location = addslashes(trim($_POST["location"]));
$otherdetails2 = addslashes(trim($_POST["otherdetails2"]));
$landone = addslashes(trim($_POST["landone"]));
$debdone = addslashes(trim($_POST["debdone"]));
$intranetdone = addslashes(trim($_POST["intranetdone"]));
$emaildone = addslashes(trim($_POST["emaildone"]));
$phonedone = addslashes(trim($_POST["phonedone"]));
$fcsdone = addslashes(trim($_POST["fcsdone"]));
$verintdone = addslashes(trim($_POST["verintdone"]));
$helpmasterdone = addslashes(trim($_POST["helpmasterdone"]));
$customdone = addslashes(trim($_POST["customdone"]));
$passdone = addslashes(trim($_POST["passdone"]));
$status = addslashes(trim($_POST["status"]));
$id = addslashes(trim($_POST["id"]));

//########## Incoming Data End ##########

//########## Log file open ##########

$query="UPDATE Newusers SET field1='$add_new', field2='$lodgedby', field3='$day', field4='$month', field5='$year', field6='$workstationnum', field7='$firstname', field8='$lastname', field9='$department', field10='$team', field11='$role', field12='$extension', field13='$phonenumber', field14='$otherdetails1', field15='$lanbox', field16='$debtrakbox', field17='$intranetbox', field18='$emailbox', field19='$phonebox', field20='$fcsbox', field21='$verintbox', field22='$location', field23='$otherdetails2', field24='$landone', field25='$debdone', field26='$intranetdone', field27='$emaildone', field28='$phonedone', field29='$fcsdone', field30='$verintdone', field31='$helpmasterdone', field32='$customdone', field33='$passdone', field34='$status' WHERE Count = '$id'";

mysql_connect("localhost", "#######", "#####") or die(mysql_error());
mysql_select_db("Forms") or die(mysql_error());
mysql_query($query);
echo "Record Updated";
mysql_close();

//########## Log file open EEnd ##########


?>

shouldnt be the addslashes, shouldnt the trim either, but trim is what could possibly be doing it, comment out the mysql_connect etc and just echo the $query and see what your getting
try taking out the addslashes and then try removing the trim and see if either of them fix it

cheers will do

Aye.. Your quesry is wrong. Actually, it's quite scary how wrong it is.

As a general rule of thumb, you should not include variable names directly within a string - you should always escape out of the string then append the variable.

For instance:
$variable = "You suck";
$statement = "This is a string that is about to be escaped for the inclusion of a variable: " . $variable . " - That's cool!";
echo $statement;would produce the output:This is a string that is about to be escaped for the inclusion of a variable: You Suck - That's cool!
By the same token, your query should be of the form:
$query = "UPDATE Newusers SET field1='" . $add_new . "', field2='" . $lodgedby . "', ... ";

Yes, they way that you had it works in some circumstances, but as you've encountered, it doesn't work in all circumstances. What I have written above does work in all circumstances and stops you from having to mess with braces and other characters. Not to mention that if you have an editor that does syntax highlighting, my code above shows up really purrdee!

Behold! RTFM! (http://www.php.net/manual/en/language.types.string.php)

Hey don't give me no guff, I am still on my L's here :D

I will try that out.

ok I changed the query, but it's still dropping the words. :P

add some debug code, that should tell you if it's doing anything dodgy. First around the variable in question do :


print "Raw Variable: " . $_POST["firstname"] . "<BR>";
$firstname = addslashes(trim($_POST["firstname"]));
print "Raw Processed Variable: " . $firstname . "<BR>";
print "Trimmed: " . trim($_POST["firstname"]) . "<BR>";
print "Slashed: " . addslashes($_POST["firstname"]) . "<BR>";


then at then end


print "Query: " . $query . "<br>";

Question: Are you executing this script on a Windows system or a Linux/Unix one?

