runnerjp

Hey, Just thought i would add a few suggestions rather then security flaws- of which myself cant find any. When posting a reply, instead of showing the screen saying Your Reply was added to test View the topic or go to all forums? why not just jump them to this page http://dannyluked.comze.com/forum/view_forum.php?id=?? just because it keeps it all looking clean!

Im currently at work and dont have access to any softwear for mysql. I can access ftp site and was wondering if there are any simular on the web? Anouther way i can think of is some how adding mysql to my comuter at home and accessing it through a ip address or can i add something to my own site so i can use mysql off there??

Sorry, I have my form set up. When the form is submitted it uses ajax to submit the form Once the form is sent it displays the thankyou message. What i need to do is on the current page it echo what was submitted in the form. below is the ajax script if it helps /* * jQuery Form Plugin * version: 2.36 (07-NOV-2009) * @requires jQuery v1.2.6 or later * * Examples and documentation at: http://malsup.com/jquery/form/ * Dual licensed under the MIT and GPL licenses: * http://www.opensource.org/licenses/mit-license.php * http://www.gnu.org/licenses/gpl.html */ ;(function($) { /* Usage Note: ----------- Do not use both ajaxSubmit and ajaxForm on the same form. These functions are intended to be exclusive. Use ajaxSubmit if you want to bind your own submit handler to the form. For example, $(document).ready(function() { $('#myForm').bind('submit', function() { $(this).ajaxSubmit({ target: '#output' }); return false; // <-- important! }); }); Use ajaxForm when you want the plugin to manage all the event binding for you. For example, $(document).ready(function() { $('#myForm').ajaxForm({ target: '#output' }); }); When using ajaxForm, the ajaxSubmit function will be invoked for you at the appropriate time. */ /** * ajaxSubmit() provides a mechanism for immediately submitting * an HTML form using AJAX. */ $.fn.ajaxSubmit = function(options) { // fast fail if nothing selected (http://dev.jquery.com/ticket/2752) if (!this.length) { log('ajaxSubmit: skipping submit process - no element selected'); return this; } if (typeof options == 'function') options = { success: options }; var url = $.trim(this.attr('action')); if (url) { // clean url (don't include hash vaue) url = (url.match(/^([^#]+)/)||[])[1]; } url = url || window.location.href || ''; options = $.extend({ url: url, type: this.attr('method') || 'GET', iframeSrc: /^https/i.test(window.location.href || '') ? 'javascript:false' : 'about:blank' }, options || {}); // hook for manipulating the form data before it is extracted; // convenient for use with rich editors like tinyMCE or FCKEditor var veto = {}; this.trigger('form-pre-serialize', [this, options, veto]); if (veto.veto) { log('ajaxSubmit: submit vetoed via form-pre-serialize trigger'); return this; } // provide opportunity to alter form data before it is serialized if (options.beforeSerialize && options.beforeSerialize(this, options) === false) { log('ajaxSubmit: submit aborted via beforeSerialize callback'); return this; } var a = this.formToArray(options.semantic); if (options.data) { options.extraData = options.data; for (var n in options.data) { if(options.data[n] instanceof Array) { for (var k in options.data[n]) a.push( { name: n, value: options.data[n][k] } ); } else a.push( { name: n, value: options.data[n] } ); } } // give pre-submit callback an opportunity to abort the submit if (options.beforeSubmit && options.beforeSubmit(a, this, options) === false) { log('ajaxSubmit: submit aborted via beforeSubmit callback'); return this; } // fire vetoable 'validate' event this.trigger('form-submit-validate', [a, this, options, veto]); if (veto.veto) { log('ajaxSubmit: submit vetoed via form-submit-validate trigger'); return this; } var q = $.param(a); if (options.type.toUpperCase() == 'GET') { options.url += (options.url.indexOf('?') >= 0 ? '&' : '?') + q; options.data = null; // data is null for 'get' } else options.data = q; // data is the query string for 'post' var $form = this, callbacks = []; if (options.resetForm) callbacks.push(function() { $form.resetForm(); }); if (options.clearForm) callbacks.push(function() { $form.clearForm(); }); // perform a load on the target only if dataType is not provided if (!options.dataType && options.target) { var oldSuccess = options.success || function(){}; callbacks.push(function(data) { $(options.target).html(data).each(oldSuccess, arguments); }); } else if (options.success) callbacks.push(options.success); options.success = function(data, status) { for (var i=0, max=callbacks.length; i < max; i++) callbacks[i].apply(options, [data, status, $form]); }; // are there files to upload? var files = $('input:file', this).fieldValue(); var found = false; for (var j=0; j < files.length; j++) if (files[j]) found = true; var multipart = false; // var mp = 'multipart/form-data'; // multipart = ($form.attr('enctype') == mp || $form.attr('encoding') == mp); // options.iframe allows user to force iframe mode // 06-NOV-09: now defaulting to iframe mode if file input is detected if ((files.length && options.iframe !