Adam

If you're using FF it has a built in error console (tools > error console) - you should be able to find something to point you in the right direction there. If not perhaps look at installing Firebug or a similar FF extension.

Actually, I did find some 'SQL inject me' fails for the login screen, I didn't test it at first, but forgot to mention it in a reply...

Okay I see now, where do you get the value for the `ad` field? What I was talking about before is building the query up through the code, rather than running a query for each iteration of the loop - obviously creating 4 rows. I don't have the time to get into all your code right now, but consider something like: $insert_sql = "insert into ad_image (ad, image_1, image_2, image_3, image_4) values ('', "; for (loop condition) { $insert_sql .= "'" . $filename . "',"; } $insert_sql = rtrim($insert_sql, ','); // trim the last comma $insert_sql .= ")"; $insert_query = mysql_query($insert_sql); Sorry if it's too vague..

Why not generate the content with PHP before any of the page loads? Then you can just make the DIV display when you run the function...

I see. What's your database table structure like?

It's not if .. else .. else if. You'd never reach the last else if cause else would always be run. It's if.. else if.. else.. With as many else if conditions as you like.

Using $_FILES['img$imgNumb'][name] would be trying to find the literal index "img$imgNumb" in the array for each loop, not "img1", "img2", etc. Though *personally* I'd still go for single quotes and using the dot to concat the $imgNumb var (like: 'img' . $imgNumb) You think you want them in an array? What for? Really you already have them in an array... What exactly is the desired outcome of the script?

If you read that tutorial you'll see how sometimes that doesn't protect you. Besides that not all input can be treated the same.. In certain circumstances you will need different filters to reflect what you're doing with the data.

Passed all of SQL Inject ME's tests!

You've removed "city[0] = nList;" ... does that not have anything to do with it?

When you leave the action empty it just posts back to the current page. Letter? Was that a typo? Are you saying you want to enter all 4 of the images into one single row, as apposed to a row each? If so then you'll need to build the SQL up as a string and then run the query after the loop. Make sense?

Have a read through this... http://www.phpfreaks.com/tutorial/php-security

I've not looked much at the code, but think I've spotted the problem. Try moving "var city = [];" outside of the function. As it is, every time that function's called it's declaring 'city' as an empty array, which is probably why you're not seeing what you expect. This may not be the solution though just a quick idea..

Hmm that's kinda what my Visual Basic tutor taught me at college, but to be honest I don't follow it. I find it a much bigger ball ache than it's worth; meaningful variable names should avoid any confusion. As for 'delete', I don't even think it's a prototype is it? What errors do you get? EDIT: I've found a 'delete operator'; but that uses a different syntax so shouldn't cause any problems...

Try removing the echo statements, otherwise you're trying to redirect to another page after you've printed content to the page.

Try adding enctype="multipart/form-data" to the HTML form tag.

Fair point, but Mr. X who runs the website is about £40-50 better off down to 30 seconds of work. Is there any arguements against using it?

Isn't this classed as false advertising?

Hmm, soldering definitely isn't my strong point- although my faver ain't to bad I don't think. Al give him a buzz, cheers!

Cool, thanks. Shall experiment with it later.

It's a notice telling you that $parts[1] isn't actually set (the key '1' doesn't exist). Just quickly add some debugging code to find out what's in the $data array, like so: print '<pre>';print_r($data);print '</pre>'; Add that just after $data = ......

Why do you have an @ before a variable? They suppress errors. You are running the query after aren't you? If so, after the mysql_query function add: or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR); So it would look something like: $var = mysql_query(...) or trigger_error('Query failed: ' . mysql_error($db), E_USER_ERROR);

Add this just after your first opening PHP tag: ini_set('display_errors','1'); error_reporting(E_ALL);

Why textarea if it refresh every 5 seconds, surely they wouldn't be able to edit it in time? But basically similar concept, switch this line: print $parts[0].$parts[1].'<br><br>'; To this: print '<textarea name="someName[]">'.$parts[0].$parts[1].'</textarea><br><br>';

You need to add a 'WHERE' clause to the end so you can control which records are updated: http://www.w3schools.com/php/php_mysql_update.asp (take a look at first example)