Jacques1

Check the error log of your webserver. Maybe there's a more detailed error message. Can your webserver execute any PHP scripts? When you upload a simple "Hello world" script, does that work correctly?

Right now, none of your tasks have anything to do with PHP. So, what are the file permissions? Does the webserver even have read access to the script?

The “Questions, Comments, & Suggestions” forum is for comments about this site, not PHP questions. Moving to PHP Coding Help. Your code doesn't tell us anything about the query which yielded the $products array. You need to show the database-related code, not the HTML stuff.

You've marked the topic as solved, but appearently you still have the problem. Did you click the button accidentally? You need to read the other parts of my reply as well.

Change the database credentials immediately, because the posts will still be archived on Google. As to your problem: Does the Unix user of the webserver (usually www) have read permission on the shout.php script? Is there any .htaccess file or webserver configuration which blocks access to the script? Your query is also wide open to SQL injection attacks. Learn to use prepared statements.

Using htmlspecialchars() directly is difficult and often leaves your application open to more subtle attacks. Use a proper wrapper: /** * HTML-escapes a string so that it can safely be included in an HTML document * * @param string $unsafe_input the string which should be escaped * @param string $encoding the character encoding of the input string * * @return string the escaped string */ function html_escape($unsafe_input, $encoding) { return htmlspecialchars($unsafe_input, ENT_QUOTES | ENT_SUBSTITUTE, $encoding); } Note that escaping is dependend on the character encoding, so you should have a constant or configuration value for the encoding of your HTML documents: <?php // UTF-8 is recommended for modern applications const APP_HTML_ENCODING = 'UTF-8'; <?php // require_once the functions and constants here // unless your webserver already sets the encoding attribute in the Content-Type header, do it here header('Content-Type: text/html;charset=utf-8'); $test_input = '"></div><script>alert("XSS")</script><div data-dummy="'; ?> <!DOCTYPE HTML> <html lang="en"> <head> <meta charset="utf-8"> <title>Page title</title> </head> <body> <!-- testing the escape function --> <div data-test="<?= html_escape($test_input, APP_HTML_ENCODING) ?>"></div> </body> </html>

To clarify a few things: We will not download fishy ZIP archives from external websites. If you want help, post your code here on this forum inside a code section. That's the blue “<>” button: This is code We're no machine were you insert broken code and get the repaired code back. We expect you to actively work on the problem and give us a proper description of the issue. You might want to stop calling people “bro”.

When you have a concrete problem with sessions, ask a concrete question and show your code. There is no magical PHP tutorial or book which could solve all of your problems at once.

No, you need a parameter for the prepared statement. This is wrong: UPDATE users SET image = '$upload_dir', status = ? WHERE id = ? ^^^^^^^^^^^^^ This is what you need: UPDATE users SET image = ?, status = ? WHERE id = ? ^ Also, $upload_dir is just the absolute path of the upload directory. You still need to append the actual filename.

Read the reply again.

You're trying to insert $actualpath straight into the query string, which is of course nonsensical and dangerous. You need a parameter. Also, do not rely on relative paths (like you do with $path). They could be relative to anything, depending on what exactly the current working directory happens to be. Always use absolute paths. You can start with __DIR__, which is the absolute path of the script directory, and then navigate to the file you want: $upload_dir = __DIR__.'/uploads';

The point is to find a reasonable solution, and we all know that the initial approach isn't always the best one. In fact, if we stopped questioning ideas out of “politeness”, we wouldn't help anybody. I think most users actually expect us to look at the context and not just produce code, so Psycho's critique is perfectly valid.

The order of your parameters is wrong: In the bind_param() call, you assume it's (ID, name), but in the query it's actually (name, ID). So you need $stmt->bind_param("si", $name, $id); Using the number of affected rows as an error condition is also a bad idea, because it's perfectly normal for an UPDATE query to have no effect (e. g. when a previous process has already updated the value). At best, you'd include the affected rows as informational data. To get real errors, enable error reporting for MySQLi before you establish the database connection: mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT); Now you'll get a mysqli_exception whenever a query fails. If you leave the exception alone (meaning: you don't catch it), PHP will automatically emit a 500 response code to signal an error.

