fastsol

Umm yeah I got 100+ emails from the system today lol.

In my opinion, whoever built the code that lead to the vulnerability. So just because a web designer used a third party script, they shouldn't be held responsible for the issue if the issue lies in the third party script.

Here is a good tutorial on how to use the new PayPal API. He shows the concept of what to do. https://www.youtube.com/watch?v=BD1dOWIABe0&list=PLfdtiltiRHWFNND8ISev9O4SmDx2g1HyW&index=1

Do an echo on the $sql var and see if the query string looks correct.

This is misspelled, missing a r $error = $db->erroInfo(); //Should be $error = $db->errorInfo();

Sounds like a pretty straight forward process, what are you having problems with?

Correct, you can't have 2 returns in the same function and expect any data to exist or processing to happen after the function encounters the first return. So in this instance, you would need to combine the data and then return it only once. There are better ways to go about this by using a more advanced db wrapper class that would automatically do the second query and have that info available to you in a number of ways after the fact. Or make your original query run a sub query to get all the found rows and store them in a temp column in the query result.

Well the example you showed is not an array, nor is it a multidimensional array. So please post an actual array example and the actual kind of output you are trying to achieve.

None of that made any sense at all. Try again to explain what the problem is. Code for the page in question might help also.

Please post your current css and html code here. Posting it to a image site does nobody any good, we can't copy it to test against. Just make sure to use the <> button in the WYSIWYG forum post editor to post the code.

Ok, it's most likely the default margin on the h1 and ul tags. You should use a reset.css file to strip off all the browser default padding and margins. Then you can set everything the exact way you want it. This is the reset that I use on every website. /*////////////// CORE FILE DO NOT MODIFY ////////////////////*/ html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, caption, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video { margin: 0; padding: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline; } /* HTML5 display-role reset for older browsers */ article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section { display: block; } body { line-height: 1; } ol, ul { list-style: none; } blockquote, q { quotes: none; } blockquote:before, blockquote:after, q:before, q:after { content: ''; content: none; } Just include that before your other css file. You may have to adjust some other things too after using this, but it's truly the best way to do css.

Without the html is almost impossible to tell you anything. But it would be much easier to figure out with a link to the actual page.

Well if you're going to use mysqli then you would obviously need to use the mysqli functions to get info from the db too. Simply connecting with mysqli doesn't mean you can use the standard MySQL functions after that, umm like you are.

You're missing a , (comma) at the end of this line `Statistics` int(11) NOT NULL DEFAULT'[ [ ] ]'

You need to actually use html name attributes, not your native language. Change this line <input type="submit" nazwa="submit" value="submit" /> To this <input type="submit" name="submit" value="submit" />

You need to wrap all the processing and query code from this line down in an if() to check if the form has been posted. $dane_z_tab = ($_POST['checkbox']); Something like this if(isset($_POST['do'])) // Checks the post var from the name of your submit button { $dane_z_tab = ($_POST['checkbox']); // echo "dane_z_tab ".$dane_z_tab.'<br />'; // $dane_z_tab It is an array when you select one checkbox // echo gettype($dane_z_tab).'<br />'; while ($val_checkbox = current($dane_z_tab)) { // echo "value_checkbox ".$val_checkbox; //value = "wartosc" if ($val_checkbox == 'wartosc') { $klucz = key($dane_z_tab).'<br />'; //pulling the key (id record) echo "Klucz: ".$klucz; } next($dane_z_tab); } $selectOption = $_POST['select']; $name = $_POST['name']; $description = $_POST['description']; echo "Klucz: ".$klucz; if ($selectOption == 'add' and $name and $description) { echo 'zaznaczyles dodawnaie'; $ins = mysql_query("INSERT INTO test SET name='$name', description='$description'"); }elseif ($selectOption == 'edit') { echo 'zaznaczyles edit'; mysql_query("UPDATE test SET name='$name',description='$description' WHERE id='$klucz'"); }else if($selectOption == 'remove' and isset($_POST['checkbox'])) { mysql_query("DELETE FROM test WHERE id='$klucz'"); echo 'zaznaczyles remove'; }

For starters, you need to move the closing </form> below the submit button. All the inputs besides the checkbox are not even being submitted with the form cause they are outside of the form.

You missed a / in the include include( C_URL . '/incs/header.php' );

That's a permissions issue on the table itself, not the query or coding at this point. The table is denying you from using SELECT on it.

I truly hope that you are simply trying to paste paragraphs of text and not actual code from Word. Programming in Word is a terrible idea and should be avoided at all costs.

Once you verified the stats on the computers and where everything was getting info from, I was becoming very certain the issue lied in the query.

If this is the code for the entire page, then remove the blank lines at the top of the page before the opening <?php tag. Make the <?php the first thing on the page.

Well right now the code is going to insert a new row if there already IS a row in the db with a name of the posted $name. So you have that part backwards. What you want is this instead if (!$result) { // Notice the ! Then I'm not sure if you are using a custom pdo wrapper, but get_result() is not a pdo object function, so that isn't going to return anything. What you want instead is this. $result = $prepare->fetch(PDO::FETCH_ASSOC);

Simple, you're clearing it on the 3rd line of the script everytime the page loads $_SESSION['values'] = array(); This would be more appropriate. if(!isset($_SESSION['values'])) { $_SESSION['values'] = array(); }

You forgot to put the escape_string on this line $cv = ($_FILES['cvfile']['name']);