mpharo

The only way I am aware of doing it is by an ActiveX module, do some googling on that and see what you find....

//retrieve images $getimages = mysql_query("SELECT * FROM images WHERE username = 'nick'"); while ($image = mysql_result($getimages, 0, "imagelocation")) { echo "<img src=\"$image\">"; } Untested though....your better off using... while ($image=mysql_fetch_array($getimages)){ //replace COLUMNNAME with the name of the column that holds the src for your images echo "<img src=\"$img[COLUMNNAME]\">"; }

Just use the same variable name in the subsequent insert statements.... $value="TEST"; $select1=mysql_query("SELECT * FROM table1 WHERE value='$value' "); $select2=mysql_query("SELECT * FROM table2 WHERE value='$value' "); $select3=mysql_query("SELECT * FROM table3 WHERE value='$value' ");

but the problem is being able to copy the code, a person would have to directly take the file and modify it then put it back, you need to put restrictions on the files themself to not allow people to do that....a person cant just copy the code modify it and save it, you have to take the index.php file or whatever it is called modify it then save it back...

This is the proper way to do it, if people have access to your webserver and can take files and put them back that needs to be fixed with file permissions and the removal of shared folders as well as users...if anyone had access to any webservers files they can do what they want with the site, basic webserver administration entails removing the ability to take files from the server without proper access restrictions....now just looking at your code, you are executing a query to get a result, you are then taking that result and using it to modify the information for a userid, so if someone were to just take those 2 lines and somehow modify it for a hardcoded value, you can change your page to check if the variable your looking for is initialized and if it is then execute the statement, that way (I dont know how someone would) if someone hard coded a value in your html it is blocked from running on the server side... you would just add something like this... If ($sql[value]){ echo "<input type=\"hidden\" name=\"value\" value=\"$sql[value]\">"; }

well in order to do as you described, one would have to copy the file from you webserver, modify it, then put it back...if people can do this you have more security problems to worry about than this little thing...

In your if statements you are only required for one () around the comparison... In your <form> tag you do not have a closing </form> which is why the submit is not working.....in your order button your not telling it to do anything, you are just calling it a button, you need to use some javascript to do something with it like this... onClick="document.form.submit()" or something.... You need a comparison if statement for the radio buttons to be checked or unchecked with php...

He wants that in there, cause it will print a space between the variables...

I modified the query in the other post after posting, you cant use [''] in a sql statement, just remove those outta there and just do '$var[var]' NOT '$var['var']'

What line is 124, can you post the whole page?

if you using just mysql you dont need all those periods in there try this.... mysql_query("INSERT INTO dispo_tooSmall (Name, Phone, Email, Position, State) VALUES ('$row[fname] $row[lname]' , '$row[areacode] $row[prefix] $row[linenumber]' , '$row' , '$row[position]' , '$row[state]')");

I assume in your if else statement you are trying to assign the $ variables to the same as the session variables? if this is the case you need to use them as session variables and not normal variables...like this... $_SESSION['tickets']="txtTickets"; echo $_SESSION['tickets'];

the code looks fine, the query looks a little wierd though....are you using mysqli?

your include for allusers.php is below your insert, in the chain of events the fields wont be populated properly, try moving your include with the rest of them at the top....

Your insert looks fine, can I see the code where the 2 variables get populated, also can you give an example of what you entered and what gets inserted?

try adding a $from variable and populating it, then in the mail() call that instead of the "FROM: "

In your inserts you need to specify the columns you want the items inserted into, just like in the above post states also like this.... INSERT INTO table (field1, field2, field3) VALUES ('value1','value2','value3')

javascript has: parent.document. functionality just use that and it will change the page from the parent page...something like this... parent.document.getElementById('image').src='picture2.gif';

You are using die() before the query is executed...remove that outta there and try it....die should be used for error handling...or forcibly terminating a script...

In that code those values arnt specified as anything, if your submitting the form to itself you need to do like $year=$_POST['year'];......I am not that familiar with cookies, but can you set it as an array? I think you need a single cookie for each value or insert each value seperatly in the same cookie...try inserting each value seperatly in the cookie with multiple setcookie() commands...

$query = "INSERT INTO wantdb (name, item, phone, email) VALUES (\''.$name.'\'', \''.$item.'\', \''.$phone.'\', \''.$email.'\')";

In your echo you are escaping the " before you print the variable (diw_id=\".$row[diw_id].\"\") try this diw_id=\"".$row[diw_id]."\"

in your insert statement you do not need the periods...try this line.... $query = "INSERT INTO wantdb (name, item, phone, email) VALUES ('$name', '$item', '$phone', '$email')";

I would create another cookie variable and then when you are in the directories just do a check for that variable, if it is equal to 1 allow if 0 deny access...

Is that the whole chunk of code, cause you do not have a closing "; in your echo .... also how are you going in and out of html to php, cause you have <td> which is html and then you go right into echo for php without a <? and a closing ?> after the php...