Ch0cu3r

Good job guys! Glad to see phpfreaks back online

Use strtotime or the DateTime object for adding time to an existing date. Adding two timestamps like that is not the correct way.

You are preparing the query twice here. Why? if ($mysqli->prepare("INSERT INTO solcontest_entries (title, image,content, user, contest) VALUES ($title, $image, $content, $userid, $contest")) { $stmt2 = $mysqli->prepare("INSERT INTO `solcontest_entries` (title, image, content, user, contest) VALUES (?, ?, ?, ?, ?)"); You only need to prepare the query once. The values in a prepared query should be substituted with placeholders. You then use bind_param to bind the values to the placeholders. When you execute the query mysql will use the bound values in place of the placeholders. Your code should be if ($stmt2 = $mysqli->prepare("INSERT INTO `solcontest_entries` (title, image, content, user, contest) VALUES (?, ?, ?, ?, ?)")) {

The values from a text field once a form has been submitted will be contain within the $_GET or $_POST superglobal variable. You may find these pages useful http://php.net/manual/en/tutorial.forms.php http://php.net/manual/en/language.variables.external.php When using these variables in your SQL queries make sure you sanitize it, eg mysqli_real_escape_string or use prepared queries.

By using a relative or absolute file path when including the file eg include '../sensitivefiles/db.php'; // relative path include '/home/enveete/yoursite.com/sensitivefiles/db.php'; // absolute path An alternative way would be to add that directory to the include path PHP use file paths to access files not urls. So PHP is not restricted from accessing files outside of the public html folder. PHP can access any file on the sever so long as file permissions allow it to.

What function?

What is the code that produces these arrays? It is hard to instruct you what to do without seeing your code.

If you want the server to force a file download then you need to send the appropriate headers using header. Google "PHP force download" for examples, there are many guides out there.

No you cant do that. fopen() is for opening files located on the server not for launching the users default mail application on their computer. If you do not want the user to click the email link then get PHP to send the email (using mail or use phpmailer), if their is no need to have the email open up in the users email client. Or if the user must send the email through their email client then use javascript to process the form and not PHP.

Here PHP thinks you are trying to do two mathematical operations on the variables <?php echo $code-$room $name - $date; ?> You need to either use the concatenation operator to join the variables together or wrap them in double quotes to form subject in the mailto: Concatenation <a href="mailto:support@kinnschools.org?subject=<?php echo $code.'-'.$room.' '.$name.' - '.$date; ?>">Send Email</a> Double quotes <a href="mailto:support@kinnschools.org?subject=<?php echo "$code-$room $name - $date"; ?>">Send Email</a>

If your data is a comma delimited list then yes you would need to use explode. You would look over the arrays to get the data you require. Example code $names = explode(', ', $_SESSION['name']); $types = explode(', ', $_SESSION['type']); $colors = explode(', ', $_SESSION['color']); $value_pairs = array(); for($i = 0; $i < count($names); $i++) { // generate pairs of values for insert query $value_pairs[] = "('$names[$i]', '$types[$i]', '$colors[$i]')"; } // add the generated pairs of values to the insert query $sql = 'INSERT INTO table (name, type, color) VALUES ' . implode(', ', $value_pairs)'; mysql_query($sql); However you really should reconsider how your data is stored in the session you should not use comma debilitated lists ideally you should group the data in an array. Example when adding an item to the session $_SESSION[] = array('name' => 'item1', 'type' => 'a', 'color' => 'blue');

The data will be in $_POST['marks']. It will contain an array of all the values from the fields named as marks[] You can use print_r to output the structure of the array echo '<pre>' . print_r($_POST['marks'], 1) . '</pre>';

What does that mean? if you are getting errors then post them in full here.

Data contained in $_POST is not remembered between page requests. So when you go click one of your pagination links from the search results the data in $_POST will no longer exists and so no results are displayed resulting. Which is probably why you get a blank page. To prevent this you could save the search data from $_POST to a session. Then when a page is requested you get the search data from the session and not from $_POST. First start by adding session_start(); so its after the opening PHP tag <?php Then change this code if (isset($_POST['search']) and isset($_POST['search2'])) { $searchq = $_POST['search']; $searchq = preg_replace("#[^0-9a-z]#i","",$searchq); $searchq2 = $_POST['search2']; $searchq2 = preg_replace("#[^0-9a-z]#i","",$searchq2); to if (isset($_POST['search']) and isset($_POST['search2'])) { $searchq = $_POST['search']; $searchq = preg_replace("#[^0-9a-z]#i","",$searchq); $searchq2 = $_POST['search2']; $searchq2 = preg_replace("#[^0-9a-z]#i","",$searchq2); // Add search data to session. This is so it can be persisted between page requests $_SESSION['searchq'] = $searchq; $_SESSION['searchq2'] = $searchq2; } // if a page is requested. Get the search data back from the session if(isset($_GET['page'])) { $searchq = $_SESSION['searchq']; $searchq2 = $_SESSION['searchq2']; } // Perform the search if we have the search data if(isset($searchq) && isset($searchq2)) { The alternative would be to pass the search data in your pagination links.

Are you saying you want to convert all dates in the array to a consistent format? You could do something like this // dates to convert $dates = array('1991-12-09', '12.03.1984', '1425560164'); // loop over each date and convert to new format foreach($dates as $dateToFormat) { // NOTE: unix timestamps need to be prepended with @ symbol if(is_numeric($dateToFormat)) $dateToFormat = '@' . $dateToFormat; $date = new DateTime($dateToFormat); // format date/timestamp to the following format echo $date->format('Y-m-d'). '<br />'; }

You need to loop over the array returned by getDirectoryList() function. Then you can echo the name, type, size and lastmod info for each file. Example if(isset($_POST['dir'])) { $dirlist = getDirectoryList($_POST['dir']); // loop over the array of files returned by getDirectoryList foreach($dirlist as $file) { echo $file['name'] . ' - ' . $file['type'] . ' - ' . $file['size'] . ' - ' . $file['lastmod'] . '<br />'; } }

Inspect element has nothing to do with PHP. It is a feature of the web browser. To see the actual output from your PHP script you need to right click > view source Inspect element is most likely prettifying the HTML. It is not a sign htmlentities is not working.

Why are you needing to store PHP code in the database? This is not a very good idea.

Umm.. Nope does not seem to be any errors logged there, more of an access log really. I'm not an IIS user so not sure where it logs its errors to. Have you tried setting these lines in the php.ini error_reporting = E_ALL display_errors = On Make sure you restart IIS after making any changes in the php.ini. This should force errors to be displayed during run time.

As in Windows Event Viewer? It wont be logged in there. The servers error log will be text file. For example the Apache http server writes it errors to a file called error.log in a directory called logs. The logs folder will be where you installed Apache to (eg C:/Apache/logs). You will not be able to solve 500 Internal Server without knowing the actual error that is triggering it.

Check you servers error logs for why you are getting that error. Or add the following two lines at the top of your script (after the <?php) ini_set('display_errors', 1); error_reporting(E_ALL);

One on the many gems from w3schools

Not at all. PHP is only executed when a request is sent to the server, ie the user clicks a link, submits a form.

Correct. What do you mean by this?

You would use it before validating the users input. However you should only need to call stripslashes if a setting called magic quotes is an enabled in PHP's configuration. If you are using PHP5.4 then magic quotes was removed so you should not need to call stripslashes.