Posts by broj1

Now, there might also be a problem in the password field definition in the table spec: password varchar(20) NOT NULL. As far as I remember the good old MD5 produces a hash of lenght that fits into CHAR(32). So password hashes stored in the users table could be truncated due to too small filed size and therefore can not match even if the user entered correct password.

However, more important fact here is that MD5 has been unfit for password hashing for years. It is completely unsecure and do not use it in any production site. There is much more suitable function password_hash (https://www.php.net/manual/en/function.password-hash.php) built into PHP. If you use it you must also make you password field bigger, maybe 255 characters to be ready for future.

In first version you are missing the other condition ($_SESSION['iiio'] != "pending"). In that case the div is shown by default.

It looks like you are using Bootstrap so you can use the show and hidden classes provided by Bootstrap. I am using ternary expression here since it is most convenient:

<div class="<?php echo $_SESSION['iiio'] == "pending" ? 'show' : 'hidden';?>"
<a href="https://www.paymentgateway.com">
<button align="right" id="completeReg" name="completeReg" class="btn btn-danger my-cart-btn my-cart-b" >Complete RegistrationComplete Registration</button>
</a>
</div>

If you are not using Bootstrap then create the two classes yourself:

.show {
    display: block;
}

.hidden {
    display: none;
}

You can also check how the query gets constructed, using similar technique as described above by cereal. Just add this between line 2 and 3:

die($query);

This will print out the query on the screen and stop the script. Now you can inspect the query whether it has all the correct values and no syntax errors. Also you can copy the query and test it in your database directly (e.g. in PhpMyAdmin if you are using it) and see what is returned.

If you have a fixed number of variables (known in advance and equal to the lenght of the $row) you could use the list function. Something like:

list($a, $b, $c, $d, $e, $f, $g, $h, $i, $j, $k, $l, $m) = $row;

But be aware that using an array instead of lots of variables is often more practical and handy.

And please note the mysql_* functions are deprecated (use PDO or mysqli).

I tried your code and the table gets generated OK. I get this:

Age Beg Bal Interest    Deposits    Ending Bal
45.00   2000.00 324.65  1200.00 3524.65
46.00   3524.65 521.09  1200.00 5245.75
47.00   5245.75 742.58  1200.00 7188.33
48.00   7188.33 992.31  1200.00 9380.63
49.00   9380.63 1273.87 1200.00 11854.50
50.00   11854.50    1591.33 1300.00 14745.83
51.00   14745.83    1949.42 1200.00 17895.25
52.00   17895.25    2352.98 1200.00 21448.23
53.00   21448.23    2807.99 1200.00 25456.22
54.00   25456.22    3321.00 1200.00 29977.22
55.00   29977.22    3899.41 1200.00 35076.63
56.00   35076.63    4551.56 1300.00 40928.19
57.00   40928.19    5287.01 1200.00 47415.20
58.00   47415.20    6116.02 1200.00 54731.22
59.00   54731.22    7050.72 1200.00 62981.95
60.00   62981.95    8104.58 1200.00 72286.52
61.00   72286.52    9292.77 1200.00 82779.30
62.00   82779.30    10632.44    1300.00 94711.74
63.00   94711.74    12143.04    1200.00 108054.78
64.00   108054.78   13846.03    1200.00 123100.81
65.00   123100.81   15766.11    1200.00 140066.92

What browser and what environment are you using? Is Javascript enabled? Do you get any errors in the console? Have you looked at the generated HTML source?

Use PHPExcel to create Excel file from the data you read from the database. Dynamic headers are just headers that contain text and formulae in them (the header changes if the information in the respective column changes). You have to build those formulas yourself.

If this is a guide how to do something it has serious issues:

• POST variables are not being sanitized so arbitrary code can be injected
• An old and deprecated mysql extension is used

So sanitize (check, validate, cast, replace, blacklist, whitelist...) the post data and switch to the PDO extension for accessing the DB.

