MadTechie

That line doesn't exists in REG.PHP (which is what I have been referring to) EDIT: however if you have added that line to REG.PHP then it should be fine

You just escape the variable ie $check = "SELECT * FROM users WHERE username='".mysql_real_escape_string($username)."' ";

#picture(.*)# should be #picture,(.*?)# or better still #picture,(\d+,\d+)# but if you want to match all of these #picture,100# #picture,100,100# #picture,100,100,100# #picture,100,100,100,100# etc etc etc then this would be better #picture,(\d+(?:,\d+)*)#

Oh my bad.. their shouldn't be a ; in my last post The line that was $message_output .= str_replace ( "_", " ", ucfirst ( $key ) ) . ": " . build_message ( $value ) . PHP_EOL . PHP_EOL; should now be $message_output .= str_pad(str_replace ( "_", " ", ucfirst ( $key ) ). ": ", 12,"."). build_message ( $value ) . PHP_EOL . PHP_EOL;

Try changing str_replace ( "_", " ", ucfirst ( $key ) ). ": " to str_pad(str_replace ( "_", " ", ucfirst ( $key ) ). ": ", 12,"."); you may need to increase or decrease the number 12

I would be willing, if you used code tags (#) (pleased edit your posts) a quick look of your 2nd to last post i had a Coughing fit @ $check = mysql_query("SELECT * FROM users WHERE username='$username'"); please read

Yeah the Download Assessment thing is a pain Create a text file called com.apple.DownloadAssessment.plist under Library/Preferences in your home directory, with the following content: <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>LSRiskCategoryNeutral</key> <dict> <key>LSRiskCategoryContentTypes</key> <array> <string>public.item</string> </array> </dict> </dict> </plist> Then log out and back in. for a more selective approach, you can work from Content Types or Extensions IE <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>LSRiskCategorySafe</key> <dict> <key>LSRiskCategoryContentTypes</key> <array> <string>public.html</string> <string>public.xml</string> <string>public.php-script</string> <string>com.microsoft.windows-media-wmv</string> </array> <key>LSRiskCategoryExtensions</key> <array> <string>xhtml</string> </array> </dict> </dict> </plist>

Humm.. Why has no one has made a comment about this line <form action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post"> yet! open your page ie form.php but open it like this form.php/"><script>alert('xss attack')</script> or for fun try form.php/"><script>window.location='http://www.phpfreaks.com/forums/index.php/topic%2C274636.0.html';</script> Change it to <form action="#" method="post">

Its an another domain name for cvscreen.co.uk hardly a new site! Seams more like a site promotion to me!

Now.. you could start creating html tables etc, but you could just add some padding currently your getting something like and i assume you want something like this the problem is the data is supplied from an array so you can't move them individually, So first we need to find the part that outputs the title and values.. That's this part $message_output .= str_replace ( "_", " ", ucfirst ( $key ) ) . ": " . build_message ( $value ) . PHP_EOL . PHP_EOL; And this part of it is the title str_replace ( "_", " ", ucfirst ( $key ) ). ": " Now we need to add the padding, if we just change ": " to ": " all will be affected, so we need to find out what the longest title is and pad the others to fit inside that luckily PHP has str_pad, Now "Site Hours" is 10 characters long + 2 (the ": ") So we could do something like str_pad($input, 12,"."); That's should give you all the info you need to resolves this problem

What's the proof ? An image doesn't prove anything!

shtarkel, please create a new thread and read the conditions

To change the formatting your need to update the build_message function, to suite

I heard it was 76.299%.... I took into account nadeemshafi9 stats, so adjusted the figures to suite

Where is the test to find out what % you are in regex? I wonder what my overall PHP coding skill % is at... I think his working it out via some statistics, It's a Fact that 76.298% of statistics are made up on the spot,

you posted to script.php and that is basically a blank page, that echo's the post'ed data, so at best your get a blank page with some text, as script.php has no div's or anything else.

Ahh that makes more sense, I thought you meant if(strpos() === false){...} or if(strpos() !== false){...} of course the above is just silly so assumed, it was a typo.

true Huh! Assume that's a typo AlexWD !

