PFMaBiSmAd

You must check if the file was uploaded without any errors before you can reference any of the ['name'], ['type'], ['size'], or ['tmp_name'] elements of the $_FILES['uploaded'] array. The whole $_FILES array will be empty if you exceed the post_max_size setting and $_FILES['uploaded']['error'] will only be zero if the file was uploaded successfully. Ref: http://www.php.net/manual/en/ini.core.php#ini.post-max-size http://www.php.net/manual/en/features.file-upload.errors.php

Yes, $_SESSION[x] is being set, provided the $_GET variables in the code in procesor.php have expected values.

Why not check what is in the $_SESSION array so that you know if poruc.php is receiving the data? Add the following lines of code intermediately after the session_start() statement - echo "<pre>"; print_r($_SESSION); echo "</pre>"; And if that shows an empty array, add the following two lines of code immediately after the first opening <?php tag so that php will display all the errors it detects - ini_set("display_errors", "1"); error_reporting(E_ALL);

What method did you use to obtain and install php? If you used the .zip package (the recommend method) ALL the same version of the .dll files are included. Best guess is that you installed php using the .msi installer? If so, you are expected to install extensions using the Windows control add/remove php item. Next, in your master php.ini, set error_reporting to E_ALL and display_errors to ON so that php will display all the errors it detect. This will save you a ton of time during the learning, development, and debugging cycle. Stop and start your web server to get any change made to php.ini to take effect and confirm the two settings using a phpinfo(); statement (in case the php.ini that you are changing is not the one that php is using.) Edit: if you echo mssql_get_last_message() after any mssql_ function call that fails, it should give you some debugging information.

Unfortunately, yes. The magic_quotes_gpc setting being ON will cause GET, POST, and COOKIE data to be 'magically' escaped, even if you don't want it to be. You either need to turn the magic_quotes_gpc setting off (it is settable on a PHP_INI_PERDIR basis) or if you cannot turn it off you must use the get_magic_quotes_gpc() function to test if it is on and then use stripslashes() on the data to remove the offending \ characters. You could unconditionally use stripslashes() on the data but that would prevent you from ever having a real \ as part of the data if magic_quotes_gpc is off.

What does a phpinfo(); statement show for the value for the two settings? (in case the php.ini that you are looking at is not the one that php is using or the syntax being used for the settings is incorrect.) The code you posted is NOT checking if the upload worked without any errors before it attempts to start checking pieces of the uploaded information. Read this link for the things you should be doing to make sure that the upload worked before you start validating any of the uploaded information - http://www.phpfreaks.com/forums/index.php/topic,285703.msg1354833.html#msg1354833 Also, posted in that thread is some debugging code to show the POST/FILES arrays so that you can see exactly what you are receiving as data.

I would recommend validating exactly what is in the $_GET variable using the method that premiso just posted. Consider this sequence of events - you are including content into a general purpose index.php page using this method and you also have an admin section on your site with its own index.php page that is setup with its' own include files for the admin functions on your site. Someone can use directory transversal by suppling the correct ../../../path_to_your_admin_include_page/ and cause any of the the admin include files to be included on the current page. The file_exists() logic WILL be TRUE but they have just accessed your admin functions and can do anything an admin has permission to do.

Because of the general purpose nature of programming, there are dozens of ways of accomplishing any task and a great amount of inference * is required to take code examples and apply them to your specific situation. config.php probably contains configuration settings. opendb.php probably contains code to connect to and select a database. * Inference is the process of drawing a conclusion by applying rules (of logic, statistics etc.) to observations or hypothesis; or by interpolating the next logical step in an intuited pattern.

You are missing one of the main points of using a database, let the database engine find the data you want. You should be using a WHERE clause in your query and then testing if the query returned a matching row. Your query should be something like this - "SELECT * FROM cpa_country_codes WHERE code_country = '$c1'"

LOL, I told you - That means the form tags you already have and which are defining the form on the page. And if you set the error_reporting/display_errors settings as suggested and then test your code, you will find things like what mattal999 is pointing out because there will be php generated error messages for things like $_POST variables that don't exist because the name of them does not match the name you are using in your form field.

