PFMaBiSmAd

Your <form ...> tag does not have the necessary enctype= attribute that would allow the form to upload a file. Have you read the upload handling section in the php documentation so that you would know the requirements to get this to work - http://md.php.net/manual/en/features.file-upload.php

Is there anything special about the people you want to allow to download the images that distinguishes them from the people (search engines) that you don't want to see the links to your images, such as being logged in?

Back to your current problem. The links you make should only be what you originally had - echo '<a href="index.php?proc='.$row['id'].'">'.$row['article_title']. '</a>' . "<br />" . substr($row['article'], 0, 250). '...' ; Your code in index.php should detect that $_GET['proc'] is set and use the id value to do everything it needs to do to produce and output the necessary content that matches that id.

What does a 'view source' in your browser of the blank page show?

Again, you didn't state what symptom or error you are getting that leads you to believe the second one is not working. BTW - mysql_error() would need the correct link resource so that it would output the last error that occurred on the specific connection. You also need to use the correct link resource in the mysql_select_db statements.

A logical true evaluates to a 1. The predefined constant JSON_HEX_TAG (currently) has the value 1. It is likely that your use of true results in - All < and > are converted to \u003C and \u003E You should use the predefined constant JSON_HEX_TAG so that your code will (always) work correctly and clearly and you can do a simple str_replace using arrays on the data to emulate what JSON_HEX_TAG does.

To start with, type="pass" is not a valid form field type. Its type="password" Your form field names are myusername and mypassword. You would need to use those same names for the $_POST variables in your php code. They currently are not.

<--- psychic crystal ball says you are missing some quotes around the value in your HTML so that the space is a stop character.

Php is a parsed, tokenized, and interpreted language. All the lines of code in your main file will be parsed and tokenized when the page is requested (included/required code is parsed/tokenized/executed when the include/require statement is executed), so yes each line of code that is present will take an amount of time to parse and convert to tokens. During the interpretation/execution phase, each conditional statement will be evaluated when execution reaches that point in the code and if the condition evaluates as false, execution jumps to the end of the conditional block. The statements that are within the conditional block are not executed and don't consume processing time.

If you want help with what your code is doing, you will need to post your code, along with any errors or symptoms you saw that lead to you believe your script is not working. If you have two active database connections in one script, it is likely that the problem is that you need to specify the correct connection when you execute a query against the database where your script is running at.

The Spoofed Form Submission and Spoofed HTTP Request examples are intended to show that submitted data can (easily) have any value because there is no guarantee that it was a form or a link on one of your pages that supplied the data. Validation (i.e. the act of testing for compliance) of external data means to actually test that the data exists and has an expected value before you use it in your code. Things like mysql_real_escape_string, htmlspecialchars, filter_input, ... are not validation.

Your forgot to state what exact symptom or error you saw in front of you that would let someone on a help forum actually help.

The posted code does not produce an unexpected $end error. Are you sure the error was being reported in that file or one of the required files?

mysql_affected_rows takes the db link as a parameter, which is what you had in the code posted in the first post in this thread. Why did you change your code to use the result resource in the mysql_affected_rows statement?

mysql_num_rows() is only usable for queries that return a result set (SELECT and SHOW queries.) You are executing an INSERT query.

The following pseudo code shows how you can put a form and form processing code on one page - <?php // check if your form was submitted if(isset($_POST['submit'])){ $errors = array(); // use an array to both hold validation errors and to serve as a flag that there were validation errors // put your code that conditions and validates the form data here... // Each validation error sets an element in the $errors array - if(empty($_POST['name'])){ $errors[] = "Name was empty!"; } // more validation tests here... // done validating all the form data, check if there were any errors if(empty($errors)){ // no validation errors, use the form data here... // the form data has been successfully and completely processed header("Location: {$_SERVER['SCRIPT_NAME']}"); // redirect to the base page to clear the form data exit; } } // end of form processing code // at this point, either the form has not been submitted or it has and there were validation errors // produce any error content if(!empty($errors)){ $error_content = "Please correct the following:<br />"; foreach($errors as $error){ $error_content .= "$error<br />"; } } // produce your form, with any previously submitted data in the fields so that the visitor does not need to reenter it // I recommend building your form in a variable, so that you can just output it later in your html page $form_content = " <form method='post' action='{$_SERVER['SCRIPT_NAME']}'> <input type='text' name='name' value='". (isset($_POST['name']) ? htmlentities($_POST['name'],ENT_QUOTES) : '') ."'> <input type='hidden' name='submit'> <input type='submit'> </form>"; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> </head> <body> other content here... <?php echo isset($error_content) ? $error_content : ''; // display any errors that occured ?> <?php echo isset($form_content) ? $form_content : ''; // output the form here ?> other content here... </body> </html>

By adding an echo statement before your header() redirect, all you have done is create a header error (which you would see if you had error_reporting set to E_ALL and display_errors set to ON.) That has solved nothing. When a validation error occurs, you don't want to redirect. You want your code to continue executing and redisplay the form with any validation error messages. In fact, you want to validate all the data at once and display all the validation errors at once. What you are doing now would only display the first error found, requiring the visitor to keep resubmitting the form for each piece of invalid data.

How do you know an existing DELETE query you have in your code on your site(s) is not deleting all the rows, either accidentally (logic error, no validation...) or through someone injecting a 1=1 in a Where condition? Also, if database tables are being emptied and you have and use a secondary table to log in visitors, that secondary table would also end up being emptied.

This should solve the problem - http://www.phpfreaks.com/forums/index.php?topic=340817.msg1607027#msg1607027 If not, you would need to define: "I get multiple arrays created"

Why would you want to do that? Making your visitors reenter ALL the form information every time there is ONE error will mean that you will have very few visitor to your site because no one is going to stay on your site after the first time they have to reenter data they have already entered before.

You are producing a query that looks like - SELECT `friend`, `friend_gender`, `friend_location` FROM friends WHERE `friend` LIKE '%keyword1%' AND `friend` LIKE '%keyword2%' That only matches rows when the where clause is TRUE. That would require that `friend` is like %keyword1%' and `friend` is like '%keyword2% at the same time, which will never be true (unless keyword1 is the same as keyword2). You actually need to use a logical OR. You want to match rows where `friend` is like %keyword1%' OR where `friend`is like '%keyword2%

group is a reserved mysql keyword and should not be used as a column name.

The function name is - imagecreatefromjpeg not imagecreatefromjpg

Should work - SELECT * FROM `users` ORDER BY IF(lastname = '',0,1) DESC, mydatetime

Unfortunately, this is a side-affect of php's register_globals (where external and session variables were automatically converted into scaler program variables) that did and continues (even with register_globals turned off) to waste a huge amount of time. I can only guess that the script you are following was never tested with titles that had more than one word in them. Had it been, someone would have realized that an id value should have been used as the array keys instead of the title.