unkwntech

This is untested but I hope it at least gets you started.

?php $username = $_GET[username]; //I think your problem is here $_GET should be $_POST if your using method='post' on your form. //you can protect it later $sql = "SELECT * FROM `users` WHERE `username`= '$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0){ echo "<b>This user does not exist!</b>\n"; }else {

I'm not understanding what the problem is. And you'll want to put code between \[code\] and \[/code\]

This is quick and dirty but I think you will get the idea. <?php //Assume $cookie contains the string "1{2,3,4,5,6,7}.2{8,10,20,12,}" $array = explode(".", $cookie); $i=0; while($i<count($array)) { $items[substr($array[$i], 0, 1)] = preg_match('/\{.*\}/', substr($array[$i], 1)); $items[substr($array[$i], 0, 1)] = explode(",", $items[substr($array[$i], 0, 1)]); } expected output: $items = array() 1 = array() 2 3 4 5 6 7 2 = array() 8 10 20 12 ?>

Your going to have to explicitly name each colum I believe. UPDATE tableName SET col1='' col2='' col5='' WHERE username = 'username' And just dont specify the colums you don't want to change.

It would be a php function there are several: http://php.net/explode http://php.net/split http://www.php.net/manual/en/function.preg-split.php

If you figure this out give Microsoft a call I'm sure they will pay you millions to stop copyright theft.

<?php //did not enter a search term we give an error if ($find == "") { echo "<p>You forgot to enter a search term"; exit; } ?> should be <?php //did not enter a search term we give an error if ($_POST['find'] == "") { echo "<p>You forgot to enter a search term"; exit; } ?> Anytime you pass info from a form you need to access it either via $_POST or $_GET depending on the method you use on the form.

Switch as much as you can to either $_POST or $_SESSION, or even $_COOKIE. Obviously cookies are better then post and sessions are better then cookies.

Although I'm not 100% sure I don't think its possible I would consider using a cookie to store the info, that you want to keep, just set an expiration date for the cookie.

my suggestion would be just to change action=<? $_SERVER['PHP_SELF'] ?> to action='fileName.php'

If they are passing data for SQL queries via GET then an SQL injection could be done. Example: $sql = SELECT * FROM users WHERE username='" . $_GET['username'] . "'"; Suppose i changed .php?username=myUsername to somthing like .php?username=INNER JOIN SELECT * FROM USERS of course its going to be a bit harder, i hope, but you could expose alot of informtion. Not to mention if its a windows server with mssql I know of a dozen or so current exploits that would allow me to gain access as administrator via rdc. So there are alot of potential problems. Consider what if that database I just queried contains Credit Card info... or worse.

And if($_GET == register) { should be if($_GET['page'] == 'register'){ Unless register is a literal...

At the page you offer: http://www.unspace.ca/discover/pageless/ the source code is included at the bottom of the page.

$sql = "SLECT image1, image2 FROM.........."; $result = mysql_query($sql); if(mysql_result($result, '0', 'image2') != '') { echo "<img src='" . mysql_result($result, '0', 'image2') . "'>"; } This is rough but it should work.

Maybe this will help http://www.php.net/manual/en/function.session-id.php

$data = split('/\|/', $_COOKIE["sc1"]); $width = data['0']; Would be perfect....

I'll second that suggestion for http://w3schools.org. And I'll add that http://www.amazon.com/Sams-Teach-Yourself-PHP-Minutes/dp/0672327627/ref=sr_1_1?ie=UTF8&s=books&qid=1216289286&sr=8-1 is a great PHP book.

Thanks much... now I can stop beating my head against my desk.

Oh WOW.... In my defense I have been up WAY to long.

//cookie value stored as $data $data = split('/\|/', $data); $width = data['0']; PHP's split() will 'split' a string into an array based on a regex of the delimitor, in this case | (regex: '/\|/') See http://www.php.net/split for more info

Getting this error and google was no help: Fatal error: Function name must be a string in crash.php on line 115 $config['textLog']['logFile'] = '/path/to/logs/siteError.log'; ... $fh = fopen($config['textLog']['logFile'], 'w'); //line 114 $config['textLog']['format'] = preg_replace('/%t/', $date('d/m/y'), $config['textLog']['format']); //line 115

<html> <head> <title><?=$sitename?></title> </head> <body> <h1><?=$sitename?></h1 Is technically correct if you are only going to echo one item, however it is commonly considered bad practice because php must have short tags enabled. Now onto the answer, I'm not entirely sure what the question was if you could please explain in more detail.

If you only have the ip address of the referring site then most likely no, because most commonly many sites will share the same IP. The best you could do would be gethostbyaddr() which will return the reverse dns record which will either point to the website or the hosting company.

There is nothing explicitly wrong with this try: $filterIP = array('11.11.11.11', '22.22.22.22'); or if you want something more human readable try this: $filterIP = array(); $filterIP .= '11.11.11.11'; $filterIP .= '22.22.22.22'; ... If this still does not work please post some of the surrounding code.