hitman6003

Change: [code]header ("upload2.php");[/code] to [code]header ("Location: upload2.php");[/code]

Try this: [code]<?php if($action == "delete") { $data = file('news.txt'); $id = $_GET['id']; unset($data[$id]); $open = fopen("news.txt", 'w'); fwrite($open, implode("", $data)); fclose($open); } $data = file('news.txt'); foreach($data as $key => $element) {     $element = trim($element);     $pieces = explode("|", $element); echo ' <table align="center" cellspacing="0" cellpadding="3px" width="50%" style="border: 1px solid black;"> <tr> <td class="tablehead" cellpadding="0">' . $pieces[3] . ' <div align="right"><a href="' . $PHP_SELF . '?action=delete&id=' . $key . '">Delete</a>&nbsp;</div> </td> </tr> <tr> <td class="news" align="left">' . stripslashes($pieces[2]) . '</td> </tr> <tr> <td class="tablehead3" align="right"><b>Posted by  <a href="">' . $pieces[1] . '</a>  on  ' . $pieces[0] . '  </b>&nbsp;</td> </tr> </table> <br /><br />'; } ?>[/code] I didn't notice you didn't have an id field, you were using the position in the array.

[code]if($action == "delete") {         $data = file('news.txt');         //this next line will remove the single news item from the array         array_splice($data,$id,1);         $fp = fopen('news.txt','w');         foreach($data as $element) {             fwrite($fp, $element);         }         fclose($fp);            echo '<font face="verdana" size="1px" color="red">*Item Deleted<br /></font>' . "\n";    include 'news.php';     }[/code] Should be: [code]if($action == "delete") { $data = file('news.txt'); foreach ($data as $line) { $line = explode("|",$line); if ($line[0] != $_GET['id']) { $newfile[] = implode("|",$line); } } $open = fopen("news.txt", 'w'); fwrite($open, implode("", $newfile)); fclose($open); }[/code] You also never stated what exactly the problem was...just what you wanted to do.

You are probably missing one at the end of that same statement then... mysql_query("INSERT INTO ... " .$aprid. "')");

header('location: loginpage.php');

You are missing a double quote after mysql_query( and before INSERT INTO mysql_query("INSERT IN

[quote]also when posting a thread i could make it so it checks for <script> and uses str_replace to replace it to '' couldn't I?[/quote] Yep.

[quote]I have to catch it with the mail server (POP or SMTP)[/quote] You would have to have a mailbox set up for each one that would be checked by your script...or set up address forwarding on your mail host.

As far as zipping the file you may want to use a script like this: http://www.phpclasses.org/browse/package/2088.html Offering the file for a download is as easy as changing the headers to send the file rather than display it: [code] header("Content-length: $size"); header("Content-type: $type"); header("Content-Disposition: attachment; filename=$name"); echo $content; [/code] Where size, type, name, and contents should be fairly obvious.

Any syntax that would create an error in a mysql query is escaped...i.e. a string like "it's a boy" would become "it\'s a boy".  If you want to ensure that the <script> stuff doesn't get put in, then use strip_tags as was suggested above. I don't see any of your fields above where that should be a problem...you should be limiting all of them to a max length of 20 or so...no reason to go above that...just <script></script> is 17 chars...which leaves 3 for them to insert some form of malacious code.

Either your mysql_connect is failing, or your database is failing to connect.  Seperate the query line into two statements, and add a mysql_error to the query: [code]$result = mysql_query($query) or die(mysql_error()); $data = mysql_fetch_row($result);[/code]

Probably, but not easily.  You would have to have a cron script that would check the anon....@domain.com email boxes, and forward them out to the real addresses.

Use addslashes (http://www.php.net/addslashes) or mysql_real_escape_string (http://www.php.net/mysql_real_escape_string): [code] $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $cpassword = mysql_real_escape_string($_POST['cpassword']; $email = mysql_real_escape_string($_POST['email']; $website = mysql_real_escape_string($_POST['website']); $icq = mysql_real_escape_string($_POST['icq']); $aim = mysql_real_escape_string($_POST['aim']); $msn = mysql_real_escape_string($_POST['msn']); $yim = mysql_real_escape_string($_POST['yim']); $location = mysql_real_escape_string($_POST['location']); [/code] Be aware that you must have an open mysql connection to use mysql_real_escape_string. If there is something about the functions that you don't understand, then ask and someone will help.

If you are talking about an actual email box, then you would have to set it up through your host using mail forwarding. However, you can create a contact form using html/php and never reveal the person's email address.

Create an array with the file types, then use the in_array (http://www.php.net/in_array) function to determine if it is one of the accepted ones. [code] $filetypes = array('application/x-shockwave-flash', 'another','another','another', etc...); ..... elseif (!in_array($_FILES['file']['type'], $filetypes) {   echo "error....";] } [/code] EDIT: hvle beat me to it

change: [code]$handle = fopen("data.csv","wb");[/code] to [code]$handle = fopen("./subfolder/data.csv","wb");[/code]

Result is the result of the query.  When you establish the connection to the database it should be assigned to a variable: [code]$connection = mysql_connect(...);[/code] The $connection is what you want to supply to the function.

with the exception of this: [code] if ($email == $password) {[/code] I don't see why your solution wouldn't work redarrow.  I'm still missing why the password and email should be equal to eachother?

You could use an iframe, although that would not always be ideal depending on the version of the user's browser. The only thing I can think would be if there is a common page that works as the template for the third party software you could modify it to show your site's template. ...or frames, but I hate frames.

Either: [code]echo "<div class=\"menutitle\" onclick=\"SwitchMenu('sub1')\">Site Menu</div>";[/code] or [code]echo '<div class="menutitle" onclick="SwitchMenu(\'sub1\')">Site Menu</div>';[/code]

You probably want to do a mysql_real_escape_string on $email before you use it in your select statement. This: [code]if ($row) { $row['pass']; $row['email']; $row['client_id']; } else {[/code] doesn't make sense.  Assign them to variables or don't use them.  If you are only wanting to check to make sure that person's email address in in the db, do a mysql_num_rows on $result and make sure it equals 1. This: [code]if ($email == $row['pass']) {[/code] also doesn't make sense...why would their password and email address be the same?  Shouldn't that be row['email']? Why is there an exit() here: [code]echo '<p>Your password has been changed. An email has been sent to your account.</p>'; exit();[/code] That causes the rest of your script to not execute when the if statement above it returns true...which it should...which means no email is being sent.

[code][code]It just occurred to me that you should be using an update query, not an insert query: [/code]UPDATE tblPeople SET fldExpiryDate = '$expires' WHERE fldTransActionNumber = '$transNum';[/code] Sorry, missed that on the first read through.

Why not use the GET method to pass the variable to the next page? You may also want to put the username in quotes when you call the js function: [code]echo "<a href=\"javascript:getuser('$row->user')\">$row->user</a> Genre of choice: $row->genre <br />";[/code]

Don't use single quotes(') around the field name...use back tics(`)...which is usually the button above the tab.

I think this will work: [code]SELECT count(scm_gender) as total, count(scm_gender = 'male') as Male, count(scm_gender = 'female') as Female FROM sc_member;[/code] But I haven't tested it. EDIT:  I don't think it'll work, I tried it on a table I have in my db and it did not.