This code already uses jquery (so do not forget to include it). This is the simplest possible version. In reality it will be more complex. But that depends on what you want ot achieve. Who do you want to send the email to? What information should be in the email. What feedback would you like when the email was successfuly sent? What feedback you want on unsuccessful sending attempt? For all these situations you have to provide some solutions.

But it is better learning in small steps if you are new to the concept. So try to run the above code in your environment and see what questions pop up. Also try to figure out what else you would need and see how to make it happen.

Yes, this is where Ajax comes in. But I do not find those two triggers ("Emailed Customer" and "Email Mitch") in your code snippets. Where are they?

But the simplest basic example would be:

HTML:

<input type="checkbox" name="email-trigger" id="email-trigger">
<label for="email-trigger" class="custom-unchecked">Send email</label>

Javascript (Ajax part) - put it in the HTML file just before the closing body tag:

...
<script>
$("#email-trigger").on("click", function() { // on click event on the element with id=email-trigger
    $.post('send-email.php'); // use post method to call (request) the send-email.php script
});
</script>
</body>

The send-email.php script does the usual email creation and sending. This is very simplified example but it shows the concept. In more advanced scenario you can add data that can be part of the request (maybe the email or ID if the user) and return some data from the emailing script (like mail sent successfuly or possible errors). Returned data can be inserted into HTML or maybe logged.

You could use jquery ajax post method. The data for the post would be all the parameters, that are needed for the public function. The page won't refresh but you will still be able to carry out the insertion into the database. But you need a javascript event to triger the jquery call. It can be page load / ready, click change or similar, depending on what you want to do. This is a made uo example for teh click event (i.e. clicking a submit button in the form).

<script>
$("trigger-element").on("click", function() {
    $.post(
        "data.php",
        { 
            projectid: "<?php echo $projectid;?>",
            projectnaam: "<?php echo $projectnaam;?>",
            startdatum: "<?php echo $startdatum;?>",
            ...
        }
    );
});
</script>

On the data.php page you will catch the parameters in the $_POST array.

<?php
$projectid = $_POST['projectid'];
$projectnaam = $_POST['projectnaam'];
...

// now when you have parameters call the create() function
$myObject->create($projectid,$projectnaam,$startdatum,$einddatum,$omschrijving);

You might also want to do some checking of input data before you use it in your query. Hopefuly the example above does not contain typos since I did not test it.

http://api.jquery.com/jquery.ajax/

You might have to do a bit of learning if you are not familiar with Ajax.

Not sure if I understood ypur question but I'll have a go at it.
The mysqli_insert_id() function returns the ID generated by a query on a table with a column having the AUTO_INCREMENT attribute (sentence copied from the PHP manual). Now, in your insert query the ID is not treated as an autoincrement type, or if it is, you should not supply value for it - it will be created automatically by the DB server. Autoincrement fields can only be of an integer type so you will have to append string characters in the PHP code (as in your example above).

If the answer is not what you wanted please elaborate what you want to do and what errors do you get.

Sory I ment to put the die statement after line 60, that is before line 63, so the insert query gets displayed. This way you test the insert query is constructed correctly.

It is actually hard o test your case since there are some include statements. But if nothing else helps I will do this. In that case post complete script and at least the form_functions.inc.php script

Test the insert statement. Put this simple debug code just before line 60:

die($q);

This will echo the insert query on screen and stop the script. Now inspect the query whether it is OK and copy and test it in phpmyadmin (or whatever you use).

Also, you check if user exists:

$q = "SELECT email, username FROM users WHERE email='$e' OR username='$u'";

and the if it does not exist if ($rows === 0), you do an insert, which is OK. But your oter condition if($rows === 2) is strange since if user is registered, you should find one row only, shouldn't you?

Nowhere you check if password and username have been entered which is not a good practice and might be a reason for your error. You should do it this way:

if(!isset($_SESSION['auth_user']) && isset($_POST['cedula']) && isset($_POST['clave'])) {
    loginuser();
}

Also use curly brackets even if you have only one statement, to avoid coding errors.