Linux/Unix.. I've not had a chance to play with it much yet since my last post.. been busy :P

I just echo'd the query and it doesn't seem to be getting the information from the form.. I'm going to look at that script to figure it out. I've probably fucked that part up chronically... little embarrased to show it.. but here it is. mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

//##################### SHOW JOB ###########################

$query="SELECT * FROM Newusers WHERE Count=" . $_REQUEST['id'];
$result=mysql_query($query);

$num=mysql_numrows($result);

mysql_close();

echo "<b><center>Show Job</center></b><br><br>";

$i=0;
while ($i < $num) {

$add_new=mysql_result($result,$i,"field1");
$lodgedby=mysql_result($result,$i,"field2");
$day=mysql_result($result,$i,"field3");
$month=mysql_result($result,$i,"field4");
$year=mysql_result($result,$i,"field5");
$workstationnum=mysql_result($result,$i,"field6");
$firstname=mysql_result($result,$i,"field7");
$lastname=mysql_result($result,$i,"field8");
$department=mysql_result($result,$i,"field9");
$team=mysql_result($result,$i,"field10");
$role=mysql_result($result,$i,"field11");
$extension=mysql_result($result,$i,"field12");
$phonenumber=mysql_result($result,$i,"field13");
$otherdetails1=mysql_result($result,$i,"field14");
$lanbox=mysql_result($result,$i,"field15");
$debtrakbox=mysql_result($result,$i,"field16");
$intranetbox=mysql_result($result,$i,"field17");
$emailbox=mysql_result($result,$i,"field18");
$phonebox=mysql_result($result,$i,"field19");
$fcsbox=mysql_result($result,$i,"field20");
$verintbox=mysql_result($result,$i,"field21");
$location=mysql_result($result,$i,"field22");
$otherdetails2=mysql_result($result,$i,"field23");
$landone=mysql_result($result,$i,"field24");
$debdone=mysql_result($result,$i,"field25");
$intranetdone=mysql_result($result,$i,"field26");
$emaildone=mysql_result($result,$i,"field27");
$phonedone=mysql_result($result,$i,"field28");
$fcsdone=mysql_result($result,$i,"field29");
$verintdone=mysql_result($result,$i,"field30");
$helpmasterdone=mysql_result($result,$i,"field31");
$customdone=mysql_result($result,$i,"field32");
$passdone=mysql_result($result,$i,"field33");
$status=mysql_result($result,$i,"field34");
$jobnum=mysql_result($result,$i,"Count");

