Ch0cu3r

Nor can we without seeing the PHP code You need to find the PHP code that is generating the HTML for the year dropmenu here <select name="date[5]"> <option value="2002" >2002</option> <option value="2003" >2003</option> <option value="2004" >2004</option> <option value="2005" >2005</option> <option value="2006" >2006</option> <option value="2007" >2007</option> <option value="2008" >2008</option> <option value="2009" >2009</option> <option value="2010" >2010</option> <option value="2011" >2011</option> <option value="2012" >2012</option> <option value="2013" >2013</option> <option value="2014" selected >2014</option> </select> It is hard to tell you exactly what to look for in the code. There are to many possibilities to list. The only thing I can suggest is to look for calls to date incombination with a for loop etc.

Add each less than or greater than condition separately. Example SELECT ref,artist,composer,genre,title,album,label,price,description FROM music WHERE price >= 3 AND price <= 8 Or use a BETWEEN clause SELECT ref,artist,composer,genre,title,album,label,price,description FROM music WHERE price BETWEEN 3 AND 8

I do not get that error for that script you posted. Also that script you linked to is for a Wordpress theme. This is no longer maintained/supported as the original developer has expressed in their blog here I recommend you to find and use a different theme.

Best way would be to edit the config.php yourself. But of want to PHP to do the edit for you then you'd need to loop over each line in the file. Find the line that defines that constant and then replace that line with the new value. Example <?php // the file to edit $config_file = 'config.php'; // the new value for the script_path constant $new_script_path_value = 'NEW/PATH/HERE'; // open the config file using file(). Strip the new lines from each line // each line will be separate item in the $lines array $lines = file($config_file, FILE_IGNORE_NEW_LINES); // loop over each line foreach($lines as $k => $line) { // find the line that defines the 'script_path' constant if(strpos($line, "define('script_path'") !== false) { // replace the constant with the new value $lines[$k] = "define('script_path', '$new_script_path_value');"; // use break to to exist the foreach loop. // No longer need to continue looping through the lines to find the constant as we have found it break; } } // implode the lines back into a string with newlines $file_contents = implode(PHP_EOL, $lines); // write the contents of the file back to the config file file_put_contents($config_file, $file_contents);

Next step is to implement data validation, such as making sure the user did enter their first and last name. Their telephone number is a valid number/formatted correctly. Their email address is valid etc. If their data does not validate then you should not insert it in the database. You can use filter_var / filter_input for doing these validation checks.

It will write the data currently stored in the session to disk. This is done automatically when PHP reaches the end of the script. If you ever come across functions you don't know then always look at their documentation at php.net. TIP: You can type any function name after php.net/ to see their documentation. Example urls php.net/session_write_close php.net/session_start So data is being saved. Then you should not be getting the "You are not currently logged in ..." message?

Before header("Location: index.php"); add the following line session_write_close(); Is the data present in the session in index.php? Use the following to check printf('<pre>%s</pre>', print_r($_SESSION, 1));

It is not a valid string! You have ended the string, followed that by $row and started a new string. That is not the correct string syntax. The correct way would be to use the concatenation operator ( . a period ) between the string and the variable. If you are to display the table name. Then the while loop needs to be while($row = $result->fetch_row()) { echo "<li><a href='#'></a>".$row[0]. "</li>"; } Next problem is the closing php tag ?> is in the wrong place. It should be after this else statement else { echo "<li><a href='#'></a>0 results</li>"; } // closing tag should be after the above lines ?> You cannot place raw HTML between php tags.

And you made sure $username contains what you expect too?

The arguments for strpos on line 10 are the wrong way round. strpos requires the haystack as the first argument (in your case $file) and the needle as the second argument (in your case md5($webpass)) if (strpos($file, md5($webpass)) !== false)

It is do with how newlines are matched. The various options are explained here under the heading Newline/linebreak options The alternative is to apply the s pattern modifier.

It would of been easier to just paste your code (making sure to wrap it in tags) and the error message here.

Somewhere in your code you are calling session_start() more than once. It only needs to be called once.

A simple way would be to add a loggedIn flag in the session when the user successfully authenticates. On the pages you only want logged in users to access you'd check to make sure this flag exist in the session. You would redirect the user to login.php if it does not exist. To log a user out you can simply delete that flag from the session. Example code When the user successfully logs in set the loggedIn flag in the session to true $_SESSION['loggedIn'] = true; On pages you want to protect you can start them with <?php session_start(); // always call session_start at the top of any script which is going to use $_SESSION // redirect user to login.php if loggedIn session flaf is not set or it is set but is not true if(!isset($_SESSION['loggedIn']) || (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] != true)) { header('Location: login.php'); } // rest of your code here

