MadTechie

try this echo "<a href=\"http://www.ydnfutc.com/Forum/showthread.php?t=".$thread['threadid']."\">".$thread['title']."</a>";

I forgot a line after if(isset($todo) and $todo=="submit-rating" && (!empty($_SESSION['hash']) && !empty($_POST['hash']) && $_SESSION['hash']==$_POST['hash']) ){ add $_SESSION['hash'] =""; so if(isset($todo) and $todo=="submit-rating" && (!empty($_SESSION['hash']) && !empty($_POST['hash']) && $_SESSION['hash']==$_POST['hash']) ){ $_SESSION['hash'] =""; the idea is the post and the session are both set to the same thing when posted.. after the submit, session is wiped (the line i forgot) then the page is refreshed they no longer match

Okay in your form add $_SESSION['hash'] = time(); echo "<input type='hidden' name='hash' value='".$_SESSION['hash']."'>"; and change if(isset($todo) and $todo=="submit-rating"){ to if(isset($todo) and $todo=="submit-rating" && (!empty($_SESSION['hash']) && !empty($_POST['hash']) && $_SESSION['hash']==$_POST['hash']) ){

Oh.. my... try this echo $thread['title']." - By ".$thread['postusername']."<br>"; I forgot the $.. (shakes head in shame)

I'm going to guess here but i would say its redirecting back to vote submitting page.. note that $ret_url isn't being set! try changing $off_to = "Location:". $ret_url; to $ret_url = "index.php"; //(assuming thats not the submitting page) $off_to = "Location:". $ret_url; EDIT: just noticed the exit(); so that code is never used! can you post post-ok.php

thats because you sending HTML.. this is a PDF not a HTML page.. Options 1. use PDF_add_table_cell (example here http://uk.php.net/manual/en/function.pdf-fit-table.php) 2. try HTML2PDF Hope that helps

a simple loop would work! //$row = array from DB containing rate $row['rate'] = 3; /ie for($n=0;$n<$row['rate'];$n++) { echo "<img src='star.png'>"; }

Okay i havn't code with vB but that code seams to be done.. So to continue i'll get to get some extra info.. 1. what you have in the array 2. what do you want to display ? to get the array details try this and post the results back while ($thread = $vbulletin->db->fetch_array($threads)) { // thread data is in $thread } to while ($thread = $vbulletin->db->fetch_array($threads)) { echo "<pre>";var_dump($thread);die; } This is just for getting the array info to post back here ie [name] = (string)"MadTechie", [userid] = (int)12 etc once you have that you can update code above to while ($thread = $vbulletin->db->fetch_array($threads)) { echo thread['name']." - ".thread['userid']."<br>"; } Hope that helps

Theirs Quick summary at the bottom but i think it will make more sense reading the whole thing then the summary.. Okay the /i means ignore case (case insensitive) which was kinda pointless.. Let me break down this code first var re = /^(.*?)::.*?)$/i; /^(.*?):::(.*?)$/i / = Start and End of the RegEx ^ = From the Start $ = To The End ::: = this String = ::: (.*?) = the () mean Capture whats in side . = anything * = None or more ? = lazzy (AKA until) So basically Capture until So to sum that up from the start ^ Capture anything until ::: then capture anything until the End $ Now thats 2 Captures First becomes Match[1] Second becomes Match[2] Now [\s\S] mean characters that are or are not whitespaces (which means anything aka .) Okay thats the reply So xmlHttp.open("GET", loaderphp+"?cust_id="+cust_id,true); Makes a call to the url with that call a listener is also started.. So XMLHttpRequest listens for a responce (readyState) when the called page has finished (DONE) loading, the readyState is set to 4 (4 = done).. this mean xmlHttp.responseText is also ready, (contains the page) So.. Quick summary Javascript passes the value of a drop down to a script that uses AJAX to open a url and that page uses GET to find check the database for entries and echos them out then exits. as this page was loaded via a AJAX request the contenst of the page is picked up by the listener, which waits for the readystate to be set to 4 (page finished loading), then check to see if contents contains something1:::something2 if it does then sets the value of element id 'quote_to' to something1 and the value of element id 'email_to' to something2. I hope that makes sense..

