bluebyyou

made that change, still having the same problem

Thats alot of code, but I think it is possible that $_SESSION['login_id'] is getting unset somewhere. Or you have a conflict with $_SESSION variable names.

Do you have any code to start with, are you already able to upload images?

4.1.22

Did you notice that your second comment does not show up when the page is reloaded or refreshed? Yes it is on pic.php Here is the whole thing (pic.php) if that helps <?php session_start(); // START SESSION (MUST BE FIRST ON EVERY PAGE) include("header.php"); include("db_connect.php"); $strippicid = stripslashes(strip_tags($_GET['id'])); $getid = mysql_real_escape_string($strippicid); $query2 = "SELECT * FROM pic WHERE pictureid = '$getid'"; query_db2($query2); $row2 = mysql_fetch_array($result2); extract($row2); ?> <div id="gallerynav"> <a href="gallery.php"> Go back to the gallery </a> </div> <div id="gallery"> <div id="galfloatleft"> <h2><?php if ($picturetitle == ""){ echo "Untitled"; } else {echo $picturetitle;} ?></h2> </div> <div id="galfloatright"> <br> <a href="#">Prev</a> | <a href="#">Next</a> </div> </div> <div id="gallerynav"> <?php $query = "SELECT * FROM member WHERE memberid = '$pictureuserid'"; query_db($query); $row = mysql_fetch_array($result); extract($row); $timestamp = strtotime($picturedate); $format_date = date("F n",$timestamp); ?> <center> <table> <tr><td align="right">Photographer:</td><td align="left"><?php echo $fname." ".$lname; ?></td></tr> <tr><td align="right">Year:</td><td align="left"><?php echo $pictureyear; ?></td></tr> <tr><td align="right">Day:</td><td align="left"><?php echo $pictureday; ?></td></tr> <tr><td align="right">Date:</td><td align="left"><?php echo $format_date; ?></td></tr> <tr><td align="right">Location:</td><td align="left"><?php echo $picturelocation; ?></td></tr> <?php if ($picturetag != "") { $query = "SELECT * FROM member"; query_db($query); $row = mysql_fetch_array($result); ?> <tr><td colspan="2" align="center"><br /></td></tr> <tr><td colspan="2" align="center">In this photo:</td></tr> <tr><td colspan="2" align="center"> <?php $array = explode(",",$picturetag); foreach ($array as $name) { if (in_array($name,$row)) { $query2 = "SELECT fname,lname FROM member WHERE memberid = $name"; query_db2($query2); $row2 = mysql_fetch_array($result2); echo "<a href='profile.php?id=$name'>$row2[0] $row2[1]</a><br />"; } } }?> </td></tr> </table> </center> </div> <div id="gallery"> <img id="larger" src="<?php echo "uploads/$picturefile"; ?>"> </div> <? if ($_SESSION['auth'] == "yes"){ $randnum = rand(0,99999); ?> <div id="gallery"> <h3>Add a comment:</h3> <form name="addcomment" method="post" action="comment_action.php"> <input type="hidden" name="randnum" value="<?php echo $randnum; ?>"> <input type="hidden" name="picid" value="<?php echo $pictureid; ?>"> <input type="hidden" name="posterid" value="<?php echo $_SESSION['user']; ?>"> <input type="hidden" name="postername" value="<?php echo $_SESSION['fname']." ".$_SESSION['lname']; ?>"> <textarea name="text" cols="49" rows="4"></textarea><br><br> <input name="submitcomment" type="submit" value="submit"><br><br> </form> </div> <?php } ?> <?php $maxcomments = 6; if ($_GET['show'] == 1){$query = "SELECT * FROM piccomment WHERE picid = '$pictureid' ORDER BY commentdatetime DESC ";} if ($_GET['show'] != 1) {$query = "SELECT * FROM piccomment WHERE picid = '$pictureid' ORDER BY commentdatetime DESC LIMIT 7 ";} query_db($query); $num = mysql_num_rows($result); if ($num > 0){ ?> <div id="gallery"> <div id="galfloatleft"><h2>Comments</h2></div> <div id="galfloatright"> <?php if ($_GET['show'] != "1"){?> <br /><a href="<?php echo $_SERVER['PHP_SELF']; ?>?id=<?php echo $pictureid; ?>&show=1">View All</a> <?php }else{ echo "&nbsp";}?> </div> <?php while ($row = mysql_fetch_array($result)) { extract($row); $timestamp = strtotime($commentdatetime); $showdate = date('F j', $timestamp); $showtime = date('g:i a', $timestamp); ?> <div id="comment"> <div id="commentpic"><img src="images/nopic.gif"></div> <div id='commenttext'> <h4><a href="profile.php?id=<?php echo $posterid; ?>"><?php echo $postername; ?></a> wrote: (on <?php echo $showdate; ?> at <?php echo $showtime; ?> )</h4> <p><?php echo $comment; ?></p> </div> </div> <?php } ?> </div> <?php } ?> <?php include("footer.php"); ?>

It must be showing much darker on your monitor, Im still working on the design, I will keep that in mind before I open it up to people. Were you able to find the login form?

