QuickOldCar

duplicate post answered here http://forums.phpfreaks.com/topic/295385-upload-script/

this if($ext != $allowed) { die("Invalid Image File. Possible hack attempt!"); } to if(!in_array($ext,$allowed)) { die("Invalid Image File. Possible hack attempt!"); }

Show this part of the code that creates $searchType Try building the href urls with http_build_query instead of manually You shouldn't have to be looking for a parameter and it should just hold the value of each if(strpos($strTypes, 'bidDate') !== false){ Instead it should be something like $_REQUEST['bidDate'] or if passed them as a multi in the form would be $_REQUEST['stypes']['bidDate'] So the solution to this is to gather each selected GET parameter from your form and use http_build_query Then you check which GET parameters exist and use them for your query Let's say your form is using GET as the method echo "<br /><br /><a class='btn btn-default' href='exportsw.php?".http_build_query($_GET, '', '&')."'>Export to CSV</a>"; Then if(isset($_REQUEST['bidDate']) && trim($_REQUEST['bidDate']) !=''){ //are going to want to escape and sanitize these, pdo, prepared statements or parameterized queries $bidDate = trim($_REQUEST['bidDate']); $sql = " SELECT c.* FROM ( SELECT ROW_NUMBER() OVER(ORDER BY ID) AS RowID,CONVERT(VARCHAR(11), b.BidDate, 106) BidDate,CONVERT(VARCHAR(11), b.DueDate, 106) DueDate, b.DueTime, b.BidTitle, b.BidID, da.DeptAlias, b.BidType, CASE WHEN b.AwardDate ='01/01/1900' Then NULL ELSe CONVERT(VARCHAR(11), b.AwardDate, 106) END AS AwardDate, CASE WHEN b.LastUpdate='01/01/1900' THEN NULL ELSE CONVERT(VARCHAR(11), b.LastUpdate, 106) END AS LastUpdate, s.Status FROM bids b inner join DeptALIAS da on b.AliasID = da.AliasID inner join Dept d on da.DeptCode =d.DeptCode inner join Status s on b.BidStatus=s.StatusId where b.BidDate = $bidDate ) AS c WHERE c.RowID > $start AND c.RowID <= $end ORDER BY c.RowID ASC "; }

Using a database and not hunting directories and files. Yes for sure a database. One major downfall is no matter how little the data is you want to fetch from a file...the entire file has to be loaded regardless.

