Ch0cu3r

That is because you are only setting the id in the session. $_SESSION['loggedin'] = true; $_SESSION['id'] = $row['user_id']; To set the username in the session too, add the following after those lines $_SESSION['username'] = $_POST['liusername'] Now you can display the users username by echoing $_SESSION['username'] variable You will however want to sanitise and validate the $_POST data before using it in the query. Passwords should be hashed, not stored as plain text. <?php print $GLOBALS['user']->name; ?> globals of any sort should never be used. Wherever you have learnt that you should forget about it. What is the $user class? Make sure you have started ( session_start() ) the session on any page that uses $_SESSIONS. Either that or you most likely a logic issue. It is hard to tell with the code you posted.

Before this line 'Reply-To: '.$email."\r\n" . add "Bcc: her@$herdomain\r\n" .

411 Services, Adams and fake are example of companies? and you want all companies returned from your query to be in an unordered list? and not a table?

That is the wrong use of prepared queries. The variables $country, $region AND $city should be substituted by place holders. Then you use your DB class bind method to bind them to the placeholders I dont know what DB class you're using but I'll link to PDO and MySQLi documentation for binding values to prepared queries PDO::bind_param MySQLi::bind_param Also if your forms submit method is POST then you should retrive the form values from $_POST not $_GET

You can protect your self from SQL injection by sanitizing the input to make it safe to be handled in a query, PHP has functions to help you with this such as mysqli_real_escape_string(), which are using. But mysqli has another feature to help protect SQL injection and that is prepared queries. With prepared queries the input you use in the query is never treated as SQL code, it is only treated as the value and so it helps to reduce the risk of SQL injection even further. This is wrong $password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters $password = md5($password); You should not care what characters a user uses for their password, once you have hashed the password the returned hash will always be made up of alphanumeric characters. Stripping characters from passwords makes them even weaker, which makes an attackers job even easier to crack with rainbow tables. But the main argument is md5 should not be used for hashing passwords any more. You should use PHP's password_hash function for handling passwords (or use ircmaxwells password compatibility library if you are not using PHP5.5). Next the use of session_*_register() type functions is deprecated and should not be used at all. When setting session value you use the $_SESSION superglobal array like any other array. Eg when adding value it'll be $_SESSION['key_name'] = $var_name; // adding value to session When checking if a session value exists you use isset if(isset($_SESSION['key_name'])) { // session token exists } And where ever you use sessions ensure you have already started the session before using $_SESSION.

First to allow for file uploads you need to add the enctype="multipart/form-data" attribute to the form tag otherwise the files will not be uploaded <form id="form" action="functions/newsadd.php" method="post" enctype="multipart/form-data"> Second, you are do not appear to be doing any data validation/sanitization. This leaves your code vulnerable to attacks such as SQL injection and XSS and many others. This is why you should first validate the data before using it, such a making sure all fields are filled in and that they meet your requirements. With sanitization you should apply htmlentities/strip_tags on the data to protect your site from attacks like XSS , and use either mysqli_real_escape_string or prepared queries to protect yourself from sql injection attacks.

You'd loop through the $_POST['closewin'] array. The match id will be the key for that array // key => value foreach ($_POST['closewin'] as $match_id => $winning_team) { echo '<p>You have chosen the winning team to be <b>' . $winning_team . '</b> for match id <b>#' . $match_id . '</b></p>'; }

You need to loop through the results, using $stmt->fetch() as the condition, to retrieve the next row of results while ($stmt->fetch()) { echo "$id - $title - $poster - $date<br />"; } The variables $id, $title, $poster and $date will be populated from bind_result(), these shuould correspond with the fields from the SELECT statement

