PFMaBiSmAd

The only information you receive with any http request is what comes with the http request. That includes the ip address of the device that made the http request and to which the reply will be sent back (this is gotten out of the TCP/IP data packets), the URL that is being requested along with any GET parameters that are part of that URL, any headers that are included in the request, any COOKIES that are included in the request, and any POST data that is included in the request. The only way you can identify where a request came from is by looking at the available information. If another web server is being used to directly POST data to your site and that web server has a fixed IP address, you can block the IP address. That will slow someone down, but it is fairly easy to go through a web proxy server to get a different IP address. What sort of problem are you having that you are tying to solve because most problems with receiving undesirable input must be addressed in your code by validating the input that is received.

^^^ You must supply enough variables in bind_result() to match the number of items in the SELECT statement.

session_register() was depreciated over 8 years ago. Use $_SESSION['name'] to set or reference session variables.

Define your table with the following - UNIQUE INDEX `Index_name`(`product_id`, `value_id`)

A Lazy programmer. The @ suppresses the reporting of php detected errors. Using it would mean that the programmer did not bother to check if the function he put it on would generate an error, so he simply suppressed the error reporting. There's no reason at all to put @ in any code. On a live server display_errors should be OFF so that any errors that php detects won't be displayed any way and there's no point in there being any @'s in the code. On a development system display_errors should be ON so that you get immediate feedback of any problems so that you can fix them, not hide them. Also, someone has posted that the @ actually causes extra php code to be executed simply because it is present. It doesn't say, if there is an error, don't report it, it apparently reads and saves the existing error_reporting level, temporarily sets error_reporting to zero, then restores error_reporting after the statement has completed. Php.net has made a statement about wanting to speed up the @ handling in future versions of php, which tends to confirm that simply putting it in code, even if there is no error, is causing this extra code to be executed. The @ also suppresses the logging of errors (log_errors is ON) so in a real application, it would suppress any information about problems occurring in your code, such as a legitimate visitor supplying some valid but unexpected data or a hacker deliberately trying to break into your script and triggering errors. You would want to know if either of these things are occurring so that you could fix them. Using @ would hide this type of information. We also get occasional posts in the forum where someone has an @ in their code and the code is not outputting the errors. So, using @ can slow down the development and debugging cycle by hiding problems in your code when you most need to see them.

What's the data type definition for the column? If it's a string type, you would pad the values with zero's. if it's a numeric type, you would redefine the column to have a specific size with zero fill. Or you could just handle the zero pad/fill when you retrieve the data in your query or when you display the data in your php code.

^^^ It would take seeing lines 1 - 2 of index.php to determine what output you are sending that is preventing the session_start() from working.

The point of using a server side scripting language to make a site is you only need one file/page, so you are not even in a position to need to "copy/paste that code onto every page of my site now" because there is only one page that dynamically displays all the content and you only need to put the common code in once.

It sounds like you changed the double-quotes that enclose the whole query into single-quotes. No one stated to do that. I stated that - Literal date values must be enclosed in single-quotes inside the query.

Literal date values must be enclosed in single-quotes inside the query, otherwise they look like a mathematical expression (2010 - 08 - 01 equals 2001).

You would have an authentication system that both requires that the current visitor be logged in and that he have the necessary privileges to update the profile that the id belongs to. He would either need to be logged in as the user that owns the profile or as a administrator to your site.

What data type is your `date` column, a mysql DATE? Edit: Also, what format is the $_GET['searchdate']?

Your code in update_ac.php does not contain any code to set the variables $name, $lastname, $email, and $id from the corresponding $_POST variables that are from the form.

Yes, if you are including a file based on a GET parameter passed to your code, you must validate that the file name is just an allowed value (which will eliminate those cases where it is an actual URL of some raw php code on a hacker's site.) Also, you must validate the file name in the context where it is being included (only allow the correct files to be included on any particular page.) This is needed to prevent someone on your site from including say an administrative file on your site when they are only a guest on your site. Edit: If you are including a literal file name, as in include "file.php";, then no, that is the only file that can possibly be included by that line of code.

automatically in programming means that the programmer wrote code to do it. The whole point of programming is to write the code you need to cause what you want to happen when and where you want it. Expecting a programming language to do something automatically that you want in a particular case means that those people who wanted something different to occur in that case must first undo what the language did before they do what they actually wanted. The cases where php.net caused the core php language to do things automatically for the programmer have all been depreciated and/or turned off by default and/or soon to be removed because they turned out to be bad ideas because they limited the general purpose nature of the programming language. Parameters in function calls, are just that, parameters. What you do with those parameters is up to the programmer to decide to meet the goal of the code he is writing. One person might initialize class variables, another might create a database connection, another might include a specific file, another might create a session variable, another might create a log file...