Oh im sorry, its on the top right on the index page with a right pointing arrow next to it.

Well I definately got logget out when trying to add a property. Please post your code for add_property.php

PM sent, go to gallery, then click on a picture. You will be able to see and add comments there.

I dont seem to get logged out. Did you say it was a "payment information" page? I cant find that.

Yes I did, sorry I put it in an edit.

yeah, there definately is a PK and I just tried that, It works the same without the 0 as well.

I will post some of it, the whole page is kind of messy The form... <form name="addcomment" method="post" action="comment_action.php"> <input type="hidden" name="randnum" value="<?php echo $randnum; ?>"> <input type="hidden" name="picid" value="<?php echo $pictureid; ?>"> <input type="hidden" name="posterid" value="<?php echo $_SESSION['user']; ?>"> <input type="hidden" name="postername" value="<?php echo $_SESSION['fname']." ".$_SESSION['lname']; ?>"> <textarea name="text" cols="49" rows="4"></textarea><br><br> <input name="submitcomment" type="submit" value="submit"><br><br> </form> comment_action.php <?php include("db_connect.php"); $striptext = stripslashes(strip_tags($_POST['text'])); $finaltext = mysql_real_escape_string($striptext); $now = date("Y-m-d H:i:s"); $query = "INSERT INTO piccomment (picid,posterid,commentdatetime,postername,comment) VALUES ('$_POST[picid]','$_SESSION[user]','$now','$_POST[postername]','$finaltext')"; query_db($query); $getid = $_POST['picid']; header("location:pic.php?id=$getid"); ?> and heres the query that grabs from the db $query = "SELECT * FROM piccomment WHERE picid = '$pictureid' ORDER BY commentdatetime DESC LIMIT 0,7 "; If the whole page would be more helpful let me know.

that userid and password arent working for me

I am having trouble on my photo gallery. Users have the ability to comment on a picture. That works fine, the info is put into the DB no problem. however when the page is reloaded or refreshed the last entry does not show up until another comment is made, at which point the newest comment still doesnt show up. I am not ready to just give out a password for everyone to try it to help me trouble shoot(site not secure at all yet). So I would like to PM someone a username and password. Let me know if you would like to. (preferably someone with quite a few stars under thier name).

It definately works, I went to it and there was no style on it, then I submitted my post and then there was style..Were you working on it at that moment? Anyways the colors are very nice, so are the transparent boxes. The little circle buttons are nice looking, but are kind of unclear as to what they do.

It is definately an improvement. The text on your buttons are kind of pixelated, you might want to make those clearer. the buttons also expand a slight bit when they are clicked, making them not line up. Also your fonts are not consistent throughout the design. Also the copyright text at the bottom is kind of cramped inside the red bar. Dont worry too much about not being a graphics person, form usually follows function. Have you ever thought of trying to find someone that is a graphics person to work with? There are plenty of people who are, who arent html/php people.

you dont have to rub it in

try this: echo $min_num, $max_num, $guesses; The single quote for a strings means echo litteraly what is inside, even if it is a variable name. read up on it here: http://www.php.net/types.string

You dont need the single quotes. With the single quotes you are puting the $_POST variables in as strings. $min_num=$_POST['min_num']; $max_num=$_POST['max_num']; $guesses=$_POST['guesses'];

Post your code please.

damn, thank you

I think I have gotten everything else on the page working now im just having trouble formating the mysql injection prevention stuff, what am I doing wrong there? //RELOAD PAGE WITH THE PICTURE ID SENT FROM THE COMMENT FORM $srippicid = stripslashes(strip_tags($_POST['picid'])); //not workig $escapepicid = mysql_real_escape_string($strippicid); //not working $query2 = "SELECT * FROM pic WHERE pictureid = '$escapepicid'"; //not working query_db2($query2); $row2 = mysql_fetch_array($result2); extract($row2); } else { //LOAD PAGE WITH PICTURE ID FROM GALLERY PAGE $srippicid = stripslashes(strip_tags($_GET['id'])); //not working $escapepicid = mysql_real_escape_string($strippicid); //not working $query2 = "SELECT * FROM pic WHERE pictureid = '$_GET[id]'"; //WORKING!! query_db2($query2); $row2 = mysql_fetch_array($result2); extract($row2);