Other options would be to integrate smarty or twig or at least look them over how they do it. If you are using php as your template engine you can include all through the index page and all styling would be there as your template. To clarify only your index page has the dividers with id's and class names, then include php scripts into those areas as needed. You could include header,navigation,content,footer,sidebar or optional not something just as easily. To expand upon that if wanted multiple themes to select from you could include specific ones. I've made a few cms using this approach and works out well. Creating a controller to include specific scripts depending on the navigation A simple example of the index page <?php //define $server_host = "http://" . $_SERVER['HTTP_HOST']; $document_root = $_SERVER['DOCUMENT_ROOT']; $directory_path = dirname(__FILE__) . DIRECTORY_SEPARATOR; $site_url = filter_var("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME'], FILTER_SANITIZE_STRING); if (!empty($_SERVER['QUERY_STRING'])) { $query_string = filter_var($_SERVER['QUERY_STRING'], FILTER_SANITIZE_STRING); $site_url .= "?" . $query_string; } require_once($directory_path . "/db-connect.php"); require_once($directory_path . "/includes/session.php"); ?> <!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width; initial-scale=1.0"> <title>Title</title> <META HTTP-EQUIV="Pragma" CONTENT="no-cache"> <META HTTP-EQUIV="Expires" CONTENT="-1"> <link href="style.css" rel="stylesheet" type="text/css"> <link href="media-queries.css" rel="stylesheet" type="text/css"> <!-- html5.js for IE less than 9 --> <!--[if lt IE 9]> <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> <!-- css3-mediaqueries.js for IE less than 9 --> <!--[if lt IE 9]> <script src="http://css3-mediaqueries-js.googlecode.com/svn/trunk/css3-mediaqueries.js"></script> <![endif]--> </head> <body> <div id="background"> <img src="images/image.jpg" class="stretch" alt="background" /> </div> <div id="pagewrap"> <header id="header"> <hgroup> <?php require_once($directory_path . "/header.php"); ?> </hgroup> <nav> <?php require_once($directory_path . "/nav.php"); ?> </nav> <?php require_once($directory_path . "/search.php"); ?> </header> <div id="content"> <?php require_once($directory_path . "/content_controller.php"); ?> </div> <aside id="sidebar"> <?php require_once($directory_path . "/sidebar.php"); ?> </aside> <footer id="footer"> <?php require_once($directory_path . "/footer.php"); ?> </footer> </div> </body> </html> content_controller.php would determine which content to include depending on navigation/parameters in the url <?php if(!session_id()){ header("Location: http://".$_SERVER['HTTP_HOST']); exit; } /* actions and page controller parameter and page inclusion protection */ //only allow these GET paramters to pass in code $allowed_get = array( "action", "user", "id", "page" ); //loop get requests and remove any unwanted ones if (isset($_GET)) { foreach ($_GET as $key => $value) { if (!in_array($key, $allowed_get)) { unset($_GET[$key]); } } } //default page displayed if all else fails $page = "home.php"; /* loop through action array to determine destination $action_array located in actions.php, if action value is not in the array it won't load */ if (isset($_REQUEST['action'])) { if (in_array($_REQUEST['action'], $action_array)) { switch ($_REQUEST['action']) { case "home": //$page = "home.php"; header("Location: ".$server_host); exit; break; case "services": $page = "articles.php"; break; case "articles": $page = "articles.php"; break; case "help": $page = "articles.php"; break; case "help_post": $page = "help_post.php"; break; case "register": $page = "register.php"; break; case "account": $page = "account.php"; break; case "support": $page = "support.php"; break; case "users": $page = "users.php"; break; default: //$page = "home.php"; header("Location: ".$server_host); exit; } } } //include the page only if it exists $script = dirname(__FILE__) . DIRECTORY_SEPARATOR . $page; if (file_exists($script)) { require_once($script); } else { header("Location: ".$server_host); exit; } ?>

Instead of lowering the query terms you could make your database collation *_ci which is case insensitive utf8_unicode_ci is a good choice Your multiple LIKE queries should be set up like the following SELECT * FROM table WHERE (LOWER(field_1) LIKE '%$search%' OR LOWER(field_2) LIKE '%$search%' OR LOWER(field_3) LIKE '%$search%') ORDER BY date Personally I prefer to use mysql fulltext in boolean mode for searches https://dev.mysql.com/doc/refman/5.7/en/fulltext-boolean.html Create a fulltext index and a query would be similar to: SELECT * FROM `table` WHERE MATCH (field_1,field_2,field_3) AGAINST ('$search' IN BOOLEAN MODE) GROUP BY date

Insert any seo into the head section Any meta or something like opengraph You can view the page source any youtube video and see an example <meta property="og:* Query your data first before any output so you can populate the opengraph content while also using the same data for displaying to visitors. Search engines will use and value that information more than any other. It won't make crawlers visit you more, instead they have a way to get the information easier once they visit. Do you mean doing html caching? By caching dynamic websites to html for x amount of time will decrease server loads, especially heavy traffic situations. Is many cases you would not want to cache logged in users. Only html gets rendered to the browser with the addition of javascript and css scripts. It's as safe as reading any other web page.

