[oaluyi]

What do I do, I now get this error


Notice: Undefined index: filetoupload in C:\wamp\www\P\controller.php on line 28

Warning: mysql_query() [function.mysql-query]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in C:\wamp\www\P\controller.php on line 67

Warning: mysql_query() [function.mysql-query]: A link to the server could not be established in C:\wamp\www\P\controller.php on line 67
Hmmm... something went wrong trying to create a new item:
Access denied for user 'SYSTEM'@'localhost' (using password: NO)

<?php
 include_once("dbconfig.php");  
 include_once('inc_thumbnail.php'); 
 include_once('inc_functions.php'); 
 include_once('admin/config.php');
 include_once($languageFile);

$ip = GetHostByName($REMOTE_ADDR);
$op = $_REQUEST["op"]; // op is the operation code
$msg = "";

if ($op == "newItem"){

	$md_email = $_POST["md_email2"]; 
	
		if ($md_email != 'md_email2')
		header("" . GetHostByName($REMOTE_ADDR));	
	$title		  = ($_POST["md_title"]);
	$md_description	= ($_POST["md_description"]);
	$md_price 			= ($_POST["md_price"]);
	$md_email2		= ($_POST["md_email2"]);
	$md_city 		= ($_POST["md_city"]);
	$namer 			= ($_POST["namer"]);
	$category	= ($_POST["category"]);
	$type			= ($_POST["type"]);
	
	// upload the file if it exists
	$filetoupload= uploadImage($_POST["filetoupload"]);
	// Create a Thumbnail if an image exists
	if ($filetoupload != "no file")
	{	
		$date = date("YmdHis");
		$imgArr = split('[/]', $file);
		$imgNameOnly = $imgArr[sizeof($imgArr)-1];
		$folderPath = "";
		for ($i=0; $i<sizeof($imgArr)-1; $i++)
			$folderPath .=  $imgArr[$i] . "/";	
			
		$photoPathName = $folderPath . $date . "_" . $imgNameOnly;
		$thumbNailPathName = $folderPath . "thumb_" . $date . "_" . $imgNameOnly;
		$imgType = getImgType($imgNameOnly);
		// Create a resized image of the orig. a mx of 400 pixels
		$photo=new Thumbnail(400,400);
		// Load an image into a string (this could be from a database)
		$image=file_get_contents($file);
		// Load the image data
		$photo->loadData($image,$imgType);
		// Build the thumbnail and store as a file
		$photo->buildThumb($photoPathName);	
		// Instantiate the thumbnail
		$tn=new Thumbnail(50,50);
		// Load an image into a string (this could be from a database)
		$image=file_get_contents($file);
		// Load the image data
		$tn->loadData($image,$imgType);
		// Build the thumbnail and store as a file
		$tn->buildThumb($thumbNailPathName);
		// delete the source file that is potentially large
		unlink($file);
	}

	// Creates a 7 character random string
	$confirmPassword = chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122)) . chr(rand (97,122));	

	$sql = ("INSERT INTO md_postings SET md_email='$md_email2', type='$type', namer='$namer', md_city='$md_city', category='$category', md_title='$md_title', md_description='$md_description', md_price='$md_price', filetoupload='$filetoupload'");
	
	if (mysql_query($sql)) // If all is good, send the email
		{
			include_once("admin/email_newItem.php");
			mail($email, STR_CONFIRMPOSTING, $message, $headers);
			header("Location:newItemConfirm.php");
		} else {
			print("Hmmm... something went wrong trying to create a new item:<br>" . mysql_error());
		}	
}

if ($op == "md_email2"){

	$botEmail = $_POST["md_email2"];
	
	if ($botEmail != 'md_email2')
		header("" . GetHostByName($REMOTE_ADDR));

	foreach ($_POST as $secvalue) {
		if ((eregi("<[^>]*script.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*object.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*iframe.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*applet.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*window.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*document.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*cookie.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*meta.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*style.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*alert.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*form.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*php.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*<?.*\"?[^>]*>", $secvalue)) ||
		(eregi("<[^>]*img.*\"?[^>]*>", $secvalue))) {
			die ("There was a problem with your post. Please do not include code.");
		}
	}
	// end hacker defense 	
		
