alpine

I would suggest to use the "here document" syntax to output multiple lines with $variable interpolation instead of just echo when printing all this html, that way you can mix html and variables - and this should work even with spaces if it is stored correctly in your table, look it through and try it out: [code] echo <<<__HTML_END <br /><br /> <center><body><table width="700" border="1" cellpadding="2" cellspacing="0">   <tr>     <td width="156">Status:</td>     <td width="530"><form id="form1" name="form1" method="post" action="editcatprocess.php?save=1">     <font color= "green" >Public</font>         <input name="status" type="radio" value="public" />         </label> <label>     <font color="red"> Private </font>      <input name="status" type="radio" value="private" />      <input name="editid2" type="hidden" value="$catid">     </label>     <label>     <label>     <input name="Save1" type="submit" id="Save1" value="Save" />     </label>     </form>     </td>   </tr>   <tr>     <td>Image Name: </td>     <td><form id="form2" name="form2" method="post" action="editcatprocess.php?save=2">       <label>         <input name="imagename" type="text" id="imagename" value="$catname" size="40" maxlength="50">              <input name="editid2" type="hidden" value="$catid">         </label>       <label>       <input name="Save2" type="submit" id="Save2" value="Save">       </label>     </form>     </td>   </tr>   <tr>     <td height="77">Image Description: </td>     <td><form name="imagedescription" method="post" action="editcatprocess.php?save=3">       <label>         <textarea name="imagedescription" cols="50" rows="3" id="imagedescription">'$catdescription'</textarea> </label>       <label>       <input name="imagedescription2" type="submit" id="Save3" value="Save">       </label>            <input name="editid2" type="hidden" value="$catid">     </form>     </td>   </tr> </table></center> __HTML_END; [/code] Just be aware that the ending __HTML_END; or whatever you use must appear on a line with no whitespace in front and just a semicolon in the end. no extra whitespace!

[code] { $name = $_POST['name']; $email = $_POST['email']; $query = "INSERT INTO email_list (name,email) VALUES ('".$name."','".$email."')"; $result = mysql_query($query) or die(mysql_error()); // this performs the actual query. // start visual if($result) { print "This is a message displayed upon query success!"; } else { print "This is a message displayed due to insert failure"; } // end visual } [/code]

you have back-ticked around $email in your query change [code] mysql_query("INSERT INTO `email_list` (name, email) VALUES ('$name', ‘$email’)"); [/code] to [code] mysql_query("INSERT INTO `email_list` (name, email) VALUES ('$name', '$email')"); [/code] and you should be fine...

I changed from require_once to just required as this will require the db file each time the page is reloaded. Also added som headers to your email script and altered a bit on your email parameters, also making it steer clear of most spam filters - ripped this out of my own email function so i havent tested THIS -but it should work. You should also consider making a email function that contains all header info etc. so you wouldn't need to write it all each time you write a email script. Also makes things a lot easier if you ever need to modify. Try this out: [code] <?php require('../Connections/jobs.php'); if(isset($_POST['email'])) { if (!empty($_POST['email'])) { $posted_email = htmlspecialchars($_POST['email']); if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email)) { $st = mysql_query("SELECT email,username,password FROM login WHERE email = '$posted_email'") or die(mysql_error()); $recs = mysql_num_rows($st); $row = mysql_fetch_array($st); $email = $row['email']; if ($recs <> 1) { echo "No unique match found on <b>$email</b> in the database"; } else { // ok - do the email stuff and anything else needed here $user = $row['username']; $pass = $row['password']; $email=$row['email']; // $to = "$email"; $emailFrom = "admin@uspolicejobs.com"; $emailSubject = "Forgotten pw form"; $eol="\r\n"; $headers .= "From: $emailFrom <$emailFrom>".$eol; $headers .= "Reply-To: $emailFrom <$emailFrom>".$eol; $headers .= "Return-Path: $emailFrom <$emailFrom>".$eol; $headers .= "X-Mailer: PHP v".phpversion().$eol; $headers .= "Date: ".date("r").$eol; $headers .= "Message-ID: <".date("YmdHis")."uspolicejobs@".$_SERVER['SERVER_NAME'].">".$eol; $mime_boundary=md5(time()); $headers .= 'MIME-Version: 1.0'.$eol; $headers .= "Content-Type: multipart/related; boundary=\"".$mime_boundary."\"".$eol; $msg = ""; $msg .= "--".$mime_boundary.$eol; $msg .= "Content-Type: text/plain; charset=iso-8859-1".$eol; $msg .= "Content-Transfer-Encoding: 8bit".$eol; $msg2 ="E-MAIL SENT FROM US POLICE JOBS".$eol; $msg2.="Username:\t$user".$eol; $msg2.="Password\t$pass".$eol; $msg .= $eol.$eol.$msg2.$eol.$eol; $msg = wordwrap($msg, 70); if(ini_get('safe_mode')) { mail($to, $emailSubject, $msg, $headers); } else { mail($to, $emailSubject, $msg, $headers, "-f" . $emailFrom); } echo "Cool - <b>$email</b> matched up in the database with username <b>$user</b>!"; } } else { echo "Your email address is not correct"; } } echo "Please fill in your email adress"; } else { // no post detected, show form ?? echo "No posted form detected"; } ?> [/code]

please post your current script again.... (or parts conserned) Have you changed anything in your db connect script ?