== false) || options.iframe || found || multipart) { // hack to fix Safari hang (thanks to Tim Molendijk for this) // see: http://groups.google.com/group/jquery-dev/browse_thread/thread/36395b7ab510dd5d if (options.closeKeepAlive) $.get(options.closeKeepAlive, fileUpload); else fileUpload(); } else $.ajax(options); // fire 'notify' event this.trigger('form-submit-notify', [this, options]); return this; // private function for handling file uploads (hat tip to YAHOO!) function fileUpload() { var form = $form[0]; if ($(':input[name=submit]', form).length) { alert('Error: Form elements must not be named "submit".'); return; } var opts = $.extend({}, $.ajaxSettings, options); var s = $.extend(true, {}, $.extend(true, {}, $.ajaxSettings), opts); var id = 'jqFormIO' + (new Date().getTime()); var $io = $('<iframe id="' + id + '" name="' + id + '" src="'+ opts.iframeSrc +'" />'); var io = $io[0]; $io.css({ position: 'absolute', top: '-1000px', left: '-1000px' }); var xhr = { // mock object aborted: 0, responseText: null, responseXML: null, status: 0, statusText: 'n/a', getAllResponseHeaders: function() {}, getResponseHeader: function() {}, setRequestHeader: function() {}, abort: function() { this.aborted = 1; $io.attr('src', opts.iframeSrc); // abort op in progress } }; var g = opts.global; // trigger ajax global events so that activity/block indicators work like normal if (g && ! $.active++) $.event.trigger("ajaxStart"); if (g) $.event.trigger("ajaxSend", [xhr, opts]); if (s.beforeSend && s.beforeSend(xhr, s) === false) { s.global && $.active--; return; } if (xhr.aborted) return; var cbInvoked = 0; var timedOut = 0; // add submitting element to data if we know it var sub = form.clk; if (sub) { var n = sub.name; if (n && !sub.disabled) { options.extraData = options.extraData || {}; options.extraData[n] = sub.value; if (sub.type == "image") { options.extraData[name+'.x'] = form.clk_x; options.extraData[name+'.y'] = form.clk_y; } } } // take a breath so that pending repaints get some cpu time before the upload starts setTimeout(function() { // make sure form attrs are set var t = $form.attr('target'), a = $form.attr('action'); // update form attrs in IE friendly way form.setAttribute('target',id); if (form.getAttribute('method') != 'POST') form.setAttribute('method', 'POST'); if (form.getAttribute('action') != opts.url) form.setAttribute('action', opts.url); // ie borks in some cases when setting encoding if (! options.skipEncodingOverride) { $form.attr({ encoding: 'multipart/form-data', enctype: 'multipart/form-data' }); } // support timout if (opts.timeout) setTimeout(function() { timedOut = true; cb(); }, opts.timeout); // add "extra" data to form if provided in options var extraInputs = []; try { if (options.extraData) for (var n in options.extraData) extraInputs.push( $('<input type="hidden" name="'+n+'" value="'+options.extraData[n]+'" />') .appendTo(form)[0]); // add iframe to doc and submit the form $io.appendTo('body'); io.attachEvent ? io.attachEvent('onload', cb) : io.addEventListener('load', cb, false); form.submit(); } finally { // reset attrs and remove "extra" input elements form.setAttribute('action',a); t ? form.setAttribute('target', t) : $form.removeAttr('target'); $(extraInputs).remove(); } }, 10); var domCheckCount = 50; function cb() { if (cbInvoked++) return; io.detachEvent ? io.detachEvent('onload', cb) : io.removeEventListener('load', cb, false); var ok = true; try { if (timedOut) throw 'timeout'; // extract the server response from the iframe var data, doc; doc = io.contentWindow ? io.contentWindow.document : io.contentDocument ? io.contentDocument : io.document; var isXml = opts.dataType == 'xml' || doc.XMLDocument || $.isXMLDoc(doc); log('isXml='+isXml); if (!isXml && (doc.body == null || doc.body.innerHTML == '')) { if (--domCheckCount) { // in some browsers (Opera) the iframe DOM is not always traversable when // the onload callback fires, so we loop a bit to accommodate cbInvoked = 0; setTimeout(cb, 100); return; } log('Could not access iframe DOM after 50 tries.'); return; } xhr.responseText = doc.body ? doc.body.innerHTML : null; xhr.responseXML = doc.XMLDocument ? doc.XMLDocument : doc; xhr.getResponseHeader = function(header){ var headers = {'content-type': opts.dataType}; return headers[header]; }; if (opts.dataType == 'json' || opts.dataType == 'script') { // see if user embedded response in textarea var ta = doc.getElementsByTagName('textarea')[0]; if (ta) xhr.responseText = ta.value; else { // account for browsers injecting pre around json response var pre = doc.getElementsByTagName('pre')[0]; if (pre) xhr.responseText = pre.innerHTML; } } else if (opts.dataType == 'xml' && !xhr.responseXML && xhr.responseText != null) { xhr.responseXML = toXml(xhr.responseText); } data = $.httpData(xhr, opts.dataType); } catch(e){ ok = false; $.handleError(opts, xhr, 'error', e); } // ordering of these callbacks/triggers is odd, but that's how $.ajax does it if (ok) { opts.success(data, 'success'); if (g) $.event.trigger("ajaxSuccess", [xhr, opts]); } if (g) $.event.trigger("ajaxComplete", [xhr, opts]); if (g && ! --$.active) $.event.trigger("ajaxStop"); if (opts.complete) opts.complete(xhr, ok ? 