Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New Coder
    Join Date
    Dec 2011
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts

    need immediate help!

    Code:
    <?php
    $username=$_POST['centerUsername'];
    $password=md5($_POST['centerPassword']); 
    mysql_connect("localhost","user","password") or die("cannot connect to server.");
    mysql_select_db("donate") or die("cannot connect to database.");
    $sql="SELECT * FROM centers WHERE username='$username' and password='$password'";
    $result=mysql_query($sql);
    $count=mysql_num_rows($result);
    if($count==1){
    if(($username!="headquarter")&&($password!="123456"))
    {
    session_start();
    $_SESSION['username'] = $username;
    $sql2="SELECT center_count FROM login_history";
    $count=mysql_result(mysql_query($sql2),0);
    $count=$count+1;
    $sql3="UPDATE login_history SET center_count='$count'";
    mysql_query($sql3);
    $sql_center="SELECT * FROM alarm WHERE center='$username'";
    $result=mysql_query($sql_center);
    $count=mysql_num_rows($result);
    if($count==1)
    {
    $date_sql="SELECT end_date FROM alarm WHERE center='$username'";
    $end_date=mysql_result(mysql_query($date_sql,0));
    $date = date("Y/m/d");
    if($end_date==$date)
    {
    $sql_delete="DELETE FROM alarm WHERE center='$username'";
    mysql_query($sql_delete);
    }
    }
    header("Location: http://link1.php");
    }
    if(($username=="headquarter")&&($password=="123456"))
    {
    session_start();
    $_SESSION['username']=$username;
    $sql_center="SELECT * FROM alarm WHERE center='$username'";
    $result=mysql_query($sql_center);
    $alarm_count=mysql_num_rows($result);
    if($alarm_count==1)
    {
    $date_sql="SELECT end_date FROM alarm WHERE center='$username'";
    $end_date=mysql_result(mysql_query($date_sql,0));
    $date = date("Y/m/d");
    if($end_date==$date)
    {
    $sql_delete="DELETE FROM alarm WHERE center='$username'";
    mysql_query($sql_delete);
    }
    }
    header("Location: http://link2.php");
    }
    }
    else {
    header("link3.php");
    echo "Wrong username and/or password combination"; 
    }
    ?>
    i am having these 3 warnings when i try to login as "headquarter"
    1)Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource on line 45
    2)Wrong parameter count for mysql_result() on line 45
    3)Cannot modify header information - headers already sent by (output started at script.php:45) on line 53

    i believe same errors will be thrown if i tried another user..

    N.B: These errors are from my website on an online web server.

  • #2
    New Coder
    Join Date
    Sep 2011
    Posts
    80
    Thanks
    0
    Thanked 13 Times in 12 Posts
    Read the documentation on mysql connections:

    http://www.php.net/manual/en/function.mysql-query.php

    - You are passing mysql_query your sql statement and then 0, 0 isn't a valid connection type.

    - mysql_result error relates to this, check line 45 again you've muddled up the parameters

    - 99% of the time you should always exit your script as soon as you do a header redirect as the interpreter will try and execute the rest of the code. This is usually unwanted behaviour.

    - Look at input validation and sanitisation, your code is ripe for a bit of sql injection. Look at parametrized statements.

  • #3
    New Coder
    Join Date
    Dec 2011
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Dear MarkR, thank you for your reply, lol .. it was a very silly mistake from me .. what it supposed to be is:
    mysql_result(mysql_query($end_date),0)
    i merged the 0 index of mysql_result into the mysql_query .. veeery silly from me, all works fine now

    iBall i apologize for lack of information about the lines.. and the reason that echo are after the header is because i want to present an echo first for the user to read it, and then send him to another link.

    thanks all for your help.

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Quote Originally Posted by mjabado View Post
    Dear MarkR, thank you for your reply, lol .. it was a very silly mistake from me .. what it supposed to be is:
    mysql_result(mysql_query($end_date),0)
    i merged the 0 index of mysql_result into the mysql_query .. veeery silly from me, all works fine now

    iBall i apologize for lack of information about the lines.. and the reason that echo are after the header is because i want to present an echo first for the user to read it, and then send him to another link.

    thanks all for your help.
    The concept is wrong. Header and output do not work in a sequential order, headers are always sent first, followed by output. If a header is a location type, then no output will be sent (I'll have to check if its actually sent or not, but either way its abandoned by the browser if it is). To do that, you'd use a refresh header which I believe is non-standard but does seem to work across the board.
    Headers should always be before output, and this includes anything that uses them like header, setcookie, and due to setcookie - session_start. You can move all your headers to the first lines of the code if you want, if it includes a location header the script will continue to process to completion until it runs to the end or hits an exit request.
    Aside from the session_start() which I'd also move to the top line, the only problem here appears to be the query and result together. Soon as that prints a warning, the headers have been sent so following headers cannot be processed.
    You should split up these mysql_result(mysql_query()) calls. Query should be evaluated as successful before attempting to fetch. Also keep in mind that mysql_result is overall quite slow. Won't affect this code but don't use it in a loop.
    Seems that you have too much querying going on here and overall processing. Pass this burden to the SQL itself, let it deal with deletes and updates on given arguments instead of querying, checking, then updating/deleting. Since most of the deletes occur without a where including the check aside from the username, a simple DELETE FROM table WHERE username='username' is sufficient.
    So simplify this:
    Code:
    SESSION_START()
    $query := QUERY("SELECT * FROM centers WHERE username='$username' and password='$password'")
    IF count($query) > 0 THEN
        $_SESSION['username'] := $query['username']
        // I think below's intention is to use DELETE FROM alarm WHERE center='{$query['username']}' AND end_date = CURDATE(),
        // but it only shows the where including the username, so the date check is irrelevant in your current code.
        QUERY("DELETE FROM alarm WHERE center='{$query['username']}'")
        IF $query['username'] == "headquarter" AND $query['password'] == "12345" THEN
            HEADER("Location: http://site.com/link2.php")
            EXIT()
        ELSE
            QUERY("UPDATE login_history SET center_count = center_count + 1")
            HEADER("Location: http://site.com/link1.php")
            EXIT()
        ENDIF
    ELSE
        HEADER("Location: http://site.com/link3.php")
    ENDIF
    Convert to PHP adding functions as necessary, and it will work the same as your current. Didn't know what you wanted to do with that delete, currently it deletes all records associated with a 'center', but the conditions for the date check lead me to believe its intent is to delete anything today, but not before today.