You have double semicolons your queries AND status < 2;"; Is also doubles other places <?php function pf_validate_number($value, $function, $redirect) { if (isset($value) == TRUE) { if (is_numeric($value) == FALSE) { $error = 1; } if (@$error == 1) { header("Location: " . $redirect); } else { $final = $value; } } else { if ($function == 'redirect') { header("Location: " . $redirect); } if ($function == "value") { $final = 0; } } return $final; } function showcart() { if (isset($_SESSION['SESS_ORDERNUM'])) { if (isset($_SESSION['SESS_LOGGEDIN'])) { $custsql = "SELECT id, status from orders WHERE customer_id = " . $_SESSION['SESS_USERID'] . " AND status < 2"; $custres = mysql_query($custsql) or die(mysql_error()); ; $custrow = mysql_fetch_assoc($custres); $itemssql = "SELECT products.*, orderitems.*, orderitems.id AS itemid FROM products, orderitems WHERE orderitems.product_id =products.id AND order_id = " . $custrow['id']; $itemsres = mysql_query($itemssql) or die(mysql_error()); $itemnumrows = mysql_num_rows($itemsres); } else { $custsql = "SELECT id, status from orders WHERE session = '" . session_id() . "' AND status < 2"; $custres = mysql_query($custsql) or die(mysql_error()); $custrow = mysql_fetch_assoc($custres); $itemssql = "SELECT products.*, orderitems.*, orderitems.id AS itemid FROM products, orderitems WHERE orderitems.product_id = products.id AND order_id = " . $custrow['id']; $itemsres = mysql_query($itemssql) or die(mysql_error()); $itemnumrows = mysql_num_rows($itemsres); } } else { $itemnumrows = 0; } if ($itemnumrows == 0) { echo "You have not added anything to your shopping cart yet."; } else { echo "<table cellpadding='10'>"; echo "<tr>"; echo "<td></td>"; echo "<td><strong>Item</strong></td>"; echo "<td><strong>Quantity</strong></td>"; echo "<td><strong>Unit Price</strong></td>"; echo "<td><strong>Total Price</strong></td>"; echo "<td></td>"; echo "</tr>"; while ($itemsrow = mysql_fetch_assoc($itemsres)) { $quantitytotal = $itemsrow['price'] * $itemsrow['quantity']; echo "<tr>"; if (empty($itemsrow['image'])) { echo "<td><img src='productimages/dummy.jpg' width='50' alt='" . $itemsrow['name'] . "'></td>"; } else { echo "<td><img src='productimages/" . $itemsrow['image'] . "' width='50' alt='" . $itemsrow['name'] . "'></td>"; } echo "<td>" . $itemsrow['name'] . "</td>"; echo "<td>" . $itemsrow['quantity'] . "</td>"; echo "<td><strong>£" . sprintf('%.2f', $itemsrow['price']) . "</strong></td>"; echo "<td><strong>£" . sprintf('%.2f', $quantitytotal) . "</strong></td>"; echo "<td>[<a href='delete.php?id=" . $itemsrow['itemid'] . "'>X</a>]</td>"; echo "</tr>"; @$total = $total + $quantitytotal; $totalsql = "UPDATE orders SET total = " . $total . " WHERE id = " . $_SESSION['SESS_ORDERNUM']; $totalres = mysql_query($totalsql) or die(mysql_error()); } echo "<tr>"; echo "<td></td>"; echo "<td></td>"; echo "<td></td>"; echo "<td>TOTAL</td>"; echo "<td><strong>£" . sprintf('%.2f', $total) . "</strong></td>"; echo "<td></td>"; echo "</tr>"; echo "</table>"; echo "<p><a href='checkout-address.php'>Go to the checkout</a></p>"; } } ?>

Look into password_hash() and password_verify()

That's not a valid string. Can explode and make it an array, either use array_map or trim in a loop, then implode back into a string preg_replace seems the easiest <?php $string = "'178', '1', '179', '', '180', '67', '63', '47', '46', '', '', '', '201'"; $string = preg_replace("~\s'',+~", "", $string); echo $string; ?> Results: '178', '1', '179', '180', '67', '63', '47', '46', '201' This should work as well removing empties from an array $array = array_map('trim', $array);

Tried the upload portion on 2 different servers, it made the directory and also uploaded 2 different files. Double check permissions. check that file uploads is enabled in php.ini file_uploads = On

You should write a new post for new problems. Posting actual code helps as well. The mysql 2014 error is probably occurring because are trying to fetch new results while there was still old results being fetched You can try adding closeCursor() $stmt->closeCursor(); If the first results are not too large you can save them into an array and then run additional queries. Close the loop then do it. Is $fetched_stuff always one item? fetch() will fetch only one record, fetchAll() will fetch all the records and could then make $fetched_stuff an array by doing $fetched_stuff[] = stuff_from_bind_result;

font is deprecated should use css echo "&nbsp<div style='color: #920505;font-weight: bold;'>NEW</div>"; I would even position it and so on versus returning a new line

need a comparison operator == if ($result2->member1==$memberid and $result2->read1=='No') { echo "&nbsp<font color = #920505><b>NEW</b></font>"; } else { if ($result2->member2==$memberid and $result2->read2=='No') { echo "&nbsp<font color = #920505><b>NEW</b></font>"; }

Looks like you only return read messages that are Yes in your query where ((c.member1='{$memberid}' and c.read1='Yes' and c.removed1='No' and m.id=c.member2) or (c.member2='{$memberid}' and c.read2='Yes' and c.removed2='No' and m.id=c.member1)) group by c.originalid order by MAX(c.id) DESC"

I like ckeditor , live inline edit is great too.

