mac_gyver

you are not binding anything for the :id placeholder. you have 5 placeholders in the query and only 4 bind statements.

what have you done to troubleshoot what your code is doing? have you checked if your code inside your conditional statement is even running? if the conditional statement is false, how about checking if the $_POST data being tested by that statement is what you expect? programming is more than throwing down lines of code, trying it, and running to ask someone else when your code doesn't run. you have to test what your code and data are doing. you can echo progress messages to tell you if code is running. you can echo/print_r variables to see what they are.

the link you posted was for a query with a sub-query being changed to a self join. that's not what you are doing, based on your example query. if you are actually first selecting these ids from that same table, you would need to state or show this information before someone could possibly help you with the solution.

you need to post the actual code you want help with. otherwise how could someone possibly tell you what is wrong with it?

another thing to look at is DRY (Don't Repeat Yourself.) your code is picking between two variations of one query. the only thing your condition logic should be doing is forming the part of that one query that changes when you have and don't have the id. the rest of your code should only exist once. if you form the WHERE news_id = '$id' part of the query in a php variable, something like $where (set it to an empty string when there is no id), your query would become - $sql = "SELECT * FROM news $where";

you are going to a lot of extra trouble. you should only store data that exists (see post #2 in your last thread.) if you still want to store a 0 value for checkboxes that are not checked, it is a simple if/else statement to produce the the correct 1 or 0 value based on a checkbox being set. your form fields, because you are not specifying an index value, are also are not in sync with the guest name anytime you don't check one of the checkboxes, because the boxes that are checked will be sequentially numbered (see post #9 in your last thread.)

http://dev.mysql.com/doc/refman/5.6/en/string-functions.html#function_concat

without your code that reproduces this problem, its not really possible to help. you would also need to tell us what session variable in your code you are talking about and what symptom you observed that leads you to believe accessing a page using two different browsers is getting the same session value. also, which of my suggestions in post #2 had something to do with the previous login problem, because your current symptom is likely more of the same type of error in your code. you need to A) provide feedback on what was causing the previous problem and what you did to correct it and B) all the information you have about what you are even talking about in your last post.

you seem to be implying you want to be able to select multiple items at one time? you would make one form with a way of selecting/entering each choice within that one form. it's also not clear if you want to allow any quantity to be entered or just the 1,5,50 choices (you need to define this before you write any code since that determines what sort of user interface you make.) you should also not expect the visitor to read your list and type in a number to select anything. provide him/her with some sort of menu (select, checkbox, radiobutton) with the possible choices already listed and all they need to do is pick the choice(s) they want and then submit the one form. you should also not hard-code each possible selection and hard-code the tests for the values. make a data driven design, where you define the choices (in an array or a database table). use this definition for dynamically producing the user interface and for validating the submitted data. to add, subtract, or alter any of the choices, all you do is change the data definition. you don't touch your code.

about the only ways this could be occurring are - 1) you are passing the session id (SID) in the url and you copy/pasted the url into the second browser, or 2) your code contains a logical error that is unconditionally setting the session data, so every session gets that data in it. how do you know (what exactly was the symptom/result) that a different browser gets a session that was started in some other browser and what is your code that reproduces this problem?

you should only use your database escape function on string data that goes into a database query. by escaping the $search variable, you are messing up all the other places that $search is used. also, by splitting/exploding what is in $search and putting that back into the $search variable, you are messing up all the other places that $search is used. you should only use htmlentities on data you are outputting to the browser. it should not be used on data you are putting into a database query.

this isn't a problem with filtering. string data being put into a query must either be escaped using your database driver's escape function or you need to use prepared queries.

except that more than one checkbox can be checked for any guest.

you should start by checking if your form is submitting the data you think it is. for any checkboxes that you have checked for each guest, do the check boxes have an array index that associates them with the guest name they correspond to?

all of php's short-cuts should be avoided so that your code will be portable between different php versions or different php configurations, especially if you are trying to write portable code

you would insert one row for each data item and there would only be rows for actual data. your_table should be laid out like this - guest_id, meal (breakfast, lunch, ...), date 123 breakfast 2013-07-01 123 midnight 2013-07-01 123 breakfast 2013-07-02 123 lunch 2013-07-02 as to your code, did you set the error mode to PDO::ERRMODE_EXCEPTION so that the PDO statements would throw an exception if they fail? also, you need to prepare the query and bind the variables ONCE (before the start of the loop.) the only thing inside the loop would be code to populate the bound variables with each successive set of values and to execute the query.

if you could not find a script that has the search and pagination features you want and was secure, what makes you think someone on a forum knows what search and pagination features you were looking for? and no, that's not a suggestion for you to list the features you want. we are not here to find things for you (you would hire a personal assistant for that). the point of programming help forums are to help you with problems in your code. why not spend your time fixing your existing code? if you post it and state what method you were able to use to 'hack' your site, someone in this programming help forum will likely give suggestions on how to fix the problem.

okay, so when you were debugging what your code is doing, what did you find out? where are the prod_id values what you expect and at what point do they all change to the first prod_id value? the error in your logic would be at the point where they all change to the first prod_id.

the SHOW COLUMNS query does not do what you are trying. the quickest method of specifying a column order and alias names would be to change your SELECT * query so that it lists the actual columns in the order that you want and the alias names that you want.

other than returning an empty array that would cause the foreach(){} loop to be skipped, you cannot specifically test for any condition in the foreach() statement. you would need to assign the result from the function to a variable, then test that variable before the foreach(){} statement. the only way you could alter the execution path based on there being no data would be to have the foreach(){} loop inside a try/catch block and throw an exception inside the function.

the problem is the OUTPUT on line 5 of config.php. you cannot send any output before sending a header. what is line 5 of your config.php file?

some suggestions - your $sort value is a column name. in order to prevent sql injection you must validate that it holds exactly one of the permitted column names. you should not repeat code. you are repeating the query statement, once with a variable and once with a hard-coded default value. what happens when you want to change something about the query? you must find all of them and make sure you change each one the same way. if the submitted $sort isn't one of the permitted choices (your select menu submits a value of "choose" if nothing is selected, which will likely result in a query error) set $sort to the default media_title and use the one query with the $sort variable in it.

the email message isn't a page on a web site (even if you are accessing it via a web interface using a browser.) when you browse to a web page, relative url's on that page are take by the browser and have the current protocol/domain/page (i.e. http://domain.com) pre-pended to them, so an image that's given by SRC="images/loading.gif", results in the browser forming the url http://domain.com/images/loading.gif that it then uses to fetch the image. for displaying an email in a browser, you are not on the web page where the images are stored and the browser does not know what protocol/domain/page to use to fetch the image. you must put fully-qualified-absolute urls in email messages.

this is a programming help forum. if you want help with some code, you need to post the code need to reproduce the problem, show what input you used, post what incorrect output you got from that input, and state what was wrong with the output.

there are countless examples of doing this posted on the Internet for you to find and examine to see how someone else accomplished it or to use directly.