[Snipeye]

I'm still here... (I'm sure you're all groaning).

Anyway, here's my code:

<?php
session_start();
if(!isset($_SESSION['studentid'])){
header("location:delogin.php");
}
else {
$loggedin=1;
(int)$StudentID=$_SESSION['studentid'];
}
if ($logginin=1){
$con = mysql_connect(CONNECT STUFF, MINE)or die('Could not connect: ' . mysql_error());

mysql_select_db("otherope_dedb",$con)or die("Cannot select Database: ' . mysql_error())");

$sql="SELECT * FROM DEStudents WHERE StudentID=$StudentID";
$result=mysql_query($sql, $con) or die(mysql_error());
while($row=mysql_fetch_array($result)){
extract($row);
}
}
?>
<html>
<body>
<table width="100%" border="1">
<tr>
<td width="20%">From:</td>
<td width="70%">Message:</td>
<td width="10%">Mark?</td>
</tr>
<?php
$sql = "SELECT * FROM Adminmessages WHERE Readbyadmin=0";
$result = mysql_query($sql, $con);
while($myrow = mysql_fetch_array($result)){
echo "<tr>";
echo "<td width=\"20%\">";
echo $myrow['FirstName'];
echo "&nbsp;";
echo $myrow['LastName'];
echo "&nbsp;";
echo $myrow['StudentID'];
echo "</td>";
echo "<td width=\"70%\">";
echo $myrow['Message'];
echo "</td>";
echo "<td width=\"10%\">";
echo('<input type="checkbox" name="' .$myrow['M_Id'] . '" value="' .$myrow['M_Id'] . '">);
echo "</tr>";
}
?>
</table>
</body>
</html>

I know, my code is VERY ugly and mashed together and atrocious. However, for the most part, it's working fine. My two main problems:

1. The checkbox part isn't working, it complained about unexpected character "'" (Yes, that ' in the middle).

2. I want the teacher to be able to, on a form submission, have all marked messages set their 'Readbyadmin' column in the database to 1, rather than default 0.

3. (Not Major) Auto delete messages marked as read after 2 weeks.

Once again, I need you help...

[Dormilich]

1) you have an unclosed string there '" instead of '"'.

3) give it an expiry date and occasionally run a garbage collector over your DB.

4) line #8: you usually cast before the assignment, not after.

This post has been edited by Dormilich: 23 February 2011 - 03:40 PM

[VolcomMky]

Whats your errors?
Line 46 is unclosed like Dormilich mentioned

This post has been edited by VolcomMky: 23 February 2011 - 03:39 PM

[Snipeye]

OK, changing line 46 from

echo('<input type="checkbox" name="' .$myrow['M_Id'] . '" value="' .$myrow['M_Id'] . '">);

to

echo('<input type="checkbox" name="' .$myrow['M_Id'] . '" value="' .$myrow['M_Id'] . '">');

Seemed to do the trick. However, I still don't know how to, in the form this would be submitted to, change only the ones marked to 'read'. Would this work?

$sql="SELECT * FROM Adminmessages WHERE Readbyadmin=0";
$result = mysql_query($sql, $con);
while($myrow = mysql_fetch_array($result)){
$tolazytocomeupwithanameforthisvar = $_POST['$M_Id'];
if($longvarnameupthere=$M_Id){
SQL Command to set the "Readbyadmin" column to "1"
}
}

[Dormilich]

maybe something like

UPDATE Adminmessages SET `Readbyadmin` = 1 WHERE `M_Id` = ?

This post has been edited by Dormilich: 23 February 2011 - 03:51 PM

[CTphpnwb]

Snipeye, on 23 February 2011 - 06:32 PM, said:

I know, my code is VERY ugly and mashed together and atrocious. However, for the most part, it's working fine.

Getting your code to work is really the last thing you should worry about. That may seem counter intuitive, but it's true. If you organize your code well then getting it to work will be easy. The first thing you need to do in order to begin organizing your code is use proper indenting. Another important thing to do is to separate the languages.