Opps can't use trim in an if statement $tel = " "; $tel = trim($tel); $mob = trim($mob); if(!empty($tel)) { $contactdetails = $tel; }elseif(!empty($mob)){ $contactdetails = $mob; }else{ $contactdetails = $email; }

Okay the var re = /^(.*?)::.*?)$/i; and var re = /^([\s\S]*?)::[\s\S]*?)$/i; do the exact same thing (just JS doesn't like the first one).. they are regular expressions you could probably use JS .split() but it was quicker for me to write a RegEx.. it basically means get the string from the start up until ::: then from their to the end Match[1] = first half Match[2] = second half i hope that makes sense regular expressions is a large topic so don't worry too much if it doesn't make sense.. it took me awhile..

the logic is confusing here elseif ($tel == '' || $tel == ' ' && $mob != '' || $mob != ' ') try elseif ( ($tel == '' || $tel == ' ') && ($mob != '' || $mob != ' ')) But you don't really need to check the $tel, as you know its empty heres my route <?php if(!empty(trim($tel))) { $contactdetails = $tel; }elseif(!empty(trim($mob))){ $contactdetails = $mob; }else{ $contactdetails = $email; } ?>

I think i solved it, a bug with the reg in in the JS, change var re = /^(.*?)::.*?)$/i; to var re = /^([\s\S]*?)::[\s\S]*?)$/i; Full Code <?php require_once('Connections/geQuote.php'); mysql_select_db($database_geQuote, $geQuote); /* $database_geQuote = "test"; $geQuote = mysql_connect("localhost","root",""); $selected=mysql_select_db($database_geQuote, $geQuote); */ ?> <?php $query_listCustomer = "SELECT customer.cust_id, customer.name FROM customer ORDER BY customer.name"; $listCustomer = mysql_query($query_listCustomer, $geQuote) or die(mysql_error()); $row_listCustomer = mysql_fetch_assoc($listCustomer); $totalRows_listCustomer = mysql_num_rows($listCustomer); if( isset($_GET['cust_id']) ) { $query_custData = sprintf("SELECT contact, cust_email FROM customer WHERE cust_id=%d LIMIT 0,1",$_GET['cust_id']); $result_custData = mysql_query($query_custData, $geQuote) or die(mysql_error()); $row_custData = mysql_fetch_assoc($result_custData); echo $row_custData['contact'].":::".$row_custData['cust_email']; exit; //we're finished so exit.. } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>Untitled Document</title> <script language="javascript"> function ajaxFunction(cust_id) { //link to the PHP file your getting the data from //var loaderphp = "quote.php"; //i have link to this file var loaderphp = "<?php echo $_SERVER['PHP_SELF'] ?>"; //we don't need to change anymore of this script var xmlHttp; try { // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); }catch(e){ // Internet Explorer try { xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); }catch(e){ try { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); }catch(e){ alert("Your browser does not support AJAX!"); return false; } } } xmlHttp.onreadystatechange=function() { if(xmlHttp.readyState==4) { var re = /^([\s\S]*?)::[\s\S]*?)$/i; var match = re.exec(xmlHttp.responseText); if (match != null) { document.getElementById('quote_to').value= match[1]; document.getElementById('email_to').value= match[2]; } } } xmlHttp.open("GET", loaderphp+"?cust_id="+cust_id,true); xmlHttp.send(null); } </script> </head> <body> <select name="cust_id" id="cust_id" onchange="ajaxFunction(this.value);"> <?php do { ?> <option value="<?php echo $row_listCustomer['cust_id']?>"><?php echo $row_listCustomer['name']?></option> <?php } while ($row_listCustomer = mysql_fetch_assoc($listCustomer)); $rows = mysql_num_rows($listCustomer); if($rows > 0) { mysql_data_seek($listCustomer, 0); $row_listCustomer = mysql_fetch_assoc($listCustomer); } ?> </select> <h2>Quoted to:</h2> <input name="quote_to" type="text" class="widebox" id="quote_to" maxlength="50" /> <h2>Email to:</h2> <input name="email_to" type="text" class="widebox" id="email_to" /> </body> </html> Example Database table CREATE TABLE IF NOT EXISTS `customer` ( `cust_id` mediumint( NOT NULL auto_increment, `name` varchar(50) NOT NULL, `contact` varchar(50) NOT NULL, `cust_email` varchar(50) NOT NULL, PRIMARY KEY (`cust_id`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ; -- data for table `customer` INSERT INTO `customer` (`cust_id`, `name`, `contact`, `cust_email`) VALUES (1, 'MadTechie', 'Richard', 'richard@blar.com'), (2, 'Alith7', 'PHPFreaks', 'Alith7@Alith7.com');

