ginerjm

litebearer - My point was more about the OP loading up his entire project(?) and expecting someone else to do what he should have already done such as some debugging and isolation of the problem instead of dumping it onto the net. S&H - haven't heard that name in a veeery long time

I presume that you are not doing any error checking when you execute this query, because I'm sure it will fail to run. $qrslts = MySQL_query($q); if (!$qrslts) { echo "Error running query - error msg is: ".MySQL_error(); exit(); } should catch this. Meanwhile - your query will only return two fields - id & url. Also you session vars are not entered properly. S/b $_SESSION['index']

You would put the test and header in each page that you are afraid of people bypassing security by typing in the url directly to the page. BTW - what is this doing: // username and password sent from form $myusername = mysql_real_escape_string ($_POST['myusername']); $mypassword = mysql_real_escape_string ($_POST['mypassword']); $myusername = stripslashes ($_POST['myusername']); $mypassword = stripslashes ($_POST['mypassword']); You've protected yourself from injection with the first two lines, but then you are removing non-existent slashes in the last two lines. Basically you use the first two when using the fields in a query, and when storing in your db. You would use the last two lines when you take already "sanitized" data from your db and are showing it to the user again. Not both at the same time!

When you say "click the print button" are you talking about a button that you put on the page, or the browser's print button?

Are you in fact getting the error message "please try later"?? Cause if you are not, then how do you know you didn't? Plus you should add MySQL_error() to that echo statement to help you out. BTW - your insert has more values than field names.

Are you all set with this question? I can't tell from the posts so far. If not, I have questions. Like - are you uploading images or not? Kinda sounds like you are not which means how do you expect to display them? AFAIK you can't keep them on your pc and display them on your webpage. The pic files need to be stored on your server and then your script creates html tags that point to the folder holding your images and looks up any data about the pics in your db, using the filename as the lookup value.

Are you kidding me/us? You submit 9 files and tell us some vague problem exists and expect US to do your problem solving???? And what are we supposed to do with your 50 points??

That's programming!! A never-ending educational experience.

Don't know what you last post is about, but the test you did for me tells us that the var doesn't exist when you try to output that line containing it. Now - figure out why it doesn't exist. Also - you really don't need to keep using <? ?> tags throughout your code. Your can write html like this: $code =<<<heredocs <td>$myvar</td> <td>$morevars</td> <td>$anothervar</td> blah blah blahhtml heredocs; echo $code; will output all your html and vars without going into and out of php mode. read up on heredocs in the manual. Note that the closing tag (heredocs;) MUST be in column one.

Yes - what is your problem? I don't know what you mean about printing the page, since I see no code related to printing a page. But - fyi - printing with php is best done by creating a pdf and then letting the user trigger the print action with their browser. Very difficult to simply print a web page since you don't know how it appears to the user on his screen and may not fit on the page. With a pdf, you can create a well-defined image and be sure that it will be a nice-looking report. Read up on the fpdf class. It will take a little experimenting but it is easy to pick up.

In front of that last line "print ...." do exactly this instead: echo "to is:$to:"; exit(); Tell me what that echo line gives you. BTW - you can use alternating double and single quotes to make your life easier. Try: print " <td style='width:70%'><input type='text' name='to' maxlength='50' style='width:200px' value='...............................' /></td>"; Much easier to type and to read, no?

That kind of message says : a - the database name doesn't exist or b - you didn't connect to the sql server, as in the 'connect' statement above that select didn't work. Perhaps the permissions have changed on the sql server, or the credentials in the connect statement got changed somehow. Be sure that you are doing an error check on that connect statement. (as one should on every statement!)

I don't look at "full code". I look at sections that are clearly related to your problem. Did you look at your code to see if $to was defined before using it at line 146? Put an echo in your code right before line 146 and see what you see onscreen (ie echo $to; exit(); )

You're probably running in a prod environment, You need to work in a devl environment and turn on error checking and then take the info that you get from that to isolate the php line that is causing the problem. The error you describe is not a normal error, ie I've never seen that exact wording in a message. So - when you find the line and read up on that you may have your answer, otherwise you can at least show us the line.

A lot of meaningless code as it applies to this problem. The previous poster tried to tell you something. Heed it and then get back to us with the pertinent code sample if necessary.

Did you check the manual? This function expects a source file from a specific source. You seem to be simply assigning a name and attempting to move that.

Line 146 looks like the part of your script that builds the page for the user, hence the following portion is irrelevant here. What's important is - does the variable $to exist prior to line 146?

Besides - the <input type='file' tag will be pointing you at a folder on your client machine, not the server, so you don't want that path. And the prev post was correct. You never want to store the path in the table UNLESS your table will be hosting files from all over your website. Usually photos are stored in one folder tree and you can do as the post said - store the root path to that folder and then append any subfolder name to the filename as in: main folder name: "photos" sub folder names: "Jim", "Fred", "Linda" Stored in the table would be: "Jim/pic1.jpg", "Jim/pic2.jpg","Fred/hispic.jpg","Linda/herpic.jpg" and so on. If the photos have to be moved, the assumption would be that all the subfolders would just be moved to another parent folder and you just modify the main folder name stored in your script or in a specific record on your table. Remember - that code you showed us is to browse for files on the client. If you want to give the user something to browse the files on the server (ie, in your db), you need to do something else.

One thing I suggest is: learn the usage of CSS. You can save an awful lot of code with css. Consider your <td> tags with the alignments you are doing for EVERY element of your table (much of which is deprecated BTW). <head> <style type='text/css'> td { padding:4px; text-align:left; vertical-align:middle; } </style> </head> This will do all your alignments for every table cell. Should you need to make some cells different, simply create a class and reference it in the <td> tags that you want to be different, as in: (in your css section as above) .td_bottom { vertical-align:bottom; } will create a different alignment for those td cells that have 'class="td_bottom"' in them.

I've learned something new. So - the user should use one of the suggested functions instead of the MySQL one - everything else is I've described stays the same. ps - what the heck is the "authentication system in MySQL"? I've seen so many examples of its usage, I never knew it was not a preferred method.

I dont' understand why you need a plain text password, nor why encryption is not possible. Your app reads the data (password) and uses it to validate the user's input value - it never goes anywhere else. So why can you not encrypt it for your usage? Nobody/no one will ever access this value - if they are then you have a serious design problem, since by simply letting another application access your secured data is a security breach itself.

Sorry - I don't wade thru other people's giant blocks of code. Show me the isolated part that does what I suggested previously. PS - I may be alone in my practice, but I design my scripts to put all the html in one function and I place php vars that contain all the dynamic parts of the page. Makes reading and debugging SOOO much easier and also makes following the php easier since it isn't intermingled with that html code. Think about it. Generally I have one <? tag per script.

Well, that's true, but at least a good security method for 'other' sensitive data can prevent the damage from progressing beyond.

This is not the answer you seek, since security is not one of my strong points. Simply - you do not store the password in plain text. You store it in your chosen hash/encryption/etc. scheme. Then when a user presents a password your hash that entry and use it to find a matching (already-hashed) password in the database. $q = select * from mysignons where username=$user and password = PASSWORD($pass) where PASSWORD is the standard MySQL hashing function. If you choose to use some other hash method, you simply apply that to the $pass var and use the result in your where clause. The thought you have is probably triggered by the desire to be able to recover the password should the user forget it, but that is not what one does. Once forgotten, the user is given an entirely new password, never the old one.

You actually have a field in your html form named "query"?