KevinM1

OH, okay. Nice. Thanks!

Yeah, I figured as much. It's unfortunate, as I was hoping to use the post method rather than get, but oh well.

True, but I was thinking more along the lines of: <?php if(isset($_POST['submit1'])){ //use <form action='$_SERVER['PHP_SELF']'> } else if(isset($_POST['submit2'])){ //use <form action='formhandler.php'> } ?>

I have a custom registration form which I've integrated into PHP-Fusion. It worked fine until this morning. Now I can't save the info to the database. I'm not getting any errors, MySQL or otherwise, and the stuff that's supposed to happen upon successful submission is happening (the e-mail is sent and I'm redirected to the success page), but nothing is being written to the database. My code: <?php require_once "maincore.php"; require_once "subheader.php"; require_once "side_left.php"; function myEscape($string){ return (get_magic_quotes_gpc) ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string); } if(file_exists(INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php")) { include INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php"; } else { include INFUSIONS."aw_ecal_panel/locale/German.php"; } if(!iMEMBER){ fallback(); } if(isset($_GET['evid'])){ $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id=". $_GET['evid']); $event = dbarray($ev); $ev_id = $event['ev_id']; $user_id = $userdata['user_id']; $ev_title = $event['ev_title']; $ev_start = $event['ev_start']; $ev_end = $event['ev_end']; } $errMessage = NULL; if(isset($_POST['submit'])){ $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id=". $_POST['evid']); $event = dbarray($ev); $ev_id = $event['ev_id']; $user_id = $userdata['user_id']; $ev_title = $event['ev_title']; $ev_start = $event['ev_start']; $ev_end = $event['ev_end']; if(!empty($_POST['regAgent']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regAgent'])){ $regAgent = myEscape($_POST['regAgent']); $ra = TRUE; } else{ $errMessage .= "Please enter your name!<br />\n"; } if(!empty($_POST['agentWritingNum']) && preg_match("/^[0-9a-zA-Z]*$/i", $_POST['agentWritingNum'])){ $agentWritingNum = myEscape($_POST['agentWritingNum']); $awn = TRUE; } else{ $errMessage .= "Please enter your writing number!<br />\n"; } if(!empty($_POST['phoneNum'])){ $phoneNum = $_POST['phoneNum']; if(preg_match("/^[0-9]{3}$/i", $phoneNum[0]) && preg_match("/^[0-9]{3}$/i", $phoneNum[1]) && preg_match("/^[0-9]{4}$/i", $phoneNum[2])){ $areaCode = myEscape($phoneNum[0]); $firstPart = myEscape($phoneNum[1]); $secondPart = myEscape($phoneNum[2]); $phoneText = "$areaCode-$firstPart-$secondPart"; $phone = TRUE; } else{ $errMessage .= "Please enter your correct phone number!<br />\n"; } } else{ $errMessage .= "Please enter your phone number!<br />\n"; } if(!empty($_POST['emailAddress']) && preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/i", $_POST['emailAddress'])){ $email = myEscape($_POST['emailAddress']); $e = TRUE; } else{ $errMessage .= "Please enter your e-mail address!<br />\n"; } if(!empty($_POST['regionalSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regionalSales'])){ $regSales = myEscape($_POST['regionalSales']); $rs = TRUE; } else{ $errMessage .= "Please enter the name of your regional sales coordinator!<br />\n"; } if(!empty($_POST['districtSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['districtSales'])){ $disSales = myEscape($_POST['districtSales']); $ds = TRUE; } else{ $errMessage .= "Please enter the name of your district sales coordinator!<br />\n"; } if($ra && $awn && $phone && $email && $rs && $ds){ //start the big process of updating tables and e-mailing results $timestamp = strtotime("now"); $aflacCheck = "SELECT * FROM ".DB_PREFIX."aflac WHERE ev_id='".$ev_id."' AND user_id='".$user_id."'"; $aflacCheckResult = dbquery($aflacCheck); if($aflacCheckResult){ $aflacQuery = "UPDATE ".DB_PREFIX."aflac SET registering_agent='".$regAgent."', agent_writing_number='".$agentWritingNum."', phone='".$phoneText."', email='".$email."', regional_sales_coordinator='".$regSales."', district_sales_coordinator='".$disSales."', ev_title='".$ev_title."', ev_start='".$ev_start."', ev_end='".$ev_end."', login_timestamp='".$timestamp."', login_status='1' WHERE ev_id='".$ev_id."' AND user_id='".$user_id."'"; $aflacResult = dbquery($aflacQuery); } else{ $aflacQuery = "INSERT INTO ".DB_PREFIX."aflac (registering_agent, agent_writing_number, phone, email, regional_sales_coordinator, district_sales_coordinator, ev_id, user_id, ev_title, ev_start, ev_end, login_timestamp, login_status) VALUES ('". $regAgent ."', '". $agentWritingNum ."', '". $phoneText ."', '". $email ."', '". $regSales ."', '". $disSales ."', '". $ev_id ."', '". $user_id ."', '". $ev_title ."', '". $ev_start ."', '". $ev_end ."', '". $timestamp ."', '1')"; $aflacResult = dbquery($aflacQuery); } $eventQuery = "UPDATE ".DB_PREFIX."aw_ec_events SET ev_allow_logins='1' WHERE ev_id='".$ev_id."'"; $eventResult = dbquery($eventQuery); $loginsCheck = "SELECT * FROM ".DB_PREFIX."aw_ec_logins WHERE ev_id='".$ev_id."' AND user_id='".$user_id."'"; $loginsCheckResult = dbquery($loginsCheck); if($loginsCheckResult){ $loginsQuery = "UPDATE ".DB_PREFIX."aw_ec_logins SET login_comment='Definitely Agreed', login_status='1', login_timestamp='".$timestamp."' WHERE ev_id='".$ev_id."' AND user_id='".$user_id."'"; $loginsResult = dbquery($loginsQuery); } else{ $loginsQuery = "INSERT INTO ".DB_PREFIX."aw_ec_logins (ev_id, user_id, login_comment, login_status, login_timestamp) VALUES ('". $ev_id ."', '". $user_id ."', 'Definitely Agreed', '1', '". $timestamp ."')"; $loginsResult = dbquery($loginsQuery); } if($aflacResult && $eventResult && $loginsResult){ $eventTimestamp = strtotime($ev_start); $eventDate = date("m-d-Y h:i:s T", $eventTimestamp); $userName = $userdata['user_name']; $to = "rebecca_dunkle@us.aflac.com"; $subject = "Event Registration ($ev_title)"; $mailMessage = "<html>\n<head>\n<title>Event Registration Information</title>\n</head>\n\n<body>"; $mailMessage .= "Below is the registration information:<br />\n<br />\n"; $mailMessage .= "Event Name: $ev_title<br />\nEvent Date: $eventDate<br />\nRegistering Agent: $regAgent<br />\nUser Name: $userName<br />\n"; $mailMessage .= "Agent Writing Number: $agentWritingNum<br />\nPhone Number: $phoneText<br />\n"; $mailMessage .= "E-mail Address: $email<br />\nRegional Sales Coordinator: $regSales<br />\n"; $mailMessage .= "District Sales Coordinator: $disSales<br />\n</body>\n</html>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail($to, $subject, $mailMessage, $headers); header("Location: success.php?user=$userName&event=$ev_title"); } else{ echo "<br />Something went wrong with the insert!<br /><br />\n\n"; } } else{ echo "<div style='color: red;'>$errMessage</div><br />"; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Registration Form</title> <link rel="stylesheet" type="text/css" href="formstyles.css"> </head> <body style="text-align: center;"> <div style="width: 400px; margin: 0 auto;"> Registration Form<br /><br /> <form action="<?php echo $_SERVER['PHP_SELF']; ?>?evid=<?php echo $ev_id; ?>" method="post"> <fieldset class="narrow"><legend>Please input your information</legend> <p><label for="regAgent">Registering Agent:</label><input type="text" name="regAgent" value="<?php if(isset($_POST['regAgent'])){echo $_POST['regAgent'];} ?>" /></p> <p><label for="agentWritingNum">Agent Writing Number:</label><input type="text" name="agentWritingNum" value="<?php if(isset($_POST['agentWritingNum'])){echo $_POST['agentWritingNum'];} ?>" /></p> <p><label for="phoneNum">Phone Number:</label>(<input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][0];} ?>" />) - <input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][1];} ?>" /> - <input type="text" name="phoneNum[]" size="4" maxlength="4" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][2];} ?>" /></p> <p><label for="emailAddress">E-mail Address:</label><input type="text" name="emailAddress" value="<?php if(isset($_POST['emailAddress'])){echo $_POST['emailAddress'];} ?>" /></p> <p><label for="regionalSales">Regional Sales Coordinator:</label><input type="text" name="regionalSales" value="<?php if(isset($_POST['regionalSales'])){echo $_POST['regionalSales'];} ?>" /></p> <p><label for="districtSales">District Sales Coordinator:</label><input type="text" name="districtSales" value="<?php if(isset($_POST['districtSales'])){echo $_POST['districtSales'];} ?>" /></p> </fieldset> <input type="hidden" name="evid" value="<?php echo $ev_id; ?>" /> <p><input type="submit" name="submit" value="Submit" /></p> </form> </div> </body> </html> <?php require_once "side_right.php"; require_once "footer.php"; ?> Any ideas?