You need exit; statements after each header() redirect to prevent the remainder of the code on the page from executing while the browser requests the new URL that is in the Location: header. The last header() your code is outputting WINS.

A) The php mail() function is the simplest method of sending a basic email. B) Whatever method you do use in a script you must take into account the requirements that the host for the sending mail server has set up. C) Where exactly did you try your test script at, what sending mail server did you use (a local mail server or a remote one), and did you meet any requirements that the sending mail server expects, such as using SMTP Authentication to satisfy relaying restrictions or setting the From: address to be a valid mail box at the sending mail server?

I have mentioned twice why the variables would be undefined with the code in its current location.

As to your current form problem, you need to use overall double-quotes when you form the string. You can then simply put php variables into the string (and as I posted, the $form12 = "... ..."; code must be located after the point where the variables are set) - $form12 = "<h3><em style=\"color: #F00\">$wk $wknum</em></h3> <form name=\"Picks\" method=\"post\" action=\"$process\"> .... the rest of your form ... ending with a double-quote"; You could also use the Heredoc string syntax if you want to avoid escaping all the double-quotes inside of the double-quoted string.

It sounds like your database tables have or almost have everything you need. The goal for your code should be some simple code to retrieve the data you want for any time period (or week number) and simply iterate over it to display it the way you want. You should NOT have 13 sets of unique if/elseif statements that define which teams play each other each week, that information should already be in your database tables. If you post your current structure/definition of your tables along with a small amount of sample data (~ four rows for each table would be enough), someone can probably provide better/specific help. I would also add, that if you are using the week number as your main key for labeling/storing/retrieving information, you should probably have a database table that relates the week number to the actual start/end dates.

I'm going to guess that someone already pointed out in one of your other threads for this application, why that part of the code does not work, so I won't revisit it. As to your question - What is wrong? - A) Once you fix why the php code in your form is not working (you should just be putting php variables in because it is already php code, i.e. a php string), you must know that php variables are evaluated at the time they are referenced and you would need to put your $form12 = "... ..."; code after the point where you have assigned the correct values to each variable. B) You should be storing the weekly game/team/date information in your table instead of hard-coding it in php logic. Then you would simply retrieve the information that you want in the order that you want it and iterate over it to display it. You will find that by properly organizing your data and using your database to hold the relevant data that your code will be reduced to almost nothing and it will take you a very short time to complete this application. Doing it the why you are attempting now will take a minimum of 20 times longer to produce the application just because of all the code you are writing and all the copy/paste/over-typing and typo errors you must find and fix.

What exactly does a 'view source' in your browser show? I.E. blank to you can mean something entirely different to someone who is not standing right next to you.

Session_start() and using $_SESSION variables in a script running as a cron job don't make any sense and won't work because there is no browser to propagate the session id between invocations of the script.

Your database table (one) would hold their name or a user_id that points to their user information in a user table, their color (in your choice of storage, the hex HHHHHH value would probably be as good as any), the x, and the y coordinate - id, user_id, color, x, y You only have records entered into the table for users. The code that dynamically builds the image gets the color, x, and y values and simply does a imagefilledrectangle() to put each 5 x 5 block onto the master image. For the variation of the code I posted above, this would look like - $query = "SELECT color,x,y FROM grid"; $result = mysql_query($query); while($row = mysql_fetch_assoc($result)){ // id, name, color, x, y // the name would need to be output in the html $x = $row['x']; $y = $row['y']; $c = str_split($row['color'],2); // break into each hex pair // the following offsets by 1 in each direct for a border. Subtract 1 throughout (4 places) if no border imagefilledrectangle($img, ($x * $size) + 1 , ($y * $size) + 1, ( $x + 1 ) * $size , ( $y + 1 ) * $size, imagecolorallocate($img, "0x{$c[0]}", "0x{$c[1]}", "0x{$c[2]}")); } header ('Content-type: image/png'); imagepng($img);

^^^ Simple, just read the error message, then look at your connection.php code, line 9 to see why it might be sending output to the browser. You have a closing ?> php tag, followed by a new-line, then another opening <?php tag. The new-line in the file is content that is output to the browser. Why do you have that and in fact why did you put a closing php tag only to put an opening php tag after it?