MadTechie

Untested but try this <?php $q = "select * from research_field order by id asc"; $query = mysql_query($q); echo "<table border='0' width='100%' id='table3'><tr>"; $rows = 2; $row=1; while ($row = mysql_fetch_array($query)) { $opstr ="<td><input type='checkbox' name='state[]' value='{$row['id']}'>{$row['field']}</td>"; if($row==$rows) { $row=0; echo "</tr><tr>$opstr"; }else{ $row++; echo $opstr; } } echo "</tr></table>"; ?>

This site is for helping everyone if i download the code and fix it it only really helps you.. so posting the code you have problems with helps anyone with the same sort of problem.. also i don't understand the problem, can't hold is that displaying or storing ??? also i don't fancy downloding a full project to search a ton of code for a glitch..

you need to check type <?php $uploadedfile = $_FILES['uploadfile']['tmp_name']; $uploadedfiletype = $_FILES['uploadfile']['type'];//ADD //updated below to check type not name if (!($uploadedfiletype =="image/pjpeg" OR $uploadedfiletype =="image/jpeg" OR $uploadedfiletype =="image/jpg")) { echo "Your uploaded file must be of JPG or GIF. Other file types are not allowed<BR>"; } ?>

try here this shows how to add a blob (that hold the file IN the database) not just the file name hope it helps PS i only skimmed the site but it look okay

your script is taking too long to complete you could try using set_time_limit ( int $seconds ) ie set_time_limit(0);

title = "".htmlentities(stripslashes($_POST['title']))."", should be title = '".htmlentities(stripslashes($_POST['title']))."', or title = \"".htmlentities(stripslashes($_POST['title']))."\",

you could try include $_SERVER['DOCUMENT_ROOT']."/file.php";

insert into booking values(NULL,'erter','tert','34534','2008-12-12','2008-12-12',1,'345','43543534','5435','43534',1) see here

Wow lots of info to work on.. check the users are entering the date in the correct format.. or are you getting an error or sql injection problems or so you require some validation or are you just showing us what you have done for the sake of it? What is the current form input like ?

try this *untested* <?php $ext = substr($filename, strpos($filename,'.'), strlen($filename)-1); $invalid = array('.htm','.html','.php','.js','.jse' ,'.exe','.bat','.asp'); if(in_array($ext, $invalid)) { echo("Sorry, the following file extensions aren't allowed:<br><br> <b> .html<br> .htm<br> .php<br> .js<br> .jse<br> .exe<br> .bat<br> .asp</b><br><br> You could try renaming the extension; eg. from .php to .phps; OR you could compress the files with software such as WinZIP or WinRAR."); }

Worth noting.. if on the form you use a name with square brackets it will work as an array ie <input type="test" name="test[]"> <?php echo "found ".count($_POST['test']); print_r($_POST['test']) ?>

Assuming this is on a loading page.... you could do this <?php $x =CartSession::subtotal_cost(); if($x < 50) { //JS or CSS or HTML message echo '<script type="text/javascript">'; echo 'alert("Spend more money");'; echo '</script>'; } ?>

Not if basename() is used, and i agree, but thats why filtering is needed.. While i agree that renaming can be a idea for security.. their are many options, but you must always keep in mind,. how is the system going to deal with these uploads ?? Snooble: First thing You say the file is being displayed as I assume this is the actual filename and not the filename stored in a database.. if this is true then your need to update the code a little, try this <?php //check that we have a file if((!empty($_FILES["uploaded_file"])) && ($_FILES['uploaded_file']['error'] == 0)) { //Check if the file is JPEG image and it's size is less than 350Kb $name =(get_magic_quotes_gpc())?stripslashes($_FILES['uploaded_file']['name']):$_FILES['uploaded_file']['name']; $filename = basename($name); #$filename = str_replace("'","",$filename); $ext = strtolower(substr($filename, strrpos($filename, '.') + 1)); if (($ext == "mp3") && ($_FILES["uploaded_file"]["type"] == "audio/mpeg") && ($_FILES["uploaded_file"]["size"] < 104857600)) { //Determine the path to which we want to save this file $newname = dirname(__FILE__).'/uploads/'.$filename; //Check if the file with the same name is already exists on the server if (!file_exists($newname)) { //Attempt to move the uploaded file to it's new place if ((move_uploaded_file($_FILES['uploaded_file']['tmp_name'],$newname))) { echo "It's done! The file has been saved as: ".$newname; } else { echo "Error: A problem occurred during file upload!"; } } else { echo "Error: File ".$filename." already exists".$_FILES['uploaded_file']['name'].""; } } else { echo "Error: Only .mp3 songs under 100MB are accepted for upload"; } } else { echo "Error: No file uploaded"; } ?>

its not a heap faster but on some servers you also get "glob() has been disabled for security reasons " also it someomes give incorrect file sizes (only a few bytes out) all that and it being a little slower makes me use opendir instead..

