PFMaBiSmAd

This topic has been moved to Miscellaneous. http://www.phpfreaks.com/forums/index.php?topic=308058.0

At a minimum you are going to need a mysql_select_db('your_db_name_here'); statement or you will need to specify the database name in the query - db_name.table_name

What is the data type of your amountFrom and amountTo columns? It would need to be an INT for math comparisons to work. Also, by putting the '1000' inside of single-quotes in the query, that makes it a string and strings are compared character by character starting with the left-most character.

Not knowing the script in question, there's two possibilities - 1) Your php script was using a GET parameter on the end of the URL as the name of a file to include/require and was not validating what it was passed AND the php.ini settings that allowed remote files to be included was ON and someone got your script to include their raw php code and run it on your server, or 2) Your php script was expecting a variable $incdir to hold the path/name where it included files from, but register_globals are turned on and the setting that allows remote files to be included is ON and they were able to set $incdir to point to their raw php files when they requested your script. They were also able to request a file of your script that was intended to be included into a page rather than requested directly and that code then included their raw php code and executed it on your server. The second case is more likely given the incdir name being used. Register_globals were turned off by default in php4.2 in the year 2002 precisely because of this. They magically allowed hackers to set your program variables and session variables to any value they want when they make a http request to your code and a lot of web sites have been taken over. Here's a list of things that should have been done differently - 1) All external data must be validated. 2) Files being included should check if they were requested/browsed to directly or they should be put into a location where they cannot be requested directly. 3) register_globals was the worst security hole ever deliberately (yes they did this on purpose as a lazy-way short-cut) put into a programming language and when the security problems with it were discovered, it should have been permanently turned off. If this setting is on, your web host is partly responsible by not following the recommendation to turn it off over 8 years ago. The people who wrote the script should have also been aware of this security hole present in php and should have done item #2 on this list. 4) The setting that allows remote files to be included should be turned off whenever possible, in case someone didn't do items #1 and #2 on this list.

SELECT pointtoIncrease FROM your_table WHERE amount BETWEEN amountFrom AND amountTo

You can specify leading zeros and the display length on an INT data type column definition.

A) You should NOT have passwords stored as plain text. You should store then as a hashed/salted value, either md5() or sha1() using some salt string you devise prepended/appended to the actual password before hashing it. B) You would need to get the field name along with the value in the foreach() loop that is printing the value and test if the field name is 'password' and display what you want instead of the actual password.

Actually, I'm kind of hoping that code is not from a tutorial printed or posted somewhere. The code that displays the form is before the form validation logic, so it is not directly possible to re-display the form when there is an error, the code is performing two queries when only one is needed, and the first query tests just the username and reports if it was not found (which allows a hacker to keep trying usernames until he finds a valid one.) But the good news is, if you correct the errors that have been pointed out so far in the replies, the code functions as expected.

You have also got another basic error - $_post should be $_POST As has already been stated, everything (except for comments) is significant in a programming language. It does matter if something is supposed to be capitalized. If you are getting stuck at these basic errors - a semi-colon not inside of a quoted string, when 7 lines later in the code there is a similar string done correctly; missing = signs in a HTML form, the second one of which prevents that value from being submitted; queries that have single-quotes around table/column identifiers; a built-in php variable name not capitalized correctly, then you must go out and get a basic php/mysql/html book and learn the basics first before you can attempt to do anything useful using php/mysql/html. The purpose of a tutorial about building a blog is that it shows how to go about building a blog application. It assumes that you have the basic programming skills and knowledge needed to do so and you are only looking for ideas specific to building the application.

LOL, anyone can submit any values they want because they don't need your form to do so. A hacker or just someone who wants to cheat at whatever you are doing could inject sql and INSERT any number of records into your table with any values they want.

Once you get past the basic php syntax errors in your code, you will find that the sql in your query also contains syntax errors. Using string concatenation, where you are switching into/out-of a php quoted string and an sql quoted string repeatedly is very error prone because of the number of different elements mixed together and that it is hard to see what is the sql syntax and what is the php syntax. If you use sprintf, it makes it easier and less error prone to build queries that have more than a few php variables in them. You can see what the sql syntax is and what the php syntax is because they are kept separate - $query = sprintf("INSERT INTO subscriptions ( name, email_address, membership_type, terms_and_conditions, name_on_card, credit_card_number, credit_card_expiration_data) VALUES ('%s','%s','%s','%s','%s','%s','%s')", $_SESSION['name'], $_SESSION['email_address'], $_SESSION['membership_type'], $_SESSION['terms_and_conditions'], $_POST['name_on_card'], $_POST['credit_card_number'], $_POST['credit_card_expiration']); Also, doing this will easily allow you to see that you need to add mysql_real_escape_string() to the individual values that need it (to prevent sql injection and any sql special characters in the data from breaking your sql syntax and producing an sql error.)

