alpine

Nothing is to be outputted to the browser before a header command, that is a message, space, linebreak etc [i]anywhere[/i] in the script or in included scripts before the header call is made. Example if you put the php start tag on line two in a script, this is enough to fail headers. This is a very common issue and there is a pinned post on this issue [a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=63200\" target=\"_blank\"]HERE !![/a]. I would say that good practice is to [u]always[/u] do the php start tag in the absolute top left corner on any php script you write. As an alternative to header you can use <meta http-equiv="refresh" content="{$time}; url={$target}" /> where time is in seconds, set it at 0 and it's instant redirect.

Hi, you seem to have messed things up a bit again with some missing and som wrong brackets, please follow your first posted code and make the adjustments stated in the following posts and it will work. I advice you to use a php editor that will highlight your syntax as you write, making opening and closing brackets match themselves. I recoment the totally free [a href=\"http://www.mpsoftware.dk/\" target=\"_blank\"]PHP Designer[/a] as a good freehand tool.

$from_page_1 = htmlspesialchars($_POST['from_page_1']); This is the posted values from a field name called [i]from_page_1[/i] and i gave it the same name in form 2. [i]$_POST['from_page_1'][/i] contains whatever you wrote in the field named [i]from_page_1[/i], you can ofcourse name it whatever you like and add several fields with different names. [i]htmlspecialchars()[/i] is a php function that makes things more secure in this case, but is not required to use it just to get things working. you can also use [i]strip_tags()[/i] etc. instead, strip_tags might be a better solution actually if you are just emailing the results. Look in the [a href=\"http://no.php.net/manual/en/function.strip-tags.php\" target=\"_blank\"]Manual[/a] for further understanding of this. You are correct in your resume on the form-prosedure.

[code] $sql = mysql_query("SELECT * FROM Links WHERE ok='1' ORDER BY id asc LIMIT $from, $max_results") or die(mysql_error()); [/code]

its a pure html issue, instead of input type="text" you have input type="hidden" [code] <? // from prev page $from_page_1 = htmlspesialchars($_POST['from_page_1']); ?> <form name="page_2" action="page_3.php" method="post" /> <input type="hidden" name="from_page_1" value="<? echo $from_page_1; ?>" /> <input type="text" name="from_page_2" value="" /> <input type="submit" name="page_2_submit" value="next step" /> [/code]

I'm not sure if i understand you fully, but you could pass on the users level in a different session to load based on their level, so [code] $level = $_SESSION['level']; $con=mysql_query("SELECT username,level FROM users WHERE level='$level'"); echo $level; [/code]

hi, You could make your forms to contain hidden fields to store values passed on from the previous page, then they will be re-posted as you move on but still never visible for the user. Then you will have all form information available at the last stage, ready to email. You could also look into sessions and see if that could be your solution. You would have to do some checks on existing sessions as you move on from formpage to formpage to verify that information is being passed on. Mysql is a solution but i dont think it is the best (read: easiest) solution here as you might end up with som partially completed forms if a user decides to quit on e.g. stage 3 - so this would again reguire a clean-up query to remove those.

and its a good approach to ALWAYS filter the variables even if it comes from hidden fields or the form is restricted to logged in users only. For example if you are expecting a number in variable $id, check that it is a number before using it inside a query [code] if(is_numeric($id)) { // ok } else { // fail } // or set as integer makes it harmless, returning only numbers $id = "45678'#--"; settype($id,"integer"); // returning 45678 $id = "45'678"; settype($id,"integer"); // returning 45 as it cuts off at the first non int value [/code] For any other string (text or mix) there is several options on how to do this, here is two of them - look it up in the [a href=\"http://www.php.net\" target=\"_blank\"]Manual[/a] for description and more optional functions [code] $string = htmlspecialchars($_POST['string']; $string = strip_tags($_POST['string']; [/code] I would never use just $string = $_POST['string'] (or any other Predefined Variables) when working against a database query in particular. You might become a victim of [a href=\"http://www.unixwiz.net/techtips/sql-injection.html\" target=\"_blank\"]Sql injection[/a] An other issue is CSRF , here is one article on furter [a href=\"http://www.squarefree.com/securitytips/web-developers.html\" target=\"_blank\"]security[/a]

assuming you have $username set previously in your code, try mysql_fetch_array() instead of mysql_fetch_row() [code] // $row_check1 = mysql_fetch_row($check1); $row_check1 = mysql_fetch_array($check1); [/code]

if you still have problems (working partially) you could post your current code to get further help

i can't find any more, even tested it myself without errors - are you sure it is that file you have the error report on now?

