scootstah

Presumably: preg_match("/$begin(.*)$finish/", $stuff, $cont);

Possibly an incorrect file path, or it isn't readable.

It is because glob() has failed and returned false. foreach() can be used for objects too, and glob() returns an array (unless it fails).

I didn't read all of it, but I saw this: header("Location: {$_SERVER['PHP_SELF']}?messages"); This is a possible XSS vulnerability. You can't trust user input like that.

View the page source, are the quotes encoded?

If panname is not an int, you need quotes around it. Also, you are using single quotes but not concatenating - single quotes does not parse variables. $sql = "SELECT (price/100) FROM pans WHERE panname = '$panname'"; On a side note, you really shouldn't be defining your database connection in a function like that. The database connection should be defined in a static location, and only once. Furthermore, you don't need to explicitly close the database connection - PHP does that for you.

Yeah, because the world needs more overwhelming gradients and glassy buttons.

You have a URL in plaintext at the top, and you have several variables that start with either ? or &. EDIT: And you're missing a bunch of semi colons.

There are lots of open-source eCommerce solutions out there. OpenCart is decent but, it seems way overkill for your needs. I would look at maybe a WordPress install with WP e-Commerce, or Drupal with Ubercart. If you go with Drupal (and maybe even WordPress to an extent) you might even find a plugin that fits even better to your needs, since you don't actually need payment processing. Hmm. I'm not sure how I feel about that. Are you saying that if one user knows the password, they can view everyone else's pictures? Also, unless you make the password a big passphrase or a big random string (which are both possibly annoying for the users, because they will likely have to write it down) it would probably be pretty easy to bruteforce if someone wanted to.

You have two $'s for the $insert_data_str variable. Do this for me, if you would: 1. Put this code at the top of your script: error_reporting(-1); ini_set('display_errors', 1); to make sure errors are being displayed properly. 2. Replace $result = mysql_query($query); with $result = mysql_query($query) or die("MySQL error!<br />Query: $query<br />Error: " . mysql_error()); Post back with the exact errors as displayed on your screen (if there is any).

It doesn't insert the data because the SQL is incorrect. If you do a mysql_error() after the query, you will see the SQL error. This is what it needs to be: $insert_data_str = implode(',', $insert_data); $query = "INSERT INTO app_ads(app_id, app_ad, active) VALUES $insert_data_str"; $result = mysql_query($query);

You could create folders, but that might end up being a pain later on. What you might want instead, is to physically store the images in the same place on the disk, and then categorize them in the database.

No, the parentheses are in the array, which is being imploded. Multiple INSERT syntax is like this: VALUES (1,2,3), (4,5,6), (7,8,9) What you are suggesting ends up like this (based off my code): VALUES( (1,2,3), (4,5,6), (7,8,9) )

And what is the error?

Remove the parentheses around VALUES. VALUES(".implode(',', $insert_data)." Should be VALUES ".implode(',', $insert_data)."

Well, the problem lies in the fact that you aren't using the iterated variable from the foreach() loop, but instead using the $new_file variable that came from the for() loop. Since it is no longer in the for() loop, it only holds the value for the last iteration. Really, though, you don't need two loops here, you can do everything in the for() loop. Also, you really shouldn't be looping the INSERT, but rather inserting multiple values. Here's what I would do: $insert_data = array(); for($j=0; $j < count($_FILES["item_file"]['name']); $j++) { //loop the uploaded file array $filen = $_FILES["item_file"]['name']["$j"]; //file name $ran = rand (); $new_file = $ran.$filen; $path = '../app_ads/'.$new_file ; //generate the destination path if(move_uploaded_file($_FILES["item_file"]['tmp_name']["$j"],$path)) { //upload the file $GLOBALS['msg'] .= "File(s) ".$new_file . " uploaded successfully<br>"; //Success message // add to $insert_data $insert_data[] = "($appid, '" . mysql_real_escape_string($new_file) . "', 1)"; } } // insert the data mysql_query("INSERT INTO app_ads(app_id, app_ad, active) VALUES " . implode(',', $insert_data) . ");

With concatenation. echo "<center><b>" . $lang[''] . "...";

Try using the absolute path to the file for filemtime() and hash_file().

Are you using LOAD DATA INFILE? If not, it might be worth a try. It is typically faster than parsing the file with PHP anyway.

What is the collation of the database table?

Don't use dirname(). You should be able to just use the folder name as the parameter. $iterator = new DirectoryIterator('file_pool'); If that gives you problems, try realpath : $iterator = new DirectoryIterator(realpath('file_pool'));

The query failed, because you didn't put quotes around $email. $query = mysql_query("SELECT * FROM users WHERE email='$email'");

No there isn't. There is only a closing bracket to the if statement.

Ha. I'm curious. On what grounds were they trying to sue you? Was it an NDA issue?

I would say the first thing to do is clean up the design. It looks a little...tacky. I don't think the design looks very professional. Secondly, I think you're going to need to make up a nice little brochure type thing. A nice list of why such-and-such company would benefit from investing in your website. Because let's be honest, nobody is going to invest in your site because of generosity - they need to get something out of it too. So, you need to convince them that it is a good business decision. How are you going to do that? Well, I don't know - but hopefully it gives you something to think about.