KevinM1

What's funny is that I always under-budgeted my time until I got this web dev job, and it's my boss that taught me the principle. His rule of thumb is, calculate ideal circumstances and double it. This even goes for large projects. We had one that I had to estimate for, and I came up with something like 180 hours on it. He quoted them 325, and we ended up hitting about the 280 mark because of all the client issues we ran into. It bites us sometimes, too, though. One other project was about a 40 hour one, we quoted 80 and we got it done in 35... those are by far the rarity, though. I just don't see my boss going for something like that. Part of the problem is that we're in a pretty web-ignorant part of the country (yay NH), so it seems as though not many of our clients really understand what goes into making a functional site. Hell, like I intimated above, even my boss seems ignorant to some of the things I have to take into account (he's one of those people who thinks that Java and JavaScript are the same thing and that scripting is merely finding free code to download and plugging into a site). And, naturally, my clients want something done fast and cheap. The basic vibe I get from a lot of them is along the lines of, "My nephew can make a website in a couple hours (one that's plain HTML and created through Front Page, but they don't know that), so why can't you?" Of course, this no doubt stems from the fact that we market ourselves to other small, local businesses.

Well, I'm not actually a full freelance businessman (heh, couldn't resist ) like you. I work part-time for a local start-up computing company. I'm the de facto web developer for the group, even though I'm still a newbie, so it's not just my reputation I have to consider. I also have several other projects on my plate as well. I'm just wondering if 30 hours is too much or too little time to quote for something like I mentioned above. Obviously, I'll charge them whatever hours I work if I finish before then, I just don't want to quote them a specific amount of time only to say "Well, I'm only 3/4ths done, so do you mind paying me for another 10 hours of work?" Obsidian: interesting advice. I'm just not so sure my boss would go for that kind of buffer. He seems to think I can do it in no more than 10-20 (at most) hours (although, he's not really web savvy, so yeah...office drama = good times ). Seeing the sheer bulk of tedium the client is asking for, however, makes me think that 20 hours is impossible. The forms they want are monstrous.

One of the things that I find most difficult about the web development field is trying to predict how long a project will take. I can just never tell how long something will take to be completed. Case in point, I'm attempting to write a proposal for a client that wants the following services: A login/registration system. Many distinct forms with information to both be added to a database or file, and e-mailed to them. Each form should allow the user to add perhaps 100's of lines of information (not necessarily all at once) to the database or file. A product inventory broken up into categories. The ability to update said inventory with a form. Each item (which are cards) will have several default messages, as well as the possibility of a user-defined message. I'm thinking that between creating the scripts and testing them, this will take, on average, about 30 hours for me to do (the registration system and the forms seem to be tightly coupled, given the client's wants, so getting those sections to work right would take the most amount of time). Is this reasonable?

Well, like I said before, I know that it's not a matter of sending the header as the current redirect (which sends everyone to thinkingmachinestore.com) works perfectly. I also have other redirects in other scripts on the site that work perfectly. It's just that when I try to use either HTTP_REFERER (which, like I said above, I've tested and confirmed is being set correctly) or the $tableName variable (which I also know is being set properly as my site would break if it wasn't) to redirect the user to a different page than the default, I get problems.

I hate to bump this up, but I really need to get this working correctly.

If I'm reading this right, your array is a hash. Would a call to the array, like: $leedsPoints = $points['Leeds United']; echo "$leedsPoints"; //outputs 138 be true?

Is there any database involved with this, or is it just the array?

I can't find the edit post/modify post button, so sorry for this bump (EDIT: my OP doesn't have a modify button, but this post obviously does...strange). I just checked to see if HTTP_REFERER was working properly on my server, and it is, so that's not an issue.

Yes, it is possible. What are you attempting to do?

