wildteen88

Use: include './../../root/config.php'; maybe?

Umm, $i is set to 0 for($i=0; ... ) You may need to read up on how a for loop works.

Your for statement does not make sense. It should be: for($i=0; $i < $rating_num; $i++) I presume rating_num determines how many stars are shown.

Oh Bulls! Yeah $sql; should be $sql It should work now fingers crossed. I have tested the code this time. <?php session_start(); require_once 'includes/connection.php'; // check that the form is submitted if(isset($_POST['submit'])) { // validate username if(isset($_POST['username']) && !empty($_POST['username'])) { // use the built in mysql real escape string function to protect agains SQL Injection $username = mysqli_real_escape_string($connection, $_POST['username']); } else { // username does not validate, define an error $errors[] = 'You have forgotton to include your username.'; } // we apply the same for the password field. if(isset($_POST['password']) && !empty($_POST['password'])) { $password = md5($_POST['password']); } else { $errors[] = 'Password not provided'; } // chekc that no errors have been set, if so display them if(isset($errors) && is_array($errors)) { echo 'Errors: <ul><li>' . implode('</li><li>', $errors) . '</li></ul>'; } // no errors are set so we'll continue else { $sql = "SELECT * FROM `members` WHERE `username`= '$username' AND `password`= '$password'"; $result = mysqli_query($connection, $sql) or die('Query Error:<br />Query: <tt>'.$sql.'</tt><br />Error: ' . mysqli_error($connection)); // check that the query return only ONE result if(mysqli_num_rows($result) == 1) { $_SESSION['is_logged_in'] = true; // get result set from the query and assign it to the 'user' session. $row = mysqli_fetch_assoc($result); $_SESSION['user'] = $row; // redirect to the login_success.php header('Location: login_success.php'); exit; } // query failed, display error echo "Wrong Username or Password"; } } // for was not submitted, display error else { echo 'Please use the login form for logging in'; } ?>

because you are using an absolute http address Apache will redirect the user to http://www.url.com/datasheets.php. To stop the redirect just use a relative url: RewriteRule ^products/datasheets/$ /datasheets.php

Fairly simple: $lines = file('data.txt'); foreach($lines as $line) { $line = substr($line, 1, strlen(trim($line))); list($word1, $word2, $word3) = explode(' ', $line); echo 'Word1: ' . $word1 . '<br />'; echo 'Word2: ' . $word2 . '<br />'; echo 'Word3: ' . $word3; }

When using openbase_dir dont end paths with slashes. Use: openbase_dir = "C:/Web/www" This will allow PHP to parse php files in C:/Web/www and all subdirectories. if you set openbase_dir it to C:/Web/www/ (forwardslash at the end) you only allow access files contained in C:/Web/www it wont parse files in subdirectories.

This is not the case. have a look at the following line <a href='page7.php?<?=SID ?>'>page7.php</a> It is because PHP is not configured to use the short open tags (<?= ?>) and so PHP is sending the code over the url rather than the session id. Change <?=SID ?> to <?php echo SID; ?> instead. Now re run your code with cookie disabled and you should find the session id being transferred. Do note though that transferring the sessions id over the url can allow for session fixation.

Use an external counter: $i = 0; // initiate counter while (list($category_id, $name, $description, $count) = mysql_fetch_row($res)) { // alternate row colors $bg = ($i%2) ? 'ffffff' : 'cccccc'; $indent = str_repeat('&#8212; ', $level); echo "<tr><td bgcolor=\"#{$bg}\" height=\"26\"><div align=\"center\">$category_id</div></td><td>$indent$name</td> <td>$description</td><td><div align=\"center\">$count</div></td><td><div align=\"center\"><a href=\"categories.php?action=edit&id=$category_id\">Edit</a></div></td> <td><div align=\"center\"><a href=\"categories.php?action=delete&id=$category_id\">Delete</a></div></td></tr>"; display_category_table($category_id, $level+1); $i++; // increment counter }

As you're using sprintf, then add tblname as the second parameter, eg: [tt]$sql = sprintf("SELECT * FROM %s WHERE live = '%s';", $live, $tblname);[tt]

Sorry I had a typo in the query: $sql = "SELECT * FROM `members` WHERE `username`= '$username' AND `password`= '$password'"; $result = mysqli_query($connection, $sql) or die('Query Error:<br />Query: <tt>'.$sq;.'</tt><br />Error: ' . mysqli_error($connection));

Run phpinfo and tell what the Configuration File (php.ini) Path and Loaded Configuration File lines return Also can you tell me where your php.ini is located. As a note I find it best to use forward-slashes for paths (/) rather than backslashes.

According to the php wiki php5.3 is not expected until Q2/Q3 2008. Little while to wait yet.

No problem. Glad I managed to help.

