ignace

This can be done using either Ajax or plain php (with a page refresh): Plain php approach: $query = 'SELECT * FROM make_models ..'; $result = mysql_query($query, $db); while ($row = mysql_fetch_assoc($result)) { print $row['make_model']; } if (!empty($_POST)) { $make_model = $_POST['make_model']; $query = 'SELECT ...'; $result = mysql_query($query, $db); while ($row = mysql_fetch_assoc($result)) { print $result['year']; } } if (!empty($_POST['make_model']) && !empty($_POST['year'])) { //.. } I'm not an javascript expert so maybe someone else can.

You need to modify Zend_Session: Zend_Session::rememberMe(86400); // must be called before session start $auth = Zend_Auth::getInstance(); // call's session_start if not yet started

Could you please post your db scheme instead you clearly have a cartesian problem

Your lode is ambiguous it exists 5 times. SELECT * FROM monday m, tuesday t, wednesday w, thursday th, friday f WHERE m.lode='7' OR t.lode='7' OR ..

This should be a .php page if it contains php code or it won't get executed: include ("families.html");

yes. but since the questions are constantly being updated, i need to random pick a winner for every single questions. take it like a lucky draw, you take part in a lucky draw and then the winner is randomly picked out. then the admin submits new questions for a new lucky draw, and another winner is randomly picked out. right now, the correct responses for all the lucky draws are in one single table, which makes it hard to random out the winner for the different lucky draws. So you want to pick a winner for each quiz: SELECT * FROM quiz_correct_response WHERE quiz_id = $id ORDER BY rand() LIMIT 1

Ok fair enough. Then tell me the security risks of this one: <input type="hidden" name="checkboxName" value="something"> <input type="checkbox" name="checkboxName" value="something_else"> $checkboxName = perform_validation($_POST['checkboxName']); And how this one is not affected: <input type="checkbox" name="checkboxName" value="something_else"> $checkboxName = $_POST['checkboxName'] ? 'something_else' : 'something'; $checkboxName = perform_validation($checkboxName); In my opinion: $checkboxName = $_POST['checkboxName'] ? 'something_else' : 'something'; I can pass anything that php evaluates to true or anything php evaluates to false while not getting any form errors. While my method will make sure that the entered data is valid. You are a really respected member of this community and I am really interested in hearing your arguments.

SELECT * FROM quiz_correct_response ORDER BY rand() LIMIT 1

That is correct and this is submitted to your website through a form which is passed through POST stored in the database and viewed by unknown users (if these users are authenticated then it is possible to steal their session to impersonate them, even administratives). Ofcourse if you don't have any form on your website (which is unlikely) you should be safe. So cleaning GET only won't suffice. You don't want visitors to know this.. Use a combination of set_error_handler() and trigger_error() or error_log() These are influenced by the display_errors directive, die() is not. or die ("Could not connect to database"); performing strip_tags() on globals will completly disallow submitting html however it is still possible (i think) if using encoding. This is an example of no proper programming: if (is_numeric($var)) { } else { header("Location: /index.php"); } For readability modify your code to: if (!isset($_GET)) { header("Location: /index.php"); } // no else! continue execution foreach ($_GET ..

I see you made several changes to the body of certain functions remove all these lines they don't belong there.. 1) name or rename the file where the declaration of the pdf functions reside and name it: pdf2txt.php 2) create a new file pdf2txt_test.php make sure these both files are in the same directory under your server root 3) add this content to your pdf2txt_test.php file: <?php error_reporting(E_ALL); ini_set('display_errors', TRUE); // modify the paths file_put_contents('/path/to/txtfile.txt', pdf2txt('/path/to/pdfile.pdf')); ?> 4) start your web server and point it to the directory where you added both pdf files (pdf2txt.php and pdf2txt_test.php) 5) you now get a listing click pdf2txt_test.php a blank page should show up and without any errors on screen. 6) go to the location of the text file '/path/to/txtfile.txt' and open it. It should now contain the text from the pdf file.

Don't know if this is the cause but have you restarted Apache?

All of those errors mean that you are trying to use a variable that hasn't been initialized (it has no type yet) and is thus unknown to your system as to what it should return. Please post these specific lines of code as these are not shown in the examples. Also the body of this statement is never executed as it is preceded with the same if statement. } else if(!isset($_POST['op'])) {