Without using JavaScript, is it possible to have a form with two actions? I'm thinking no, but would like confirmation.

Ah, thanks!

I have a form which uses selection options as values to pass to the script which handles the data. Unfortunately, it looks like that second script isn't recognizing that an option is highlighted/selected in the first script at all. It's a setup that works like this: Form script: <?php echo "<form method='post' action='handler.php'>\n"; echo "<select>\n"; echo "<option name='all' value='*'>All</option>\n"; echo "<option name='1' value='1'>1</option>\n"; . . . echo "<option name='nth' value='nth'>nth</option></select></form>"; ?> handler.php: <?php if(isset($_POST['all'])){ //process stuff } ?> Obviously, this example is a bit simpler than what I'm doing, but it does accurately describe what I'm trying to attempt. Unfortunately, like I said above, it looks like my handler script isn't recognizing that whatever option I select is set (in other words, it looks like isset is failing). Any ideas? I will show the real code if necessary.

It looks like that should work, although I recommend putting your if-statement in one spot for readablity and easier maintenance. I typically make my own escape function to do that, something like: <?php function myEscape($string){ return (get_magic_quotes_gpc) ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string); } foreach($_GET as $key => $value){ $_GET[$key] = myEscape($value); } foreach($_POST as $key => $value){ $_POST[$key] = myEscape($value); } ?> Given your concerns about SQL attacks, how are you validating your data beyond escaping it?

True, putting 'Event Name' in each option is redundant. For my project, I was planning to highlight user names which are taken from the database as each option is created. Guess that's not possible. Thanks for answering.

The above creates something like the following, correct? hahahaha hahahaha hahahaha That's not what I'm looking for. Instead, I want something like: Event Name: Some event Event Name: Another event Event Name: Third event

Apparently this is the problem.

Is it possible to format <option> tags with CSS? I'd like to have a part of the text within each of my option elements bold. Trying a <span> in a PHP echo statement hasn't worked. Along the same lines, is there any way for me to include tabs in an option element to help facilitate even spacing of the text within them? Using \t in a PHP echo statement didn't work. Thanks!

