codeprada

Don't practice throwing data from the user directly into your queries. It makes your database vulnerable to SQL injections. I'd suggest using Prepared Statements offered by MySQLi and PDO. They're immune to SQL injections and will save you a lot of headache. I'm assuming owner_name is a string so therefore it must have single quotes around the value. This is basically you're query. Let's use my username for example SELECT `car_year`, `car_name`, COUNT(*) as `total` FROM `company_inventory` WHERE owner_name = codeprada AND warehouse_id = 444 GROUP BY `car_name`, `car_year` ORDER BY `car_name` ASC If the warehouse_id is an integer type then it's ok but owner_name fill cause the query to fail. Prepared statements also place the quotes around your values automatically if necessary.

Your SQL query is wrong because your missing the WHERE clause and the AND ... isn't suppose to be there. SELECT COUNT(user_id) AS Num FROM liked WHERE user_id = $x

A query that selects the car's year and name and also the result of COUNT(*) while grouping the data by the car's year and name should do the job. SELECT `year`, `car_name`, COUNT(*) AS `total` FROM `table` GROUP BY `car_name`, `year` ORDER BY `total` DESC

Learn to refer to the manual. http://pear.php.net/manual/en/package.database.mdb2.intro-execute.php

You have 2 currencies in your MySQL? You should really only have one standard. For instance either USD or EURO. Then it only takes a simple multiplication operation to convert to another currency on the fly. You now have the job of find the rates relative to your standard. These rates should be stored in a separate table. Rates --USD -2.00 --XCD -500 .... You can then select the appropriate rate and then multiply the corresponding value to make the conversion.

You're entering the Company Name in the ID column. You should make ID an auto_increment INT.

'\n' is not the newline character but a string of '\' and 'n'. Note the single quotes as you have. Use double quotes so that PHP will parse it as a new line character.

You're trying to enter duplicate keys (primary, unique, composite). Do you have an auto incremented ID in the company table?

Your regular expression should be enclosed in delimiters. A delimiter would be any character used to determine the beginning and end of the regular expression. Example - # would be the delimiter '#regex_here#'

Don't include PHP files via an HTTP path. Use either the absolute or relative path on the filesystem. From the looks of it LIB_PATH is in the root folder so therefore a path like this should suffice. defined('LIB_PATH') ? null : define('LIB_PATH', DIRECTORY_SEPARATOR . 'includes'); Placing the directory separator before the path indicates that the path is relative to the root directory. Also PHP has a constant called DIRECTORY_SEPARATOR which should be of use to you.

You only really need to look for (Gå since it's starts your pattern and then match everything until you've reached the closing parenthesis. Consider this.... #\(Gå[^\)].+?\)#

Yes you do need (should have) an HTML form for a number of reasons. They provide a means to get input from the user You can control data much easier.

The problem isn't PHP but your HTML\CSS. You need to set the overflow to hidden.

Mysqp_real_escape_string works to some effect but it's still vulnerable to SQL injections. You really don't need to be manually checking replacing anything in your query. Look into Prepared Statements, which are immune to injections if used properly. Offered by MySQLi and PDO. One reason why you should drop MySQL.

To show errors place this at tthe top of your code error_reposting(E_ALL)

That's because you're using 'w' as the mode to which the file is opened. This overwrites what's in there. Use 'a' which means to append.

Use regular expressions. Check out preg_match.

The absolute number of every number is returned. Meaning that you won't get a negative value when the date passed is lesser than the one being compared. Example <?php #slight modification of the example on php.net $datetime1 = new DateTime('2009-10-11'); $datetime2 = new DateTime('2009-10-13'); $nonabsolute = $datetime2->diff($datetime1); $absolute = $datetime2->diff($datetime1, true); echo 'Regular: ' . $nonabsolute->format('%R%a days') . '<br>'; echo 'Absolute: ' . $absolute->format('%R%a days'); ?>

The default execution time of each script is 30 seconds. You may want to set it to 60 seconds or however long if it takes longer than 30 seconds to send 10 emails. <?php ini_set('max_execution_time', 60); ?>

What are you writing to? It should work according to those two lines of code you've posted.

Using POST will still repost the data. You need to create a random key that will be assigned to each form and is rendered invalid when the form's data has been processed. You can create a random key simply from hash_hmac('sha1', time(), $_SERVER['REMOTE_ADDR']) The value returned from hash_hmac would be stored in a session variable and also placed in the hidden input element within the form. When the form is submitted check the value of the hidden input element against that of the session variable. If they match then you'll process the form and then unset the session variable. Unsetting it will cause the hidden input element's value to be invalid. N.B. Don't process the form is the hidden input element's value does not exist.

Your date doesn't have seconds so using date_parse will result in a few errors. You could have used the array returned to build a timestamp with mktime then format your date with the date function.

A blank page means there's an error in your script. Set error reporting to E_ALL and set display errors to on and you will see them. About this IF statement if($username){ header("Location: index.php"); } This will never evaluate to true because you never initialized $username. It's basically a waste of CPU cycles. This can also produce an E_NOTICE error since you're trying to compare a value that doesn't exist. Use either isset or empty to check variables. I'm not sure if there's a session_start() within scripts/connect.php or the server automatically initializes the session but to get the value of $_SESSION['uid'] you should call session_start(). You never checked to verify that the required values were ever posted so you could be working with NULL values in your query. Finally your script is vulnerable to SQL injections. I'd suggest stop using the MySQL API and move on to either MySQLi or PDO. Those two APIs offer prepared statements. If used properly they are immune to SQL injections.