.josh

haha damn no worries i missed that too and I must have looked at that script half a dozen times ; : ; : ; :

To clarify: desc is a reserved mysql keyword, used to specify how to order results by (desc = descending order). You can use reserved words as column and table names by using backticks, but it is not really considered good programming practice to do so, as it increases chances for bugs (like now) and in general may cause confusion on your part.

hmmm I really don't know what else to say except to contact your host and ask them what's up then.

Thread closed. Please do not post multiple threads asking the same thing.

okay see now I just told you that you can't move a file that's already moved. The same thing applies to trying to copy a file that's already moved. Your error just told you the same thing. You need to copy the file first, then move move each one.

in your cpanel or whatever you use to access your server stuff (same place you went to look for mime types earlier) there should be an error log link

ah, well, the link you posted to the text file version is missing a > on your closing form tag but when I view source of the real link it's all there and the form part of your html is okay. I enter in some random information into your form and it takes me to your .php file. And I think it's being processed because if it wasn't recognizing it, it would just spit out your code like a text file. But if the code you posted is exactly what you have, minus the php tags..it should work. So it's definitely something to do with the server.

yeah..the actual code looks okay, except for echo "thanks.html"; that's just going to echo "thanks.html" not some actual file.

yeah i realized that you may indeed have had it correct (I viewed source of your actual link and your action points to a .php) so... what type of hosting do you have? You may want to check your mime types in your cpanel make sure php is listed as an application and .php is listed as a mime type for it. Failing that, you probably want to contact your host and ask them wtf.

php script files need to have a .php file extension in order for the server to recognize it as a php file.

it doesn't work because you are moving the file; it can't be in two places at once. You move it, and then it's not in the original place anymore, so when you try to move it a 2nd time, move_uploaded_file returns false because it wasn't there to move. You need to first make a copy of the file and then move one to one directory and then the other to the other.

okay because now you moved your $do assignment below your condition so $do will never equal setsession and you still have session_start inside the condition which will always fail now, so $user will never be assigned your session variable. just put your code back to the way it was before, except move the session_start out of the condition to the top of your page.

session_start() needs to be at the top. You are assigning a session variable to $user ...

$_SESSION['location'] == $location; think you meant $location = $_SESSION['location']; that probably is preventing you from selecting your db (and therefore query failure) ... but I'm not really sure why you wouldn't have gotten your die message...got error reporting turned off?

instead of doing $result = mysql_query("blahblahblah"); do $sql = "blahblahblah"; echo $sql; $result = mysql_query($sql);

Any errors? echo out vars and/or query string to see if vars contain expected info? echo something inside your condition to see if it's even passing?

I'm guessing that last \ at the end there needs to be before your " not after but I don't really know what else is wrapped around that line since you don't have it posted.

did you check your actual table in phpmyadmin or w/e and make sure that all of those columns exist (and are spelled right) and there's no more? edit: what was the solution (and mark it as solved, bottom left)

Every time someone posts something ambiguous like "I have a quick question" or "I have a problem" or "Need help urgently" a server crashes and a little piece of the internet dies.

his posted code checks to make sure it is numerical but it does nothing to stop someone from entering in a number that doesn't exist in your database and therefore triggering your insert...which is the concern of your original post.

As far as sanitizing goes: You expect for $id to have a number in it, so check to make sure it's a number. Also use mysql_real_escape_string() on your stuff. As far as log in and user levels go...there are a ton of tutorials on how to do that out there.

1) you need to sanitize your variable $id=$_GET['id']; ... $sql = "update interviews set views=views+1 WHERE id='$id'"; You should feel very lucky that someone ONLY made id=14 2) You need a permissions system in place. A login script with permission levels for only certain people to even access that page in the first place.

if (isset($_SESSION['myusername'])) { // stuff to do if ($_SESSION['myusername'] == 'admin') { echo 'some text'; } } else { // do other stuff } although, I don't think I would be checking username to determine whether to show admin stuff or not. People can very easily worm their way into making that code work, regardless of whether they have your password or not. You should be using some kind of access level system.

... because they've always thought nobody could be [i]that[/i] ugly, and then blam, you walk up and prove them wrong, like "Oh....damn..."

if i understand my javascript correctly, if you do not specify a form name/id it will default to the one whose tags it resides in (which it wasn't in any). But I'm not a javascript expert; might wanna ask over in that forum.