Humm.. can't see a problem.. add the following 3 alerts xmlHttp.onreadystatechange=function() { if(xmlHttp.readyState==4) { alert(xmlHttp.responseText); var re = /^(.*?)::.*?)$/i; var match = re.exec(xmlHttp.responseText); if (match != null) { alert(match[1]+"---"+match[2]); document.getElementById('quote_to').value= match[1]; document.getElementById('email_to').value= match[2]; } alert("done"); } } you should get "Julie:::JGomels@custwww.com" = getting a reply "Julie---JGomels@custwww.com" = Matched data "Done" -- no error on matching (doesn't mean it matched)

find this line xmlHttp.open("GET", loaderphp+"?cust_id="+cust_id,true); and add alert(loaderphp+"?cust_id="+cust_id); xmlHttp.open("GET", loaderphp+"?cust_id="+cust_id,true); now you should get an alert ie test.php?cust_id=2 try trying typing that in the browser see what you get back

Heres another attempt.. i'll let you debug some and see what you get <?php $selected=mysql_select_db($database_geQuote, $geQuote); if( isset($_GET['cust_id']) ) { $query_custData = sprintf("SELECT contact, email FROM customer WHERE cust_id=%d LIMIT 0,1",$_GET['cust_id']); $result_custData = mysql_query($query_custData); $row_custData = mysql_fetch_assoc($result_custData); echo $row_custData['contact'].":::".$row_custData['email']; exit; //we're finished so exit.. } ?> <script language="javascript"> function ajaxFunction(cust_id) { //link to the PHP file your getting the data from //var loaderphp = "quote.php"; //i have link to this file var loaderphp = "<?php echo $_SERVER['PHP_SELF'] ?>"; //we don't need to change anymore of this script var xmlHttp; try { // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); }catch(e){ // Internet Explorer try { xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); }catch(e){ try { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); }catch(e){ alert("Your browser does not support AJAX!"); return false; } } } xmlHttp.onreadystatechange=function() { if(xmlHttp.readyState==4) { var re = /^(.*?)::.*?)$/i; var match = re.exec(xmlHttp.responseText); if (match != null) { document.getElementById('quote_to').value= match[1]; document.getElementById('email_to').value= match[2]; } } } xmlHttp.open("GET", loaderphp+"?cust_id="+cust_id,true); xmlHttp.send(null); } </script> <select name="cust_id" id="cust_id" onchange="ajaxFunction(this.value);"> <?php $listCustomer = mysql_query("SELECT cust_id, name FROM customer"); while ($row_listCustomer = mysql_fetch_assoc($listCustomer)) { echo "<option value=\"{$row_listCustomer['cust_id']}\">{$row_listCustomer['name']}</option>\n"; } ?> </select> </td> </tr> <tr> <td width="200" height="25"><div align="right"> <h2>Quoted to:</h2> </div></td> <td> <input name="quote_to" type="text" class="widebox" id="quote_to" maxlength="50" /></td> </tr> <tr> <td width="200" height="25"><div align="right"> <h2>Email to:</h2> </div></td> <td><input name="email_to" type="text" class="widebox" id="email_to" /></td> </tr>

