Boreas

No problem, glad you got it working. As a word of advice, you need to sanitise any data coming from client side before using in a query to your database. For example you are using the selection of the <select> held in $PMSelection directly in a db query without escaping it or checking it against a white list. Do some reading on escaping (escape, escape, escape is generally the idea) and on white listing / sanitising inputs from clients. If you don't validate what has come from a user then you are open to sql injection Good luck

Thank you both for your replies requinix: Yes that is probably the problem here, thanks for pointing it out - as a quick fix I will pursue this pending changing the affected scripts. Jacques1: Thank you for the advice. I don't know why but I had it in my mind it was a bad idea to include using _DIR_ but you have shown what I am doing is the bad idea. I will do as you say from now on. Appreciate the input, again I have learned some 'basic' best practices the hard way Many thanks

Few things: - You should specify the form's method as post / get <form method="post" enctype="multipart/form-data"> ... </form> - Your <select> tag has name="PMName", therefore the passed variable (either via GET or POST will be $_GET["PMName"] or $_POST["PMName"]. You currently have $PMSelection = $_POST["PM"]; $PMSelection = $_POST["PMName"];

Thanks for the reply, some of the files to be used I was advised to keep out of webroot as they contain some API tokens. I believe I tried to give a 'harder' include path when initially writing this application (its been running for some time before needing any https pages), but failed hence having to add the directory to PHP's include directories. So I could move most of those files back into httpdocs and include problem should go away but according to advice received previously it would still be a good idea to leave the sensitive token files outside of webroot, and include them where necessary - so problem would still exist. Still flummoxed over why https causes any difference.

You should probably be using mysqli_fetch_row, as you are using mysqli API not mysql: <?php include('./db.php'); $PM = mysqli_query($con, "SELECT DISTINCT PMName FROM report" ); echo "<b>Select a PM:</b> \n"; echo " <select name='PMName' onChange='submit(this.form)'>\n"; while( $row = mysqli_fetch_row( $PM )) { $sel = ( $table === $row[0] ) ? "id='sel' selected" : ""; printf( " <option %s value='%s'>%s</option>\n", $sel, $row[0], $row[0] ); } echo " </select>\n"; echo " <input id='edit' type='button' value='GO' onClick='submit(this.form)'>\n"; ?> $table is there so that an option value from the drop down can be pre selected from some other user input etc #ref your next post, again you need mysqli_fetch_array not mysql_fetch_array if using mysqli API

Hi all "im new here" Hoping someone can help me with this peculiar problem. I have a vps running Plesk (9.5.4) + PHP 5.3 For the domain I am working on, I have specified additional directories to the PHP include_path via vhost conf file. One of those directories is outside of webroot, so is same level as httpdocs. eg: :/var/www/vhosts/example.com/outer_includes My scripts are able to include PHP files, using require, include etc from the directory added to PHP's include, so I know that its working perfectly. Problem I have is that if I call a script with HTTPS, I get require_once fatals, as for some reason the includes no longer work. --------------------------------------------------- eg: include_me.php lives in a directory on same level as httpdocs, which has been added to PHP include directories. /var/www/vhosts/example.com/outer_includes/include_me.php script.php contains: <?php require_once('include_me.php'); ?> Calling: http://www.example.com/script.php This works as expected. Calling: https://www.example.com/script.php This fails with fatal on the require_once() --------------------------------------------------- I am self taught and fully expect this to be another hole in my knowledge but I can't seem to fill this one by asking Google. Can anyone advise? Would be very grateful Boreas