PFMaBiSmAd

What error or other symptom are you getting that leads you to believe you have a problem with the header() redirect (so that we could help you with the actual problem)?

You cannot save any text because you don't have any single-quotes around the data in the query. Without the single-quotes, mysql is treating the data as a mysql keyword or column name. If you were checking if the query returned an error, you would have been getting sql syntax/unknown column name errors. $sql = "INSERT INTO test (name) VALUES ('$name')";

Setting error reporting to zero is hiding the error messages that would help you find the problems in your code. When learning php, developing php code, or debugging php code, you should have error_reporting set to E_ALL and display_errors set to ON so that all the php detected errors will be reported and displayed.

Original code - $file_name = $_FILES['image']['name']; $file_ext = strtolower(end(explode('.', $file_name ))); Code with stated change - $file_name = $_FILES['image']['name']; $parts = explode('.', $file_name ); $file_ext = strtolower(end($parts));

You forgot to execute the query.

^^^ That's not what the first post in the thread stated. You stated +/- 1 or equal is green; +/- 2 is yellow; +/- 3 (or more) is red. Are you sure?

You can either configure your server to parse .css files as php code (you need to be careful not to let users/hackers upload .css files that contain their php code) or you can use a .php file as the external css file and output a Content-type: text/css header at the start of the php code in the file.

Did you put that code before every session_start statement so that it would affect all session id cookies that get created? Did you check in your browser if the session id cookie got set with .yourdomain for the Domain: value?

Set the session.cookie_domain to match your domain - http://us.php.net/manual/en/session.configuration.php#ini.session.cookie-domain If you follow the session_set_cookie_params link on that page, it shows how to use a leading dot on .yourdomain to match all subdomains of yourdomain.

I don't know why you are using both .load and .get (they do similar things.) Your use of .load is what is causing the undefined error, because it is requesting the sub.php page but is not supplying any data and if it was supplying data, it would be sent as $_POST data. Your use of .get is not using the returned data anyway. You would need to supply a callback function as part of the .get syntax. Why not just use .load - <script type="text/javascript"> $(document).ready(function(){ $("#sub").click(function(){ $("#test").load("sub.php",{uid: $("#sub").attr('uid')}); }); }); </script> <a href="#" id="sub" uid="1">Sub</a> <div id="test"> </div> <?php $id = $_POST['uid']; echo $id; ?>

Your $a variable is not set to anything, so of course var_dump($in) returns null. Anyways, you should be using an array name for your form fields, rather than trying to make a series of named/numbered fields - http://www.php.net/manual/en/faq.html.php#faq.html.arrays

Does your actual code have the or die() on it? Even though the use of mysqli_error() is incorrect (you need the connection link in that or you need to use the OOP version of it), the code should have died when there was a query error.

Is the ->query() method the mysqli query method or part of some other database class?

You might be able to ignore the first error, but php won't. Even with error_reporting/display_errors set so that error is not reported/displayed, php must still detect that error and call the error handler routine every time that line of code is executed. The reporting/display/logging of the error is just the last step in the error handler before it returns to the calling code.

The first error is because end expects an actual array variable to reference. You need to assign the result of the explode to a variable, then use that variable in the remainder of the functions. The second error is because the field is - ['tmp_name']

You should be developing and debugging your code with error_reporting set to E_ALL (or to a -1) and display_errors set to ON so that all the php detected errors will be reported and displayed. Add the following two lines of code immediately after your first opening <?php tag - ini_set("display_errors", "1"); error_reporting(-1); You should be getting an error concerning the destination folder/file (you are missing a / after 'images' and before the filename.)

If you post all the code inside the while(){...} loop, someone can probably help with what it is doing wrong. Best guess is you are reusing and overwriting the $result variable.

http://dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html#function_str-to-date

Best guess is you either have something in the file before the <?php tag or after the ?> tag or you have saved the file as a UTF-8/Unicoded file with BOM (Byte Order Mark) characters. Make sure there are no characters outside of the <?php ?> tags and make sure that file is saved without the BOM characters (there should be an option in your editor's encoding/file-save-as menu.)

AND is a logical operator. You are trying to SET news_date to 'a date' AND'ed with the value in the news_description column. That would result in a TRUE value, which is an invalid DATE, so your news_date column is set to an all zero date value.

The point of the query that is being executed is to - get the rows you want in the order that you want them. You would add a WHERE clause to the query so that only the rows that have tender information are matched.

Hopefully, this will clear up the problem -

@teynon, the issue isn't the quote, it's the \ characters being inserted into the database table. When data is escaped properly (only once) the \ characters won't be present in the actual database table.

And when you tried this yourself (putting quotes or injected sql into a string data field using prepared statements without using the mysqli_real_escape_string function), what result did you observe? There's a huge amount of incorrect programming related and every other kind of information posted on the Internet, because anyone now days can become an author and post something that he thinks is true, not supported by actual testing and observed results. The best way to confirm anything in programming is to make a test case, run it, and observe the results yourself.

The Anonymous post on that page is correct. Checkdate, the way he tried to use it, should not be used as validation to check if a date is correct (the format or if it contains any XSS scripting.) That's not its' job. The point of checkdate is to validate if the month, day, and year numerical values it is passed is a valid date (i.e. One of the things you asked - What is the best way to make sure a valid date is entered?) The preg_split pattern that he used isn't specific to the expected data, so of course it is possible to bypass it. Regardless if using one field for the date (a datepicker) or three different fields (three dropdown select lists, one each for the month, day, and year), in real life, you would use a pattern that matched the format of the data you are expecting.