Drummin

Seemed to work fine for me. Toggled pages no prob.

Where are you using 'photo' still? Undefined index: photo in ... basicpackage-send.php on line 16 Thought we had name changed to 'upload'?

In your form you are using <input type="file" name="upload"> So "upload" is the name you're using. In processing, you need to use this same name. <?php //This is the directory where images will be saved $target = "/images/COMPANIES/"; $filename = stripslashes($_FILES['upload']['name']); $target = $target.$filename; //This gets all the other information from the form $company_name=$_POST['company_name']; $basicpackage_description=$_POST['basicpackage_description']; $location=$_POST['location']; $postcode=$_POST['postcode']; $upload=$filename; // Connects to your Database mysql_connect("******host", "****username", "****password") or die(mysql_error()) ; mysql_select_db("****DB") or die(mysql_error()) ; //Writes the information to the database $company_name = mysql_real_escape_string($company_name); $basicpackage_description = mysql_real_escape_string($basicpackage_description); $location = mysql_real_escape_string($location); $postcode = mysql_real_escape_string($postcode); $upload = mysql_real_escape_string($upload); mysql_query("INSERT INTO `Companies` VALUES ('$company_name', '$basicpackage_description', '$location', '$postcode', '$upload')") ; //Writes the photo to the server if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { //Tells you if its all ok echo "The file ". $_FILES['upload']['name']. " has been uploaded, and your information has been added to the directory"; } else { //Gives and error if its not echo "Sorry, there was a problem uploading your file."; } ?>

I don't work with cookies much but it seems the last call you should make is session_destroy(); session_start(); session_unset(); $_SESSION = array(); setcookie(session_name(), '', time() - 3600); setcookie('username', '', time() - 3600); session_destroy();

Adding $_FILES['photo']['error'] will show an error number (good or bad), which can identify what's going on. See error codes here. http://php.net/manual/en/features.file-upload.errors.php

Are you using 'photo' or 'uploadedfile' in your form?

To answer original question, look at your IF statement and how it's missing the opening bracket that corresponds to the ELSE as QuickOldCar pointed out.

Do you not have any auto increment field like `id` in your table?

Do yourself a favor and use some checks for your GET values before querying DB. Adding a default $GalleryID will also prevent a fatal error when no GET value is present. if (isset($_GET['ID'])){ $GalleryID=mysql_real_escape_string($_GET['ID']); } else{ $GalleryID=1; }

Hey that's cool that you got it working. Though I doubt I would personally store the menu positions in one field, (I would use id and parent_id) but never the less found it an interesting challenge and worked on it some last night but didn't get it fully working. Glad you figured it out.

Are you sure fields match and the query is pulling results? Looks fine to me.

Loose the semi-colon on the fetch array line. <?php $data = mysql_query("SELECT * FROM employees") or die(mysql_error()); WHILE ($info = mysql_fetch_array($data)) { echo "<img src=images/".$info['photo'] ."> <br>"; echo "<b>Name:</b> ".$info['name'] . "<br> "; echo "<b>Email:</b> ".$info['email'] . " <br>"; echo "<b>Phone:</b> ".$info['phone'] . " <hr>"; } ?>

Don't you need to echo the name? $row = mysql_fetch_assoc($result); $name = "{$row['firstname']} {$row['lastname']}"; echo "$name";

elseif(!mysql_num_rows($results)) Should be elseif(!mysql_num_rows($result))

In my opinion an array would work well as you can use a foreach loop to send out the emails. Plus a lot less coding adding all those case conditions.

Agreed. The site I'm currently working on is like this.

I don't understand the reasoning behind salt. To keep it simple, let's say the password is "Jim" and salt is "1234". These are combined to "1234Jim" (putting salt in front), then encoded. When a person logs in they add password "Jim" it's added to the salt, encoded and passed for query. My point is, all they're doing is entering "Jim" and so how is salt helping to secure things?

Now look into encoding your passwords. At the very least use MD5 on both your log in scripts and creating account scripts. $U_Password=MD5($U_Password);

Now try this <?php session_start(); //ini_set('session.bug_compat_42',0); //ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //Add isset if (isset($_POST['UsersID'])){ //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; $result = mysql_query($sql); $result2=mysql_fetch_row($result); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" $_SESSION['UsersID']=$result2[0]; $_SESSION['U_YearID']=$result2[1]; if($_SESSION['U_YearID']==1){ header("location:login_success.php"); exit; } if($_SESSION['U_YearID']==2){ header("location:login_success2.php"); exit; } if($_SESSION['U_YearID']==4){ header("location:login_success4.php"); exit; } } else { echo "Wrong Username or Password"; } } ?>

Notice EDIT above.

Change to this <?php session_start(); //ini_set('session.bug_compat_42',0); //ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //Add isset if (isset($_POST['UsersID'])){ //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; //echo $sql; $result = mysql_query($sql); $result2=mysql_fetch_row($result); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" /* $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1){ header("location:login_success.php"); exit; } if($_SESSION['U_YearID']==2){ header("location:login_success2.php"); exit; } if($_SESSION['U_YearID']==4){ header("location:login_success4.php"); exit; } */ echo "{$result2[1]}"; } else { echo "Wrong Username or Password"; } } ?>

Is the name of the page we're working on called checklogin2.php?

And your DB table users has the field called `U_YearID`?

How about some simple testing to see if query is working. <?php session_start(); //ini_set('session.bug_compat_42',0); //ini_set('session.bug_compat_warn',0); $host="localhost"; // Host name $username="phpuser"; // username $password="phpuser"; // password $db_name="phpsite"; // Database name $tbl_name="users"; // Table name // Replace database connect functions depending on database you are using. mysql_connect("$host", "$username", "$password"); mysql_select_db("$db_name"); //Add isset if (isset($_POST['UsersID'])){ //submitting query // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $UsersID=mysql_real_escape_string($_POST['UsersID']); $U_Password=mysql_real_escape_string($_POST['U_Password']); $sql="SELECT UsersID,U_YearID FROM users WHERE UsersID='$UsersID' and U_Password='$U_Password'"; //echo $sql; $result=mysql_query($sql); //checking results // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 row //Direct Userbased on result if($count==1){ // Register $UsersID, $U_Password and redirect to file "login_success.php" /* $_SESSION['UsersID']=$result[0]; $_SESSION['U_YearID']=$result[1]; if($_SESSION['U_YearID']==1){ header("location:login_success.php"); exit; } if($_SESSION['U_YearID']==2){ header("location:login_success2.php"); exit; } if($_SESSION['U_YearID']==4){ header("location:login_success4.php"); exit; } */ echo "{$result[1]}"; } else { echo "Wrong Username or Password"; } } ?>

Add error reporting to the top of your page. Maybe that will shed some light. <?php session_start(); error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING);