jazzman1

Use mysqli_error() function to debug your query.

Assuming you're talking about IPv4, right? A common use of dot-decimal notation is to separate those four octets just for human convenience, nothing else. So, no need to create a special space for them inside an column, not to mention that they are not numbers. Just create a standard column with integer type 4 bytes unsigned int(4) and use mysql INET_ATON() function to store an IP address and INET_NTOA to return the dotted-quad representation of the address as a binary string.

When the file is being moved ones php delete it from tmp folder! You're calling move_uploaded_file() functions twice.

So, this query SELECT cnr.klikovi, COUNT(cnr.id) AS post_count FROM clanovi_njihovi_racuni AS cnr LEFT JOIN clanovi_njihovi_parovi AS cnp ON cnr.id = cnp.racun AND cnp.datum=curdate() WHERE cnr.id='$racun' GROUP BY cnr.id does not give you an answer of Why are you using fields of type varchar to store the date and datetime value? This insert statement should be inserted null values using mysql datatime functions on columns with type different from date and datetime. $query = "INSERT INTO clanovi_njihovi_parovi SET racun='$racun', ip='$ip', datum=curdate(), vrijeme=curtime(), tim1='$tim1', tim2='$tim2', tip='$tip', kvota='$kvota',link='$link'"; According screenshots "datum" and "vrijeme" are on varchar type in your table. You left too much mess here

Please, in the future use [ code ] tags when providing code on the forum. It formats it nicely so it is easy to read. To answer your question open up your code editor and take a look is there a file, named Mmail.class.php inside C:\Inetpub\vhosts\CWS.secureserver.net\site3\ directory.

Ok, step by step, are you done with that? P.S If your answer is yes, show us the script.

Well mac, I'm aware what php htmlspecialchars function does, but we still don't know how looks the searchable value(s) in his column. Also, many web developers escape the html spacial characters when they insert a data to database and there is nothing wrong in this method,personally not use. Let's doing a simple test: Assuming, we have two records in the XSS table, first record is escaped when the message being inserted, the second one - no. mysql> select msg from XSS; +--------------------------------------------------------------------------------------------------------------------------+ | msg | +--------------------------------------------------------------------------------------------------------------------------+ | <a href="#" onclick=javascript:window.location.href='http://phpfreaks.com'>Click Me!</a> | | <a href="#" onclick=javascript:window.location.href='http://phpfreaks.com'>Click Me!</a> | +--------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.10 sec) 1. // Sanitize message input for first inserted row $msg = stripslashes($msg); $msg = mysqli_real_escape_string($msg); $msg = htmlspecialchars($msg, ENT_QUOTES,'UTF-8'); 2. // second method without using htmlspecialchars $msg = stripslashes($msg); $msg = mysqli_real_escape_string($msg) So, now if I want to find how many records have a column msg with values starting with "<a href=" my query/php script would go something like this <?php $username = '***'; $password = '***'; $database = '***'; $dbname = 'XSS'; $target = '<a href='; function strip_data(&$data, $con) { if (is_array($data)) /* in case you have an array of strings*/ { array_walk($data, "strip_data"); } else { // Usage across all PHP versions if (!ini_get(get_magic_quotes_gpc())) { $data = stripslashes($data); } // Sanitize target searchable data $data = stripslashes($data); $data = mysqli_real_escape_string($con, $data); $data = htmlspecialchars($data, ENT_QUOTES, 'UTF-8'); } return $data; } //conection: $link = mysqli_connect($database, $username, $password, $dbname) or die("Error " . mysqli_error($link)); // use your database credentials // escape the data $msg = strip_data($target, $link); //consultation: $query = "SELECT msg FROM test.XSS WHERE msg LIKE '$msg%'" or die("Error in the consult.." . mysqli_error($link)); //execute the query. $result = mysqli_query($link, $query); if (!$result) die(mysqli_error($link)); // count the number of rows in a result set $count = mysqli_num_rows($result); if ($count == 0) { echo "No records found<br>"; } else { echo 'one or more records were found'; // output your table heading here.... // loop over the row(s) the query returned } The result of target string is: So, I don't want to say that that issue is like in my example, but we could use a htmlspecialchars function when the data is input.

I have to disagree with this, but...it's too early (6:30 AM) to explain why

Well, have you taken some debugging steps? Strart with php error_reporting functions and mysql_error. So on the top of your application php file put the following ini_set('display_errors', 1); ini_set('display_startup_errors', 1); ini_set('output_buffering', 'Off'); error_reporting(-1); And for debugging your query use mysql_error() function Something like $sql = "UPDATE `classifieds` SET `cover` = '" . mysql_real_escape_string($file_path) . "' WHERE `id` = " . (int)$id; $result = mysql_query($sql) or die('<pre> SQL: '.$sql .'ERROR: '. mysql_error() . '</pre>' ); Also, show us the string valueof $file_path and post the errors.

What happens with the last select statement? Is there an id = 1? Post the result of select * from clanovi_njihovi_racuni where 1;

Can I see the results of DESCRIBE clanovi_njihovi_racuni; and DESCRIBE clanovi_njihovi_parovi; SELECT * from clanovi_njihovi_racuni where id = 1 Assuming the "id" with value 1 exists in this column.

Open up your GUI sql tool and run your sql code without any php itself. Example: SELECT cnr.klikovi, COUNT(cnr.id) AS post_count FROM clanovi_njihovi_racuni AS cnr LEFT JOIN clanovi_njihovi_parovi AS cnp ON cnr.id = cnp.racun AND cnp.datum=curdate() WHERE cnr.id='$racun' GROUP BY cnr.id EDIT: Replace '$racun' variable with an integer static value like 1, 2 or whatever you're expecting to be.

I don't have any problem with utf8 encoding charset and php://input The format of output is "text/plain", but there is no problem if it is "json" as well. So, this is my simple test using bulgarian (cyrillic) characters. <?php if (isset($_POST['Submit'])) { if ($_SERVER['REQUEST_METHOD'] === 'POST') { $string = 'Content-Type: text/plain; charset=utf-8'; header($string); $rawPostData = file_get_contents('php://input'); var_dump(rawurldecode($rawPostData)); exit; } } ?> <form method="post" action="#" accept-charset="utf-8"> Request: <input type="text" name="request" /><br> <input type="submit" name="Submit" value="Go!" /> </form> Result:

Also, in order to escape characters the proper order shoud be: // Sanitize message input $data = stripslashes($data); $data = mysqli_real_escape_string($con, $data); $data= htmlspecialchars($data); Note: htmlspecialchars function shoud be after mysqli_real_escape_string not before like in the example provided by you. Check the output of the return statement of the function as well.

Where are you defined a $con variable as a first parameter to mysqli_real_escape_string() function? $call = mysqli_real_escape_string($con,$call);

I think the answer is very simple here, but who knows On the top of the file try to set apache headers by using a php header() function with utf8 charset. Try, header('Content-Type: application/json; charset=utf-8'); No need to convert everything from one encoding to another.

I think you didn't understand very proper my question about the relationship between those two tables. So, could you shows us the results of: DESCRIBE media; and DESCRIBE artists;

@Ch0cu3r, but...not in a situation where the string contains non-english characters <?php // $username = "jazz"; $username = 'джаз'; // cyrillic characters if(strlen($username) < 5) { echo 'Failed'; } else { echo 'Past'; } In case like this, he would consider using Multibyte String Functons expecialy mb_strlen and mb_strpos.

Yeap, it's a Serbian language. There is no Bosnian or Macedonian languages So, what result you're getting running the query via phpMyAdmin, MySQL Workbench or other visual sql tool for mysql?

Is there a relationship between both tables? Do DESCRIBE to provide more information about tables structure. If there is no relationship between these two tables you can consider using an UNION query. Also, never use the dreaded, evil "select star" in your queries in the future. It's a very, very bad practice.

@kick where did you find this method? function SendUserConfirmationEmail(&$formvars) { } I think, she's mixed two methods with identical functionality.

Then, you have an actual syntax error. So, my IDE (NetBeans) complains of missing curly brace in submit.php file. Take this instead yours ( see the line 176) submit.php <!DOCTYPE HTML> <html> <head> <meta charset="UTF-8"> <title>Submission</title> <meta name="viewport" content="width=device-width,user-scalable=no"> <link rel="stylesheet" href="jquery.mobile-1.0.css" /> <script src="jquery.js"></script> <script src="script.js"></script> <script src="jquery.mobile-1.0.js"></script> </head> <body> <div data-role="dialog"> <div data-role="header"> <h1>Submit to List</h1> </div> <div data-role="content"> <?php if(isset($_POST['email'])) { // EDIT THE 2 LINES BELOW AS REQUIRED $email_to = "tim@akluk.com"; $email_subject = "List Suggestion"; function died($error) { // your error code can go here echo "We are very sorry, but there were error(s) found with the form you submitted. "; echo "These errors appear below.<br /><br />"; echo $error."<br /><br />"; echo "Please go back and fix these errors.<br /><br />"; die(); } // validation expected data exists if(!isset($_POST['name']) || !isset($_POST['email']) || !isset($_POST['city']) || !isset($_POST['what']) || !isset($_POST['comments'])) { died('We are sorry, but there appears to be a problem with the form you submitted.'); } $name = $_POST['name']; // required $email_from = $_POST['email']; // required $city = $_POST['city']; // required $what = $_POST['what']; // required $comments = $_POST['comments']; // required $error_message = ""; $email_exp = '/^[A-Za-z0-9._%-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,4}$/'; if(!preg_match($email_exp,$email_from)) { $error_message .= 'The Email Address you entered does not appear to be valid.<br />'; } $string_exp = "/^[A-Za-z .'-]+$/"; if(!preg_match($string_exp,$name)) { $error_message .= 'The Name you entered does not appear to be valid.<br />'; } $string_exp = "/^[A-Za-z .'-]+$/"; if(!preg_match($string_exp,$city)) { $error_message .= 'The City you entered does not appear to be valid.<br />'; } $string_exp = "/^[A-Za-z .'-]+$/"; if(!preg_match($string_exp,$what)) { $error_message .= 'What you entered does not appear to be valid.<br />'; } if(strlen($comments) < 2) { $error_message .= 'The Comments you entered do not appear to be valid.<br />'; } if(strlen($error_message) > 0) { died($error_message); } $email_message = "Form details below.\n\n"; function clean_string($string) { $bad = array("content-type","bcc:","to:","cc:","href"); return str_replace($bad,"",$string); } $email_message .= "Name: ".clean_string($name)."\n"; $email_message .= "Email: ".clean_string($email_from)."\n"; $email_message .= "City: ".clean_string($city)."\n"; $email_message .= "What: ".clean_string($what)."\n"; $email_message .= "Comments: ".clean_string($comments)."\n"; // create email headers $headers = 'From: '.$email_to."\r\n". 'Reply-To: '.$email_from."\r\n". 'X-Mailer: PHP/' . phpversion(); mail($email_to, $email_subject, $email_message, $headers); } // missing closing curly brace ?> Thanks for your suggestion. <a data-role="button" data-inverse="true" href="index.html">Close</a> </div> </div> </body> </html>

Try to explain us again what exactly result do you want to get above and tell us about whole story as well, because I'm missing something

Then GROUP BY name and order by day DESC limit 5. Have you tried?

Is this a company and you are on The Advantage Hosting Plan? Post the mail script as .josh already suggested and ask/phone the company is there a way to buy a dedicated IP address using this shared hosting plan.