MDCode

ORDER BY `category` DESC Will order it in descending order in the alphabet Sorry but that's all I can figure out by the way you worded it

$sql = "SELECT * FROM `whatever` ORDER BY `category` DESC";

Using that other check on if the username is blank is useless as it won't be set at all unless they successfully login

Simple explanation that will set session variables: <?php $sql = "SELECT * FROM `users` WHERE username = 'variable' and password = 'variable'"; $result = mysql_query($sql, $connection) or die(mysql_error()); //get the number of rows in the result set $num = mysql_num_rows($result); //set session variables if there is a match if ($num != 0) { while ($sql = mysql_fetch_object($result)) { $_SESSION[username] = $sql -> username; } }else{ //if no match header("Location: errorloginpage"); die; } ?>

I'd love not having to count lines, and deal with looking through plain text. Please at least tell us which line is 30

I'm not too sure what you're question is...?

<?php move_uploaded_file($_FILES["file"]["tmp_name"], "directory/" . $_FILES["file"]["name"]); ?> This will move the file itself, replace directory with your directory Adding to the database would be just with sql <?php $sql = "INSERT INTO `blah` (file) VALUES('$_FILES["file"]["tmp_name"]')"; ?> Sample form: <form action="upload_file.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file" /> <br /> <input type="submit" name="submit" value="Submit" /> </form> NOTE: Uploading requires a lot of security precautions. Do not just use my example to process your form and think that's it

That's not a great way to get help

No organization, no errors, no description, no tags. Fix those issues, then I may help

I don't seem to get the point of the home page? There's really no clear explanation of what you do and how you do it. If a user were to join randomly from a search engine they most likely want to do what it is you do

I'm not sure there is a way that won't be messy, but with css you can use: word-wrap: break-word; That will make sure it does not overlap. Make sure you put that where the information is being displayed

No wonder you can't find the problem. There's so many <p> </p> and tags. could you please clean it up?

That's not much of a description as to what the problem is. And please post your code using the tags

You don't need to, a person could go to the site, view source and enter the url of your css. But most people won't so I would say yes, please do So I'll admit it...I went ahead and looked at your source code. I experienced a bug myself with putting form inside <li> tags. Try putting the form around the <li> and </li> As for your link the source code shows you putting it as: <h1><a href="">Innaveria</a></h1> Just add the link within the quotes, as all it is doing now is going to the current page

if(!$_SESSION) { session_start(); } session_start(); should be the first thing you should put at the script, because you aren't starting the session it will never say that there's a session, which makes that line invalid and allow a user to bypass it everytime function isAuthorized($strUsers,$strGroups,$UserName,$UserGroup){ Where are you getting those variables?

Cookies would only affect the user browsing, simply create a database. When a user views the page record it in the database. Check how many links the user has visited. If it is 5, delete the first record and record the next. Simple Btw, if this is in the third party section, where is the code you're using?

As lily's suggestion states, it is easier and more secure to do this. As far as I see there is no reason why you shouldn't want to do this

Simple explanation of sql injection (unlike your script) // not too good of a query but oh well $sql = "SELECT * FROM `table` WHERE `thing` LIKE search"; if a user inserts: (not giving real examples so you dont go around hacking ) DELETE FROM `table` INSERT INTO `table` etc. it would affect you greatly (deleting other tables, inserting into tables, displaying data from tables, etc.) One of the things most people don't realize. I can go on my site make a simple form like: <form action="http://yoursite.com/blah"> <input type="text" name="what you're checking for"> </form>

woot, tyvm. Never heard of in_array() major fail on my part it seems

Without the quotes I get an error saying it's not a string

Ok so I've recently added strpos checking. I got username to work, added more names to check, check first name and last name too, etc. Anyways, It's not working anymore <?php $firstname = mysql_real_escape_string(htmlentities($_POST['firstname'])); $lastname = mysql_real_escape_string(htmlentities($_POST['lastname'])); $username = mysql_real_escape_string(htmlentities($_POST['username'])); $password = mysql_real_escape_string(htmlentities($_POST['password'])); $confirm = mysql_real_escape_string(htmlentities($_POST['confirm'])); $email = mysql_real_escape_string(htmlentities($_POST['email'])); // prohibited words $words = array("1", "2", "3", "20 more after this"); // check if username contains prohibited words if(strpos("$username", "$words")) { $errors = "<font color='red'>* Username contains prohibited words</font><br>"; } // check if first name contains prohibited words if(strpos("$firstname", "$words")) { $errors = "<font color='red'>* First name contains prohibited words</font><br>"; } // check if lastname contains prohibited words if(strpos("$lastname", "$words")) { $errors = "<font color='red'>* Last name contains prohibited words</font><br>"; } ?> No errors but it seems to not be checking right anymore as the errors do not display. I have not touched anywhere below this section of filtering; every other filter is working right, so display isn't an issue Any help would be appreciated!

You never want to cover up errors, simply fix them

Repost your php within the tags And I spot your problem right away...you're not connecting to the database where you need it to update.

Using any kind of hidden field is a very bad idea (ie Javascript injection)

$_POST['N/A']; is your problem because it is undefined. If you are trying to mark it as N/A use $_POST['accessory'] = "N/A";