PFMaBiSmAd

The line of code you posted out of context does not produce that error (tested). I put that line into a valid class definition/method definition and that line is syntactically correct. Something prior to that is causing the error.

Also, what does the phpinfo() show for output_buffering? If you are redirecting (all over the place) and output_buffering is ON, any php error messages that would be output on any page WON'T be because they will be hidden by the action of the output_buffering.

^^^ If you mean that it produced internal server errors, that means that php is not running as an Apache module and you cannot put php settings in to a .htaccess file.

Do you have a specific question, specific problem, or specific error with the code you wrote for the other questions? We are not going to write code for you or do your assignment for you

So, you got this code from some book. Sadly, the code does not even have any logic to check if the query worked or not and it is in fact doing something (the @) that would prevent a php error with the query from being reported/displayed/logged. You should remove any @'s that are in the code in front of statements. There's simply no reason for any code to have @'s in it. On a development system, display_errors should be ON because you want to know if there are any php errors occurring in the code so that you can find and fix them. On a live server, display_errors should be OFF and log_errors should be ON so that any php errors that might occur don't get displayed but they do get logged so that you can find and fix them. On both a development system and a live server, error_reporting should be at least E_ALL (using -1 is ever better since every php error category will be included) so that all the normal php detected errors will be displayed/logged. Sorry to get side tracked on errors and error_reporting/display_errors/log_errors, but at this point you don't even know if the query executed or not. You may in fact have the correct data in your database, but if the query is failing due to some error, there is no result object in $r for mysqli_num_rows to even test and your code will never match that data in the database. Short answer: When learning php or developing and debugging php code, you should have error_reporting set to E_ALL (or even better -1) and display_errors set to ON so that php will help you by reporting and displaying all the errors it finds.

It is possible to fake out and bypass just about every type of upload file checking in the right (wrong) situation. For example, in some combinations/versions of operating system, Apache, and php running as a server module, it is possible to use a filename like file.php.jpg and get it to pass simple file extension checking (the final .jpg is valid and will get past any code that is just testing for a .jpg ending.) But read this, some lazy programmer (probably in the Apache code) stopped parsing the file name at the .php in it and executes the file.php.jpg as a .php file. The safest things you can do that will ultimately protect yourself from a dangerous uploaded file in all situations is to - A) Move the file into a folder that cannot be browsed to, either because it is located outside of your document_root folder or it has had all HTTP/HTTPS requests disabled for the files in the folder. This option requires that you OUTPUT the files dynamically using some php code when they get requested. B) Move the file into a folder that has had the php language engine disabled, along with any other server side scripting languages that are available on your server, and any execute permissions (in case one of your scripts is putting user input into operating system shell commands.) This will cause the content of the file to be simply output instead of parsed by the server side scripting language(s) when the file gets requested.

Your code is still overwriting the variables holding the data. Seanlim went to the trouble of correcting the code you messed up and posted it AND you quoted his post, which suggested that you read it and used the code in it (OR you don't understand that there is a difference between simply replying to a post and quoting a post when you write a reply.) Short answer: Each line of code does matter. It does matter exactly what is written the right-hand side of an = assignment operator and it does matter exactly what is written on the left-hand side on an = assignment operator, because computers only do exactly what each line of code tells them to do. Even if you cannot produce the code you are using, you must have the ability to at least look at it and be able to understand what each line does.

The fact that you have an @ on the mysqli_query() statement to suppress php errors from it, is a pretty good indication that the query is/was failing due to an error of some type. Why do you have that @ in your code? ^^^ You might think that, but your code and the database disagrees. You would need to troubleshoot why your query is not matching one row in your database table.

There's a typo in the $errors array name in following line that would prevent the code from reporting anything when the username/password does not match the database - $errrors[] = 'The username and password entered do not match those on file.';

The 451 error leads to this link - http://cr.yp.to/docs/smtplf.html and is due to you using just \n instead of \r\n Given that you are getting the $subject from the form and you have likely already sent a number of test emails to the To: address, the receiving mail server may have added your sending mail server and the subject lines you were using to a black-list and is voting all email from it as spam and sending back the 554 response code. Also, by allowing the subject to be entered from external data and the external email address to be put into the header field without any validation, it is possible that bot scripts have been sending email through your script, which has gotten your domain added to various spam databases. Another possibility is that the receiving mail server is validating that the From: address is host at the sending mail server (which it should be) and/or you don't have an SPF record at the domain in the From: address (because it can be any arbitrary email address of the visitor filling in the form and you don't have the ability to know or set the SPF record at the domain) that authorizes your sending mail server to send email for that domain name. You should be putting an email address hosted at the sending mail server into the From: address and put the arbitrarily entered email address in to the Reply-to: address. You should also be validating the entered email address to prevent mail header injection.

