MadTechie

basically your open to SQL injection (major secuirty risk) in other words your handing control of your database to anyone who goes to that page!

$n++ goes up by 1 so.. $n=$n+50 goes up by 50 EDIT: typo

try print_r($_GET); check the following are being set tbl_name comentario id as a note this is a VERY bad move!!! extract($_GET); $sql="UPDATE $tbl_name SET comentario='$comentario' WHERE id='$id'";

welcome remember it only check if its a valid email "format", someone can always put bill.gates@dumba__e.com

your missing the end of the file, either a } or hasn't finished uploading

change $addstrength = "UPDATE userregistration SET Strength=$NewStrength WHERE UserID='{$_SESSION['Current_User']}'"; to $addstrength = "UPDATE userregistration SET Strength='$NewStrength' WHERE UserID='{$_SESSION['Current_User']}'";

MySQL database, Fields IP, TimeStamp when form sent, log the IP and timestamp, just check with that before processing the form!

your using <img tags.. so it would be an image!! or am i missing something ?

if($_SERVER['REQUEST_METHOD'] == "POST"){//<-- ?? require_once ('connect.php'); require_once ('opendb.php'); $groupid_sent = $_GET['actname']; //<-- ?? so you using POST or GET ?

can't find file/ file steaming etc, check the files are uploaded, also check the path to the files. ie to link to a file back one dir, try this require_once dirname(__FILE__)."/../config.php";

the reason i say that line is because of the exit.. theirs no other reason i can see that would stop the form loading up.. also if you don't have a function called SessionStart(); then you probably mean session_start(); and GetSessionVar("username") would probably be $_SESSION['username']

this will check if is a valid syntax, but your need to email them to see if the email is their valid email, or check the domain to see if its a valid domain.. <?php if ( !preg_match('/^\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b$/i', $email_address) ) { $msg[] = $error12; } ?> EDIT: 'freak@hotmail.com' = valid (without quotes) 'freak@hotmail.com ' = invalid (without quotes) (note the space at the end '' = invalid

if your using an array you could use sort($array)

yes, as on the example i used some code to Emulate a database //Emulate the database $DB[1][] = "NewItem1 - 1"; $DB[1][] = "NewItem1 - 2"; $DB[2][] = "NewItem2 - 1"; $DB[2][] = "NewItem2 - 2";

this should work ok <?php if( isset($_POST['submit']) ) //added { $Username = $_POST['Username']; $Password = $_POST['txtPassword']; if( ( !$Username ) or ( !$Password ) ) { header( "Location:register.php" ); exit(); } // creates a new Common-Object-Model (COM) connection object $adoCon = new COM("ADODB.Connection"); $thisfolder = dirname(__FILE__); // opens the connection using a standard Access connection string $adoCon->Open( "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=$thisfolder/scheduler.mdb"); //Create sql query $SQL="SELECT tblPassword FROM Login WHERE Username = '$Username'"; // execute query try { $rs = $adoCon->Execute($SQL); } catch(Exception $e) { die( "Could not execute query" ); } //if there isa match the log-in is authenticated if(!$rs->EOF ) { if($Password == $rs->Fields('tblPassword')->Value) { $msg = "Welcome $Username."; //set cookie setcookie('login',$Username,Time()+5*60); } else { header( "Location:Loginpage.php" ); exit(); } } else { header( "Location:Loginpage.php" ); exit(); } } } ?> <?php //put their where you like echo $msg; ?> <form action="scheduler.php" method="post" name="form1"> <p align="center"><em><strong></strong></em></p> <p align="center" class="style12 style1"><u>Login Details</u><br><br></p> <p align="center"><strong>Username: <input name="Username" type="text" id="Username" size="16" maxlength="16"> <br> Password: <input name="txtPassword" type="password" id="txtPassword" size="16" maxlength="16"> </strong></p> <div align="center"><strong> <input name="btnLogin" type="submit" class="style9" value="Log In"> </strong></div> </form> <form action="register.php" method="post" name="form2" class="style9"> <div align="center"> <input name="btnRegister" type="submit" class="style9" value="Register"> </div> </form> <p class="style9"> </p></td> </tr> </table> <p> </p> <p> </p> <p> </p> <p> </p> </TR> </table> </body> </html>

while($row = mysql_fetch_array($result, MYSQL_ASSOC)){ $groupid_sent= $row['account_name'] ; $account_name= $row['company_name'] ; $zip_id = $row['search_id'] ; //missing values //add the other fields }}?>

another example <?php $code[] = ""; $img[]="<img src='frown.gif'>"; $code[] = ""; $img[]="<img src='happy.gif'>"; $code[] = ""; $img[]="<img src='poke.gif'>"; $s = "this is some text with a smilie face "; $s = str_replace($code, $img, $s); echo $s; ?>

OK example <select name="list1" onchange="ajaxFunction('LBox2', this.value);"> <option value='1'>Red</option> <option value='5'>Green</option> <option value='10'>Blue</option> </select> Now when the Item from list1 is selected the value LBox2 and the selected value is passed to the a PHP script, in the example it passes to itself, now that part echos some data back, NOW whatever is echoed is printed in the object with the ID LBox2.. which in the example is <select name="list2" id="LBox2"> <!-- OK the ID of this list box is LBox2 as refered to above --> </select> so "<!-- OK the ID of this list box is LBox2 as refered to above -->" is replaced make sense ?

the problem is Header() and setcookie() MUST be used before ANYTHING is outputted to the screen..

this may help http://www.phpfreaks.com/forums/index.php/topic,155984.0.html

Thats a perfect point.. EDIT: i'll admit i have created a System and used 2 extra tables for "extended info" and of different types but it makes management much harder, having to use JOINs to view the correct data and updates are a nightmare at times..

just an idea try adding this at the start error_reporting(E_ALL);

works great with implode(",", $array);

First a question: Why do you have 2 tables! why not 1 table with a field for accesslevel (1-5) 1=admin 5=guess sort of thing ? if not try this <?php $Level = 0; $ID = (int)$_POST['id']; //i assume Cid & staffID are INT's (if their string change to ='$ID'" $query = mysql_query("SELECT * FROM member WHERE Cid = $ID")or die(mysql_error()); $row = mysql_num_rows($query); $C = mysql_num_rows($query); if($C >0) { $Level = 1; } $query = mysql_query("SELECT * FROM member WHERE staffID = $ID")or die(mysql_error()); $row = mysql_num_rows($query); $C = mysql_num_rows($query); if($C >0) { $Level = 2; } switch($Level) { default: case 0: echo "No Access"; break; case 1: echo "Member"; break; case 2: echo "Staff"; break; } ?>

the example i gave you can leave as is, pocobueno1388 : won't post the form on submit, but has "mysql_real_escape_string($_POST['city1']);" which i should of added to mine (D'oh)