The only way someone on a forum (someone not standing right beside you) can possibly help you find which one of the half-dozen possible different things that could be causing the symptom you are describing is if you post the code responsible for the symptom and either identify exactly what part of the code is not working or show us where in the resulting output something is not working. You would need to post the code for a page that is not working along with posting the "view source" of that page from your browser and either tell us the name of one of elements in the 'view source" that is not working or post a screen shot identifying one of the elements that is not working.

Your URL's on the page probably have the domain hardcoded, rather than using domain-root relative URL's. Have you even examined the HTML source that corresponds to an element that is not working?

Your form fields are not located between the <form ...> </form> tags so they don't do anything. Ref: http://w3schools.com/html/html_forms.asp http://w3schools.com/php/php_forms.asp

How about an absolute file system path - include $_SERVER['DOCUMENT_ROOT'] . '/config.php';

Someone already suggested how to save a ton of time by getting php to display all the errors it detects that would help point out problems - I have not seen your form code posted yet, so it is also likely that the form is invalid and is not even submitting any $_POST data.

Than it's likely the include statement is failing or the code in the sql.php file is failing. If the last code posted is echoing nothing for the entered values, either the form is incorrect or the code is trashing the values.

There's no code in your code to make a connection to the mysql server, so things like mysql_real_escape_string() are returning a null/false value. You should be learning php, developing php code, and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that php would help you by displaying all the errors it detects. You would save a huge amount of time. Stop and start your web server to get any change made to the php.ini to take effect and confirm that the two settings are actually changed using a phpinfo() statement.

The stuff inside your loop is overwriting the $query variable that was the result resource from the first query. Be careful when reusing variables.

Based on the code you have posted, you have 4 different categories of information stored in each row, so of course it will be difficult to retrieve the information and use it the way you want on your page. I recommend that you store one article in a row and have a category column that indicates if it is news, feature, entertainment, sports, or any other future category you might add. You should probably also have a DATE (or DATETIME) column to hold a 'published' date (or date/time) so that you can sort and order the information chronologically. Once you do this, you can retrieve any or all of the information in the order that you want, for any choice of category(ies) or for all categories and in any category order and/or by any date order..., for a specific date or date range you want, and in any quantity (only the last x articles...) that you want.

It's not really a matter of global variables (the program variables you are using are global variables) vs something else. The problem is that register_globals magically populated the global/program variables from external data - see this link for more information that has been posted many times over and over - http://www.phpfreaks.com/forums/index.php/topic,285960.msg1356137.html#msg1356137 The code you linked to is using some $_POST and $_GET variables, but not for everything that is coming from your form. Since register_globals have been completely removed in php6, now is the time to start fixing your code.

Your query is also failing because there are no single-quotes around the string data in it. Again, what trigger_error() does is dependent on the error_reporting and display_errors settings. Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that ALL php errors will be reported and displayed? You are also double-escaping the string data being put into your query. You should only be using mysql_real_escape_string() and NOT using addslashes().

Most web hosts have provide a way of switching to php5, either through a control panel setting or through a setting in a .htaccess file.

I'll guess this is under php4? No php setting has any direct bearing on the safety of a script because it is the programmer's responsibility to validate data his script receives. However, under php4, having allow_url_fopen ON allows include('some_URL_that_a_hacker_fed_your_script') to cause external php code to be included and executed on the server, so as a knee-jerk reaction to a lack of coders validating data, some people might see that turning off the setting makes the server safer. If under php5, the relevant setting would be allow_url_include.

Read the errors - /Applications/MAMP/htdocs/new_site/includes/magicquotes.inc.php The code is doing what it is supposed to. It is putting the string 'new_site' into the path. IS that the correct path and name for the file?

The code being discussed should be located in a configuration file (config.php) that you then include/require into each page that needs it. You are stating that the errors are the same. How about posting the error messages as the problem may in fact be something else than the original problem (such as a missing /).