darkfreaks

try calling array() firstly and second try using single quotes inside your square brackets so errors are less likely to be thrown. <?php $Quote = array(); $Quote['0']; ?>

MYSQL_REAL_ESCAPE_STRING This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used.

<?php $sql = "UPDATE date_tbl SET dt_startDate='".stripslashes(trim($_POST['dt_startDate']))."', dt_endDate='".stripslashes(trim($_POST['dt_endDate']))."', dt_headline='".stripslashes(trim($_POST['dt_headline']))."', dt_text='$my_text', dt_tag='".stripslashes(trim($_POST['dt_tag']))."', dt_media='".stripslashes(trim($_POST['dt_media']))."', dt_thumbnail='".stripslashes(trim($_POST['dt_thumbnail']))."', dt_credit='".stripslashes(trim($_POST['dt_credit']))."', dt_caption='".stripslashes(trim($_POST['dt_caption']))."' WHERE dt_id ='".stripslashes(trim($_POST['dt_id']))."'"; if (!mysqli_query($con, $sql)) { die('Error: ' . mysqli_error()); } echo $my_text; echo "1 record updated"; mysqli_close($con); ?>

try this... <?php $user_id= (int)$_POST['user_id']; $result = mysql_query("SELECT * FROM style WHERE style.user_id='".$user_id."'"); if($result===FALSE) { echo mysql_error();} $row = mysql_fetch_array($result); $images = explode(',', $row['silhouettes_like']); foreach ($images as $im) { echo "<img src='"$path.$im"'>"; } ?> <?php echo "<img src='files/" . $row['silhouettes_like']. ".png'>"; ?>

<?php echo "<img src='$path.$im'>"; ?>

you can use str_replace function to replace /r/n with < br / > or just flat out remove the line break //**allow line breaks**// $message = str_replace("/r/n" , "<br />", $_POST[service]); //** remove line breaks**// $message =str_replace("r/n" , "" , $_POST[service]);

sure it would if you want to match 1 digit 1 uppercase letter and no space. don't forget lowercase as well.

cleaned up your code had several query issues and fixed a huge secuity issue with PHP_SELF <?php session_start(); session_register("myauth"); include ("../connection.php"); $user_id=$username; $pass=$pws; $checkadmin = 0; $la_checkadmin = 0; if ($user_id!=="" ||$pass!=="") { $query = "SELECT * FROM member WHERE username='$user_id'"; $result = mysql_query($query); if($result==="false") echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $checkadmin = 1; $username=$row->username; $pws=$row->pws; $query = "SELECT * FROM localadmin WHERE username='$user_id'"; $result = mysql_query($query); if($result==="false") echo "$query".mysql_error(); $row=mysql_fetch_object($result); if($row->username."a" != "a" ) $la_checkadmin = 1; $lausername=$row->username; $lapws=$row->password; $lavalidcityid=$row->validcityid; $laid = $row->id; if($checkadmin === 1) { if ($username==="admin" && $pass===$pws) { $myauth = "admin"; $_SESSION['adminauth'] = "admin"; header("location: home.php?PHPSESSID=".session_id()); exit; } } elseif($la_checkadmin === 1) { if (($lausername===$user_id) && $pass===$lapws) { $myauth = "admin"; $_SESSION['adminauth'] = "localadmin"; $_SESSION['localadmin'] = "localadmin"; $_SESSION['localadmin_city'] = $lavalidcityid; $_SESSION['localadmin_id'] = $laid; $query = "INSERT INTO localadmin_monitor (adminid,action) values('$laid','<b>LOGIN</b>')"; $result = mysql_query($query); if($result==="false") echo "$query".mysql_error(); header("location: home.php?PHPSESSID=".session_id()); exit; } } else { $is_false="false"; } if ($is_false ==="false") { ?> <body><p align=center><b><font face='arial' size='2' color='#FF0000'>Wrong User ID or Password <a href=<?php echo htmlspecialchars( $_SERVER['PHP_SELF']); ?>> Go Back </a> and login again.</font></b></p> <div align="center"> <center> <table border="0" width="780" cellspacing="0" cellpadding="0"> <tr> <td width="100%"> <p align="center"><img border="0" src="../images/EC-30.gif" width="291" height="59"><br> </td> </tr> <tr> <td width="100%" bgcolor="#686868" height="10"></td> </tr> <tr> <td width="100%" bgcolor="#D09850" height="21"> <p align="center"><b><font size="2" face="Verdana" color="#FFFFFF">Coordinator Login</font></b></td> </tr> <tr> <td width="100%"> <br> <br> <br> <br> <br> </td> </tr> <tr> <td width="100%"> <form method="POST" action="index.php"> <center> <table align="center"> <tr> <td align="right"><p><b><font color="#000000" face="Verdana" size="2">Username:</font></b></p></td> <td><input type="text" name="username" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td align="right"><p><b><font color="#000000" size="2" face="Verdana">Password:</font></b></p></td> <td><input type="password" name="pws" size="15" style="font-family : Verdana;"></td> </tr> <tr> <td colspan="2"> <p align="center"><INPUT TYPE="image" SRC="../images/submit.jpg" BORDER=0 ALT=""> </p> </td> </tr> </table> </center> </form> </td> </tr> <tr> <td width="100%"></td> </tr> </table> </center> <!--/div--> </body>" </html> <?php }} //fixes missing bracket ?> also please read the below thread to fix your header problem http://forums.phpfreaks.com/topic/1895-header-errors-read-here-before-posting-them/

