Hi!,
I used the following source:
[code=php] $query=”SELECT ID FROM users WHERE name='”.$_POST[‘name’].” WHERE
status=’2′ OR date > ‘”.time()- (60*60*24) .”‘”;
$result=mysql_query($query, $link);
I recall that i read somewhere that when either one of the statements of an OR condition returns TRUE, the whole statement returns true without proceeding to the next conditions…
There fore i used this query to select all the users that are status ‘2’(active accounts), and in case that the account isn’t active(this condition will be examined only under such circumstances), i check whether it was submitted
less then 24 hours ago(the period in which the user can active his account following a link that he received to his mail box).
Anyways, this phrase returns the following error, and i don’t have clue why.
[QUOTE]
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘-86400” at line 1
First it was the dividing point that was next by the number and was processed as a part of the number, but i got that fixed, what is it now:.
86400 appears to be exactly the multiplication of 60*60[B]I can’t apply math between the fields in the query themselves, or with external values can i?
The same function seems to work just fine with other queries.
I also have another question, i read that the function mail() returns TRUE value if it was successful and FALSE if it was not, is it true?.
can i used in the following way to determine whether the user receive the email to his address or not?.
[code=php]
if(!mail($_POST[’email’], $row[‘title’], $row[‘message’]))
{
Error handling
}
<i>
</i>SELECT ID FROM users WHERE name='".$_POST['name']." AND
(status='2' OR date > '".time()- (60*60*24) ."');
[code=php] $query="SELECT ID FROM users WHERE name='".$_POST['name']."'
AND(status='2' OR date > '".time() - (60*60*24) ."')";
$result=mysql_query($query, $link); [/code]
<i>
</i>$name=$_POST['name'];
SELECT ID FROM users WHERE name='".$name."' AND ( status='2' OR date > DATE_SUB(NOW(),INTERVAL 1 DAY))";
[code=php]
$query="SELECT ID FROM users WHERE name='".$_POST['name']."'
AND(WHERE status='2' OR WHERE date > '".(time()-60*60*24) ."')";
$result=mysql_query($query, $link);
[/code]
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE status='2' OR WHERE date > '1136982762')' at line 2
[/QUOTE]
<i>
</i>SELECT ID FROM users WHERE name='somename here' AND(status='2' OR date > '1136982762')
Datetime's don't have a format. you format them yourself when pulling the results from the database, the format's similar to the php format of r, but without the timezone switch.
What happens when you issue the query in phpMyAdmin (since you mentioned you used it) as just plain text, no variables? I always test my queries through some sort of case by case basis before trying anything like this. The quotes aren't anything, if you have ints you can skip the quotes but don't need to. Try the query first as just
<i>
</i>SELECT ID FROM users WHERE name='somename here' AND(status='2' OR date > '1136982762')
Also after looking at your query again, I think the biggest problem is that you don't know the syntax for SQL. You only have 1 where clause in a single statement for each query/subquery. you can't repeat the WHERE condition or anything like that.[/QUOTE]
[code=php]
$query="SELECT * FROM messages WHERE shortcut='registration'";
$resu1t=mysql_query($query, $link) or die(mysql_error());
- $row=mysql_fetch_array($result);
if(!@mail($_POST['email'], $row['title'], $row['message']))
{
//Error handling
}
- mysql_free_result($result);
[/code]
Warning: mysql_fetch_array(): 5 is not a valid MySQL result resource in e:easyphp1-8wwwunnamed site 2register.php on line 76
Warning: mysql_free_result(): 5 is not a valid MySQL result resource in e:easyphp1-8wwwunnamed site 2register.php on line 85
[/QUOTE]
[code=php]
[/quote]
$query="SELECT * FROM messages WHERE shortcut='registration'";
$resu1t=mysql_query($query, $link) or die(mysql_error());
- $row=mysql_fetch_array($result);
if(!@mail($_POST['email'], $row['title'], $row['message']))
{
//Error handling
}
- mysql_free_result($result);
[/code]
i read that the function mail() returns TRUE value if it was successful and FALSE if it was not, is it true?.
can i used in the following way to determine whether the user receive the email to his address or not?
[/QUOTE]
[code=php]
$query="INSERT INTO users(name, password, date, msn, icq, email, active) VALUES('".$_POST['name']."','".md5($_POST['password'])."','".time()."','".$_POST['msn']."','".$_POST['icq']."','".$_POST['email']."',".time().")";
$result=mysql_query($query, $link);
mysql_free_result($result);
print("success");
[/code]
Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in e:easyphp1-8wwwunnamed site 2register.php on line 93
[/QOUTE]
With out any reason as far as i can tell... i checked all the possible causes i could think of.
Also the syntax I'm using says that the E-mail address is invalid regardless to the address i enter... Even if it's my one address...
Code:
[code=php]
$query="SELECT * FROM messages WHERE shortcut='registration'";
$result=mysql_query($query, $link);
$row=mysql_fetch_array($result);
@mail($_POST['email'], $row['title'], $row['message']);
if(!(@mail($_POST['email'], $row['title'], $row['message'])))
{
if(isset($message))//ERROR HANDLING
$message=$message."<br>The E-mail address that you indicated is not valid";
else
$message="The E-mail address that you indicated is not valid";
$submit=0;
}
[/code]
... the syntax I'm using says that the E-mail address is invalid regardless to the address i enter... Even if it's my one address...