opendir is faster than glob() <?php echo "Current files in your extras' directory: <br /><br />"; if ($handle = opendir("$username_saved/extras")) { while (false !== ($file = readdir($handle))) { if ($file != "." && $file != "..") { echo "$file <a href=deletefile.php?file=$file>DELETE</a><br />"; //updated } } closedir($handle); } ?> <?php session_start(); $username_saved = $_SESSION['username_saved']; $file= basename($_GET['file']);//added unlink("$username_saved/extras/$file"); ?>

patten [^\\/.,"'&%<>@] example $data = preg_replace('#[^\\\\/.,"\'&%<>@]#i', '', $data);

Humm.. is this a php file (end with .php) also echo "<form action = 'processform.php' method = 'POST'> <select name = '$manu_name'>\n"; should probably be echo "<form action = 'processform.php' method = 'POST'> <select name = 'manu_name'>\n";

Heres a basic jpeg resize script.. you should be able to tweak this to suite your needs <?php // File and new size $filename = 'test.jpg'; $percent = 0.5; // Get new sizes list($width, $height) = getimagesize($filename); $newwidth = $width * $percent; $newheight = $height * $percent; // Load $thumb = imagecreatetruecolor($newwidth, $newheight); $source = imagecreatefromjpeg($filename); // Resize imagecopyresized($thumb, $source, 0, 0, 0, 0, $newwidth, $newheight, $width, $height); // Output imagejpeg($thumb, $filename); ?>

You could save the excel file as a CSV then import it.. as for your search request that can be done providing you have the fields in your SELECT statment ie $query = "SELECT * FROM table WHERE firstname='JOE' "; $result = mysql_query($query); $row = mysql_fetch_assoc($result); echo "name:".$row['Firstname']."-".$row['Lastname']." - Age".$row['Age'];

premiso: would you like to explain these "major issues and is a security flaw" Snooble: please read my last post

Heres an example with error messages to make it more use friendsly <?php $Username = "test"; //Must have atleast 1 number $Username = "1test"; //Must Start with a letter $Username = "test1"; //Username: test1 is Okay $Username = "tes"; //Must Start with a letter //Must have atleast 1 number //Must have twice as many letters to numbers $Username = "te12"; //Must have twice as many letters to numbers $Username = "te12fghdsgfhsdgfsd gfhdsgfhdsgfhsdgfhgdsfjgsdfhsdfgsdhj"; //Must have twice as many letters to numbers $Username = "test 12"; //Must NOT contain special chars //Must have twice as many letters to numbers $error = array(); $letters = strlen(preg_replace('/\d/i', '', $Username)); $numbers = strlen(preg_replace('/[a-z]/i', '', $Username)); $total = $numbers+$letters; if ($Username != preg_replace('/[^\da-z]/i', '', $Username)) { $error[] = "Must NOT contain special chars"; } if (!preg_match('/^[a-z]\w{3}/i', $Username)) { $error[] = "Must Start with a letter"; } if($numbers > 4) { $error[] = "Must have less than 4 numbers"; } if( $numbers < 1) { $error[] = "Must have atleast 1 number"; } if( ($numbers*2) > $letters) { $error[] = "Must have twice as many letters to numbers"; } if( $total > 15 || $total < 4) { $error[] = "Must have twice as many letters to numbers"; } if(count($error)>0) { echo implode($error, "<br>"); }else{ echo "Username: $Username is Okay"; } ?> Hope this helps

Where is the filename being stored? as the upload routine you have is fine.. can you post the part that stores the data.. as for filtering you should check the file type..

Heres a basic example that may help <img src="counter.php?c=10" height="50" width="450" border='0' /> <?php header("Content-type: image/png"); $Count = (int)$_GET['c']; $im = imagecreatefrompng("images/hitcounter2.png"); $tc = imagecolorallocate($im, 0, 0, 0); imagestring($im, 1, 5, 5, $Count, $tc); imagepng($im); imagedestroy($im); exit(); ?>

is the field also hashed ? if not try $query = "SELECT * FROM survey JOIN completed_surveys ON survey.id!=completed_surveys.survey_id WHERE md5(member_id)={$_SESSION['userid']}";

Just a note but don't forget to close the anchor tag or excape quote for the link echo "<td><a href=\"".$row["compfile"]."\">Text Here</a></td></tr>"; for an image just replace the text with an image tag ie echo "<td><a href=\"".$row["compfile"]."\"><img src=\"myimage.jpg\"></a></td></tr>";