PFMaBiSmAd

Edit: Repeats some of what cags posted above... The problem is not necessarily in your function definition, but in how you are calling it - search_field($startFrom, $recordperPage, $searchCat, $searchField); echo search_field($dbResult); That code calls search_field() twice. The first time you provide all four parameters and guess what, that call is probably successful and does not produce an error. However, the funciton returns the value from the mysql_query(), but the call to the function does not assign that value to anything, so it won't be available for any purpose. The second call to search_field() only contains one of the required parameters AND that parameter both does not exist (because the first call to the function did not assign the returned value to anything) and that value is not of the type expected for the $startFrom parameter. Even if you had assigned what the first call to the function returned you could not call your function a second time because you cannot take the result of one mysql_query, which is a result resource when the query works, and put that directly into another query. You must fetch something from a result resource for it to be usable.

What does the following show (use the full <?php tag exactly as shown) - <?php phpinfo(); ?> And if it produces the correct phpinfo output, what is the actual runtime value listed for the short_open_tag setting? Just because a setting is present in a php.ini, that does not mean anything if that php.ini is not the one the php is using. You must always check what a setting actually is using a phpinfo() statement. And if you find that the short_open_tag setting is actually off, don't wasted any more of your time using short <? tags. The amount of time you have spent on this so far is several orders of magnitude more that what you saved leaving off the 'php' typing <? and the amount of time it would have taken you to search/replace through your code to change to <?php tags.

The mysql general query log, when it is enabled, only lists the mysql username, date/time, and the actual query string. The binary query log lists the queries that insert/update data. Unless you used a different mysql user to connect from each different file, those logs would not necessarily tell you anything. The mysql server/php client does not actually know or care anything about where in your application connections or queries are executed at. Either it is not your application code that is being used to execute the queries containing the blank filename information (does your database allow external connections and/or do you have strong passwords on all of your database connections) or your code is being executed through a means that does not have the filename information present such as an include file being requested directly. If all of your code uses a common scheme to form and execute queries, posting an example of your code would allow someone to determine how it might be possible to execute a query where the filename information is blank. It's also possible that the 'extra' entries are due to sql injection. Are you validating and escaping data being put into queries so that you know for a fact that your application does not allow sql injection.

See this - http://www.phpfreaks.com/forums/index.php/topic,270811.msg1277861.html#msg1277861

If you have a variable that optionally might or might not exist at the time your code is executed, you need to use isset() to test if it does exist. It is common to use code like the following to give such an optional variable the actual value or a default value so your code will behave in a predictable manor when the variable does not exist - $action = isset($_GET['action']) ? secure($_GET['action']) : ''; // pick a default value (and empty string in this example) that makes sense in your application

Single-quotes ' are uses around string data. Back-ticks ` are used around table and column names that need special handling because they contain special characters or are a reserved word.

Define: "it doesn't work" That provides absolutely no helpful information about what you saw in front of you when you tried it that anyone else would need in order to help you. For all we know, you don't even have php installed on a web server.

Yes, you are either getting a fatal parse error or a fatal runtime error or your code is not producing any output. You need to be learning php, developing php code, and debugging php code on a system with error_reporting set to E_ALL and display_errors set to ON in your php.ini so that php would help you by displaying all the errors it detects. Stop and start your web server to get any change made to php.ini to take effect and use a phpinfo() statement to confirm that the settings were actually changed in case the php.ini that you are changing is not the one that php is using.

