PFMaBiSmAd

SUBSTR() accepts negative values to refer to the end of the string. See the mysql documentation for examples.

By using the php_ldap.dll, libeay32.dll and ssleay32.dll that came with your build of php. What method did you use to install php originally? The msi installer? The zip package? Some WAMP all in one package?

http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_date-format

What problem are you trying to solve? Sending an email directly to your own mailbox at an ISP without using your web host's mail server or sending emails to any arbitrary email address that visitors to your site have provided and if so, what email server do you want to use as the sending mail server?

The From: header must be a valid email address at the sending mail server. You are lucky that your mail server even sent it or that the gmail server accepted it. If you want to send directly to your gmail mailbox, you will need to use SMTP authentication, which the php mail() function does not support. You would need to use one of the many php mailer classes.

The error means your query failed. Since you did not post any additional information, such as the line number, that would pin down where in your code and which query it is, it is not directly possible to help you. Best guess is that since some of the query strings are being built using concatenation (the dot . ) and there is no white-space between the list of columns and the FROM keyword, that you have an sql syntax error in the query that is failing. You can echo the $query variables to see exactly what is in them for troubleshooting purposes.

Setting error_reporting to E_STRICT would hide all the other errors. It should be E_ALL for general purpose usage.

That does not tell us any relevant information. To get help from someone who is not standing right next to you, you must communicate what exactly you did and what the results, symptoms, or errors are and at what point during what you did they occurred at.

If you are using php5, what does that matter?

The exploit you just posted will only work if register_globals are ON and either allow_url_include is ON (php5) or allow_url_fopen is ON (php4.)

if($_POST['linkgen'] == true) { $result = mysql_query("SELECT dest_addr FROM destinations WHERE selected = '1'"); $counter = 1; echo '<a href="http://maps.google.com/maps?f=d&source=s_d'; while ($row = mysql_fetch_assoc($result)) { switch($counter) { case 1: echo "&saddr="; break; case 2: echo "&daddr="; break; default: echo "&mrad="; break; } echo $row['dest_addr']; $counter++; } echo '">Directions</a>'; }

The symptoms you are getting are indicative of using a mix of different versions of the php .dll files and/or you are not stopping and starting your web server to get it to use the files that have just been replaced.

Only the offending column name where it appears in the query is enclosed in back-ticks. The php code would not be affected.

Without an example of what result you expect for the example data you posted, it is not possible to help you.

The error means that the query failed and $res is a FALSE value instead of a result resource. Of the several reasons a query can fail, your's is because primary is a reserved keyword. If you truly have a column named primary, you should either rename it or you must enclose it in back-ticks ` `

If you need to so something different on the first piece if data in a loop, you initialize a counter or a flag to zero (or one if you prefer) or a false value before the start of the loop. You test the value of the counter/flag in the loop to perform the special processing and you increment the counter or set the flag to a true value in the loop so that the special processing is only done once.

Your HTML is invalid. You are missing the closing double-quote on the end of the href="... ..."

What method did you use to set the session.save_path? A .htaccess file? A local php.ini? In your script before every session start statement? Are you developing and debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON so that you would see all php detected errors?

According to your phpinfo() output, the mysql extension is enabled and the problem is likely something in the code. Why did you downgrade from php5.3 at all (it might be relevant to the problem)? What symptoms or errors do you get that tell you that you cannot connect? What is your main code and the code that is making the connection (show us the opening php tags in the file(s) as well.) xxxxxx out any sensitive information but don't change any of the syntax being used.

Post the error as well (copy/paste), because you will find that a large number of the people who would help you with your problem are not going to visit your site.

mysql_real_escape_string, like its' name indicates is only usable for escaping string data (data that is put into a query inside of single-quotes.) It does nothing to prevent sql injection for numeric data put into a query (data that is not in single-quotes and the solution to this does not involve putting single-quotes around numeric data as that causes mysql to go through an extra step of converting the string containing a numeric value back to a number which it does by converting to a float.) Numeric data must be validate as numeric or it must be cast as a numeric data type in order to prevent sql injection (you can inject sql in this case without using any quotes around it by encoding it as a HEX hex value or producing a string using CONCAT()/CHAR() functions.)

It worked in that case because output_buffering was turned on in the master php.ini, so it was possible to create code that resulted in an incorrectly formed web page but functioned on the server where it was created. Unfortunately, php.net has a history of trying to get php to - "help a few beginners blissfully and unknowingly write better code." (quote taken directly from the php.net documentation.) This however means that the resulting code is not general purpose and prevents it from working on all servers and the people posting tutorials should be aware of special conditions like this and write tutorials that are correct that would work on all server configurations.

@pbs, Except that doing so would take approximately three times longer because the loop would need to produce the expected array index from the Unix timestamp, whereas the previously suggest solution can use the $date as the index directly. $date = '15/03/1991'; $date2 = '21/07/2009'; list($day,$month,$year) = explode('/',$date); $date = mktime(0,0,0,$month,$day,$year); list($day,$month,$year) = explode('/',$date2); $date2 = mktime(0,0,0,$month,$day,$year); $array2 = array(); while($date <= $date2) { $index = date('Y-m-d',$date); $array2[$index]['value'] = 'somedata'; $date = strtotime("+ 1 day",$date); } echo "<pre>",print_r($array2,true),"</pre>"; Excluding the echo ... print_r() statement at the end of each piece of code, the first code typically takes 0.35317993164062 sec and the second code takes 1.1751408576965 sec. Actually using mktime() inside of the loop would take even longer than the posted code.

<?php $date = '15/03/1991'; $date2 = '21/07/2009'; // unfortunately, dd/mm/yyyy is not a format that strtotime() understands // it is also not a format that can be used in greater-than/less-than comparisons // convert to yyyy-mm-dd list($day,$month,$year) = explode('/',$date); $date = "$year-$month-$day"; list($day,$month,$year) = explode('/',$date2); $date2 = "$year-$month-$day"; $array = array(); while($date <= $date2) { $array[$date]['value'] = 'somedata'; $date = date('Y-m-d',strtotime("$date + 1 day")); } echo "<pre>",print_r($array,true),"</pre>"; ?>

$upload_path . $filename You will find that the file is in the .. ../Music folder and it has a name that starts with 'Songs', something like Songssomething.ext because there is no / separator between the path and the filename.