Okay, your form is posting its data to script.php, But script.php is also being called in index.php.. Now as you want the post to appear on the same page, theirs no need for script.php here an example <html> <link href="oefening.css" rel="stylesheet" type="text/css"> <body> <div id="wrapper"> <div id="links"> <form action="" method="post"> Name: <input type="text" name="name"/> <input type="submit"/> </form> </div> <div id="rechts"> <?php echo $_POST['name']; ?> </div> </div> </body> </html> Note the post action is "" this mean post to self, now to expand on this, change <?php echo $_POST['name']; ?> to <?php if(isset($_POST['name'])) echo $_POST['name']; ?> as your get a notice saying $_POST['name'] was not set on the page prior to submitting

As mrMarcus pointed out you can add security, but this is only needed if you use the value directly, ie include $_GET['page'].'.php'; which is insecure, a secure use would be <?php $safe_urls = array ('home', 'contact', 'blog'); //add more as needed / for security; if (in_array ($_GET['page'], $safe_urls)){ include $_GET['page'].'.php'; }else{ include 'index.php'; //default page } ?>

Your welcome

a simple example would be test.php?page=cpanel or test.php?page=profile switch($_GET['page']) { case "cpanel": include('cpanel.php'); break; case "profile": include('profile.php'); break; }

try this (single file) <?php error_reporting ( E_ALL ^ E_NOTICE ); if(isset($_POST['Send'])) { /* Thank you for choosing FormToEmail by FormToEmail.com Version 2.5 April 16th 2009 COPYRIGHT FormToEmail.com 2003 - 2009 You are not permitted to sell this script, but you can use it, copy it or distribute it, providing that you do not delete this copyright notice, and you do not remove any reference or links to FormToEmail.com For support, please visit: http://formtoemail.com/support/ You can get the Pro version of this script here: http://formtoemail.com/formtoemail_pro_version.php --------------------------------------------------------------------------------------------------- FormToEmail-Pro (Pro version) Features: Check for required fields Attach file uploads Upload files to the server Securimage CAPTCHA support reCAPTCHA support identiPIC photo CAPTCHA HTML output option Use email templates Show date and time submitted Create Message ID CSV output to attachment or file Autoresponder (with file attachment) Show sender's IP address Block IP addresses Block web addresses or rude words Block gibberish (MldMtrPAgZq etc) Block gobbledegook characters (Å ð ç etc) Pre-populate the form Show errors on the form page Check for a set cookie Set encoding (utf-8 etc) Ignore fields Sort fields Auto redirect to "Thank You" page HTML template for "Thank You" page No branding Free upgrades for life --------------------------------------------------------------------------------------------------- Confused by PHP and PERL scripts? Don't have PHP on your server? Can't send email from your server? Try our remotely hosted form service: http://FormToEmailRemote.com --------------------------------------------------------------------------------------------------- FormToEmail DESCRIPTION FormToEmail is a contact-form processing script written in PHP. It allows you to place a form on your website which your visitors can fill out and send to you. The contents of the form are sent to the email address (or addresses) which you specify below. The form allows your visitors to enter their name, email address and comments. The script will not allow a blank form to be sent. Your visitors (and nasty spambots!) cannot see your email address. The script cannot be hijacked by spammers. When the form is sent, your visitor will get a confirmation of this on the screen, and will be given a link to continue to your homepage, or other page if you specify it. Should you need the facility, you can add additional fields to your form, which this script will also process without making any additional changes to the script. You can also use it to process other forms. The script will handle the "POST" or "GET" methods. It will also handle multiple select inputs and multiple check box inputs. If using these, you