I really need help with this, so here's a recap of what's going on. I've made a custom registration script for a PHP-Fusion site. This form acts in conjunction with a 3rd party event calendar addon. It's a pretty straightforward sticky form. Upon successful submission of this form, the data is saved to the database, an e-mail is sent to the site administrator, and the user is redirected to a success page telling them that they've been successfully registered for that particular event. My problem is with the success page. The header call which redirects the user to that page passes the username and event title to it via GET (so something like header("Location: http://www.nightslyr.com/success.php?user=admin&ev_title=Some%20Event")). This works in most cases, but fails when the event title contains parentheses. Hyphens and spaces both work. I've tried, at the suggestion of Thorpe, using urlencode(). That didn't work. Neither did using it in conjunction with htmlentities(). Rawurlencode() - both with and without htmlentities() - fails, too. No matter what I try, I get the same barebones and blank HTML page. Again, this only happens when I use parentheses in an event title. All other tests without parentheses, to this point, work fine. Below is the code in question: edit_event.php - this is the script that creates/edits a calendar event. It came from a 3rd party, but I modified some of it (namely, I added the 'is_reference_date' bits and the myEscape() function): <?php /*************************************************************************** * awEventCalendar * * * * Copyright (C) 2006-2007 Artur Wiebe * * wibix@gmx.de * * * * This program is free software; you can redistribute it and/or modify * * it under the terms of the GNU General Public License as published by * * the Free Software Foundation; either version 2 of the License, or * * (at your option) any later version. * ***************************************************************************/ require_once("../../maincore.php"); require_once(BASEDIR."subheader.php"); require_once(BASEDIR."side_left.php"); function myEscape($string){ return get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string); } if(!iMEMBER) { fallback("calendar.php"); } require_once("include/common.php5"); if(!iEC_ADMIN && !ec_check_access($ec_settings['post_group'])) { fallback("calendar.php"); } if(isset($_GET['id']) && isNum($_GET['id'])) { $id = $_GET['id']; } else { unset($id); } if(iEC_ADMIN) { $user_access = ""; } else { $user_access = "AND user_id='".$userdata['user_id']."'"; } $title = ""; $access = 0; $body = ""; $disable_smilies = 1; $ev_start = getdate(time()); // $allow_logins = 0; $max_logins = 0; $login_access = 101; // $ev_repeat = 0; $is_private = 0; $errors = 0; if(isset($_GET['errno']) && isNum($_GET['errno'])) { $errno = $_GET['errno']; } else { unset($errno); } /* * ACTION */ if(isset($_POST['save'])) { $title = myEscape($_POST['title']); $body = myEscape($_POST['desc']); if(empty($title) || empty($body)) { $errors++; } $access = $_POST['access']+0; $disable_smilies = (isset($_POST['disable_smileys']) ? "1" : "0"); $ev_start = array( "year" => $_POST['start_year']+0, "mon" => $_POST['start_month']+0, "mday" => $_POST['start_mday']+0, "hours" => $_POST['start_hours']+0, "minutes" => $_POST['start_mins']+0, ); $start = $ev_start['year']."-".$ev_start['mon'] ."-".$ev_start['mday'] ." ".$ev_start['hours'].":".$ev_start['minutes'].":00"; $end = $start; // "0000-00-00 00:00:00"; // FIXME $allow_logins = (isset($_POST['allow_logins']) ? "1" : "0"); $max_logins = $_POST['max_logins']+0; $login_access = $_POST['login_access']+0; if(!$login_access || !ec_check_access($login_access)) { $login_access = 101; } $ev_repeat = $_POST['repeat']+0; $is_private = (isset($_POST['is_private']) ? "1" : "0"); $is_reference_date = (isset($_POST['is_reference_date']) ? "y" : "n"); /* Kevin Line */ $now = time(); if($is_private || iEC_ADMIN) { $status = "0"; } else { $status = ($ec_settings['need_admin_ok'] ? "1" : "0"); } if($is_private) { if($allow_logins) { $allow_logins = "0"; $max_logins = "0"; $login_access = "101"; $errno = EC_ELOGIN; } if($access) { $access = "0"; $errno = EC_EACCESS; } } if($errors==0) { if(!isset($id)) { $query_id = dbquery("INSERT INTO ".DB_PREFIX."aw_ec_events" ." SET" ." user_id='".$userdata['user_id']."'," ." ev_timestamp='$now'," ." ev_body=''"); $id = mysql_insert_id(); } $ok = dbquery("UPDATE ".DB_PREFIX."aw_ec_events" ." SET" ." ev_title='$title', ev_body='$body'," ." ev_start='$start'," ." ev_end='$end'," ." ev_repeat='$ev_repeat'," ." ev_private='$is_private'," ." ev_status='$status'," ." ev_no_smileys='$disable_smilies'," ." ev_allow_logins='$allow_logins'," ." ev_max_logins='$max_logins'," ." ev_access='$access'," ." ev_login_access='$login_access'," ." is_reference_date='$is_reference_date'" /* Kevin Line */ ." WHERE ev_id='$id' $user_access"); if(!$ok) { $errno = EC_EDB; } if(!isset($errno)) { fallback("edit_event.php?id=$id&errno=0"); } } } elseif(isset($_GET['del']) && isset($id)) { $ok = dbquery("DELETE FROM ".DB_PREFIX."aw_ec_events" ." WHERE ev_id='$id' $user_access"); if($ok) { $ok = dbquery("DELETE FROM ".DB_PREFIX."aw_ec_logins" ." WHERE ev_id='$id'"); } if($ok) { if(isset($_GET['back_to'])) { fallback("new_events.php"); } else { fallback("calendar.php"); } } } elseif(isset($_GET['status']) && isset($id) && isset($_GET['time']) && isNum($_GET['time']) && iEC_ADMIN) { $ok = dbquery("UPDATE ".DB_PREFIX."aw_ec_events" ." SET ev_status=MOD(ev_status+1, 2)" ." WHERE ev_id='$id' AND ev_timestamp='".$_GET['time']."'"); if($ok) { if(isset($_GET['back_to'])) { fallback("new_events.php"); } else { fallback("edit_event.php?id=$id"); } } } /* * GET */ if(isset($id)) { $query_id = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events" ." WHERE ev_id='$id' $user_access"); if(!dbrows($query_id)) { fallback("calendar.php"); } $event = dbarray($query_id); $title = $event['ev_title']; $body = $event['ev_body']; $ev_repeat = $event['ev_repeat']; $is_private = $event['ev_private']; $is_reference_date = (($event['is_reference_date'] == 'y') ? 1 : 0); /* Kevin Line */ $allow_logins = $event['ev_allow_logins']; $max_logins = $event['ev_max_logins']; $disable_smilies = $event['ev_no_smileys']; $access = $event['ev_access']; // $ev_start = array( "year" => substr($event['ev_start'], 0, 4), "mon" => substr($event['ev_start'], 5, 2), "mday" => substr($event['ev_start'], 8, 2), "hours" => substr($event['ev_start'], 11, 2), "minutes" => substr($event['ev_start'], 14, 2), ); $end = $ev_start; // $login_access = $event['ev_login_access']; } else { $event = array( "ev_status" => "0", ); } function ec_make_select($date, $fname) { global $locale; $date['mday'] = str_pad($date['mday'], 2, "0", STR_PAD_LEFT); $date['mon'] = str_pad($date['mon'], 2, "0", STR_PAD_LEFT); $date['hours'] = str_pad($date['hours'], 2, "0", STR_PAD_LEFT); $date['minutes'] = str_pad($date['minutes'], 2, "0", STR_PAD_LEFT); $sel_day = ""; $sel_month = ""; $sel_mins = ""; $sel_hours = ""; // day for($i=1; $i<=31; ++$i) { $sel_day .