wildteen88

Yes the new superglobals where introduced in PHP 4.2. You should be able to use the new superglobals in PHP4.2 or greater

From the error you are getting it looks like your variables are being replaced with their values. But I'm not sure. Did the new query work?

Use two \ (\\) for defining windows paths. It is becuase the \ is escaping the quote at the end of the define statement. Using \\ will helpl stop this.

Run this code on co2_s_sample array: [code=php:0]echo "<pre>" . print_r($_POST['co2_s_sample '], true) . "</pre>";[/code] What do you get? That code should retrun whats in the array. Post what it retruns here. Also its a good job your host has upgraded PHP, as it should like it was using register_globals before.

Chnage this: [code]echo " Failed to upadate";[/code] to [code]echo " Failed to upadate, Reason for failing<br />\n" . mysql_error());[/code] With this code you shoul now get an error message from MySQL why your query is failing What I think is the problem is is becuase you are not use quotes around your values. Try thhe following as the query: [code]$sqlqup = "UPDATE club_data SET Head='$gethead', Teacher='$getteacher', News='$getnews', Message='$getmessage', members='$getmembers' WHERE ClubID='$clubno'";[/code]

localhost:8080 Anything after the colon is the port number. What are using to connect to MySQL DB?

That is not an error. That is just a notice. Basically you are using a variable called $empty which doesnt exist, thus you get the above message. You should do something like the folloowing to prevent the notice: [code=php:0]if(isset($empty)) {     // now work with the empty variable as it exists }[/code] Or define $empty with no value [code=php:0]$empty = '';[/code] Another option is to turn down error reporting to ignore notices

if $_POST[co2_s_sample] is an array you'll want to use $_POST[co2_s_sample][$i] to access the items in that array Or use a foreach loop: [code=php:0]foreach($_POST['co2_s_sample'] as $co2_example) {     echo '<td align="center">' . $co2_example . '</td> <td align="center"> ' $_POST['test_type'][$co2_example] . "</td>\n"; }[/code]

Did yu create the forum yourself, if you did then it sounds like you have an exploit in your code which the hacker is using to spam your forum.

Whats the error, cant help much without seeing the error(s) being returned. Post the errors here

If you want to encrypt the data being sent to and from the server you'll want to use SSL (Secure Socket Layer). Which you can get openSSL for free to be installed on your server. Then to have a secure connection goto https://mysite.com and any requests to and from the server will be encrypted.

If you use Apache you just need to restart Apache and not your computer for any new chnages from the server configuration files (httpd.conf or php.ini) to take affect

You are using old super global variables, you should use the new superglobal variables which are $_POST instead of $HTTP_POST_VARS $_GET instead of $HTTP_GET_VARS $_SESSION instead of $HTTP_SESSION_VARS $_COOKIE instead of $HTTP_COOKIE_VARS Also this code here: [code=php:0]else   {     if (isset($user_name))     {       // if they've tried and failed to log in       echo 'Could not log you in';     }     else     {       // they have not tried to log in yet or have logged out       echo 'You are not logged in.<br />';     }[/code] Is a little strange. You are checking to see if $user_name exists, and if it does you say you cannot be logged in. Shouldnt this [code=php:0]if (isset($user_name))[/code] be [code=php:0]if (!isset($user_name))[/code] Otherwise if the user fills in the form correctly and hits submits it always goona say '[i]Could not log you in[/i]'. With the latter code it now checks whether the $user_name var doesnt exist.

PHP 5 is not compatible with Apache2.2. You'll need to download the latest CSV version of PHP from php.net in order to use PHP with Apache2.2 or download the php5apache2_2.dll from [url=http://www.apachelounge.com/]apachelounge.com[/url] A better option will be to downgrade Apache to Apachre2.0.x

before you use mysql_real_escape_string make sure you are connected to mysql first. mysql_real_escape_string requires you to be connected to mysql in order for this function to work. From looking at your code you connect to mysql way after you use mysql_real_escape_string.

Use str_replace: [code]$text = str_replace(array("<br>", "<br />"), '', $text);[/code] I guess you use nl2br when inserting data to the database, this is not recommended. You should save data in its raw state in the database. Then you format the data how you want it to be displayed when you get it out of the database.

I ment PHP rather than MySQL. PHP is smart enough to recognise escaped characters within a string and attempts to unescape them when they are outputted.

It is doing the trick I assure, otherwise your SQL Query would fail. When you get the data out of the database mysql will unescape the previously escaped characters. You should be able to see the escape characters when you look into your database, you can do by using phpMyAdmin which most hosts provide to help manage your mysql databases.

Have no idea. But what I can tell you are running SMF. I suggest you get help over at smf help forum.

Looks like you host has disabled file-access in the server configuration. Most probably the allow_url_fopen directive has been disabled, which allows you to send http requests with the file functions.

use echo

mysql_real_escape_sting escapes other characters, such as whitespace, quotes, hex, slashes (\x00, \n, \r, \, ', " and \x1a) Where as your code just escapes single quotes.

Use curly braces around your variable: [code]$selectedshirtid = $info['shirt_id']; echo "<DIV class=\"menuContainer\" id=\"menu{$selectedshirtid}Container\">[/code] Without the curly braces PHP will get confused. The curly braces are used to help php out. and use quotes around your attributes values in your html tags.

Whats the permissions for userfeed12.txt?

I'm a linux newb too, but I think you need to run [b]sudo chmod g+w /usr/local/...php.ini[/b].