phporcaffeine

That may be your issue in of itself. The header of the email should be a string that you pass to the mail() construct. According to your dump it appears that you are trying to pass an array in the header paramater for the mail() construct.

Did you also change: If ($_SESSION['Normal'] = "TRUE") { $URL="http://www.ultimatblablay.com/Quotes/GoldQuote2.php"; header ("Location: $URL"); } TO If ($_SESSION['Normal'] == "TRUE") { $URL="http://www.ultimatblablay.com/Quotes/GoldQuote2.php"; header ("Location: $URL"); } Notice the '==' and not the '='. You may take a moment and ensure that all 'equal to' conditions are using the '==' operator and not a single '='.

This is a maill header issue. The MTA on your actual web site does not like the headers that php is sending to it. Please put var_dump($headers); right above $mailSent = mail($to, $subject, $message, $headers); and then post the result. Blindly, I can tell you that many MTA's do not process mail outbound for account that they do not host (i.e having php send an email as clown@college.com and the MTA doesn't have an account for clown@college.com). This is most likely the case if this is a third party host.

You do realize that the first line of the original code you posted was: count1 = substr_count($players1,","); AND NOT $count1 = substr_count($players1,","); (notice the '$') Was that a posting mistake or could that be one of the issues?

Put: var_dump($_GET); as the first line in the code that you put here and then submit your form like normal with the values that you think should be giving you a different result than you are getting. The whole $_GET stack will dump and then we can see what is actually being presented to the code. Please post the dump results.

Try this one .... I pulled the function out of some code that I was building and my head was in 5 different spots ... I didn't get it all. Here you go: <?php function XOREncryption($InputString, $KeyPhrase){ $KeyPhraseLength = strlen($KeyPhrase); // Loop trough input string for ($i = 0; $i < strlen($InputString); $i++){ // Get key phrase character position $rPos = $i % $KeyPhraseLength; // Magic happens here: $r = ord($InputString[$i]) ^ ord($KeyPhrase[$rPos]); // Replace characters $InputString[$i] = chr($r); } return $InputString; } //SALT $salt = 'my_special_phrase'; //ENCRYPT $crypted = base64_encode(XOREncryption('my string', $salt)); echo "Encrypted: " . $crypted . "<br />"; //DECRYPT $decrypted = XOREncryption(base64_decode($crypted), $salt); echo "Decrypted: " . $decrypted; ?>

No do something like var_dump($players1); so we can see the actual value of the var

Can you dump what the contents of $players1 and $players2 when they are presented to this portion of the code?

When evaluating an 'equal to' condition you must use the ' == ' or ' <> ' operators. Using a single ' = ' will not work and the conditional argument will not produce the expected result. If ($_GET['4wdYes'] = 'on') SHOULD BE If ($_GET['4wdYes'] == 'on') If ($_GET['4wdNo'] = 'on') SHOULD BE If ($_GET['4wdNo'] == 'on')

I'm not sure what your trying to do either but this is an example of basic XOR and base_64 encryption: <?php function XOREncryption($InputString, $KeyPhrase){ $KeyPhraseLength = strlen($KeyPhrase); // Loop trough input string for ($i = 0; $i < strlen($InputString); $i++){ // Get key phrase character position $rPos = $i % $KeyPhraseLength; // Magic happens here: $r = ord($InputString[$i]) ^ ord($KeyPhrase[$rPos]); // Replace characters $InputString[$i] = chr($r); } return $InputString; } //SALT $salt = 'my_special_phrase'; //ENCRYPT $crypted = XOREncryption('my string', $salt); //DECRYPT $decrypted = XOREncryption($crypted, $salt); ?>

The outbound or 'SMTP' port for gmail is 465, not 587 ... and it requires an SSL connection. The inbound or 'POP' port is 995 and it requires an SSL connection as well. The server url's are smtp.gmail.com and pop.gmail.com, respectively. Your application will need to connect to the gmail mail sever via SSL, or it won't work.

It appears that you would want to place that in a file that is included by the rest of your application. You would want it after the session_start(). Maybe the message board has some sort of a bool return auth function that you can put that snippet into and then return true if Apache populates HTTP_USER_AGENT with 'Googlebot'. To test, you can force $_SERVER['HTTP_USER_AGENT'] to equal whatever you want (like Googlebot) ... just be careful that Apache doesn't override it when you think it isn't.

SELECT * WHERE state LIKE '%" . $_POST['state'] . "%' AND town LIKE '%" . $_POST['town'] . "%', address LIKE '%" . $_POST['address'] . "%' AND day LIKE '%" . $_POST['day'] . "%' .... etc Something like that?

