PFMaBiSmAd

The session file is probably already open due to one piece of your code and another piece of code attempts to open the same session file. Any chance your page is using a captcha image where the main page and the code for the dynamically generated captcha image are both executing a session_start() or you are using Ajax and the code that the Ajax is requesting is using a session_start along with the main page?

$endtime_24 and $sttime_24 are formatted strings that consist of parts that have three different number bases (24hours,60minutes,60seconds.) You cannot perform math on strings that contain non-numeric characters (computers treat the first non-numeric character as a stop character) and you cannot perform math on numbers unless they are all in the same number base. I recommend getting both values into the number seconds they correspond to in order to perform the math.

Why not sort it the way you want it in the query?

You should be developing and debugging your code on a system with error_reporting set to -1 and display_errors set to ON in your master php.ini so that all the php detected errors will be reported and displayed. Based on the code you posted, your mysql_connect() is probably failing and every mysql_ statement after that is also failing, which would explain why any variable passed through mysql_real_escape_string() is empty.

If you have a file upload feature, it would be quicker and would allow a more complete assessment of the security holes if you just posted the code. Are you even including files based on get parameters so that what I wrote in point #2 even applies to what you are doing, because no one wants to write a book that has nothing to do with the problem. And again, if you are including files based on get parameters - A) are the two settings that I mentioned even turned ON (in the case of remote php code inclusion) and B) it would be quicker and would allow a more complete assessment of the security holes if you just posted the code (in the case where someone could be including administration pages into a visitor's page.)

Php and/or your code is escaping the data too many times. It would help if you posted your code.

No, he's not. The password is a sha1() hash.

The two most popular and easiest ways that someone can add folders and files on your server are - 1) You have an upload script that allowed someone to upload and execute their own php script on your server. The php script that they uploaded was a file manager/control panel that then allowed them to do anything they wanted. 2) You are including files based on file names put onto the end of URL's, such as ?page=some_file and the allow_url_fopen and allow_url_include settings are on and someone got your code to include and run their own remote php code on your server. The php script that they got your code to include and run resulted in a file manager/control panel script to be placed on your server that allowed them to then do anything they wanted. The fix for item #1 is to validate what was uploaded and to place the uploaded file into a folder that either does not permit any http requests to the uploaded files or to disable the php language engine in the folder. This will prevent any php scripts that get uploaded (even those that appear to be image files that can pass most validation tests.) The fix for item #2 is to validate the get parameters (you must validate ALL external data) that are put onto the end of the URL and to turn OFF the allow_url_fopen and allow_url_include settings. This will prevent the inclusion and execution of remote php code. You also need to validate the get parameters that you are putting into include statements to make sure that administrator include files on your server are not being included into a normal visitor page as that would give the visitor access to the administrator operations.

Never mind that the other post by the OP with this same information (or lack of) is in an even bigger font.

The max_execution_time isn't actually part of the time taken to upload the file -

This thread is a double/cross post. Don't waste your time replying. Here's the active thread - http://www.phpfreaks.com/forums/php-coding-help/calculating-monthly-subscriptions-325102/ Edit: And you should treat this like a deposit account and record each addition to the account and get the total by calculating the current value. By simply maintaining the total, you loose a record of when amounts were added and it is also easy for logic errors to change the total and you have no idea what the value should be.

There's always the original documentation - http://dev.mysql.com/doc/refman/5.0/en/delete.html

^^^ I have no idea what you mean in your post above, but if you read the whole thread and perform the suggested search/replace in the 1,2,3 sequence that was listed, <?= will become <?php= in step 1 and <?php= will become <?php echo in step 3.

The code you posted CANNOT produce the error/result you state. It's likely you have some other query that is failing in your code that is producing the stated error.

Your HTML is invalid. You need quotes (either single or double) around the value = "...." attribute.

I would treat it as a completely separate subscription/account. You would need to add a column for a subscription/account id rather than using the username column. Yes, just alter the INTERVAL SUM(length) DAY to INTERVAL SUM(length) SECONDS (two places in the query.)

