MadTechie

Could be a few things... have you tried a direct download. (no proxy) what about sessions timeing out .. (or cookies) i wrote a scirpt that downloaded about 50 x 100-400Mb files without any real problems but that was direct

No.. thats infomation isn't passed and if it was it could be spoofed you could try a something like pinging his IP (not really a PHP function) ie shell 'ping $ip && arp -a | grep $ip' but still pointless

Okay windows server can not used chown etc.. are you using IIS or apache? as you could create a .htaccess file to protect the folder.. if your not then your best options is probably to have the folders outside the public domain IE c:/htdoc/public_html/ <--HTML stuff (website root) c:/htdoc/private/John <--Johns folder Now as those files are not publically accessible your need to create a script to list & get the files the good thing about this is you can check the logged in users details and check to see if thats their folder very quick example <?php $username = "John"; $dir = "c:/htdoc/private/$username"; // Open a known directory, and proceed to read its contents if (is_dir($dir)) { if ($dh = opendir($dir)) { while (($file = readdir($dh)) !== false) { echo "filename: $file : filetype: " . filetype($dir . $file) . "\n"; } closedir($dh); } } ?> Hope that helps

true but @samoht your need a zipcode database google it and read the doc

Owww i don't know that was a requirement... Note to self.. listen to thorpe more

if short tag (<? ) are not enable the code won't work and with long tags (<?php ) you need the echo.. but thats not the problem you had you had $SERVER_['PHP_SELF']; the correct syntax is $_SERVER['PHP_SELF']; note the underscore position .. in anycase.. can you change this line $email = clean($POST['email']); to $email = clean($_POST['email']); thats should fix it

$_SERVER['PHP_SELF'] has alot of uses but personally i never rarely use them on a form. EDIT: oh by the way you don't need to have action if you pointing to yourself

Here an example <?php $XMLFILE = "<NPCDef-array> <NPCDef> <name>Unicorn</name> <description>It's a unicorn</description> <command></command> <attack>21</attack> <strength>23</strength> <hits>19</hits> <defense>23</defense> <attackable>true</attackable> <aggressive>false</aggressive> <respawnTime>30</respawnTime> <sprites> <int>130</int> <int>-1</int> <int>-1</int> <int>-1</int> <int>-1</int> <int>-1</int> <int>-1</int> <int>-1</int> <int>-1</int> <int>-1</int> <int>-1</int> <int>-1</int> </sprites> <hairColour>0</hairColour> <topColour>0</topColour> <bottomColour>0</bottomColour> <skinColour>0</skinColour> <camera1>201</camera1> <camera2>230</camera2> <walkModel>6</walkModel> <combatModel>6</combatModel> <combatSprite>7</combatSprite> <drops> <ItemDropDef> <id>20</id> <amount>1</amount> <weight>0</weight> </ItemDropDef> <ItemDropDef> <id>466</id> <amount>1</amount> <weight>0</weight> </ItemDropDef> </drops> </NPCDef> </NPCDef-array> "; ?> <?php $xml = new SimpleXMLElement($XMLFILE); echo 'Examples<br><a href="?attr=name">name</a><br><a href="?attr=description">description</a><br><a href="?attr=hits">hits</a><br>'; echo 'Drops<br><a href="?drops=1">1</a><br><a href="?drops=2">2</a><br>'; echo "I got this<br><b>"; if(!empty($_GET['attr'])) echo $xml->{'NPCDef'}->{$_GET['attr']}; if(!empty($_GET['drops'])) { $i = (int)$_GET['drops']-1; echo "ID: ".$xml->{'NPCDef'}->{'drops'}->ItemDropDef[$i]->{'id'}."<br>"; echo "amount: ".$xml->{'NPCDef'}->{'drops'}->ItemDropDef[$i]->{'amount'}."<br>"; echo "weight: ".$xml->{'NPCDef'}->{'drops'}->ItemDropDef[$i]->{'weight'}."<br>"; } echo "</b>"; ?>

try this <a name="theform"></a> <form action="#theform" method="POST"> ..blar...

mattjones, Mad Mick's code look sound.. can you post your code incase you missed something

Your very Welcome..

Okay well i don't like your the class but i think i have a fix i noted this in the source <object width=\"425\" height=\"344\"> the \" are wrong thats normally fixed by the if(get_magic_quotes_gpc()) part of my code but i guess the class it using addslashes.. Sooooo try this (stripslahses) <?php //Read Back while (!$rsBlog->EOF) { $sBlogTitle = $rsBlog->Fields("sBlogTitle")->value; $sBlog= $rsBlog->Fields("sBlog")->value; $sDate = $rsBlog->Fields("sDate")->value; //Stop HTML INJECTION $sBlogTitle = htmlspecialchars(stripslashes($sBlogTitle)); //Updated $sBlog = stripslashes($sBlog); //Added #$sBlog = htmlspecialchars($sBlog); //allow for this one for now! print "<br/><h4>$sBlogTitle</h4>"; print "<p><b>Date Uploaded:</b> $sDate</p>"; print "<p>$sBlog</p>"; print "<div id='line'></div>"; $rsBlog->MoveNext(); } ?>