I currently have a script that redirects the user to another page if a form button is clicked. This redirect works fine right now, but I need it to redirect the user to a different page based on certain conditions. I've tried two things, and both have failed. My problem will no doubt make more sense after I post the code of my two attempts. Attempt #1: <?php #viewcat.php script session_start(); ob_start(); include('../php_config/config.php'); include('../dbconnect.php'); include('../templates/sub_header.inc'); include('../templates/isSafe.php'); if(isset($_GET['cat']) && isSafe($_GET['cat'])){ $tableName = $_GET['cat']; } else{ $_SESSION['ip'] = urlencode(serialize($ip)); $_SESSION['myCart'] = urlencode(serialize($myCart)); header("Location: http://www.thinkingmachinestore.com/"); exit(); } if(isset($_POST['submit'])){ if($_SERVER['HTTP_REFERER'] == "http://www.thinkingmachinestore.com/thinkingmachine.php"){ //this if-block is the code in question $_SESSION['ip'] = urlencode(serialize($ip)); $_SESSION['myCart'] = urlencode(serialize($myCart)); header("Location: http://www.thinkingmachinestore.com/thinkingmachine.php"); exit(); } else{ $_SESSION['ip'] = urlencode(serialize($ip)); $_SESSION['myCart'] = urlencode(serialize($myCart)); header("Location: http://www.thinkingmachinestore.com/"); exit(); } } $query = "SELECT * FROM $tableName WHERE availability='y' ORDER BY price ASC"; $result = mysql_query($query); echo "<div style='margin-left: auto; margin-right: auto; text-align: center;'><a href='viewcart.php'><img src='images/store/storefront_02.jpg' alt='' /></a><img src='../images/store/{$tableName}_banner.jpg' alt='' style='margin-top: 5px;' /><a href='checkout.php'><img src='../images/store/storefront_02a.jpg' alt='View Cart' /></a>\n<br /><br />\n"; if(mysql_num_rows($result) == 0){ echo "All items of this category are currently out of stock. Please check here again at a later time for product availability.<br />We apologize for any inconvenience this may cause."; } else{ $count = 0; while($row = mysql_fetch_assoc($result)){ $id = $row["$tableName" . "_id"]; $pic = $row["pic_url"]; echo "<a href='viewitem.php?cat=$tableName&id=$id'><img src='$pic' alt='' /></a>"; $count++; if($count == 2){ echo "<hr /><br />\n"; $count = 0; } } } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <input type="submit" name="submit" value="Go Back" /> </form></div> <?php include('../templates/sub_footer.inc'); ?> Attempt #2: <?php #viewcat.php script session_start(); ob_start(); include('../php_config/config.php'); include('../dbconnect.php'); include('../templates/sub_header.inc'); include('../templates/isSafe.php'); if(isset($_GET['cat']) && isSafe($_GET['cat'])){ $tableName = $_GET['cat']; } else{ $_SESSION['ip'] = urlencode(serialize($ip)); $_SESSION['myCart'] = urlencode(serialize($myCart)); header("Location: http://www.thinkingmachinestore.com/"); exit(); } if(isset($_POST['submit'])){ if(($tableName == "gaming_desktops") || ($tableName == "gaming_peripherals)){ //this if-block is the code in question $_SESSION['ip'] = urlencode(serialize($ip)); $_SESSION['myCart'] = urlencode(serialize($myCart)); header("Location: http://www.thinkingmachinestore.com/thinkingmachine.php"); exit(); } else{ $_SESSION['ip'] = urlencode(serialize($ip)); $_SESSION['myCart'] = urlencode(serialize($myCart)); header("Location: http://www.thinkingmachinestore.com/"); exit(); } } $query = "SELECT * FROM $tableName WHERE availability='y' ORDER BY price ASC"; $result = mysql_query($query); echo "<div style='margin-left: auto; margin-right: auto; text-align: center;'><a href='viewcart.php'><img src='images/store/storefront_02.jpg' alt='' /></a><img src='../images/store/{$tableName}_banner.jpg' alt='' style='margin-top: 5px;' /><a href='checkout.php'><img src='../images/store/storefront_02a.jpg' alt='View Cart' /></a>\n<br /><br />\n"; if(mysql_num_rows($result) == 0){ echo "All items of this category are currently out of stock. Please check here again at a later time for product availability.<br />We apologize for any inconvenience this may cause."; } else{ $count = 0; while($row = mysql_fetch_assoc($result)){ $id = $row["$tableName" . "_id"]; $pic = $row["pic_url"]; echo "<a href='viewitem.php?cat=$tableName&id=$id'><img src='$pic' alt='' /></a>"; $count++; if($count == 2){ echo "<hr /><br />\n"; $count = 0; } } } ?> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <input type="submit" name="submit" value="Go Back" /> </form></div> <?php include('../templates/sub_footer.inc'); ?> Neither attempt redirected me back to thinkingmachine.php. And yes, I made sure that I went to my viewcat.php script from thinkingmachine.php in the first case, and yes, I made sure that my $_GET['cat'] values were either "gaming_desktops" or "gaming_peripherals" in the second. Any ideas on how I can get this to work?

