Yesideez

Just advise not to use short tags - these (I believe) are being disabled by default now which means code you write now will have to be edited to work on other systems. <?php not <?

I've written a script and gone one step further - this dumps everything into a table as requested and also pageinates everything with page index links at the bottom. <table class="boxGames"> <?php $intPageNum=(isset($_GET['page']) ? intval($_GET['page']) : 1); //GET PAGE NUMBER FROM URL $intPageSize=50; //SET OUR PAGE SIZE $info=mysql_fetch_assoc(mysql_query("SELECT COUNT(id) AS total FROM games")); $intTotal=$info['total']; //TOTAL NUMBER OF GAMES LISTED IN THE DATABASE $intPageCount=ceil($intTotal/50); //HOW MANY PAGES OF GAMES DO WE HAVE? if ($intPageNum<1 || $intPageNum>$intPageCount) { $intPageNum=1; //IF NUMBER FROM URL IS OUTSIDE OF RANGE SET PAGE NUMBER TO 1 } $intOffset=($intPageNum*$intPageSize)-$intPageSize; //GET OFFSET FOR QUERY echo '<tr><th>Name</th><th>Category</th><th>Thumbnail</th></tr>'; $sql="SELECT * FROM games ORDER BY name LIMIT ".$intOffset.",".$intPageSize; $query=mysql_query($sql); while ($row=mysql_fetch_assoc($query)) { echo '<tr><td><a href="mylink.php?id='.$row['id'].'">'.$row['name'].'</a></td><td>'.$row['category'].'</td><td><img src="thumbs/'.$row['thumbnail'].'" alt="Thumbnail" width="60" height="50"></td></tr>'; } echo '<tr><td colspan="4" style="text-align:center">'; for ($i=1;$i<=$intPageCount);++$i) { //LOOP TO BUILD THE PAGE INDEX AT THE BOTTOM if ($i==$intPageNum) { echo '<strong>'.$i.'</strong> '; //CURRENT PAGE DOESN'T NEED A LINK TO ITSELF } else { echo '<a href="?page='.$i'.">'.$i.'</a> '; } } echo '</td></tr>'; ?> </table>

Anyone?

Anyone know what can cause cURL not to send the POST data?

UPDATE: I've set a referer and that is being picked up. Used Firebug to check XMLHttpRequests and not a single POST is being sent - no idea why!

UPDATE: Tried adding the name of the submit button on the end and it still fails. Doesn't pick up anything. curl_setopt($ch,CURLOPT_POSTFIELDS,'crime=1&vercode=ABC&subcrime');

Here's my script: <?php $ch=curl_init('http://www.pictureinthesky.net/bltest/method1.php'); curl_setopt($ch,CURLOPT_COOKIEJAR,'cookie.txt'); curl_setopt($ch,CURLOPT_COOKIEFILE,'cookie.txt'); curl_setopt($ch,CURLOPT_RETURNTRANSFER,true); curl_setopt($ch,CURLOPT_HEADER,false); curl_setopt($ch,CURLOPT_FOLLOWLOCATION,true); curl_setopt($ch,CURLOPT_POST,true); curl_setopt($ch,CURLOPT_POSTFIELDS,'crime=1&vercode=ABC'); $page=curl_exec($ch); if (curl_errno($ch)) { echo 'ERROR'; } curl_close($ch); echo $page; ?> I'm trying to get that to call the URL in the script to check the anti XSS code in my other script is working but all it does is read the page in without submitting the form -I should get an error message! I've checked and the cookie.txt file is being created and contains: # Netscape HTTP Cookie File # http://curl.haxx.se/rfc/cookie_spec.html # This file was generated by libcurl! Edit at your own risk. www.pictureinthesky.net FALSE / FALSE 0 PHPSESSID 7268ef0b4b6adae605156ac177bdd43e EDIT: The above script can be tried: http://www.pictureinthesky.net/curl/readpage.php I think it might be failing because cURL hasn't been told the name of the submit button and in my code I'm checking for it by name.

TIP: When passing data from page to page or handling data from a form try and sanitise it on reading. For example, when you pick up your package ID on the next form try this: $packageID=intval($_SESSION['package_id']); Then you can check it and if it's a 0 (zero) then something has gone wrong somewhere. If you're waiting for data to be filled in and you've got session variables set be aware that session variables expire. If they take too long filling in a form the package ID will be lost so you'll have to check for this - using the above intval() or even isset() can work for this. An even better way is: $packageID=(isset($_SESSION['package_id']) ? intval($_SESSION['package_id']) : null); That way if the session variable exists we get the value and make sure it remains an integer. If it isn't set we set $packageID to null. You can then check... if ($packageID===null) { //THE SESSION VARIABLE HAS EXPIRED } else { //HANDLE THE DATA }

Here's some code I've just grabbed from my website for downloading one of the applications. It's got a max download limit inside it hence the formula with time() and the getIP() is a function I wrote to get the user's IP address. if ($_POST['subdownload']) { if ($intAppID>0) { $chk=mysql_query("SELECT * FROM `downloads` WHERE `dt`>'".(time()-3600*24)."' AND `ip`='".getIP()."'"); if (mysql_num_rows($chk)<30) { //USER CAN ONLY DOWNLOAD 30 FILES IN A 24HR PERIOD mysql_query("INSERT INTO `downloads` (`fileid`,`type`,`ip`,`dt`) VALUES ('".$intAppID."','a','".getIP()."','".time()."')"); //TRACKING DL mysql_query("UPDATE general SET `count`=`count`+1 WHERE `generalid`='".$intAppID."' LIMIT 1"); //INCREASE DL COUNTER header("Location: files/applications/".$appFilename); //DOWNLOAD THE FILE exit; } else { $blnMaxedDownloads=true; //IF THIS IS SET THE USER HAS DL'D 30 FILES IN 24HRS } } } "dt" field is INT UNSIGNED as it contains a Unix timestamp, "ip" is VARCHAR(15) EDIT: Added comments to make it easier to read.

