SamT_

That would require AJAX. Do your validations with some external ajax.php or something like that which would send messages back to the form page before finally submitting to your update database page.

Remove the quotes around $memberID in your query and be sure to cast it as an int when you create it, i.e. $memberID = (int) $_SESSION['SESS_MEMBER_ID'];

Are you getting any error messages from your PHP page? The query looks correct and you confirmed it by running it in phpMyAdmin. This sounds like a problem with your PHP, paste it here in tags and remove your password from mysql_connect().

Use the command: mysql -u vikingde_lapalm -p vikingde_lapalm It will prompt you for a password, enter the MySQL password you use in the script. If you are successful, then your credentials are correct.

Change your connect.php to this: <?php $connect = mysql_connect("localhost","my_DB_name","my_password") or die ("mysql_error"); mysql_select_db("airfield_data") or die(mysql_error()); You do not need any HTML here because this is not the script that is outputting anything. include(), require(), include_once(), require_once() does nothing more than copy-paste the code from the included/required file into the file where the include or require was called. By calling the connect.php now, you're producing invalid HTML. When you're not outputing anything (i.e. creating a PHP for inclusion ONLY), you can omit your ending php tag ( ?> ). Once you start getting into headers (like cookies), this will save you a lot of headache later on. While this is probably not the problem (in terms of a white page), it will help you down the road when you see HTML and wondering why you have excess HTML. In process.php, before <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> Add the following: <?php error_reporting(E_ALL); ?> Give us the error that comes up.

On a new line after "<?php", add the following: error_reporting(E_ALL); Refresh the page and see if any errors come up.

Be sure to select your article text from the database. The code below will cut off the message after the first 255 characters. $piece = substr($article_content, 0, 255)

Post the code that connects to the database (but be sure to remove your password prior to posting).

Not tested, but... $buffer = preg_replace("#\<a href=\"([^\"]*)\"#", '<a href="$1" style="color: rgb(0, 0, 0)"', $buffer); Basically, you're finding the opening a tag then replacing it with a new one with color in it. As long as all your links have the href attribute first, it should work on all if them, even with titles.

echo preg_replace("#\@([a-z0-9\_]+)#i", '<a href="http://www.twitter.com/$1">@$1</a>', $text); You can replace the twitter.com with anything, such as your function that generates the URL.

Session fixation is caused by an attacker gaining access to Session ID and either placing it in a cookie or URL. Due to the nature of sessions (i.e. some piece of data always has to be in control of the user), we can eliminate reasonable risk by taking certain precautions, but we cannot eliminate it completely. PHP sessions are vulnerable to session fixation, so you need to add some checking. Just because you disable the SID being passed through the URL doesn't mean you are completely protected. What I do is create a fingerprint, md5() the IP address (or partial if you're doing partial validation), User agent string, and some random salt unknown to the user. Store this fingerprint in a session var and check it against the fingerprint generated at the next visit. If they do not match, kill the session, generate a new ID, and set everything to default (for a guest browsing). Now, enough with my security rant, regarding your question about logging in and cookies disabled, is the SID being passed in the URL? If it isn't, then either your code is doing it's job or you've not actually disabled cookies.

Code is working (pic), my guess is GD is not enabled or something. I am not seeing any picture in either of your posts, could you just copy-paste your error message?

First, change your form to this: <select name="budget" id="budget"> <option selected="selected">Please Choose One</option> <option value="3.50">up to 500 Euros</option> <option value="5.00">500 to 1000 Euros</option> <option value="4.50">1000 to 1500 Euros</option> <option value="5.00">1500 to 3000 Euros</option> <option value="5.50">3000 to 5000 Euros</option> <option value="6.00">Over 5000</option> <option value="4.00>No Budget Set Yet</option> </select> We simply added the value="" so we have a nice clean value to give to the php script. Now, we get to input it. $budget = (float) $_POST['budget']; $price = in_array($budget, array(3.50, 4.00, 4.50, 5.00, 5.50, 6.00)) ? $budget : 4.00; Note that this code will sanitize your data and ensure you have a good value. It will default to 4.00 (which to my understanding means no budget set), but you can set it to anything you want, or even refuse to enter this in the database if they give a bad value.

If I understand correctly, you have ids in it's own column for both of the tables. What I would do is create a new array called $ids which you will fill up during the query result above. Then implode() that array using a a comma delimiter so you can then do WHERE id IN($imploded_ary).

