Jessica

You could do this: <?php $_SESSION['posted'] = $_POST; //print out post data here as regular HTML, not a form. //Name: John Doe //Email: john@doe.com ?> Then on the next page, instead of processing the $_POST array, process the $_SESSION['posted'] array.

You can use the disabled property, (http://www.htmlhelp.com/reference/html40/forms/input.html) or just print the data instead of printing it in a form.

Did you not read my post?

You'll need to use strpos and substr to get the various parts of the string you're looking for. For the CSV question you could use explode. The form buttons sounds simple enough. Do you really not know how to write the HTML or am I misunderstanding?

What you said makes no sense. Also, line breaks are good. There are lots of existing ajax photo galleries out there. You could look at what they do. Or, you could do what I said instead of trying to do it with PHP and MySQL, and use the existing data you already have and write the javascript. Check out Mootools. It's a great JS library.

When you select all of the results where they're in the category, you can now make an array of all of the values. It would look like $photoIDs = array(1,4,28,53); So when you're on the first photo, you're at $photos[0]. next adds one, previous subtracts. Use javascript to keep track of what index you are in the array. var selected = 0; //Whatever Js code you are using to register the click if it's next, selected++ if it's prev, selected-- Hope that helps.

<?php if(!isset($_SESSION['user'])){ die('error'); } ?> That won't stop hacking attempts though. We'd need to see a lot more of your code to help with security. What in particular are you worried about here?

Why don't you just use one of the many html cleaning libraries already out there? I use this one: http://pear.php.net/package/HTML_Safe

You know a link and some code might help.

It is too. :-P I said it won't work because I have done this before, and I knew it didn't work. I forgot why, and had to look it up. But it's not what he wants.

Well, it doesn't protect against malicious JS: Warning This function does not modify any attributes on the tags that you allow using allowable_tags , including the style and onmouseover attributes that a mischievous user may abuse when posting text that will be shown to other users. That is why I said it won't work. Yes, you can allow the tags you want, but a user could still enter XSS attacks.

He wants to allow safe HTML. Dude just use the one he posted. There are others but it's always going to be larger than you think it should be. Why does it matter how big it is anyway?

That's what I meant by your image has no name. With the second one, there IS not $_POST['submit'] because no inputs have the name submit.

Google the things I told you to use and learn it. 1. I can't tell you exactly how to do it because I haven't. 2. You will understand it better if you do it yourself. Of course, now I am intrigued and want to do it, but I'm not going to do it for you But on the other hand what use could this have when people can just view the source of the page and get the HTML that way? I mean...why are you trying to do this?

If you're not a programmer, you're in the wrong forum. If you want someone to do it for you, go to freelancing forum.

First of all, you should make your resize code a function, instead of including another php file to run it. Instead of using copy I think you should use http://php.net/moveuploadedfile

I'd think you'd have to use some combination of javascript to get the location of their selected text (for example, tinyMCE and other editors do this withint textareas) and then use ajax to submit the locations to PHP, then use CURL to grab the HTML and then strpos to get the substr() of the HTML that you want. (google)

(I responded to the wrong post, sorry)

But you would be able to display a pretty loading graphic (http://www.ajaxload.info/) for them to look at while it loads instead of the blank screen

I doubt this is it, but your image does not have a name value. It would help if we see the PHP code, not just the errors.

"No. I want it to only download HTML files specified by the database. So it downloads all HTML files within that site. " That is a contradicting statement. It cannot download only the files listed in the database and all of the files on the site, unless you specify all files on the site in the list.

I don't see anywhere you have tried. The user who is logged in, their ID should be in here: <?php $userstats3=mysql_fetch_array($userstats2); ?> Then do <?php if($userID == $playerID){ } ?> You might want to use a better name than $playerID, like $attackedPlayerID or something descriptive, since $player is the username of the logged in player, yes?

Mootools is a good JS library with Ajax support. But the user would still have to wait to see the results if you use ajax. You could use a cron job if you want it to run regularly.

Oh lol I didn't even look at it since I didn't notice the HTML in it. Yeah to do a table you need the table tag

just compare the user's ID to the one they're attacking. If they're the same, there's your error.