$result = mysql_query("SELECT * FROM personas WHERE cedula='".$_SESSION["cedula"]."' ");

Using raw uncleansed form input is extremely dangerous (sql injection). Do filtering, cleansig, whitelisting, casting etc. before using form data in queries.

In your function you use ADO and in your code you use deprecated mysql extension. Was this your intention or just blind copying of example code? It might be another possible cause for errors. Also avoid mysql extension completely since it is outdated and deprecated.

$recordSet = &$conn->Execute("$sqlstmt");

Referencing object is also deprecated.

Using functions to render HTML is not a good practice (in my personal view). I prefer functions to process something and return result or FALSE. This way HTML is not hard coded and I can easily change it.

In my knowledge the cal_days_in_month function already takes into account leap years. I think the error is in line 10:

$Start_Date="1/".$month."/".$year."";

To make string representation correct it should be in a format that represents a unique date (i.e. American month, day and year - mm "/" dd "/" y):

$Start_Date=$month."/"."1/".$year."";
// or in more readable form
$Start_Date = "$month/1/$year";

And this is my version of the calculate function:

function calculate($month, $year) {
    $daysInMonth = cal_days_in_month(CAL_GREGORIAN, $month, $year);
    $workDays = 0;
    for($d = 1; $d <= $daysInMonth; $d++) {
        $dateString = "$month/$d/$year";
        $currentDayTS = strtotime($dateString);
        $day = date("D", $currentDayTS); // Sun - Sat
        if($day != "Sun" && $day != "Sat") {
            $workDays++;
        }
    }
    return $workDays;
}

http://www.html-form-guide.com/php-form/php-form-checkbox.html

and thousands of other resultls using duckduckgo search for php checkbox example (you can also try google)

Do not forget security if you want to be a really good web developer. Familiarize yourself with OWASP top 10 threats and guidelines how to handle them.

Regarding graphics skills learn vector graphics and software like Inkscape. It often helps when bitmap graphics does not suffice.

Yes. You can use a variable to prepare a string for the subject. Please note that subject must satisfy RFC 2047. See the PHP mail documentation.

@cereal, thnx, I was not aware of that.

Also, the method name in $this->__('Email Me') does not seem to be valid or is my knowledge of PHP a bit shaky?

Depending on what your password requirements are and what your approach is. Once you hash a password the hash will contain only database safe characters. I would expect you do not need so much a filter but a password quality checker.

There seem to be no syntax errors. Why do you assume there is an error? Do you get any messages? Is the result not what you expected? What is different from what you expected?

I hope this is what you want (see comments in the code):

// test data
$mainArray = array(
    '823584X80X998.NAOK' => array('question_properties' => array('qid' => 998,  'name' => 'F8')),
    '823584X80X1001.NAOK' => array('question_properties' => array('qid' => 1001, 'name' => 'F10'))
);
// $string = '((823584X80X998.NAOK == "1"))';
$string = '((823584X80X1001.NAOK == "1" or 823584X80X1001.NAOK == "2" or 823584X80X1001.NAOK == "3"))';

// get rid of the (( and ))
$string = str_replace(array('(', ')'), '', $string);
// explode if there are any ORs
$tempArray1 = explode(' or ', $string);
// save values (1, 2, 3)
$savedValues = array();
foreach($tempArray1 as $val1) {
    $tempArray2 = explode('==', $val1);
    // this will be the key for searching in the main array
    $searchKey = trim($tempArray2[0]);
    // ad a value to the saved values array
    $savedValues[] = $tempArray2[1];
}
// to check if OR has to be echoed
$savedValuesCount = count($savedValues);
if(array_key_exists($searchKey, $mainArray)) {
    echo "((";
    foreach($savedValues as $key2 => $savedVal) {
        // echo replacement
        echo $mainArray[$searchKey]['question_properties']['name'] . '==' . $savedVal . '';
        // echo OR if needed
        if($key2 < $savedValuesCount -1) {
            echo ' or ';
        }
    }
    echo '))';
} else {
    // in case key does not exist
    echo "Search key $searchKey does not exist in the main array";
}

Enclose each row (and ID and a delete button) within form tags and add a hidden input that holds the value. You will have as many forms as there rows. When you delete (submit), the value in the hidden input field will get over to the next script. And you do not need a name attribute in the list item element.

