PFMaBiSmAd

Spambot scripts submit data directly to your form processing code and don't really care what you do on your form page. Also, since you are not validating or escaping any of the data being put into your SELECT query (or any of your other queries) to prevent sql injection, someone has probably already listed all the data in your table(s).

$togo is a copy of your $result['files'] which is a copy of the $_FILES array. Comparing an integer with an array doesn't mean anything. If you want to loop over an array of uploaded files, I recommend that you read example #3 at this link - http://us3.php.net/manual/en/features.file-upload.post-method.php

You have field names that are a series of named/numbered/named values. The reason thorpe asked is because that generally indicates you are trying to make a database act like a spreadsheet and this results in more code, hard to write queries, and poor performance.

The query error is most likely being caused because you don't have any white-space right before the FROM in the query and it looks like - SELECT tp.name, tp.nric, tp.gender, tp.race_id, r.race_name AS raceFROM tutor_profile AS tp INNER JOIN race AS r USING (race_id) WHERE tp.tutor_id = '" . $_GET['tutor_id'] . "'

I also recommend that when you find yourself repeating blocks of code that only differ in the data values they are using, that you create an array to define the data. It will make your code much simpler and easy to add, change, or remove choices - <?php // Define your data using an array. You can add, change, or remove information by simply altering the array values, no need to change any of your actual php code $data = array(); $data[1] = array('min'=>100,'max'=>50000,'title'=>'Learner Driver (1)'); $data[2] = array('min'=>50000, 'max'=>200000,'title'=>'Passed Driver (2)'); // ... repeat as needed ... $data[18] = array('min'=>1000000000, 'max'=>1000000010,'title'=>'Hidden Rank! (18)'); // all your 18 sets of if() statements are replaced with the following few lines of code if(isset($data[$name])){ // an entry exists $reprand = rand($data[$name]['min'], $data[$name]['max']); $query = "UPDATE users SET rank = '{$data[$name]['title']}', rep = '$reprand' WHERE username = '$userchange'"; mysql_query($query) or die ("Error Updating rank " . mysql_error()); } else { // no entry was found ... } // produce the select menu options - $options = ''; foreach($data as $key => $arr){ $options .= "<option value='{$key}'>{$arr['title']}</option>\n"; } echo $options; // output the options inside the actual <select></select> menu ?> This results in one set of code, and in your case, since your query is incorrect (you have an AND in the SET column=value ... section), would let you fix that problem by changing only one line of code instead of needing to fix 18 of them.

The two ini_set ('display_errors', 1); error_reporting (E_ALL); lines should be the first thing after your first <?php tag. In fact, you should have those two settings in your master php.ini on your development system so that fatal parse errors will be displayed and so that you don't need to remember to put them into your code during development or forget to remove them when you put your code onto a live server.

The actual problem is most likely when you are outputting the data on a web page. The ' or " is breaking the html on your page. You generally need to use htmlentities with the second parameter set to ENT_QUOTES when you output data on a page.

Myoga-, while your suggestion to add some error checking logic to find out why the query is failing is the correct course of action, posting 'fixed' and rewritten code that has nothing to do with the original code is not. genzedu777 is using mysqli The only recommended change to the code would be to use - $data = mysqli_query($dbc, $query) or die(mysqli_error($dbc));

If you are getting four different undefined variable messages for one line of code, wouldn't it be a good idea to look where those variable names are supposed to be getting defined at in your code and try to find out why the variable names you are using don't exist? And why aren't you calling your update_student_course() function? You apparently copied the query statement being used inside that function and pasted it into your main code without accounting for the different variable names you were using inside the function definition (see the problem about having four undefined variable names above.)

<?php $file2 = 'mytextfile.txt'; $openedfile = fopen($file2, "r") or die("ERROR- could not open file for editing."); flock($openedfile, LOCK_EX) or die("Error!- Could not obtain exclusive lock on the file to edit."); $dateX = '2010/09/04'; // simulate test data $dateY = '2010/09/04'; while(!feof($openedfile)){ $record = explode("|", trim(fgets($openedfile))); if($record[1] >= $dateX && $record[1] <= $dateY){ $matched[] = $record; } } echo '<pre>',print_r($matched,true),'</pre>'; ?>

This topic has been moved to PHP Freelancing. http://www.phpfreaks.com/forums/index.php?topic=320289.0

^^^ The error message is calling your attention to the point in the query where there is a problem. desc is a reserved mysql keyword and you should either rename your column to something else or you must enclose desc in back-ticks `` every time you use it in a query.

I see the current reason why your query does not contain data values. However, it will help you much much more if you set error_reporting to E_ALL and display_errors to ON so that all the php detected errors will be reported and displayed. You will save a TON of time.

^^^ You would need a session_start(); statement on that page (any page that sets or references a $_SESSION variable needs a session_start() statement.) If your login code is not working, you need to troubleshoot it first before you worry about any of the other code. I see some code in the login page that would be producing runtime notice/warnings. Are you developing and debugging your code on a system with error_reporting set to E_AL and display_errors set to ON so that all the php detected errors will be reported and displayed? You will save a TON of time.

Actually, someone has already posted why, in your code, you need to put the function definition before it is called - Your function definition is inside your else{} conditional statement. It would actually help if you indented your code properly so that you can see what code is at the same level. If you cannot see which code is part of the else{} statement, it is kind of hard to debug what your code is.

^^^ Yes. If the only processing you will do on the data is to retrieve matching records, so that you don't actually need to store all the records in memory, then yes, you should add a conditional test inside of the while(){} loop so that you only keep the matching records. If all your date values in the file are in the same exact format yyyy/mm/dd, with leading zeros in the mm and dd values and the $dateX and $dateY are both also in that same exact format, then you can compare the date values directly using greater-than/less-than comparisons and form an if(){} statement that only saves records that have a date field between the $dateX and $dateY values.

@Pika, Because php is a parsed/tokenized/interpreted language, function definitions in the main program scope are resolved at parse time and the definition can be after the call. However, if the function definition is inside a conditional statement (I'm sure of this one) or in an include file (I'm not 100% sure of this one Just tested and I'm sure of this one too), they are resolved at runtime and the definition must exist before the call.

You might want to look at all the name= attributes in your form and make sure they are what you want and that your $_POST[ ] variable names match. You have at least two form field with the same name (the last one will 'win') and at least two of your $_POST[ ] variable names don't exist.

See this post and the whole thread it is part of - http://www.phpfreaks.com/forums/php-installation-configuration/mail-function-not-working-319686/msg1506752/#msg1506752

Probably, yes. When php is running as a cgi application, a separate invocation of it is called on each page request, so the local php.ini is actually THE php.ini.

Try this -

The LOCAL values in phpinfo() should have changed. You are apparently using godaddy hosting. What php version?

You can also use if(!empty($error)) (for those of us who would define the array at the start of the code.)

The header() redirect is dependent on the same condition that the session_start() is, that no output has been sent to the browser before the header. Please read the following sticky thread (especially the last post about the BOM characters) - http://www.phpfreaks.com/forums/php-coding-help/header-errors-read-here-before-posting-them/ Edit: You also need an exit; statement after your header() redirect to prevent access to the remainder of the 'protected' code on your page. Anyone can currently still access your protected pages by simply ignoring the header() redirect.