I made it into one function and easier to use You just need to insert a users array <?php //config date_default_timezone_set('America/Los_Angeles'); //set to your server timezone //users array $users = array( "fffffffffffffffffffffffff", "KSIOlajidebt", "MissFushi", "UberHaxorNova" ); //function to fetch users videos function fetchYT($user, $max = NULL) { if ($max == NULL) { $max = 1; } $feedURL = "http://gdata.youtube.com/feeds/api/users/" . $user . "/uploads?v=2&max-results=" . $max . "&alt=jsonc"; $json = @file_get_contents($feedURL); $json = json_decode($json, true); if (is_array($json)) { foreach ($json['data'] as $video) { if (is_array($video)) { return $video; } } } } //function to sort by date function sortYTdate($a, $b) { return strcmp($a['uploaded'], $b['uploaded']); } //function to aggregate returned videos by date function aggregateYT($users) { $videos = array(); //define videos array if (!is_array($users) || empty($users)) { return $videos['error'] = "no users array"; } $videos = array(); //define videos array //loop users and fetch their videos foreach ($users as $user) { $user_video_array = fetchYT($user, 1); //youtube username, max results per user if (!empty($user_video_array)) { //youtube upload date to strtotime foreach ($user_video_array as $video_array) { $date = substr($video_array['uploaded'], 0, strlen($video_array['uploaded']) - 1); $video_array['uploaded'] = strtotime($date); //create new videos array $videos[] = $video_array; } } } if (!empty($videos)) { uasort($videos, 'sortYTdate'); $videos = array_reverse($videos); } else { return $videos['error'] = "no videos found"; } return $videos; } //display ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Aggregate Youtube Users Videos</title> <style> a{ text-decoration:none; } img{ padding:2px; } p{ padding:2px; } </style> </head> <body> <?php if (empty($users)) { echo "No users found"; } else { //only function need to call on, have a users array $videos = aggregateYT($users); //show results of array //echo '<pre>', print_r($videos, 1), '</pre>'; foreach ($videos as $video) { echo "<a href='https://www.youtube.com/watch?v=" . $video['id'] . "' target='_blank'>" . $video['title'] . "</a><br />"; echo "<a href='https://www.youtube.com/watch?v=" . $video['id'] . "' target='_blank'><img src='https://i.ytimg.com/vi/" . $video['id'] . "/default.jpg'/></a><br />"; echo "<small>" . date("F j, Y, g:i:s a", $video['uploaded']) . "</small><br />"; echo "<a href='https://www.youtube.com/user/" . $video['uploader'] . "' target='_blank'>" . $video['uploader'] . "</a><br />"; echo $video['category'] . "<br />"; echo "Duration: " . gmdate("H:i:s", $video['duration']) . "<br />"; echo "<p>" . $video['description'] . "</p><br />"; } } ?> </body> </html>