<h1>YOUR COURSES</h1>
<ol>
<?php
$con=mysqli_connect("localhost","FYP","123","FYP");
$sql= mysqli_query($con, "SELECT C_Code FROM F_COURSES WHERE F_ID=".$_SESSION['userid']);
while($row = mysqli_fetch_array($sql)){

    // I added a little bit of a styling to the form to display correctly
    echo "<li><form method='post' action='delete.php' style='display:inline;'>" . $row['C_Code'] . "<input type='submit' value='Delete'>";

    // this line adds a hidden input
    echo "<input name='course' type='hidden' value='" . $row['C_Code'] . "'></form></li>";
}
?>
</ol>

I hope having a form inside a list item element isn't bad coding. But I've seen that arround.

There is another error in the SQL statement that is actually preventing the script to execute:

$query = "SELECT * FROM table WHERE state LIKE :search OR city LIKE :search";

If you want to use table as the table name in mysql you have to enclose it in backticks since table is also a mysql reserved word. It is actualy best to avoid using reserved words for table and column names. So the query should be:

$query = "SELECT * FROM `table` WHERE state LIKE :search OR city LIKE :search";

the way you set it up $row would have been equal to the individual fields not the records
$records in your case would have been a individual row because you used fetch instead of fetchAll

@jstfsklh211
That is simply not true. Both fetch() and fetchAll() return a row, but with fetch() you have to use the PDO::FETCH_ASSOC constant which I did. Please see:

http://php.net/manual/en/pdostatement.fetch.php
http://php.net/manual/en/pdostatement.fetchall.php

I have tested the case before I posted.

Also there is a small error in my and consequentely (probably) also in jstfsklh211's post. It is $stmt not $sth. Cause: copying from php.net example :-)

Did my answer from your other thread not help you? I have provided a tested working example there.

There are still some errors that somehow sneaked into my code :-). This is what happens when there is no time to test. These are the errors:

// wrong
$conn->setAttribute(PDO::ATTlR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// correct
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

// wrong
$conn->exec($sql);
// correct
$stmt->execute();

So this part of code should be (tested, and it works):

$servername = "localhost";
$dbname = "test";
$dbusername = "test";
$dbpassword = "";

try {
    // You initialize the connection here using OOP style
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $dbusername, $dbpassword);
    // here you say that you will use exception mode for
    // error handling this is basically the try/catch block
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 
    // the SQL statement uses placeholders for values
    // that will be replaced with values of variabes;
    // the colon (:) is denoting the placeholders
    $sql = "INSERT INTO Posts (Title, Author, Content)
            VALUES (:title, :author, :content)";
    // prepare a statement (that is why it is named $stmt)
    $stmt = $conn->prepare($sql);
    // bind real values to placeholders
    // e.g. placeholder named :title receives a value of $title etc
    $stmt->bindParam(':title', $title, PDO::PARAM_STR);
    $stmt->bindParam(':author', $author, PDO::PARAM_STR);
    $stmt->bindParam(':content', $content, PDO::PARAM_STR);
    // now execute the prepared statement
    $stmt->execute();
    // if exception happens (basically if error occurs) handle it
} catch(PDOException $e) {
    echo $sql . "<br>" . $e->getMessage();
}

Sory for the errors in my posts. Speed does not always help.

