PFMaBiSmAd

Are you sure that your ajax code is even setting - $_POST['submit']? I recommend that you either use error_log statements or http://www.firephp.org/ in your code so that you can determine what exactly your code is doing. Without all your code, the database definition, and test data that would be needed to duplicate the problem, you cannot really expect someone else to try and figure out what 200+ lines of code is doing? Edit: You could always debug your code using a HTML form (which you should have inside <noscript></noscript> tags anyway so that your page works in an expected manner when someone does not have javascript enabled.)

If the one.com name that the OP posted for his host is accurate, he apparently has Windows/IIS based hosting.

So, did you check using a phpinfo(); statement to see if the short open tag setting is on or not? It may not be what is causing your php code to fail. Edit: and while you are at it, what does a phpinfo() statement show for the error_reporting and display_errors settings?

One of the tests in the following is probably failing, so your method returns a false value - if(!$Security->valid_un($un) || !$Security->valid_pwd($pwd) || !$Security->valid_email($email) || $pwd != $pwd2 || !$Security->valid_string($question) || !$Security->valid_string($answer) ) When you echo a false value, nothing will be displayed. You should provide a way of getting and displaying exactly which test(s) is(are) failing.

A) You should get your script working on a development system that has the same php.ini settings as your web hosting, B) It will take you about 2 minutes (that includes the time needed to open the editor and find the menu item) to get a programming editor like Notepad++ to do a search/replace through all the files to change all the <?= into <?php echo and to change all the <? into <?php tags. C) The php tags in your code will then work on any server that has php installed and you won't need to waste an more time dealing with short open tags. D) There may be other settings or needed php extensions that are causing the fatal parse/runtime error/white-page and you could have the same problem on any web host and it is always better to troubleshoot what is causing a problem and solve it then to try to work around the problem (jumping to a different web host probably won't solve your problem.)

If your $registrationKey value is a number only and you are putting it into a query statement as a number, without any quoting around it, using mysqli_real_escape_string won't stop sql injection, because mysqli_real_escape_string is only for escaping string data being put into a query.

Sample code using arrays for the form fields - <?php $fields = array('k1O','k2O','k3O'); // list of table fields (used to generate form fields and to process form data) // the form processing code if(isset($_POST['submit'])){ echo '<pre>',print_r($_POST,true),'</pre>'; // check out the actual form data foreach($_POST[$fields[0]] as $key => $value){ // key will be the id. value is not directly used $key = intval($key); // cast as integer $sets = array(); foreach($fields as $field){ $sets[] = "$field = " . intval($_POST[$field][$key]); } $query = "UPDATE your_table SET ".implode(',',$sets)." WHERE id = $key"; echo $query . '<br />'; // check out the actual query statement // execute your query here... } } // the form echo "<form action='' method='post'>\n<table>\n"; while($row = mysql_fetch_assoc($result)){ echo "<tr>\n"; foreach($fields as $field){ echo "<td><input type='text' name='{$field}[{$row['id']}]' value='{$row[$field]}' size='1' maxlength='1'/></td>\n"; } echo "</tr>\n"; } echo "</table>\n<input type='submit' name='submit'>\n</form>\n"; ?>

$count has nothing to do with which row was matched and in fact since you cannot control which row any particular data is in, you should not being trying to match a row number. $count is the number of row(s) that the query matched. For any username/password combination, there should only be ONE row. $count will be zero if there was no matching row and it will be one if there was one matching row. The only way it could be two is if you have two rows with the same username/password combination. If you want to redirect to a different location depending on which username/password combination was entered, you would either use a unique id (auto-increment) from your database table or some other unique value, such as a username or a specific column that holds the 'location' to redirect to.

The only thing you can output to the browser before a header is another header and if you are trying to dynamically output an image the only thing you can output is(are) header(s) followed by the image data. See this sticky post, found at the top of the forum section you are posting in - http://www.phpfreaks.com/forums/index.php?topic=37442.0

Using a series of name/numbered variables/fields is the HARDEST way of doing something for a SET of same/similar type data. If you use arrays for the form field names, you can use simple php array functions, such as a foreach loop, to iterated over the data. See this link - http://us2.php.net/manual/en/faq.html.php#faq.html.arrays You would typically use the database id value as the array index value so that you can associate the submitted data with the row(s) to update in the database.