'success' : 'error'); // clean up setTimeout(function() { $io.remove(); xhr.responseXML = null; }, 100); }; function toXml(s, doc) { if (window.ActiveXObject) { doc = new ActiveXObject('Microsoft.XMLDOM'); doc.async = 'false'; doc.loadXML(s); } else doc = (new DOMParser()).parseFromString(s, 'text/xml'); return (doc && doc.documentElement && doc.documentElement.tagName != 'parsererror') ? doc : null; }; }; }; /** * ajaxForm() provides a mechanism for fully automating form submission. * * The advantages of using this method instead of ajaxSubmit() are: * * 1: This method will include coordinates for <input type="image" /> elements (if the element * is used to submit the form). * 2. This method will include the submit element's name/value data (for the element that was * used to submit the form). * 3. This method binds the submit() method to the form for you. * * The options argument for ajaxForm works exactly as it does for ajaxSubmit. ajaxForm merely * passes the options argument along after properly binding events for submit elements and * the form itself. */ $.fn.ajaxForm = function(options) { return this.ajaxFormUnbind().bind('submit.form-plugin', function() { $(this).ajaxSubmit(options); return false; }).bind('click.form-plugin', function(e) { var target = e.target; var $el = $(target); if (!($el.is(":submit,input:image"))) { // is this a child element of the submit el? (ex: a span within a button) var t = $el.closest(':submit'); if (t.length == 0) return; target = t[0]; } var form = this; form.clk = target; if (target.type == 'image') { if (e.offsetX != undefined) { form.clk_x = e.offsetX; form.clk_y = e.offsetY; } else if (typeof $.fn.offset == 'function') { // try to use dimensions plugin var offset = $el.offset(); form.clk_x = e.pageX - offset.left; form.clk_y = e.pageY - offset.top; } else { form.clk_x = e.pageX - target.offsetLeft; form.clk_y = e.pageY - target.offsetTop; } } // clear form vars setTimeout(function() { form.clk = form.clk_x = form.clk_y = null; }, 100); }); }; // ajaxFormUnbind unbinds the event handlers that were bound by ajaxForm $.fn.ajaxFormUnbind = function() { return this.unbind('submit.form-plugin click.form-plugin'); }; /** * formToArray() gathers form element data into an array of objects that can * be passed to any of the following ajax functions: $.get, $.post, or load. * Each object in the array has both a 'name' and 'value' property. An example of * an array for a simple login form might be: * * [ { name: 'username', value: 'jresig' }, { name: 'password', value: 'secret' } ] * * It is this array that is passed to pre-submit callback functions provided to the * ajaxSubmit() and ajaxForm() methods. */ $.fn.formToArray = function(semantic) { var a = []; if (this.length == 0) return a; var form = this[0]; var els = semantic ? form.getElementsByTagName('*') : form.elements; if (!els) return a; for(var i=0, max=els.length; i < max; i++) { var el = els[i]; var n = el.name; if (!n) continue; if (semantic && form.clk && el.type == "image") { // handle image inputs on the fly when semantic == true if(!el.disabled && form.clk == el) { a.push({name: n, value: $(el).val()}); a.push({name: n+'.x', value: form.clk_x}, {name: n+'.y', value: form.clk_y}); } continue; } var v = $.fieldValue(el, true); if (v && v.constructor == Array) { for(var j=0, jmax=v.length; j < jmax; j++) a.push({name: n, value: v[j]}); } else if (v !== null && typeof v != 'undefined') a.push({name: n, value: v}); } if (!semantic && form.clk) { // input type=='image' are not found in elements array! handle it here var $input = $(form.clk), input = $input[0], n = input.name; if (n && !input.disabled && input.type == 'image') { a.push({name: n, value: $input.val()}); a.push({name: n+'.x', value: form.clk_x}, {name: n+'.y', value: form.clk_y}); } } return a; }; /** * Serializes form data into a 'submittable' string. This method will return a string * in the format: name1=value1&name2=value2 */ $.fn.formSerialize = function(semantic) { //hand off to jQuery.param for proper encoding return $.param(this.formToArray(semantic)); }; /** * Serializes all field elements in the jQuery object into a query string. * This method will return a string in the format: name1=value1&name2=value2 */ $.fn.fieldSerialize = function(successful) { var a = []; this.each(function() { var n = this.name; if (!n) return; var v = $.fieldValue(this, successful); if (v && v.constructor == Array) { for (var i=0,max=v.length; i < max; i++) a.push({name: n, value: v[i]}); } else if (v !