PFMaBiSmAd

Use an array. Arrays are for sets of same type data, i.e. the result set from your query. Creating a sequential list of variables is a waste of processor time, because you must now either keep track of how many you created and what they are named or you must hard-code the code that uses them. It's also most efficient to do any processing and output of data from a query inside of the loop that retrieves that data instead of processing the data twice, once to get it into variables and a second time to use those variables.

Cookies are in the hands of the visitor (or bot script) that is posting on your site. You cannot rely on the existence or absence of a cookie or the value in a cookie for the purpose you are attempting because a cookie can be deleted or altered and most simple bot scripts don't even accept cookies so isset($_COOKIE['postflood']) won't ever be true. What method are you currently using to authenticate, identify, and determine if a visitor can post on your site?

What first values? Your code is getting and echoing the value of the 'test' column and since it is displaying two values, 0 and 1, the best we can assume, since you did not provide any other information, is that is what you have for data in the 'test' column.

$subject = "Your Shoe by $headerB Order ID $headerK";

Read the error message. In your mysql_query() statement, the (2nd) parameter that is supposed to be a mysql connection link resource, is not one.

In addition to that example, I could visit one of your pages that tests a $_SESSION variable to determine if someone is logged in or is an administrator and can set it like so - http://your_domain.com/secure_page.php?any_session_varaible_name = the value I want Your secure_page.php - <?php session_start(); if(!isset($_SESSION['any_session_variable_name'])){ // not logged in header('locaiton: not_logged_in.php'); exit; } // I am here because I was able to set your session variables to any value I wanted by simply putting a matching GET parameter on the end of the URL // the rest of your page that you thought was secured by the above code ?> Another example is that some major scripts set a config variable that holds the path to files to be included, then includes a loader file that starts including files (such as templates, classes, or components of a cms...) based on that variable. All I need to do is request that loader file with a GET parameter that tells it to include the second level of files from my server and I just got my php code to be executed on your server (assuming that the php setting that allows this is on in addition to the register_globals setting.)

You are getting burnt (and possibly hacked) by php's biggest blunder, register_globals. Assuming you don't have any existing scripts that rely on register_globals to work, you should turn register_globals off ASAP. You can turn them off in the master php.ini (assuming you have access to it), in a local php.ini (assuming php is running as a CGI application), or in a .htaccess file (when php is running as an Apache Module.) Frankly, we are surprised to still see people with register_globals problems, because the setting was turned off by default over 8 years ago, because it allows a hacker to set your session variables to any value they want and a lot of web sites have been taken over.

What about the second part (without which the first part is kind of pointless) -

ALL the external information that your script received, even uploaded file information, is under the control of whoever or whatever submitted that information. The safest way to prevent exploitation in an upload script is to insure that the location where you move the uploaded files to does not have permission to execute any scripts or programs. You can also prevent direct HTTP requests to the folder where the files are moved to and only output them indirectly through a .php script.

From the documentation - The data type of the php array elements are strings, even if the values are numbers or are defined as a numeric data type in the table. Due to php's loose data typing and automatic type casting, this is usually NOT an issue. Do you have a specific problem?

I don't see any setting problems. Sessions are not that hard, what does the following two pieces of code do when you browser first to page1.php, then to page2.php - page1.php <?php ini_set("display_startup_errors", "1"); ini_set("display_errors", "1"); error_reporting(E_ALL); session_start(); $_SESSION['user'] = 'some value'; echo session_id(); ?> page2.php <?php ini_set("display_startup_errors", "1"); ini_set("display_errors", "1"); error_reporting(E_ALL); session_start(); var_dump($_SESSION['user']); echo session_id(); ?>

That it prints out something means that the <? tag is not a problem (you should change it to <?php anyway.) The error message it does print is 'We are sorry, but there appears to be a problem with the form you submitted.' That implies that not all of your form field are named as indicated in the php code, because they would be set, even if empty.

You would need to validate each submitted field (you should be validating anyway) and any fields that are empty should either be omitted from the UPDATE query or you could use the same field name on the right-hand side of the = so that the field will be updated with its current value. For example - UPDATE your_table SET column_name1 = column_name1, other columns here... instead of - UPDATE your_table SET column_name1 = 'value form the form', other columns here...