In reply #4 in this thread, someone mentioned that a "content-type: header is output, followed by the correct image data." The browser doesn't know that the blob data is an image or what kind of image it is, especially since the file extension in the src="" attribute is .php and not that of an actual image like .jpg, .gif, .png,... You either need to store the mime type of the file in your database and output it using a Content-type: header, i.e. a .jpg image would have a mime type of 'image/jpeg' or you if all your images are and will always be only one image type, you could always output the correct content-type header for that image type or you could construct a lookup table (array) that associates the image file extension to the correct mime type, assuming you have stored the original image extension in the database (it would be easier to store the original image mime type in the database in this case.) A typical dynamically produced content-type header statement would look like - $mime = "image/jpeg"; // determine the mime type for the image header("Content-type: $mime");

Does your database have the URL of the image stored in the column or is the actual image binary data stored in the column? Also, have you checked if the 'view source' of the page in your browser has the expected URL for the image in the src="" attribute?

What images? You only have one <img tag in the posted code and it is inside of the outimage() function and you are not calling the outimage() function in the posted code.

I removed the two ; on the end of the <?php tags and the error went a way.

This may or may not be the cause of the problem. If you look at the color highlighting in the forum post, you will see two echo statements, staring in column 1, near the end of the code that are in black. The <?php tags that start each of those sections have semi-colons ; on the end of them. Edit: You are also missing the closing quote " on the end of the first one of those echo statements. I think the language parser just got tired of all the opening and closing php tags. Edit2: If you remove the semi-colons on the two <?php tags, the syntax error will go away.

Edit: too slow on the submit button, see the same information above ^^^ You also need the i on the mysqli_error($con) statement since you are using mysqli for the connection, query, close...

INSERT IGNORE INTO table2 (name, email, registered, confirmed) SELECT firstname, email, 1, 1 FROM table1 WHERE email='generic@email.com' I hope you are not executing a SELECT query to get all the email addresses from the table and then looping through them, with the posted query inside of a loop? If you remove the WHERE condition from the posted query, it will select all the rows at once and insert them all at once into the second table.

Should work (you can select literal values) - INSERT INTO table2 (name, email, registered, confirmed) SELECT firstname, email, 1, 1 FROM table1 WHERE email='generic@email.com'

Should work (you provided no information about how the names should be combined) - "INSERT INTO table2 (name, email) SELECT CONCAT(lastname, firstname), email FROM table1 WHERE email='someemail@gmail.com'"

The error message states where the output is occurring at that is preventing the header from working. The solution is to determine what that output is and prevent it from occurring before you attempt to do a header() redirect.

The where clause should match the game values - WHERE s1.game = s2.game

You don't use GROUP BY when you do it that way.

^^^ That's correct. The browser requests all the media files on a web page. When you output an <img src="" alt=""> HTML tag as part of a web page, it is the browser that makes a http request for the URL that is in the src="" attribute. There is no difference between that http request and someone putting that URL into their browser's address bar. If you want to secure the files being output, read the post at the following link (replace references to 'download' with 'image') - http://www.phpfreaks.com/forums/index.php?topic=336239.msg1583846#msg1583846 In addition to the information in that post, you can also set a session variable on your main page and then have the code that dynamically outputs the image test if that session variable is set and has the expected value. This would at least mean that someone (or a bot script) requested your main page before requesting the image. P.S. Hotlink protection that tests HTTP_REFERER is easily bypassed and in fact most web proxy scripts set HTTP_REFERER to match the URL being requested.

Links are URL's, not file system paths. Include/require statements use file system paths to include a file through the file system.

A leading / on a file system path refers to the root of the current hard disk. You can use $_SERVER['DOCUMENT_ROOT'] to get the file system path to your document root folder, then concatenate the rest of the path to your file to that value to arrive at an absolute file system path.