PFMaBiSmAd

The evolt tutorial is fairly popular - http://www.evolt.org/PHP-Login-System-with-Admin-Features

The id of your <div> is id="name" The line of javascript that is referencing that contains - getElementById('name')

You need to access the <div> using .innerHTML (div's don't have values, form fields have values.)

String data values that are put into a query must be escaped. See this link - mysql_real_escape_string

^^^ We would need to see the code responsible for that symptom, so that the problem can be reproduced, but the most likely cause is code that is out of date and still relies on register_globals being on.

Your forgot to show us the php code that produced that page, but when php code is output to the browser it means that the php code was not seen as being php code. Either - 1) Your php installation is not working, 2) You used short open tags in your code <? instead of full open tags <?php , 3) You are not using .php as your file extension. Have you actually checked that any php code works at all Try the following - <?php phpinfo(); ?> ^^^ Yes, but did you check that they actually were enabled using a phpinfo(); statement?

For debugging purposes, add the following two lines of code immediately after the line with your first opening php tag, and tell us if any php detected errors are displayed - ini_set("display_errors", "1"); error_reporting(-1);

The access time of the current session data file is refreshed on the session_start() statement and garbage collection won't delete the session data file of the session that caused garbage collection to run. You should not rely on the underlying operation of session garbage collection to DO anything, like log people out. You should handle operations like that in your application code.

The actual code inside your while(){} loop is likely reusing and overwriting the $result variable, so when the while(){} loop is evaluated on the second pass through the loop, $result is no longer a result resource from the first query.

Why don't you just do what the error message tells you to do -

You must validate ALL external data. If you are dynamically putting the table name into your query from external data without validating what it is, some hacker has probably already gotten all your data.

The error is occurring before the WHERE. You would need to post what the query is up to that point. Best guess is you are dynamically putting some variable into the query and it is either empty or contains something that breaks the sql syntax.

The header() redirect should be - header('Location: error.php'); // no space between Location and the : You also need an exit; statement after the header() redirect to prevent the remainder of the 'protected' page from being accessed. Since that would mean you have two statements inside the if(){} conditional statement you would need to use the {} on the if(){} statement.

You also need an exit; statement after your header() redirect to prevent the remainder of the code on the 'protected' page from being executed while the browser is performing that redirect. This may have something to do with why your code was not working as expected before you put it into an iframe.

I can just about guarantee that your code is fetching and discarding a row from the result set. You would need to post your code from the point where you are executing the query through to end of the loop where you are displaying the results.

If you read the php.net documentation for strpos, you would learn why it is returning a zero(false) value when it finds the matching string starting in position zero and what logic test you would need to use to detect that vs an actual false value due to not finding the string.

You are only selecting one column in your query and that value would be accessed using the zero'th element of what mysql_fetch_row() returns. Is there some reason you are not using mysql_fetch_assoc() so that the column name you are fetching in $Database_Factions_1 would be the same associative element name you access in the fetched data?

Because it is the setcookie() statement that sends the cookie with whatever parameters are used in the function call and there are no default settings, you would need to modify the setcookie() statements.

You only use one on any page. The second one wastes processing time executing and in handling the following error - Notice: A session had already been started - ignoring session_start() in ....\memberspage.php on line 4

Your code works for me, other than a notice error concerning using two session_start() statements. About the only way the posted code would NOT display the username is if you have a row in your user table with a blank username and either your form is not submitting data using the fields with those names or you entered nothing in the username field in the form.

^^^ Only on fatal runtime errors (or fatal parse errors inside included files) otherwise php continues execution through to the end of your file or until it reaches an exit/die statement in your code. Function calls simply return execution to the calling code and the code continues running. It is up to you to put logic into your program to test the result of a function call. ^^^ Only if you put logic in your code to do it that that way. The mail() function call returns either a TRUE or a FALSE value. You would test that value using an if(){}else{} statement.

Programming is an exact science and we only see the information that you provide in your post. Random in programming or in a programming problem means something different than the same error always occur at the same point. ^^^ It would take seeing your current code that is setting the session variable and the code that is displaying the session variable to be able to help you with why it is not working.

The line of code you posted is missing the semi-colon ; at the end of the statement. And that cannot be a random error because it is a fatal parse error and is due to incorrect syntax in the code.

What makes you think that ^^^. Your code is not even testing the value that the mail() function call returns (which would tell you only if your sending mail server accepted the email, not if it was actually sent.)

You order the results by the date (so that all rows having the same date will be together in the result set.) Then in your presentation code you 'remember' what the last date is and when the date changes value you output the new date heading. Then you output the data. This results in a date heading followed by the data for that date. Pseudo code - $query = " your query string here.. ORDER BY date"; // assumes that your date column is a DATE data type so that ordering by it will sort the dates $result = mysql_query($query); // check if the query executed without error and if it returned any rows here... // retrieve and process the data from the query $last_date = ''; // initialize to a value that will never exist as data while($row = mysql_fetch_assoc($result)){ // test for a new date and output the date heading if($last_date != $row['date']){ echo $row['date'] . "<br />"; $last_date = $row['date']; // remember the new date } // output the data (under each date heading) echo $row['content'] . "<br />"; }