echo "<form action=updated.php method=post>";
echo "<input type=hidden name=id value=$jobnum>";
echo "<table width=60% border=0 align=center cellpadding=0 cellspacing=0 bgcolor=#000000 id=holder>";
echo "<tr><td>";
echo "<table width=100% border=0 cellspacing=1 cellpadding=2>";
echo "<tr><td colspan=2>";
echo "<div align=center><span class=style2>Add / Remove User Request</span></div>";
echo "</td></tr>";
echo "<tr bgcolor=#FFFFFF>";
echo "<td width=11%>";
echo "<div align=left>Job Type</div>";
echo "</td><td width=89% class=style1>";
echo "<div align=left>$add_new</div>";
echo "<input type=hidden name=add_new value=$add_new>";
echo "<input type=hidden name=id value=$jobnum>";
echo "</td></tr>";
echo "</table>";
echo "<table border=0 cellspacing=1 cellpadding=2>";
echo "<tr><td colspan=2>";
echo "<div align=left class=style2> Your details:</div>";
echo "</td></tr>";
echo "<tr bgcolor=#FFFFFF>";
echo "<td width=80 class=style1> Name:";
echo "</td><td>$lodgedby</td></tr>";
echo "<input type=hidden name=lodgedby value=$lodgedby>";
echo "</table>";
echo "</td></tr><tr><td>";
echo "<table width=100% border=0 cellspacing=1 cellpadding=2>";
echo "<tr>";
echo "<td colspan=4>";
echo "<div align=center class=style2>User Details</div>";
echo "</td></tr>";
echo "<tr bgcolor=#FFFFFF class=style1>";
echo "<td width=11% class=style1> Due date:";
echo "</td>";
echo "<td width=39%> $day / $month / $year";
echo "<input type=hidden name=day value=$day>";
echo "<input type=hidden name=month value=$month>";
echo "<input type=hidden name=year value=$year>";
echo "</td>";
echo "<td width=11%> W/s Port #:";
echo "</td>";
echo "<td width=39%> $workstationnum";
echo "<input type=hidden name=workstationnum value=$workstationnum>";
echo "</td></tr>";
echo "<tr bgcolor=#FFFFFF class=style1>";
echo "<td width=11% class=style1> First Name:";
echo "</td><td width=39%> $firstname";
echo "<input type=hidden name=firstname value=$firstname>";
echo "</td><td width=11%> Contact Ph:";
echo "</td><td width=39%> $phonenumber";
echo "<input type=hidden name=phonenumber value=$phonenumber>";
echo "</td></tr><tr>";
echo "<td width=11% bgcolor=#FFFFFF class=style1> Last Name:";
echo "</td><td width=39% bgcolor=#FFFFFF class=style1> $lastname";
echo "<input type=hidden name=lastname value=$lastname>";
echo "</td><td colspan=2 rowspan=5 valign=top bgcolor=#FFFFFF class=style1>";
echo "<div align=left>Other details:</div>";
echo "<div align=center>$otherdetails1</div>";
echo "<input type=hidden name=otherdetails1 value=$otherdetails1>";
echo "</td></tr><tr>";
echo "<td width=11% bgcolor=#FFFFFF class=style1> Department:";
echo "</td><td width=39% bgcolor=#FFFFFF class=style1> $department";
echo "<input type=hidden name=department value=$department>";
echo "</td></tr><tr>";
echo "<td width=11% bgcolor=#FFFFFF class=style1> Team:";
echo "</td><td width=39% bgcolor=#FFFFFF class=style1> $team";
echo "<input type=hidden name=team value=$team>";
echo "</td></tr><tr>";
echo "<td width=11% bgcolor=#FFFFFF class=style1> Role:";
echo "</td><td width=39% bgcolor=#FFFFFF class=style1> $role";
echo "<input type=hidden name=role value=$role>";
echo "</td></tr><tr>";
echo "<td width=11% bgcolor=#FFFFFF class=style1> Extension:";
echo "</td><td width=39% bgcolor=#FFFFFF class=style1> $extension";
echo "<input type=hidden name=extension value=$extension>";
echo "</td></tr></table>";
echo "</td></tr><tr><td>";
echo "<table width=100% border=0 cellspacing=1 cellpadding=2>";
echo "<tr><td colspan=4>";
echo "<div align=center class=style2>System Setup</div>";
echo "</td></tr><tr bgcolor=#FFFFFF>";
echo "<td width=3%>";
echo "<div align=center><input name=lanbox type=checkbox id=lanbox value=checked $lanbox></div>";
echo "</td><td width=47% class=style1>LAN Login</td>";
echo "<td colspan=2 class=style1>";
echo "Location&nbsp;&nbsp;$location";
echo "</td></tr><tr bgcolor=#FFFFFF>";
echo "<td width=3%>";
echo "<div align=center><input name=debtrakbox type=checkbox id=debtrakbox value=checked $debtrakbox></div>";
echo "</td><td width=47% class=style1> Debtrak</td>";
echo "<td colspan=2 rowspan=6 valign=top class=style1>";
echo "<div align=left>Other details:</div><div align=center>$otherdetails2</div>";
echo "</td></tr>";
echo "<tr bgcolor=#FFFFFF>";
echo "<td width=3%>";