AbraCadaver is right about the bombing although I don't quite like his choice of words - you can sanitise your data with a simple function: function dbSafeStr($str) { return mysql_real_escape_string($str); } I've got a few set up prefixed with "dbSafe" for handling certain types of data - just include at the start of each file and use like this: $result=mysql_query("select * from admin where username='".dbSafeStr($username)."' and password='".dbSafeStr($password)."'");

Just re-read through your post again and I think this is what you're after: <?php // load the configuration file. include("config.php"); // Use session variable on this page. This function must put on the top of page. session_start(); $message=""; ////// Login Section. $Login=$_POST['Login']; if ($Login) { // If clicked on Login button. $username=$_POST['username']; $password=$_POST['password']; // Check matching of username and password. $result=mysql_query("select * from admin where username='$username' and password='$password'"); if (mysql_num_rows($result)>0) { // If match. $row=mysql_fetch_assoc($result); $_SESSION['username']=$row['username']; if ($row['level']==1) { header("Location: intheloop.php"); // Re-direct to intheloop.php exit; } } else { // If not match. $message="Invalid Username or Password<br>"; } } // End Login authorize check. ?> I've indented everything to make it easier to read. Your mysql_num_rows() returns a number and you were checking with a string. If the username and password match the num_rows will be higher than 0 so the code inside the if() executes. We get the first matching row of data from the database and assign the username to a session variable. I've introduced a new field here called "level" - an integer. If the current user's level is 1 only then will the header() bit be called. You could have a couple if() conditionals or even a switch() for multiple choices.

Just wondering what you're trying to achieve. You're getting input from what appears a form as you're using $_POST to get a username and password. You're then checking that in a database with a SELECT query but you're not getting any info - just checking if the data is present. If it is, you're checking with the contents of an array - wouldn't it be better to set your session variable to the content of the database? You're also creating a session then destroying it!?

With regards to the onlyNumbers routine, try this function: function onlyNumbers(that) { that.value=that.value.replace(/[^0-9]/g,""); } Apply it to an input box like this: <input type="text" name="age" onkeyup="javascript:onlyNumbers(this);"> Now, with regards to your PHP function shouldn't it read: function GetPrice($ResType = "Iron ingot", $TranType = "Buy") { global $ResBuySell; return $ResBuySell[$ResType][$TranType]; } The way you had it the array wasn't referencing the TranType - only ResType - twice!

No idea - my initial thought would be setting a pen color that's already used in the picture therefore turning it red but I don't think that could be it.

Just add a space on the end as you build the string. $result.=$row['reason'].' '; This will add an extra space on the end so we can remove that with this: return trim($result);

What are your source images?

http://www.php.net/manual/en/errorfunc.constants.php The value 6135 will be a combination of the error level codes added up.

$sql="SELECT * FROM users WHERE user='me' LIMIT 1"; $query=mysql_query($sql); $row=mysql_fetch_assoc($query); echo $row[$col];

The first thing to do is give it a go but yes - you can do that.

If you click the "Browser Tools" you can see they've given you a button you can drag into your bookmarks and hovering over that button you can see the following in the status bar of your browser: javascript:void(window.open('http://www.web2pdfconvert.com/convert.aspx?cURL='+escape(location.href)+'&title='+escape(document.title)+'&ref=browser'+'')) Here we can see you can pass the link of a website as "cURL" and the page title as "title" so a link might look something like: http://www.web2pdfconvert.com/convert.aspx?cURL=http://www.phpfreaks.com&title=PHP Freaks EDIT: Forgot to mention, always escape the URL and title strings before passing.

As you're only getting one row back you can use something like this: $query=mysql_query($sql); $row=mysql_fetch_assoc($query); echo $row['name']; That's presuming the field "name" appears in your table.

Something has already been sent to the browser - even if this is just a space this will cause the page headers to be sent. Move the session_start() to the very start of the script.

function func1($input) { if ($input == "clause1") { $string2= "value2"; $string3= "value6"; } if ($input == "clause2") { $string2= "value3"; $string3= "value7"; } if ($input == "clause3") { $string2= "value4"; $string3= "value8"; } if ($input == "clause4") { $string2= "value5"; $string3= "value9"; } return array($string2,$string3); } When you receive the return value you can handle that as an array.

You're welcome! By calling the function inside echo you're using the value it returns. Inside your function you're using echo again and not returning anything so nothing is being placed inside the calling echo.

When you're using wildcards (%) with strings you need to use LIKE instead of equals (=) $eid2 = mysql_query("SELECT id FROM engines WHERE keyword LIKE '%".$tricker_engine."%' LIMIT 1") or die(mysql_error());