My website -- a simple online store -- uses values passed by the GET method for navigation. So, there is just one script that shows every sub-category of merchandise, with each category being passed along as the GET value in the URL. For security reasons, I've created a sort of whitelist (as opposed to a blacklist) of approved values. My function is basically this (values changed to protect the security of my site): <?php function isSafe($getInfo){ if(preg_match("/^(desktops)|(laptops)|(accessories)$/i", $getInfo)){ return TRUE; } else{ return FALSE; } } ?> Unfortunately, I just found out through testing something else that this isn't as safe as I'd like it to be. In my case, I found out that something like 'gaming_accessories' is treated as if it was just 'accessories', so the script was able to execute, even though it returned no values for that category because the category is empty. Any ideas on how I can have strict enforcement of my category values?

Never mind...found out it was my own security measure that screwed me up.

Yeah, I'll probably just be sticking to a non-salt MD5 encrypt. The AES method is a bit unnecessary for passwords as you need to specify a password for whatever info you're trying to encrypt. So, if you're trying to encrypt a password, you need a password for the password, which is a bit redundant. And you're right, that hashing seems a bit...clunky to use. Thanks for the insight, though!

Since I'm using MySQL 5.0.27, here's the page on encryption I just found that is of most use to me: http://dev.mysql.com/doc/refman/5.0/en/encryption-functions.html According to that page, md5 isn't the most secure method to use any more.

Oh, I will. Like I said above, I'm in the preliminary stages. I always test whether or not my MySQL syntax is working by creating a simple test script (or two) before moving onto the real product. Once I get my ideas fleshed out, I tend to rewrite everything with form validation (regular expressions and escaping strings) and password encryption. It's just that MySQL is my weak point, so I try to get all of that sorted out first. The md5($password) is a PHP function, correct? Does MySQL have something similar like, say, "INSERT INTO users (pass) VALUES (MD5('password'));" or something along those lines? If so, would it matter if I did the md5 encryption on the MySQL end of things rather than with PHP? Or are they both basically equal?

Found my problem...nights_test is the db name while I named my table 'users', but forgot to use it in my queries because, apparently, I'm an idiot. Thanks for the help everyone!

This is strange...I've changed my code to this: <?php include_once 'dbconnect.php'; if(isset($_POST['submit'])){ if(!empty($_POST['name']) && !empty($_POST['pass'])){ $name = $_POST['name']; $pass = $_POST['pass']; $query = "INSERT INTO nights_test (name, pass) VALUES ('$name', '$pass')"; $result = mysql_query($query) or DIE(mysql_error()); $query = "SELECT * FROM nights_test"; $result = mysql_query($query) or DIE(mysql_error()); if(mysql_num_rows($result) > 0){ while($row = mysql_fetch_assoc($result)){ echo "{$row['name']} -- {$row['pass']}<br />"; } } else{ echo "Something went wrong with the insert!<br />"; } } else{ echo "Please enter both name and password!<br />"; } } ?> And I get the following error: I don't see why the table name is being used twice.

I'm currently writing a very simple user registration script. I'm in the preliminary stages, but I keep getting an error whenever I try using mysql_num_rows(). Specifically, it tells me: My own "Something went wrong with the insert!" error is popping up as well. Knowing me, it's just a syntax error, but I can't find it. My script's code is below: <?php include_once 'dbconnect.php'; if(isset($_POST['submit'])){ if(!empty($_POST['name']) && !empty($_POST['pass'])){ $name = $_POST['name']; $pass = $_POST['pass']; $query = "INSERT INTO 'nights_test' (name, pass) VALUES ('$name', '$pass')"; $result = mysql_query($query); $query = "SELECT * FROM 'nights_test'"; $result = mysql_query($query); if(mysql_num_rows($result) > 0){ while($row = mysql_fetch_assoc($result)){ echo "{$row['name']} -- {$row['pass']}<br />"; } } else{ echo "Something went wrong with the insert!<br />"; } } else{ echo "Please enter both name and password!<br />"; } } ?> <html> <head><title>Registration Test</title> </head> <body> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> Name: <input type="text" name="name" /><br /> Password: <input type="password" name="pass" /><br /> <input type="submit" name="submit" value="Submit" /> </form> </body> </html>

Not to hijack the thread, but what does the escaping actually do? And would the info need to be 'de-esaped' if retrieved from the database?

