ignace

$adebt=($adue-$apaid)== mysql_real_escape_string($_POST['adebt']); After this $adebt==false; as $_POST['adebt'] != $adue-$apaid So it's $adebt = mysql_real_escape_string($_POST['adebt']); $adebt = $adue - $apaid; As you saw nothing that tells me you used varchar or something for your integer fields otherwise you would have got 0 However this makes no sense at all?!?

You get this error because of the function clean() remove $db as a second parameter for mysql_real_escape_string and you should be fine. [ot]What is the default value for a resource?[/ot]

window.onbeforeunload = updateRecord_onWindowClose; // OR window.onunload = updateRecord_onWindowClose;

This code is find all you need to change is: mail($to, .. to mail(implode(',', $to), ..

he means that you should validate your code prior to using them for example: ?value=1 (-> $_GET['value'] == 1) WHERE value = $_GET['value'] (-> WHERE value = '1') ?value=';DROP TABLE yourtable;-- (-> $_GET['value'] == ';DROP TABLE yourtable;--) WHERE value = '$_GET['value']' (-> WHERE value = ''; DROP TABLE yourtable;--') After that user you have a table missing Atleast if the MySQL PHP extension would allow it.

Not to mention you only need to change one line if you ever want to switch stylesheets

Sure there is but you need to give us something more to work with like where come these questions and answers from?

1. Many days of planning (combined: go Agile!!) (Project Analysis & -Design) Frontend (HTML, CSS, JS): sitemap, wireframe, card sorting, color theory, .. Backend (PHP): domain model, class diagram, use-cases, .. 2. development-, testing-, staging- & production (=live) server development: realm for "hackers" testing: realm for testers staging: realm for annoying clients production: realm for screw-ups 3. Subversion, GIT, CSV, Mercurial, .. distributed or centralized?!? Do you want fries with that? 4. apply Test-Driven Development (TDD) and use a Continuous Integration (CI) server PHPUnit & Selenium, PHPUnderControl Those are a few of the topics you would get thrown at you if you would work in a company that produces enterprise software

Open your editor search for name="pick1 and replace it with class="pick1" name="pick1 do this also for pick2 and pick3 Now using JavaScript: function checkSets() { var check1 = document.getElementsByClassName('check1'); var check2 = document.getElementsByClassName('check2'); var check3 = document.getElementsByClassName('check3'); var check4 = document.getElementsByClassName('check4'); var check5 = document.getElementsByClassName('check5'); var check6 = document.getElementsByClassName('check6'); return checkSubSet(check1) && checkSubSet(check2) && checkSubSet(check3) && checkSubSet(check4) && checkSubSet(check5) && checkSubSet(check6); } function checkSubSet(subSet) { var oneOfSubSetIsChecked = false; for (var i = 0; i < subSet.length; ++i) { if (subSet[i].getAttribute('checked') == true) { oneOfSubSetIsChecked = true; break; } } return oneOfSubSetIsChecked; } This will go over each set and make sure atleast one is checked. Use as: <script type="text/javascript"> function checkForm_onSubmit() { if (!checkSets()) { window.alert('Make sure that atleast each set has an answer checked.'); return false; } return true; } </script> <form onsubmit="return checkForm_onSubmit();" ..

update `users` set `gold`=? and `".$item."`=?where `id`=? should be update `users` set `gold`=? and `".$item."`=? where `id`=?

I am the only one not blind? $db->execute("update `users` set `gold`=? where `id`=?", array($id, $gold1 + $gold2)) should be: $db->execute("update `users` set `gold`=? where `id`=?", array($gold1 + $gold2, $id))

Simple: if !empty($_GET['user_id']) && is_numeric($_GET['user_id']) then delete from table where user_id = $_GET['user_id'];

You can also just do: $_POST = array_map('mysql_real_escape_string', $_POST); Which will apply mysql_real_escape_string to each value.

If you want a custom license you will either have to write it yourself (based on a template) or let someone write it for you. You can not opt for an open-source license as Is the first rule of Open-Source

Select one of those 10 websites which will become the base for authentication it's best to select the one with the easiest/best coding as you will have to make some adjustments so that all websites authenticate with the same database. Research how each application identifies a user as logged-in and make sure your modifications match this.

You are referring to server-driven content negotiation and if your server supports it (and most do) you should already be able to use it.

Select one of the 3 websites as your base and authorize all users against the base database.