if(!isset($username) && !isset($password)) { //code here }

i am guessing you have a MIME header problem..... $header = ‘From: ‘.$to.PHP_EOL; $header .='Reply-To: ‘.$to.'.PHP_EOL; $subject = "Hi!"; $body = "Hi,\n\nHow are you?"; $success = mail($to,$subject,$body,$header); if($success) { echo "Mail Sent!"; } else { echo "Mail Not Sent!"; }

^ that too should indent your code so it is more readable. <?php /* * To change this template, choose Tools | Templates * and open the template in the editor. */ require ('./../../../wp-blog-header.php'); if (isset($_GET['action'])) { switch ($_GET['action']) { case 'verify_code': if (!isset($_SESSION)) { session_start(); } if (isset($_SESSION['dcode'])) { if ($_GET['dcode'] == $_SESSION['dcode'][$_GET['postID']]) { echo 'Success:' . $_SESSION['durl']['postID']; } else { echo 'Failed: Wrong code entered.'; } } else { echo 'System is not working as expected.'; } break; case 'handleCookie': if (!isset($_SESSION)) { session_start(); } if (isset($_GET['task'])) { switch ($_GET['task']) { case 'addCookie': $_SESSION[$_GET['name']] = $_GET['value']; if (isset($_SESSION[$_GET['name']])) { echo 'Success'; } else { echo 'Failed'; } break; case 'readCookie': echo $_SESSION[$_GET['name']]; break; case 'deleteCookie': unset($_SESSION[$_GET['name']]); if (!isset($_SESSION[$_GET['name']])) { echo 'Success'; } else { echo 'Failed'; } break; } } break; case 'exportToCSV': $data = urldecode($_GET['data']); $fileName = "mobileComparison.csv"; if (isset($_GET['start'])) { unlink($fileName); } $fp = fopen($fileName, "a"); fwrite($fp, str_replace('\"', "\"", $data) . "\r\n"); fclose($fp); if (isset($_GET['end'])) { echo '<a href="'; bloginfo('template_directory'); echo '/' . $fileName; echo '">Download CSV File</a>'; } break; default: echo 'System failed to process your request.'; break; } } else { ?> <?php $k = 0; $temp = $wp_query; $wp_query = null; if (isset($_GET['brand']) || isset($_GET['meta_key'])) { if (!isset($_GET['meta_key'])) { $wp_query = new WP_Query('post_type=mobile&showposts=28&paged=' . $paged . '&brands=' . $_GET['brand'] . ''); } else { $metakeys = explode(",", $_GET['meta_key']); $getmetavalues = explode(",", $_GET['meta_value']); foreach($getmetavalues as $ck => $cv) { if ($cv == "" || $cv == " ") { unset($metavalues[$ck]); } } unset($metakeys['ecpt_operatingsystem']); $countMetakeys = count($metakeys) - 1; for ($i = 0; $i <= $countMetakeys - 1; $i++) { $metavalues[] = $getmetavalues[$i]; unset($getmetavalues[$i]); } sort($getmetavalues); foreach($getmetavalues as $key => $value) { if ($value == "" || $value == " ") { unset($getmetavalues[$key]); } } if (!is_null($getmetavalues[0]) || !is_null($getmetavalues[1])) { $metavalues[] = $getmetavalues; } foreach($metakeys