wildteen88

I think MadTechie was referring to my code example when he provided you with his code with regards to showing the error message. Perhaps that is why you are getting confused. In my code I changed the way you report errors to the user when their username/password didn't meet your specification. Before you only show'd one error at a time. To be more user friendly I logged all the errors into the error variable and diaplayed all errors in one go. MadTechie's code merged: <?php $formusername = "bbbA2bb"; //Works $formusername = "bbbbbbb"; //Fails $formpassword = "aaaA2aa"; //Works $formpassword = "aaaaaa"; //Fails // set error to a null value $error = null; $username_check = (preg_match('/\A(?=\S*?[A-Z])(?=\S*?[a-z])(?=\S*?[0-9])\S*\z/', $formpassword) > 0) ? true : false; $password_check = (preg_match('/\A(?=\S*?[A-Z])(?=\S*?[a-z])(?=\S*?[0-9])\S*\z/', $formpassword) > 0) ? true : false; if (!$username_check) { // set username error message $error .= "<span class='warning'>$formpassword ERROR: Failed check for required symbols in password. Please adhere to the specifications given.</span><br />"; } if (!$password_check) { // set password error message $error .= "<span class='warning'>$formpassword ERROR: Failed check for required symbols in password. Please adhere to the specifications given.</span><br />"; } // check that $error is not set to null // if it is not null we'll display all errors logged if(!is_null($error)) { echo $error; die($loginform); } else { // success username/password adheres to specification // ... rest of code ... } ?>

Not sure if you know this, but I noticed you use both types of PHP tags (<?php ?> and <? ?>). The latter tags, also known as short tags won't work by default when you install PHP. I generally try to stick to using the full tags. Using the full tags will allow your code to be more portable over different PHP setups. To make short tags work, either change your short tags (<? ?>) to full tags (<?php ?>) or enable the setting called short_open_tag within the php.ini.

Use mysql_fetch_assoc instead. mysql_fetch_array returns two types of arrays:- an associative array and a numerical array. mysql_fetch_assoc returns just an associative array - which is what you want.

Set it INT datatype instead.

That tutorial uses the command line. You wont be able to use the command line from your website. You'll want to use phpMyAdmin to manage your users and/or privalages. phpMyAdmin is a web application which allows you to manage MySQL form the web. godaddy may have a help/support section for using phpmyadmin. Search godaddy's site.

Try: <?php $html_string = '<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN lang=EN-US style="FONT-SIZE: 11pt; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">The village of Sechishte is 40 km from the town of Shumen and 90 km from Varna city.<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></SPAN></P>\r\n<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN lang=EN-US style="FONT-SIZE: 11pt; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US"> <o:p></o:p></SPAN></P>\r\n<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN lang=EN-US style="FONT-SIZE: 11pt; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">This 120 sq m house, consisting of 6 rooms has a huge piece of land of 5 000 sq m. It is a corner plot with an additional small house and a barn on it.<o:p></o:p></SPAN></P>\r\n<P class=MsoNormal style="MARGIN: 0in 0in 0pt"><SPAN lang=EN-US style="FONT-SIZE: 11pt; FONT-FAMILY: Arial; mso-bidi-font-size: 12.0pt; mso-ansi-language: EN-US">Bathroom/WC are on the ground floor of the house.<o:p></o:p></SPAN></P>'; $string = strip_tags($html_string); echo $string; echo '<hr />'; $value = str_replace('\r\n', '', $string); echo $value; ?>

Can you stop posting new threads for every single problem you have with your scripts. If its the same script post in the original thread. Don't open new ones. Also please use more descriptive thread titles and provide information about the script too, such as what it does, what its supposed to do, what's happening etc. Don't just dump the code on us and expect us to read to your mind. Thread closed.

Example: <?php if(isset($_POST['submit'])) { if(isset($_POST['chk_box'][0]) && $_POST['chk_box'][0] == 'somevalue') { echo 'checkbox1 - Selected'; } else { echo 'checkbox1 - Not Selected'; } } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> Checkbox1: <input type="checkbox" name="chk_box[]" value="somevalue" /><br /> Checkbox2: <input type="checkbox" name="chk_box[]" value="anothervalue" /><br /> <input type="submit" name="submit" value="Submit Checkboxes" /> </form>

Not sure what you mean, can you post code examples or explain your question in more detail. The general rule is to not place any form of output before a call to the header function (or any function that requires headers, eg: session_start, setcookie and header). However it is ok to output anything after a call to the header function (or any function that requires headers).

If the table you are querying contains an id column. include the id column in your query, eg: <?php $sql = "SELECT id, another_column, col_x FROM tbl_name_here"; $result = mysql_query($sql); while($row = mysql_fetch_assoc($result)) { echo $row['id'] . ' - ' . $row['another_column'] . ' - ' . $row['col_x'] . '<br>'; } ?>

What do you get when you run the script? A blank page or an error. It helps if you explain what is happening when you run the script and what is supposed to happen. Also I have seen a few problems with your code. I saq this line: include "connect.css"; What is that file for? Is it for a stylesheet? if it is why are you including a Stylesheet with PHP? You should use the link HTML tag for applying a stylesheet to an HTML document not PHP. Unless you are using PHP to generate dynamic CSS. Another problem I see is you don't wrap associative array indices in quotes. You should wrap associative array indices within quotes otherwise PHP will assume you are using a constant. For example: $_POST[submit] should be $_POST['submit']. Notice the quotes between the square brackets. Another problem I can see is you use the wrong style of quote when defining strings, eg you use “ instead of ". PHP only accepts " (double) or ' (single) quote characters for defining strings. Also when outputting large amount of HTML go for the HEREDOC Syntax. This allows you to then write strings without having to escape quotes. Variables can also be used too with HEREDOC.