or replacing } with else [code] function check_password_length($formdata, $password, $minlen) { //check the password is the correct length //$formdata = form data array //$password = name of password field //$minlen = minimum length of password field if (strlen($formdata[$password]) < $minlen) return false; else return true; } [/code]

i use the X-mailer myself and this is not the problem as long as it's real, faking it would be a risky move if you ask me. Was it the FULL header you posted there ? I use IE express (dont say Anything...please) as email client, and this states different warnings on the x-spam status. I managed to get this down to -0.5 when sending out from php5 through smtp, havent tested it on hotmail, but yahoo accepts every mail to inbox, not bulk [code] To: [sensored out]@[sensored out].no Subject: [sensored out] X-Message-Key: IA== From: [sensored out] <[sensored out]@[sensored out].no> Reply-To: [sensored out] <[sensored out]@[sensored out].no> X-Mailer: PHP v5.1.4 Date: Thu, 11 May 2006 13:55:42 +0200 Message-ID: <200605111355429PMYBYQ7N3UY@www.[sensored out].no> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: multipart/related; boundary="cdaa02e008ad65fa30a03fbb1c294ee5" X-Spam-Status: No, hits=-0.5 required=4.0 X-Spam-Report: -0.5 hits, 4.0 required;     * -0.5 ALL_TRUSTED            Passed through trusted hosts only via SMTP X-Virus-Scanned: by moam (http://www.moam.net/) X-Moam-Version: 0.92 [/code] i fixed proper message ID, encoding, content type, mime-boundary etc. to fix my problems.

if you filter all GET variables properly (and POST ofcourse) you shouldn't have to worry. You can also make yourself one-time selfexpire random keys to use along when you are navigating admin area, perform delete operations etc.

[!--quoteo(post=374067:date=May 15 2006, 12:05 PM:name=Orio)--][div class=\'quotetop\']QUOTE(Orio @ May 15 2006, 12:05 PM) [snapback]374067[/snapback][/div][div class=\'quotemain\'][!--quotec--] Thanks alpine [img src=\"style_emoticons/[#EMO_DIR#]/smile.gif\" style=\"vertical-align:middle\" emoid=\":smile:\" border=\"0\" alt=\"smile.gif\" /] But what about varibles that weren't set? Another example: [code]$var=1; if(!isset($age)){ $var=$age; echo($age); }; [/code] Will any error occur? And is $var's value going to stay 1? Thx again, Orio. [/quote] First off, your code here isn't logical because you are setting $var to be $age only when $age don't exist - so it would never echo anything a variable that don't exist (isn't set) won't echo anything [code] $age = $_GET['age']; $var = 1; if(empty($age)) { $age = $var; } echo $age; // prints out 1 if $age is empty, else it will echo whatever $age contains [/code]

[code] $foo=1; $bar=10; if($_POST['age']<20) { $bar=$foo; // $bar will be 1 that is the value of $foo } elseif($_POST['age']<50) { $foo=$bar; // $foo will be 10 that is the value of $bar } else { $foo=100; $bar=100; } [/code]

[a href=\"http://no.php.net/manual/en/function.strlen.php\" target=\"_blank\"]http://no.php.net/manual/en/function.strlen.php[/a] [code] $str = 'abcdef'; echo strlen($str); // 6 [/code]

i dont know your approach on this (how your numbers is sendt) but here is something for you to work on. It wouldn't surprice me if there is an easier way though... In this i've assumed that numbers sendt can be any sum of numbers Test it with page.php?n=105 or whatever [code] <? $number = $_GET['n']; settype($number,"integer"); $max = "175"; if(!empty($number)) { if($number > $max) {   print "The number is higher than $max"; } else { if(substr($number, -1, 1)== "0" OR substr($number, -1, 1)== "5") {   print "Approved"; } else {   print "Declined"; } } } else {   print "No number is present";   // note that a single 0 in $number will be seen as no number in this case } ?> [/code]

here is a tutorial on mail --> [a href=\"http://www.phpfreaks.com/tutorials/130/0.php\" target=\"_blank\"]http://www.phpfreaks.com/tutorials/130/0.php[/a] As to the template issue, you can use this to read a php file that again matches your template: [code] ob_start(); require("html_email_generator.php"); $html_email_body = ob_get_contents(); ob_end_clean(); [/code]