== null && typeof v != 'undefined') a.push({name: this.name, value: v}); }); //hand off to jQuery.param for proper encoding return $.param(a); }; /** * Returns the value(s) of the element in the matched set. For example, consider the following form: * * <form><fieldset> * <input name="A" type="text" /> * <input name="A" type="text" /> * <input name="B" type="checkbox" value="B1" /> * <input name="B" type="checkbox" value="B2"/> * <input name="C" type="radio" value="C1" /> * <input name="C" type="radio" value="C2" /> * </fieldset></form> * * var v = $(':text').fieldValue(); * // if no values are entered into the text inputs * v == ['',''] * // if values entered into the text inputs are 'foo' and 'bar' * v == ['foo','bar'] * * var v = $(':checkbox').fieldValue(); * // if neither checkbox is checked * v === undefined * // if both checkboxes are checked * v == ['B1', 'B2'] * * var v = $(':radio').fieldValue(); * // if neither radio is checked * v === undefined * // if first radio is checked * v == ['C1'] * * The successful argument controls whether or not the field element must be 'successful' * (per http://www.w3.org/TR/html4/interact/forms.html#successful-controls). * The default value of the successful argument is true. If this value is false the value(s) * for each element is returned. * * Note: This method *always* returns an array. If no valid value can be determined the * array will be empty, otherwise it will contain one or more values. */ $.fn.fieldValue = function(successful) { for (var val=[], i=0, max=this.length; i < max; i++) { var el = this[i]; var v = $.fieldValue(el, successful); if (v === null || typeof v == 'undefined' || (v.constructor == Array && !v.length)) continue; v.constructor == Array ? $.merge(val, v) : val.push(v); } return val; }; /** * Returns the value of the field element. */ $.fieldValue = function(el, successful) { var n = el.name, t = el.type, tag = el.tagName.toLowerCase(); if (typeof successful == 'undefined') successful = true; if (successful && (!n || el.disabled || t == 'reset' || t == 'button' || (t == 'checkbox' || t == 'radio') && !el.checked || (t == 'submit' || t == 'image') && el.form && el.form.clk != el || tag == 'select' && el.selectedIndex == -1)) return null; if (tag == 'select') { var index = el.selectedIndex; if (index < 0) return null; var a = [], ops = el.options; var one = (t == 'select-one'); var max = (one ? index+1 : ops.length); for(var i=(one ? index : 0); i < max; i++) { var op = ops[i]; if (op.selected) { var v = op.value; if (!v) // extra pain for IE... v = (op.attributes && op.attributes['value'] && !(op.attributes['value'].specified)) ? op.text : op.value; if (one) return v; a.push(v); } } return a; } return el.value; }; /** * Clears the form data. Takes the following actions on the form's input fields: * - input text fields will have their 'value' property set to the empty string * - select elements will have their 'selectedIndex' property set to -1 * - checkbox and radio inputs will have their 'checked' property set to false * - inputs of type submit, button, reset, and hidden will *not* be effected * - button elements will *not* be effected */ $.fn.clearForm = function() { return this.each(function() { $('input,select,textarea', this).clearFields(); }); }; /** * Clears the selected form elements. */ $.fn.clearFields = $.fn.clearInputs = function() { return this.each(function() { var t = this.type, tag = this.tagName.toLowerCase(); if (t == 'text' || t == 'password' || tag == 'textarea') this.value = ''; else if (t == 'checkbox' || t == 'radio') this.checked = false; else if (tag == 'select') this.selectedIndex = -1; }); }; /** * Resets the form data. Causes all form elements to be reset to their original value. */ $.fn.resetForm = function() { return this.each(function() { // guard against an input with the name of 'reset' // note that IE reports the reset function as an 'object' if (typeof this.reset == 'function' || (typeof this.reset == 'object' && !this.reset.nodeType)) this.reset(); }); }; /** * Enables or disables any matching elements. */ $.fn.enable = function(b) { if (b == undefined) b = true; return this.each(function() { this.disabled = !b; }); }; /** * Checks/unchecks any matching checkboxes or radio buttons and * selects/deselects and matching option elements. */ $.fn.selected = function(select) { if (select == undefined) select = true; return this.each(function() { var t = this.type; if (t == 'checkbox' || t == 'radio') this.checked = select; else if (this.tagName.toLowerCase() == 'option') { var $sel = $(this).parent('select'); if (select && $sel[0] && $sel[0].type == 'select-one') { // deselect all other options $sel.find('option').selected(false); } this.selected = select; } }); }; // helper fn for console logging // set $.fn.ajaxSubmit.debug to true to enable debug logging function log() { if ($.fn.ajaxSubmit.debug && window.console && window.console.log) window.console.log('[jquery.form] ' + Array.prototype.join.call(arguments,'')); }; })(jQuery); Did this help atall??