A) You should be developing and debugging your code on a local development system and only put it on a live server once it is complete and tested. You will save a ton of time. B) You can set those two settings in the master php.ini (the preferred location on a development system), in a .htaccess file (when php is running as an Apache Module), in a local php.ini (when php is running as a CGI application), or in your script. Setting them in your script is the last choice because you must remember to remove the settings when you are done and putting the settings in your script won't get fatal parse errors to be shown.

When we write about error_reporting being turned on, we are referring to setting it to at least E_ALL and since that doesn't include E_STRICT or E_DEPRECATED, you should actually set it to -1 so that all the bits are set. Error_reporting should always be set to at least E_ALL (even on a live server.) Setting display_errors to ON will help you by giving immediate feedback because the error messages will be output to the browser. display_errors should be ON for a development system and OFF for a live server. log_errors should be ON for a live server.

Just a recommendation, but if you are having fundamental problems getting your php upload processing script to work, test it with a simple traditional HTML form first. Only add extras like javascript/flash AFTER you have completely tested and gotten the server side script working the way you want.

Cannot really help you with the specific problem you are having unless you post enough code that reproduces the problem. There are literally a dozen different things that could be causing the symptom and you have got to show what you are doing in order to narrow down that list.

Any chance that the reservationID column is defined as a key in your table so that duplicates cause a query error? In addition to using double-quotes around the overall query string, I also recommend forming the query string in a php variable, such as $query. This would allow you to echo $query inside of the loop so that you can see what it actually is. You would then use the $query variable inside the msyql_query($query) statement. You can also echo mysql_error(); on the next line after the mysql_query() line to see if the query is failing and producing an error.

Your logic looks correct. The problem is that php variables are not replaced with their value when used inside of a single-quoted string. Your query statement starts and ends with single-quotes, so the three php variables are just the variable names as strings of characters making up each variable name. You should almost ALWAYS use double-quotes around a query statement.

You cannot be serious? You put it back the way it was before you altered it.

If you had continued this problem in the thread you already have for it, where you did post all the error messages you are getting, everyone would know the reason why it is failing and could help without needing to guess.

Well you altered the both the $result and $results variables being used in the body of the while loop to $record, so you have nonsense code now.

Each page (html document) that gets requested and is output to the browser needs a doc type.

You cannot use a session to do this. All the visitor/bot script needs to do is drop the existing session id, get another session, and they can post again. You must store the time of the last post using a method that the visitor/bot script does not have the ability to clear.

mysql_real_escape_string would need to be after the database connection logic since a database connection is required for it to work.

It's the code I posted with the following two lines changed to use $res instead of $result - $res = mysql_query($sql); while($record = mysql_fetch_assoc($res)) { And with mysql_connect()/mysql_select_db() statements thrown in.

Upon actually testing that code (somewhat), the $result variable from the mysql_query() and used in the mysql_fetch_assoc() needs to be renamed to something like $res

The following is the code modified (untested) to use a database instead - <?php /* * Copyright (C) 2006 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /* * Search-as-you-type sample Ajax responder */ // Adding a cache control so that browsers won't cache Ajax requests header("Cache-Control: no-cache"); header("Content-Type: text/html; charset=UTF-8"); /** * Get the results based on user's query. * @param string $query Query * @return array Result array */ function GetResults($query) { $results = array(); $queryLength = strlen($query); // form the sql query string $query = mysql_real_escape_string($query); $sql = "SELECT name,type,content,moreDetailsUrl FROM your_table WHERE LEFT(name, $queryLength) = '$query'"; // execuite query here, using whatever method you currently use... $result = mysql_query($sql); while($record = mysql_fetch_assoc($result)) { $result = array(); $result['name'] = $record['name']; $result['type'] = $record['type']; $result['content'] = $record['content']; $result['moreDetailsUrl'] = $record['moreDetailsUrl']; $result['style'] = ($query == strtolower($record['name'])) ? 'expanded' : 'normal'; $results[] = $result; } return $results; } // Get the query $query = strtolower(ltrim($_GET['query'])); // Build response $response = array(); $response['query'] = $query; $response['results'] = GetResults($query); if (count($response['results']) == 1) { $response['autocompletedQuery'] = $response['results'][0]['name']; } // Output response echo "searchAsYouType.handleAjaxResponse("; echo json_encode($response); echo ");"; ?> You would need to add a database connection and adjust the fields in the query to match your actual columns. I did not determine what would happen if the fields being output to the AJAX differed from what the code originally expected.