= "<option value='$i'" .($i==$date['mday'] ? " selected" : "").">" .$i."</option>\n"; } // month for($i=1; $i<=12; ++$i) { $sel_month .= "<option value='$i'" .($i==$date['mon'] ? " selected" : "").">" .$locale['EC900'][$i]."</option>\n"; } // hours for($i=0; $i<=23; ++$i) { $sel_hours .= "<option value='$i'" .($i==$date['hours'] ? " selected" : "").">" .$i."</option>\n"; } // mins for($i=0; $i<=59; ++$i) { $sel_mins .= "<option value='$i'" .($i==$date['minutes'] ? " selected" : "").">" .$i."</option>\n"; } return "<select class='textbox' name='${fname}_mday'>" .$sel_day."</select>" .".<select class='textbox' name='${fname}_month'>" .$sel_month."</select>" .".<input type='text' class='textbox' name='${fname}_year'" ." value='".$date['year']."' size='5' maxlength='4'>" ." / " ." <select class='textbox' name='${fname}_hours'>" .$sel_hours."</select>" .":<select class='textbox' name='${fname}_mins'>" .$sel_mins."</select>\n"; } function ec_get_timestamp($fname) { return mktime($_POST[$fname."_hours"], $_POST[$fname."_mins"], 0, $_POST[$fname."_month"], $_POST[$fname."_mday"], $_POST[$fname."_year"]); } /* * GUI */ $sel_access = ""; $sel_login_access = ""; $fusion_groups = getusergroups(); foreach($fusion_groups as $group) { list($gid, $gname) = $group; if(!ec_check_access($gid)) { continue; } $sel_access .= "<option value='$gid'" .($gid==$access ? " selected" : "").">" .$gname."</option>\n"; if(!$gid) { continue; } $sel_login_access .= "<option value='$gid'" .($gid==$login_access ? " selected" : "").">" .$gname."</option>\n"; } $sel_repeat = ""; foreach($locale['EC125'] as $rep => $text) { $sel_repeat .= "<option value='$rep'" .($ev_repeat==$rep ? " selected" : "").">" ."$text</option>\n"; } /* * GUI - <input type='button' value='".EC_BREAK."' class='button' onClick=\"insertText('comment_message', '".EC_BREAK."');\">\n"; */ opentable(isset($id) ? $locale['EC101'] : $locale['EC100']); echo ec_get_menu(); $action = FUSION_SELF; if(isset($id)) { $action .= "?id=$id"; echo "<div align='right'><a href='view_event.php?id=$id'>" .$locale['EC102']."</a>\n"; if(iADMIN) { echo " | <a href='$action&status=1'>".($event['ev_status'] ? $locale['EC306'] : $locale['EC307']) ."</a>\n"; } echo "</div>\n"; } if($errors) { echo "<p><div style='text-align:center;'><strong>" .$locale['EC119']."</strong></div></p>\n"; } if(isset($errno) && isset($locale['EC113'][$errno])) { echo "<p><div style='text-align:center;'><strong>" .$locale['EC113'][$errno]."</strong></div></p>\n"; } if($event['ev_status']) { $status = "<tr> <td class='forum-caption' height='50' colspan='2' align='center' valign='center'>" .$locale['EC113'][EC_ESTATUS]."</td> </tr>\n"; } else { $status = ""; } echo "<p><span class='small2'>".$locale['EC118']."</span> <form action='$action' method='post' name='inputform'> <table width='100%' class='tbl-border' cellspacing='1'> $status <tr> <td class='tbl2' width='150'>".$locale['EC103'].": *</td> <td class='tbl1'><input value='$title' type='text'" ." name='title' class='textbox' style='width:100%;'></td> </tr> <tr> <td class='tbl2'>".$locale['EC116'].":</td> <td class='tbl1'><select class='textbox' name='access'>" ."$sel_access</select></td> </tr> <tr> <td class='tbl2' valign='top'>".$locale['EC104'].": *</td> <td class='tbl1'><textarea name='desc' rows='8'" ." class='textbox' style='width:100%;'>".$body ."</textarea><br>" .ec_get_bb_smileys("desc", true, $disable_smilies)."</td> </tr> <tr> <td class='tbl2'>".$locale['EC105'].":</td> <td class='tbl1'>".ec_make_select($ev_start, "start") ."<br><span class='small2'>".$locale['EC120']."</span></td> </tr> <!-- logins --> <tr> <td class='forum-caption' colspan='2'><input type='checkbox'" ." name='allow_logins'".($allow_logins ? " checked" : "") ."> ".$locale['EC109']."</td> </tr> <tr> <td class='tbl2'>".$locale['EC110'].":</td> <td class='tbl1'><input type='text' class='textbox' name='max_logins'" ." value='$max_logins' size='5' maxlength='5'>" ." <span class='small2'>".$locale['EC110_1']."</span></td> </tr> <tr> <td class='tbl2'>".$locale['EC116'].":</td> <td class='tbl2'><select name='login_access' class='textbox'>$sel_login_access</select></td> </tr> <!-- misc --> <tr> <td class='forum-caption' colspan='2'>".$locale['EC122']."</td> </tr> <tr> <td class='tbl2'>".$locale['EC107'].":</td> <td class='tbl1'><select class='textbox' name='repeat'>" ."$sel_repeat</select></td> </tr> <tr> <td class='tbl2' valign='top'>".$locale['EC106'].":</td> <td class='tbl1'><input type='checkbox' name='is_private'" .($is_private ? " checked" : "")." />".$locale['EC108']."<br /> <input type='checkbox' name='is_reference_date'".($is_reference_date ? " checked" : "")." />Is reference event</td> <!-- Kevin Line --> </tr> <tr> <td class='tbl2' colspan='2' align='center'>" ."<input type='submit' name='save' class='button'" ." value='".$locale['EC111']."'></td> </tr> </table> </form>"; closetable(); require_once(BASEDIR."side_right.php"); require_once(BASEDIR."footer.php"); ?> registration.php - my custom registration script: <?php require_once "maincore.php"; require_once "subheader.php"; require_once "side_left.php"; function myEscape($string){ return get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string); } if(file_exists(INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php")) { include INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php"; } else { include INFUSIONS."aw_ecal_panel/locale/German.php"; } if(!iMEMBER){ fallback(); } if(isset($_GET['evid'])){ $ev_id = myEscape($_GET['evid']); $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id='$ev_id'"); $event = dbarray($ev); $ev_id = $event['ev_id']; $user_id = $userdata['user_id']; $ev_title = $event['ev_title']; $ev_start = $event['ev_start']; $ev_end = $event['ev_end']; } $errMessage = NULL; if(isset($_POST['submit'])){ $ev_id = myEscape($_POST['evid']); $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id='$ev_id'"); $event = dbarray($ev); $ev_id = $event['ev_id']; $user_id = $userdata['user_id']; $ev_title = $event['ev_title']; $ev_start = $event['ev_start']; $ev_end = $event['ev_end']; if(!empty($_POST['regAgent']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regAgent'])){ $regAgent = myEscape($_POST['regAgent']); $ra = TRUE; } else{ $errMessage .= "Please enter your name!<br />\n"; } if(!empty($_POST['agentWritingNum']) && preg_match("/^[0-9a-zA-Z]*$/i", $_POST['agentWritingNum'])){ $agentWritingNum = myEscape($_POST['agentWritingNum']); $awn = TRUE; } else{ $errMessage .= "Please enter your writing number!