	$postId 	= mysql_real_escape_string($_POST["postId"]);
	$title 		= mysql_real_escape_string(addslashes(trim($_POST["title"])));
	$name 		= mysql_real_escape_string(addslashes(trim($_POST["name"])));
	$email 		= mysql_real_escape_string(trim($_POST["email2"]));
	$message 	= "From: $name \n\n" . $_POST["md_message"];
	$emailTitle = STR_ABOUTYOURPOST . $title;
	$headers 	= 'From: ' . $email . "\r\n" . 'Reply-To: ' . $email . "\r\n" . 'X-Mailer: PHP/' . phpversion();	
	
	$sql = "SELECT email FROM md_postings WHERE postId='$postId'";
	$result = mysql_query($sql);
	if (!$result)
		print("Hmmm... Error getting email address: " . mysql_error());	
		
	$row 		= mysql_fetch_array($result);
	$toEmail 	= $row["email"];
	mail($toEmail, $emailTitle, $message, $headers);
	header("Location: viewItem.php?id=$postId&msg=messageSent");
}

if ($op == "emailReminder"){
	$postId = mysql_real_escape_string($_POST["postId"]);

	$sql = "SELECT email, title, confirmPassword FROM md_postings WHERE postId='$postId'";
	$result = mysql_query($sql);
	if (!$result)
		print("Error performing query: " . mysql_error());	
	$row 		= mysql_fetch_array($result);
	$confirmPassword = $row["confirmPassword"];
	$toEmail 	= $row["email"];
	
	include_once("admin/email_reminder.php");
	mail($toEmail, STR_REMINDEREMIAL, $message, $headers);
	header("Location: viewItem.php?id=$postId&msg=messageSent");
}
?>

Please Spot the error and possibly amend.

[oaluyi]

Hello Can you please spot the error in this code?


This is the error I get displaying on the web browser

";} // you can add email validation here if required. // The code for email validation is available at www.plus2net.com if($status<>"OK"){ // if validation failed echo "$msg
"; }else{ // if all validations are passed. $query(mysql_query("update plus_signup set email='$email',name='$name',sex='$sex' where userid='$session[userid]'"));{ echo "You have successfully updated your profile
"; }else{echo "There is some problem in updating your profile. Please contact site admin
";} }} echo "

Welcome $session[userid] Click here to logout   |   Change Password|   Update Profile

"; ?> 

This is the PHP code.

<?
include "include/session.php";
include "include/config.php";
if(isset($todo) and $todo=="update-profile"){
// set the flags for validation and messages
$status = "OK";
$msg="";
}
// if name is less than 5 char then status is not ok
if (strlen($name) < 5)
{
$msg=$msg."Your name  must be more than 5 char length<BR>";}

if($status<>"OK"){ // if validation failed
echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onclick='history.go(-1)'>";
}else{ // if all validations are passed.
$query(mysql_query("update plus_signup set email='$email',name='$name',sex='$sex' where userid='$session[userid]'"));{
echo "<font face='Verdana' size='2' color=green>You have successfully updated your profile<br></font>";
}else{echo "<font face='Verdana' size='2' color=red>There is some problem in updating your profile. Please contact site admin<br></font>";}
}}
echo "<center><font face='Verdana' size='2' ><br>Welcome $session[userid] Click <a href=logout.php>here to logout</a>
 &nbsp; | &nbsp; <a href=change-password.php>Change Password</a>| &nbsp; <a href=update-profile.php>Update Profile</a><br></center></font>";

?>

Thanks

Hi, can you please spot out the error on this code?

This is the error I get displaying on the web browser

";} // you can add email validation here if required. // The code for email validation is available at www.plus2net.com if($status<>"OK"){ // if validation failed echo "$msg
"; }else{ // if all validations are passed. $query(mysql_query("update plus_signup set email='$email',name='$name',sex='$sex' where userid='$session[userid]'"));{ echo "You have successfully updated your profile
"; }else{echo "There is some problem in updating your profile. Please contact site admin
";} }} echo "

Welcome $session[userid] Click here to logout   |   Change Password|   Update Profile

"; ?> 

This is the PHP code.