echo "<div align=center><input name=intranetbox type=checkbox id=intranetbox value=checked $intranetbox></div>";
echo "</td><td width=47% class=style1>Intranet</td></tr>";
echo "<tr bgcolor=#FFFFFF>";
echo "<td width=3%>";
echo "<div align=center><input name=emailbox type=checkbox id=emailbox value=checked $emailbox></div>";
echo "</td><td width=47% class=style1>Email</td></tr>";
echo "<tr bgcolor=#FFFFFF>";
echo "<td width=3%>";
echo "<div align=center><input name=phonebox type=checkbox id=phonebox value=checked $phonebox></div>";
echo "</td><td width=47% class=style1>Phone login</td>";
echo "</tr><tr bgcolor=#FFFFFF><td width=3%>";
echo "<div align=center><input name=fcsbox type=checkbox id=fcsbox value=checked $fcsbox></div>";
echo "</td><td width=47% class=style1>FCS</td></tr>";
echo "<tr bgcolor=#FFFFFF><td width=3%>";
echo "<div align=center><input name=verintbox type=checkbox id=verintbox value=checked $verintbox></div>";
echo "</td><td width=47% class=style1>Verint Access</td></tr>";
echo "</table>";
echo "</td></tr><tr><td>";
echo "<table width=100% border=0 cellspacing=1 cellpadding=2>";
echo "<tr><td colspan=4>";
echo "<div align=center><span class=style2>IT Department Use Only</span></div>";
echo "</td></tr>";
echo "<tr bgcolor=#FFFFFF><td width=3%>";
echo "<div align=center><input name=landone type=checkbox id=landone value=checked $landone></div>";
echo "</td><td width=47% class=style1>LAN Login</td>";
echo "<td width=3%>";
echo "<div align=center><input name=customdone type=checkbox id=customdone value=checked $customdone></div>";
echo "</td><td width=47% class=style1> Custom requests</td></tr>";
echo "<tr bgcolor=#FFFFFF><td width=3%>";
echo "<div align=center><input name=debdone type=checkbox id=debdone value=checked $debdone></div>";
echo "</td><td width=47% class=style1> Debtrak</td>";
echo "<td width=3%>";
echo "<div align=center><input name=passdone type=checkbox id=passdone value=checked $passdone></div>";
echo "</td><td width=47% class=style1> Security Pass</td></tr>";
echo "<tr bgcolor=#FFFFFF><td width=3%>";
echo "<div align=center><input name=intranetdone type=checkbox id=intranetdone value=checked $intranetdone></div>";
echo "</td><td width=47% class=style1>Intranet</td><td width=3%>&nbsp;";
echo "</td><td width=47% class=style1>&nbsp;</td>";
echo "</tr><tr bgcolor=#FFFFFF><td width=3%>";
echo "<div align=center><input name=emaildone type=checkbox id=emaildone value=checked $emaildone></div>";
echo "</td><td width=47% class=style1> Email</td>";
echo "<td width=3%>&nbsp;</td>";
echo "<td width=47% class=style1> &nbsp;</td></tr>";
echo "<tr bgcolor=#FFFFFF><td width=3%>";
echo "<div align=center><input name=phonedone type=checkbox id=phonedone value=checked $phonedone></div>";
echo "</td><td width=47% class=style1> Phone Loging";
echo "</td><td colspan=2 bgcolor=#000000>";
echo "<div align=center class=style2>Job Statu</div>";
echo "</td></tr><tr bgcolor=#FFFFFF><td width=3%>";
echo "<div align=center><input name=fcsdone type=checkbox id=fcsdone value=checked $fcsdone></div>";
echo "</td><td width=47% class=style1> FCS</td>";
echo "<td colspan=2 bgcolor=#A0A0A4> Current Status:&nbsp;$status</td>";
echo "</tr><tr bgcolor=#FFFFFF><td width=3%>";
echo "<div align=center><input name=verintdone type=checkbox id=verintdone value=checked $verintdone></div>";
echo "</td><td width=47% class=style1> Verint</td>";
echo "<td width=3% bgcolor=#A0A0A4>";
echo "<input type=hidden name=status value=$status>";
echo "<div align=center><input name=status type=radio value=inprogress checked></div>";
echo "</td><td width=47% bgcolor=#A0A0A4 class=style1> In progress</td>";
echo "</tr><tr bgcolor=#FFFFFF><td width=3%>";
echo "<div align=center><input name=helpmasterdone type=checkbox id=helpmasterdone value=checked $helpmasterdone></div>";
echo "</td><td width=47% class=style1> Helpmaster</td>";
echo "<td width=3% bgcolor=#A0A0A4>";
echo "<div align=center><input name=status type=radio value=complete></div>";
echo "</td><td width=47% bgcolor=#A0A0A4 class=style1> Complete</td></tr>";
echo "</table></td></tr><tr><td>";
echo "<div align=center><br><input name=Submit type=submit class=style1 value=Submit>";
echo "<input name=Reset type=reset class=style1 value=Reset><br><br></div>";
echo "</td></tr></table>";
echo "</form>";