<br />\n"; } if(!empty($_POST['phoneNum'])){ $phoneNum = $_POST['phoneNum']; if(preg_match("/^[0-9]{3}$/i", $phoneNum[0]) && preg_match("/^[0-9]{3}$/i", $phoneNum[1]) && preg_match("/^[0-9]{4}$/i", $phoneNum[2])){ $areaCode = myEscape($phoneNum[0]); $firstPart = myEscape($phoneNum[1]); $secondPart = myEscape($phoneNum[2]); $phoneText = "$areaCode-$firstPart-$secondPart"; $phone = TRUE; } else{ $errMessage .= "Please enter your correct phone number!<br />\n"; } } else{ $errMessage .= "Please enter your phone number!<br />\n"; } if(!empty($_POST['emailAddress']) && preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/i", $_POST['emailAddress'])){ $email = myEscape($_POST['emailAddress']); $e = TRUE; } else{ $errMessage .= "Please enter your e-mail address!<br />\n"; } if(!empty($_POST['regionalSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regionalSales'])){ $regSales = myEscape($_POST['regionalSales']); $rs = TRUE; } else{ $errMessage .= "Please enter the name of your regional sales coordinator!<br />\n"; } if(!empty($_POST['districtSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['districtSales'])){ $disSales = myEscape($_POST['districtSales']); $ds = TRUE; } else{ $errMessage .= "Please enter the name of your district sales coordinator!<br />\n"; } if($ra && $awn && $phone && $email && $rs && $ds){ //start the big process of updating tables and e-mailing results $timestamp = strtotime("now"); $aflacQuery = "INSERT INTO ".DB_PREFIX."aflac (registering_agent, agent_writing_number, phone, email, regional_sales_coordinator, district_sales_coordinator, ev_id, user_id, ev_title, ev_start, ev_end, login_timestamp, login_status) VALUES ('". $regAgent ."', '". $agentWritingNum ."', '". $phoneText ."', '". $email ."', '". $regSales ."', '". $disSales ."', '". $ev_id ."', '". $user_id ."', '". $ev_title ."', '". $ev_start ."', '". $ev_end ."', '". $timestamp ."', '1')"; $aflacResult = dbquery($aflacQuery); $eventQuery = "UPDATE ".DB_PREFIX."aw_ec_events SET ev_allow_logins='1' WHERE ev_id='".$ev_id."'"; $eventResult = dbquery($eventQuery); $loginsQuery = "INSERT INTO ".DB_PREFIX."aw_ec_logins (ev_id, user_id, login_comment, login_status, login_timestamp) VALUES ('". $ev_id ."', '". $user_id ."', 'Definitely Agreed', '1', '". $timestamp ."')"; $loginsResult = dbquery($loginsQuery); if($aflacResult && $eventResult && $loginsResult){ $eventTimestamp = strtotime($ev_start); $eventDate = date("m-d-Y h:i:s T", $eventTimestamp); $userName = $userdata['user_name']; $to = "kevinmajor1@gmail.com"; $subject = "Event Registration ($ev_title)"; $mailMessage = "<html>\n<head>\n<title>Event Registration Information</title>\n</head>\n\n<body>"; $mailMessage .= "Below is the registration information:<br />\n<br />\n"; $mailMessage .= "Event Name: $ev_title<br />\nEvent Date: $eventDate<br />\nRegistering Agent: $regAgent<br />\nUser Name: $userName<br />\n"; $mailMessage .= "Agent Writing Number: $agentWritingNum<br />\nPhone Number: $phoneText<br />\n"; $mailMessage .= "E-mail Address: $email<br />\nRegional Sales Coordinator: $regSales<br />\n"; $mailMessage .= "District Sales Coordinator: $disSales<br />\n</body>\n</html>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail($to, $subject, $mailMessage, $headers); $userName = htmlentities(rawurlencode($userName)); $ev_title = htmlentities(rawurlencode($ev_title)); header("Location: success.php?user=$userName&event=$ev_title"); } else{ echo "<br />Something went wrong with the insert!<br /><br />\n\n"; } } else{ echo "<div style='color: red;'>$errMessage</div><br />"; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Registration Form</title> <link rel="stylesheet" type="text/css" href="formstyles.css"> </head> <body style="text-align: center;"> <div style="width: 400px; margin: 0 auto;"> Registration Form<br /><br /> <form action="<?php echo $_SERVER['PHP_SELF']; ?>?evid=<?php echo $ev_id; ?>" method="post"> <fieldset class="narrow"><legend>Please input your information</legend> <p><label for="regAgent">Registering Agent:</label><input type="text" name="regAgent" value="<?php if(isset($_POST['regAgent'])){echo $_POST['regAgent'];} ?>" /></p> <p><label for="agentWritingNum">Agent Writing Number:</label><input type="text" name="agentWritingNum" value="<?php if(isset($_POST['agentWritingNum'])){echo $_POST['agentWritingNum'];} ?>" /></p> <p><label for="phoneNum">Phone Number:</label>(<input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][0];} ?>" />) - <input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][1];} ?>" /> - <input type="text" name="phoneNum[]" size="4" maxlength="4" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][2];} ?>" /></p> <p><label for="emailAddress">E-mail Address:</label><input type="text" name="emailAddress" value="<?php if(isset($_POST['emailAddress'])){echo $_POST['emailAddress'];} ?>" /></p> <p><label for="regionalSales">Regional Sales Coordinator:</label><input type="text" name="regionalSales" value="<?php if(isset($_POST['regionalSales'])){echo $_POST['regionalSales'];} ?>" /></p> <p><label for="districtSales">District Sales Coordinator:</label><input type="text" name="districtSales" value="<?php if(isset($_POST['districtSales'])){echo $_POST['districtSales'];} ?>" /></p> </fieldset> <input type="hidden" name="evid" value="<?php echo $ev_id; ?>" /> <p><input type="submit" name="submit" value="Submit" /></p> </form> </div> </body> </html> <?php require_once "side_right.php"; require_once "footer.php"; ?> success.php - the script that basically just outputs "Yay, you registered correctly!" <?php require_once "maincore.php"; require_once "subheader.php"; require_once "side_left.php"; if(!iMEMBER){ fallback(); } if(isset($_GET['user'])){ $userName = $_GET['user']; } if(isset($_GET['event'])){ $eventName = $_GET['event']; } $text = "Thank you $userName for registering for the following event:<br />\n"; $text .= "$eventName<br />\n<br />\n<a href='".BASEDIR."/news.php'>Please click here to return home</a>"; echo $text; require_once "side_right.php"; require_once "footer.php"; ?> The resulting HTML of the failed attempts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD> <BODY></BODY></HTML> Any ideas? I'd be especially grateful if someone who played around with PHP-Fusion responded. I'm thinking there may be something in maincore.php (Fusion's engine) that may be conflicting with my scripts. EDIT: I'm not a pro at regular expressions, but could the following code in maincore.php be screwing me up? <?php // Prevent any possible XSS attacks via $_GET. foreach ($_GET as $check_url) { if ((eregi("<[^>]*script*\"?[^>]*>", $check_url)) || (eregi("<[^>]*object*\"?[^>]*>", $check_url)) || (eregi("<[^>]*iframe*\"?[^>]*>", $check_url)) || (eregi("<[^>]*applet*\"?[^>]*>", $check_url)) || (eregi("<[^>]*meta*\"?[^>]*>", $check_url)) || (eregi("<[^>]*style*\"?[^>]*>", $check_url)) || (eregi("<[^>]*form*\"?[^>]*>", $check_url)) || (eregi("\([^>]*\"?[^)]*\)", $check_url)) || (eregi("\"", $check_url))) { die (); } } ?>