Glad it worked, try pulling out the --> require_once('../Connections/jobs.php'); from where i put it and place it on the page top. This should fix your database message. The htmlchars just makes sure no illegal characters is being put inside the query to manipulate the query itself. But i assume it was the missing [!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--] that was the latest actual problem you experienced. The regex is checking emails, i prefer this in a function so i can use it on several pages/scrips when i need to. The <> means different than - you only want to find 1 unique match, everything else is incorrect. And i assume you prevent duplicat email entrys upon users registration ?!

could something like this do for your needs ? [code] <? if($_POST['player1Score'] == $_POST['player2Score']) { die ('Only Completed Matches Count'); } else { if($_POST['player1Score'] > $_POST['player2Score']) { $pWL1 = $win; $pWL2 = $loss; } if($_POST['player1Score'] < $_POST['player2Score']) { $pWL1 == $loss; $pWL2 == $win; } } ?> [/code]

Ok, you still don't use [!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]'[!--colorc--][/span][!--/colorc--] around $email in your query ( '$email' ) I made this for you to test: [code] <?php if(isset($_POST['email'])) { if (!empty($_POST['email'])) { $posted_email = htmlspecialchars($_POST['email']); if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$",$posted_email)) { require_once('../Connections/jobs.php'); $st = mysql_query("SELECT email,username,password FROM login WHERE email = '$posted_email'") or die(mysql_error()); $recs = mysql_num_rows($st); if ($recs <> 1) { echo "No unique match found on <b>$email</b> in the database"; } else { // ok - do the email stuff and anything else needed here $row = mysql_fetch_array($st); $email = $row['email']; $user = $row['username']; $pass = $row['password']; echo "Cool - <b>$email</b> matched up in the database with username <b>$user</b>!"; } } else { echo "Your email address is not correct"; } } echo "Please fill in your email adress"; } else { // no post detected, show form ?? echo "No posted form detected"; } ?> [/code]

ok, what is your current script ?

try this to see if it retrieves any query problems first [code] $st=mysql_query($query) or die(mysql_error()); [/code]

No, you can simply do this: $email = mysql_real_escape_string($_POST['email']);

Personally i awoid using post determination inside querys, i set them once for easy use. I think your problem might be that you missed ' ' [code] $email = $_POST['email']; $query= mysql_query(" SELECT email,username FROM login WHERE email = '$email' "); [/code] If not, try and echo your $post and see if its present and make sure it matches up with a row in your database Also, is there a particular reason to fetch the password from the table?

I suggest looking for url's in the posted variables, this will do: [code] <? $content = $_POST['message_body']; // or whatever $url_match = "^(((http|ftp|https)://)|(www\.))+(([a-zA-Z0-9\._-]+\.[a-zA-Z]{2,6})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(/[a-zA-Z0-9\&%_\./-~-]*)?^"; if (preg_match($url_match, $content)) { echo "A url was found in your post, Not allowed - mission aborted."; exit (); } else { // continue with submission here, no url found } ?> [/code] And to RedAlert, you must post a code in order for anyone to help you out on why it stopped working...

Yeah - right.... Sounds like spam to me - and i get enough of that into my inbox as it is

Such faults are hard to determine, i always send mail with the appropriate final message to the user based on the mail status in the end: [code] $sendmail = mail($to,$subject,$header,"-f",$return); if($sendmail) { header( "Location: $thankyouurl" ); } else { header( "Location: $errorurl" ); } [/code]

<form action="insert.php" method="post"> Title: <input type="text" name="title"><br> Description: <input type="text" name="description"><br> Image: <input type="text" name="image"><br> URL: <input type="text" name="url"><br> <input type="Submit" [!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]name="submitbutton"[!--colorc--][/span][!--/colorc--]> </form> <? [!--coloro:#FF0000--][span style=\"color:#FF0000\"][!--/coloro--]if(isset($_POST['submitbutton'])[!--colorc--][/span][!--/colorc--] { // determine all the post variables and do the query stuff inbetween here } else { print "No post variables present"; } ?>

This code is looking for the text "content-type:" inside any of the posted variables from your form, if it finds it it is most lightly that someone is trying to spam through your script. [code] <?php if (isset($_POST)) { foreach($_POST as $k=>$v) if (stristr(strtolower($v),'content-type:')) { // spam attempt detected, mission aborted exit(); // abort } else { $msg = "My Website Online Contact Submission\n"; $msg .= "Name: $name\n"; $msg .= "Comments: $emailAddress\n\n"; $msg .= "Comments: $phone\n\n"; $msg .= "Comments: $message\n\n"; $to = "me@mydomain.com"; $subject = "CONTACT FROM WEBSITE"; $mailheaders = "From: Website Submission Form <$emailAddress>\n"; $mailheaders .= "Reply-To:$Email_Address <$emailAddress>\n\n"; // Mail to address mail ( $to, $subject, $msg, $mailheaders ); } } ?> [/code]