When $descriptors already has a “Science” key, then $descriptors['Science'] simply refers to the corresponding value. In your case the value happens to be an array as well, so you can set the value of the “P2” key within that array. In other words, $descriptors['Science']['P2'] = 'text text text'; is roughly equivalent to $science = $descriptors['Science']; $science['P2'] = 'text text text'; Reality is a bit more complex, of course, because PHP automatically creates the subarrays when they don't exist yet.

Assuming the subject/grade combinations are unique: $descriptors[$row['subject']][$row['grades']] = $row['descriptor']; You need better variable names than "descriptors" and "row", though.

This is an XML-based service, so you can't just send plain POST requests. You'll have to assemble an XML document in the above format, send it with cURL and then parse the XML document you get back. Also check if the service provider already offers some kind of client or library to do this.

Put var_dump($_POST); on top of the script to print the parsed request parameters. Then analyze the Ajax request and response with the developer tools of your browser. What does the response say?

Your Ajax request puts the data into the request body (where it should be), so you need to access it through $_POST. $_GET only contains URL parameters.

You need to understand the logic, not assemble random code snippets. Right now, the function always returns false. That's obviously not very useful. Instead, you want it to either return true or false, depending on whether both the username and the password are correct. The easiest way is to have a boolean flag $is_valid which is initialized to false and then switch to true if the condition of the innermost if statement is fulfulled. Then at the end of the function you can simply return the flag. $is_valid = false; // a lot of checks if (...) { if (...) { // if everything is fine, switch the value to true $is_valid = true; } } return $is_valid;

According to your first post, the code is part of the main script. If you return in the middle of the script, you'll get nothing but a blank page. I recommend you put the above code into a separate function like check_credentials() which returns true or false depending on whether the credentials are correct. Then the main script can either log the user in or display an error message. And again: Don't use count() on a variable that can be false. This is appearently a leftover from your previous fetchAll(). Now just check $results && password_verify(...).

I'm not sure what exactly you expect to see, but you can inspect the Ajax request and the corresponding response with the developer tools of your browser (usually F12; Firefox requires the Firebug plugin).

Yes, that looks better. If possible, use the actual adjustment ID as the index. Otherwise you may have trouble mapping the incoming indices back to the adjustments when your data has changed in between.

Don't try to solve ten problems at once, and don't get lost in micro-optimizations. Registering and logging in are two entirely different actions, even if the GUI may look similar at the moment (this can change when you start collecting more data during the registration). So it makes sense to have two separate scripts instead of one complex script with a lot of if-then-else logic. Shared functionalities can be put into functions, shared GUI elements can be managed with a template engine. However, you can worry about that later. Start with the basic structure and then improve it step by step. Because a button label is a graphical feature which should have no effect at all on the underlying functionality. It would be insane if the entire application breaks just because you've changed the label from, say, “register” to “Sign up now!”. If you insist on sending the two forms to the same script, either use a hidden action field or replace the submit element with a button element (which allows you to separate the label from the value).

The action form attribute specifies the URL of the target script. When you use two different actions, that means your forms will be sending their data to two entirely different scripts, not a single script. If you want a single script, you need to put that into the attribute. Then you can check for the value of the submit button: if (isset($_POST['login'])) { ... } elseif (isset($_POST['register'])) { ... } That's not exactly a good solution, though, because now the business logic depends on the label of your submit buttons. Alternatively, use a hidden field which you may actually call action. Then your code above works as intended.

Neither can we, because the code stops right before the relevant parts, and “the form is stretched” is a somewhat vague error description. All I can tell you is that if the user doesn't exist at all, $results is false, counts($results) is 1, and 1 interpreted as a boolean is true. This can (should!) lead to a couple of PHP error messages when you try to do a password comparison with a nonexistent password hash. Anyway, this is the perfect opportunity for you to learn debugging, one of the most important skills of all. Start analyzing your code with var_dump(). This will tell you exactly which code path is executed and which values a particular variable has.