okay i finished cooking so i'm off to eat.. I hope your doing well but for some debugging if you try test.php?cust_id=1 you should get a page thats says if you try the same (with a valid id and the database is used) check to see if you get anything else that may help you find the bug Back in a while Regards Richard

Okay i have re-created it (kinda) as i don't have the database i have create a dumb version,, i hope it makes sense, (if you run this by itself to test first) <?php #$selected=mysql_select_db($database_geQuote, $geQuote); if( isset($_GET['cust_id']) ) { $query_custData = sprintf("SELECT contact, email FROM customer WHERE cust_id=%d LIMIT 0,1",$_GET['cust_id']); #$result_custData = mysql_query($query_custData); #$row_custData = mysql_fetch_assoc($result_custData); //Uncomment above and comment below //Fake Database $DATA = array( 1=> array("contact" =>"My Contact1", "email"=> "My Email1"), 2=> array("contact" =>"My Contact2", "email"=> "My Email2") ); $row_custData = $DATA[$_GET['cust_id']]; echo $row_custData['contact'].":::".$row_custData['email']; exit; //we're finished so exit.. } ?> <script language="javascript"> function ajaxFunction(cust_id) { //link to the PHP file your getting the data from //var loaderphp = "quote.php"; //i have link to this file var loaderphp = "<?php echo $_SERVER['PHP_SELF'] ?>"; //we don't need to change anymore of this script var xmlHttp; try { // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); }catch(e){ // Internet Explorer try { xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); }catch(e){ try { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); }catch(e){ alert("Your browser does not support AJAX!"); return false; } } } xmlHttp.onreadystatechange=function() { if(xmlHttp.readyState==4) { var re = /^(.*?)::.*?)$/i; var match = re.exec(xmlHttp.responseText); if (match != null) { document.getElementById('quote_to').value= match[1]; document.getElementById('email_to').value= match[2]; } } } xmlHttp.open("GET", loaderphp+"?cust_id="+cust_id,true); xmlHttp.send(null); } </script> <select name="cust_id" id="cust_id" onchange="ajaxFunction(this.value);"> <!--Fake Values Start--> <option value="1">one</option> <option value="2">two</option> <!--Fake Values End--> <?php /* do { ?> <option value="<?php echo $row_listCustomer['cust_id']?>"><?php echo $row_listCustomer['name']?></option> <?php /* } while ($row_listCustomer = mysql_fetch_assoc($listCustomer)); $rows = mysql_num_rows($listCustomer); if($rows > 0) { mysql_data_seek($listCustomer, 0); $row_listCustomer = mysql_fetch_assoc($listCustomer); } */ ?> </select> </td> </tr> <tr> <td width="200" height="25"><div align="right"> <h2>Quoted to:</h2> </div></td> <td> <input name="quote_to" type="text" class="widebox" id="quote_to" maxlength="50" /></td> </tr> <tr> <td width="200" height="25"><div align="right"> <h2>Email to:</h2> </div></td> <td><input name="email_to" type="text" class="widebox" id="email_to" /></td> </tr>

oops document.getElementById('quote_to').innerHTML = match[1]; document.getElementById('email_to').innerHTML = match[2]; should be document.getElementById('quote_to').value= match[1]; document.getElementById('email_to').value= match[2]; ajaxFunction function doesn't need the first parameter anymore..