Ok i have a script set up so when the form is submitted it shows a thankyou message.. <html> <head> <script type="text/javascript" src="http://www.runningprofiles.com/jquery/js/jquery-1.3.2.min.js"></script> <script type="text/javascript" src="http://www.runningprofiles.com/jquery/js/jquery.form.js"></script> <script type="text/javascript"> // wait for the DOM to be loaded $(document).ready(function() { // bind 'myForm' and provide a simple callback function $('#myForm').ajaxForm(function() { alert("Thank you for your comment!"); }); }); </script> </head> <form id="myForm" action="http://www.runningprofiles.com/members/include/comment.php" method="post"> Name: <input type="text" name="name" /> Comment: <textarea name="comment"></textarea> <input type="submit" value="Submit Comment" /> </form> But how could i show the output of the form from comment.php under the form??

Hey sorry about the delay. Below is the login code. <?php ini_set('session.cookie_lifetime', 0); ini_set('session.cache_expire', 0); session_start(); header("Cache-control: private"); ?><?php require_once ( 'settings.php' ); if ( array_key_exists ( '_submit_check', $_POST ) ) { if ( $_POST['username'] != '' && $_POST['password'] != '' ) { $query = 'SELECT ID, Username, Active, Password FROM ' . DBPREFIX . 'users WHERE Username = ' . $db->qstr ( $_POST['username'] ) . ' AND Password = ' . $db->qstr ( md5 ( $_POST['password'] ) ); $ip = $_SERVER['REMOTE_ADDR']; $user = $_POST['username']; $date = date("m/d/Y g:i:s"); mysql_query("UPDATE users SET ip = '$ip' WHERE username = '$user'"); mysql_query("UPDATE users SET lastlog = '$date' WHERE username = '$user'"); if ( $db->RecordCount ( $query ) == 1 ) { $row = $db->getRow ( $query ); if ( $row->Active == 1 ) { set_login_sessions ( $row->ID, $row->Password, ( $_POST['remember'] ) ? TRUE : FALSE ); header ( "Location: " . REDIRECT_AFTER_LOGIN ); } elseif ( $row->Active == 0 ) { $error = 'Your membership was not activated. Please open the email that we sent and click on the activation link.'; } elseif ( $row->Active == 2 ) { $error = 'You are suspended!'; } } else { $error = 'Login failed!'; } } else { $error = 'Please use both your username and password to access your account'; } } ?> The stop login function on each page is.. checkLogin('1 2'); /** * checkLogin * * Applies restrictions to visitors based on membership and level access * Also handles cookie based "remember me" feature * * @access public * @param string * @return bool TRUE/FALSE */ function checkLogin($levels) { global $db; $kt = split(' ', $levels); if (!$_SESSION['logged_in']) { $access = false; if (isset($_COOKIE['cookie_id'])) { //if we have a cookie $query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr($_COOKIE['cookie_id']); if ($db->RecordCount($query) == 1) { //only one user can match that query $row = $db->getRow($query); //let's see if we pass the validation, no monkey business if ($_COOKIE['authenticate'] == md5(getIP() . $row->Password . $_SERVER['USER_AGENT'])) { //we set the sessions so we don't repeat this step over and over again $_SESSION['user_id'] = $row->ID; $_SESSION['logged_in'] = true; //now we check the level access, we might not have the permission if (in_array(get_level_access($_SESSION['user_id']), $kt)) { //we do?! horray! $access = true; } } } } } else { $access = false; if (in_array(get_level_access($_SESSION['user_id']), $kt)) { $access = true; } } if ($access == false) { header('Location: http://www.runningprofiles.com/error.php'); exit(); } } phpinfo(); shows - reg_globals as off

