darkfreaks

you still have XSS injection i suggest you output everything with htmlspecialchars()

you also have MYSQL injection in viewthread.php suggest using PHP PDO to Squash this

you have SQL Injection in your input suggest looking into PHP PDO to squash this.

thanks for removing all the extra spaces that stupid formatter puts in it i ran it through phpsandbox on all versions of PHP 5 down to 5.4.3 and there were no syntax errors after i removed the undefined index error from the variable not being checked if it was set or not. and the SQL syntax errors. with the extra double quotes and (). also type mismatch phplint could not compare [string] to (int) fixed this as well. had to take out isset() and use (int) instead. <?php $delid = (int)$_GET['del_id']; if($delid !== 0 && (is_array($trade_toonid) && sizeof($trade_toonid) !== 0)){ if($delid !== 0){ $user_toons = implode(",", $trade_toonid); $update_ctoons = "update tbl_users_ctoons set location=1 where trade_id={$delid} and usrctoon_id in ($user_toons)"; $del = new database(); $del->myquery($update_ctoons,1); $del_trade = "delete from tbl_trade where trade_id={$delid}"; $del = new database(); $del->myquery($del_trade,1); $del = new database(); $del->where("trade_id={$delid}"); $del->delete("tbl_trade"); header("Location: manage_tradeboard.php"); //exit(); } } ?>

formatted and debugged your code. let us know if you continue to have problems. $delid = isset($_GET['del_id']) ? $_GET['del_id'] : ''; if($delid > 0 && ( is_array($trade_toonid) && sizeof($trade_toonid) > 0)) { if($delid > 0) { $user_toons = implode(",", $trade_toonid); $update_ctoons = "update tbl_users_ctoons set location=1 where trade_id={$delid} and usrctoon_id in ($user_toons)"; $del = new database(); $del->myquery($update_ctoons,1); $del_trade = "delete from tbl_trade where trade_id={$delid}"; $del = new database(); $del->myquery($del_trade,1); $del = new database(); $del->where("trade_id={$delid}"); $del->delete("tbl_trade"); header("Location:manage_tradeboard.php"); exit(); } }

you can use the price comparison class on phpclasses.org you have to create a free account in order to download the class files and read up on how it works. http://www.phpclasses.org/package/4800-PHP-Generate-price-comparison-site-with-DataFeedFile.html

have you tried looking at the basic pagination tutorial for this site???? http://www.phpfreaks.com/tutorial/basic-pagination

are you running this on a live or test server? if it is running on a test server that is not live chances are you don't have SMTP set up. looks like you arw running WAMP server locally here is a tool you can download that will act as a server to test locally. http://www.toolheap.com/test-mail-server-tool/

where is it defined in the code? i am not seeing this. please give the full code or where $prod_id is defined within the code.

have you looked into PHPmailer???

still ain't working i am thinking could it do with the fact that some of the javascript seems to be commented out?

i took the doublequotes and dots out it still is blank.

<?php include("../konnect.php"); $sql = mysql_query("SELECT * FROM ask") or die("MySQL Failure: " . mysql_error()); if (mysql_num_rows($sql) === 0) die("There were no rows returned"); while ($row = mysql_fetch_array($sql)) { $msg = $row['msg']; $mes_id = $row['mes_id']; $up = $row['up']; $down = $row['down']; $echo = <<<ECHO <div id='main'><div class='box1'><div class='up'><a href='' class='vote' id='" . $mes_id . "' title='Up' name='up'>" . $up . "</a></div><div class='down'><a href='' class='vote' id='" . $mes_id . "' title='Down' name='down'>" . $down . "</a></div></div><div class='box2' >" . $msg . " <br /><br /><div class='fb-comments' data-href='http://naturalnaring.com/engage.php?id=" . $mes_id . "' data-num-posts='2'></div><br /><br />"; ECHO; echo $echo; ?> can anyone see where i am outputting it wrong? it seems to work fine in dreamweaver locally.

if anyone can spot the error let us know. the engage script is not loading. outside of the local server enviroment. http://naturalnaring.com/engage.php

http://techpatterns.com/downloads/php_browser_detection.php this should detect in php the user agent string.