This isn't so much a question on how to do it (which is simple), but rather if my desired method will work. Typically, checkbox inputs have a name value of an array (something like <input name="options[]" type="checkbox" />). Is there an easy way for me to extract the values of such an array and insert them into the right database column? Or should I just bite the bullet and give each checkbox input a unique name so I save myself some confusion/readability? Thanks.

In your function declaration, you should probably tell it to expect two arguments instead of just one. Something like: function show_hide(filter, val) { if ((val == "") || (val== "0") || (val == "1")) { switch (filter) { case 'AA': document.all('apAdd').style.display = ""; break; case 'AE': document.all('apWrk').style.display = ""; break; } } else { switch (filter) { case 'AA': document.all('apAdd').style.display = "none"; break; case 'AE': document.all('apWrk').style.display = "none"; break; } } The reason is because you're passing two arguments to the function (something like 'AA' and the actual value of the select), but you're trying to use one argument to do both jobs in your function's code. In other words, your select value, judging by what I can see in your code, can't be both a number not equal to 0 or 1 and one of your strings (i.e. 'AA') at the same time. Hope this helps.

What's the code that calls the validate function? And what's the code after your 'return false' statement?

I have a love/hate relationship with WOW. I agree with all of the criticism above -- it's a time sink, PVP stinks, the endgame is attrocious, etc. That's why when I get bored with it I suspend my account. My characters still remain, but at least I'm not paying $15 a month for something I'm bored with. I just started playing again, after having downloaded the expansion, and I'm having a fun time leveling a Blood Elf paladin. It's a class I've never tried before and I'm loving the Blood Elf starting zone (even though the quests are still the same stuff I grew to ultimately dislike). At the very least, the area is visually interesting. When/if I get bored again, I'll just suspend my account and move on. My characters will still be waiting for me when I inevitably return. I have no problem stating that gaming is a lifestyle choice. I've been playing video games for as long as I can remember. Some of my first memories are of Frogger, Gorf, and Radar Rat Race on the old Commodore VIC-20 we had. I actually enjoy the mostly solitary nature of gaming. Since I'm disabled I tend to have very little time to just myself as an aide is more often than not hovering around me. Gaming gives me an opportunity to escape from that. It gives me a chance to both think and vent frustration. Tekken (especially playing as Bryan Fury) is a great vehicle for relieving stress. I know my limits, though, and I never let it affect my work or relationship with my family. One can always save/hearth and quit.