as $randomkeys) { if ($randomkeys == "ecpt_operatingsystem") { $metacompare[] = "IN"; } else { if ($randomkeys == "ecpt_mop") { $metacompare[] = "BETWEEN"; } else { $metacompare[] = "LIKE"; } } } foreach($metakeys as $keyU => $valueU) { if ($valueU == null || $valueU == '' || $valueU == ' ') { unset($metakeys[$keyU]); } } foreach($metakeys as $keyU => $valueU) { if ((string)$keyU == "ecpt_mop") { $metaquery[] = array( 'key' => $metakeys[$keyU], 'value' => explode("-", str_replace(" ", "", str_replace("INR ", "", $metavalues[$keyU]))) , 'type' => 'numeric', 'compare' => $metacompare[$keyU] ); } else { if ($metakeys[$keyU] == "ecpt_operatingsystem") { $metakeys[$keyU] = "ecpt_osparent"; } $metaquery[] = array( 'key' => $metakeys[$keyU], 'value' => $metavalues[$keyU], 'compare' => $metacompare[$keyU] ); } } $showPosts = 28; if (isset($_GET['showPosts'])) { $showPosts = $_GET['showPosts']; } else { $showPosts = 28; } $arguments = array( 'post_type' => 'mobile', 'showposts' => $showPosts, 'paged' => $paged, 'brands' => $_GET['brand'], 'meta_query' => $metaquery ); $wp_query = new WP_Query($arguments); } } else { $wp_query = new WP_Query('post_type=mobile&showposts=28&paged=' . $paged); } if (!$wp_query->have_posts()) { echo '<h1>No Results Found.</h1>'; } $numPosts = 0; while ($wp_query->have_posts()): $wp_query->the_post(); $mobile_img = get_post_meta(get_post_meta($post->ID, "mobile_mobile-thumb-image_thumbnail_id", $single = true) , '_wp_attached_file', $single = true); $mobile_img_alt = get_post_meta(get_post_meta($post->ID, "mobile_mobile-thumb-image_thumbnail_id", $single = true) , '_wp_attachment_image_alt', $single = true); include "mobile-img.php"; ?> <?php if ($k % 4 == 0) { echo '<div class="clear"></div>'; } $numPosts++; ?> <div class="model-compare-block" id="model-compare-block<?php echo $numPosts; ?>"> <div class="model-preview"><center><a href="<?php the_permalink(); ?>"> <img id="model-image<?php echo $numPosts; ?>" src="<?php bloginfo('home'); echo '/wp-content/uploads/' . $mobile_img; ?>" alt="<?php echo $mobile_img_alt; ?>"> </a></center></div> <div class="model-name"><a id="model-name<?php echo $numPosts; ?>" href="<?php the_permalink(); ?>"><?php the_title(); ?></a></div> <div style="display:none;" id="postID-<?php echo $numPosts; ?>"><?php echo $post->ID; ?></div> <div class="compare-btn" id="compare-btn<?php echo $numPosts; ?>"><center><a href="#"><img src="<?php bloginfo('template_directory'); ?>/images/comare-btn.png" width="97" height="29" /></a></center></div> </div> <?php $k++; unset($mobile_img); unset($mobile_img_alt); endwhile; if (function_exists('wp_pagenavi')) { wp_pagenavi(); } $wp_query = null; $wp_query = $temp; ?> <div class="clear"></div> <?php } ?>