First I have to admit there are errors in my code. e.g. I forgot to copy the prepare statement which is most important here. So the right code is (see explanations in comments):

$servername = "localhost";
$dbname = "mydbname";
$dbusername = "mydbusername";
$dbpassword = "mydbpassword";

try {
    // You initialize the connection here using OOP style
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $dbusername, $dbpassword);

    // here you say that you will use exception mode for 
    // error handling this is basically the try/catch block
    $conn->setAttribute(PDO::ATTlR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    // the SQL statement uses placeholders for values
    // that will be replaced with values of variabes;
    // the colon (:) is denoting the placeholders
    $sql = "INSERT INTO Posts (Title, Author, Content)
        VALUES (:title, :author, :content)";

    // prepare a statement (that is why it is named $stmt)
    $stmt = $conn->prepare($sql);

    // bind real values to placeholders
    // e.g. placeholder named :title receives a value of $title etc
    $stmt->bindParam(':title', $title);
    $stmt->bindParam(':author', $author);
    $stmt->bindParam(':content', $content);

    // now execute the prepared statement
    $conn->exec($sql);

// if exception happens (basically if error occurs) handle it
} catch(PDOException $e) {
    echo $sql . "<br>" . $e->getMessage();
}

// unset the connection (to free resources)
$conn = null;

You also have a very nice and complete tutorial here.

It is strange that you get an error trimming the user input. It is quite important to do it since users sometimes add spaces on beginning or end without knowing and noticing it. Maybe you should change that line of code …

To execute the code only after form submission the whole thing has to be wrapped in an if block:

<?php
if(isset($_POST['submit'])) {

    $title = $_POST['title'];
    $author = $_POST['author'];
    $content = $_POST['content'];

    if(empty(trim($_POST["title"])) || empty(trim($_POST["author"])) || empty(trim($_POST["content"]))) {
            echo "You forgot to enter some required data";
    } else {

        $servername = "localhost";
        $dbname = "mydbname";
        $dbusername = "mydbusername";
        $dbpassword = "mydbpassword";

        try {
            $conn = new PDO("mysql:host=$servername;dbname=$dbname", $dbusername, $dbpassword);
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            $sql = "INSERT INTO Posts (Title, Author, Content)
            VALUES (:title, :author, :content)";
            $stmt->bindParam(':Title', $title);
            $stmt->bindParam(':Author', $author);
            $stmt->bindParam(':Content', $content);
            $conn->exec($sql);
        } catch(PDOException $e) {
            echo $sql . "<br>" . $e->getMessage();
        }
        $conn = null;
    }
}
?>

I rearranged your code to include changes from my previous posts.

And for security reasons use prepared statements.

Prepared statements are a feature of a database (like mysql). Variables that are passed to a query get prepared first so a possibility of an injection of bad code is minimized. This is a preferrable way of inserting user supplied data into the database. Your code will look something like:

try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $dbusername, $dbpassword);
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
    $sql = "INSERT INTO Posts (Title, Author, Content)
    VALUES (:title, :author, :content)";
    $stmt->bindParam(':Title', $title);
    $stmt->bindParam(':Author', $author);
    $stmt->bindParam(':Content', $content);
    $conn->exec($sql);
} catch(PDOException $e) {
    echo $sql . "<br>" . $e->getMessage();
}

As you can see in the query there are placeholders for variables and actual values are them bound to those placeholders. Also see this article.

This is the PHP part. It is slightly rearanged so the connection and execution gets done only if there are all fields:

<?php
    $title = $_POST['title'];
    $author = $_POST['author'];
    $content = $_POST['content'];

    if(empty($_POST["title"]) || empty($_POST["author"]) || empty($_POST["content"])) {
        echo "You forgot to enter some required data";

    } else {

        // this is just for debugging
        // die($sql);

        $servername = "localhost";
        $dbname = "mydbname";
        $dbusername = "mydbusername";
        $dbpassword = "mydbpassword";

        try {
            $conn = new PDO("mysql:host=$servername;dbname=$dbname", $dbusername, $dbpassword);
            $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
            $sql = "INSERT INTO Posts (Title, Author, Content)
                VALUES ('$title', '$author', '$content')";

            $conn->exec($sql);
        } catch(PDOException $e) {
            echo $sql . "<br>" . $e->getMessage();
        }

        $conn = null;
    }
?>

And for security reasons use prepared statements.