Hey guys, Too my horrer i opened my unfinished website today to find there had been a posting under my admin account. I belive this is through hacking my account and cant find how they did it. Im hoping someone would be able to replicate this in order for me to fix the error and secure mysite before it goes live. The address is http://www.runningprofiles.com Jarratt Perkins (phpfreaks name is on the page linked 'Login - PHP FREAKS!!! PLEASE HELP ME')

I tried bot hof them yet they show nothing sadly... Here is my db setup `date` varchar(99) NOT NULL, '22/11/2009' and the script i ran <?php include 'settings.php'; $month = 11; $year = 2009; $query = "SELECT * FROM events WHERE active='y' AND date LIKE '%/$month/$year'"; $getthreads2 = mysql_query($query) or die("no events to show"); while ($getthreads3 = mysql_fetch_array($getthreads2)) { $getthreads3['event']; } ?>

bump

ok so in my db i have my dates as follows dd/mm/yyyy How would i select the results only happening during the current month! here is how far i have got $getthreads = "Select * from events where active='y' and date= '' ORDER BY DATE (STR_TO_DATE( `date`, '%d/%m/%Y ' ))"; date= '' is the issue!

I tried if(isset($_POST['name']) && !empty($_POST['name']) || !preg_match("/^[a-zA-Z ]+$/", $_POST["name"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>Name can only contain letters!!</label><br />"; but still displays the error message even when post name is empty

Funny enough thats what im trying today as im sure you have seen im my last post

I would have thought if(trim($_POST[firstname]) != '') { ... carry on this being not equal !=

here is my code <?php foreach($_POST as $field => $value) { if (($field != 'submit') && ((!$value) || (trim($value) == ''))) { $er .= "<label for=\"uname\" class=\"error\"><em>*</em>$field cannot be empty.</label> <br />"; $warnings[$field] ="required"; } if ($value != ''){ if (!$_POST["name"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["name"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>Name can only contain letters</label><br />"; } if (!$_POST["venue"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["venue"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>please only user words</label><br />"; } if (!$_POST["event"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["event"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>please only user words</label><br />"; } $regexp="/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i"; if (!$_POST["email"] || !preg_match($regexp, $_POST["email"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>please enter your correct email address</label><br />"; }} $count = count($er); } if($er === '') { if(array_key_exists('_submit_check', $_POST))?> at the moment it shows all errors.. *name cannot be empty. *email cannot be empty. *event cannot be empty. *venue cannot be empty. *date cannot be empty. *Name can only contain letters *please only user words *please only user words *please enter your correct email address but i want it to look first if field are empty, then if field are not emptycheck values in box... Now i would have thought all i needed to do was this if ($value != ''){ but it shows it even when the value is blank

ah yes funny enought i just tried if($er === '') ... thnaks guys!

Ok heres it all <?php ini_set("display_errors", "1"); error_reporting(E_ALL); $name = $_POST ['name']; $email=$_POST ['email']; $venue=$_POST ['venue']; $event=$_POST ['event']; $date=$_POST ['date']; $er = ''; if (!$_FILES['file']["name"]== '') { if ((($_FILES["file"]["type"] == "application/msword")) && ($_FILES["file"]["size"] < 500000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; //echo "Type: " . $_FILES["file"]["type"] . "<br />"; // echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; // echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("entrys/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "entrys/" . $_FILES["file"]["name"]); echo "Stored in: " . "entrys/" . $_FILES["file"]["type"]; } } } else { echo "Please upload word documents only!"; } } //print_r($_REQUEST['form']); ?> <div id="countrydivcontainer" style="border:1px solid gray; width:800px; margin-bottom: 1em; padding: 10px"> <? if(isset($_POST['_submit_check'])) { foreach($_POST as $field => $value) { if (($field != 'submit') && ((!$value) || (trim($value) == ''))) { $er .= "$field cannot be empty. <br>"; $warnings[$field] ="required"; } } if (!$_POST["name"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["name"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>Name can only contain letters</label>"; } if (!$_POST["venue"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["venue"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>please only user words</label>"; } if (!$_POST["event"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["event"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>please only user words</label>"; } $regexp="/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i"; if (!$_POST["email"] || !preg_match($regexp, $_POST["email"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>please enter your correct email address</label>"; $count = count($er); } if($count === 0) { if(array_key_exists('_submit_check', $_POST)) { echo 'update'; //$update = "INSERT into results SET name='$name', venue= '$venue', date = '$date'"; //define the receiver of the email $to = 'jarratt@.com'; //define the subject of the email $subject = 'New event added on kuhac'; //define the message to be sent. Each line should be separated with \n $message = "Hello Jarratt!\n\nA new event has been added. The event is ".$event; //define the headers we want passed. Note that they are separated with \r\n $headers = "From: kuhac@kuh.com\r\nReply-To: kuhac@kuh.com"; //send the email $mail_sent = @mail( $to, $subject, $message, $headers ); $result = mysql_query($update); // Check result // This shows the actual query sent to MySQL, and the error. Useful for debugging. if (!$result) { $er = 'Invalid query: ' . mysql_error() . "\n"; $er .= 'Whole query: ' . $query; die($er); }} echo ' <p class="error">' . $message . '</p>' . "\n"; } if($er){?> <div class="errors"> <p align="center"><em>Oops... the following errors were encountered:</em></p> <div align="center"><?php echo $er; ?> </div> <p align="center"> </p> <p align="center">Data has <strong>not</strong> been saved.</p> </div> <p> <?php } } ?> The use of code is to assure correct data is issued into the db thats all...if u could suggest a better way of doing it im open

