Psycho

No. The number of child elements for one parent has nothing to do with the number of child elements for another parent. So, when you unset one of the values under the second parent it has no effect on the values under the third parent. Is this just a hypothetical question or is there something you are trying to accomplish? If the latter, give an example of the array you are dealing with and an explanation of the logic you need to unset values.

I don't see where you are accessing the values from the POST data, but you should be using trim() and mysql_real_escape_string() on that data. Then you need to implement as much validation as you want. You should first validate that all required fields have valid values. What a valid value is - is up to you. You could do something such as making sure a name only contains alpha characters (and perhaps the dash and apostrophe). But, that only means the user needs to enter some meaningless letters to pass validation of the name. So, it doesn't really solve your problem of "fake" data, but it will prevent just a number being used as the name. Once you have confirmed that the values pass basic validation, then you can verify that the email doesn't exist in your database. Lastly, you could also require that the user confirm their email address. Create the user record with a unique code and set the record to unconfirmed, Then send an email to the email address the user entered with the unique code as a parameter. When the user gets the email and clicks the link set the user record to confirmed and let them access the content. As to this $sql = mysql_query("SELECT * FROM users WHERE Email = $email"); if($sql) { return true; } else { return false; } The email needs to be enclosed in quotes in the query. Plus, you don't check $sql, you should instead check the mysql_num_rows($sql) to make sure it is 0.

Do you have their consent or not? You are asking us (presumably) to help you illegally access content. If you don't have a legitimate request you are in the wrong place.

$main_date_ts = strtotime($_GET['date']); //Create timestamp $main_date = date("M-d-Y", $main_date_ts); $cur_day = date("d", $main_date_ts); $cur_month = date("n", $main_date_ts); $cur_year = date("Y", $main_date_ts);

Well, how you get the values you are looking for depends on which ones they are since it is a mulch-dimensional array. You simply need to traverse down to the element you are looking for. This should get you the names if I am reading the structure correct: $names = array(); foreach($result['items'] as $item) { foreach($item['product'] as $product) { foreach($product['author'] as $author) { $names[] = $author['name']; } } } print_r($names);

The only way to accomplish that would be to use eval() which is always a bad idea. A better solution would be to save the page (with PHP code) as a normal php page. Then use the database to dynamically determine the page to load. EDIT: maybe I misread your request. If you are just wanting people to be able to "save" code to be displayed as text, the htmlentities() are htmlspecialcharacters() is what you want. I thought you wanted to execute the code.

Well, all of your IF statements are out of wack. if($bgimgID){ $bgimgID = 1; $filename = '/shushmedeals/templates/shushme_deals/images/bg_home.jpg'; } if($bgimgID = 2){ $filename = '/shushmedeals/templates/shushme_deals/images/shushme_bg_img1.jpg'; } // . . . The first if statement will be true as long as $bgimgID exists and cannot be interpreted as a boolean false (e.g. FALSE, 0, etc.). All the conditions that follow are ASSIGNMENTS not COMPARISONS. The second if() above is testing if you can assign the number 2 to the variable $bgimgID. That would return true every time. You should probably be suing something like if($bgimgID == 1){ $bgimgID = 1; $filename = '/shushmedeals/templates/shushme_deals/images/bg_home.jpg'; } if($bgimgID == 2){ $filename = '/shushmedeals/templates/shushme_deals/images/shushme_bg_img1.jpg'; } Note the double equal signs for comparisons

MasterACE14 has got the right idea. Although, I'm not sure what you mean by You will have no idea if and by what means a link is shared - only that the user came to your page with a certain $_GET value passed via the URL. So, to expand upon Offline MasterACE14's suggestion, it all depends on how much information you track. The more information you want to track the more data there will be. For the sake of argument, let's say you want to count the number of times each unique 'user' value is submitted from each unique IP address. (NOTE: the 'user' value should be the User ID and not the User Name). Then you would want a database table with the following fields: - user_id - user_ip - count And, very important, you want to set the user_id and user_ip combination as unique. Do not set each field as unique - you need the combination to be unique. Example: CREATE TABLE IF NOT EXISTS `link_count` ( `user_id` int(2) NOT NULL, `user_ip` varchar(12) NOT NULL, `count` int(5) NOT NULL DEFAULT '1', UNIQUE KEY `link_count` (`user_id`,`user_ip`) ) Now, your code might look something like this $user_id = (isset($_GET['user'])) ? mysql_real_escape_string(trim($_GET['user'])) : ''; if(empty($user_id)) { //No user ID passed - create error condition echo "No user id passed!."; } else { //Validate that user ID is valie $query = "SELECT user_id FROM users WHERE user_id = '$user_id'"; $result = mysql_query($query); if(!mysql_num_rows($result)) { //User ID sdoes not exists - error condition echo "User ID is invalid!."; } else { //User id is valid show content and insert link count //This query will add a new row or increment count of existing row $user_ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); $query = "INSERT INTO `link_count` (`user_id`,`user_ip`) VALUES ('{$user_id}', '{$user_ip}') ON DUPLICATE KEY UPDATE `count` = `count` + 1"; $result = mysql_query($query); } }