Cool.. anything else ? about the email "value"

Nope it doesn't work like that! Okay .. Just to confirm.. Lazy Salesman selects Customer Name from a drop down (value = Customers ID) form this point you want to populate the remaining fields.. quote_to = contact email_to = email If so... (backup first.. i havn't tested any of this) first change if( isset($_GET['ajax']) ) { //In this if statement switch($_GET['ID']) { case "quote_to": $query_custData = sprintf("SELECT contact AS dbinfo FROM customer WHERE cust_id=%d",$_GET['ajax']); break; case "email_to": $query_custData = sprintf("SELECT email AS dbinfo FROM customer WHERE cust_id=%d",$_GET['ajax']); break; } $result_custData = mysql_query($query_custData); echo ""; while ($row_custData = mysql_fetch_assoc($result_custData)) { echo "{$row_custData['dbinfo']}"; } exit; //we're finished so exit.. } to if( isset($_GET['ajax']) ) { $query_custData = sprintf("SELECT contact, email FROM customer WHERE cust_id=%d LIMIT 0,1",$_GET['ajax']); $result_custData = mysql_query($query_custData); $row_custData = mysql_fetch_assoc($result_custData); echo $row_custData['contact'].":::".$row_custData['email']; exit; //we're finished so exit.. } remove this line <div id="quote_to"></div> change <input name="quote_to-old" type="text" class="widebox" id="quote_to-old" maxlength="50" /></td> back to <input name="quote_to" type="text" class="widebox" id="quote_to" maxlength="50" /></td> and now change xmlHttp.onreadystatechange=function() { if(xmlHttp.readyState==4) { //THIS SET THE DAT FROM THE PHP TO THE HTML document.getElementById(ID).innerHTML = xmlHttp.responseText; } } To xmlHttp.onreadystatechange=function() { if(xmlHttp.readyState==4) { var re = /^(.*?)::.*?)$/i; var match = re.exec(xmlHttp.responseText); if (match != null) { document.getElementById('quote_to').innerHTML = match[1]; document.getElementById('email_to').innerHTML = match[2]; } } }

can you post the results from this line echo "<br>query: ".$query;

