dyr

code I'm inserting in to database with: function sendMsg($to, $subject, $message, $reply, $mid) { $to = protect($to, 1); $subject = protect($subject, 0); $subject = htmlentities($subject); $message = protect($message, 0); $message = htmlentities($message); $reply = protect($reply, 1); $mid = protect($mid, 1); if (!$to) return error("You must enter a user to send a message to."); if (!$subject) $subject = "No Subject"; if (!$message) return error("You must enter a message to send."); $check = mysql_fetch_array(mysql_query("SELECT COUNT(id) AS numrows FROM inbox WHERE `to_mid`='$to' AND `from_mid`='$mid' AND `subject`='$subject' AND `message`='$message'")); if ($check['numrows']) return error("You have already sent this message."); mysql_query("INSERT INTO inbox (`to_mid`, `from_mid`, `message`, `subject`, `datesent`) VALUES ('$to', '$mid', '$message', '$subject', NOW())"); data in: hi ------------------------------- data in database: \r\n hi \r\n \r\n \r\n------------------------- data out: rnhi rn rn rn rn----------------------

forgot to list the grab function: function memberGrab($value, $mid) { $mid = protect($mid, 1, 1); $value = protect($value, 0, 0); $result = mysql_query("SELECT `$value` FROM `users` WHERE `id`='$mid'") or die ('cannot return member information' . mysql_error()); $row = mysql_fetch_array($result); return stripslashes($row[$value]); } I tried putting your preg replace in the grab as well as protect function (like below) but it is still giving me rn's. :/ return preg_replace("/\r|\n/", "", $row[$value]);

Tried testing again in various ways (taking out mysql real escape string, putting it back in, switching orders) but the same thing happens.

How can I get rid of the rn's? I tried nl2br and it doesn't seem to work? I use the function protect, which I defined here: //SQL PROTECTION function protect($value,$detect_numeric) { if (get_magic_quotes_gpc()) { if(ini_get('magic_quotes_sybase')) { $value = str_replace("''", "'", $value); } else { $value = stripslashes($value); } } // Quote if $value is a string and detection enabled. if ($detect_numeric) { if (!is_numeric($value)) { return ""; } } return mysql_real_escape_string($value)); } Here's the entire code, mainly I'm looking at the reply areas. <?php $title = "Compose New Message"; include $_SERVER['DOCUMENT_ROOT']."/inc/header.php"; if (isset($_GET['to'])) $to = protect($_GET['to'], 1); else $to = ""; if (isset($_GET['reply'])) $reply = protect($_GET['reply'], 1); else $reply = ""; if ($reply) { $grab = mysql_fetch_array(mysql_query("SELECT `from_mid`, `subject`, `message` FROM inbox WHERE id='$reply' AND to_mid='$mid' LIMIT 1")); $to = $grab['from_mid']; if ($grab['subject']) $replysubject = "Re: ".stripslashes($grab['subject']); if ($grab['message']) $replymessage = "----------------------------------------------- ".stripslashes($grab['message']); } function sendMsg($to, $subject, $message, $reply, $mid) { $to = protect($to, 1); $subject = protect($subject, 0); $subject = htmlentities($subject); $message = protect($message, 0); $message = htmlentities($message); $reply = protect($reply, 1); $mid = protect($mid, 1); if (!$to) return error("You must enter a user to send a message to."); $countblocks = mysql_num_rows(mysql_query("SELECT `id` FROM blocks WHERE `mid`='$to' AND `user`='$mid' LIMIT 1")); $countblocks2 = mysql_num_rows(mysql_query("SELECT `id` FROM blocks WHERE `mid`='$mid' AND `user`='$to' LIMIT 1")); if ($countblocks) return error("This user has blocked you."); if ($countblocks2) return error("You have blocked this user."); //if ($to == $mid) //return error("You can't message yourself."); if (!$subject) $subject = "No Subject"; if (!$message) return error("You must enter a message to send."); $check = mysql_fetch_array(mysql_query("SELECT COUNT(id) AS numrows FROM inbox WHERE `to_mid`='$to' AND `from_mid`='$mid' AND `subject`='$subject' AND `message`='$message'")); if ($check['numrows']) return error("You have already sent this message."); if ($reply) { //MARK AS REPLIED mysql_query("UPDATE inbox SET status='2' WHERE id='$reply' LIMIT 1"); } mysql_query("INSERT INTO inbox (`to_mid`, `from_mid`, `message`, `subject`, `datesent`) VALUES ('$to', '$mid', '$message', '$subject', NOW())"); echo success("You have sent this message successfully."); echo "<br /><center><a href='/inbox.php'>Return?</a></center>"; include $_SERVER['DOCUMENT_ROOT']."/footer.php"; exit; } if (isset($_POST['sendmsg'])) $error = sendMsg($_POST['tomid'], $_POST['subject'], $_POST['message'], $reply, $mid); ?> <center> <?php if ($error) echo $error."<br /><br />"; ?> <form method="post"> <table width="500" cellpadding="3" cellspacing="3"> <tr> <td align="right"><b>To:</b> <td align="left">#<input type="text" name="tomid" value="<?php echo $to; ?>" size="5" /></td> </tr> <tr> <td align="right"><b>Subject:</b> <td align="left"><input type="text" name="subject" value="<?php if ($reply) echo $replysubject; ?>" /></td> </tr> <tr> <td align="right" valign="top"><b>Message:</b> <td align="left"><textarea name="message" rows="10" cols="50"> <?php if ($reply) echo " $replymessage"; ?></textarea></td> </tr> <tr> <td align="center" colspan="2"><input type="submit" name="sendmsg" value="Send Message!" /></td> </tr> </table> </form> </center> <?php //FOOTER includes include $_SERVER['DOCUMENT_ROOT']."/footer.php"; ?>