FATAL ERROR: unsupported old-style syntax. Please use {...} instead. if(mysql_num_rows($r)>0): to: if(mysql_num_rows($r)>0){}

http://www.tidy-designs.co.uk/website-development/php-secure-file-upload-script/

also you can shorten your code abit using ternary operators instead of abunch of IF's. $submit = isset($_POST['submit']) ? $_POST['submit'] : ''; $radio = isset($_POST['record']) ? $_POST['record'] : '';

well for one you are missing a semi colon in your coding. Tidied Code: <?php $link = mysql_connect("localhost", "emorette11", "mypassword", "mydatabase") or die("Could not connect: " . mysql_error($link)); print("Connected successfully"); mysql_select_db("mydatabase"); echo "<br />"; $color = $_POST["color"]; $material = $_POST["material"]; $gender = $_POST["gender"]; $size = $_POST["size"]; $price = $_POST["price"]; $id = $_POST["id"]; if (isset($_POST["submit"])) { if (isset($_POST["record"])) { $radio = $_POST["record"]; if ($radio == "add") { $sql = "INSERT INTO EyeGlasses (Color, Material, Gender, Size, Price, ID) VALUES ('$color','$material','$gender','$size','$price','$id')"; $result = mysql_query($sql, $link) or die(mysql_error()); $showresult = mysql_query("SELECT * from EyeGlasses") or die("Invalid query: " . mysql_error()); while ($row = mysql_fetch_array($showresult)) { echo ("<br /> Color = " . $row["Color"] . "<br /> Material = " . $row["Material"] . "<br />"); echo ("Gender = " . $row["Gender"] . "<br /> Size = " . $row["Size"] . "<br />"); echo ("Price = " . $row["Price"] . "<br /> ID = " . $row["ID"] . "<br />"); } } else if ($radio == "update") { $sql = "UPDATE EyeGlasses SET Color='$color',Material='$material', Gender='$gender', Size='$size', Price='$price', ID='$id' WHERE ID='$id'"; $result = mysql_query($sql, $link) or die(mysql_error()); $showresult = mysql_query("SELECT * from EyeGlasses") or die("Invalid query: " . mysql_error()); while ($row = mysql_fetch_array($showresult)) { echo ("<br /> Color = " . $row["Color"] . "<br /> Material = " . $row["Material"] . "<br />"); echo ("Gender = " . $row["Gender"] . "<br /> Size = " . $row["Size"] . "<br />"); echo ("Price = " . $row["Price"] . "<br /> ID = " . $row["ID"] . "<br />"); } } else { $sql = "DELETE FROM EyeGlasses WHERE ID='$id'"; $result = mysql_query($sql, $link) or die(mysql_error()); $showresult = mysql_query("SELECT * from EyeGlasses") or die("Invalid query: " . mysql_error()); while ($row = mysql_fetch_array($showresult)) { echo ("<br /> Color = " . $row["Color"] . "<br /> Material = " . $row["Material"] . "<br />"); echo ("Gender = " . $row["Gender"] . "<br /> Size = " . $row["Size"] . "<br />"); echo ("Price = " . $row["Price"] . "<br /> ID = " . $row["ID"] . "<br />"); } } } } ?>

$csv_mimetypes = array( 'text/csv', 'text/plain', 'application/csv', 'text/comma-separated-values', 'application/excel', 'application/vnd.ms-excel', 'application/vnd.msexcel', 'text/anytext', 'application/octet-stream', 'application/txt', ); if (in_array($_FILES['upload']['type'], $csv_mimetypes)) { // possible CSV file // could also check for file content at this point to be extra sure }

That and there are plenty of already existing plugins for WP for forms that have email notification.

have you thought about using Askimet or CAPTCHA? to stop spam....

http://snipplr.com/view/14152/ at least google some options before asking for help.

change header('Location: ' . SUCCESS_URL); to echo SUCCESS_URL; this should output the success_url variable instead of redirecting it.

Awesome catch Psycho i missed the missing semi's