This - disable_functions php.info php.info is not - phpinfo

The following is quick and dirty code that is specific to the data you showed. You need to put back in your actual mysql code (see the comments, two places) - <?php session_start(); $_SESSION['parts'] = array(); // cheat and share a global session variable between the different xml handler functions ?> <html> <head> <link rel="shortcut icon" href="/favicon.ico" /> <title> Title here i took it out =p </title> </head> <body> <?php // your mysql_connect() and mysql_select_db() goes here ... $parser = xml_parser_create(); function start($parser, $element_name, $element_attrs) { switch($element_name) { case "SKU": // this is the start of a set of data $_SESSION['parts'] = array(); // create an empty set break; case "TIME": // this is the tag that is after the end of the stated set of data, complete and execute the query here - // code to build the whole query statement and your mysql_query() goes here ... print_r($_SESSION['parts']); // contains the three values for sku, part, qty echo "<br />"; break; default: } } function stop($parser, $element_name) { } function char($parser,$data) { $data = trim($data); if($data != ''){ if(!isset($_SESSION['parts']['SKU'])){ $_SESSION['parts']['SKU'] = $data; } elseif(!isset($_SESSION['parts']['PART'])){ $_SESSION['parts']['PART'] = $data; } elseif (!isset($_SESSION['parts']['QTY'])){ $_SESSION['parts']['QTY'] = $data; } } } xml_set_element_handler($parser, "start", "stop"); xml_set_character_data_handler($parser, "char"); $fp=fopen("http://morris.morriscostumes.com/out/available_batchnynyy_001.xml","r"); while ($data=fread($fp,4096)) { xml_parse($parser,$data,feof($fp)) or die (sprintf("XML Error: %s at line %d", xml_error_string(xml_get_error_code($parser)), xml_get_current_line_number($parser))); } xml_parser_free($parser); ?> </body> </html>

And it just occurred to me that some security test probably attempted to inject raw php code into one of your scripts and it was executed. The test code being a phpinfo() function. If so, the issue is not the phpinfo() function, but the fact that raw php code could be injected and executed on your server. What exact problem are you having?

Using disable_functions = phpinfo does work, so it is likely that the php.ini that you were changing is not the one that php is using. What does the phpinfo() output show for the Loaded Configuration File setting? Also, the phpinfo() function should not really be a security issue because you should never leave any script files on a public web server that contains a phpinfo() statement.

What exactly is it doing when you try it? What DB crash? All you stated was that you can't access the DB.

I'll guess that on the live server the UPDATE query is failing because the table by that name/capitalization does not exist. You are looking in the first/only table for a value as the result of the UPDATE query that will never be present because it was attempted on a different table.

No. Unless you produce a link on a page with something other than the actual value, a search engine is not even going to know or try anything else. Using the CAST() function will slow down every query with it in it and making the column a character type would only be needed if you intended to have separate values like 20, 020, and 0020 that were for separate rows.

Dtonlinegames, the change you made to the code is meaningless because the value returned by an insert query is only a TRUE or FALSE value, depending on if the query succeeded or failed. mysql_insert_id() exists and was being used for a very specific purpose in the code. blue-genie, what operating system are you using because the table names gameinstance and gameInstance are not the same on operating systems that are case-sensitive.

The 4th parameter in the setcookie() function call is a 'path' parameter that must be set to make the cookie available outside of the path where the setcookie() was executed. Ref: http://php.net/setcookie

Your form processing code is dependent on the following line being TRUE in order to do anything - if (isset($_POST['submit']) && $_POST['submit'] == 'submit') Have you attempted to troubleshoot what your code is doing by checking what your form actually sends for that value?

Every page request is completely separate from every other page request. $_POST data from one form is only directly available on the page that is the target of the action="..." parameter. You must deliberately do something to cause any data present on one page to be passed through to another page. You would either need to use one single form for everything, use a hidden field in the second form to carry data from the first form, or use session variables.

if(isset($_POST['twitter_msg'])){ Your code is dependent on a form field named twitter_msg being set in order to even execute the code that calls the postToTwitter() function. Where in your form is that field?

If you just do the following, all php errors on the page that is producing the HTTP 500 response code will be reviled -

No one can really help you with the specific problem present in your code without seeing your code the exhibits the problem.

Actually, strings would be needed on both sides of the = comparison because of the automatic built in type conversions - - SELECT * FROM table WHERE CAST(sid AS CHAR) = '0020'

CrownVictoriaCop, the site you found seems to be a random collection of information and at least the part I looked at concerning the mysql information was not one contiguous entity that started from the beginning and built upon the previous steps. You would do much better starting with the mysql tutorial in the following link as it at least starts at the beginning and builds onto each step by using what has already come before - http://w3schools.com/php/php_mysql_intro.asp The w3schools.com site is also one of the better sites for basic web related tutorials.

Leading zeros on numbers have zero significance. To do what you want would require treating the value in the sid column as a string. You would either need to cast the sid column as a CHAR type in the query or you would need to make the sid column one of the string data types. What is the definition of the sid column now and why do you want or need to use leading zeros in an identifier?