First: do not use GET for the form method, use POST. When using GET, passwords will be visible in the URL bar of the browser and will get written in the browser cache and history. This way anyone with basically no web dev skills will be able to see usernames and passwords.

Second: do not use mysql_* functions since they are deprecated, offer no advanced features that are important for security, and might be ditched at any time. You can use mysqli_* functions which are quite similar and safer, but preferably you should switch to PDO. The PDO has many advantages: it supports database features to greatest extent (i.e. prepared statements), it enables you to switch databases quite easily (i.e. from mysql/mariadb to postreSQL or Oracle etc) and uses nicely designed OOP approach.

Now, on this link you will find a nice login example, using PDO for database access, prepared statements for secure insertion and sha1 for password hashing, all nicely comented.

Mind you, if you google for php login example you will still find loads of examples using deprecated mysql_* functions. Do yourself a favor and avoid them or translate them at least to mysqli_* or better to PDO.

For enhancing security also read this article.

I hope this is not too much information in one short time for you. Nevertheless, it is worth investing some time into studying and clarifying these concepts as it will help you many …

This code:

public function get_validator(){
    return $this->response_code;
    return $this->response_msg;
}

should be probably broken into two methods:

 public function get_response_code() {
    return $this->response_code;
}

public function get_response_msg() {
    return $this->response_msg;
}

I have been using OOP approach for several years now, and must say that it helps a lot. I can easily reuse classes I have written in past, it is easy to modify existing functionalities, it is also easy to organize team work and the project code is a piece of cake to maintain. I have learnt a lot by studying some open source examples and on my own mistakes (especially designing functionalities covered by each class). Some good code examples can be found on PHPclasses and I have also looked at some on the PEAR site.

If the path is in the $aInfo['photo'] row then the code would be:

echo '<img src="' . $aInfo['photo'] ">'

But you have to make sure the path is correct. Maybe you have to add something to make the path absolute (e.g. http://yoursite.com/images) or be sure that relative path is correct.

Maybe you could post sample database rows.

Joshuajames pointed out another error in your query which is you cant use array elements in the string the way you did. The correct way of using compound variables in a double quoted string would be using curly braces:

$insertedData = mysql_query($serverConnection, "INSERT INTO customertable(CustomerID, FirstName, SurName, Address, PhoneNum, Email, PurchaseProduct)
VALUES('{$_POST['Customer_ID']}', '{$_POST['First_Post']}', '{$_POST['Sur_Name']}', '{$_POST['Cus_Address']}', '{$_POST'[Phone_Num']}', '{$_POST['Cus_Email']}' '{$_POST['Product_Purchase']}')");

But Joshuajames's solution is cleaner. I would add to it two things:

• clean/sanitize the variables comming from a user
• do not use deprecated mysql_* functions, switch to newer and safer PDO or at least mysqli_*.

Example of sanitizing (in practice it depends on value):

$customer_id = mysql_real_escape_string($_POST[Customer_ID]);
$first_post =  mysql_real_escape_string($_POST[First_Post]);
$sur_name =  mysql_real_escape_string($_POST[Sur_Name]);
$cus_address =  mysql_real_escape_string($_POST[Cus_Address]);
$Phone_Num = mysql_real_escape_string($_POST[Phone_Num]);
$cus_email = mysql_real_escape_string($_POST[Cus_Email]); 
$Product_Purchase = mysql_real_escape_string($_POST[Product_Purchase]);

EDIT: take also a look at Szabi's post above since this is the way to go.