must name the field as an array using square brackets, like so: <select name="fruit[]" multiple>. The same goes for check boxes if you are using more than one with the same name, like so: <input type="checkbox" name="fruit[]" value="apple">Apple<input type="checkbox" name="fruit[]" value="orange">Orange<input type="checkbox" name="fruit[]" value="banana">Banana ** PLEASE NOTE ** If you are using the script to process your own forms (or older FormToEmail forms) you must ensure that the email field is named correctly in your form, like this for example: <input type="text" name="email">. Note the lower case "email". If you don't do this, the visitor's email address will not be available to the script and the script won't be able to check the validity of the email, amongst other things. If you are using the form code below, you don't need to check for this. This is a PHP script. In order for it to run, you must have PHP (version 4.1.0 or later) on your webhosting account, and have the PHP mail() function enabled and working. If you are not sure about this, please ask your webhost about it. SETUP INSTRUCTIONS Step 1: Put the form on your webpage Step 2: Enter your email address and (optional) continue link below Step 3: Upload the files to your webspace Step 1: To put the form on your webpage, copy the code below as it is, and paste it into your webpage: <form action="FormToEmail.php" method="post"> <table border="0" style="background:#ececec" cellspacing="5"> <tr align="left"><td>Name</td><td><input type="text" size="30" name="name"></td></tr> <tr align="left"><td>Email address</td><td><input type="text" size="30" name="email"></td></tr> <tr align="left"><td valign="top">Comments</td><td><textarea name="comments" rows="6" cols="30"></textarea></td></tr> <tr align="left"><td> </td><td><input type="submit" value="Send"><font face="arial" size="1"> <a href="http://FormToEmail.com">Form Mail</a> by FormToEmail.com</font></td></tr> </table> </form> Step 2: Enter your email address. Enter the email address below to send the contents of the form to. You can enter more than one email address separated by commas, like so: $my_email = "info@example.com"; or $my_email = "bob@example.com,sales@example.co.uk,jane@example.com"; */ $my_email = "steven@outfitshopfitting.co.uk"; /* Optional. Enter a From: email address. Only do this if you know you need to. By default, the email you get from the script will show the visitor's email address as the From: address. In most cases this is desirable. On the majority of setups this won't be a problem but a minority of hosts insist that the From: address must be from a domain on the server. For example, if you have the domain example.com hosted on your server, then the From: email address must be something@example.com (See your host for confirmation). This means that your visitor's email address will not show as the From: address, and if you hit "Reply" to the email from the script, you will not be replying to your visitor. You can get around this by hard-coding a From: address into the script using the configuration option below. Enabling this option means that the visitor's email address goes into a Reply-To: header, which means you can hit "Reply" to respond to the visitor in the conventional way. (You can also use this option if your form does not collect an email address from the visitor, such as a survey, for example, and a From: address is required by your email server.) The default value is: $from_email = ""; Enter the desired email address between the quotes, like this example: $from_email = "contact@example.com"; In these cases, it is not uncommon for the From: ($from_email) address to be the same as the To: ($my_email) address, which on the face of it appears somewhat goofy, but that's what some hosts require. */ $from_email = "info@outfitshopfitting.co.uk"; /* Optional. Enter the continue link to offer the user after the form is sent. If you do not change this, your visitor will be given a continue link to your homepage. If you do change it, remove the "/" symbol below and replace with the name of the page to link to, eg: "mypage.htm" or "http://www.elsewhere.com/page.htm" */ $continue = "http://www.outfitshopfitting.co.uk"; /* Step 3: Save this file (FormToEmail.php) and upload it together with your webpage containing the form to your webspace. IMPORTANT - The file name is case sensitive! You must save it exactly as it is named above! THAT'S IT, FINISHED! You do not need to make any changes below this line. */ $errors = array (); // Remove $_COOKIE elements from $_REQUEST. if (count ( $_COOKIE )) { foreach ( array_keys ( $_COOKIE ) as $value ) { unset ( $_REQUEST [$value] ); } } // Validate email field. if (isset ( $_REQUEST ['email'] ) && ! empty ( $_REQUEST ['email'] )) { $_REQUEST ['email'] = trim ( $_REQUEST ['email'] ); if (substr_count ( $_REQUEST ['email'], "@" ) != 1 || stristr ( $_REQUEST ['email'], " " )) { $errors [] = "Email address is invalid"; } else { $exploded_email = explode ( "@", $_REQUEST ['email'] ); if (empty ( $exploded_email [0] ) || strlen ( $exploded_email [0] ) > 64 || empty ( $exploded_email [1] )) { $errors [] = "Email address is invalid"; } else { if (substr_count ( $exploded_email [1], "." ) == 0) { $errors [] = "Email address is invalid"; } else { $exploded_domain = explode ( ".", $exploded_email [1] ); if (in_array ( "", $exploded_domain )) { $errors [] = "Email address is invalid"; } else { foreach ( $exploded_domain as $value ) { if (strlen ( $value ) > 63 || ! preg_match ( '/^[a-z0-9-]+$/i', $value )) { $errors [] = "Email address is invalid"; break; } } } } } } } // Check referrer is from same site. if (! (isset ( $_SERVER ['HTTP_REFERER'] ) && ! empty ( $_SERVER ['HTTP_REFERER'] ) && stristr ( $_SERVER ['HTTP_REFERER'], $_SERVER ['HTTP_HOST'] ))) { $errors [] = "You must enable referrer logging to use the form"; } recursive_array_check_blank ( $_REQUEST ); if (! $set) { $errors [] = "You cannot send a blank form"; } unset ( $set ); // Display any errors and exit if errors exist. if (count ( $errors )) { foreach ( $errors as $value ) { print "$value<br>"; } exit (); } if (! defined ( "PHP_EOL" )) { define("PHP_EOL", strtoupper(substr(PHP_OS,0,3) == "WIN") ? "\r\n" : "\n"); } $message = build_message ( $_REQUEST ); $message = $message . PHP_EOL . PHP_EOL . "-- " . PHP_EOL . "Thank you for using FormToEmail from http://FormToEmail.com"; $message = stripslashes ( $message ); $subject = "FormToEmail Comments"; $subject = stripslashes ( $subject ); if ($from_email) { $headers = "From: " . $from_email; $headers .= PHP_EOL; $headers .=(!empty($_REQUEST ['email']))?"Reply-To: " . $_REQUEST ['email']:"Reply-To: " . $from_email; } else { $from_name = ""; if (isset ( $_REQUEST ['name'] ) && ! empty ( $_REQUEST ['name'] )) { $from_name = stripslashes ( $_REQUEST ['name'] ); } $headers = "From: {$from_name} <{$_REQUEST['email']}>"; } mail ( $my_email, $subject, $message, $headers ); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>Form To Email PHP script from FormToEmail.com</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#ffffff" text="#000000"> <div> <center><b>Thank you <?php if (isset ( $_REQUEST ['name'] )) { print stripslashes ( $_REQUEST ['name'] ); } ?></b> <br> Your timesheet has been sent to the office <p><a href="<?php print $continue; ?>">Click here to continue</a></p> <p><b>www.outfitshopfitting.co.uk : info@outfitshopfitting.co.uk</b></p> </center> </div> </body> </html> <?php exit; } // Build message. function build_message($request_input) { if (! isset ( $message_output )) { $message_output = ""; } if (! is_array ( $request_input )) { $message_output = $request_input; } else { foreach ( $request_input as $key => $value ) { if (! empty ( $value )) { if (! is_numeric ( $key )) { $message_output .= str_replace ( "_", " ", ucfirst ( $key ) ) . ": " . build_message ( $value ) . PHP_EOL . PHP_EOL; } else { $message_output .= build_message ( $value ) . ", "; } } } } return rtrim ( $message_output, ", " ); } // Check for a blank form. function recursive_array_check_blank($element_value) { global $set; if (! is_array ( $element_value )) { if (! empty ( $element_value )) { $set = 1; } } else { foreach ( $element_value as $value ) { if ($set) { break; } recursive_array_check_blank ( $value ); } } } ?