GingerRobot

The use of $$ is using a variable variable. Its quite hard to explain why to use them and what they do...and i dont quite understand the use of them in your script either.

<?php $string = "www.test.com"; echo substr_replace($string, '', 0,4); ?>

I dont think you dont appear to be insterting a last id, so it wont be able to retrieve one.

You could include a hidden field in your form which includes the current form. You would need to to give a default current form too... if(empty($_POST['currentform'])) { $currentform=1; }else { $currentform = $_POST['currentform']; } then something like: if($currentform == 1){ //show form 1 }elseif($currentform == 2{ //show form 2 } etc. And in your form, put the following hidden field. $newform = $currentform+1; echo "<input type='hidden' name='currentform' value='$newform'>1";

It might be easier to try some basic tutorials first on this site to get to grips with php even if they're not really related to what you are trying to do. Many of the basic concepts will apply and you will find it much easier to think about going about your task with some basic knowledge

This is all does seem kind of pointless though, i mean, if someone wants to go fiddling with the url what do they expect?

[quote author=mmosel link=topic=100025.msg394775#msg394775 date=1152568146] [quote author=GingerRobot link=topic=100025.msg394748#msg394748 date=1152566474] That will only redirect if the forward slash is at the end of the file. [/quote] well given that the code would have to be placed in a file, so the url would have to be something like mydomain.com/category1/category2/file.php / the updated code would work. I realise that, but what if the url looks like: mydomain.com/category1/category2/ I didn't test it, but my guess is that your code wouldn't work here. [/quote]

Just realised, that wouldn't work if the file was in a sub directory, but this would: [code] <?php $self = $_SERVER["PHP_SELF"]; if (eregi('/$',$self)){ $newurl = explode("/",$self); foreach($newurl as $newurl){   if(eregi('[[:alnum:]]\.[[:alnum:]]',$newurl)){     $url = $newurl;     break; } } header("location:$url"); } ?> [/code]

That will only redirect if the forward slash is at the end of the file.

use the function nl2br() on the text from your database.

seems a little pointless, but: [code] <?php $self = $_SERVER["PHP_SELF"]; if (eregi('/$',$self)){ $newurl = explode("/",$self); $newurl = $newurl[1]; header("location:$newurl"); } ?> [/code]

I could be wrong, but even with sessions this still could be exploited. For instance, say your person opens the page with the form on in one window. The session will be created. They then modify the source of the form in another, and link to your validation. The session will exist so the modified form will be checked.

Another way would be to store all the emails in an array,  then use the array_unique() function to remove duplicate entries. You could then send an email to each of those.

Basically, the only way to make form data 100% reliable is to thoroughly check it. Although http_reffer could be used, it will cause problems as some firewalls prevent if from being sent and browsers can be configured so that it is not sent. It can also be faked.

[code] <?php while($row = mysql_fetch_array($result) { //rest of your code - access database values in the same way. } ?> [/code]

I could be wrong, but im guessing that this is all to do with register_globals... if you have a form with a text field such as: <input type="text" name="firstname"> with register_globals on you could access the value from the field simply by using $firstname - the firstname variable has automatically been created. With register_globals off, you would have to use the $_POST array: $firstname = $_POST[firstname;

It looks to me like this line: $filename = "UploadForm/" . $_POST['id'] . ".csv"; is your problem. It seems $_POST['id'] contains nothing so your filename becomes Uploadform/.csv which does not exist so you cant open the file, and therefore cant close it for the 2nd, whilst the header error is probably due to the other errors. try echoing $_POST['id'] just before and see what it contains.

Ah ok, i think i see what you mean having just created a table with 3 fields and got the following output from printing the array from mysql_fetch_array: Array ( [0] => 0 [id] => 0 [1] => bob [first] => bob [2] => jones [last] => jones ) So basically if you use mysql_fetch_array() rather than mysql_fetch_assoc() the array will contain twice as many items. I thought perhaps it was being clever and somehow had two keys for each value. Thanks for your help

Umm, i was wondering what the differance between mysql_fetch_array and mysql_fetch_assoc is and was looking it up on the manual...it says that with assoc() you just get the assoicative indices, but with array() it provides it with both associative and numerical. No particular problem, but im wondering what the point of having both is? Is one more efficient? Should one be used instead of the other in certain situations? It seems to be that assoc() is basically pointless a using array() does all it does and more, but does that make it slower?

[quote] Parse error: syntax error, unexpected T_STRING in /*/*/*/library/db.php on line 5 [/quote] Well the error says it is in db.php, so we are going to need to see that.

Not sure about your problem, but you could always run a file with just the phpinfo() function to double check that the GD library is installed.

Im pretty sure you can you substr_replace: $var = "1234678"; echo substr_replace($var,'5',4,0); That would then output 12345678

so you want to redirect someone to a new page after sign in? header("location:members.php");

It looks like it shouln't be a problem as you are checking when the message is sent, but its probably safer to use the 2nd anyway.

http://uk.php.net/include/ [quote] When a file is included, parsing drops out of PHP mode and into HTML mode at the beginning of the target file, and resumes again at the end. For this reason, any code inside the target file which should be executed as PHP code must be enclosed within valid PHP start and end tags. [/quote]