You have to add echo statement to every case instance in the function, something like:

function updateMemberAjx() {
    $sVal = $GLOBALS['MySQL']->escape($_POST['value']);

    $iId = (int)$_POST['id'];
    if ($iId && $sVal !== FALSE) {
        switch ($_POST['columnName']) {
            case 'first_name':
                $GLOBALS['MySQL']->res("UPDATE `pd_profiles` SET `first_name`='{$sVal}' WHERE `id`='{$iId}'");
                $temp = "UPDATE `pd_profiles` SET `first_name`='{$sVal}' WHERE `id`='{$iId}'";
                break;
            case 'last_name':
                $GLOBALS['MySQL']->res("UPDATE `pd_profiles` SET `last_name`='{$sVal}' WHERE `id`='{$iId}'");
                $temp = "UPDATE `pd_profiles` SET `last_name`='{$sVal}' WHERE `id`='{$iId}'";
                break;
            case 'email':
                $GLOBALS['MySQL']->res("UPDATE `pd_profiles` SET `email`='{$sVal}' WHERE `id`='{$iId}'");
                $temp = "UPDATE `pd_profiles` SET `email`='{$sVal}' WHERE `id`='{$iId}'";
                break;
            case 'status':
                $GLOBALS['MySQL']->res("UPDATE `pd_profiles` SET `status`='{$sVal}' WHERE `id`='{$iId}'");
                $temp = "UPDATE `pd_profiles` SET `status`='{$sVal}' WHERE `id`='{$iId}'";
                break;
            case 'role':
                $GLOBALS['MySQL']->res("UPDATE `pd_profiles` SET `role`='{$sVal}' WHERE `id`='{$iId}'");
                $temp = "UPDATE `pd_profiles` SET `role`='{$sVal}' WHERE `id`='{$iId}'";
                break;
            case 'date_reg':
                $GLOBALS['MySQL']->res("UPDATE `pd_profiles` SET `date_reg`='{$sVal}' WHERE `id`='{$iId}'");
                $temp = "UPDATE `pd_profiles` SET `date_reg`='{$sVal}' WHERE `id`='{$iId}'";
                break;
        }
        // echo 'Successfully saved';
        echo 'DEBUG: ' . $temp;
    }
    exit;
}

Please note that this is very simple and a bit clumsy way of debugging. Using right developer tools is the way to go.

You have to debug ajax calls which is easier with tools like Firebug. But anyway, I think you should check the UPDATE query from the updateMemberAjx() function. You can try to display the query instead of the success message by assigning the query to a variable in each case statement like:

case 'first_name':
    $GLOBALS['MySQL']->res("UPDATE `pd_profiles` SET `first_name`='{$sVal}' WHERE `id`='{$iId}'");
    // assign the query to a temp variable
    $temp = "UPDATE `pd_profiles` SET `first_name`='{$sVal}' WHERE `id`='{$iId}'"

and changing line 098 from:

echo 'Successfully saved';

to:

echo $temp;

This way the query will be diplayed upon an update. You can copy it and test in phpmyadmin whether it contains any errors.

The error is in the paramaters of the mysql_query function. The first parameter should be the query (string type), and the second (optional) parameter is the link (of type resource type). You have wrong sequence ot these parameters.

And the mantra: ditch the deprecated mysql_* functions and replace them with the new PDO or at least mysqli_* functions.

Do you already have an upload form? If not, you can find nice tutorial here. Make sure that everything is happening within the restricted area (i.e. a user has to be logged in to upload photos), to keep things secure.

An elegant solution would be to use AJAX, so users can upload photos without leaving a page or to put checkboxes to each photo in order to enable users to load more photos at once.

Hopefuly I understood your question right. If not please clarify it.

You can store number of images per row in an array (this is untested, just a concept):

// between lines 17 and 18 - initialize variables
$rowNo = 1;
$imagePerRow = array();

// between lines 44 and 45 - assign current value for that row
imagePerRow[$rowNo] = $x;

// on line 49 - increase row counter
$rowNo++;

To make it more efficient, store only a number for the last row, since all other rows have 4 images. The last row will have 4 or less images.

