PFMaBiSmAd

http://dev.mysql.com/doc/refman/5.1/en/example-maximum-column-group-row.html

You wouldn't pass a server-side produced value through the form, because that would just add another piece of external modifiable data that you must validate and escape before putting it into the query statement.

You would dynamically output the file using a .php script. The download link would be to the .php script (with a get parameter on the end of the url that indicates which actual file to output.) The .php script would contain your log in check code that determines if the current visitor is logged in and is authorized to download the requested file. The folder where the actual download files are stored in would either be outside (closer to the disk root) your document root folder or if that option is not available to you, you would put a .htaccess file in the folder that prevents all direct http requests to the files. You would either use some generic id in the get parameter to determine the actual requested file or if you use the actual file name in the get parameter, you would need to validate (or force) that the supplied value is just a file basename so that someone could not use directory transversal (../../....) to download a file outside the folder where you actually have the files stored. You could also generate a unique id value per visitor/per file (stored in a database table) that only allows that visitor to download a specific file, for a limited time, or only once. Google for "php force download script"

Having some error checking and error reporting logic testing the result of the mysql_query() statement and using mysql_error() in the error reporting logic would have quickly pointed to the problem.

[ot]magic_quotes short open tags (and all the other things php put into the language to HELP people write 'working' code) has wasted a HUGE amount of man hours and processor cycles.[/ot] Doesn't the offtopic/ot bbcode tag exist/work anymore?

You wouldn't use GD image functions to do this unless you are manipulating the image in some way, since they impose a huge memory and processing overhead.

The src="..." attribute is a URL where the browser can fetch the image. If the image data is in a database table, you would need to use the URL of a .php script that when that URL is requested, the correct content-type: header is output, followed by the correct image data. Since you probably have multiple images, you would use a get parameter on the end of the URL that specifies which image data to get from the database and output.

If you formed the whole query statement in a variable and then echoed it, you could probably see what is causing the query to fail.

Your form field name="..." attributes are not 'image', 'info', and 'name' for the three input fields, so in the current code, $_POST['image'], $_POST['info'], and $_POST['name'] don't exist and don't have any value. You should be developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON so that all the php detected errors will be reported and displayed. The non-existent $_POST variables would have been pointed out by the resulting error messages. Once you fix the code to work for one set of form fields, you would use array names for the form fields, with the array index value being some identifying value for each row in the database, such as the auto-increment id. See this link - http://us3.php.net/manual/en/faq.html.php#faq.html.arrays

There is probably a sql special character as part of the data. You should echo the $sql variable as part of the die(...) statement so what we could see exactly what the query is, right before the Bild point where the syntax failed. Ultimately, you will probably find that the error is because you must escape ALL string data values being put into a query statement so that any special sql characters in the data don't break the sql syntax. See this link - mysql_real_escape_string

The post that AbraCadaver made contained two different pieces of information. That first was to get the current page name dynamically instead of hard-coding it in each page. The second was to eliminate all that code and dynamically produce the pdf name from the basename of the page in a variable named $pdfName. You could then echo $pdfName where you needed it. Since you are directly outputting the value that the line of code he supplied is producing, you would just echo it directly - <div id="download"> <a href="<?php echo '_pdfs/' . pathinfo($_SERVER['SCRIPT_NAME'], PATHINFO_FILENAME) . '.pdf'; ?>"><span>Download Specification </span></a> </div> And I will reiterate something I posted above, once I saw the forest you were creating. You should not be producing individual pages, one for each product. You will end up spending a huge amount of time just keeping track of and maintaining all the pages and keeping your menu up to date every time you add, delete, or change anything. Ultimately, you should have a product database and one .php page that dynamically builds your menu of product categories/products, displays the information about the currently selected product (using a get parameter on the end of the url to determine what the currently selected product is), and has a download link for the currently selected product. You should let your php code do the work for you instead of you manually making pages and manually making your product navigation menu.