I'm not sure if this really belongs here or if it's more suitable for the design/layout sub-section, so feel free to move it if I put it in the wrong place. I've written a simple e-commerce checkout script. The user's shopping cart is just persistant session info, as I didn't want to create a database table for every user. Upon checkout, the user is supposed to enter in their personal and credit card info, which, upon submission, will be e-mailed to our sales guy so he can put in the order with our distributor (not the most elegant system, I know, but it seems like it'll work). My biggest problem, right now, is the sheer bulk of the checkout script. I've tested it, and it works, but it's very long and no doubt heavy handed. Originally, I created a simple sticky form which worked well. The only problem is that my boss wanted it only to be sticky if someone didn't input their info correctly. If they did enter their info in correctly, then he wanted the form to disappear with a little message saying that the order was processed. I've managed to get all of that functionality into the script, but like I said, it's very bulky right now. Is there anything I can do to make it more manageable and readable? I'd like to keep everything in one script, if possible. My code: <?php #checkout.php session_start(); ob_start(); include('../php_config/config.php'); include('../templates/sub_header.inc'); if(!isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS'] != 'on')){ header("Location: https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); } $errMessage = NULL; $mailMessage = NULL; if(isset($_POST['continue'])){ $_SESSION['ip'] = urlencode(serialize($ip)); $_SESSION['myCart'] = urlencode(serialize($myCart)); header("Location: http://www.thinkingmachinestore.com/"); exit(); } if(isset($_POST['back'])){ $_SESSION['ip'] = urlencode(serialize($ip)); $_SESSION['myCart'] = urlencode(serialize($myCart)); header("Location: " . $_SERVER['PHP_SELF']); exit(); } if(isset($_POST['submit'])){ if(!empty($_POST['name']) && preg_match("/^[a-zA-Z]+([ a-zA-Z-]+)*$/i", $_POST['name'])){ $name = $_POST['name']; $n = TRUE; } else{ $errMessage .= "Please enter your name!<br />\n"; } if(!empty($_POST['address1']) && preg_match("/^[0-9a-zA-Z\.\-\ ]+$/i", $_POST['address1'])){ $address1 = $_POST['address1']; $a1 = TRUE; } else{ $errMessage .= "Please enter your address!<br />\n"; } if(!empty($_POST['address2']) && preg_match("/^[0-9a-zA-Z\.\-\ ]+$/i", $_POST['address2'])){ $address2 = $_POST['address2']; } else{ $address2 = ''; } if(!empty($_POST['city']) && preg_match("/^[a-zA-Z\.\-\ ]+$/i", $_POST['city'])){ $city = $_POST['city']; $c = TRUE; } else{ $errMessage .= "Please enter your city!<br />\n"; } if(!empty($_POST['state']) && preg_match("/^[a-zA-Z]{2}$/i", $_POST['state'])){ $state = $_POST['state']; $s = TRUE; } else{ $errMessage .= "Please enter your state!<br />\n"; } if(!empty($_POST['zipcode']) && preg_match("/^[0-9]{5}(\-[0-9]{4})?$/i", $_POST['zipcode'])){ $zipcode = $_POST['zipcode']; $z = TRUE; } else{ $errMessage .= "Please enter your zipcode!<br />\n"; } if(!empty($_POST['home_num']) && preg_match("/^[0-9]{10}$/i", $_POST['home_num'])){ $homeNum = $_POST['home_num']; $hn = TRUE; } else{ $errMessage .= "Please enter your home telephone number!<br />\n"; } if(!empty($_POST['email']) && preg_match("/^[\w-]+(\.[\w-]+)*@([\w-]+\.)+[a-zA-Z]{2,7}$/i", $_POST['email'])){ $email = $_POST['email']; $e = TRUE; } else{ $errMessage .= "Please enter your e-mail address!<br />\n"; } if(isset($_POST['card_name'])){ $cardName = $_POST['card_name']; $cn = TRUE; } else{ $errMessage .= "Please select a credit card!<br />\n"; } if(!empty($_POST['card_num']) && preg_match("/^[0-9]{16}$/i", $_POST['card_num'])){ $cardNum = $_POST['card_num']; $cNum = TRUE; } else{ $errMessage .= "Please enter your credit card number!<br />\n"; } if(!empty($_POST['CID']) && preg_match("/^[0-9]{3,4}$/i", $_POST['CID'])){ $cid = $_POST['CID']; $cidCheck = TRUE; } else{ $errMessage .= "Please enter your credit card's CID!<br />\n"; } if(!empty($_POST['bank_num']) && preg_match("/^[0-9]{10,11}$/i", $_POST['bank_num'])){ $bankNum = $_POST['bank_num']; $bn = TRUE; } else{ $errMessage .= "Please enter your credit card's telephone number!<br />\n"; } if($n && $a1 && $c && $s && $z && $hn && $e && $cn && $cNum && cidCheck && $bn){ if($address2){ $cartInfo = $myCart -> emailMessage(); $mailMessage .