PFMaBiSmAd

A) If everything in this post is accurate, you have a column spelled two different ways and would be getting a mysql error. B) If you echo mysql_error() as part of your error reporting logic, php/mysql will tell you why the query failed. C) You must escape all data that is put into a query so that any SQL special characters in it does not break the SQL syntax. I can just about guarantee that binary file data will contain a number of values that must be escaped. See this link - mysql_real_escape_string

The members.php code at that link is not secure because the 'protected' content and code on the remainder of the page is still processed while the browser performs the redirect. All a hacker needs to do is ignore the header and he can access the rest of the 'protected' page. You must use an exit/die statement following a header() redirect so that the remainder of the code and content on the page is not processed.

Setting a session variable before the session_start() statement would do nothing. Assuming you won't ever need to prevent an admin from accessing anything, you would need to use a session variable to hold the "userLevel" from the database and then check in the code at the top of the 'protected' pages if the current visitor is both logged in and has a high enough userlevel to access that page. You could also check the userlevel when you are generating the navigation menus on your pages so that you only display admin level links to admin's.

I think you will find that if someone (or a bot script) visits your form processing code without first visiting your form to set the $_SESSION['captchaCheck'] variable, that your existing code can be bypassed. Give this a try - <?php // if the session variable is empty (someone visited the processing code without first visiting the form), or // if the post variable is empty (someone either did not enter a value or a bot script did not supply that form field), or // if the two values don't match - if(empty($_SESSION['captchaCheck']) || empty($_POST['providedCaptcha']) || $_SESSION['captchaCheck'] != $_POST['providedCaptcha']){ echo "The inserted text (".$_POST['providedCaptcha'].") does not match the rendered one (".$_SESSION['captchaCheck'].")!"; unset($_SESSION['captchaCheck']); exit(); } // at this point, the session variable contained something, the post variable contained something, and the two values matched // unset the session variable at this point to prevent repeated submissions unset($_SESSION['captchaCheck']); ?> Edit: You will also find that bot scripts that don't support sessions can bypass your current logic.

Since you did not tell anyone what it IS doing, it is not directly possible to help you fix anything. What symptom do you see in front of you that makes you think it is not working?

if(!isset($_SESSION['your_variable_name_here'])){ // code to set the session variable only when it is not already set... }

You need some conditional logic ( and if(){} statement) so that the value is only generated and assigned to the session variable once (if it is not set.) If you are unconditionally generating and assigning the value, it will be get changed on every page request.

You should be developing and debugging code on a local development system. You will save a TON of time. Constantly uploading code to test it during the development and debugging cycle wastes a lot of time.

So, investigate more at what point your code is or is not working and under what conditions it fails. Is the length of the data being retrieved by the query correct? I would use strlen Does this work for a smaller file? What method are you using to query and retrieve the data from the database? We have seen some of the database types have problems with specific size data due to bugs features in the database drivers.

You are probably getting a header error because something is being output to the page before the header() statement. Are you developing and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that php would help you by displaying all the errors it detects? You will save a TON of time.

HTML only has meaning in a browser, where it gets rendered. In a .php file, everything that is not php code is really just a bunch of characters in a file that gets output when the page is requested. To make a log out link would require a URL that can be clicked on. That URL must contain enough information so that the target page knows what action to perform. This can either be a logout page that only performs the logout function or you can put a GET parameter on the end of the URL that the code on a multi-purpose page can use to detect that the requested operation was to preform a logout.

Define: corrupted. Exactly what are you getting that leads you to this conclusion? Short-answer, you need to investigate at what point your code is working and at what point it is not. We don't have access to your server, your code (except for what you do post), or your database. You are the only one here who can troubleshoot what is going on. Have you opened the downloaded file using a programming editor to see exactly what is in it? Is it of the expected size? Have you checked if something is actually stored in the database?

You are unconditionally destroying the session when the following line of code is executed - <a href="<?php session_destroy()?>">Logout</a> Php code on any page is executed when the page is requested. Also, href="..." attribute values are URL's.

The symptom would tend to indicate that code on the page is altering or un-setting one or more of the session values being tested and/or destroying the session. It would take seeing the actual code to be able to directly help. You also need an exit/die statement after your header() redirect to prevent the remainder of the 'protected' code on the page from being executed. All a hacker needs to do is ignore the header redirect and he can access anything on that page. Edit: Also, if register_globals are on (what does a phpinfo() statement show?) your session variables could be magically overwritten when you set same name program variables in the code on the page.

Use a phpinfo() statement to check if the magic_quotes_runtime setting is ON. If it is, it is causing the problem because the data being read from the file is being escaped and the data being retrieved from the query is also being escaped. You can unconditionally just turn off magic_quotes_runtime at the start of your script.

From the error message, you have something at or up to line 10 in profileinfosave.php that is sending output that is preventing the header from working. You would need to find and fix whatever is causing that output or you will need to rearrange the code so that the code responsible for sending the header comes before the output. As to why it works on one system and not another, the php.ini output_buffering setting is either ON or is set to a specific value on your development system, thereby hiding the problem and allowing bad code to appear to work. You should turn the output_buffering setting off so that code you develop will work correctly regardless of the output_buffering setting.

A) Why are you using column names that don't convey the meaning of the column? That just makes writing code 10 times slower because you must keep looking-up and cross-referencing what they mean. B) The DATE_FORMAT() term would need to be referenced as $row['DATE_FORMAT()'] if I remember correctly. You should use an alias name in the query, which is what you were shown in the solution in a previous thread on this same problem, which is why you should not keep starting new threads for the same problem. You would then reference the alias name $row['dt'] to access the formatted value. C) There should be no single-quotes around the 'h0237' column name in the query as that would make it a string value instead of a column reference.

For debugging purposes, add the following two lines of php code immediately after your first opening <?php tag to get php to show all the errors it detects - ini_set("display_errors", "1"); error_reporting(E_ALL);

No, it's not, as the error clearly indicates. You would need to debug why it is not being created. I would start by looking at the php code in function.s

If you echo mysql_error() as part of your error checking and error reporting logic, it will tell you why the query failed. I'll guess that it is unlikely you have a column named login and the query failed because of that.

Each image on a web page requires an <img src="URL_of_an_image" alt=""> HTML tag - http://w3schools.com/html/html_images.asp

There is no such thing. header('Location: test.php'); sends a header to the browser, telling it to request the test.php page.

Because you are redirecting to the same page, but without the ?test=true on the end of the URL, you are only 'seeing' the result of the page being requested the 2nd time. if ($_GET['test']) will be FALSE the 2nd time the page is requested, but because the code on the page continued executing the first time it was requested, $_SESSION['testsession'] was previously unset and the echo code is skipped over when the page is requested the 2nd time. I'm not sure what you are trying to accomplish with the posted code, but a header redirect normally needs an exit/die statement following it to prevent the remainder of the code on the page from being executed while the browser is performing the redirect.

What version of php?