If you are getting no php errors and the session variables don't carry over using the code you posted, then either - 1) You have disabled cookies in your browser and the session id cookie is not being propagated between the two pages, or 2) You are either changing the path in the URL or the hostname/subdomain in the URL, between the two pages, and the session id cookie is not setup to match any path/hostname than the one where it was set or you are changing the whole domain in the URL, or 3) Your php configuration is not setup to use sessions or to pass the session id using a cookie and/or on the end of the URL. Edit: 4) ini_set() has been disabled on your server and you won't be seeing any php detected errors from the posted code. To troubleshoot - #1 - have you changed your browser configuration to block cookies and is a session id cookie being set in your browser after you browse to the first page? #2 - what are the URL's of the two pages and what does a phpinfo() statement show for the session.cookie_path and session.cookie_domain settings? #3 - what does a phpinfo() statement show for all the session... settings?

That's because trim($table) == 'pigs' is evaluated first, then the result of that is OR'd with 'sheep' and the result of that is OR'd with 'goats' ... The result of which is always TRUE. You would need to write out each comparison or since you are comparing one variable with a list of values, use the in_array function.

You are setting $_SESSION['user'] and $_SESSION['pass'] on the first page. You are referencing $_SESSION['client'] in the var_dump() on the second page.

A) Like mrMarcus just wrote, you did not provide any help as to what it did do, and B) You might want to read the following thread because it appears to be the same basic code - http://www.phpfreaks.com/forums/index.php/topic,302757.0.html

You can only output one set of headers and the corresponding file contents per HTTP request. You can either dynamically produce a set of 'download links' on a page so that the visitor can click on each of them or you would need to zip the contents of all the files into a single download.

Your scheme falls apart if I want to operate on, for example, the 3rd through the end of the current month and the 1st and 2nd of next month. The values would be indistinguishable. Even with the gap notion, one simple sort won't work. You would need to split the data at the gap, sort each group, then put the data back together. ^^^ It's never too late to fix a design problem. The earlier you fix a problem, the more time you will end up saving over the time you will waste working around the design flaws.

You would need to use logic similar to that found in this post - http://www.phpfreaks.com/forums/index.php/topic,302761.msg1432493.html#msg1432493

One = sign is an assignment operator. Two == signs is a comparison operator. So, yes, your variables are set, with the value on the right-hand side of the = sign, and the if() statements are true at that point.

Tissle, your code is a mismatch of using mysqli and mysql. Your connection is creating a mysqli object. You must use mysqli throughout the remainder of your code and in the places were you are using the proper mysqli_error() function you must supply the connection link as a parameter or simply use mysqli OOP instead of procedural function calls. Your code is probably producing numerous errors do to the mismatch of functions. Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that all the errors php detects will be reported and displayed. You will save a ton of time.

Your numerical indexes don't contain enough information for this to work. With the current data, there is simply no way for a computer to know that the 1,2 are from a greater month than the 28,29,and 30 and to order them correctly. Dates consist of year, month, and day parts and each of those parts are significant if you are making greater-than/less-than comparisons and sorting date values. If you make your problem general purpose and carry all three parts, your problem will be solved (look back at the Y2K problem.)

Because you are not testing if your query execuited without any errors before using mysql_num_rows(). If the query failed due to an error, mysql_num_rows() will return a FALSE value, not a zero and by using the exact comparison !== you are testing if mysql_num_rows() is not exactly a zero. Edit: Testing for the condition you want ( mysql_num_rows($result) == 1 ) will result in fail-safe code (you will still need to troubleshoot why your query is failing.)

This gives the actual dates in that range, you can modify it as needed to get just the day number - <?php $start = 'June 24th 2010'; $end = 'July 2nd 2010'; $current_date = date('Y-m-d',strtotime($start)); $end_date = date('Y-m-d',strtotime($end)); $array = array(); // an array for the dates while($current_date <= $end_date){ $array[] = $current_date; $current_date = date('Y-m-d',strtotime($current_date . '+ 1 day')); } echo "<pre>",print_r($array,true),"</pre>"; ?>