PFMaBiSmAd

The apache.org windows binary isn't compatible with the latest php.net windows binary. The following is from the side-bar on the php.net windows download page -

Also, there's a well known Apache exploit when php is running as an apache module, that any occurrence of .php in the file name will cause php to be invoked for that file. The solution for this exploit is for the server to be configured to only invoke php when the .php occurs on the end of the requested filename.

E) Why on this earth did you use the QUOTE tag for posting your code? F) If you are in a hurry to solve this and it is beyond your programming skills to implement the suggestions yourself, I recommend posting in the freelancing forum section.

A) The pastebin you used is private and doesn't do us any good. Just post your code here inside of [ code ][ /code ] bbcode tags. B) The simplest way of preventing problems with uploaded files is to upload them into a folder that has no http access, either by putting that folder outside your document root folder, or if that option is not available, to put a .htaccess file in the folder that prevents all http requests for the files. C) You can also do B), but use a .htaccess file to disable the execution of any server-side scripting languages for the files inside that folder. D) Once you do B), you will need to use a .php script to dynamically output/download the files.

Your code won't stop anyone or anything that wants to post, because they can drop the session id (or as gizmola already posted, simple bot scripts don't even propagate session id's) and your code won't know if they ever posted before. You would need to store the last access time and IP address in a database table.

Your code is not getting 20 random products. It is getting a block of upto 20 products ending at a random product id. If you have removed a number of earlier product id's, when $rand is a low value, there aren't enough product id's that are less-than $rand. If you truly want 20 random products, retrieve all your product id's into an array. shuffle the array, then use array_slice to get 20 of the id's, then implode them and use them in an IN() statement in one query.

$_COOKIES and some of the $_SERVER variables are also external inputs that would need to be protected against nefarious input in and mysql_real_escape_string doesn't do anything for numerical fields (sql can be injected that doesn't involve any quotes, so there's nothing for escape functions to prevent escaping from.) Numerical data must be validated/cast to prevent sql injection in it. External values that are being used in things like paths/filenames put into include or other file operation statements or for those people that use external values for parts of a database query that are not just the data values in the query (table/column names and logic/condition operators), must specifically be validated to insure they only hold expected values.

array_chunk

See this post - http://forums.phpfreaks.com/topic/257237-automatically-pass-multiple-gets/page__hl__+http%20+build%20+query#entry1318570

Your code is using the $rs variable to hold the result form the first select query. When you overwrite the $rs variable, it no longer contains the result set that your loop is referencing.

Your <img src='...' alt=''> tag is probably missing the quotes around the src attribute, so the browser cannot determine where the URL for the image starts and ends.

^^^ Someone added an i to your mysql_query() statement. The mysql (no i) and mysqli (with an i) statements cannot be mixed on the same connection and it takes more than just adding an i to convert from mysql to mysqli statements.

mysql_numrows is a depreciated alias for mysql_num_rows

Your second query statement is malformed. You somehow removed the WHERE keyword and the ORDER BY term comes after the WHERE term. SELECT * FROM your_table WHERE your_where_condition ORDER BY your_order_condition LIMIT $offset, $limit

I recommend reading posts #2, #3, and #4. Especially #4 since it gives a line of troubleshooting code that would display what, if anything, your form is posting to that page.

Telling us something didn't work is kind of pointless because we are not standing right next to you and don't know what you saw in front of you. In programming, you have to be specific about what did occur, even if what occurred was a blank page, because that helps to pin down what execution path the code took or didn't take. I tried your code too, using php5.4.x and it worked for me, after I created a save.xml file and defined $id and $email variables for it to use. AFAIK, there's nothing that is php5.4 specific in that code, so it should work under php5.3.

You can use two arrays to simplify the creation/validation of form fields and the storage/processing of errors. The first array 'defines' the form fields and contains information about them, such as if they are required,... (Once you have this array, you can also use it to dynamically produce the form.) The second array holds any validation errors. An empty array indicates no errors, which would eliminate the need for the $problem variable in your code. <?php // define the form fields. the array index is the form field name. add other elements to the array for any form field to address your field creation/validation needs, such as the regex pattern to use for validation or a ctype function name to call $form_fields['title'] = array('legend'=>'Title','required'=>1); $form_fields['first_name'] = array('legend'=>'First Name','required'=>1); // form processing code if(isset($_POST['submit'])){ $errors = array(); // an empty array = no errors foreach($form_fields as $index=>$info){ if($info['required'] && empty($_POST[$index])){ $errors[$index] = array('err'=>"<li>{$info['legend']} is required!</li>", 'errdisplay'=>'error'); } } } // check if any validation errors if(!empty($errors)){ // for demo purposes, take a look at what the $errors array contains - echo '<pre>',print_r($errors,true),'</pre>'; }

If I remember correctly, that error occurs when you use php5 OOP syntax under php4. If you remove the public keyword and that php syntax error goes a way, then it means that where or how you are running that php file is actually using php4. If you ran that php code 'inside' your IDE, then it is probably using the command line version of php on your computer, not the installation of php that your web server is using.

What do you get as output from the following php code - <?php echo 'Current PHP version: ' . phpversion(); ?>

I'm kind of curious what programming language you are supposed to be doing this in, because in PHP the ^ doesn't mean what your equation thinks it is.

You need to validate the supplied filename.ext in $path. As is stands now, anyone can use the script to output any file on your server, such as the one that contains your database connection details.

Please read the sticky post for that error - http://forums.phpfreaks.com/topic/1895-header-errors-read-here-before-posting-them/ For output on line 1 of your connect.php file, you either have that file saved with the BOM (Byte Order Mark) characters or you have some character(s) before the <?php tag in that file, or you have some php code on line 1 in that file that is producing output.

Here is something I noticed as well, the URL (should be a file system path) you are reading isn't for the cache file, it's the actual web page. The logic of your function should be - <?php function utility_AirframeData_readFileCache($refAirframeSN){ $cache_file = some_function_that_returns_the_cache_file_name($refAirframeSN); if(!file_exists($cache_file)){ // not in cache // code that reads the database, produces a fresh cache file, and supplies the xml data as a string $fileContents = the same data you just wrote to the cache file; } else { // in cache // code that reads the cache file and supplies the xml data as a string $fileContents = file_get_contents($cache_file); } return new SimpleXMLElement($fileContents); }

Assuming this data is on your own server, you should referencing the data files via file system paths, not URL's.