Cookies will last as long as you set them to last (or until the user deletes them). If you go this route then you just need to set the cookie with a 2 minute expiration. Then you only need to see if the cookie exists. If no, allow user to access the file. If yes, do not allow access

You will need to store a timestamp whenever a user makes a request. Then on each request check if the last timestamp is > 2 minutes. If you are using a system where users have to sign-in then store the timestamp in the user record in your database. If you are not using a login system then you could either store the value in a cookie or in a database according to the user's IP address. Each has its drawbacks. A cookie system can be easily avoided by the user if they so choose by deleting the cookie. Or they may have their security settings such that they won't accept a cookie. A server-side solution has the drawback in that just storing the IP address will prevent users behind a NAT from being able to access a file until 2 minutes after the last person on the same subnet. In other words, they all share the same 2-minute period.

Ok, yeah, I see that now. Just create the output as a variable in the function and return the variable function makeSizes($sizesArray, $SKUCAPS, $skunum ) { if(count($sizesArray)==0) { $returnVal = "<input value='{$SKUCAPS}{$skunum}' type='hidden' name='item'>\n"; } else { $returnVal = "<strong>Size:</strong> \n <select name='item'>\n"; foreach($sizesArray as $size) { $returnVal .= "<option value='{$SKUCAPS}{$skunum}{$size}'>{$size}</option>\n"; } $returnVal .= "</select>\n"; } return $returnVal; }

No offense, but that makes no sense. The purpose of the function is to return the value of the POST/GET var or an empty string. So, there's no need for that second line to implement a ternary operator. Since urlencode() of an empty string is still an empty string you can just do this $html .= urldecode($this->getVar('uri')); Also, that function is more of a proof of concept. You don't always want to use an empty string as the default value. in some cases you may want 0 or something else. So, another twist would be to pass an additional parameter to the function for the default function getPostVar($varname, $default) { if(isset($_POST[$varname])) { return trim($_POST[$varname]); } return $default; } Again, this is just a conceptual solution. Your mileage may vary.

I don't see any reason why all the records would not be displayed = although I see you have two closing DIVs and only one opening div. But, i agree that the embedded conditions are a little odd. Are you positive there are more than 1 record in the table? Try the following: $query = "SELECT * FROM requests ORDER BY leave_after DESC"; $result = mysql_query($query); if (!$result) { echo "Query failed: " . mysql_error(); } else { //Debug line echo "Rows returned: " mysql_num_rows($result) . "<br>\n"; while ($row = mysql_fetch_assoc($result)) { echo "<div id='resultholder'><p>"; echo "Request ID: {$row['id']}, "; echo "User ID: {$row['user_id']}, "; echo "Departing From: {$row['departing']}, "; echo "Going To: {$row['destination']}, "; echo "Leaving After: {$row['leave_after']}, "; echo "but Arriving Before: {$row['arrive_before']}" echo "</p></div>\n"; } }

You believe wrong. If I was doing a check for a value exactly matching "Fax:" I would have done something like if($tag->nodeValue == "Fax:") { continue; } But, I used the function strpos() which http://us.php.net/manual/en/function.strpos.php

maybe, but that has nothing to do with using mysql_real_escape_string(). The function mysql_real_escape_string() will simply escape input to make it safe for a DB query. But, the stored value is not the escaped value. So if you have the value "O'Reilly" and want to insert it into the database. mysql_real_escape_string() will convert that to "O\'Reilly". But, the "\" just tells the MySQL engine to treat the apostrophe as a literal value and not a delimiter - so the DB treats it as the string "O'Reilly" and that is what would be stored in the database. Now, when you go to display that in an HTML page you will execute a query and get the value, which will be "O'Reilly". But, depending on how you plan to use the value you may need to do a transformation. For example, if you plan to use the value to populate a text inut field you will need to run it though htlmspecialcharacters() or htmlentities() - otherwise it could corrupt your HTML code This would not be good: <input type='text' name='last_name' value='O'Reilly'>

