PFMaBiSmAd

So, when you do a "view source" of the form in your browser, what exactly is present in the HTML for the select menus?

Actually, mysql_real_escape_string(), like its' name indicates, only protects against sql injection in string data (i.e. data that is enclosed in quotes in the query.) It does not protect against sql injection being done in numeric data (i.e data that is not enclosed in quotes in the query.) Nor does it protect against sql injection when an identifier (database, table, or column name) in the query comes from an external variable.

if(mysql_query("SELECT * FROM $table_name WHERE `rand` = '{$rand}' LIMIT 1")) The above line of code just tests if the query executed without errors. It does not test if any row(s) were returned in the result set. You need to use mysql_num_rows() to find out how many rows are in a result set.

phpbb (at least V3) does not use php's built in sessions. It completely manages the propagation of variables between pages using php code and it stores the data in a database table.

It should apply to the whole site, but this depends on how the host has setup the server. Some configurations require a local php.ini to be placed in each folder you want it to affect. Yes, but is it on the same server as the one you are currently having a session problem?

At the time your script executes, session.save_path is set to /var/php_sessions/. That is either the correct setting but the path does not exist, or it is an incorrect setting and should in fact be changed to point to the correct folder. If you are on shared web hosting, you should actually have a 'private' folder within your account's folder tree and set session.save_path to point to that folder. The folder should be outside your document root folder (closer to the disk root) so that no one can attempt to browse to the session data files. If that option is not available and you can only put the folder within your document root folder, you need to put a .htaccess file in the folder that prevents (deny) all http requests.

Add the following two lines of code immediately after the first opening <?php tag on both pages - ini_set("display_errors", "1"); error_reporting(E_ALL); And what version of php, because session_start() only returns a valid true/false value on php5.3

Your using your safe() function on some of the string data being put into the query string, but not all of the string data being put into the query string. The error is occurring on line 3 of the query - ON DUPLICATE KEY UPDATE `opp_title` = '".$item['title']."';"; Where is the escaping being done on $item['title'] in that part of the query?

The following line is missing a $ in front of setyet - if(setyet==false){ Please develop php code and debug php code on a system with error_reporting set to E_ALL and display_errors set to ON in your php.ini to get php to help you find simple mistakes. You will save a ton of time. Stop and start your web server to get any change made to php.ini and confirm that the settings are actually changed using a phpinfo() statement.

The line of code $celeb_id = $result['celeb_id']; is overwriting $celeb_id each pass through the foreach() loop. You only get the last value out. If you want an array of all the values, you need to build an array - $celeb_id[] = $result['celeb_id'];

That is a simplistic login in script. It does not have any advanced features to manage things like preventing multiple logins. That would require storing the logged in/out status and information about where the current login came from/session id in a database table.

WHERE YEAR(your_date_column) = YEAR(curdate()) Beyond that, you would need to post what you did try if you want someone to help with why it did not work. Also, post an example of what data is in your column.

Actually, if you use an array to hold the errors and set the index to be the type of error and set the value to be the error message, it makes both checking if there are no errors and displaying a specific error easier at the proper place when the form is redisplayed. $errors = array(); // define an empty array at the start .... $errors['EmailError'] = $displayEmailError; // set an error in the array ... // to check if there are no errors - if(empty($errors)){ // no errors, process the data }

Along those same lines. Your question is actually beyond the scope and type of help that a forum can provide in the few hundred words that could be given in a reply. This is the subheading of this forum - If the scope of your question concerns a specific error or problem with your code or with a specific question about what you want to do (a specific question about a contest script would be something like, how do I design a mysql table so that I can detect and prevent duplicate entries by the same person...), then a forum would be able to help you. For a broad question like - I would like to code a __________ (insert name of any application) but i don't know how, you are going to be disappointed with the replies because, except for the simplest applications, we cannot provide information that addresses your level of experience and with enough details that it will actually do you any good.

If you do a "view source" of the page in your browser, you will likely see a php error that $row->manufacturer does not exist. The expression you put into the SELECT term in a query is exactly what you get in the result set. You would actually get something like $row->TRIM(manufacturer), but since that is not valid object notation, you would not be able to access the value unless you use an alias name in the query. Use the following - "SELECT DISTINCT TRIM(manufacturer) as manufacturer FROM portal_deductible WHERE carrier = 'carrier2'" You should also check how many rows there are in the result set and take an appropriate action, like displaying a user message "There are no matching entries" instead of displaying an empty select menu.

Only when you attempt to get a web server to do something it was not designed to do.

There's nothing technically wrong with that query. It would taking seeing your code from the point where you form the query though to the code that is determining that there is no results in order to determine what is wrong. Also, post a sample of your data that you expect the query to return.

Assuming your start date is mm/dd/YYYY - <?php $daysaway = 400; $startdate = "5/5/2005"; //I need how to get the date that was 400 days ago $mydate = date('m/d/Y',strtotime("$startdate - $daysaway days")); print "$mydate was $daysaway days from $startdate."; ?>

Or php's highlight_ functions - <?php $file = 'help.php'; // name of file containing php code $content = highlight_file($file,true); // get and highlight the php code ?> <style type="text/css"> .code { border-style:solid; border-color:red; } </style> <?php echo '<div class="code">' . $content . '</div>'; ?>

And in reply#4 you did not have a comma there (nor did anyone show putting one there.) Why did it get added?

Either $page is empty or it does not contain the <roottag> </roottag> tags. Have you echoed $page to see exactly what is in it?

SET expects a comma separated list - myOrder =$this->position, active=$this->active, content='$this->content'

Your code isn't actually testing the result of the query before it returns the "The user you select was removed" message and what trigger_error() does is dependent on the error_reporting level and what the display_errors/log_errors settings are. You also don't need to use class variables for everything inside of a function unless you want or need to access those variables outside of the function. Edit: Also, using both addslashes (which does not escape all the special characters that can break a query) and mysql_real_escape_string is double escaping your data and is wasting processing time. Remove the addslashes() function calls.

user_name is not the same as username

You might want to check if the name="...." attributes in your form are the same that your code is using in the $_POST variables. Also, are you learning php, developing php code, and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON in your master php.ini so that php would help you by displaying all the errors it finds? Stop and start your web server to get any change made to the master php.ini to take effect. You will save a ton of time if you get php to display all the errors if finds.