Its kinda hard for me to run the code (not having the DB etc) but from what i can read i have updated it (see below) However.. the data your getting from the database.. what do you want to do with it ? as your pointing it to a textbox.. or did you want a list ? the code below i have fixed a few parts but also re-labled the text box to quote_to-old and added a div labled quote_to this sould give you an output but probably not how you want it.. <?php require_once('Connections/geQuote.php'); ?> <?php if (!isset($_SESSION)) { session_start(); } $MM_authorizedUsers = "quote"; $MM_donotCheckaccess = "false"; // *** Restrict Access To Page: Grant or deny access to this page function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { // For security, start by assuming the visitor is NOT authorized. $isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. // Therefore, we know that a user is NOT logged in if that Session variable is blank. if (!empty($UserName)) { // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. // Parse the strings into arrays. $arrUsers = Explode(",", $strUsers); $arrGroups = Explode(",", $strGroups); if (in_array($UserName, $arrUsers)) { $isValid = true; } // Or, you may restrict access to only certain users based on their username. if (in_array($UserGroup, $arrGroups)) { $isValid = true; } if (($strUsers == "") && false) { $isValid = true; } } return $isValid; } $MM_restrictGoTo = "noaccess.php"; if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) { $MM_qsChar = "?"; $MM_referrer = "quote.php"; if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&"; if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) $MM_referrer .= "?" . $QUERY_STRING; $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer); header("Location: ". $MM_restrictGoTo); exit; } ?> <?php if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } $editFormAction = "quote.php"; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "insertQuote")) { $insertSQL = sprintf("INSERT INTO quote (sales_id, cust_id, quote_to, email_to, title, quote, created) VALUES (%s, %s, %s, %s, %s, %s, %s)", GetSQLValueString($_POST['sales_id'], "int"), GetSQLValueString($_POST['cust_id'], "int"), GetSQLValueString($_POST['quote_to'], "text"), GetSQLValueString($_POST['email_to'], "text"), GetSQLValueString($_POST['title'], "text"), GetSQLValueString($_POST['quote'], "text"), $_POST['created']); mysql_select_db($database_geQuote, $geQuote); $Result1 = mysql_query($insertSQL, $geQuote) or die(mysql_error()); $insertGoTo = "quote_listsort.php"; if (isset($_SERVER['QUERY_STRING'])) { $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?"; $insertGoTo .= $_SERVER['QUERY_STRING']; } header(sprintf("Location: %s", $insertGoTo)); } mysql_select_db($database_geQuote, $geQuote); $query_listSales = "SELECT salesrep.sales_id, CONCAT(salesrep.first_name,' ', salesrep.last_name) AS salesRep FROM salesrep ORDER BY salesrep.last_name, salesrep.first_name"; $listSales = mysql_query($query_listSales, $geQuote) or die(mysql_error()); $row_listSales = mysql_fetch_assoc($listSales); $totalRows_listSales = mysql_num_rows($listSales); mysql_select_db($database_geQuote, $geQuote); $query_listCustomer = "SELECT customer.cust_id, customer.name FROM customer ORDER BY customer.name"; $listCustomer = mysql_query($query_listCustomer, $geQuote) or die(mysql_error()); $row_listCustomer = mysql_fetch_assoc($listCustomer); $totalRows_listCustomer = mysql_num_rows($listCustomer); $selected=mysql_select_db($database_geQuote, $geQuote); if( isset($_POST['Submit']) ) { echo "<pre>"; print_r($_POST); } if( isset($_GET['ajax']) ) { //In this if statement switch($_GET['ID']) { case "quote_to": $query_custData = sprintf("SELECT contact AS dbinfo FROM customer WHERE cust_id=%d",$_GET['ajax']); break; case "email_to": $query_custData = sprintf("SELECT email AS dbinfo FROM customer WHERE cust_id=%d",$_GET['ajax']); break; } $result_custData = mysql_query($query_custData); echo ""; while ($row_custData = mysql_fetch_assoc($result_custData)) { echo "{$row_custData['dbinfo']}"; } exit; //we're finished so exit.. } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>Graphic Edge Printing</title> <script language="javascript"> function ajaxFunction(ID, Param) { //link to the PHP file your getting the data from //var loaderphp = "quote.php"; //i have link to this file var loaderphp = "<?php echo $_SERVER['PHP_SELF'] ?>"; //we don't need to change anymore of this script var xmlHttp; try { // Firefox, Opera 8.0+, Safari xmlHttp=new XMLHttpRequest(); }catch(e){ // Internet Explorer try { xmlHttp=new ActiveXObject("Msxml2.XMLHTTP"); }catch(e){ try { xmlHttp=new ActiveXObject("Microsoft.XMLHTTP"); }catch(e){ alert("Your browser does not support AJAX!"); return false; } } } xmlHttp.onreadystatechange=function() { if(xmlHttp.readyState==4) { //THIS SET THE DAT FROM THE PHP TO THE HTML document.getElementById(ID).innerHTML = xmlHttp.responseText; } } xmlHttp.open("GET", loaderphp+"?ID="+ID+"&ajax="+Param,true); xmlHttp.send(null); } </script> <?php include('style_rules.php'); ?> </head> <body> <div id="wrapper"> <div id="titlebar"><img src="images/header.jpg" alt="Graphic Edge Printing" /></div> <div id="maincontent"> <div id="nav"> <?php include('navbar.php'); ?> </div> <h1>New Quote</h1> <form action="<?php echo $editFormAction; ?>" method="POST" name="insertQuote" id="insertQuote" target="_self"> <p><table width="650"> <tr> <td width="200" height="25"><div align="right"> <h2>Sales Rep: </h2> </div></td> <td><select name="sales_id" id="sales_id"> <?php do { ?> <option value="<?php echo $row_listSales['sales_id']?>"><?php echo $row_listSales['salesRep']?></option> <?php } while ($row_listSales = mysql_fetch_assoc($listSales)); $rows = mysql_num_rows($listSales); if($rows > 0) { mysql_data_seek($listSales, 0); $row_listSales = mysql_fetch_assoc($listSales); } ?> </select> </td> </tr> <tr> <td width="200" height="25"><div align="right"> <h2>Customer:</h2> </div></td> <td><select name="cust_id" id="cust_id" onchange="ajaxFunction('quote_to', this.value);"> <?php do { ?> <option value="<?php echo $row_listCustomer['cust_id']?>"><?php echo $row_listCustomer['name']?></option> <?php } while ($row_listCustomer = mysql_fetch_assoc($listCustomer)); $rows = mysql_num_rows($listCustomer); if($rows > 0) { mysql_data_seek($listCustomer, 0); $row_listCustomer = mysql_fetch_assoc($listCustomer); } ?> </select> </td> </tr> <tr> <td width="200" height="25"><div align="right"> <h2>Quoted to:</h2> </div></td> <td> <div id="quote_to"></div> <input name="quote_to-old" type="text" class="widebox" id="quote_to-old" maxlength="50" /></td> </tr> <tr> <td width="200" height="25"><div align="right"> <h2>Email to:</h2> </div></td> <td><input name="email_to" type="text" class="widebox" id="email_to" /></td> </tr> <tr> <td width="200" height="25"><div align="right"> <h2>Title:</h2> </div></td> <td><input name="title" type="text" class="widebox" id="title" maxlength="255" /></td> </tr> <tr> <td width="200" height="25" valign="top"><div align="right"> <h2>Quote:</h2> </div></td> <td><textarea name="quote" id="quote" cols="54" rows="25"></textarea></td> </tr> <tr> <td width="200" height="25"><div align="right"></div></td> <td><input type="submit" name="Submit" value="Submit Quote" /></td> </tr> </table> <input name="created" type="hidden" id="created" value="NOW()" /> <input type="hidden" name="MM_insert" value="insertQuote"> </form> </div> <div id="footer"><?php include('copyright.php'); ?></div> </div> </body> </html> <?php mysql_free_result($listSales); mysql_free_result($listCustomer); ?>

