PFMaBiSmAd

Based on the code in the first post in this thread, the following is the equivalent (with unused code removed and the two queries combined into one) - <?php // Check errors thing: ini_set ('display_errors', 1); error_reporting (E_ALL); // End check errors thing. ?> <?php session_start(); // Start inculdes files: include ("includes/config.php"); include ("includes/functions.php"); // End includes files. // Login thing: if(!isset($_SESSION['username']) || !isset($_SESSION['password'])){ header("Location: index.php"); exit; // prevent the remainder of the code on the page from being executed } ?> <link href="regstyle.css" rel="stylesheet" type="text/css"> <body class="body"> <?php $result = mysql_query("SELECT username, money FROM users ORDER BY money DESC LIMIT 10"); $row = mysql_fetch_object($result); echo "<ul>"; $i = 1; while($row = mysql_fetch_object($result)){ echo "<table width='50%' class='table' cellpadding='0' cellspacing='0'><tr><td class='header' colspan='4'><center>Money Blacklist</center></td></tr> <tr><td colspan='1' class='forum'>Place:</td><td colspan='1' class='forum'>Username:</td><td colpan='1' class='forum'>Money:</td></tr> <tr><td>{$i}</td><td><a href='profile.php/view_user={$row->username}'>{$row->username}</td><td>£{$row->money}</td></tr></table>"; $i++; } echo "</ul>"; ?> </body>

You are outputting $fetch_users_data->money, which is the money of the account you are on. I suspect you wanted to use $ammount->money You seem to be just throwing down some code without even looking at it to see if it is doing what you want. You are also executing two similar queries to get two pieces of data that a single query can return. You are also not doing anything inside of the do{}while() loop to get different data so the same data will be displayed 10 times. You can also use a LIMIT 10 in your query so that you only get the number of rows you are interested in. You can then using a simple while(){} loop.

Your code contains a fatal parse error - Please develop and debug php code on a system where error_reporting is set to E_ALL and display_errors is set to ON in your master php.ini so that php will report and display all the errors it detects. Putting the two lines of code in your code that sets the error_reporting/display_errors settings won't show fatal parse errors because you code is never executed to cause those two settings to take effect. The cases where you have seen it suggested to put those two lines of code in your code for debugging purposes were when code appeared to be executing but not producing expected results.

$grr is an object (as in $grr = mysql_fetch_object($getmoney) but you are trying to put it into a quoted string. I suspect that you wanted to use - $grr->username

Which row having the same distinct col1 value do you want the other values from? The first matching row, the last, the third from the top? I suspect that you don't want to use DISTINCT at all. Could you post an example showing data and the expected output?

Umm. Those are the same two errors that were present in your last thread - http://www.phpfreaks.com/forums/index.php/topic,295093.0.html Any reason for reposting the same code in a new thread after the syntax errors in it were already fixed?

Php is a server side scripting language and has nothing to do with the browser. Based on the symptom you have described, your code is not using current recommend php programming practices and is dependent on some out of date php.ini settings. It would take seeing your code for any one in a help forum to be able to begin to guess what your code is doing that is php configuration specific.

Some of the reasons why you should not store files (images or any other relatively large file) in a database - 1) There is additional overhead, beyond what there is when the file is simply stored as a file using the file system, every time the file is requested. This adds to both the web server and database server load. 2) There is a maximum allowed packet size (default 1,048,576) that determines how much information you can transferrer in one query and determines how large of a file can be stored and retrieved without additional code to break the file into pieces and put it back together again. 3) Binary BLOB data is backed-up as two HEX characters per byte of data, which means that the backup file is twice the size of the actual binary data. This makes saving a backup or moving your database take twice as long and requires twice the amount of storage for the backup copy. The backup must also be successfully transfered as one piece. Use a file system to store files, that is what file systems were designed to do efficiently. 1) There is less overhead, less load on the servers, and faster transfer rates, 2) the size is only limited by the operating system, 3) you can backup and restore many individual files/folders easier and with the ability to restart from the last successful file transfered when an error occurs. The backup requires less storage space as well.