Code:
[code=php]
[/QUOTE]
$query="SELECT * FROM messages WHERE shortcut='registration'";
$result=mysql_query($query, $link);
$row=mysql_fetch_array($result);
@mail($_POST['email'], $row['title'], $row['message']);
if(!(@mail($_POST['email'], $row['title'], $row['message'])))
{
if(isset($message))//ERROR HANDLING
$message=$message."<br>The E-mail address that you indicated is not valid";
else
$message="The E-mail address that you indicated is not valid";
$submit=0;
}
[/code]
[code=php]
<?php
function sanitize_input($input)
{
if(get_magic_quotes_gpc())
$input = stripslashes($input);
return(mysql_real_escape_string($input));
}
If($_SERVER['HTTP_REFERER']==$_SERVER['PHP_SELF'] or isset($_POST['check']))
{
if($_POST['name']!=NULL and $_POST['password']!=NULL and $_POST['password2']!=NULL and
$_POST['email']!=NULL and $_POST['email2']!=NULL)
{
$submit=1;
if($_POST['icq']!=NULL and !is_numeric($_POST['icq']))
{
if(isset($message))
$message=$message."<br>Please enter an integer number in the "ICQ" field";
else
$message="Please enter an integer number in the "ICQ" field";
$submit=0;
}
$link=mysql_connect("127.0.0.1", "root", "") or die(mysql_error());
mysql_select_db("nba", $link) or die(mysql_error());
if(strcmp($_POST['password'], $_POST['password2'])!=0)
{
if(isset($message))
$message=$message."<br>The passwords you entered doesn't match.";
else
$message="The passwords you entered doesn't match.";
$submit=0;
}
if(strcmp($_POST['email'], $_POST['email2']) != 0)
{
if(isset($message))
$message=$message."<br>The email addresses you have entered doesn't match.";
else
$message="The email addresses you have entered doesn't match.";
$submit=0;
}
$_POST['name']=sanitize_input($_POST['name']);
$_POST['password']=sanitize_input($_POST['password']);
$_POST['msn']=sanitize_input($_POST['msn']);
$_POST['icq']=sanitize_input($_POST['icq']);
$_POST['email']=sanitize_input($_POST['email']);
$query="SELECT ID FROM users WHERE name='".$_POST['name']."'
AND(status='2' OR date > '".(time()-60*60*24) ."')";
$result=mysql_query($query, $link);
if(mysql_num_rows($result) == 1)
{
if(isset($message))
$message=$message."<br>The user name that you have choosen is already in use";
else
$message="The user name that you have choosen is already in use";
$submit=0;
}
mysql_free_result($result) or die(mysql_error());
$query="SELECT ID FROM users WHERE name='".$_POST['name']."' AND
(status='2' OR date > '". (time()-60*60*24) ."')";
$result=mysql_query($query, $link);
if(mysql_num_rows($result))
{
if(isset($message))
$message=$message."<br>The E-mail address that you have entered already exsists in the system";
else
$message="The E-mail address that you have entered already exsists in the system";
$submit=0;
}
mysql_free_result($result);
$query="SELECT COUNT(ID)+1 FROM users";
$result=mysql_query($query, $link);
$row=mysql_fetch_array($result);
$userid=$row[0];
mysql_free_result($result);
$query="SELECT * FROM messages WHERE shortcut='registration'";
$result=mysql_query($query, $link);
$row=mysql_fetch_array($result);
@mail($_POST['email'], $row['title'], $row['message']);
if(!(@mail($_POST['email'], $row['title'], $row['message'])))
{
if(isset($message))//ERROR HANDLING
$message=$message."<br>The E-mail address that you indicated is not vaild";
else
$message="The E-mail address that you indicated is not vaild";
$submit=0;
}
mysql_free_result($result);
if($submit==1)
{
$query="INSERT INTO users(name, password, date, msn, icq, email, active) VALUES('".$_POST['name']."','".md5($_POST['password'])."','".time()."','".
$_POST['msn']."','".$_POST['icq']."','".$_POST['email']."',".time().")";
$result=mysql_query($query, $link);
mysql_free_result($result);
print("success");
}
}
else
print("Please fill out all the fields marked with "*"");
if(isset($message))
print($message);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=" />
<title>Untitled Document</title>
</head>
<body>
<form method="post" action="<?php print($_SERVER['PHP_SELF']);?>">
<table width="70%" border="0" cellspacing="1" cellpadding="0" align="right" dir="rtl">
<tr>
<td width="20%">User name*</td>
<td width="30%"><input type="text" dir="rtl" align="right" name="name" maxlength="12" size="20"/></td>
<td width="20%">Retype E-mail* </td>
<td><input type="text" dir="rtl" align="right" name="email2" maxlength="30" size="20"/></td>
</tr>
<tr>
<td>password*</td>
<td><input type="password" dir="rtl" align="right" name="password" maxlength="20" size="20"/>
</td>
<td width="20%">Msn messengr ID</td>
<td><input type="text" dir="rtl" align="right" name="msn" maxlength="20" size="20"/></td>
</tr>
<tr>
<td>retype password*</td>
<td><input type="password" dir="rtl" align="right" name="password2" maxlength="20" size="20"/></td>
<td>ICQ number </td>
<td><input type="text" dir="rtl" align="right" name="icq" maxlength="12" size="20"/></td>
</tr>
<tr>
<td width="20%">Contact E-mail*</td>
<td><input type="text" dir="rtl" align="right" name="email" maxlength="30" size="20"/> </td>
</tr>
<tr><td><input type="submit" dir="rtl" align="right" value="send" /></td></tr>
</table>
<input type="hidden" name="check" value="1" />
</form>
</body>
</html>
[/code]
Not quite true...
I'll try to explain my source:
Every time an error occurs i place the error message in the variable...
Or add the error message at the bottom of the variable if a prior message exists...
[/QUOTE]
[code=php]
[/QUOTE]
@mail($_POST['email'], $row['title'], $row['message']);
if(!(@mail($_POST['email'], $row['title'], $row['message'])))
[/code]
0.1.9 — BETA 5.19