Merge your regex patterns into one. $error = null; if (!preg_match('/^[a-z0-9]+$/i', $formusername)) { $error .= "<span class='warning'>$formusername ERROR: Failed check for required symbols in username. Please adhere to the specifications given.</span><br />"; } if (!preg_match('/^[a-z0-9]+$/i', $formpassword)) { $error .= "<span class='warning'>$formpassword ERROR: Failed check for required symbols in password. Please adhere to the specifications given.</span><br />"; } if(!is_null($error)) { echo $error; die($loginform); }

It says select all from the table 'table_name' where the column 'column_name' is not set to 'NULL'

Rather than displaying 'Could not connect to server!' when the connection fails place the mysql_error() function within the die statement too. That way you get an error from mysql which which will tell what is wrong New code: <?php mysql_connect("localhost","barrymd@localhost","24086628") or die("Could not connect to server:<br />" . mysql_error()); echo "connected"; mysql_select_db("books") or die( "Unable to select database:<br />" . mysql_error()); echo "selected db"; $query = "INSERT INTO contacts VALUES ('','$first','$last','$phone','$mobile','$fax','$email','$web')"; mysql_query($query) or die( "Unable to run query (<tt>$query</tt>:<br />" . mysql_error()); mysql_close(); echo "all done"; ?>

Open the file using the file function like so: $line = file('path/to/file'); file opens up the file and puts each line in to an array, eg: $line[0] is line 1, $line[1] is line 2, $line[2] is line 3. Remember array indices start at 0 and not 1.

In your php script you can use the various mysql_* functions for working with MySQL databases in PHP. You don't need to use command line in php scripts. For example you use mysql_connect to connect to MYSQL server. mysql_query to run an sql query. I would recommend you to go through the tutorials over at php-mysql-tutorial.com/ for learning how to use PHP with MySQL. NOTE: If you are using PHP5 then you'll need to configure PHP to use the MySQL extension. You can do this by reading this FAQ.

If you want to run a script every x minutes/hours etc. Then you'll want to look into Cronjobs (for *nix servers) or Scheduled Tasks (for Windows Servers).

What gets displayed when you turn display_errors on within the php.ini (make sure you restart Apache for new changes to take affect). Re run your script again. If there is a problem with script PHP should display an error to the screen rather than a blank screen. Also can you post your code here too.

Here is an example: <?php $input = "' R 1=1 --"; $ptn = "/('|\") OR ([0-9]+)=([0-9]+) (\-){2}/i"; preg_match($ptn, $input, $matches); if($matches[0] == $input) { echo '<tt>' . $input . '</tt><br />Successfull SQL Injection command'; } else { echo '<tt>' . $input . '</tt><br />Is not an SQL Injection command'; } ?>

Which code are you referring to? Your old code (posted in your first post) or my code in this post? If you mean my code and you are changing $msg = to echo then the code will still work as you have outputted the HTML after you have called the header function. It is ok to send output after a call to header but it is not ok if you send output before a call to header.

Isn't it Mister?

No that is just normal practice. No form of output, eg: HTML, whitespace or any form of text should be outputted before a call to any function that sends/requests headers eg: setcookie, session_start, header etc. Output is formed when you either tell php to echo/print a string within the php tags or anything outside of the php tags. Also I have modified my post with another suggestion.

Move all PHP processing before the HTML, example: <?php session_start(); include ('db.php'); $li = db(''); $u = $_POST['u']; $p = $_POST['p']; $s = "SELECT * FROM `u` WHERE `u` ='$u'"; $r = mysql_query($s, $li) or die(mysql_error()); if(mysql_num_rows($r) > 0) { $s2 = "SELECT * FROM `u` WHERE `u` ='$u' AND `p` ='$p'"; $r2 = mysql_query($s2, $li) or die(mysql_error()); if(mysql_num_rows($r2) > 0) { $r = mysql_fetch_assoc($r2); $l = $r['al']; switch($l) { case 1: header("location:test.html"); break; case 2: header("location:test1.html"); break; } } else { $msg = '<p align="center"><span class="style1">incorrect.</span></p>'; $msg .= '<p align="center"><a href="index.php" class="style1">Back</a></p>'; } } else { $msg = '<p align="center"><span class="style1">error.</span></p>'; $msg .= '<p align="center"><a href="index.php" class="style1">Back</a></p>'; } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Login</title> <style type="text/css"> <!-- .style1 { font-size: 29px; font-family:Helvetica, sans-serif; } --> </style> </head> <body bgcolor="#CCCCCC"> <?php echo $msg; ?> </body> </html> Or another method is to change these lines: case 1: header("location:test.html"); break; case 2: header("location:test1.html"); break; To this: case 1: redirect_to("test.html"); break; case 2: redirect_to("test1.html"); break; Then add this code: function redirect_to($location) { header('Location: ' . $location); } At the the top of the page, After the following: session_start(); include ('db.php'); $li = db('');

Can you please post the full error message you get for us to see. You don't need to configure includes. You can setup PHP to include files from a certain path automatically if you want - this what thorpe suggested earlier. But posting the full error message will help to clear up what you mean.

That code requires register_globals. register_globals is now disabled by default as it can cause security exploits within your code. I'd say dump that script and look for script that does not replay on register_globals.