Cannot really help you with what that means without seeing a specific example of what is happening that leads you to believe that something is being added instead of being updated. For all we know you could be cross joining two tables in a SELECT query and getting two rows in a result set instead of one.

The line that hcdarkmage pointed out was actually the cause of the error message I posted. The under-score problem I mentioned is what I saw by looking at the code and it is still present and is causing a fatal parse error. Until you do this - you will be doomed to spend hours finding simple problems that will take a few seconds to find and fix when php helps by reporting and displaying all the errors it detects.

The code you posted only contains UPDATE queries, therefore either that is not all the relevant code on the page or that is not the code you are using.

Your code contains a fatal parse error because of a mistyped under-score _ in the following line - You should be learning php, developing php code, or debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that php will help you. You will save a ton of time.

Both NOW() and LastAction are not strings. Why are they enclosed in single-quotes in the query?

So have you even asked your web host about fixing the default session.save_path setting or if you can use a local php.ini (some times it is named something else) or if you can use a .htaccess file for php settings (requires php to be running as an Apache Module)? Edit: And based on the 000webhost FAQ's that I just read, if you can set the php settings in question, you do it in a .htaccess file using php_flag or php_value statements.

That's because there is also a missing "; on the line before the line teamatomic mentioned.

You cannot output an image directly on a HTML page. You must use a HTML <img ...> tag for each image on a HTML page. The browser then fetches the image and displays it on the page. The URL that is in the src="URL_that_results_in_an_image_being_output" attribute must be to a .php file that outputs the Content-type header followed by the image data.

You either are not successfully outputting a Content-type header or you are not using an <img src="..." alt=""> tag in your HTML. Code?

The mysql STR_TO_DATE() function can produce a DATETIME value from any other data/time format. Your use of YYYY/MM/DD should have worked, depending on if the MM/DD had leading zero's and what your code actually was doing.

The web server access logs would indicate the who/what/when the files were modified (wrote to.) That would pin down if it was through FTP access, through the web hosting control panel, or through a script on your site (or some other site on the server.) Assuming that your pages include content that is specified on the end of the URL, you should also look at the access logs to find any unusual URLs where your pages were requested with get parameters that could have gotten your script(s) to execute included php code from another site. There would be whole URL's supplied as get parameters, something like - http://yourdomain.com/your_page.php?page=http://someURL/some_page.ext You should also download all the files and compare them with the last backup up make so that you can both find exactly what was changed and find any new files (such as a file management script that got uploaded to your site.)

Except when the output is occurring before that point, as is the case in this thread. It is always better to find and fix problems, than to try and hide them. Output buffering should only be used when you want to buffer output, because it adds overhead to every page that uses it.

I've got the same question. Both those statements cannot be true at the same time. You would need to show what your tables are, what your data is, and what the expected results are for anyone one to be able to help you at this point.

JOIN's are used when you have data that has some defined relationship in more than one table (i.e. the R in RDBMS.) To do what you are attempting, you would use a UNION, however, you generally won't ever have same-meaning data split up into multiple tables as that creates several data management and performance problems.

If there is nothing before the opening php tag in the file and there is no php code on the same line after the php tag that is producing output, then you most likely have a file that has been saved with the UTF-8 BOM (Byte Order Mark) characters. You need to save the file without the BOM characters or save it as an ANSI encoded file.

Volestar, you are wasting your time typing in this thread. The original post'er (OP) started the thread long ago and has since started at least one other thread for the same exact problem where it was determined that his code (after we managed to get him to post it so that someone could determine what it was or was not doing) had several shortcomings that allowed almost anyone to delete and edit the content on his forum. All the replies in this thread from April 06 (two months after the original post) onward don't really address the security problems in the OP's code because that code was not supplied in this thread and it is not really possible to specifically determine which of the dozen or more possible things are causing the problem on a site simply by visiting the site. The problem in the original post in this thread did not really have anything to do with the information you are posting and in fact randomly posting commonly available information in a help forum is a waste of your time because no one that would actually be helped by it will ever see it.

The msyql date format is compatible with the strtotime() function, as demonstrated in the code in Reply #4 in this thread.