target your form to itself set the value of the form elements to contain the respective variable It's many ways of doing this, here is one example [code] $show_form = 1; if(isset($_POST['submit'])) { $show_form = 0; $name = $_POST['name']; if(empty($_POST['name'])) {   print "Name is missing";   $show_form = 1; } else {   // prossess posted name } } if($show_form == 1) { echo <<<__HTML_END <form action="this.php" method="post"> <input type="text" name="name" value="$name" maxlenght="30" /> <input type="submit" name="submit" value="Send Form" /> </form> __HTML_END; } [/code]

you're missing a double quote on the end of your $sql [code] $sql = "CREATE TABLE '$ntable' ( id INT UNSIGNED NOT NULL AUTO_INCREMENT, model VARCHAR(30), date VARCHAR(30), fuel VARCHAR(60), enginecap VARCHAR(30), cylinders VARCHAR(30), valves VARCHAR(30), power VARCHAR(30), torque VARCHAR(30), drivenwheels VARCHAR(30), stdtransmission VARCHAR(60), optstdtransmission VARCHAR(60), bodystyle VARCHAR(30), seatingcap VARCHAR(30), maxspeed VARCHAR(30), 0-60 VARCHAR(30), mpg VARCHAR(30), lenth VARCHAR(30), width VARCHAR(30), height VARCHAR(30), wheelbase VARCHAR(30), kerbweight VARCHAR(30), co2 VARCHAR(30), ukins VARCHAR(30), ncp VARCHAR(30), usncap VARCHAR(30) PRIMARY KEY(id))"; // <---- " was missing ////////////////////////////////////////////////// $do = mysql_query($sql,$con) or die(mysql_error()); if($do) { echo "Table Created!"; } [/code] You should also use $_POST instead of $HTTP_POST_VARS if you are running php 4.1.0 or higher

I dont think it's the template tags itself that is any problem, i do it a similar way myself running PHP5, but it might have to do with how you parse it. Any code posted here would help us help you, if not you will find all the info you need on PHP4->PHP5 upgrade in the [a href=\"http://www.php.net\" target=\"_blank\"]PHP Manual[/a]

puh... boy am i glad for this thread, yes yes yes : click click click - i assume it's the text-links appearing all over the place, least thats what seams to be slowing things up. A real pain.

i find it a bit strange that you don't know this yourself *lol* Frankly, i have no idea, but a quick google matches up with [a href=\"http://www.xaraya.com/documentation/phpxref/nav.html?includes/validations/pre.php.html\" target=\"_blank\"]Xaraya[/a] - but it can ofcourse be alot of script authors naming a file like that.

You also have several errors, like you should put quotes within post arrays, $_POST[[!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--]password[!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--]] and misspelling of mysql_affected_row[!--coloro:#CC0000--][span style=\"color:#CC0000\"][!--/coloro--]s[!--colorc--][/span][!--/colorc--] You also seem to be updating the users profile with a new md5 version of the already stored password, isn't it the two posted matching passwords that is supposed to be the users new password? i've tried to help you out with this snippet, test it and see what u get [code] <?php session_start(); include ("mysqlconnect.php"); if(isset($_POST['submitted'])) { if(!empty($_SESSION['username']) || !empty($_POST['password']) || !empty($_POST['password1']) ||  !empty($_POST['password2']) || !empty($_POST['email'])) { if($_POST['password1'] == $_POST['password2']) { $username = htmlspecialchars($_SESSION['username']); foreach( $_POST as $key => $value ) { ${$key} = htmlspecialchars($value); } $md_pass = md5($password); $sql = mysql_query("SELECT email FROM Member WHERE password = '$md_pass' AND username = '$username' AND email = '$email'"); if(mysql_num_rows($sql<>1)) { // unique user row not found // old password or email is probably incorrect since the // session username is most lightly to be correct when the // user has made it to this page in the first place ??? echo "You have entered some incorrect data and cannot change your password"; } else { $new_md_pass = md5($password1); $sql2 = mysql_query("UPDATE Member SET password = '$new_md_pass' WHERE password = '$md_pass' AND username = '$username' AND email = '$email'"); if(mysql_affected_rows() == 1) { // if password was changed echo "Your password has been updated."; } else { // password was not changed either due to query failure OR user has entered the same password as the one stored echo "Your password was NOT changed."; } } } else { echo "Your new passwords did not match"; } } else { echo "You need to fill in all fields"; } } else { header ("location : profile.php"); exit(); } ?> [/code]