$i++;
}

//##################### END SHOW JOB ########################

?>Please be gentle.

I was just using this to get it working. I'm planning to use a template for the html later down the track... one step at a time.

HA! I figured it out.. dumb formatting error.

Care to elaborate?

I'm about half way through re-writing you code just to understand what's going on...

I striped out the " instead of putting a slash before them \"
I did this and now it picks up all info in the field.

You were right to be embarrassed of that code. :P

Only put stuff that needs to be processed inside <?php ?> there's no need to have line after line of echo "<html-guff>";

So you'd go

<?php
php stuff here
?>
Then start the HTML below? How do the fields get the info then?

here's a real quick rewrite ... expect some syntax errors ;)


<?php
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

//##################### SHOW JOB ###########################

$query="SELECT * FROM Newusers WHERE Count=" . $_REQUEST['id'];
$result=mysql_query($query);

$num=mysql_numrows($result);

?>
<b><center>Show Job</center></b><br><br>
<?php
while ( $arr_result = mysql_fetch_array($result) ) {
$add_new=arr_result["field1"];
$lodgedby=arr_result["field2"];
$day=arr_result["field3"];
$month=arr_result["field4"];
$year=arr_result["field5"];
$workstationnum=arr_result["field6"];
$firstname=arr_result["field7"];
$lastname=arr_result["field8"];
$department=arr_result["field9"];
$team=arr_result["field10"];
$role=arr_result["field11"];
$extension=arr_result["field12"];
$phonenumber=arr_result["field13"];
$otherdetails1=arr_result["field14"];
$lanbox=arr_result["field15"];
$debtrakbox=arr_result["field16"];
$intranetbox=arr_result["field17"];
$emailbox=arr_result["field18"];
$phonebox=arr_result["field19"];
$fcsbox=arr_result["field20"];
$verintbox=arr_result["field21"];
$location=arr_result["field22"];
$otherdetails2=arr_result["field23"];
$landone=arr_result["field24"];
$debdone=arr_result["field25"];
$intranetdone=arr_result["field26"];
$emaildone=arr_result["field27"];
$phonedone=arr_result["field28"];
$fcsdone=arr_result["field29"];
$verintdone=arr_result["field30"];
$helpmasterdone=arr_result["field31"];
$customdone=arr_result["field32"];
$passdone=arr_result["field33"];
$status=arr_result["field34"];
$jobnum=arr_result["Count"];
?>
<form action=updated.php method=post>
<input type=hidden name=id value=<?=$jobnum?>>
<table width=60% border=0 align=center cellpadding=0 cellspacing=0 bgcolor=#000000 id=holder>
<tr><td>
<table width=100% border=0 cellspacing=1 cellpadding=2>
<tr><td colspan=2>
<div align=center><span class=style2>Add / Remove User Request</span></div>
</td></tr>
<tr bgcolor=#FFFFFF>
<td width=11%>
<div align=left>Job Type</div>
</td><td width=89% class=style1>
<div align=left><?=$add_new?></div>
<input type=hidden name=add_new value=<?=$add_new?>>
<input type=hidden name=id value=<?=$jobnum?>>
</td></tr>
</table>
<table border=0 cellspacing=1 cellpadding=2>
<tr><td colspan=2>
<div align=left class=style2> Your details:</div>
</td></tr>
<tr bgcolor=#FFFFFF>
<td width=80 class=style1> Name:
</td><td>$lodgedby</td></tr>
<input type=hidden name=lodgedby value=<?=$lodgedby?>>
</table>
</td></tr><tr><td>
<table width=100% border=0 cellspacing=1 cellpadding=2>