I added in mysql_real_escape_string() and am still getting "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1" however, when I submit the form once it works, the second time I try is when i get the error. So it looks like might not be a problem with my query.. I am going to post my code, it is kind of confusing and is mostly uncommented so I hope someone can help me make sense of it. I Commented where I thought the problem was. http://www.wiuartinny.com/pic.php?id=38 << You can see the page here(except the comment form because thats for logged in users only) <?php session_start(); // START SESSION (MUST BE FIRST ON EVERY PAGE) include("header.php"); include("db_connect.php"); if (isset($_POST['submitcomment'])) // CHECK IF COMMENT WAS SUBMITTED { //IF COMMENT SUBMITTED INSERT INTO DATABASE $newtext = stripslashes(strip_tags($_POST['text'])); $finaltext = mysql_real_escape_string($newtext); //HERE IS WHERE I THOUGHT THE PROBLEM WAS $query = "INSERT INTO piccomment (picid,posterid,postername,comment) VALUES ('$_POST[picid]','$_SESSION[user]','$_POST[postername]','$finaltext')"; query_db($query); //RELOAD PAGE WITH THE PICTURE ID SENT FROM THE COMMENT FORM $query2 = "SELECT * FROM pic WHERE pictureid = $_POST[picid]"; query_db($query2); unset($_POST); //ADDED IN TO TRY AND FIX PROBLEM(NOT DOING IT) } else { //LOAD PAGE WITH PICTURE ID FROM GALLERY PAGE $query2 = "SELECT * FROM pic WHERE pictureid = $_GET[id]"; query_db($query2); } $row = mysql_fetch_array($result); extract($row); ?> <div id="gallerynav"> <a href="gallery.php"> Go back to the gallery </a> </div> <div id="gallery"> <div id="galfloatleft"> <h2><?php if ($picturetitle == ""){ echo "Untitled"; } else {echo $picturetitle;} ?></h2> </div> <div id="galfloatright"> <br> <a href="#">Prev</a> | <a href="#">Next</a> </div> </div> <div id="gallerynav"> <?php $query = "SELECT * FROM member WHERE memberid = $pictureuserid"; query_db($query); $row = mysql_fetch_array($result); extract($row); $timestamp = strtotime($picturedate); $format_date = date("F n",$timestamp); ?> <center> <table> <tr><td align="right">Photographer:</td><td align="left"><?php echo $fname." ".$lname; ?></td></tr> <tr><td align="right">Year:</td><td align="left"><?php echo $pictureyear; ?></td></tr> <tr><td align="right">Day:</td><td align="left"><?php echo $pictureday; ?></td></tr> <tr><td align="right">Date:</td><td align="left"><?php echo $format_date; ?></td></tr> <tr><td align="right">Location:</td><td align="left"><?php echo $picturelocation; ?></td></tr> <?php if ($picturetag != "") { $query = "SELECT * FROM member"; query_db($query); $row = mysql_fetch_array($result); ?> <tr><td colspan="2" align="center"><br /></td></tr> <tr><td colspan="2" align="center">In this photo:</td></tr> <tr><td colspan="2" align="center"> <?php $array = explode(",",$picturetag); foreach ($array as $name) { if (in_array($name,$row)) { $query2 = "SELECT fname,lname FROM member WHERE memberid = $name"; query_db2($query2); $row2 = mysql_fetch_array($result2); echo "<a href='profile.php?id=$name'>$row2[0] $row2[1]</a><br />"; } } }?> </td></tr> </table> </center> </div> <div id="gallery"> <img id="larger" src="<?php echo "uploads/$picturefile"; ?>"> </div> <? if ($_SESSION['auth'] == "yes"){ ?> <div id="gallery"> <h3>Add a comment:</h3> <form name="addcomment" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input type="hidden" name="picid" value="<?php echo $id; ?>"> <input type="hidden" name="posterid" value="<?php echo $_SESSION['user']; ?>"> <input type="hidden" name="postername" value="<?php echo $_SESSION['fname']." ".$_SESSION['lname']; ?>"> <textarea name="text" cols="49" rows="4"></textarea><br><br> <input name="submitcomment" type="submit" value="submit"><br><br> </form> </div> <?php } ?> <?php $query = "SELECT * FROM piccomment WHERE picid = $pictureid"; query_db($query); $num = mysql_num_rows($result); if ($num > 0){ ?> <div id="gallery"> <h2>Comments</h2> <?php while ($row = mysql_fetch_array($result)) { extract($row); ?> <div id="comment"> <div id="commentpic"><img src="images/nopic.gif"></div> <div id='commenttext'> <h4><a href="profile.php?id=<?php echo $posterid; ?>"><?php echo $postername; ?></a> wrote:</h4> <p><?php echo $comment; ?></p> </div> </div> <?php } ?> </div> <?php } ?> <?php include("footer.php"); ?>

you dont need the second if after your elseif so.. if (($date >= 070516) AND ($date <= 070715)) { echo "..."; } elseif (($date >= 070716) AND ($date <= 070915)) { echo "..."; } else { ... }