So its this part is used to prevent someone with a user level of -1 from logging in? else if($_SESSION['user_level'] == -1) { die(); header("Location: banned.php"); } die() needs to be called after header() not before it. Here you getting the user level from $_GET $user_level = $_GET['user_level']; $_GET is used to get values of parameters passed in the url. Dont you mean to get the user_level from the result of your query here? // fetch the data from the resultset $row = mysql_fetch_assoc($result); // get the users user level $user_level = $row['user_level'];

Which is where? What problems are you facing? Do you get any errors if so post them here. Its not good just pasting code and not explaining what the problem is. Your passwords should not be stored in the database as plain text. You should only be storing the password hash in the database. Look at using password_hash (if you're not using PHP5.5 then use this password compatibility library) to hash your users password. These lines on their own will be doing nothing. $_SESSION['username']; $_SESSION['password']; You should also update your code to use PDO or MySQLi. The mysql_* functions are deprecated, meaning they are no longer supported. They could be be removed from future versions of PHP.

You have not mentioned how index() being called?

To delete a record you need some way of identifying that record. You could use the name of the contact but people do not have unique names. There could be multiple people called chris stored in your table and so any one with the same name will be deleted from your table. Instead what you should do is alter your contactme table and add an id field which is set to auto increment. Doing this will ensure each row has a unique id when a new record is inserted into the table. It is this is id you'd use to identify each record. To do this you can run this sql query ALTER TABLE `contactme` ADD `id` INT NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY (`id`); Now if you look at the data in your table you'd should see each row now has a unique number assigned to them. Now that we have the id column we can use this to create the delete link. To do so in view-contactme.php change this line echo $rows['name'] . " " .$rows['email'] . " " . $rows['phoneno'] . " " . $rows['comments'] . "<br>"; to echo $rows['name'] . " " .$rows['email'] . " " . $rows['phoneno'] . " " . $rows['comments'] . "| <a href=\"delete-contact.php?id={$row['id']}\">Delete</a><br>"; // added delete link. The record id is being passed in the url You should now see a delete link next to each row. Clicking the link will pass that rows id to delete-contact.php in the url In delete-contact.php you'd use $_GET['id'] to retrieve the record id being passed. You'd run a query to delete the record where the id matches $_GET['id']. Example code using mysqli prepared query // connect to mysql using MySQLi $mysqli = new mysqli($host, $username, $password, $db_name); // check to make sure the id exists and it is a number if(isset($_GET['id']) && ctype_digit($_GET['id'])) { // prepare the delete query $stmt = $mysqli->prepare("DELETE FROM $tbl_name WHERE id= ?"); // Issue an error if the prepared statement failed if(!$stmt) { trigger_error('Unable to prepare query: ' . $mysqli->error); } // bind the record id to the query $stmt->bind_param('i', intval($_GET['id'])); // execute the prepared query $result = $stmt->execute(); // if the query did not execute trigger an error message if(!$result) { trigger_error("Unable to delete record #{$_GET['id']} from $tbl_name - " . $mysqli->error); } // check to make sure the query did affect the table. if($result && $mysqli->affected_rows) { echo "Record deleted successfully"; } } Now because we added the id field to the table we need to go back and alter the code slightly in add-contact.php. Find the prepared query in add-contact.php and change it to this // specify the columns we are inserting the data into $stmt = $mysqli->prepare("INSERT INTO $tbl_name (name, email, phone, comment) VALUES (?, ?, ?, ?)"); Now your challenge is to alter the code in view-contact.php over to mysqli. As I said earlier the use of the mysql_ functions are deprecated meaning they are no longer supported and could be removed from future versions of PHP.

Variables are not expanded within single quotes. Use double quotes or concatenate $result. Examples $post_message = "message $result"; // double quotes // OR $post_message = 'message' . $result; // concatenate

Whats this got to do with PHP? This is a CSS issue. Moved to CSS Help

If you want your rewrite rules to be case insensitive then apply the NC flag RewriteRule ^foo\.html$ bar.html [NC]

Those errors you are getting are these. Correct? They are all caused by the first error. I have highlighted the cause of that error in red. You are getting that error because PHP has connected to MySQL but it has not selected a database. The code was not unable to initiate the prepare statement because no database has been selected. This is why I said you need to fill in your database credentials for the five variables I showed you in post #29. You understand what I mean by that?

Using real_escape_string is not recommended to use. Your code uses mysqli so use prepared statements to insert your data into the table. Note you cannot use the mysql_* and mysqli_* functions together.

You are calling the chart() function within you index() function. When is that function being called? Also make sure you include chart.php before calling your chart() function. Also enable error reporting at the top of your script <?php ini_set('display_errors', 1); error_reporting(E_ALL); // rest of your code

What are you trying to do? Display $calldate2 by the side of $row['calldate']? echo $row['calldate'] . ' - ' . $calldate2 . '<br />'; NOTE. $row will contain an associative array of values from your table. The keys will be the column names from your table.