I wrote up something that can aggregate youtube videos by date with multiple users <?php date_default_timezone_set('America/Los_Angeles'); //set to your server timezone //users array $users = array( "fffffffffffffffffffffffff", "KSIOlajidebt", "MissFushi", "UberHaxorNova" ); $videos = array(); //define videos array //function to fetch users videos function fetchYT($user, $max = NULL) { if ($max == NULL) { $max = 1; } $feedURL = "http://gdata.youtube.com/feeds/api/users/" . $user . "/uploads?v=2&max-results=" . $max . "&alt=jsonc"; $json = @file_get_contents($feedURL); $json = json_decode($json, true); if (is_array($json)) { foreach ($json['data'] as $video) { if (is_array($video)) { return $video; } } } } //function to sort by date function sortYTdate($a, $b) { return strcmp($a['uploaded'], $b['uploaded']); } //loop users and fetch their videos foreach ($users as $user) { $user_video_array = fetchYT($user, 2); //youtube username, max results per user if (!empty($user_video_array)) { //youtube upload date to strtotime foreach ($user_video_array as $video_array) { $date = substr($video_array['uploaded'], 0, strlen($video_array['uploaded']) - 1); $video_array['uploaded'] = strtotime($date); //create new videos array $videos[] = $video_array; } } } //function to aggregate returned videos by date function aggregateYT($videos) { if (is_array($videos) && !empty($videos)) { uasort($videos, 'sortYTdate'); $videos = array_reverse($videos); } return $videos; } //display ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Aggregate Youtube Users Videos</title> <style> a{ text-decoration:none; } img{ padding:2px; } p{ padding:2px; } </style> </head> <body> <?php if (!empty($videos)) { $videos = aggregateYT($videos); //show results of array echo '<pre>', print_r($videos, 1), '</pre>'; foreach ($videos as $video) { echo "<a href='https://www.youtube.com/watch?v=" . $video['id'] . "' target='_blank'>" . $video['title'] . "</a><br />"; echo "<a href='https://www.youtube.com/watch?v=" . $video['id'] . "' target='_blank'><img src='https://i.ytimg.com/vi/" . $video['id'] . "/default.jpg'/></a><br />"; echo "<small>" . date("F j, Y, g:i:s a", $video['uploaded']) . "</small><br />"; echo "<a href='https://www.youtube.com/user/" . $video['uploader'] . "' target='_blank'>" . $video['uploader'] . "</a><br />"; echo $video['category'] . "<br />"; echo "Duration: " . gmdate("H:i:s", $video['duration']) . "<br />"; echo "<p>" . $video['description'] . "</p><br />"; } } ?> </body> </html>

What I gave should work for you. You can try to prevent duplicate names being inserted into mysql in the first place by making the unique index. or... Use the code that has DISTINCT in the query if want just one video per user and only 13 I have done tons of youtube related scripts like video search engine including own api,scrapers/crawlers, ripping playlists,users,watch lists, custom playlist creation. I'm beyond my limit as for sleep, try what you have here and would assist more after I sleep unless you get it or someone else helps.

Your new response is trying to find out how many videos the user has uploaded on youtube and doesn't help what you are trying to do. That example is loading the json versus xml response and doing a count on the array.

If my logic of getting all the latest video and a user can have more than one video does not work.....Was not sure if you were marking who just added one somehow or if there is never supposed to be a duplicate user. If the latter is the case you should be inserting these using a unique index on the youtube ALTER TABLE `userdb` ADD UNIQUE INDEX `user_index` (`youtube`); Use DISTINCT in the mysql query and loop each unique user with 1 max_result from youtube api $communityvideos = mysql_query("SELECT DISTINCT youtube FROM userdb WHERE rights='user' && youtube<>'' LIMIT 13"); while ($youtube = mysql_fetch_assoc($communityvideos)) { $user = trim($youtube['youtube']); $feedURL = 'http://gdata.youtube.com/feeds/api/users/' . $user . '/uploads?max-results=1'; //and so on }

The server may not configured properly to include htm or html files Contact your host and inform them of this, nginx handling htm and html files and not directly to apache?

Do you order by a date or an id? You were looping multiple times and also returning 13 from each users feed array_count_values() is what is needed here <?php //Adding limit to the end would get you a limited amount of results $communityvideos = mysql_query("SELECT * FROM userdb WHERE rights='user' && youtube<>'' LIMIT 13"); //end your while loop and create the $v array $v = array(); //define array while ($youtube = mysql_fetch_assoc($communityvideos)) { $v[] = trim($youtube['youtube']); //is this the user? } //check that v array is not empty if (!empty($v)) { //here we get each users count for videos $user_count = array_count_values($v); //Now loop through the 13 results from $user_count array which has usernames and amounts of videos each foreach ($user_count as $user => $video_amount) { //echo "$user has $video_amount <br />"; $feedURL = 'http://gdata.youtube.com/feeds/api/users/' . $user . '/uploads?max-results=' . $video_amount; $sxml = simplexml_load_file($feedURL); foreach ($sxml->entry as $entry) { $media = $entry->children('media', true); $watch = (string) $media->group->player->attributes()->url; $thumbnail = (string) $media->group->thumbnail[0]->attributes()->url; parse_str(parse_url($watch, PHP_URL_QUERY), $my_array_of_vars); //you can add the rest } } //end $user_count loop } //end if $v ?>

Seems for some reason couldn't paste their word document into here.

That's an old and unsecured login tutorial, try to find one incorporating mysqli_* or pdo and using something like crypt or password_hash