<tr>
<td colspan=4>
<div align=center class=style2>User Details</div>
</td></tr>
<tr bgcolor=#FFFFFF class=style1>
<td width=11% class=style1> Due date:
</td>
<td width=39%> <?=$day?> / <?=$month?> / <?=$year?>
<input type=hidden name=day value=<?=$day?>>
<input type=hidden name=month value=<?=$month?>>
<input type=hidden name=year value=<?=$year?>>
</td>
<td width=11%> W/s Port #:
</td>
<td width=39%> <?=$workstationnum?>
<input type=hidden name=workstationnum value=<?=$workstationnum?>>
</td></tr>
<tr bgcolor=#FFFFFF class=style1>
<td width=11% class=style1> First Name:
</td><td width=39%> <?=$firstname?>
<input type=hidden name=firstname value=<?=$firstname?>>
</td><td width=11%> Contact Ph:
</td><td width=39%> <?=$phonenumber?>
<input type=hidden name=phonenumber value=<?=$phonenumber?>>
</td></tr><tr>
<td width=11% bgcolor=#FFFFFF class=style1> Last Name:
</td><td width=39% bgcolor=#FFFFFF class=style1> <?=$lastname?>
<input type=hidden name=lastname value=<?=$lastname<?=>
</td><td colspan=2 rowspan=5 valign=top bgcolor=#FFFFFF class=style1>
<div align=left>Other details:</div>
<div align=center><?=$otherdetails1?></div>
<input type=hidden name=otherdetails1 value=<?=$otherdetails1?>>
</td></tr><tr>
<td width=11% bgcolor=#FFFFFF class=style1> Department:
</td><td width=39% bgcolor=#FFFFFF class=style1> <?=$department?>
<input type=hidden name=department value=<?=$department?>>
</td></tr><tr>
<td width=11% bgcolor=#FFFFFF class=style1> Team:
</td><td width=39% bgcolor=#FFFFFF class=style1> <?=$team?>
<input type=hidden name=team value=<?=$team?>>
</td></tr><tr>
<td width=11% bgcolor=#FFFFFF class=style1> Role:
</td><td width=39% bgcolor=#FFFFFF class=style1> <?=$role?>
<input type=hidden name=role value=<?=$role?>>
</td></tr><tr>
<td width=11% bgcolor=#FFFFFF class=style1> Extension:
</td><td width=39% bgcolor=#FFFFFF class=style1> <?=$extension?>
<input type=hidden name=extension value=<?=$extension?>>
</td></tr></table>
</td></tr><tr><td>
<table width=100% border=0 cellspacing=1 cellpadding=2>
<tr><td colspan=4>
<div align=center class=style2>System Setup</div>
</td></tr><tr bgcolor=#FFFFFF>
<td width=3%>
<div align=center><input name=lanbox type=checkbox id=lanbox value=checked <?=$lanbox?>></div>
</td><td width=47% class=style1>LAN Login</td>
<td colspan=2 class=style1>
Location&nbsp;&nbsp;<?=$location?>
</td></tr><tr bgcolor=#FFFFFF>
<td width=3%>
<div align=center><input name=debtrakbox type=checkbox id=debtrakbox value=checked <?=$debtrakbox?>></div>
</td><td width=47% class=style1> Debtrak</td>
<td colspan=2 rowspan=6 valign=top class=style1>
<div align=left>Other details:</div><div align=center><?=$otherdetails2?></div>
</td></tr>
<tr bgcolor=#FFFFFF>
<td width=3%>
<div align=center><input name=intranetbox type=checkbox id=intranetbox value=checked <?=$intranetbox?>></div>
</td><td width=47% class=style1>Intranet</td></tr>
<tr bgcolor=#FFFFFF>
<td width=3%>
<div align=center><input name=emailbox type=checkbox id=emailbox value=checked <?=$emailbox?>></div>
</td><td width=47% class=style1>Email</td></tr>
<tr bgcolor=#FFFFFF>
<td width=3%>
<div align=center><input name=phonebox type=checkbox id=phonebox value=checked <?=$phonebox?>></div>
</td><td width=47% class=style1>Phone login</td>
</tr><tr bgcolor=#FFFFFF><td width=3%>
