EdwinPaul

@Mike: <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> Might be unsafe. If the script is called with: http://localhost/example.php/"><script>alert('howdy');</script> you may have XSS.

it is written properly, but I think 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=1' should be 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=2'

Your included file checkoutConfirmation starts with: Line 2 : Check if step is defined and the value is two // two=2 if (!defined('WEB_ROOT') || !isset($_GET['step']) || (int)$_GET['step'] != 2 || $_SERVER['HTTP_REFERER'] != 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=1') { // 1 ???? exit; }

There is something stange in this line: <form action="?step=2" method="post" name="frmCheckout" id="frmCheckout" onSubmit="return checkShippingAndPaymentInfo();"> What do you want to happen when the submit-button is clicked? You code onsubmit= and also action=

I mean the page BEFORE you get the 404-error.

If you call your page in your browser, look at the source. You will only see html, but you can see what parameters there are and the contents you composed.

Instead of <form action="<?php echo $_SERVER['PHP_SELF']; ?>?step=3" method="post" // step=3 is just an example... use: <form action="?step=3" method="post"

My mistake. I should have thought. :'(

Maybe this is usefull ? http://php.net/manual/en/control-structures.switch.php

You didn't put an error-message after your checking. Try: //Make sure the spam response is valid if ($_POST['spamcheck']=="recon") { smarty_error(lang('spam')); // <-- you will have to add this in smarty-table }

Maybe this helps: http://php.net/manual/en/function.money-format.php

Maybe I can help you better if you post the WHOLE script. Please replace passwords etc by *** ;-)

The first time you display your form, the variables are not filled yet. <td class="label">Site Name:</td> <td><input class="conf-input" name="site_title" id="site_title" type="text" size="35" value="<?php echo $site_title; ?>"></td> All those lines of your form should be changed to: <td class="label">Site Name:</td> <td><input class="conf-input" name="site_title" id="site_title" type="text" size="35" value="<?php echo isset($site_title) ? $site_title : '' ; ?>"></td>

The first part needs some changing: /* $_REQUEST should not be used. It is a combination of $_GET, $_POST and $_COOKIE so you will not know where your variable is coming from */ /* isSet should be: isset // Change the first part to: $site_title = isset($_POST['site_title']) ? $_POST['site_title'] : ''; $site_slogan = isset($_POST['site_slogan']) ? $_POST['site_slogan'] : ''; $footer_text = isset($_POST['footer_text']) ? $_POST['footer_text'] : ''; $keywords = isset($_POST['keywords']) ? $_POST['keywords'] : ''; $email = isset($_POST['email']) ? $_POST['email'] : ''; $first_name = isset($_POST['first_name']) ? $_POST['first_name'] : ''; $last_name = isset($_POST['last_name']) ? $_POST['last_name'] : ''; in your query you forgot the $-sign : $query = "UPDATE settings SET site_slogan = '$site_slogan' WHERE site_title = 'site_title'"; // '$site_title'"; [edit] sorry, wildteen, it took me a while so you beat me to it... ;-)

About the query: names of variables are CASE-SENSITIVE. You name your query $SQL but you use it as $sql. Change that. About the 'site_title': You are trying to update the table-field 'site_title' with the contents of your variable $site_title. That last variable $site_title has to be filled from your form BEFORE you can use it. All the fields of a form are in an array called $_POST, so if you want to use one of your form-fields, you will have to address it like $_POST['site_title']. Examine your form and find out how that field is named.

Why do you give your img: id=\"".$row['userID']."\" When you look at the source of the displayed page, what do you see?

Should be: for($i = 1; $i <= $nxpages; $i++) echo ' <a href="'.$_SERVER["PHP_SELF"].'?nxpage='.$i.'">'.$i.'</a> ';

Try changing !== to != (one equal-sign)

If you use the above query, you say: "I want to update the field 'site_title' from a row in my tabel, where the table-field 'email' is equal to the contents of my own variable '$email', with the contents of my own variable '$site_title'. It is confusing to give your own variables the same name as the fields in the row of your database. Are you sure your own variables $site_title and $email exist ?

Okay, I stand corrected. It gets the value of your value= attribute. If you want it initially to be checked, add checked="checked" to your checkbox.

A checkbox doesn't exist in the array $_POST if it isn't checked. If it is checked, it has value 1. Print your array: echo '<pre>'; print_r($_POST); echo '</pre>';

Even simpler: echo "<td align = 'center'>".$row['statementdate']."</td>"; should do it, making the variables redundant.

This works: $strarray = 'SD55555 |FIL|END|'; $find = 'FIL'; $pos = strpos($strarray , $find); echo $pos.'<br/>'; $arrayhist=array('','SD55555 |FIL|END|',''); // first element = $arrayhist[0], second element = $arrayhist[1] $strarray = $arrayhist[1]; echo $strarray.'<br/>'; $find = 'FIL'; $pos = strpos($strarray , $find); echo $pos;

When the user hits enter, an invisable new line-simbol is inserted. You can store the textarea in your database. When displaying it later, you use the nl2br() function. (nl2br means: "new line to break")

What can't be found? The class? Check the correct spelling (Case-sensitive !). The upload-file? Dit you enter something in the field on your form?