PFMaBiSmAd

Ummm. Your script that allows uploading of games is apparently NOT secure. If you want help with it you would need to post it.

You must escape string data that is put into a query so that sql special characters (a ' in this case) don't break the syntax of the query. I recommend using array_map with the mysql_real_escape_string function to escape all the data in your $data array at once - $data = array_map('mysql_real_escape_string',$data);

The two most common reasons why valid email gets voted as spam are - 1) You don't have a SPF DNS record that identifies your mail server as being authorized to send email for the domain in From: address - http://www.openspf.org/ 2) You are putting an email address into the From: address that doesn't match the domain at the sending mail server.

Also, by not escaping $name and $message, you could have characters in those fields that can break the sql syntax, resulting in sql errors (and it also allows sql to be injected.) You should use a mysql DATE data type (YYYY-MM-DD) for your date field. The M j y format you have now will make it extra difficult to match data by the date and retrieve it in any date order.

Your code is either stuck continuously executing a loop due to a logic error or you are doing something in your code that takes a long time.

If you echo mysqli_error($connectstring) as part of your else{} statement, it should tell you why the mysqli_prepare failed.

Either your mysqli_prepare() is failing due to an error (do you have any error checking and error reporting logic in your code so that you would know if it works or not) or you are overwriting the $stmt variable at some point in your code.

The data parameter needs to be in the form of a key/value - data: key1=value1 For your code, this should work - data: "gender=" + gender,

Why not just generate a random 7 digit number when you need one?

You would need to make the id in the <form tag match - id="message_area<?php echo $id_to; ?>"

The HTML of your <option value='...' is broken. You don't have any quotes around the value in the HTML and the first space character serves as a stop character when the browser submits the data. Since you are building the string with overall double-quotes in php, it would be easiest to use single-quotes (what I showed in red) around the value in the HTML. Alternatively, you could use escaped double-quotes \"

A) If you have an initial <form> tag (with out a closing </form> tag), before the start of your foreach(){} loop that outputs the code you did post, it will WIN and be the ?id= value that gets used when you submit any of the forms that would then be inside that initial form tag. B) Your showMessageArea() javascript function or some other javascript you have on the page could have something to do with this, especially since you have assigned the same id="message_area" to every form (id's must be unique.) C) Your messageSent.php code could be doing something to cause the value to be altered.

ALL external data can be set to anything, cannot be trusted, and must be validated to make it safe for use by your code - $_POST, $_GET, $_COOKIE, $_FILES, and some $_SERVER variables.

You have to use a file system path, not a URL. If you could use the http protocol to delete files off of web servers, just about every web site on the planet would have already had all their files deleted.

What does a 'view source' in your browser show for the page when it doesn't work? Either your page is redirecting to the download.php?action= page or something in your php code is stopping execution if you don't even get the footer to display in the browser.

If you are using LOAD DATA [LOCAL] INFILE to do the importing, you can use a SET statement as part of that query to modify values being inserted. You could also insert the MM/DD/YYYY value into its own column, then update the actual DATE column using the mysql STR_TO_DATE() function.

It's the payment gateway that posts the confirmation data back to the site. A matching user session won't exist in this case. @echoCarlos, your payment gateway should post a transaction id to your site along with the data for that transaction and you SHOULD then be able to post that data back to the payment gateway to confirm that the data came from the gateway (and that you received it error free) OR your gateway should have a unique value that only you and the payment gateway knows that gets securely sent (via https/ssl only) to you with the confirmation information. If your payment gateway doesn't provide you with a way of confirming that the data that was posted to your site actually came from the gateway, you should probably find a different payment gateway.

It's not text. It's heredoc string syntax. A link to the documentation was posted in reply #7 in this thread.

Any chance that the dbconfig.php code is also setting the $username variable? Are you getting just this part of the footer - "You are logged in as"?

How are you including the footer code into/on your page? Posting enough of your code that demonstrates/reproduces the problem would help. Also, your code that redirects if the visitor is not logged in, needs an exit; statement after the header(); statement to prevent the remainder of the code on your 'protected' pages from being executed.

^^^ LOL, any other relevant information you would like to share? Perhaps if you told us exactly what setup you have - how many server boxes, what works/doesn't work on each box, where the one web site is that doesn't work, if there are other php based web sites on that same box that do work correctly... You know, information that you know about the situation that narrows down the problem so that we don't waste a bunch of time guessing.

Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON so that php will help you by reporting and displaying all the errors it detects. You will save a TON of time.

I don't have an answer to your actual problem, but don't try to 'fix' it by turning on php settings. You have some fundamental problem on your server (hardware (memory, disk), operating system, IIS, php, mysql...) and nothing you do with php settings is going to correct a problem that suddenly appeared. You need to find the root cause of the problem. You need to be examining your server event logs, the iis logs, the performance monitor, the task monitor, disk health information, mysql logs, looking for huge data/log files, virus (both in the operating system and php script files), ... to find the cause of the problem.

All string data that you put into a query must be escaped. All numerical data that you put into a query must be validated as a number or cast as a number. In the case of your id value, you probably have a query something like - SELECT * FROM your_table WHERE id = $id If you don't validate/cast $id as a number in a query like that, it is possible to inject sql into that query using a hexadecimal encoded string (usually a UNION statement that outputs all the data in the table) that has absolutely no quotes in it so that escaping the data would have no affect on the injected sql. However, casting the value as a number would truncate the hexadecimal encoded string and prevent the sql injection. Php's mysql_query function specifically doesn't support multiple queries separated by ; (because too many people don't escape/validate data being put into a query statement.)

Are you sure about which line number and file name the error is occurring at? We only see the information you supply in your post and based on what you have shown, you don't have an array, or you wouldn't be getting an error message about it.