<div align=center><input name=fcsbox type=checkbox id=fcsbox value=checked <?=$fcsbox?>></div>
</td><td width=47% class=style1>FCS</td></tr>
<tr bgcolor=#FFFFFF><td width=3%>
<div align=center><input name=verintbox type=checkbox id=verintbox value=checked <?=$verintbox?>></div>
</td><td width=47% class=style1>Verint Access</td></tr>
</table>
</td></tr><tr><td>
<table width=100% border=0 cellspacing=1 cellpadding=2>
<tr><td colspan=4>
<div align=center><span class=style2>IT Department Use Only</span></div>
</td></tr>
<tr bgcolor=#FFFFFF><td width=3%>
<div align=center><input name=landone type=checkbox id=landone value=checked <?=$landone?>></div>
</td><td width=47% class=style1>LAN Login</td>
<td width=3%>
<div align=center><input name=customdone type=checkbox id=customdone value=checked <?=$customdone?>></div>
</td><td width=47% class=style1> Custom requests</td></tr>
<tr bgcolor=#FFFFFF><td width=3%>
<div align=center><input name=debdone type=checkbox id=debdone value=checked <?=$debdone?>></div>
</td><td width=47% class=style1> Debtrak</td>
<td width=3%>
<div align=center><input name=passdone type=checkbox id=passdone value=checked <?=$passdone?>></div>
</td><td width=47% class=style1> Security Pass</td></tr>
<tr bgcolor=#FFFFFF><td width=3%>
<div align=center><input name=intranetdone type=checkbox id=intranetdone value=checked <?=$intranetdone?>></div>
</td><td width=47% class=style1>Intranet</td><td width=3%>&nbsp;
</td><td width=47% class=style1>&nbsp;</td>
</tr><tr bgcolor=#FFFFFF><td width=3%>
<div align=center><input name=emaildone type=checkbox id=emaildone value=checked <?=$emaildone?>></div>
</td><td width=47% class=style1> Email</td>
<td width=3%>&nbsp;</td>
<td width=47% class=style1> &nbsp;</td></tr>
<tr bgcolor=#FFFFFF><td width=3%>
<div align=center><input name=phonedone type=checkbox id=phonedone value=checked <?=$phonedone?>></div>
</td><td width=47% class=style1> Phone Loging
</td><td colspan=2 bgcolor=#000000>
<div align=center class=style2>Job Statu</div>
</td></tr><tr bgcolor=#FFFFFF><td width=3%>
<div align=center><input name=fcsdone type=checkbox id=fcsdone value=checked <?=$fcsdone?>></div>
</td><td width=47% class=style1> FCS</td>
<td colspan=2 bgcolor=#A0A0A4> Current Status:&nbsp;<?=$status?></td>
</tr><tr bgcolor=#FFFFFF><td width=3%>
<div align=center><input name=verintdone type=checkbox id=verintdone value=checked <?=$verintdone?>></div>
</td><td width=47% class=style1> Verint</td>
<td width=3% bgcolor=#A0A0A4>
<input type=hidden name=status value=<?=$status?>>
<div align=center><input name=status type=radio value=inprogress checked></div>
</td><td width=47% bgcolor=#A0A0A4 class=style1> In progress</td>
</tr><tr bgcolor=#FFFFFF><td width=3%>
<div align=center><input name=helpmasterdone type=checkbox id=helpmasterdone value=checked <?=$helpmasterdone?>></div>
</td><td width=47% class=style1> Helpmaster</td>
<td width=3% bgcolor=#A0A0A4>
<div align=center><input name=status type=radio value=complete></div>
</td><td width=47% bgcolor=#A0A0A4 class=style1> Complete</td></tr>
</table></td></tr><tr><td>
<div align=center><br><input name=Submit type=submit class=style1 value=Submit>
<input name=Reset type=reset class=style1 value=Reset><br><br></div>
</td></tr></table>
</form>
<?php
$i++;
}