Well, now that you have posted the code I can help you. It *looks* like you are referencing data by it's position in the results returned. That's kind of a poor implementation and can easily break depending on how the input changes. This logic should work, but you might need to modify the actual text being compared. I can't be sure since I can't see the input data. foreach ($address as $tag) { //If $tag->nodeValue contains the string "Fax:", skip this entry if(strpos($tag->nodeValue, "Fax:")===false) { continue; } $result[] = trim($tag->nodeValue) . "<br>"; }

Really? Every response I have made in this thread has been in respect to the OP's original question or to correct misinformation that you provided. That is, until this specific post, to respond to your derogatory comment. Whereas, you have had five individual responses in this thread and FOUR of those have had nothing to do with promoting the resolution of the issue or provide any meaningful information. (note: "reading" != "comprehending") If you have a problem with me, take it up in a PM or the Admins.

mysql_real_escape_string()

Well, baaselect is a custom class - it is not part of the PHP core code. The class has documentation on how to set it up. The only thing that class is for is creating linked select lists, so I don't know how you were using it before if you didn't know how to set it up. If you only want options available for South Africa, then don't have any options in the database for the other countries. But, really, this is overkill for what you need. Simply create two select lists, one for countries and one for State/Province that has all the values for the South Africa selection. Then add a simple onchange event to the country select list to display/hide the state/province field based on the country value.

There is nothing to get back on track with. I have already provided a solution via improved code. It was only taken off track because of misinformation which I had to correct multiple times. However, to directly respond to the original issue, the problem was likely due to this $result=mysql_query("SELECT * FROM users",$connection); // . . . while($row=mysql_fetch_array($result)){ $user_ver=array($row['user_name'],$row['user_password']); if($user_ver[0]==$user_name AND $user_ver[1]==$user_password){ Since the OP was using * in the SELECT query and then referencing the fields by their order index (i.e. 0, 1) I suspect that the first two field in the query were not the username and password. That is why you should almost always: 1) List out the fields you need in the SELECT query 2) Reference the fields from the query by name (I always use mysql_fetch_assoc())

I didn't tell you to go read the document. I provided the link for reference for anyone reading this post. Posting misinformation is very detrimental.

Again, what are you talking about? Either a variable has global scope or it doesn't. If you look at the manual for variable scope all the examples have to do with whether or not the variable has scope within functions/classes. To say that the variable $errors (inthe code posted by the OP) has global scope is patently false. http://php.net/manual/en/language.variables.scope.php

Edit: Deleted

OK, now to comment on the code. There are problems. The first order of business is to properly structure your code so you can visualize the logical flow. Some issues I see: 1. You are querying the DB for ALL records and then trying to match them in PHP code. You only need to query the DB for the ONE record you are looking for then check if there was a record returned. 2. Since you don't appear to be using anything in the include files for the validation, move the includes() until after the validation is completed. 3. If you are not going to use the errors array, then you don't need it. You could simply do the redirect as soon as the first validation error is triggered. Personally I would use the errors array to display the errors the user made, but your current implementation does a header redirect so you lose all that information. 4. Since you are doing a redirect and exit for all the conditions the mysql_close() function never gets run. But, that's ok. However, you should really find a better way of displaying the results without using die() for the error conditions. 5. You should not be storing the password in clear text. You should be hashing the password with a salt. Revised code <?php //The fields to validate $fields_array = array('user_name', 'user_password'); foreach($fields_array as $field) { //Trim POST values so value with only spaces is not considered valid $field = trim($field); if(!isset($_POST[$field]) || empty($_POST[$field])) { header("Location: errors.php"); exit; } } //Move connection/functions down here since you only need //to runthem if validation above passes require_once("includes/connection.php"); require_once("includes/functions.php"); $user_name = mysql_prep($_POST['user_name']); $user_password = mysql_prep($_POST['user_password']); $query = "SELECT * FROM users WHERE user_name = '{$user_name}' AND user_password = '{$user_password}'"; $result = mysql_query($query, $connection); if(!$result) { die("Database query failed: " . mysql_error()); } elseif(mysql_num_rows($result)==0) { //No matching record header("Location: main_page.php"); exit; } else { //Match found header("Location: login_suc.php"); exit; } ?>

What are you talking about? You must be thinking of JavaScript where defining a variable outside any function will give it global scope. That is NOT true for PHP. $foo = "bar"; function echoFoo() { echo "The value of foo is $foo"; } echoFoo(); //Output: The value of foo is