If you think that you can just get it to work and clean it up later then you're taking the longest, hardest route to a solution.

[Snipeye]

Well, I realize that organized code is a great plus and makes the code easier/faster to work with and debug, but right now I've put enough effort into this that I want to mash through and get it done and working.

Dormilich, on 23 February 2011 - 03:51 PM, said:

maybe something like

UPDATE Adminmessages SET `Readbyadmin` = 1 WHERE `M_Id` = ?

OK, but what goes in the the "?"? I submitted it as a variable in the last page, and I don't know how to retrieve that variable...

I really need help on this...

[CTphpnwb]

Snipeye, on 23 February 2011 - 10:54 PM, said:

Well, I realize that organized code is a great plus and makes the code easier/faster to work with and debug, but right now I've put enough effort into this that I want to mash through and get it done and working.

Translation:
I know that if I do it right it will take less time and effort, but I insist on doing it the long, hard way.

Snipeye, on 23 February 2011 - 10:54 PM, said:

OK, but what goes in the the "?"? I submitted it as a variable in the last page, and I don't know how to retrieve that variable...

It appears that Dormlich is using a prepared statement, probably using mysqli or PDO. These are — unless done improperly — immune to SQL injection attacks.

[Snipeye]

I was under the impression that since the only input to this form is a checkbox, and the checkboxes all have numerical values, AND it's sent to the next form via POST, I didn't need to guard against SQL injection.

Now, I was under the impression that the command Dormlich gave me was only partially completed, and he didn't know what to put in the "?" part. If that is the case, I am also unable to determine what I need to put in the "?" to make the UPDATE do what it should, and set the marked messages from the previous form to "read" by making "Readbyadmin" 1 on the database. How do I do this?

EDIT: More detail for clarification:

If you look at the previous form, it sets the name and value of the checkbox (which is posted to the next page) as the $M_Id, which could be any number - 1, 2, 703920, whatever. How do I retrieve the numbers that were marked on the previous page? Perhaps putting the used numbers into an array, then retrieving that array on the next page? If that would work, an explanation of how would be nice, I haven't used arrays much before.

This post has been edited by Snipeye: 23 February 2011 - 09:06 PM

[CTphpnwb]

I don't see your form tag, so I don't know if you're using $_POST or $_GET, but the checkbox value would be in one of those arrays. Both can be spoofed, so you must take action to prevent SQL attacks.

I also don't know what you mean by "next page." PHP has files, not pages. If you mean the next browser refresh, you'd need to show the browser's source code.

[Snipeye]

Oh, right, here's the updated code for looking at the messages:

<?php
session_start();
if(!isset($_SESSION['studentid'])){
header("location:delogin.php");
}
else {
$loggedin=1;
(int)$StudentID=$_SESSION['studentid'];
}
if ($logginin=1){
$con = mysql_connect("CONNECTION STUFF")or die('Could not connect: ' . mysql_error());

mysql_select_db("otherope_dedb",$con)or die("Cannot select Database: ' . mysql_error())");

$sql="SELECT * FROM DEStudents WHERE StudentID=$StudentID";
$result=mysql_query($sql, $con) or die(mysql_error());
while($row=mysql_fetch_array($result)){
extract($row);
}
}
?>
<html>
<body>
<form action="markmessages.php" name="messages" method="post">
<table width="100%" border="1">
<tr>
<td width="20%">From:</td>
<td width="70%">Message:</td>
<td width="10%">Mark?</td>
</tr>
<?php
$sql = "SELECT * FROM Adminmessages WHERE Readbyadmin=0";
$result = mysql_query($sql, $con);
while($myrow = mysql_fetch_array($result)){
echo "<tr>";
echo "<td width=\"20%\">";
echo $myrow['FirstName'];
echo "&nbsp;";
echo $myrow['LastName'];
echo "&nbsp;";
echo $myrow['StudentID'];
echo "</td>";
echo "<td width=\"70%\">";
echo $myrow['Message'];
echo "</td>";
echo "<td width=\"10%\">";
echo('<input type="checkbox" name="' .$myrow['M_Id'] . '" value="' .$myrow['M_Id'] . '">');
echo "</tr>";
}
?>
</table>
<input type="submit" value="Mark Messages as Read">
</form>
</body>
</html>

Down near the bottom, you can see that the name/value of each checkbox is the M_Id of the message it's displaying. Would I just have to force each M_Id into an array within the while loop? How do I do that?

