ignace

$result = mysql_query($query); if (!$result) only tells you the query did not contain any errors. To make sure the query did actually something use: $result = mysql_query($query); if ($result && mysql_affected_rows($result)) Make sure the query was successfull (you need it otherwise the latter will throw an error if didn't) and second make sure it did something (update a table, delete a record, ..)

if (!$y > 100) doesn't work because (i'm not sure tough) ! and > share the same execute rights meaning that !$y is executed first and afterwards $y > 100 thus if $y contains a value > 0 then in the context of !$y will return false afterwards in the context of $y > 100 is $y a boolean used in a integer context boolean to integer returns 0 for false 1 for true thus 1 > 100 will return false if (false) executes else.

Only if you apply salt's (as md5 and sha1 both are proven to be decryptable) and if you perform the encryption on the client-side (altough because of the limited possibilities it's not possible to rely on this functionality) if it passes the wire your a done deal as a man-in-the-middle attack on a none secured line (http) will make it easy for a hacker to just grab the password therefor it's adviced to always use a secured line (https) on pages where sensitivity data resides or is to be modified. A little note: crackers exploit them, hackers just find them. Hacking is a proffesion and thus a 'legal activity' (note the quotes).

The single most important rule is to validate your input use the knowledge you posses about an object and apply it. How long should it be, may it be? What may it contain and what not (are there exceptions) and does it contain anything at all? By using these kind of questions and applying the answers will keep you from doing overtime.

It would help if you would provide when he should use and why

$keys = array_keys($_POST); $values = array_keys($_POST); $messageee .= "\r\n\r\n$dashedline\r\nForm Information:\r\n\r\n" . implode("\r\n", array_walk('fmessage', $keys, $values));

Try the query using a db interface like phpmyadmin or some other interface

Take a look at a post made by pfmabismad http://www.phpfreaks.com/forums/index.php/topic,266252.msg1255800.html#msg1255800

if (!$button) is never true because it's either the value of $_GET['submit'] or the default_value. Use instead: $button = (isset($_GET['submit'])) ? $_GET['submit'] : null; To secure your application validate the input apply what you know for example if search may only contain alphabetic characters use: if (!ctype_alpha($search)) {//invalid does contain characters not found in the alphabet Search must contain a certain length? if (!isset($search[5])) {//invalid must be atleast 6 characters long (strings are zero-based if you wonder why 5)

function send_email($from, $to, $subject, $message){ $headers = "From: ".$from."\r\n"; $headers .= "Reply-To: ".$from."\r\n"; $headers .= "Return-Path: ".$from."\r\n"; $headers .= "Content-type: text/html\r\n"; if (mail($to,$subject,$message,$headers) ) { } else { } } function fmessage($key, $value) { return "$key: $value"; } $messageee = ""; $subject = "Someone has Registered for Distributor Login"; $messageee .= "<html><body>"; $messageee .= "<b>Please inform Daniel.<br></b>"; $messageee .= "<br>"; $messageee .= "<br>Daniel will send an email to user once account is activated.<br>"; $messageee .= "<br>If you need assistance with your login information please contact Daniel Garvin at danielg@fleco.com"; $messageee .= "<br><br>"; $messageee .= "<br>Regards, <br>Texas Fluorescents"; $messageee .= "</body></html>"; $dashedline = str_repeat('-', 70); $messageee .= "\r\n\r\n$dashedline\r\nForm Information:\r\n\r\n" . implode("\r\n", array_walk('fmessage', array_keys($_POST), array_values($_POST))); send_email('no-reply@texasfluorescents.com, danielg@fleco.com', $subject, $messageee);

58a9eeb60f1f6500a93a1bf494dec24c:voc)N in the database is wrong and completly defeats the purpose of hashing.

$narray[$i]=pathinfo($file, PATHINFO_FILENAME);

You can't do: mail($to,$subject,$message,$headers,$repnumber,$fname,$lname,$cname,$phone,$email) The proper syntax is: .. $dashedline = str_repeat('-', 70); $messageee .= "\r\n\r\n$dashedline\r\nForm Information:\r\n\r\n" . implode("\r\n", array_walk('fmessage', array_keys($_POST), array_values($_POST))); send_email('no-reply@texasfluorescents.com, danielg@fleco.com', $subject, $messageee)

$sds = $results["password"]; $sd = explode(":", $sds); $hash = $sd[1]; $pass = "123456"; echo md5($hash.$pass); In order to authenticate someone you need to take the same steps you took when he signed up so if during signup you used: md5($salt . $password) . $salt Then that is the same code you need to use during authentication

$message = implode("\r\n", array_walk('fmessage', array_keys($_POST), array_values($_POST))); print $message; function fmessage($key, $value) { return "$key: $value"; } Outputs something like: username: energysuperstore09 password: energy email_address: energy@superstore.com

Post your code. P.S. It seems PHP is pwning you more then you PHP

You already have that in your code: mail($to,$subject,$message,$headers)

name LIKE '%$systemname%' will match any row that has $systemname in it's name

mail

You don't necessarily need JS you can use CSS also: http://www.dynamicdrive.com/style/csslibrary/item/css-popup-image-viewer/

The first refers to a collection of scripts that work together and allow the user to perform tasks. The latter refers to code that performs one single task (upload an image, authenticate a user, ..) http://symphony-cms.com/ An example of a CMS that uses XML to store data and renders it using XSLT technology.

Thanks! Is this a tool already in PHP5 or something I need to download and install? This is written in PHP5 but does not come with the default php installation. So you need to download the package and add it to your script and afterwards call it more information can be found in the provided manual.

Your select has multiple="multiple" and the PHP adds a selected="selected" to any skill that is in the _POST['skill'] array. So aren't all skills selected? Or do you mean upon you retrieve it from the database? You can pre-fill $_POST['skill']: if (empty($_POST)) {//nothing was yet submitted while ($row = mysql_fetch_assoc($result)) { $_POST['skill'][] = $row['skill_id']; } } else { //form was submitted } //form is underneath this code

http://framework.zend.com/manual/en/zend.form.html and http://framework.zend.com/manual/en/zend.validate.html

You mean an application? or a script?