I figured I might as well bump this up as I still haven't figured it out.

Unfortunately, success.php is still choking on parentheses. My code: registration.php <?php require_once "maincore.php"; require_once "subheader.php"; require_once "side_left.php"; function myEscape($string){ return get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string); } if(file_exists(INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php")) { include INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php"; } else { include INFUSIONS."aw_ecal_panel/locale/German.php"; } if(!iMEMBER){ fallback(); } if(isset($_GET['evid'])){ $ev_id = myEscape($_GET['evid']); $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id='$ev_id'"); $event = dbarray($ev); $ev_id = $event['ev_id']; $user_id = $userdata['user_id']; $ev_title = $event['ev_title']; $ev_start = $event['ev_start']; $ev_end = $event['ev_end']; } $errMessage = NULL; if(isset($_POST['submit'])){ $ev_id = myEscape($_POST['evid']); $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id='$ev_id'"); $event = dbarray($ev); $ev_id = $event['ev_id']; $user_id = $userdata['user_id']; $ev_title = $event['ev_title']; $ev_start = $event['ev_start']; $ev_end = $event['ev_end']; if(!empty($_POST['regAgent']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regAgent'])){ $regAgent = myEscape($_POST['regAgent']); $ra = TRUE; } else{ $errMessage .= "Please enter your name!<br />\n"; } if(!empty($_POST['agentWritingNum']) && preg_match("/^[0-9a-zA-Z]*$/i", $_POST['agentWritingNum'])){ $agentWritingNum = myEscape($_POST['agentWritingNum']); $awn = TRUE; } else{ $errMessage .= "Please enter your writing number!<br />\n"; } if(!empty($_POST['phoneNum'])){ $phoneNum = $_POST['phoneNum']; if(preg_match("/^[0-9]{3}$/i", $phoneNum[0]) && preg_match("/^[0-9]{3}$/i", $phoneNum[1]) && preg_match("/^[0-9]{4}$/i", $phoneNum[2])){ $areaCode = myEscape($phoneNum[0]); $firstPart = myEscape($phoneNum[1]); $secondPart = myEscape($phoneNum[2]); $phoneText = "$areaCode-$firstPart-$secondPart"; $phone = TRUE; } else{ $errMessage .= "Please enter your correct phone number!<br />\n"; } } else{ $errMessage .= "Please enter your phone number!<br />\n"; } if(!empty($_POST['emailAddress']) && preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/i", $_POST['emailAddress'])){ $email = myEscape($_POST['emailAddress']); $e = TRUE; } else{ $errMessage .= "Please enter your e-mail address!<br />\n"; } if(!empty($_POST['regionalSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regionalSales'])){ $regSales = myEscape($_POST['regionalSales']); $rs = TRUE; } else{ $errMessage .= "Please enter the name of your regional sales coordinator!<br />\n"; } if(!empty($_POST['districtSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['districtSales'])){ $disSales = myEscape($_POST['districtSales']); $ds = TRUE; } else{ $errMessage .= "Please enter the name of your district sales coordinator!<br />\n"; } if($ra && $awn && $phone && $email && $rs && $ds){ //start the big process of updating tables and e-mailing results $timestamp = strtotime("now"); $aflacQuery = "INSERT INTO ".DB_PREFIX."aflac (registering_agent, agent_writing_number, phone, email, regional_sales_coordinator, district_sales_coordinator, ev_id, user_id, ev_title, ev_start, ev_end, login_timestamp, login_status) VALUES ('". $regAgent ."', '". $agentWritingNum ."', '". $phoneText ."', '". $email ."', '". $regSales ."', '". $disSales ."', '". $ev_id ."', '". $user_id ."', '". $ev_title ."', '". $ev_start ."', '". $ev_end ."', '". $timestamp ."', '1')"; $aflacResult = dbquery($aflacQuery); $eventQuery = "UPDATE ".DB_PREFIX."aw_ec_events SET ev_allow_logins='1' WHERE ev_id='".$ev_id."'"; $eventResult = dbquery($eventQuery); $loginsQuery = "INSERT INTO ".DB_PREFIX."aw_ec_logins (ev_id, user_id, login_comment, login_status, login_timestamp) VALUES ('". $ev_id ."', '". $user_id ."', 'Definitely Agreed', '1', '". $timestamp ."')"; $loginsResult = dbquery($loginsQuery); if($aflacResult && $eventResult && $loginsResult){ $eventTimestamp = strtotime($ev_start); $eventDate = date("m-d-Y h:i:s T", $eventTimestamp); $userName = $userdata['user_name']; $to = "kevinmajor1@gmail.com"; $subject = "Event Registration ($ev_title)"; $mailMessage = "<html>\n<head>\n<title>Event Registration Information</title>\n</head>\n\n<body>"; $mailMessage .= "Below is the registration information:<br />\n<br />\n"; $mailMessage .= "Event Name: $ev_title<br />\nEvent Date: $eventDate<br />\nRegistering Agent: $regAgent<br />\nUser Name: $userName<br />\n"; $mailMessage .= "Agent Writing Number: $agentWritingNum<br />\nPhone Number: $phoneText<br />\n"; $mailMessage .= "E-mail Address: $email<br />\nRegional Sales Coordinator: $regSales<br />\n"; $mailMessage .= "District Sales Coordinator: $disSales<br />\n</body>\n</html>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail($to, $subject, $mailMessage, $headers); $userName = htmlentities(rawurlencode($userName)); $ev_title = htmlentities(rawurlencode($ev_title)); header("Location: success.php?user=$userName&event=$ev_title"); } else{ echo "<br />Something went wrong with the insert!<br /><br />\n\n"; } } else{ echo "<div style='color: red;'>$errMessage</div><br />"; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Registration Form</title> <link rel="stylesheet" type="text/css" href="formstyles.css"> </head> <body style="text-align: center;"> <div style="width: 400px; margin: 0 auto;"> Registration Form<br /><br /> <form action="<?php echo $_SERVER['PHP_SELF']; ?>?evid=<?php echo $ev_id; ?>" method="post"> <fieldset class="narrow"><legend>Please input your information</legend> <p><label for="regAgent">Registering Agent:</label><input type="text" name="regAgent" value="<?php if(isset($_POST['regAgent'])){echo $_POST['regAgent'];} ?>" /></p> <p><label for="agentWritingNum">Agent Writing Number:</label><input type="text" name="agentWritingNum" value="<?php if(isset($_POST['agentWritingNum'])){echo $_POST['agentWritingNum'];} ?>" /></p> <p><label for="phoneNum">Phone Number:</label>(<input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][0];} ?>" />) - <input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][1];} ?>" /> - <input type="text" name="phoneNum[]" size="4" maxlength="4" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][2];} ?>" /></p> <p><label for="emailAddress">E-mail Address:</label><input type="text" name="emailAddress" value="<?php if(isset($_POST['emailAddress'])){echo $_POST['emailAddress'];} ?>" /></p> <p><label for="regionalSales">Regional Sales Coordinator:</label><input type="text" name="regionalSales" value="<?php if(isset($_POST['regionalSales'])){echo $_POST['regionalSales'];} ?>" /></p> <p><label for="districtSales">District Sales Coordinator:</label><input type="text" name="districtSales" value="<?php if(isset($_POST['districtSales'])){echo $_POST['districtSales'];} ?>" /></p> </fieldset> <input type="hidden" name="evid" value="<?php echo $ev_id; ?>" /> <p><input type="submit" name="submit" value="Submit" /></p> </form> </div> </body> </html> <?php require_once "side_right.php"; require_once "footer.php"; ?> success.php (nothing changed) <?php require_once "maincore.php"; require_once "subheader.php"; require_once "side_left.php"; if(!iMEMBER){ fallback(); } if(isset($_GET['user'])){ $userName = $_GET['user']; } if(isset($_GET['event'])){ $eventName = $_GET['event']; } $text = "Thank you $userName for registering for the following event:<br />\n"; $text .= "$eventName<br />\n<br />\n<a href='".BASEDIR."/news.php'>Please click here to return home</a>"; echo $text; require_once "side_right.php"; require_once "footer.php"; ?> I tried urlencode, but it didn't work. I also tried it with htmlentities to no avail. It looks like the combination of htmlentities and rawurlencode should work, as I'm getting the familiar %-something entities in the place of spaces and parentheses, but success.php still won't display properly. In all tests, I get the following HTML: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=windows-1252"></HEAD> <BODY></BODY></HTML> Event titles without parentheses still work correctly.