Do you have a a custom interface or are you tring to modify the phpMyAdmin interface?

exec() and system() are php shell functions that just pass a call to the server's OS ... anything that exec() or system() returns is whatever the shell returned. The host language (in this case, PHP) is very much 'out of the loop' when it comes to shell commands. A return status of 5 from a shell of 'ping' could mean one thing on winblows and something totally different on Linux. Additionally, the return of INT(5) could mean one thing to 'ping' but something totally different to 'netstat' ... etc. What command are you shelling and to what OS?

<?php $badWords = array( 'badWord1', 'badWord2', 'badWord3', 'badWord4', 'badWord5' ); $cleanReplacements = array(); foreach ($badWords as $word) { $cleanReplacements[] = '****'; } $messageContent = str_replace($badWords, $cleanReplacements, $messageContent); ?> That is a very rudimentary 'bad word filter' but it shows the basic principles. Using str_replace will work in a lot of instances but it is more of an exacto knife than a broad sword. If your looking to create a type of filter that will find words like 'ass' inside of words like 'passport' then you need to start learning something called Regular Expressions.

Yep ... gotta see some code ... your issue culd be anything ... you don't even give enough detail to make a blind guess.

You are trying to iterate variable values inside single quotes. Either use double quotes or concatenate it. header('Location: http://mydomain.com/index.php?page=message&forum=$forum&id=$forumpostid&pagenum=last'); SHOULD/COULD BE header('Location: http://mydomain.com/index.php?page=message&forum=' . $forum . '&id=' . $forumpostid . '&pagenum=last'); OR header("Location: http://mydomain.com/index.php?page=message&forum=$forum&id=$forumpostid&pagenum=last");

These lines are likely your issue: $header .= 'Return-Path: ' . $user->name .' < ' . $user->main . '>\r\n'; $mailbody .= '\r\n- ------ \r\n Lorem ipsum'; It should be: $header .= "Return-Path: " . $user->name ." < " . $user->main . ">\r\n"; $mailbody .= "\r\n- ------ \r\n Lorem ipsum"; Notice the use of " and not ' (you'll notice that everywhere else in your script, double quotes are used to encapsulate /r/n except on those lines) The short answer: PHP looks at strings in single quotes differently than in double quotes, in single quotes PHP will always echo verbatim. In double quotes PHP will evaluate the text rather than echo verbatim.

Sure, but we would need to see how your script is working currently (i.e code). Sounds like the script is rendering the rest of the page prior to echoing the comment ... er something like that, alas ... that's as good as you get until I get some code.

You certainly can't much expect help if you don't provide us with some code. Blindly, my guess is that the search's indexing routine is doing something based off the domain name.

That is sort of correct folks, however it isn't really for 'security purposes'. It is called character escaping, and it is done so that MySQL knows where your query actually begins and ends. Example: <?php mysql_query("SELECT * FROM tbl WHERE name='bob's tackle'"); ?> Without character escaping MySQL would think the query is SELECT * FROM tbl WHERE name='bob ... because what we view as an apostrophe to denote a plural tense, MySql sees as the closing apostrophe to the name condition. So the above example should be: <?php mysql_query("SELECT * FROM tbl WHERE name='bob\'s tackle'"); ?> Prior to inserting data into MySQL tables you should use something like mysql_real_escape_string() (for non integer data). You generally won't need to 'strip slashes' if you use mysql_real_escape_string. Character escaping goes well beyond PHP and MySQL ... it's done in nearly every syntax. If you ever feel so inclined, you can trace the lineage of character escaping back to regular expressions.

I would say that the most 'complete' way of doing this would be to make a custom build of the binaries that you only build with it what you want. Being that it may not be very attractive to do so, within php.ini there are two directives that may be of use to you: disable_classes disable_functions and of course, only load the extensions that you'll need. Doing those three things should get you where you want to be without having to build custom binaries.

I generally do not advocate echoing variables directly into a query statement (for many reasons), my guess is that $table does not contain what you think it contains, when you're using the script on the page that it does not work on.

In the form element: maxlength='15' In the post-back code: $_POST['MY-15-CHAR-FEILD'] = trim($_POST['MY-15-CHAR-FEILD']); AND/OR (this method is a bit more aggressive but the trade off is that it will always be 15 chars) $_POST['MY-15-CHAR-FEILD'] = substr($_POST['MY-15-CHAR-FEILD'], 0, 14);