$_SESSION['id'] contains the user's ID# in their session, which is the same number as to_mid. Tried array, to no avail. :/

$inbox = mysql_query("SELECT `status` FROM `inbox` WHERE to_mid = '".$_SESSION['id']."'"); $inbox = mysql_fetch_assoc($inbox); { if($inbox['status'] == 0){ echo 'NEW<br />'; } else{ echo 'Old<br />'; }} I'm trying to update my sidebar to tell users when they have new, unread messages or not. New, unread messages are classified in the inbox table as a status of 0. How come this code isn't working? On the actual page the config.php page which connects to the DB is included.

To get the date of birth I usually make the simple function: function getAge( $p_strDate ) { list($Y,$m,$d) = explode("-",$p_strDate); return( date("md") < $m.$d ? date("Y")-$Y-1 : date("Y")-$Y ); }

Ok, one last question- I want to notify users the status of the users (if they are an admin or mod). How would I be able to do this? Since if($admin) shows the information only to admins, not the rest of the public users. I want it where, on the profile page if the user is an admin to show a public message to everyone on the site, "This user is an admin." Any thoughts about this? Would I use a $_GET function?

Thanks, this works like a charm!

Well I'd want to define in my headers what the admin variable is, so then I can just use that variable always in other scripts/pages. Alright, thanks, I'll try and incorporate PFMaBiSmAd's suggestions instead then. I guess I misread the purpose of the WHERE clause.

Or perhaps there could be a way where users could still modify their post until someone else makes a reply?

The difficulty is... I totally forgot about the where clause, haha. So would this work?: $grab = mysql_query("SELECT `level` FROM users WHERE `level` = 1") or die(mysql_error()); $grab = mysql_fetch_array($grab); $admin = $grab['level']; // whenever I make admin function use below if($admin) { codes } Or would I not need a mysql array since it's only one variable?

I recently hired someone to code a fair amount of my site, the more experienced scripts that I just didn't have time for. However it's extremely buggy, especially the admin options, and they didn't pay attention to how I represented an administrator in my other codes. Naturally I'm a bit peeved, but hopefully you guys could help me out? In my users table I have a field called 'level'. Most users, upon signing up, are at level 0. The basic members. However I'd like to make it so that people who are level 1 have admin powers, level 2 have basic moderator powers, etc. How would I go about implementing that via code? I'd like it so I could just use the variable $admin in my codes, so like if ($admin) { and show the edit features here }. But how would I go about identifying if a user is an admin (by checking what level they are in the database)? I tried this in my headers but I'm pretty sure it's wrong as it's not working: $grab = mysql_query("SELECT `level` FROM users WHERE id='$userfinal' LIMIT 1") or die(mysql_error()); $grab = mysql_fetch_array($grab); $grab['level']; if ($grab['level'] == 1) { $grab['level'] = $admin; }

that did the trick, thanks.

okay, I believe I was having this problem before I included the forgot pass function so here's the full edit profile code: <?php include('config.php'); include('header.php'); if($_SESSION['id']=="") { header("Location: YouMustLogInNotice.html"); } if(isset($_POST['btnedit'])){ $callname = $_POST['callname']; $email = $_POST['email']; $password = md5(mysql_escape_string($_POST['password'])); $sql = mysql_query( "UPDATE users SET callname='".$callname."', email='".$email."', password='".$password."' WHERE id='".$_SESSION['id']."'" ); if($sql){ echo "<script>alert('profile updated');window.location='myprofile.php?id=$userfinal'</script>"; }else{ echo "<script>alert('updating profile failed!');</script>"; } } $sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); $row = mysql_fetch_array($sql); $user = $userfinal; echo "<td align=center> <div style='10px' id=box> <table width='100%'> <tr> <td><h2>Edit profile</h2> <form method='post'> <table><tr><th>ID#:</th><td>".$user."</td></tr> <tr><th>Name:</th><td><input type='text' name='callname' value='".$row['callname']."'/></td></tr> <tr><th>Email:</th><td><input type='text' name='email' value='".$row['email']."'/></td></tr> <tr><th>Password:</th><td><input type='password' name='password' value='".$row['password']."'/></td></tr> <tr><th>Registered:</th><td>".$row['registered']."</td></tr> <tr><th>Last Login:</th><td>".$row['lastlogin']."</td></tr> </table><br /> <input type='submit' name='btnedit' value='update' class=button /> </form></div></td> </tr> </table> </td></tr> </table>"; ?> <?php include('footer.php'); ?>