PFMaBiSmAd

So, are you escaping string data using mysql_real_escape_string so that special sql characters in it won't break your queries?

All code must be tested at some point in time. One of the points of programming is that you can try something to see if it does what you expect. It's only when it does not work and you cannot figure out how to make it work that you run to a programming forum to ask for help. If you get stuck at the point of not even trying something in programming, it is going to take you a really long time to complete what you are working on.

The "empty query" error is because the variable you put into the first mysql_query() is NOT the variable you put the sql statement into. I wish you were developing and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini to get php to help you. There would have been an undefined error message concerning the mismatch in variable names at the first mysql_query() statement.

Use both of the following lines of code so that errors are both reported and displayed - ini_set("display_errors", "1"); error_reporting(E_ALL); On a development system, you should actually have these two settings in your master php.ini so that you don't need to put them into your files or remember to remove them when you put your finished code on a live server.

See this link for a definition of the function you are using - mysql_fetch_array And since this is a php issue, moving thread to the php help forum...

Define: always in the above? The first time you open the page in your browser? Every time you refresh the page? You have got to state what you are doing that produces the symptoms. And are you learning php, developing php code, and debugging a problem with some php on a system with error_reporting set to E_ALL and display_errors set to ON in your php.ini so that php would help you by displaying all the errors it detects?

Just put the values back into the UPDATE query for each column. If they are the same as what is already in the column, they are not actually updated.

I'm going to guess that the mysql extension is not enabled. What does a phpinfo(); statement show for the mysql extension? And are you debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON in your php.ini so that php would help you by displaying all the errors that it detects?

php crashing when doing something that relies on a specific extension generally indicates that you have a mix of files from different php versions. Any chance you updated php but did not update all the files in the php root folder and the ext folder and/or you previously copied some files to the Windows folder but did not also update those?

You already have an existing thread for this problem. I suggest you continue in that thread instead of starting another one so you don't loose the history and information about what you are doing. Why do you want to execute three queries now, when you can do all of that with a single query and a few lines of php code as mentioned in the other thread?

The format string in the above is nonsense. Assuming you are attempting to insert the current date and time, just use the mysql NOW() function in your query.

The three parameters in the mysql_connect() function call are not in the order that you tried. The only way to effectively use any programming language is to read the documentation for whatever small part of it you are attempting to use - http://php.net/mysql_connect

It does not matter. A doctype only matters when it has been sent to the browser. When a doctype is in a source file on the server is it just a bunch of inert characters. Php outputs content - HTML/CSS/Javascirpt/media... to a browser. The only thing that matters is that the resulting HTML/CSS/Javascirpt/media is valid and accomplishes what you desire for that page. As long as an include statement comes before where the code in the included file is needed it does not matter. A general rule would be that any initialization that php needs on the page, such as including files, stating sessions, determining if the visitor is logged in and/or has permission to access the page... should come first. You then build the content that makes up the page and output it.

You would need a query to find a row matching the ID, then if there is a matching row, test, using php code, if the PIN in that row matches what was entered. You should however only specifically report if the ID or PIN did not match if you have bad attempt detection and account lockout because if you allow a hacker unlimited attempts at entering IDs, then unlimited attempts at entering PINs, he can just let a bot script perform a dictionary attack until he finds valid IDs and PINs.

Your code is dependent on register_globals to 'magically' populate program variables from post/get/session/cookie variables by the same name. Unfortunately, register_globals was a huge blunder by php.net because they also allow hackers to set your session variables to anything they want, causing a huge number of web sites to be taken over. register_globals were turned off by default in php4.2 in April of the year 2002. No code, books, tutorials, web host, or programmers should have relied on register_globals in their code nor should they have enabled them in php.ini. This security problem has been known for 7 years. There is no excuse for any code to still rely on register_globals at this date. Register_globals have been completely removed in php6. You will need to fix your code so that it uses the proper $_POST, $_GET, $_SESSION, or $_COOKIE variables where the actual data is coming from.

Setting those would have only caused php detected errors to be displayed. It is highly likely that your mysql extension was not enabled, producing fatal runtime errors, but because the error_reporting/display_errors were not set to show you the resulting errors, you were not receiving any feedback. I suspect that restarting the web server to enable those two settings that it likely enabled the mysql extension at the same time. Those two settings should be as indicated on every development system. They will save you a ton of time while learning php, developing php code, and debugging php code.

Not if your code contains proper error checking logic.

Your index.html page has been saved with the UTF-8 BOM (Byte Order Mark) characters at the start of the file. You need to save it without the BOM.

Are you developing and debugging php code in a system with error_reporting set to E_ALL and display_errors set to ON in your php.ini to get php to help you by displaying all the errors it detects? (Stop and start your web server to get any change made to php.ini to take effect and confirm the actual settings using a phpinfo(); statement in case the php.ini that you are changing is not the one that php is using.)

to is a reserved mysql keyword and that query never worked. What query were you using there that did work?

What method did you use to install php? The .msi installer or the .zip package? Your extension = some_path/curl.dll is invalid for a couple of reasons. The path is not used in that line and the curl dll is named php_curl.dll. If you did not find any existing lines in your php.ini that you simply need to uncomment (and then stop/start the IIS web service), it is likely you installed php using the .msi installer. If this is the case, you need to enable php extensions through the add/remove item in the Windows control panel.

Where and how are you testing this code? Live servers often have file/page caching and headers setup that can prevent changes made to content from immediately showing up, unless you specifically output your own headers to prevent any caching on the server or in the browser or in any device in between them.

Seven years ago $SCRIPT_NAME would have been valid. Either use $_SERVER['SCRIPT_NAME'] or you can just leave off the script/file name in the action="..." attribute and use - action="?id=<?php echo $validentry; ?>"

You cannot output image data inside of HTML. Also, you cannot output a content-type header or any other type of header after content has been output to the browser. You must use a HTML <img tag to place an image on a web page inside of HTML - http://w3schools.com/html/html_images.asp The URL that goes into the <img src="URL of an image" alt=""> must be to a .php file that outputs the correct Content-type header followed by the correct image data.

A slightly different method of handling validation errors is to use an array to hold the errors/messages. You set an array element for each validation that fails but continue with all the validation logic. This allows you to validate and then display multiple errors at one time instead of just handling the first one found, then wait to display and handle the next one on the next form submission... When you get to the end of the validation logic, if the error/message array is empty, there were no validation errors and you do your normal form processing. If the array is not empty, you redisplay the form. You can also do things like make the array index names indicate which form field failed so that you can put the error/message adjacent to the actual form field it applies to. This method works best when the form and the form processing code is on one page. Using a single page also makes it easier to redisplay the previously entered values in the corresponding form fields.