Ah yes that seemed to work if (!$_POST["name"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["name"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>Name can only contain letters</label>"; } if (!$_POST["venue"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["venue"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>please only user words</label>"; } if (!$_POST["event"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["event"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>please only user words</label>"; } $regexp="/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i"; if (!$_POST["email"] || !preg_match($regexp, $_POST["email"])) { $er .= " <label for=\"uname\" class=\"error\"><em>*</em>please enter your correct email address</label>"; $count = count($er); } if($count === 0) with the above code it now displays Undefined variable: count would this not be the way to see if there are no errors

Ok that worked but now if i leave a field blank i get an error on with this <?php foreach($_POST as $field => $value) { if (($field != 'submit') && ((!$value) || (trim($value) == ''))) { $err .= "$field cannot be empty. <br>"; $warnings[$field] ="required"; ?> $err .= "$field cannot be empty. <br>"; -- Undefined variable: err @iversonm --- allready got that

i chnage dit to $er and still get the same result

for some reason during my validation check i get Undefined variable although it was set within the script. Below is the script itself <?php ini_set("display_errors", "1"); error_reporting(E_ALL); $name = $_POST ['name']; $email=$_POST ['email']; $venue=$_POST ['venue']; $event=$_POST ['event']; $date=$_POST ['date']; if (!$_FILES['file']["name"]== '') { if ((($_FILES["file"]["type"] == "application/msword")) && ($_FILES["file"]["size"] < 500000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; //echo "Type: " . $_FILES["file"]["type"] . "<br />"; // echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; // echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("entrys/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "entrys/" . $_FILES["file"]["name"]); echo "Stored in: " . "entrys/" . $_FILES["file"]["type"]; } } } else { echo "Please upload word documents only!"; } } //print_r($_REQUEST['form']); ?> <div id="countrydivcontainer" style="border:1px solid gray; width:800px; margin-bottom: 1em; padding: 10px"> <? php if(isset($_POST['_submit_check'])) { foreach($_POST as $field => $value) { if (($field != 'submit') && ((!$value) || (trim($value) == ''))) { $err .= "$field cannot be empty. <br>"; $warnings[$field] ="required"; } } if (!$_POST["name"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["name"])) { $warnings["name"] = " <label for=\"uname\" class=\"error\"><em>*</em>Name can only contain letters</label>"; } if (!$_POST["venue"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["venue"])) { $warnings["venue"] = " <label for=\"uname\" class=\"error\"><em>*</em>please only user words</label>"; } if (!$_POST["event"] || !preg_match("/^[a-zA-Z ]+$/", $_POST["event"])) { $warnings["event"] = " <label for=\"uname\" class=\"error\"><em>*</em>please only user words</label>"; } $regexp="/^[a-z0-9]+([_\\.-][a-z0-9]+)*@([a-z0-9]+([\.-][a-z0-9]+)*)+\\.[a-z]{2,}$/i"; if (!$_POST["email"] || !preg_match($regexp, $_POST["email"])) { $warnings["email"] = " <label for=\"uname\" class=\"error\"><em>*</em>please enter your correct email address</label>"; $count = count($warnings); } if($count === 0) { if(array_key_exists('_submit_check', $_POST)) { $update = "UPDATE profile SET dob='$dob', club= '$club', first_name = '$first_name', gender = '$gender', last_name = '$last_name' WHERE ID='$id' "; $result = mysql_query($update); // Check result // This shows the actual query sent to MySQL, and the error. Useful for debugging. if (!$result) { $er = 'Invalid query: ' . mysql_error() . "\n"; $er .= 'Whole query: ' . $query; die($er); }} echo ' <p class="error">' . $message . '</p>' . "\n"; } if ($err){?> <div class="errors"> <p align="center"><em>Oops... the following errors were encountered:</em></p> <div align="center"><?php echo $err; ?> </div> <p align="center"> </p> <p align="center">Data has <strong>not</strong> been saved.</p> </div> <p> <?php } } ?> if ($err){?> -- this is the erro in question

