Jessica

Well where does $subnum come from?

If you want to go back to another page, use header(), not include.

What? That is what it does...

Well read through the code and see why that is. You never tell it anything about not sending if one of the required fields is empty. You might consider setting a variable like $ok and setting it to false if it's not okay to send the form, then check it before emailing.

You're missing the closing } for your if-else. You just have the ?> without closing the else.

After inserting it, use header() to go to a new page. If they refresh that page, it won't insert.

<textarea name="name">Text Here</textarea>[code] We can't help with your code if you don't post it, and actually what doesn't work. [/code]

Just a tip: Don't use dreamweaver - you need to learn what the code is doing and if it's doing it for you you won't understand. What is on lines 1-3?

Cron jobs?

I think you'll need to use the MYSQL date and time functions - which one I am not sure, but check out the manual: http://dev.mysql.com/doc/refman/4.1/en/date-and-time-functions.html You'll need to do a SUM where your date field is reformatted with one of these functions.

I care what URLS look like, and so do search engines. You can use mod rewrite for fancy URLs so that domain.com/users.php?user=1 can become domain.com/users/1/ or even domain.com/users/jesirose/ OR domain.com/jesirose/ jesirose.domain.com/

Weird, when this was first posted, I clicked on it and an image was there. Did you delete the image from your server? It's gone now.

Just do a SELECT * FROM if you're going to use all fields

1.Any? Rest: Both.

Is there an entry for it? do: print_r($rowID);

$ds = "$explosives[0]-$explosives[1]-$explosives[2]-$explosives[3]-$explosives[4]-$explosives[5]-$ds-$explosives[7]"; That will make a string which will be something like 0-2-4-5-35-34 etc based on whatever numbers those are. Take out the quotes and it will be an integer.

You would need to add a new line \n after X characters. Yes, you'll have to do some yourself

Yeah, and if you TELL buy.com or one of the other large sites, they threaten to prosecute you for attempted hacking. Don't get me started on these morons.

If you want to remove any HTML, use strip_tags(). If you want to allow "safe" html, check out the page above.

phpMyAdmin is a PHP-based tool which interacts with MySQL. It isn't actually anything to do with what you're doing. Is the row CALLED user_id? You have to change it to match your table, you can't just copy and paste everything and expect it to work.

You are correct. You can use one of the many libraries out there for cleaning HTML if you want to allow it and still prevent XSS attacks. Check out this page: http://htmlpurifier.org/comparison.html PS: You'd be surprised how many big sites are vulnerable to XSS. buy.com still is

refiking, the programs you're referring to run on the computer, not on another server like PHP. You can't do it because it's a security risk in GENERAL.

You're using mysql_fetch_assoc in one place - use it all the time, not this: if ($row = mysql_fetch_row($LoginRS)) { $_SESSION['user_id'] = $row[0]; } Use: if ($row = mysql_fetch_assoc($LoginRS)) { $_SESSION['user_id'] = $row['user_id']; }

We're not going to write it for you - just start. Here is the manual on foreach which contains many examples: http://us3.php.net/foreach

Usually it would be something like ?num=1 and they'd use $_GET['num']; I think to get the 1 in the situation you described you'd have to get the url using $_SERVER['REQUEST_URI'] and then a string manipulation function to get the values after the ?