[CTphpnwb]

See this:
http://www.tizag.com...lcheckboxes.php
then fix this:

echo('<input type="checkbox" name="' .$myrow['M_Id'] . '" value="' .$myrow['M_Id'] . '">');

If you want more help from me then see the links in post #6 and make the necessary changes. It's an assault on my eyes to read what you have now. It hurts yours too, but you don't know it yet. (If it weren't, you'd be able to read and understand a measly 55 lines of code!)

[Snipeye]

I read your guide on separating code, and I've got 3 files now:

1. Session/Connection/Extracting Data

<?php
session_start();
if(!isset($_SESSION['studentid'])){
	header("location:delogin.php");
	}
else {
	$loggedin=1;
	(int)$StudentID=$_SESSION['studentid'];
	}
if ($logginin=1){
	$con = mysql_connect("localhost","otherope_snipeye","Macintosh")or die('Could not conn	ect: ' . mysql_error());

	mysql_select_db("otherope_dedb",$con)or die("Cannot select Database: ' . mysql_error()	)");

	$sql="SELECT * FROM DEStudents WHERE StudentID=$StudentID";
	$result=mysql_query($sql, $con) or die(mysql_error());
	while($row=mysql_fetch_array($result)){
		extract($row);
		}
	}
?>

Called 'conanddata.php'

2. Markmessage.php

<tr>
<td width="20%">
<?php echo $myrow['FirstName']; ?>
&nbsp;
<?php echo $myrow['LastName']; ?>
&nbsp;
<?php echo $myrow['StudentID']; ?>
</td>
<td width="70%">
<?php echo $myrow['Message']; ?>
</td>
<td width="10%">
<input type="checkbox" name="<?php echo $myrow['M_Id'] ?>" value="<?php echo $myrow['M_Id'] ?>" />
</tr>

3. The body of the page,

<?php
include 'conanddata.php';
?>
<html>
<body>
<form action="markmessages.php" name="messages" method="post">
<table width="100%" border="1">
<tr>
<td width="20%">From:</td>
<td width="70%">Message:</td>
<td width="10%">Mark?</td>
</tr>
<?php
$sql = "SELECT * FROM Adminmessages WHERE Readbyadmin=0";
$result = mysql_query($sql, $con);
while($myrow = mysql_fetch_array($result)){
	require 'markmessage.php';
}
?>
</table>
<input type="submit" value="Mark Messages as Read">
</form>
</body>
</html>

And I've done intending, and I think I've fixed the checkbox...

I still don't know how, on the page this page submits it's data to (via POST) I can retrieve the message ID and mark ALL the marked messages as read.

Do you understand what it is that I'm trying to say I don't understand? I don't know if I'm being clear enough, it is a little confusing.

This post has been edited by Snipeye: 24 February 2011 - 11:40 AM

[CTphpnwb]

Well, it's a start. You're going to need to reread both links though. Indenting should be consistent because it's purpose is to delineate portions of the code, making them more readable. Code separation means that PHP is not mixed with HTML so that not only is PHP more readable, but the HTML is more readable too.

From the link in post #12, this:

 <input type="checkbox" name="<?php echo $myrow['M_Id'] ?>" value="<?php echo $myrow['M_Id'] ?>" />

needs to have:
checked="yes"
for those items that should be checked. I believe that all of that php code is confusing you when you think about your html. Separate them!

[Dormilich]

CTphpnwb, on 24 February 2011 - 08:05 PM, said:

From the link in post #12, this:

 <input type="checkbox" name="<?php echo $myrow['M_Id'] ?>" value="<?php echo $myrow['M_Id'] ?>" />

needs to have:
checked="yes"

nope. it should be checked, or if you want to use XML checked="checked"