nethnet

One way would be to do the following: <?php $con = mysql_connect('localhost', 'testuser', 'testpass'); mysql_select_db('testuser_tr6',$con); function displayOnline(){ $t = time() - 3600; $q = mysql_query("select username FROM user WHERE lastactivity > $t"); while ($u = mysql_fetch_array($q)) echo $u['username']." "; } echo '<title>... <img src="ico/sub7.gif">' . displayOnline() . '</title>....'; ?> Theo

You still have forgotten a semi-colon on line 6.

Semicolon at the end of the line?

Sometimes it's a good idea to actually read what the error says... You're getting an error because it looks like you are trying to add code inside your echo statement. It's kind of unconventional to write code the way you have done so, with long echo statements outputting a bunch of HTML... I would recommend just breaking out of PHP while you don't need it, and then jump back into it where you need to put your code. If you're persistent on doing it your way, just make two echo statements and put your code in between them. Something like: <?php echo 'All of your HTML up to... <b><img src="ico/sub7.gif">'; // Your other code goes here echo '</title>... through ...</table>'; ?> Theo

Your WHERE clause has no table column listed. If you are using pocobueno's code then the reason it isn't working is because there is no element named "searchtype" in your form. You'll have to add that. Theo

Anyone?

I'm allowing my users the ability to upload their packaged .zip files to my server to be distributed as open source. .Zip is the only file extension I am allowing in the upload script, however, I would like to ensure that none of these files being uploaded contain possible security threats to other users (such as .exe files). Is there any way to check the contents of a zipped file for file extensions such as this? Any point in any direction would be great, as I'm pretty much clueless how to go about doing this. Thanks

Use addslashes() on all content taken from the URL and put directly into an SQL query. It will project your site from SQL injections.

Looks good to me..

You wouldn't need to, if I understand what you're trying to do correctly. Just set the &type=1234 bit to a variable, and then you will be able to use it in any script you include. <?php $page = $_GET["page"]; $type = $_GET["type"]; if(!$page) {include "/site/home.php"; } else if($page=="home") { include "/site/home.php"; } else if($page=="events") { include "/site/events.php"; } else if($page=="employment") { include "/site/employment.php"; } else if($page=="gallery") { include "/site/gallery.php"; } else if($page=="links") { include "/site/links.php"; } else if($page=="djs") { include "/site/djs.php"; } else if($page=="vip") { include "/site/vip.php"; } else if($page=="forum") { include "/site/forum.php"; } else if($page=="contact") { include "/site/contact.php"; } else { echo "<b><h1>404 Error</h1></b>"; } ?> So any page you include through your if statement will be able to use the $type variable. There is no need to pass it through the URL of the include function. Theo

This is not possible through server-side scripting. The user would have to download an application from your website that runs on their machine and not the web server.

I've done some Googling on this, and the most common reasons for it are MySQL timeouts (by default this occurs after 8 hours) or accidently closing the connection beforehand. This doesn't sound like the case for you, so I found this on the MySQL.com site: Theo

You don't have to remove them, but you can... If there is only one line of code inside the loop the { and } are unnecessary. More than one line and you need them. What you currently have closes the loops, but you are not closing the if/else statement. Try this: <?php $thisPage = ( isset($_POST['showpage']) and ctype_digit($_POST['showpage'])? $_POST['showpage'] : '1' ); if ( $thisPage == '7' ) { // This is the last page - show/process results here foreach( $_POST as $name => $value ) { print "$name - $value<br>"; } } else { // Other page - Create form and hidden inputs print '<form method="post" action="'.$_SERVER['php_SELF'].'">'; foreach ( $_POST as $name => $value ) { print '<input type="hidden" name="'.$name.'" value="'.$value.'">'; } switch ( $thisPage ) { case '6': print '<input type="hidden" name="showpage" value="7">'; // Put PAGE 4 inputs here // END PAGE 6 break; case '5': print '<input type="hidden" name="showpage" value="6">'; // Put PAGE 4 inputs here // END PAGE 5 break; case '4': print '<input type="hidden" name="showpage" value="5">'; // Put PAGE 4 inputs here // END PAGE 4 break; case '3': print '<input type="hidden" name="showpage" value="4">'; // Put PAGE 3 inputs here // END PAGE 3 break; case '2': print '<input type="hidden" name="showpage" value="3">'; // Put PAGE 2 inputs here // END PAGE 2 break; case '1': default: print '<input type="hidden" name="showpage" value="2">'; // Start PG 1 print "hello"; // END PG 1 break; } print '</form>'; } ?> Theo

PHP can't do this. It is completely server-side and will only be parsed when the page is loaded. No additional PHP will be executed when the tab is closed.

This depends on whether or not the password is universal (same for every person that uploads), or if different users can have different passwords. If it's the first case, just put a password field above your submit button then, and on the page that handles your uploading, run something similar to this near the top (before any of the uploading script): <?php $pass = $_POST['password']; if ($pass !== "your password here"){ echo "<p>Password is incorrect! Upload failed!</p>"; include "upload_form.php"; exit(); } // run the rest of your script... ?> If it's the other way, you'll have to hold the password against a list of possible values in a database or something along those lines. Either way, the code will be about the same thing.

Remove the { after both of your foreach loops.

You are setting your $data variable equal to the mysql function mysql_query(), which will return a resource handle to the database, not a string. When you try to concatenate your LIMIT clause onto your query you are attempting to add it onto the resource handle and it is returning an error. In your first if/else statement that sets the value of $data depending on the value of $prodCat, change it to this: <?php if($prodCat == 'all') { $data = "SELECT * FROM products"; } else { $data = "SELECT product_name, product_price, product_dscrb, product_img FROM products WHERE category = '$prodCat'"; } ?> That way you are appending your LIMIT clause onto the end of the $data string, and not the $data resource, so when you use it later in the mysql_query() function it is valid SQL syntax. Theo

I'm suspecting it has something to do with internal pointers. Remove this line right before you use mysql_num_rows(): $row_rsTeachers = mysql_fetch_object($rsTeachers); And see if that makes the loop start at the first row instead of the second. Theo

Can you clarify what exactly you are trying to extract?

If I'm understanding you correctly you want something that will look like this: +---+---+---+ | 1 | 2 | 3 | +---+---+---+ | 4 | 5 | 6 | +---+---+---+ | 7 | 8 | 9 | +---+---+---+ You don't need a nested loop to do this, you just need a loop and an if statement. It'll look something like this <?php echo "<table border=\"1\">"; $array = array("1", "2", "3", "4", "5", "6", "7", "8", "9"); for($i = 0; $i < 9; $i++){ if(($i + 1) % 3 = 1){ echo "<tr><td>{$array[$i]}</td>"; } elseif(($i + 1) % 3 = 2){ echo "<td>{$array[$i]}</td>"; } elseif(($i + 1) % 3 = 0){ echo "<td>{$array[$i]}</td></tr>"; } } echo "</table>"; ?> Making use of the % operator is the easiest (in my opinion) way to grid the contents of an array. Theo

Since you're only allowing three images, and that is a relatively small amount, you could just contain that information in three fields in the users table.

The session ID will remain the same for as long as that instance is open. A new session ID will be assigned if the current session expires or is destroyed (either by PHP code or closing the browser). Theo

No problem, good luck with the rest of your project. Regards, Theo

That syntax is used for dynamic variable nomenclature... in other words, if $field is equal to "hello", then a new varialbe called $hello would be created and set to the value of $value. Theo

Okay but you are still NOT selecting a database. You have opened a connection to the MySQL server, but until you select a database, your script is not going to work. Back to what I said before, use the function mysql_select_db() to select the database.