It looks correct from just seeing it, have you tried accessing it from "example.com/hospital/Alabama.html"? Google will access and index those URLs just fine, what Google probably is lacking would be links to this URL. If you have a search box that a user must actively put a word in, then Google wont pick it up as it crawls your page passively - only picking up links which you place yourself. The easiest way to fix the issue with it not being indexed is simply to put links to search states. Have a sidebar that says "Hospitals by state" and have a list of the states linking to the appropriate search query.

You either need to remove the error suppression (get rid of the @ sign in front of imagecreatetruecolor()) or remove the "or die" clause at the end.

Ah, so a nested navigation. If I were you, I would remove the sub_pages table and put a parent ID column on the pages table. When you have a sub page, simply specify the parent ID as the page ID to your parent. Please note, I have not tested this code out, so be sure to create a new table with fake data while you test so it doesn't mess with your current setup. +-----------+-------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-----------+-------------+------+-----+---------+----------------+ | id | int(11) | NO | PRI | NULL | auto_increment | | parent_id | int(11) | NO | | NULL | | | position | int(11) | NO | | NULL | | | visible | tinyint(1) | NO | | NULL | | | page_name | varchar(30) | NO | | NULL | | | content | text | NO | | NULL | | +-----------+-------------+------+-----+---------+----------------+ <?php // connect to mysql here $sql = 'SELECT id, parent_id, page_name FROM pages WHERE visible = 1 ORDER BY position ASC'; $result = mysql_query($sql); // Pull the results out of the query $nav = array(); while($row = mysql_fetch_assoc($result)) { $nav[] = $row; } mysql_free_result($result); // Organize the data so we can easily foreach() it out // NOTE this will only work if you have only one level of sub pages $navary = array(); // Bring the parent pages in foreach($nav as $item) { if($item['parent_id'] == 0) { $navary[(int) $item['id']] = $item; } } unset($item); // Bring the child pages into the array foreach($nav as $item) { if($item['parent_id'] != 0) { $navary[(int) $item['parent_id']]['subpages'][] = $item; } } unset($item); // Nowe we're looping to the template: echo '<ul>'; foreach($navary as $item) { echo '<li><a href="content.php?id='.$item['id'].'">' . $item['page_name'] . '</a>'; if(sizeof($item['subpages'])) { echo '<ul>'; foreach($item['subpages'] as $subpage) { echo '<li><a href="content.php?id='.$item['id'].'">' . $item['page_name'] . '</a></li>'; } echo '<ul>'; } echo '</li>'; } echo '</ul>';

PHP does not store variables between page loads; you need to pass it all via a GET request or cookies. I don't consider cookies reliable for such things (say they have two windows open doing the same thing). My suggestion is to create some sort of processing function to generate the pagination link which will add all the appropriate vars to next page link.

Try the Herdoc syntax: <?php echo <<<EOT <script> function word_count(review, doc) { review = review.replace(/^\s*|\s*$/g,''); //removes whitespace from front and end var count_array = review.split(" "); doc.value = count_array.length; } </script> EOT; My guess is it doesn't like how you have delimiters to the PHP string in your javascript replace method.

Give this one a go: "#^[A-Z\'.-]{2,20}[\s]{1}[A-Z\'.-]{2,20}$#i" Here is a test suite: https://gist.github.com/89547f6befbacd783aa8

Opt for a caching architecture instead of temp tables. Not all DBMS support temp tables as well as others, which causes a lot of pain and suffering for the developers if you wanted to create applications that work on more than just MySQL.

Template systems can be very useful (especially when creating some sort of style engine). They do an effective job at keeping your PHP logic away from your display, which is good for medium to larger sized projects that require that sort of abstraction. Although there is a learning curve, it is often worth it for the benefits you get. I personally use Twig for my projects, and I can speak for it's performance.

getimagesize() is not slow, but due to the fact that you are requesting from a remote location, it could become slow - and if you're calling it over and over in the same script, it could take a while. If you must check for valid images, you're stuck between a rock and a hard place as, ultimately, you have to open some sort of socket and request the image. I can assure that fetching the image normally with either sockets ore get_file_contents() will take just as long.

Using a connection resource, you cannot extract any of the connection details. This is a security feature as you don't want your database info available if you don't need it.

You're really mixing your HTML logic with PHP logic and (as you can see) it's getting really hairy. I would try an approach where you have all your PHP stuff executed prior to even printing HTML. Just store your navigation in an array and loop it out. on the template. It looks like you have a query in a loop as well, which can really add up in terms of execution time as you don't always know the efficiency behind iterating within your algorithm. What's your SQL schema (just the columns) for the sub_pages table? Ideally, we can squash this down to into a single query.