Please... if you really need or want to clear the $_POST Variable you can use $_POST = array(); and that's it. Regarding the header-stuff: Why don't you do it like this: <?php ... if(!empty($_POST['paragraph'])) { $output = null; foreach($_POST['paragraph'] as $data) { $title = $data['title']; $content = $data['content']; $output .= "[$title]\n$content\n"; } file_put_contents('data.txt', $output); } ?> <form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post"> <table border="0" cellpadding="5" cellspacing="1"> <tr> <th colspan="2"><h1>Paragraph Editor</h1></th> </tr> <tr> <th width="150">Title</th> <th>Content</th> </tr> <?php $i = 0; foreach(get_paragraphs() as $key => $data) { echo " <tr valign=\"top\">\n <td><input type=\"text\" name=\"paragraph[$i][title]\" value=\"$key\"></td>\n ". "<td><textarea name=\"paragraph[$i][content]\" cols=\"60\" rows=\"6\">$data</textarea></td>\n </tr>\n"; $i++; } ?> <tr> <td colspan="2"><input type="submit" name="submit" value="Apply Changes" /></td> </tr> </table> </form> As you can see, the header location is totally useless. Note: a header location to the same domain is useless in 99.9%. 2 other things: Don't check the submit button, check the data. Some browsers don't submit the button's value. And to save the data in text file with your scheme [] isn't really elegant. you should use xml or a database or if you want to keep it simple a serialized array. by the way, i see that you're using the eregi functions, these are old... you should use preg_match and co. Sorry about the Objections, but i had to say it (although if you are a Genius Super Moderator ) I'm understanding what you're saying but what I posted was to the OP needs. As for using xml or a database for storing the paragraphs, the OP already had the paragraphs in a text file. I wrote the code around what they already had. As with the use of header I only added it in for an easy fix, because the browser was caching the page and not showing the new changes made when the form was submited. I know its not the best however it will do. I do understand was xss is yes. I don't know what you're trying to prove.

Your script requires register_globals to be enabled in order to function. Register_globals is now depreciated (and is to be removed completely when PHP6 is released) and has been disabled by default as it can cause security exploits within your code. Now to get the value from the Fname field, you'll need to use $_POST['Fname'] also $PHP_SELF will need to be $_SERVER['PHP_SELF']

The main site is down and is currently being rebuilt this is why the donations link has disappeared

You can opt out of that. Either during the installation process or when you go to download Adobe Acrobat reader.

Hiya guys, sorry about that I had a bug in my code, see this line: $username = mysqli_real_escape_string($connection, $_POST['password']); It should have been: $password = md5($_POST['password']); Also you'll need to change the top two lines of login.php to this: <?php session_start(); // session_start() must be called on all pages which uses sessions. require_once 'includes/connection.php'; Corrected code: <?php session_start(); require_once 'includes/connection.php'; // check that the form is submitted if(isset($_POST['submit'])) { // validate username if(isset($_POST['username']) && !empty($_POST['username'])) { // use the built in mysql real escape string function to protect agains SQL Injection $username = mysqli_real_escape_string($connection, $_POST['username']); } else { // username does not validate, define an error $errors[] = 'You have forgotton to include your username.'; } // we apply the same for the password field. if(isset($_POST['password']) && !empty($_POST['password'])) { $password = md5($_POST['password']); } else { $errors[] = 'Password not provided'; } // chekc that no errors have been set, if so display them if(isset($errors) && is_array($errors)) { echo 'Errors: <ul><li>' . implode('</li><li>', $errors) . '</li></ul>'; } // no errors are set so we'll continue else { $sql = "SELECT * FROM memebers WHERE username= '$username' AND password= '$password' "; $result = mysqli_query($connection, $sql); // check that the query return only ONE result if(mysqli_num_rows($result) == 1) { $_SESSION['is_logged_in'] = true; // get result set from the query and assign it to the 'user' session. $row = mysqli_fetch_assoc($result); $_SESSION['user'] = $row; // redirect to the login_success.php header('Location: login_success.php'); exit; } // query failed, display error echo "Wrong Username or Password"; } } // for was not submitted, display error else { echo 'Please use the login form for logging in'; } ?> Another thing I forgot to mention dazz_club any page which requires login, you'll need to add the following few lines of code at the top of every page: <?php session_start(); // check that the user has logged in if(isset($_SESSION['is_logged_in']) && $_SESSION['is_logged_in'] !== true || !isset($_SESSION['is_logged_in'])) { die('You must be logged in to view this page!'); } ?> To allow the user to logout out you'll need to use this: <?php session_start(); // check that the user has logged in if(isset($_SESSION['is_logged_in']) && $_SESSION['is_logged_in'] !== true || !isset($_SESSION['is_logged_in'])) { die('You are already logged out'); } unset($_SESSION); session_destroy(); ?> <h1>Logged out!</h1>

I had used to header to clear the $_POST and for the changes to take affect, otherwise the browser will display the old values. I could of told the browser to not cache the page but it was only an example

Have a read up on SQL Joins (advanced) or beginner.

Problem is line 580 which is below $cache_hits[$cache_count] = array('k' => $key, 'd' => 'put', 's' => $value === null ? 0 : strlen(serialize($value))); is being dynamically generated from a foreach loop by loooks of it. Change it to: if(isset($cache_hits[$cache_count])) { $cache_hits[$cache_count] = array('k' => $key, 'd' => 'put', 's' => $value === null ? 0 : strlen(serialize($value))); }

You'll be better of using an SQL Join rather than doing three different queries

You have the following class in your css img.filmstrip { border-color:#FFFFFF; border-style:solid; color:#FFFFFF; border-width: 1px; } That is what I meant by apply vertical-align: middle; to the img.filmstrip class Added: [code]img.filmstrip { border-color:#FFFFFF; border-style:solid; color:#FFFFFF; border-width: 1px; vertical-align: middle; } [/code]

simply use $_GET['p']