= "<html><head><title>Order Confirmation</title><body>$name<br />\n$address1<br />\n$address2<br />\n$city, $state $zipcode<br />\nHome Phone Number: $homeNum<br />\nE-mail Address: $email<br />\n<br />\nCredit Card Company: $cardName<br />\nCredit Card Number: $cardNum CID: $cid<br />\nCredit Card Phone Number: $bankNum<br />\n<br />\n$cartInfo<br /></body></html>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail('stan@thinkingmachineonline.com', 'Thinking Machine Store order', $mailMessage, $headers); $myCart = new ShoppingCart(); echo "<div style='margin-left: auto; margin-right: auto; text-align: center;'>Your order has been processed, $name<br /><form action='{$_SERVER['PHP_SELF']}' method='post'><input type='submit' name='continue' value ='Continue Shopping' /></form></div>\n"; } else{ $cartInfo = $myCart -> emailMessage(); $mailMessage .= "<html><head><title>Order Confirmation</title></head><body>$name<br />\n$address1<br />\n$city, $state $zipcode<br />\nHome Phone Number: $homeNum<br />\nE-mail Address: $email<br />\n<br />\nCredit Card Company: $cardName<br />\nCredit Card Number: $cardNum CID: $cid<br />\nCredit Card Phone Number: $bankNum<br />\n<br />\n$cartInfo</body></html>"; $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n"; mail('stan@thinkingmachineonline.com', 'Thinking Machine Store order', $mailMessage, $headers); $myCart = new ShoppingCart(); echo "<div style='margin-left: auto; margin-right: auto; text-align: center;'>Your order has been processed, $name<br /><form action='{$_SERVER['PHP_SELF']}' method='post'><input type='submit' name='continue' value ='Continue Shopping' /></form></div>\n"; } } else{ echo "<div style='margin-left: auto; margin-right: auto; margin-top: 5px; text-align: center;'><a href='viewcart.php'><img src='images/store/storefront_02.jpg' alt='' /></a><img src='images/store/storefront_01a.jpg' alt='' /><a href='checkout.php'><img src='images/store/storefront_02a.jpg' alt='' /></a><div style='color: red; margin-left: auto; margin-right: auto; text-align: center;'>$errMessage</div>\n";?> <form name="checkout" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" style="margin-left: auto; margin-right: auto; text-align: center;"> <fieldset class="narrow"><legend>Please input your personal information</legend> <p><span style="color: red; font-size: 0.85em;">*Required fields.</span></p> <p><label for="name"><span style="color: red;">*</span>Name: </label><input type="text" name="name" value="<?php if(isset($_POST['name'])) echo $_POST['name']; ?>" /></p> <p><label for="address1"><span style="color: red;">*</span>Address 1: </label><input type="text" name="address1" value="<?php if(isset($_POST['address1'])) echo $_POST['address1']; ?>" /></p> <p><label for="address2"> Address 2: </label><input type="text" name="address2" value="<?php if(isset($_POST['address2'])) echo $_POST['address2']; ?>" /></p> <p><label for="city"><span style="color: red;">*</span>City: </label><input type="text" name="city" value="<?php if(isset($_POST['city'])) echo $_POST['city']; ?>" /></p> <p><label for="state"><span style="color: red;">*</span>State: </label><input type="text" name="state" value="<?php if(isset($_POST['state'])) echo $_POST['state']; ?>" size="2" maxlength="2" /></p> <p><label for="zipcode"><span style="color: red;">*</span>Zipcode: </label><input type="text" name="zipcode" value="<?php if(isset($_POST['zipcode'])) echo $_POST['zipcode']; ?>" /></p> <p><label for="home_num"><span style="color: red;">*</span>Home Telephone Number: <br /><span style="font-size: 0.75em;">(Include area code, but no dashes, spaces, or parentheses)</span></label><input type="text" name="home_num" value="<?php if(isset($_POST['home_num'])) echo $_POST['home_num']; ?>" /></p> <p><label for="email"><span style="color: red;">*</span>E-mail Address: </label><input type="text" name="email" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>" /> </fieldset> <fieldset class="narrow"><legend>Please input your credit card information</legend> <p><span style="color: red; font-size: 0.75em;">*All fields are required.</span></p> <p><label for="card_name">Credit Card Provider: </label><select name="card_name"><option value="Mastercard">Mastercard</option><option value="Visa">Visa</option><option value="Discover">Discover</option><option value="American Express">American Express</option></select></p> <p><label for="card_num">Card Number: <span style="font-size: 0.75em">(No dashes or spaces)</span></label><input type="text" name="card_num" /></p> <p><label for="CID">CID: </label><input type="text" name="CID" value="<?php if(isset($_POST['CID'])) echo $_POST['CID']; ?>" size="4" maxlength="4" /></p> <p><label for="bank_num">Credit Card Telephone Number: <br /><span style="font-size: 0.75em;">(No dashes, spaces, or parentheses)</span></label><input type="text" name="bank_num" value="<?php if(isset($_POST['bank_num'])) echo $_POST['bank_num']; ?