yep you missed the 2nd email line for ($i=1; $i<=$count; $i++){ if (!$ref_exists[$i]){ $query = "insert into refs ("; $query .= "id, num, name, position, "; $query .= "street, city, state, zip, phone, email) "; $query .= "values ($id, "; $query .= $i . ", "; $query .= "'" . $name[$i] . "', "; $query .= "'" . $position[$i] . "', "; $query .= "'" . $street[$i] . "', "; $query .= "'" . $city[$i] . "', "; $query .= "'" . $state[$i] . "', "; $query .= "zip = " . $zip[$i] . ", "; $query .= "phone = " . $phone[$i] . " "; $query .= "'" . $email[$i] . "' ";// <-------------you got this one $query .= " where id=$id "; } else{ $query = "update refs set "; $query .= "name = '" . $name[$i] . "', "; $query .= "position = '" . $position[$i] . "', "; $query .= "street = '" . $street[$i] . "', "; $query .= "city = '" . $city[$i] . "', "; $query .= "state = '" . $state[$i] . "', "; $query .= "zip = " . $zip[$i] . ", "; $query .= "phone = " . $phone[$i] . " "; $query .= "email = '" . $email[$i] . "' "; // <-------------you missed this one $query .= " where id=$id "; $query .= "and num=$i"; } echo "<br>query: ".$query; //execute query $conn->query($query); }

really depends on what your doing on your site.. Their is no one quick fix/magic bullet when it comes to security! if your question is will this stop SQL injection from POST, GET, or COOKIEs then yes it will stop most probably all injections entered via POST, GET, or COOKIEs..