  • #5
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,345
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by iBall View Post
    which line is line 45?

    which line is line 53?
    Copy and paste into your own editor with line numbering. Easy.

    Quote Originally Posted by iBall View Post
    Also, your session_start() should be at the very top of your php script, not inside and IF block in the middle of your code.
    Actually thats wrong. We do recommend it's put at the top but it doesn't have to go there - just before any form of output that would have triggered the headers to be sent. session_start() uses a cookie (sent in the headers) to identify the session so naturally anywhere in the script is good as long as there is no output. Again to save the long explantion we usually just recommend its put at the top but i just wanted to clarify that it isn't a necessity.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #6
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,345
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by iBall View Post
    yes it's easy but it's quicker for me if the op just posts which line it is. If they haven't got the time to post which line it is then I don't have the time to paste the code into my Netbeans, especially when I don't need it there at all.


    Has it ever occurred to you that some ops don't know what line it is?

    You know it can be hard for some learners to understand line numbers. For instance:
    PHP Code:
    <?php//Is this line 1?
            //Or is this line 1? - Do spaces count?
    session_start(); //Perhaps this is?
    ob_start();
    ?>
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    This isn't really a fair assumption. This is all assuming that an editor is in use, and not a flat notepad / vi. Not to mention many new PHP programmers haven't a clue what the error messages mean. Working out where the error is often isn't near the line in question depending on the cause. T_STRING of course can create great havok if they are improperly structured, and you may be looking at an issue from 10 or 15 lines before it or even more. This completely ignores logic errors.
    IMO, its nice to have an indication of a line number from an OP, but it isn't what I'd rely on when determining an issue. I've seen plenty of times where the actual error is caused far before the line number; especially true on $end errors.

    With session_start(), I wouldn't say its good or bad practice to put it at the top. There is pros and cons to everything, the pro at the top is minimal chance for conflict with headers being sent, easy to see and control. The cons are it always establishes a session, even if the intent is to only create it on demand after verification. Ideally, sessions should only be established as necessary in order to conserve filesystem space, resources and time. Realistically, its simply easier to take the shortcut and allow all connections to establish. Hence why we have "guest" available :]. So take your pick, slightly more resource use for easy control, or slightly better optimization for a little more complicated code following / debugging.

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,345
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by iBall View Post
    Then they should just follow your advice and get the line number from their editor. It's not up to me to waste time trying to work out which line of code belongs a line number.
    Quite right but it's also not down to you to get so disgruntled about it. IF you don't want to help then why post a remark about the line numbers? - IF you genuinly want to help then just get on with it.

    Also when I first started PHP I had no idea of there being other notepad programs with line numbers such as notepad++. I started with windows notepad (like many do) and had no idea of line numbering or what the errors meant in php. There are many more newbies out there in that same position hence my signature is full of stuff to help newbies where possible.

    Quote Originally Posted by iBall View Post
    If someone can't work out which line of code it is, or at least narrow it down to 1-2 lines of code, then I don't have the time to work it out for them
    Well in fairness you are under no obligation at all to assist anyone that you don't want to. You had to learn this stuff once too just like I did, FouLu, msleim, firepages, Inigoesdr etc. You should know that it's not straight forward as a learner and frankly with just 68 posts I think you're getting a bit ahead of yourself.

    Quote Originally Posted by iBall View Post
    So what is your problem with that?
    I didn't really have one, I was merely just suggesting how you could determine the line numbers yourself but then you piped up saying you didn't have time, it's not your duty etc..

    Quote Originally Posted by iBall View Post
    You're not suggesting that everyone must spend time working out which lines of code belong to line numbers if an op doesn't explicitely point them out, are you?
    No I am not however most of us do and we do it with minimum fuss. The only time it might become more involved is when there are custom functions and other files as part of the project.

    As Fou has also said however, line numbers in php error messages can frequently be many lines out of place so it's often not that important to be precise. Even mismatched braces can cause errors at the end of the script yet the problem may be at the beginning. It's often better to be able to read the code, see what it's doing and have your own techniques for getting to the bottom of it.
    Last edited by tangoforce; 04-25-2012 at 08:08 PM.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #9
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,345
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Ok, you have yourself a nice evening
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •