ManiacDan

Haha, yes, that would do it. You don't actually run the query. Also, a debugging tip: Read your post and your first response. You are saying "here is a script that's designed to store some database data in the session. The only thing being stored is the data from outside the database loop. What is the problem? The problem, clearly, is the database loop. Turn error_reporting all the way up, you would have gotten an error from the mysql_fetch_array line. Echo what you think might be a problem. if you had put an echo inside that loop, you would have known beforehand that it wasn't running. -Dan

Well...you know...content. You seem to be wanting to make it a game site. Write stuff about games. Put that stuff on the page.

http://www.mysite.giacjr.dino-hosting.net/profiles/abc123.php?u=num Warning: include(1) [function.include]: failed to open stream: No such file or directory in /home/giacjrdi/public_html/mysite/profiles/write.php on line 129 Warning: include(1) [function.include]: failed to open stream: No such file or directory in /home/giacjrdi/public_html/mysite/profiles/write.php on line 129 Warning: include() [function.include]: Failed opening '1' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/giacjrdi/public_html/mysite/profiles/write.php on line 129

$connection is obviously the number 5 rather than a mysql link resource. like the poster above me said, you close the connection and then try to use it. -Dan

The lime green "you are logged in" page did permanent damage to my eyes. Also, you don't verify email addresses, as you can probably tell by the testy@mctesterson.com that's now in your database. I'm unclear what the whole "comments" thing does, I posted comments and nothing happened. Also, you cannot comment on individual games. The whole thing is kind of...ugly. A graphics designer or a cleaner plan for the site's flow would help. The over-wrought graphics (which are nearly impossible to read), the poor background colors, and the low contrast text make the whole thing difficult to use. Also, your navigation is screwy. No reason to have "logout" when you're not logged in, or "login" and "register" when you're already logged in. The left nav for the games should be a true left nav and not just tacked to the left side of the bottom of the page. I tried a couple of script and injection attacks on the site, you seem safe from the basics. You set two cookies, one of which is my username and the other is an md5 of my password. Don't do that, it's obvious to anyone with a modicum of skill what it is. If you're using those cookies for authentication, DON'T. -Dan

Click login, enter random crap in both boxes, and click submit. You're taken to an error document that directs you to register. You should be taken back to the login form with an error message so you can try again. -Dan

Right, the parser is what throws the error, and the first document is fully parsed without the strict warning being thrown before it's executed and the error level is properly set. Setting the error level in php.ini will "fix" this strange behavior. -Dan

I think he means: 1) You don't need WHERE 1. You need the "WHERE" but the "1 AND" is unnecessary. Drop it. 2) AND takes precedence over OR. A query that contains "WHERE col1 = 'abc' AND col2 = '123' OR col3 = '456'", the first two are grouped together by the AND and then that GROUP is ORed with the third item. You need to wrap your OR clauses in parens, this is what you want: "WHERE col1 = 'abc' AND (col2 = '123' OR col3 = '456')". See the difference? Any group of OR items that are meant to be grouped together must be wrapped in parens like that. Also: 3) Don't use LIKE for straight comparisons, and don't quote numbers. Also note that you have a big chain of AND/OR statements with the same CATGNUM repeated over and over. "AND CATGNUM IN (1,2,4)" is probably what you want there...but I can't tell due to the duplicates and lack of parens. -Dan

Mchl us right, the MySQL query language stands on its own. If you're having a problem with a piece of PHP code that contains a MySQL query, print the query to the screen, then copy and paste it into your query browser. If the query is producing the wrong data, post in the MySQL forum. If the query is right, post in the PHP forum. -Dan

The first thing that jumped to my mind was usability (entering a bad password doesn't allow you to try again) and copyright concerns. Even though freeOnlineGames.com is free for you to play, that doesn't necessarily mean the games are free for you to take and put on your own site. With the DMCA and ACTA out there, a company can have your internet connection disabled just for looking at them sideways. -Dan

If you're updating using a WHERE clause, then you can just run a SELECT with the same WHERE clause before your update and that will select the rows you're about to change. If you don't know which items are being updated, you can set a trigger on the table to update a "last_edited" timestamp on the table, which will allow you to fake the operation by selecting items that were updated in the last 2 seconds. -Dan

GROUP BY um.user_id) ORDER BY RAND() -Dan

Visiting the PHPMyAdmin folder directly should prompt you for a username and password. Clear your cookies and try again. -Dan

You also need to quote your array indexes, $_GET['q'] instead of $_GET[q], but that's unrelated. -Dan

Find_in_set is really what you want. As long as the result is greater than zero, it's in the set. Zero means it's not in the set. Really, what you want is to make this database structure properly, as was already suggested. -Dan

file_get_contents reads remote files. -Dan

The next argument to the mail() function are the email's headers, which contain FROM and REPLY-TO. -Dan

Ummm...what is it supposed to do? How do you "log in" a user? So far this code will print "err=Successful." (which is confusing) if the undefined variables $user and $pass exist in the table. -Dan

Um...like that? What exactly is the problem?

To echo content: echo $content; To overwrite a file instead of appending, change the 'a+' to 'w' -Dan

Seconded.

One part array_slice and one part implode. Bake at 350 for 10 minutes. -Dan

No, you don't need to, you need to put the image inside the div so that the div auto-expands properly. You could also use a table for this, as much as it pains me to say it. -Dan

The OP has made it clear that he actually wants THE STRING "$_GET['id']" in his database, NOT the value of that variable. mysql_query("INSERT INTO someTable (somefield) VALUES ('\$_GET['id']')"); This is silly, but it gets what the OP has asked. -Dan

You think they're pressing buttons, but what they're really doing is sending POST data to your server, which they have full control over. Based on what you've said, you're completely trusting the user's input. Don't. Like I already said, a user CAN send malicious code to your webserver, and you're executing it without sanitizing it. 10 minutes with the URL of this tool and I can compromise your database and delete the files on your server. -Dan