So where did you get stuck? I managed to access any element of the above array.

Your text contains an apostrophe (') which is also used in mysql as a string delimiter. In order to store an apostrophe into the DB you have to escape it usually using a database escape function (mysql_real_escape_string in your example):

$insert = mysql_query("insert into offer(
descr
)
values(
'".mysql_real_escape_string($descrr)."'
)")
or die(mysql_error($con));

All in all using deprecated mysql_* functions is a bad idea. Switch to PDO.

It is not clear what the coupon class is expected to do. It seems that there is some code missing. The only method defined in it is the Voucher method. The method fires calls to some other methods and properties of the class but they are not defined anywhere. The class is also not the extension of some other class.

You should design a function or a class (if you are OK with OOP) yourself. Figure out and define what the functionality should be the code it, staring with simple functionality and adding the complexity if needed.

There are errors in your code above:

Line 199 - missing ; at the end of the line:

echo $state

Line 229 - missing a statement (or at least ;)

if ($_POST['type'] == "login") ;

This is why you get nothing shown. Errors were proably logged into some error log on the server.

You can also comment out lines 176 to 182 to eliminate possible database connection errors since you do not do any database interaction in the script anyway.

I've been a long time Eclipse user. Not very advanced usage though, there are still things that I don't quite understand or like. But I like the fact that I was able to switch between Windows (current job) and Linux (previous job, home) environments without much hassle. Also OOP, JS and CSS syntax support are quite OK. Very good for multiple projects handling.

I use Notepad++ for quick edits. The only thing that bugs me is the doubleclick on a variable name won't catch the $ (dollar sign).

You could make it simpler by using file_exists instead of using all the scandir stuff:

$p = $_GET['p']; // WARNING: sanitize this before using it in production app

if (file_exists($dir.'/'.$p.'.htm')){
    include($dir.'/'.$p.'.htm');
} else {
    echo 'Sorry, page introuvable';
}

And sanitize user input (such as limiting it to certain path, whitelisting etc).

OK, I gave one line of code as an example and this is the whole snippet:

<?php
  include "db.php";//database connection
   $order = "SELECT * FROM comanda where ['id']=''";
  $result = mysql_query($order);
  $row = mysql_fetch_array($result);
  ?>
  <form method="post" action="edit_reper.php">
  <input type="hidden" name="id" value="<?php echo $_GET['id'];?>
    <tr>        
      <td>Cod</td>
      <td>
        <input type="text" name="cod" 
    size="20" value="<?php echo $row['cod'];?>
      </td>
    </tr>
    <tr>        
      <td>Denumire Material</td>
      <td>
        <input type="text" name="den_material" 
    size="20" value="<?php echo $row['den_material'];?>
      </td>
    </tr>
    <tr>        
      <td>Greutate Totala</td>
      <td>
        <input type="text" name="greutate_totala" 
    size="20" value="<?php echo $row['greutate_totala'];?>
      </td>
    </tr>
    <tr>        
      <td>Name</td>
      <td>
        <input type="text" name="cant_reper" 
    size="20" value="<?php echo $row['cant_reper'];?>
      </td>
    </tr>
    <tr>
      <td>Address</td>
      <td>
        <input type="text" name="lg" size="40" 
      value="<?php echo $row['lg'];?>
      </td>
    </tr>
    <tr>
      <td align="right">
        <input type="submit" 
      name="submit value" value="Edit">

There is still something not OK in the select query on line 3. Something is missing at the where condition, maybe the $_GET (I don't know only you could). Maybe this way:

$order = "SELECT * FROM comanda where {$_GET['id']}=''";

You are almost there. Just remove quotes arround the row elements, add quotes arround row element names, add semicolon at the end and use <?php start tags:

<?php echo $row['den_material'];?>

You might also want to check for errors:

 if($result = mysql_query($order)) {
     // do the stuff...
     ...
 } else {
     // handle error..
 }

Same with the $row = mysql_fetch_array($result) code.