The code that sasa posted corrected the fatal parse error, which I just tested. If you got the same error, then you didn't actually change the code in the file that is being requested.

Your form has at least two missing = signs in it. The first is in the type= statement for the Username and the second is in the name= statement for the Password. Your code, which I assume you 'interpreted' from what you saw in some book or tutorial contains a number of incorrect elements. I see at least two more problems with single-quotes around the table name and column names in your query (single-quotes go around strings, not table/column names.) Computers only do exactly what their code tells them and each character making up the code has significance. You cannot move, leave out, or change things and expect code to work.

No one can directly answer that question without seeing the form and/or the php code responsible for the symptom. 1,013 different people could have written some code that produces that same symptom and there could be something different wrong in each of their programs and your code could be the 1,014th different thing. If you want help with the problem in your code, you must post the code responsible for the symptom.

Exactly what part of doing this trivial task do you need help with? There are countless examples of forms and php form processing code posted all over the Internet. Taking any of them and adding one line of code to call a php function to convert the entered number into the equivalent word string and output that is, well, a trivial task.

Your closing } that is part of your while(){ loop is located before the code that displays the information from the database. You would probably want to put that } at the end of the code that displays the information from the database so that the code would actually be executed each time through the loop.

There are countless php scripts posted all over the Internet that do this. Did you try searching for "php convert numbers to words"?

Does the URL in the browser address bar display the expected URL with the ?action=add&p=5&size=small on it? If it does, then your code is probably overwriting the $_GET variables. If you want someone here to directly help with what your code might be doing, just post your code for the quickest solution. The global keyword ONLY has meaning when used inside of a function definition (and even there it should not be used at all for well written code.) Using it on one of php's already superglobal variables, like $_GET, actually creates a new set of variables that DON'T have the values from the actual superglobal variable.

http://code.google.com/apis/calendar/data/1.0/developers_guide_php.html#CreatingEvents

It's invalid when treated as php code. It's more likely that it is something out of a template system. A few lines of code, out of context, is generally meaningless. What script is this part of and what is the code surrounding it doing?

What you are doing sounds like a unique collection of steps and that's the whole purpose of programming in any language, to create code that does what you want it to when you want it and with your specific data. You are not going to find a script that does - band member logs in, submits information, email gets sent to you with approval link, link requests a page that adds specific data to a specific application. What specific problem, specific question, or specific error (these are the type of specific things programming help forums can help with in the few hundred words of a reply) do you have that you need help with?

You are kind of asking someone who is not standing right beside you to magically know what your code is (and the few lines you did post is not all the relevant code because that does not show how you are getting the data and what processing you are doing to it), what the actual data values are, what data value is failing (and what are some of the ones that work), and what results you ARE getting for those data values vs the expected results. Had you simply included in your first post in this thread - 1) All the code (someone could duplicate the problem in a few minutes and tell you what to do to fix it), 2) Some actual data values you are using that work and does not work, 3) What result you are getting for each piece of that data. I'm going to guess this has something to do with slashes /, but since you haven't shown anything you have seen in front of you when you do this. it's kind of hard to guess what sort of problem you are having.

LOL, the two lines of code that thorpe pointed out with errors in them would have prevented your php code from executing at all. If you received emails while using the code that contained those two errors, then the code you are actually using on your server is not the code you have been posting. I'm thinking that using a page with a flash form on it would probably not show any output from the php code. If you are receiving some of the form data in the email but not those two values, it is either due to your form not sending the data to the php code or due to a field name mis-match. What is the actual code of your form page and what are the exact (keeping in mind that computers only do exactly what their code tells them to do and a spelling error or capitalization difference would prevent this from working) field names it is sending? I seriously recommend getting this to work with a HTML form first, then do any extras like using a flash form. Also, if this is gong to be used for real (not just an assignment in a programming class), you MUST validate, in your form processing code, any of the form data that is being put into the header field to prevent hackers from sending their email through your mail server.

Define: still nothing? What output did you get? You are expecting someone who is not standing right next to you to help you with what your code is doing. If you don't state or post what results you did get, no one can possibly help you. Based on your symptom of 'still nothing' it is likely that your form is invalid and isn't sending anything to your form processing code.

Find out what data your form is sending. Add the following lines for debugging purposes (remove them when you are done) - echo "<pre>"; echo "GET:"; print_r($_GET); echo "POST:"; print_r($_POST); echo "</pre>";