You should make the page basename and the pdf basename the same and just do what AbraCadaver posted. You should not write hard-coded logic that relates the page to the pdf, because you will need to go in and edit your code every time you add a page/pdf file. Code should be general purpose so that it operates on any amount of data without needing to edit it just because you add one more piece of data. Edit: If you do have a case where you need to lookup values, you would use an array to hold the key/value pairs so that you only need to add an entry to the array, instead of needing to find and edit the logic in your program every time you add a value. Edit2: You should actually only have ONE page that uses a get parameter on the end of the URL that indicates which product the page displays.

imagettfbbox

Php array variables inside of a double-quoted string need to be enclosed by {}, i.e. {$_SESSION['MM_Username']} Your query also has two sql syntax problems. Your username column is enclosed by single-quotes, making it a string instead of a column identifier and your $_SESSION['MM_Username'] value is enclosed by back-ticks ``, causing it to be treated as a column identifier. The $_SESSION['MM_Username'] value, which is a string data value, should be enclosed by single-quotes. Back-ticks are mysql specific and should be avoided whenever possible (you only need them when a database, table, or column name contains special characters or is a reserved mysql keyword.) With all the changes - $get = mysql_query( "SELECT * FROM friend_requests WHERE username = '{$_SESSION['MM_Username']}'");

Php is a web server scripting language. What URL are you entering in your browser? It should be something like http://localhost/your_file_name.php

Not this again. The only thing the w3.org specification states is that the x and y coordinate where the image was clicked be sent to the server. AFAIK, all browsers do this. The browsers that send the name/value pair are doing their own thing outside of the w3.org specification. You can use one of the following methods to detect if a form using an image as a submit button has been submitted - 1) Test if $_SERVER['REQUEST_METHOD'] == "POST" 2) Put a get parameter with a specific name/value on the end of the URL in the action="..." attribute and test for the get variable in your code. 3) Put a hidden field in the form with a specific name/value and test for it in your code. 4) Test for either the name_x or name_y coordinate from the image - http://us3.php.net/manual/en/faq.html.php#faq.html.form-image

You have a semi-colon ; on the end of your if(); statement that ends that conditional statement at that point. If you were to write your php code without all those opening and closing php tags, it would be easier to see what your actual logic is - <?php if(empty($showpromos['productid'])){ echo '<img src="images/promotions/blank-promotion-image.jpg" width="310" height="150" />'; } else { echo '<img src="images/promotions/' . $showpromos['image'] . '" width="310" height="150" />'; } or more simply - <?php $file = (empty($showpromos['productid'])) ? 'blank-promotion-image.jpg' : $showpromos['image']; echo '<img src="images/promotions/' . $file . '" width="310" height="150" />'; or even - <?php echo '<img src="images/promotions/' . ((empty($showpromos['productid'])) ? 'blank-promotion-image.jpg' : $showpromos['image']) . '" width="310" height="150" />';

Or more simply (remove the mysql_real_escape_string line if you only want to undo what magic_quotes_gpc does) - <?php function escape_deep(&$item, $key){ if(get_magic_quotes_gpc()){ $item = stripslashes($item); } $item = mysql_real_escape_string($item); } array_walk_recursive($_POST,'escape_deep'); ?>

With the doctype at the start of the page, there are currently 80 Errors, 12 warning(s) in the markup.

magic_quotes (and all the other things php put into the language to HELP people write 'working' code) has wasted a HUGE amount of man hours and processor cycles.

LOL, your doctype is on line 13. You need to produce a valid, error free, HTML document, before you can even worry about how it looks in different browsers.

This reminds me of a recent thread where someone had written a custom framework (that he didn't bother to mention, show, or to remember that it was doing something to all his post data) that was pre-processing all the $_POST variables and he had a problem with arrays. Do you have anything going on in the code like a framework or code in a prepended file that could be looping through all the $_POST data, but is only doing it in one dimension, so that if an array existed in the data it would be truncated? Perhaps some code that detects magic_quotes_gpc and runs conditionally only on some servers? Another possibility is if you have the stupid suhosin hardened php patch installed and the suhosin.post.max_array_depth has been set to zero.

Read reply #2 in this sticky thread - http://www.phpfreaks.com/forums/index.php?topic=37442.0 You either have some character(s) on the line before the <?php tag or your file has been saved with the BOM (Byte Order Mark) characters at the start of the file by your editor.

See example #6 at the following link on how you can include a file through the file system and get the resulting output into a variable - http://us2.php.net/manual/en/function.include.php If your code is expecting specific get variables to exist, you set them up before including the file and you would remove any get parameters form the end of the filename because get parameters are specific to having a URL - $_GET['id'] = $row['id'];

Mysql has its own time zone setting - http://dev.mysql.com/doc/refman/5.0/en/time-zone-support.html If it is not your own mysql server, you will be limited to using the Per-connection time zone choice and execute a SET time_zone = timezone query once you have established a connection to the database server.