Nothing critical is being sent via GET. Only a user name and the event name. One must be logged into the system to even get that far. It's not dangerous. In any event, my registration form: <?php require_once "maincore.php"; require_once "subheader.php"; require_once "side_left.php"; function myEscape($string){ return get_magic_quotes_gpc() ? mysql_real_escape_string(stripslashes($string)) : mysql_real_escape_string($string); } if(file_exists(INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php")) { include INFUSIONS."aw_ecal_panel/locale/".$settings['locale'].".php"; } else { include INFUSIONS."aw_ecal_panel/locale/German.php"; } if(!iMEMBER){ fallback(); } if(isset($_GET['evid'])){ $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id=". $_GET['evid']); $event = dbarray($ev); $ev_id = myEscape($event['ev_id']); $user_id = myEscape($userdata['user_id']); $ev_title = myEscape($event['ev_title']); $ev_start = myEscape($event['ev_start']); $ev_end = myEscape($event['ev_end']); } $errMessage = NULL; if(isset($_POST['submit'])){ $ev = dbquery("SELECT * FROM ".DB_PREFIX."aw_ec_events WHERE ev_id=". $_POST['evid']); $event = dbarray($ev); $ev_id = myEscape($event['ev_id']); $user_id = myEscape($userdata['user_id']); $ev_title = myEscape($event['ev_title']); $ev_start = myEscape($event['ev_start']); $ev_end = myEscape($event['ev_end']); if(!empty($_POST['regAgent']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regAgent'])){ $regAgent = myEscape($_POST['regAgent']); $ra = TRUE; } else{ $errMessage .= "Please enter your name!<br />\n"; } if(!empty($_POST['agentWritingNum']) && preg_match("/^[0-9a-zA-Z]*$/i", $_POST['agentWritingNum'])){ $agentWritingNum = myEscape($_POST['agentWritingNum']); $awn = TRUE; } else{ $errMessage .= "Please enter your writing number!<br />\n"; } if(!empty($_POST['phoneNum'])){ $phoneNum = $_POST['phoneNum']; if(preg_match("/^[0-9]{3}$/i", $phoneNum[0]) && preg_match("/^[0-9]{3}$/i", $phoneNum[1]) && preg_match("/^[0-9]{4}$/i", $phoneNum[2])){ $areaCode = myEscape($phoneNum[0]); $firstPart = myEscape($phoneNum[1]); $secondPart = myEscape($phoneNum[2]); $phoneText = "$areaCode-$firstPart-$secondPart"; $phone = TRUE; } else{ $errMessage .= "Please enter your correct phone number!<br />\n"; } } else{ $errMessage .= "Please enter your phone number!<br />\n"; } if(!empty($_POST['emailAddress']) && preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/i", $_POST['emailAddress'])){ $email = myEscape($_POST['emailAddress']); $e = TRUE; } else{ $errMessage .= "Please enter your e-mail address!<br />\n"; } if(!empty($_POST['regionalSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['regionalSales'])){ $regSales = myEscape($_POST['regionalSales']); $rs = TRUE; } else{ $errMessage .= "Please enter the name of your regional sales coordinator!<br />\n"; } if(!empty($_POST['districtSales']) && preg_match("/^[a-zA-Z]+([ a-zA-Z\.-]+)*$/i", $_POST['districtSales'])){ $disSales = myEscape($_POST['districtSales']); $ds = TRUE; } else{ $errMessage .= "Please enter the name of your district sales coordinator!<br />\n"; } if($ra && $awn && $phone && $email && $rs && $ds){ //start the big process of updating tables and e-mailing results $timestamp = strtotime("now"); $aflacQuery = "INSERT INTO ".DB_PREFIX."aflac (registering_agent, agent_writing_number, phone, email, regional_sales_coordinator, district_sales_coordinator, ev_id, user_id, ev_title, ev_start, ev_end, login_timestamp, login_status) VALUES ('". $regAgent ."', '". $agentWritingNum ."', '". $phoneText ."', '". $email ."', '". $regSales ."', '". $disSales ."', '". $ev_id ."', '". $user_id ."', '". $ev_title ."', '". $ev_start ."', '". $ev_end ."', '". $timestamp ."', '1')"; $aflacResult = dbquery($aflacQuery); $eventQuery = "UPDATE ".DB_PREFIX."aw_ec_events SET ev_allow_logins='1' WHERE ev_id='".$ev_id."'"; $eventResult = dbquery($eventQuery); $loginsQuery = "INSERT INTO ".DB_PREFIX."aw_ec_logins (ev_id, user_id, login_comment, login_status, login_timestamp) VALUES ('". $ev_id ."', '". $user_id ."', 'Definitely Agreed', '1', '". $timestamp ."')"; $loginsResult = dbquery($loginsQuery); if($aflacResult && $eventResult && $loginsResult){ $eventTimestamp = strtotime($ev_start); $eventDate = date("m-d-Y h:i:s T", $eventTimestamp); $userName = $userdata['user_name']; $to = "rebecca_dunkle@us.aflac.com"; $subject = "Event Registration ($ev_title)"; $mailMessage = "<html>\n<head>\n<title>Event Registration Information</title>\n</head>\n\n<body>"; $mailMessage .= "Below is the registration information:<br />\n<br />\n"; $mailMessage .= "Event Name: $ev_title<br />\nEvent Date: $eventDate<br />\nRegistering Agent: $regAgent<br />\nUser Name: $userName<br />\n"; $mailMessage .= "Agent Writing Number: $agentWritingNum<br />\nPhone Number: $phoneText<br />\n"; $mailMessage .= "E-mail Address: $email<br />\nRegional Sales Coordinator: $regSales<br />\n"; $mailMessage .= "District Sales Coordinator: $disSales<br />\n</body>\n</html>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail($to, $subject, $mailMessage, $headers); header("Location: success.php?user=$userName&event=$ev_title"); } else{ echo "<br />Something went wrong with the insert!<br /><br />\n\n"; } } else{ echo "<div style='color: red;'>$errMessage</div><br />"; } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title>Registration Form</title> <link rel="stylesheet" type="text/css" href="formstyles.css"> </head> <body style="text-align: center;"> <div style="width: 400px; margin: 0 auto;"> Registration Form<br /><br /> <form action="<?php echo $_SERVER['PHP_SELF']; ?>?evid=<?php echo $ev_id; ?>" method="post"> <fieldset class="narrow"><legend>Please input your information</legend> <p><label for="regAgent">Registering Agent:</label><input type="text" name="regAgent" value="<?php if(isset($_POST['regAgent'])){echo $_POST['regAgent'];} ?>" /></p> <p><label for="agentWritingNum">Agent Writing Number:</label><input type="text" name="agentWritingNum" value="<?php if(isset($_POST['agentWritingNum'])){echo $_POST['agentWritingNum'];} ?>" /></p> <p><label for="phoneNum">Phone Number:</label>(<input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][0];} ?>" />) - <input type="text" name="phoneNum[]" size="3" maxlength="3" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][1];} ?>" /> - <input type="text" name="phoneNum[]" size="4" maxlength="4" value="<?php if(isset($_POST['phoneNum'])){echo $_POST['phoneNum'][2];} ?>" /></p> <p><label for="emailAddress">E-mail Address:</label><input type="text" name="emailAddress" value="<?php if(isset($_POST['emailAddress'])){echo $_POST['emailAddress'];} ?>" /></p> <p><label for="regionalSales">Regional Sales Coordinator:</label><input type="text" name="regionalSales" value="<?php if(isset($_POST['regionalSales'])){echo $_POST['regionalSales'];} ?>" /></p> <p><label for="districtSales">District Sales Coordinator:</label><input type="text" name="districtSales" value="<?php if(isset($_POST['districtSales'])){echo $_POST['districtSales'];} ?>" /></p> </fieldset> <input type="hidden" name="evid" value="<?php echo $ev_id; ?>" /> <p><input type="submit" name="submit" value="Submit" /></p> </form> </div> </body> </html> <?php require_once "side_right.php"; require_once "footer.php"; ?> The success page: <?php require_once "maincore.php"; require_once "subheader.php"; require_once "side_left.php"; if(!iMEMBER){ fallback(); } if(isset($_GET['user'])){ $userName = $_GET['user']; } if(isset($_GET['event'])){ $eventName = $_GET['event']; } $text = "Thank you $userName for registering for the following event:<br />\n"; $text .= "$eventName<br />\n<br />\n<a href='".BASEDIR."/news.php'>Please click here to return home</a>"; echo $text; require_once "side_right.php"; require_once "footer.php"; ?>