Can you post your code? This is what I am testing with and I get no errors. <html> <head> <style> .red {color: red} </style> <title>Table</title> </head> <body> <br> Select a team and a data item about that team <form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>"> <select name="team[]" multiple="multiple" size="3"> <option value=""></option> <option value="Everton">Everton</option> <option value="Arsenal">Arsenal</option> <option value="Chelsea">Chelsea</option> <option value="Man Utd">Man Utd</option> <option value="Liverpool">Liverpool</option> </select> <select name="data"> <option value="position">position</option> <option value="results">results</option> <option value="two points for a win">two points for a win</option> <option value="goal difference">goal difference</option> <select> <input type="submit" value="Get Data"></input> </select> </form> </body> </html> <?php if ($_SERVER["REQUEST_METHOD"] == "POST" ) { $tablesPage = "http://www.bbc.com/sport/football/tables"; $results = getLeagueResults($tablesPage); // loop through the teams, extracting their data from the results table foreach($_POST['team'] as $team) { $teamData = getTeamData($team, $results); //.. now decide what to do with $teamData, eg show each selected teams results echo getResults($teamData) . '</br />'; } } function getPosition($teamData){ /*This function takes an array of team data and returns a string containing the name of the team and its position in the leauge */ return "Team ". $teamData["team"] ." are currently number " . $teamData["position"] . " in the league " ; } function getResults($teamData){ /*This function takes an array of team data and returns a string containing the results of the team */ return $teamData["team"] ." have won " . $teamData["won"] . " , drawn " . $teamData["drew"] . " , and lost " . $teamData["lost"] . " games to date " ; } function getPoints($teamData){ /*This function takes an array of team data and returns a string containing the points and calculates the old two points system */ $oldpoints = $teamData["won"] * 2 + $teamData["drew"]; return $teamData["team"] ." have " . $teamData["points"] . " points under the current system " . "<br> Under two points for a win they would have " . $oldpoints ; } function getDifference($teamData){ /*This function takes an array of team data and returns a string containing the name of the team and its goal difference in the leauge */ return $teamData["team"] ." goal difference is " . $teamData["difference"] . " at the moment " ; } // this functions get the rsesults from the bbc, and returns the xml object function getLeagueResults($tablesPage) { $xml = new DOMDocument(); @$xml->loadHtmlFile($tablesPage); // get the DOM of the HTML return $xml; // return the xml object } function getTeamData($team, $xmlResults){ /* This function takes a webpage url and the name of a team as two string arguments. e.g. getTeam(""http://www.bbc.com/sport/football/tables", "liverpool") It returns an array of data about the team. You don't need to understand what this function does just that it returns an array which contains keya and values. The values map to the following keys: "position", "team", "played", "won", "drew", "lost", "for", "against", "difference", "points" */ @$xpath = new DOMXPath($xmlResults); //use XPath $items = $xpath->query('//td/a[text()="' . $team . '"]/../..'); //get the relevant table row $values[] = array(); foreach($items as $node){ foreach($node->childNodes as $child) { if($child->nodeType == 1) array_push($values, $child->nodeValue); //KLUDGE } } $values[2] = substr($values[2], -1); //KLUDGE $values = array_slice( $values, 2, count($values)-4); //KLUDGE $keys = array("position", "team", "played", "won", "drew", "lost", "for", "against", "difference", "points"); return array_combine($keys, $values); } ?>

I have copied the code in post #5 and changed the variables on line 18 and 58 to $tablesPage and I do not get those errors. The only time I do get those errors is when choosing the empty option (before Everton) from the list. Make sure you have chosen a team from the list before submitting the form when testing the code

$tableData should be of been $tablesPage on line 18 and 58 (I gave the wrong variable name)

OH, I forgot to mention you need to replace the iframe with a div <div id="content"></div>

The very basics with JQuery will be adding the following in admin.php at the bottom of the page before the </body> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script> <!-- Link to the JQuery cdn, hosted by google --> <script type="text/javascript"> // on page load $(document).ready(function() { // add an onClick event to all links on the page $('a').click(function(e) { e.preventDefault(); // overrides default behaviour of links // get the target page from the href attribute of the link var target = $(this).attr('href'); // now load the target page using ajax $.ajax({ url: target, success: function(res) { $('div#content').html(res); // add the contents of the target page to the div with the id of content }, error: function(res) { alert(target + ' was not found'); // display error } }); return false; // prevent the link from working }); }); </script> Any link clicked, will load the contents of the page into the contents div without the page refreshing. JQuery ajax docs http://api.jquery.com/jQuery.ajax/ You can also apply some transition affects, such as making the content fadeIn/fadeOut when links are clicked etc.