When i run your script i get: Notice: Undefined variable: userrow in D:\darkpower.php on line 6 <?php error_reporting(E_ALL); ini_set('display_errors', TRUE); $points = $userrow['points']; $Print = $guesses = ''; if(!empty($_POST) && isset($_POST['ok'])) { $points = $_POST['points']; $random = rand(1,9); $Print .= 'Random number is <b>'.$random.'</b>. '; $amount = count($_POST['digit']); if($usr[7] < 10 && $usr[7] >=1) { echo "<b>You don't have enough points to play!</b><br>"; } $plays_requested = $amount; if(($plays_requested * 10) <= $usr[7]) { for($i=1;$i<=$plays_requested;$i++) { if (isset($amount) && !empty($amount)) { foreach($_POST['digit'] as $number) { if(is_numeric($number)) { $guesses .= ' '.$number; if($number==$random) { $points = $userrow['points']+100; $query = "UPDATE users SET points=points+$points WHERE id='".mysql_real_escape_string($_SESSION['user']['0'])."' LIMIT 1"; mysql_query($query, $db_id); } else { $points = $userrow['points']-10; $query = "UPDATE users SET points=points+$points WHERE id='".mysql_real_escape_string($_SESSION['user']['0'])."' LIMIT 1"; mysql_query($query, $db_id); } } } } } } else { echo "<b>You don't have enough points to buy ".$plays_requested." number(s).</b>"; } $query="SELECT points FROM users where id='".mysql_real_escape_string($_SESSION["user"]["0"])."' LIMIT 1"; $result = mysql_query($query, $db_id); $myNum = mysql_fetch_array($result); $points = $myNum[0]; if($guesses!='') { $Print .= 'You guessed <b>'.$guesses.'</b>. '; } if($points<=0) { $Print .= '<b>You don\'t have any points left!</b>'; } else { $Print .= 'You have <b>'.$points.'</b> points.'; } } echo ' <p>Every number you buy costs 10 points. If you win: Your correct number(10 points) + 100 points.</p> <form action="'.$_SERVER{'PHP_SELF'}.'" method="post"> <p><input type="checkbox" name="digit[]" id="t1" value="1" /> <label for="t1">1</label> <input type="checkbox" name="digit[]" id="t2" value="2" /> <label for="t2">2</label> <input type="checkbox" name="digit[]" id="t3" value="3" /> <label for="t3">3</label> <input type="checkbox" name="digit[]" id="t4" value="4" /> <label for="t4">4</label> <input type="checkbox" name="digit[]" id="t5" value="5" /> <label for="t5">5</label> <input type="checkbox" name="digit[]" id="t6" value="6" /> <label for="t6">6</label> <input type="checkbox" name="digit[]" id="t7" value="7" /> <label for="t7">7</label> <input type="checkbox" name="digit[]" id="t8" value="8" /> <label for="t8">8</label> <input type="checkbox" name="digit[]" id="t9" value="9" /> <label for="t9">9</label> <input type="hidden" name="points" value="'.$points.'" /> <input type="submit" name="ok" value="Play" /></p> </form> <p>'.$Print.'</p>'; ?>

No problem. However make sure that your files now point to index2.php instead of index.php

Which cms are you using? Any example code?

file_put_contents('/path/to/txtfile.txt', pdf2txt('/path/to/pdfile.pdf')); This does not belong in this function: $pdftext = pdf2txt('C:\Users\Mike\Desktop\Athy Database\Athy Register.pdf');

print $doc->documentElement->tagName;

You only need to use global if you are within a different scope then the global scope (thus in a function or class) global $userrow, $db_id; $_POST{'ok'} // should be $_POST['ok'] Could you please only post the relevant code and maybe even add some more comments in english. I am not familiar with the language and that makes it harder to follow the logic. You are using { and } to access array's so that should give you some warnings. Add these 2 lines to the top of your script: error_reporting(E_ALL); ini_set('display_errors', TRUE);

What is he displaying?

Anywhere you like file_put_contents('/path/to/file.txt', pdf2txt('/path/to/file.pdf')); I strongly advice reading the php manual

You would do this: $postdata = $_POST['data'] ? 1 : 0; $postdata = validate_postdata($postdata); And I would do this: $postdata = validate_postdata($postdata); Which in the very essence is the same except that your method if i may say is redundant: //HTML: <input type="checkbox" name="gender" value="male"> //PHP: $gender = $_POST['gender'] === 'male' ? 'male' : 'female'; While my method adds the ternary operation client-side plus this doesn't imply a security risk as both methods use validators. But this is a fight that no one can win as you will still be using your ternary operation and i will be using my hidden field technique

They usually fill up your screen Anyway, try: $res=mysql_query(.., $db /* if working with multiple db's don't forget to add the db resource */); print mysql_num_rows($res); // debug if (mysql_num_rows($res)) { // now only executes if their actually is something while ($row = mysql_fetch_assoc($res)) { } }

If you want to test your regex in real-time then use: http://www.gskinner.com/RegExr/ echo preg_match('/[0-9]{2}\/[0-9]{4}/', $string);

Haven't you noticed the name of the manufacturer? I'll bet you that it has something to do with that

Add this line to your form: <input type="hidden" name="id" value="<?php print $id; ?>"> Now your updatequest.php knows the id to if you submit the form. However the next line of code isn't considered good practice: `questname` = '$_POST[questname]' As it assumes that questname is a constant which it clearly isn't therefor if using array's use sprintf() (also because of security reasons): `questname` = \'%s\' Also remove the " from the start and end of your query string as you then no longer require string parsing and use ' instead. Use as: $fquery = sprintf($query, $_POST['questname'], ..);