Ok i just thought when i was typing it i answered me own question but would this be ok if (!$_FILES['file']["name"]== '')

I tried that with if (isset($_FILES['file'])) { if ((($_FILES["file"]["type"] == "application/msword")) && ($_FILES["file"]["size"] < 500000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; //echo "Type: " . $_FILES["file"]["type"] . "<br />"; // echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; // echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("entrys/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "entrys/" . $_FILES["file"]["name"]); echo "Stored in: " . "entrys/" . $_FILES["file"]["type"]; } } } else { echo "Invalid file".$_FILES["file"]["name"]; } } but i still get invalied file... wont it prosses it due to it being within the form even if it has nothing in it...i would have thought u had to see if it was blank and if so dont do it

ok so i have my form and in it you can add a entry form via an upload. The thing is its just an option so when i run my script <?php ini_set("display_errors", "1"); error_reporting(E_ALL); if ((($_FILES["file"]["type"] == "application/msword")) && ($_FILES["file"]["size"] < 500000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; //echo "Type: " . $_FILES["file"]["type"] . "<br />"; // echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; // echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("entrys/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "entrys/" . $_FILES["file"]["name"]); echo "Stored in: " . "entrys/" . $_FILES["file"]["type"]; } } } else { echo "Invalid file".$_FILES["file"]["name"]; } //print_r($_REQUEST['form']); ?> to obvius im going to get echo "Invalid file".$_FILES["file"]["name"];. Is there away to check if there is any information within the <div><label>File:</label> <input type="file" name="file" /></div> and if not dont run the file script? Just to add i want everything to work off this script so adding names ect so form looks like this <form action="/include/addfixture.php" method="post" onsubmit="return AIM.submit(this, {'onStart' : startCallback, 'onComplete' : completeCallback})"enctype="multipart/form-data"> <div><label>Name:</label> <input type="text" name="name" /></div> <div><label>File:</label> <input type="file" name="file" /></div> <div><label>Email:</label> <input type="text" name="email" /></div> <div><label>Event:</label> <input type="text" name="event" /></div> <div><label>Venue:</label> <input type="text" name="venue" /></div> <div><input type="submit" name="form"value="SUBMIT" /></div>

ok im getting Undefined index on this line.. print_r($_REQUEST['form']); below is the full script its form <?php ini_set("display_errors", "1"); error_reporting(E_ALL); echo "<pre>"; echo "POST:"; print_r($_POST); echo "FILES:"; print_r($_FILES); echo "</pre>"; if ((($_FILES["file"]["type"] == "application/msword")) && ($_FILES["file"]["size"] < 500000)) { if ($_FILES["file"]["error"] > 0) { echo "Return Code: " . $_FILES["file"]["error"] . "<br />"; } else { echo "Upload: " . $_FILES["file"]["name"] . "<br />"; echo "Type: " . $_FILES["file"]["type"] . "<br />"; echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; echo "Temp file: " . $_FILES["file"]["tmp_name"] . "<br />"; if (file_exists("entrys/" . $_FILES["file"]["name"])) { echo $_FILES["file"]["name"] . " already exists. "; } else { move_uploaded_file($_FILES["file"]["tmp_name"], "entrys/" . $_FILES["file"]["name"]); echo "Stored in: " . "entrys/" . $_FILES["file"]["type"]; } } } else { echo "Invalid file".$_FILES["file"]; } print_r($_REQUEST['form']); ?> and here is my form why is it displaying this error?? <form action="/include/addfixture.php" method="post" onsubmit="return AIM.submit(this, {'onStart' : startCallback, 'onComplete' : completeCallback})"enctype="multipart/form-data"> <div><label>Name:</label> <input type="text" name="name" /></div> <div><label>File:</label> <input type="file" name="file" /></div> <div><input type="submit" name="form"value="SUBMIT" /></div> </form>

Hd a few more errors but i managed to sort them. Thank-you for helping me out! I have learnt that i sholdnt look so deeply into the errors , when these where small lazy mistakes!

bmp