I'm having problems using parentheses with the GET method. Here's what's going on: I wrote a custom registration script for a PHP-Fusion site. The script itself works fine. Upon successful submission, the user is redirected to a success page (unoriginally named success.php) that has a "Thank you, $user, for registering for the following event: $event" message. Those variables are passed via GET to that page. The page works fine, unless parentheses are used in the $event string. In those cases, I get a blank screen. I am escaping the input with mysql_real_escape_string(), so that shouldn't be an issue. Any ideas?

Please post the code in question.

You might want to re-read my posts. I specifically mentioned, in my second post, that form processing should be done before displaying the form.

Or simply do as I suggested and put your php at the top. True, that. It never hurts to learn about output buffering, though.

I assume you mean the code: header("Location: account.php")? That's not JavaScript code. It's still PHP. Yes, the syntax is the same, but you're still writing PHP when you code that. A nitpick, maybe, but IMO it's important to understand exactly what you're coding. There is no JavaScript in the code you provided. Check out the link I had in my previous message. In order to do what you want to do, you'll need to employ output buffering. That link explains the concept, as well as provides a link to the output buffering code itself.

Looking over your code again, your biggest errors is that you attempt to use headers and session_start after displaying your HTML. That's not allowed by PHP. You must send headers and start sessions before anything is sent to the browser (including whitespace). There's a thread on it here: http://www.phpfreaks.com/forums/index.php/topic,37442.0.html

A couple of things: 1. Your logic is backwards. For sticky forms, you should handle processing first, then display the form (more on this in a moment). 2. You never check to see if someone has indeed submitted the form. The 'proper' way to construct a form in the manner you want is to do the following: 1. Check to see if the form has been submitted: a. If yes, have the other inputs been input correctly? I. If yes, process the info. II. If no, display the form. b. If the form hasn't been submitted, display it. This ensures that the form is always displayed when a user first visits the page, and will only be reshown if the user screws something up. For your form's action, try <?php echo $_SERVER['PHP_SELF']; ?> Hope this helps.

Anyone mind helping me add some HTTP authentication to a script? I read the tutorial on here, but it still doesn't make much sense as the author never displayed the final code (I'm a visual kinda guy).

Nine Inch Nails made several websites to supplement the story of their latest album, Year Zero. I'm currently trying to emulate the overall look of these websites, especially those that look hacked, for a project at work. They're surprisingly simple -- a few CSS letter spacing tricks and background images that look pixelated and/or static filled. My problem is that the author of these sites comments out some of the HTML text, but it does appear on the site. An example of this is the fictional Secure Broadcasts Informatics site (http://www.securebroadcastinformatics.com). The core HTML is written by an innerHTML declaration, but the stylized text is commented out: function getContent(who){ switch(who){ case "home": document.getElementById("textArea").innerHTML = '<p style="position:absolute; top:155px; left:176px; font-family:Arial; font-size:22px; font-weight:bold;">At SBI, We Learn From The Future As Well As The Past</p>' + '<p style="position:absolute; top:189px; left:176px;">' + 'We dev<span class="three">elop innovative solut</span><!--ions to ultra-secure communications. SBI represents the tip of--> <br />' + 'the spear in post-digital engineering and informat<span class="two">ion transmiss</span><!--ion and storage.-->' + '<br /><br />' + 'Our award-winning researchers a<span class="leftBold">re world leaders in q</span><!--uantum encryption, authentication, --><br />' + 'a<span class="left">nd verific</span>ation. Our unique retrocausal systems effectively eliminate errors, i<span class="leftUp">nterfe</span>rence, or <br />' + 'eavesdropping before they happen, allowi<span class="one">ng simultan</span><!--eous levels of security and bandwidth --><br />' + 'impossib<span class="three">le for other systems. We ar</span><!--e trusted by leading members of government and--> <br />' + 'industry to develop the technology to safeguard vulnerable information, no matter<span class="leftBold"> the place</span> <br />' + 'or time.' + '<br /><br />' + . . . What's the point of these HTML comments? Is it to protect non-CSS browsers?