PFMaBiSmAd

The file in question is shown in the error message and also in the quoted portion of the error in my reply.

You cannot enforce security using redirects anyway. You must either enforce security on each page (assuming you are the only one with the ability to put .php files on the server) or through file/folder permissions through the operating system/web server (assuming you will allow the users to place any kind of files on the server.) If you implement a general purpose ACL like JAY6390 suggested, you can assign users to groups with each group having their own specific content on a single page (which is basically what you see in front of you in this Forum.) Non-logged in guests, regular members, banned members, new members with less than 10 posts, supporters, gurus, recommended members, mods, admins, owners, and any other group you would want to define can all see and access specific content on the Forum's single index.php page.

The values that affect the maximum size of file that can be uploaded cannot be set in a script using ini_set() statements (ini_alter() is an alias name for ini_set().) Therefore, you would need to put php_value statements in a .htaccess file. Something like - php_value upload_max_filesize 30M php_value post_max_size 30M

Perhaps if you read what mysql_fetch_array() returns - http://us3.php.net/mysql_fetch_array It will never return a NULL value. If you are trying to determine how many rows were matched by the query, see the mysql_num_rows() function.

That would imply that you change the "or die" statement so that it also contains a mysqli_error(). You have two "or die()" statements. Which one are you receiving the output from, that you need to troubleshoot?

Something at or up to line 6 in the file is being output to the browser and is preventing the session_start() from working on line 49. The session_start() must come before anything other than a header() is output to the browser.

Your first step would be to check with your web host (many have FAQ sections) to find out if you can change the value and what method to use. A local php.ini or a .htaccess file is specific to how php is running on the web server. You must know which method is supported. Once you find out if you can change the value and which method to use and you cannot get it to work, then you ask for help on a forum.

You are reusing the $query variable inside of the loop. It no longer has the result resource from the first query when the while(){} condition is evaluated the second time. Be careful when using variables.

By default, sessions propagate the session id using a cookie, so whatever is causing your setcookie()/$_COOKIE to not work may in fact prevent sessions from working as well. It would be best to find out why your cookies are not working. I'm going to guess that your code is clearing the cookie under some conditions. It would take seeing your code to directly be able to help with what it is or is not doing.

It's always serious if someone was able to put a .php script file on your server and be able to request it to get the code in it to be executed. Even if your php settings prevent all three of the methods that script is trying to get remote code to be executed, the simple fact that any .php file can be placed on your server just means that the next file that gets put on your server will be a mini-control panel/file manager script that will allow someone to do anything they want on your site. I would be checking if there are any other unexpected files on your server or if any of your expected files have been modified.

For debugging purposes, add the following two lines of code after your first opening <?php tag to see if there are any php errors reported - ini_set("display_errors", "1"); error_reporting(E_ALL);

The code attempts to A) read some remote php code and execute it on your server, and B) supply your server information to the rssnews.ws site so that it knows it found a site that files can be placed on. Three different sub-domains of the ....ws site are used so that it can determine which method(s) are available to get remote code to execute on your server (include, file_get_contents/eval, or curl/eval.) You need to find out how the file was placed on your server. The web server access log would help pin down how it was placed on your server (a file upload script, some other script (such as a CMS or forum that allows file upload), FTP, web hosting control panel, ...) and if it was accessed.

There is no equal sign = in the value = "..." attribute - <input type="hidden" name="id['.$i.']" id="id['.$i.']" value"'.$subp_id.'" />

ORDER should be ORDER BY

One of the possible ways - <?php // your db connection and selection code ... $columns = array(); $data = array(); $xml = simplexml_load_file("test.xml"); echo $xml->getName() . "<br />"; foreach($xml->children() as $child) { echo $child->getName() . ": " . $child . "<br />"; $columns[] = $child->getName(); $data[] = (string)$child; } $col = '`'. implode('`,`',$columns) .'`'; $val = "'". implode("','",$data)."'"; $query = "INSERT INTO your_table ($col) VALUES ($val)"; echo $query; mysql_query($query); ?>

I'm going to guess that output_buffing is on in your php.ini and that prevented the error_reporting/display_errors code from showing any header() errors. There weren't any header errors (should have been due to the line that was outside of the php tags) because the output_buffering was hiding the output that was occurring before the header() statements.

Any chance that the .php file has some characters in it after the closing ?> tag?

Basic one-shot logic to prevent reprocessing of submitted data - <?php session_start(); if(!isset($_SESSION['processed'])){ // put your form processing code here ... // at the point where your the processing code is compleately done, // set the session variable so that the processing code will be skipped until the session variable has been cleared - $_SESSION['processed'] = true; } ?>

Is this correct: With the header() statements commented out, you get the contents posted in Reply #17 and with the header() statements in the code you get a broken red-x image? Does that exact same image file work when it is placed inside the document root folder? What does a phpinfo(); statement show for the magic_quotes_runtime setting (I see a few \ in the data that could be escape characters)?

You cannot execute .sql backup/dump files through a msyql_query() statement because they are made up of multiple lines of sql code and comments that you must parse through and only execute the sql commands, one at a time.

So are you saying that your code works most of the time but occasionally while someone in on a page and go to a different page or refresh the current page that the session no longer exists? If so, then the most likely cause is - Could you provide a estimate of how much time passes (i.e. 24 minutes) before this occurs and are you on a shared web server?

The code you posted does not produce the error you posted. Without the actual code and the error message with line number information, it is simply not possible to help with what is wrong with your code.

If that's all the code and the same thing happens with different code and you only get two emails sent each time, it is likely that your browser is requesting the page twice. This happens for different reasons for different browsers (at least FF and IE) and can also be caused by some URL rewriting on the server. What browser are you using, have your tried it with a different browser, and are you doing any URL rewriting on the server (even if it does not apply to the page you are trying)? A universal solution would be to use a session variable to prevent the form processing code from being executed more than once. Set a session variable at the point where you have successfully processed the form and skip the form processing code if that session variable is already set.

By default, sessions end when the browser is closed (because the session id cookie has a zero life time) or when session garbage collection removes the corresponding session data file on the server. Sessions are only designed to last for the length of one browser session. Why do you want to make a session last longer because there are probably better solutions available than using a session (forever is a little beyond what is possible anyway, though it is possible to make one last until 19 Jan 2038.)

The error is a php error. It would take seeing your actual php code in order to help you. If that is your actual php code, it is not php code. That is one line of php code followed by a sql statement.