You can do this directly in the query. The following sample query uses the length in days instead of seconds - $query = "SELECT username, MIN(date) as start_date, SUM(length) as length, DATE_ADD(MIN(date), INTERVAL SUM(length) DAY) as end_date, DATEDIFF(DATE_ADD(MIN(date), INTERVAL SUM(length) DAY),CURDATE()) as days_left FROM rsp_subscriptions GROUP BY username"; This gives an output like - Username: Luke, Subscription Start: 2011-01-11, Total Length (days): 60, Subscription End: 2011-03-12, Days left: 19 Username: stmiddleton, Subscription Start: 2011-01-18, Total Length (days): 1, Subscription End: 2011-01-19, Days left: Expired: 33 Days ago Where the Luke username has two rows of 30 days each and the stmiddleton username has one row of 1 day. The actual code I developed for this - <?php // subscriptions - (deposit account) include 'db.inc.php'; $mysqli = new mysqli($db_host,$db_user,$db_pwd,$db_name); // some dummy test data $data[] = array('username'=>'Luke', 'sub_type'=>'1 Month', 'date'=>'2011-01-11', 'amount'=>'0.01', 'length'=>'30'); $data[] = array('username'=>'Luke', 'sub_type'=>'1 Month', 'date'=>'2011-02-01', 'amount'=>'0.01', 'length'=>'30'); $data[] = array('username'=>'stmiddleton', 'sub_type'=>'Free Trial', 'date'=>'2011-01-18', 'amount'=>'0.01', 'length'=>'1'); // code to insert dummy data, removed ... $query = "SELECT username, MIN(date) as start_date, SUM(length) as length, DATE_ADD(MIN(date), INTERVAL SUM(length) DAY) as end_date, DATEDIFF(DATE_ADD(MIN(date), INTERVAL SUM(length) DAY),CURDATE()) as days_left FROM rsp_subscriptions GROUP BY username"; if($result = $mysqli->query($query)){ while($row = $result->fetch_assoc()){ if($row['days_left'] < 0){$row['days_left'] = "Expired: " . abs($row['days_left']) . " Days ago";} echo "Username: {$row['username']}, Subscription Start: {$row['start_date']}, Total Length (days): {$row['length']}, Subscription End: {$row['end_date']}, Days left: {$row['days_left']}<br />"; } } else { echo "Query failed: $query, Error: {$mysqli->error}<br />"; } ?>

The URL you put into the src="...." attribute of the <img> tag needs to have a GET parameter on the end of the url that identifies which image the picsript code should retrieve and display. Assuming you have an auto-increment id column in your images table, I would use the id.

You didn't post enough of your code that produces/reproduces the problem. How could anyone here be able to tell you what is wrong with your php code without seeing the portion of it that produces the output?

A) You are aware that it is the browser that requests the image, which is why there is an <img > HTML tag in the first place. You must use an <img> tag for each image you want on a web page. B) The picsript code must retrieve the correct image from the database and output it in response to the request the browser makes for the image. However, your SELECT query in the main code should NOT select the image column (as that wastes time and memory retrieving a large amount of data that you cannot even use in the main code) and your SELECT query in the picsript code only needs to select the image column. If you plan to have any image types beside image/jpeg, you should add a 'type' column to your table to store the corresponding Content-type: for each image. Your picsript code also needs to use the $image variable in the query to retrieve the correct image data.

Your newletter link is invalid HTML. It has one too many /

The $_SESSION variables still exist in the program but they are no longer part of the session data because the session data file has been written and closed. Without that session_start(), if you modify/create any $_SESSION variable in your code after that point, the changes are local to that instance of your code and don't carry over to a new page request.

Is 'localhost' the correct hostname for the database server that your database is on? Does your web host require that you prepend your hosting account name to the database username?

<?php session_start(); // start the current/old session (loads the $_SESSION variables) $base_name = '/sess_'; // the base name for the session data files $old_sessionid = session_id(); // get the current/old id $_SESSION['test'] = 123; // some test data session_regenerate_id(); // generate a new id and a new data file $new_sessionid = session_id(); // get the new session id to store in the user table for the current visitor session_write_close(); // close (release) the old (and the new) session data file (php apparently doesn't close the old file when the id is regenerated) unlink('c:' . ini_get('session.save_path') . $base_name . $old_sessionid); // delete the old session data file session_start(); // restart the current/new session // show the old/new session id echo "Old Session: $old_sessionid<br />"; echo "New Session: $new_sessionid<br />"; print_r($_SESSION); // dump any session data ?>

You only receive the data/variables from the form that was submitted.