First you need to remove these lines fromthe getTeamData function. $xml = new DOMDocument(); @$xml->loadHtmlFile($tablesPage); //use DOM And place them into a new function, call it getLeageResults, you'd pass this function $tableData as an argument. // this functions get the rsesults from the bbc, and returns the xml object function getLeageResults($tableData) { $xml = new DOMDocument(); @$xml->loadHtmlFile($tablesPage); // get the DOM of the HTML return $xml; // return the xml object } Now you'd only call this function first to get the league table results. $results = getLeagueResults($tableData); Now you'd pass getTeamData() $results instead of $tableData. The first two lines of code for the getTeamData function should be function getTeamData($team, $xmlResults){ @$xpath = new DOMXPath($xmlResults); //use XPath Now you can loop through the $_POST['team'] array and call getTeamData to get the chosen teams results. $results = getLeageResults($tableData); // loop through the teams, extracting their data from the results table foreach($_POST['teams'] as $team) { $teamData = getTeamData($team, $results); //.. now decide what to do with $teamData, eg show each selected teams results echo getResults($teamData) . '</br />'; }

You have left of the closing angle bracket ( > ) for your select tag here <select name="team" multiple="multiple" size="3" Also when using the multiple attribute on your select tag you need append square brakes [] to the field name. The chosen teams will be submitted as an array. Which will mean you will need to loop through the $_POST['team'] array to get each chosen team. Before looping over this array you may want to change the getTeamData() function so it one gets the results from the bbc once, not foreach time you want to get the result for a team.

You need to concatenated $i + 1 to $text for each iteration of the loop. $text .= $i + 1; // concatenate $i + 1 Before the for loop make sure you initialise $text before hand too ( $text = ''; ) to prevent a notice message. The .= is the concatenation assignment operator

The problem is the iframe, once you set the height of the iframe it does not adapt the height of the content being loaded into it and so the scroll bars appear. However the use of iframes is no longer the trend. The trend now a days is ajax, this what facebook/google use to load their content dynamically onto the page. With ajax you can load content in the background and then dynamically add it the page seamlessly with the out the page refreshing.

You need to give the checkboxes the same index, not separate ones ($i and $o). I'd setup the index to be the id field returned by your query Also you are best of using radio buttons instead of checkboxes, as only one team can be selected to be the winner for each match not both (unless you are allowing for draws?, in which case you'll want to have a third radio button for that) So I'd setup the while loop as while ($closeselect = mysql_fetch_row($selectclose)){ echo " <tr class=innertable> <td> <input type='radio' class='input' name='closewin[$closeselect[0]]' value='$closeselect[1]'>$closeselect[1] </td><td> <input type='radio' class='input' name='closewin[$closeselect[0]]' value='$closeselect[2]'>$closeselect[2]</td> </tr>"; } Now your foreach loop should display the chosen team correctly.

I meant the file permission for the xml file itself, not for your directory. Judging by your last comment PHP can access the directory just fine. The problem lies with PHP unable to read the xml file itself which is causing file_exists to return false and so your get the xml file does not exist message.

Your heredoc syntax is wrong. It currently like this $somevar = <<<delimiter // some comment here ... some text/html ... delimiter; There should not be anything directly after the opening heardoc delimiter (remove the comment) Also nothing should be before the closing heardoc delimiter (including tables/spaces). The closing delimiter should start from the first character of the next line. Your heredoc syntax should be like this $somevar = <<<delimiter ... some text/html ... delimiter;

It maybe a file permission issue. PHP may not be able to read that file.

Are your sure php_zip.dll came with your PHP installation? Check that this file exists in your PHP extension folder (C:/php/ext). If you cant find that file then you can download this extensions from here. Download the version that matches your PHP version

Your post makes no sense what so ever.

Rather than dumping random codes into your post it would really help if you could actually explain what it is you are tying to do.

So on both sandboxes the path is exactly the same for the xml file? And both sandboxes have the same operating environment except for the PHP version installed?