//##################### END SHOW JOB ########################

?>

<?=$variable?> will print the value of the variable, which makes it very easy to put anywhere inside a bunch of html.

thanks dude, thats a big help :)

No worries. Also rename your fields to have meaning ... If I read your database I wouldn't be able to work on it right away. That's bad.

Name each field for what it does... i.e. id, firstname, lastname, gender, sexuality etc. then you can chuck them all straight into an array and lose about 20 lines of code.

Name each field for what it does
And if you do rename them, don't use obscure names or names like "text", "date" etc. Make them descriptive!

Personally, I don't mind using long variable/field/column names if they make code easier to read (i.e. userid, userfirstname, userlastname, userstatus...). Less ambiguous when doing things like multiple JOINs (ugh).

New problem.. What I am trying to figure out is to show a single record using information from the URL..

I'd also suggest keeping in mind the issues of SQL injection from using a $_POST variable raw - without validating.
Consider using several quick & easy functions like:


// will return 0 if unable to convert string to number
$id = intval(trim(stripslashes($_GET['id'])));
if ($id > 0){
//Do your SQL calls here
}

Besides... I'm just getting my post count up anyways...

I've got a PHP question!

I'm working on some PHP that is intended to insert dynamically-generated text into websites via Javascript. It will work kinda similarly to Google ads (I think). It will be called from HTML like this:

<script language="javascript" src="http://www.mywebsite.com/test.php"></script>

I've found that this Javascript 'hack' is the most practical way to achieve this (as opposed to #include virtual). The plan is that webmasters and bloggers everywhere will use this code snippet in their blogs and websites.

What I'm trying to do is make a temporary, anonymous record of individual users on the server when they hit one of the scripts in their browsing. This will then be used to ensure that they are served up with the identical text if they press 'reload', or subsequently call the same script from some other website/web page. Similarly, I want to increment a counter only when a new user hits the system, and not a repeat visitor. Part of the reason for this is to manage 'click fraud', but I also want to minimise the work done by the server in generating new text. I'd also like to have the option of allowing a fresh text string to be generated for a repeat viewer after a period of time, e.g. 30 mins.

I've looked into PHP sessions as a way of doing this, but I'm finding it difficult. Propagating session info through the script URL is not a possibility, as this is fixed. Cookies are a potential option, but many people don't like them (including myself), and they are unreliable. Since the scripts wouldn't call each other directly, conventional methods of session propagation may be out of the picture.

I think I've seen this kind of thing done on some website hit counters.

Please let me know if you have any thoughts on how to solve this problem! :w00t:

Just thinking, I guess I could check users' IP addresses using $_SERVER['REMOTE_ADDR']. Could this be robust enough though?

you can always look at capturing the data about a user browser in your posted script (avaliable within $_SERVER), try writing this data into a Log-style database whereby you can check this data every time that browser requests the script - and thus you can track access, and deliver the same javascript output to the browser...

Actually thinking about it more, You can do something like:
Include a link to your Javascript (source being a PHP Script) - within a tag with a known ID.

This returned code can contain basic information from your logs or whatever, and this script now executing in the browser can nab more info about the user & contains some AJAX code - whatever u like really

Your script executes a post GET request to another PHP script on your server which can then write your stuff into the Tag ID above on response, including any other document event scripting which can call your Seccond PHP script if something happens like a page reload or whathaveyou....

...Maybe a feasable idea? - I'm not sure, but something to think about.

Short answer: Yes, but PHP doesn't handle this.

Long answer: In Apache, you want to fiddle with the mod_rewrite Apache module. WordPress blogs use this to good effect (see www.apcstart.com for a good example)..

I've got another PHP question...

You know how many websites accept queries at the end of URL/URI's? For example, http://youtube.com/watch?v=gx-NLPH8JeM . The file that is being called in that example is called 'watch', with no filename extension. On PHP websites, the files being called always seem to have '.php' as the filename extension. For example, http://www.zgeek.com/forum/showthread.php?t=50904&page=3 , (the file being called is 'showthread.php').

Is it possible to use PHP in websites without having the '.php' extension cluttering up the URL/URI?

Is it possible to use PHP in websites without having the '.php' extension cluttering up the URL/URI?

It is, but it's more of a web-server configuration issue than a PHP coding issue. Quite a few pointers on the subject here: http://www.garayed.com/php/104126-php-no-file-extension.html

(Looking at at three posts above) "Let's do the timewarp agaaaaaiiinn"..

Has Pirate arsefarmed Zgeek again?

I want to run administration PHP scripts, which will work on the site database, and PHP files in the public_html folder. Obviously these admin scripts should only be available to me as the administrator. Currently it's all set up on my localhost and the admin scripts are accessed in the same way as all the other PHP scripts. What do I need to do to create the desired arrangement on the web server? Does logging into the cPanel give administrator privileges for hosted files?

Thanks in advance

Anyone know why this isn't working? The delete function works but it doesn't do the mail afterward.function delete($selected_id)
{
// insure referential integrity ...
global $Translation;

sql("delete from Newusers where count='$selected_id'");
mail("t*********@**********.com.au", "subject", "body text");

}

Ignore that. It does work. Mail filters been killing the emails.