If your query looks like this then you'll get 2 as a result and not 1,2 therefor use staff_1=1&staff_2=2

I think you forgot to add $user_id = $_GET['user_id']; in the delete.php file I also took the liberty to cleanup your code and give you an example how clean code will help you in your endeavors <?php //ini_set("display_errors","1"); //ERROR_REPORTING(E_ALL); function my_error_handler($errno, $errstr, $errfile, $errline, array $errcontext = array()) { die($errstr); } set_error_handler('my_error_handler'); session_start(); $con = mysql_connect("localhost", "username", "pw") or trigger_error('Could not connect: ' . mysql_error()); mysql_select_db("DBName", $con) or trigger_error(mysql_error()); class EmptyCredentialsException extends Exception {} class InvalidCredentialsException extends Exception {} // Same checking stuff all over again. function clean($value, $db = null) { $value = strip_tags($value); $value = htmlentities($value); $temp = @mysql_real_escape_string($value, $db) ? $value = $temp : $value = addslashes($value); return $value; } function login($username, $password, $db = null) { if (empty($username) || empty($password)) { throw new EmptyCredentialsException(); } $username = clean($username, $db); $pwid = clean($password, $db); $pwid = intval($pwid); $query = "SELECT name, username FROM Caris_roster_March2010 WHERE pwid = MD5('$pwid') AND username = '$username'"; $result = mysql_query($query, $db); if ($result && mysql_num_rows($result)) { $user = mysql_fetch_assoc($result); user_update(array('login_timestamp' => time()), $username, $db); session_regenerate_id(); $meta_data = array('ip' => $_SERVER['REMOTE_ADDR'], 'browser' => $_SEVER['HTTP_USER_AGENT']); session_store($user + $meta_data); return true; } throw new InvalidCredentialsException(); } function user_update($data, $username, $db = null) { $query = 'UPDATE Caris_roster_March2010 SET '; $data = array_map('user_update_callback', $data, array_keys($data)); $query = $query . implode(', ', $data); $query = "$query WHERE username = '$username'"; $result = mysql_query($query, $db) or trigger_error(mysql_error()); return $result && mysql_affected_rows($result); } function user_update_callback($value, $key) { return "$key = '{clean($value)}'"; } function session_is_auth() { return (isset($_SESSION['ip']) && isset($_SESSION['browser'])) && (($_SESSION['ip'] === $_SERVER['REMOTE_ADDR']) && ($_SESSION['browser'] === $_SERVER['HTTP_USER_AGENT'])); } function session_store($data) { $_SESSION = array_merge($_SESSION, $user); } if (isset($_POST['submit'])) { try { login($_POST['username'], $_POST['pwid']); } catch (EmptyCredentialsException $e) { echo "<h2 class='fail'>Please fill in both your username and password to access your exam results.<br />", "<br >You will be redirected back to the login screen in five seconds.</h2>"; echo "<meta http-equiv='refresh' content='5; url=StudentLogin.php'>"; exit; } catch (InvalidCredentialsException $e) { echo "<h2 class='fail'>You have entered a username or password that does not match our database records.", " please try again.<br><br>You will be redirected back to the login screen in five seconds.</h2> "; echo "<meta http-equiv='refresh' content='5; url=StudentLogin.php'>"; exit(); } } // Start a session. If not logged in will be redirected back to login screen. if (!session_is_auth()) { header("Location:StudentLogin.php"); exit; } echo "<table id='header'><tr><td><img src='Caris-Life-Sciences-Logo_small.png' /></td><td align='middle'><div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3></td></tr>"; echo "<tr><td><a class='logout' href='LogoutStudent.php'>Logout</a></td></tr></table>"; $user_id = $_GET['user_id']; //DELETE QUERY TO SELECT RECORD TO DELTE BASED ON LOGIN INFO. $query_delete = "DELETE FROM Caris_log_March2010 WHERE user_id = $user_id AND Caris_roster_March2010.user_id = $user_id"; //echo $query; //for debugging test $result_delete = mysql_query($query_delete) or die(mysql_error()); ?>

WHERE promotions.expiry > now() Returns all promotions that are set to expire in the future

In order for us to help you you should be more clear in what you want to achieve. Like what data do you want to pull from the database and what is it for?

It may help explaining what you want to query? You may for example use a query like: SELECT checkin, nights, totalprice FROM booking b JOIN customer c USING customerID WHERE c.name = 'John' AND day(checkin) = day(CURRENT_DATE); To query all checkin's for today under the name John Ofcourse the queries entirely depend on your business requirements/rules

For portability reasons it is highly discouraged to replace functions with your own baked (untested) functions instead try namespacing your own functions like my_* or something

SELECT field, field, .. FROM table WHERE field = value ORDER BY id DESC LIMIT 10

Post your code we can not help you otherwise