> <body> <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="1095" id="AutoNumber1"> <tr> <td width="26%"> <p><font face="Arial Black" size="5">Monthly Timesheet</font></p> </td> <td width="74%"></td> </tr> </table> <form action="" method="post"> <p> </p> <table border="0" style="background:#F5F5F5; ; border-collapse:collapse" cellspacing="5" width="1095" bordercolor="#111111" cellpadding="0"> <tr align="left"> <td width="154"><font face="Verdana" size="2">Employee Name:</font></td> <td width="886" colspan="6"><font face="Verdana"> <input type="text" size="30" name="Employee Name"></font></td> </tr> <tr align="left"> <td width="154"><font face="Verdana" size="2">Employee Email:</font></td> <td width="886" colspan="6"><font face="Verdana"> <input type="text" size="30" name="Employee E-mail"></font></td> </tr> <tr align="left"> <td width="154"><font face="Verdana" size="2">Employee Phone:</font></td> <td width="886" colspan="6"><font face="Verdana"> <input type="text" size="30" name="Employee Number"></font></td> </tr> <tr align="left"> <td width="154"> </td> <td width="886" colspan="6"> </td> </tr> <tr align="left"> <td width="154"><font face="Verdana" size="2">Manager:</font></td> <td width="886" colspan="6"><font face="Verdana"> <input type="text" size="30" name="Manager"></font></td> </tr> <tr align="left"> <td width="154"> </td> <td width="886" colspan="6"> </td> </tr> <tr align="left"> <td width="154"><font face="Verdana" size="2">Pay Period start date:</font></td> <td width="886" colspan="6"><font face="Verdana"> <input type="text" size="30" name="Pay Period start date:"></font></td> </tr> <tr align="left"> <td width="154"><font face="Verdana" size="2">Pay Period end date:</font></td> <td width="886" colspan="6"><font face="Verdana"> <input type="text" size="30" name="Pay Period end date:"></font></td> </tr> <tr align="left"> <td width="154"> </td> <td width="886" colspan="6"> </td> </tr> <tr align="left"> <td width="154" align="center"><b><font face="Verdana" size="2">Job Location</font></b></td> <td width="122" align="center"><b><font face="Verdana" size="2">Date</font></b></td> <td width="121" align="center"><b><font face="Verdana" size="2">Site Hours</font></b></td> <td width="121" align="center"><b><font face="Verdana" size="2">Travel</font></b></td> <td width="118" align="center"><b><font face="Verdana" size="2">Dinner</font></b></td> <td width="118" align="center"><b>Subs</b></td> <td width="116" align="center"><b>Total</b></td> </tr> <?php //Repeat 30 times for($n=1;$n<30;$n++){ ?> <tr> <td width="154"><font face="Verdana"> <input type="text" size="30" name="Job Location[]"></font></td> <td width="886" colspan="6"><font face="Verdana"><font size="2"> </font><input type="text" size="18" name="Date"><font size="2"> </font><input type="text" size="18" name="Site Hours[]"><font size="2"> </font><input type="text" size="18" name="Travel[]"><font size="2"> </font><input type="text" size="18" name="Dinner[]"><font size="2"> </font><input type="text" size="18" name="Subs"><font size="2"> </font><input type="text" size="18" name="Total[]"></font></td> </tr> <?php } ?> <tr align="left"> <td width="154"> </td> <td width="886" colspan="6"> </td> </tr> <tr align="left"> <td width="154"> </td> <td width="886" colspan="6"> </td> </tr> <tr align="left"> <td valign="top" width="154"><font face="Verdana" size="2">Further Comments</font></td> <td width="886" colspan="6"><font face="Verdana"> <textarea name="comments" rows="6" cols="30"></textarea></font></td> </tr> <tr align="left"> <td width="154"> </td> <td width="886" colspan="6"><font face="Verdana"> <input type="submit" name="Send" value="Send"></font><font face="Verdana" size="2"> </font></td> </tr> </table> </form> </body> </html>

you forgot to add $number2 = $_POST['number2']; also you have operator in the form twice.. that won't work correctly

Your need to send a HTML email, and use HTML tags so Name: $userName becomes <B>Name:</B> $userName So change your email from plain to html, change $headers .= "Content-type: text\r\n"; to $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; EDIT: ooops forgot the \r\n Now added