<?
include "include/session.php";
include "include/config.php";
if(isset($todo) and $todo=="update-profile"){
// set the flags for validation and messages
$status = "OK";
$msg="";
}
// if name is less than 5 char then status is not ok
if (strlen($name) < 5)
{
$msg=$msg."Your name  must be more than 5 char length<BR>";}

if($status<>"OK"){ // if validation failed
echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onclick='history.go(-1)'>";
}else{ // if all validations are passed.
$query(mysql_query("update plus_signup set email='$email',name='$name',sex='$sex' where userid='$session[userid]'"));{
echo "<font face='Verdana' size='2' color=green>You have successfully updated your profile<br></font>";
}else{echo "<font face='Verdana' size='2' color=red>There is some problem in updating your profile. Please contact site admin<br></font>";}
}}
echo "<center><font face='Verdana' size='2' ><br>Welcome $session[userid] Click <a href=logout.php>here to logout</a>
 &nbsp; | &nbsp; <a href=change-password.php>Change Password</a>| &nbsp; <a href=update-profile.php>Update Profile</a><br></center></font>";

?>

Thanks.

[RudiVisser]

Where are you actually getting this code from?

[CTphpnwb]

First rule: No includes until the code works properly. Get it working and then split it up. (By the way, includes should not be abused. If you have too many of them, they defeat their own purpose by making things more confusing and harder to manage.)

Second rule: When posting a question, show everything that might be relevant and omit the stuff that definitely isn't relevant.


In this case, the above means showing the code for opendb.php, which you haven't included in your code, and leaving out much of what you have posted. In doing this, you might even see the solution before you post!

This post has been edited by CTphpnwb: 08 November 2009 - 06:31 AM

[oaluyi]

Thank you very much, I did what you asked me to do and the errors were all gone. Now I get a

Parse error: parse error in C:\wamp\www\CourseWork\update-profileck.php on line 21

<?php   

		include 'config.php'; 
		include 'opendb.php';
	
if(isset($todo) and $todo=="update-profile"){
// set the flags for validation and messages
$status = "OK";
$msg="";
}
// if name is less than 5 char then status is not ok
if (strlen($name) < 5) {
$msg=$msg."Your name  must be more than 5 char length<BR>";
$status= "NOTOK";}

if($status<>"OK"){ // if validation failed
echo "<font face='Verdana' size='2' color=red>$msg</font><br><input type='button' value='Retry' onclick='history.go(-1)'>";
}
$query(mysql_query("update plus_signup set email='$email',name='$name',sex='$sex' where userid='$session[userid]'"));
echo "<font face='Verdana' size='2' color=green>You have successfully updated your profile<br></font>";
else{
echo "<font face='Verdana' size='2' color=red>There is some problem in updating your profile. Please contact site admin<br></font>";
}
echo "<center><font face='Verdana' size='2' ><br>Welcome $session[userid] Click <a href=logout.php>here to logout</a>
   |   <a href=change-password.php>Change Password</a>|   <a href=update-profile.php>Update Profile</a><br></center></font>"
}
if ( !( $res = mysql_query($query))){
		   die(mysql_error());
}
?>
<?php
include 'closedb.php';
?>

What seems to be the problem?


I read books by vikram vaswani (McGraw Hill) and try to implement what I have read and I also source information from a website (www.tizag.com)

[CTphpnwb]

Line 21 is missing a brace:

else{

should be:
}else{

[RudiVisser]

There's also a ; missing:

echo "<center><font face='Verdana' size='2' ><br>Welcome $session[userid] Click <a href=logout.php>here to logout</a>
   |   <a href=change-password.php>Change Password</a>|   <a href=update-profile.php>Update Profile</a><br></center></font>"

This post has been edited by RudiVisser: 08 November 2009 - 09:48 AM

[oaluyi]

This is the current error I got

}else{
$query(mysql_query("update plus_signup set password='$password',email='$email',name='$name',sex='$sex' where userid='$session[\'userid'\]'"));[b]{[/b]

it now reports a string error.
Parse error: parse error, expecting `T_STRING' or `T_VARIABLE' or `T_NUM_STRING' in C:\wamp\www\CourseWork\update-profileck.php on line 16

}else{
$query(mysql_query("update plus_signup set password='$password',email='$email',name='$name',sex='$sex' where userid='$session[\'userid'\]'"));[b]{[/b]

[CTphpnwb]

I never put queries directly into the mysql_query function. That way I can echo the query and see if it is being assembled the way I expect. Doing that with yours:

$thequery = "update plus_signup set email='$email',name='$name',sex='$sex' where userid='$session[userid]'";
echo "<br>".$thequery."<br>";
$query = mysql_query($thequery);

should show that the value of $session[userid] is null. If you're using a session variable, it's accessed using $_SESSION['userid']

[ryomadarktezuka]

This has happened to me try adding this at the top of your file

error_reporting(E_ERROR | E_PARSE);