>" /></p> </fieldset><br /> <input type="submit" name="submit" value="Checkout" /><input type="submit" name="continue" value="Continue Shopping" /> </form> <a href="http://www.equifax.com/DigitalCertificates/"><img src="images/store/equifax.jpg" alt="Equifax SSL Security" /></a> </div> <?php } } else{?> <div style="margin-left: auto; margin-right: auto; margin-top: 5px; text-align: center;"><a href='viewcart.php'><img src='images/store/storefront_02.jpg' alt='' /></a><img src='images/store/storefront_01a.jpg' alt='' /><a href='checkout.php'><img src='images/store/storefront_02a.jpg' alt='' /></a> <form name="checkout" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" style="margin-left: auto; margin-right: auto; text-align: center;"> <fieldset class="narrow"><legend>Please input your personal information</legend> <p><span style="color: red; font-size: 0.85em;">*Required fields.</span></p> <p><label for="name"><span style="color: red;">*</span>Name: </label><input type="text" name="name" value="<?php if(isset($_POST['name'])) echo $_POST['name']; ?>" /></p> <p><label for="address1"><span style="color: red;">*</span>Address 1: </label><input type="text" name="address1" value="<?php if(isset($_POST['address1'])) echo $_POST['address1']; ?>" /></p> <p><label for="address2"> Address 2: </label><input type="text" name="address2" value="<?php if(isset($_POST['address2'])) echo $_POST['address2']; ?>" /></p> <p><label for="city"><span style="color: red;">*</span>City: </label><input type="text" name="city" value="<?php if(isset($_POST['city'])) echo $_POST['city']; ?>" /></p> <p><label for="state"><span style="color: red;">*</span>State: </label><input type="text" name="state" value="<?php if(isset($_POST['state'])) echo $_POST['state']; ?>" size="2" maxlength="2" /></p> <p><label for="zipcode"><span style="color: red;">*</span>Zipcode: </label><input type="text" name="zipcode" value="<?php if(isset($_POST['zipcode'])) echo $_POST['zipcode']; ?>" /></p> <p><label for="home_num"><span style="color: red;">*</span>Home Telephone Number: <br /><span style="font-size: 0.75em;">(Include area code, but no dashes, spaces, or parentheses)</span></label><input type="text" name="home_num" value="<?php if(isset($_POST['home_num'])) echo $_POST['home_num']; ?>" /></p> <p><label for="email"><span style="color: red;">*</span>E-mail Address: </label><input type="text" name="email" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>" /> </fieldset> <fieldset class="narrow"><legend>Please input your credit card information</legend> <p><span style="color: red; font-size: 0.75em;">*All fields are required.</span></p> <p><label for="card_name">Credit Card Provider: </label><select name="card_name"><option value="Mastercard">Mastercard</option><option value="Visa">Visa</option><option value="Discover">Discover</option><option value="American Express">American Express</option></select></p> <p><label for="card_num">Card Number: <span style="font-size: 0.75em">(No dashes or spaces)</span></label><input type="text" name="card_num" /></p> <p><label for="CID">CID: </label><input type="text" name="CID" value="<?php if(isset($_POST['CID'])) echo $_POST['CID']; ?>" size="4" maxlength="4" /></p> <p><label for="bank_num">Credit Card Telephone Number: <br /><span style="font-size: 0.75em;">(No dashes, spaces, or parentheses)</span></label><input type="text" name="bank_num" value="<?php if(isset($_POST['bank_num'])) echo $_POST['bank_num']; ?>" /></p> </fieldset><br /> <input type="submit" name="submit" value="Checkout" /><input type="submit" name="continue" value="Continue Shopping" /> </form> <a href="http://www.equifax.com/DigitalCertificates/"><img src="images/store/equifax.jpg" alt="Equifax SSL Security" /></a> </div> <?php } include('../templates/sub_footer.inc'); ?>

[quote author=The Little Guy link=topic=124014.msg518247#msg518247 date=1170272194] If you haven't gotten it yet, I think you should have a 3 page system. Page 1 - Display the form Page 2 - Process buttons, inputs, and redirect Page 3 - Final display page Page 1 you should understand Page 2 the user will/may never see this page it decides what button was pressed, and if previous page was selected it will do a heder of what the previous page was if the first button is selected a header of the first page will take place. page 3 will display the correct page. [/quote] Actually, it looks like my script was choking because I had two forms on the same page.  One was processed by a separate script, and the other, which I used for the navigation, was a sticky form.  By meshing the two forms together in my viewitem.php script and having the other script handle it, everything started working properly.