Hummm... Well if my PHP you mean returning all records from a database then looping until you find it or reading from a text file then i would say MySQL.. PHP works well with MySQL its designed for holding data and allowing searched also on the server its better to divide the tasks to again MySQL.. thats if i understand your question

something like this $query = "SELECT * from Docs WHERE zip = '$zip'"; $result = mysql_query($query); if(mysql_num_rows($result) == 0) // no exact found// try like { $query = "SELECT * from Docs WHERE LIKE = '%$zip%'"; $result = mysql_query($query); if(mysql_num_rows($result) == 0) { die('No docs Ahhhhh!'); // none found } } while (($rows = mysql_fetch_assoc($result))) { //..... }

Okay is the page live? (that i can see it, PM if needed) if not can you view source and post the part that should be the image link if it appears as &lt;img src= then the class it sanitizing it woudl help if i could see even a saved html would help

Try this code <?php echo (get_magic_quotes_gpc())?"thorpe is correct Magic Quotes are ON":"Someone789 hasn't given use the correct script because Magic Quotes are OFF"; ?>

I noted your NOT encoding it as HTML (its been commented out, see below), thus theirs no need to decode it.. //$blog = htmlspecialchars($_POST['Blog'], ENT_QUOTES); $blog = ($_POST['Blog']); Try something like this <?php //$blogtitle = htmlspecialchars($_POST['BlogTitle'], ENT_QUOTES); //$blog = htmlspecialchars($_POST['Blog'], ENT_QUOTES); if(get_magic_quotes_gpc()) { $blogtitle = stripslashes($_POST['BlogTitle']); $blog = stripslashes($_POST['Blog']); } else { $blogtitle = $_POST['BlogTitle']; $blog = $_POST['Blog']; } $sdate = date("Y-m-d"); $errorhandler = False; if ($blogtitle == '') { print "<h6>Please enter a blog title</h6><br/>"; $errorhandler = True; } if ($blog == '') { print "<h6>Your blog cannot be blank</h6><br/>"; $errorhandler = True; } if ($errorhandler == False) { //STOP SQL INJECTION $sSQLINS= sprintf("INSERT into tblBlog (sUsername, sBlogTitle, sBlog, sDate) VALUES ('%s','%s','%s','%s');", mysql_real_escape_string($uname), mysql_real_escape_string($blogtitle), mysql_real_escape_string($blog), mysql_real_escape_string($sdate) ); } //Read Back while (!$rsBlog->EOF) { $sBlogTitle = $rsBlog->Fields("sBlogTitle")->value; $sBlog= $rsBlog->Fields("sBlog")->value; $sDate = $rsBlog->Fields("sDate")->value; //Stop HTML INJECTION $sBlogTitle = htmlspecialchars($sBlogTitle); #$sBlog = htmlspecialchars($sBlog); //allow for this one for now! print "<br/><h4>$sBlogTitle</h4>"; print "<p><b>Date Uploaded:</b> $sDate</p>"; print "<p>$sBlog</p>"; print "<div id='line'></div>"; $rsBlog->MoveNext(); } ?> EDIT: Oh yeah.. are you sure the class your using for DB access ($rsBlog) isn't sanitizing it?

You could dynamically create a animated gif/png but i wouldn't advise it.. it would be a cpu/memory hog.. why can't you just add the html under the <img src=myscript.jpg>? adding some static text ONTO the image wouldn't be hard

We kinda need to know what the problem is.. knowing you "tried html_entity_decode() with no success." doesn't really help a great deal.. some code would also be handy

On the titles your need a link ie <a href="?Sort=Name">Name</a> <a href="?Sort=City">City</a> then on the SQL statment your need yo have ORDER BY $_GET['Sort'] ie $query = "SELECT * FROM table ORDER BY ".$_GET['Sort'];

Like this private where = array(); public function where($mywhere) { $this->where[] = $mywhere; }

Ceased to work. doesn't really help us much..try Checking the php versions Create the file below, and open it on both servers to check phpinfo(); also in the database (viewing source not html parsed) does it show the data as <br> or &lt;br&rt;

You probably have magic quotes ON, turn them off in the php.ini file or use stripslashes() ie $adid = stripslashes($_GET["adid"]); $sql = "select * from tblproddetails where intProductID=$adid"; EDIT: infact if its an INT use this $adid = (int)$_GET["adid"]; $sql = "select * from tblproddetails where intProductID=$adid"; but for strings your need to stripslashes even before using mysql_real_escape_string

Do you mean something like this <?php $html = 'this is some stuff <a href="http://www.mydomain.com/dir/thefile.pdf">Read More</a> for update dating the <a href="http://youdomain.com/another.pdf">Other Stuff</a>html'; $html = preg_replace('%<a href=(["\'])(.*?\.pdf)\1>(.*)</a>%sim', "<div class=\"pdf\">\r\n<a href=\"the link in here\" target=\"_blank\" title=\"link text in here\"><img class=\"left\" src=\"images/pdf_download.png\" alt=\"Download PDF\" width=\"64\" height=\"74\" /></a>\r\n<span class=\"title\">title in here</span>\r\n<span class=\"info\">download pdf</span>\r\n<a href=\"\2\" target=\"_blank\" title=\"\3\" class=\"link\">DOWNLOAD</a>\r\n</div><div class=\"pdf-bot2\"></div>", $html ); echo $html; ?>