PFMaBiSmAd

Simply use a WHERE clause in your SELECT query to return only the rows you are interested in - $some_variable = 3; $query = "SELECT * FROM your_table WHERE problem_id = $some_variable";

now() is a mysql function and belongs inside the query.

If someone has direct access to the contents of your files on the server, they would also have direct access to any other method you are using to define the database connection details. What makes you think that putting your connection information in a file is not secure?

Is the From: address hosted at the sending mail server?

Actually, the errors being shown in the results are likely due to incorrect values in the time-zone/dst database, rather than the fact that the time zone is one where dst affects the result (there would at most be a 1 hour error when the day changes, not the same result for several days.)

If you have set $_SESSION['current_email'] in another part of your script, it should be available after the session_start() statement in the code you just posted.

I don't have any idea why you are using $_GET because the default is POST. Adding the following line before your session_start() should work (it did for me) - session_id($_POST[session_name()]); FYI: Apparently the flash player is it's own client and it maintains a separate cookie cache from the browser, as least in FF (though I did see indications that doing this in IE actually works without passing the session id through the uploadify data.)

Hmmm... I played with the uploadify code and it does not cause the session id cookie to be sent for some reason, so passing the session name/session id through the uploadify code is probably the simplest solution. @dschuett, if you pass the session id into the uploadify.php file the way aleX_hill has shown, your $_SESSION variables will exist. You don't need to do anything else.

@aleX_hill, You may or may not want to revisit this, but your problem reads like the session id is not being passed because the uploadify.php file is in a different folder and the session.cookie_path is not set to the default of / to get the session cookie to match all paths of your domain. Are all these websites using the same domain name? What does a phpinfo(); statement show for the session.cookie_path? Another reason you might want to revisit this is because getting the destination folder for the uploaded file from the client will allow someone to overwrite any of your site's files with his own by specifying any path they want. Your uploadify.php code should set or determine the destination path independent of any data the script receives from the client.

^^^ That's not the name="...." you gave your form field.

It's likely that either the host-name (sub-domain, even the www. vs no-www being used) or the path part of the URL changed from where the session id cookie was set at and the session id cookie settings are not set to match all sub domains or paths on your domain. All HTTP requests that the browser makes, even if it is due to a flash object on a page, sends all the matching cookies to the server with that request, so, if your session is not working because the session id is not sent, it is likely because the URL being requested does not match the cookie and you would need to set up the cookie so that it will match all variations of your domain. You should start a new thread for your problem (it's unlikely it is identical.)

Yes, but that would also add a space character before and after the value. Remove the extra space between the first " and the ' and the ' and the next ".

Those quotes are part of the php code that is making a string. They are not part of the HTML that is output.

Your HTML is invalid/broken. You need quotes (either single or double) around the value="..." attribute.

It's fairly easy to craft a file that when checked returns a 'safe' and expected mime type but actually contains php code and if it is ever executed as a script file allows a hacker to take over your site. The best solutions are to both check everything you can about an uploaded file and to also put it into a location where it cannot be directly requested and/or where the php language engine has been disabled, and of course, never allow an uploaded file to be included or eval'ed by your code.

It would probably be easier to explode the filename on the '.' and then check how many parts there are. This will also allow you to get just the last part/extension by itself for further testing.

Change this - <tr id="captionRow"> to this - <tr id="captionRow" style="display:none">

Or for the actual answer to your question -

You should always post the actual code/query... that produces the symptom you need help with. It avoids wild-goose-chases and wasted time. You should not be typing code into posts (unless you are making a reply.) Always (and simply) copy paste actual code. Altering one word or one piece of punctuation changes what code does and changes what we see and what direction to look to find the problem.

key, as you might imagine, has significance to a database query language. It is a reserved key word and you either need to enclose it in back-ticks `` every time you use it in a query, or simply rename your column to something else.

One = sign is an assignment operator and the result of assigning 1 to a variable, is always TRUE. Two == signs is a comparison operator.

AND is a logical operator. + is a mathematical operator (at least in sql and php.) You would want to use a string function, such as CONCAT() - http://dev.mysql.com/doc/refman/5.0/en/string-functions.html#function_concat

mysql_num_rows() does NOT accept more than one parameter. The error means that your query failed due to an error. If you had searched for that error you would have learned this and that by using some error checking logic, such as echoing mysql_error(), would tell you why it failed. Your query has a few problems in it. You have single-quotes around the table name, making it a string instead of a table name (remove the single-quotes from around the table name) and you have some semi-colons : where you should be using equal signs (change them to equal signs.)

The code you posted is freeing the mysql result inside of the loop: mysql_free_result($result), so of course you are only iterating through the loop once. Why did you put mysql_free_result($result) inside of the loop?

Most of the quotes you are using in your code are curly/smart quotes and cannot be used in programming. You need to use simple straight quotes " or '