try changing the require to two dots. require('../wp-blog-header.php');

are you using something like PHPmailer <?php require("class.phpmailer.php"); $mail = new PHPMailer();$mail = new PHPMailer(); $mail->IsSMTP(); $mail->Host = "smtp1.example.com;smtp2.example.com"; $mail->SMTPAuth = true; $mail->Username = 'smtpusername'; $mail->Password = 'smtppassword'; $mail->From="[email protected]"; $mail->FromName="My site's mailer"; $mail->Sender="[email protected]"; $mail->AddReplyTo("[email protected]", "Replies for my site"); $mail->AddAddress("[email protected]"); $mail->Subject = "Test 1"; $mail->IsHTML(true); $mail->Body = "<h1>Test 1 of PHPMailer html</h1><p>This is a test</p>"; $mail->AltBody="This is text only alternative body."; if(!$mail->Send()) { echo "Error sending: " . $mail->ErrorInfo;; } else { echo "Letter is sent"; } ?>

http://egmods.com/ma...e/pms/index.php tutorial on creating a simple private messaging system with inbox/outbox. Private message system !== email system

http://pmsys.sourceforge.net/ could give this message system a try it is open source.

XSS Found: URL encoded POST input username was set to '"()&%1<ScRiPt >prompt(919175)</ScRiPt> Solution: use proper validation for username including regex and htmlspecialchars().

also noticed that was the exact same code you used LOL. did some research and made some changes *crosses fingers* <?php $loggedin = "/photog_main.php?pmode'=".$_GET['usermain']."'"; //** uncomment if script designed to grab URL instead of script path.**// //** $currentpage = explode('?',basename($_SERVER['REQUEST_URI'])); **// //** should output something like index.php & mysite.com/index.php?foo=something **// $currentpage = explode('?',basename($_SERVER['SCRIPT_NAME'])); <<<EOL <div class="two-thirds"> EOL; //Standard links for all users if($currentpage=='index.php') { <<<EOL <li><a href="#">Link 1</a></li> <li><a href="#">Link 2</a></li> <li><a href="#">Link 3</a></li> EOL; } //Links for logged in users elseif($currentpage== $loggedin) { <<<EOL <li><a href="#">Link 4</a></li> <li><a href="#">Link 5</a></li> <li><a href="#">Link 6</a></li> EOL; } <<<EOL </div> EOL; ?>

gah took to much time but something like this should work <?php $loggedout = "/index.php"; $loggedin = "/photog_main.php?pmode=usermain"; $currentpage = $_SERVER['REQUEST_URI']; <<<EOL <div class="two-thirds"> EOL; //Standard links for all users <<<EOL <li><a href="#">Link 1</a></li> <li><a href="#">Link 2</a></li> <li><a href="#">Link 3</a></li> EOL; //Links for logged in users if($currentpage== $loggedin) { <<<EOL <li><a href="#">Link 4</a></li> <li><a href="#">Link 5</a></li> <li><a href="#">Link 6</a></li> EOL; } <<<EOL </div> EOL; ?>

cleaned up your code using HEREDOC syntax instead of abuch of echos, can you please explain how your login currently works? like if it checks for login or logout sessions or even checks the database. <?php $loggedIn = '/photog_main.php?pmode=usermain'; <<<EOL <div class="two-thirds"> EOL; //Standard links for all users <<<EOL <li><a href="#">Link 1</a></li> <li><a href="#">Link 2</a></li> <li><a href="#">Link 3</a></li> EOL; //Links for logged in users if($loggedIn) { <<<EOL <li><a href="#">Link 4</a></li> <li><a href="#">Link 5</a></li> <li><a href="#">Link 6</a></li> EOL; } <<<EOL </div> EOL; ?>

SQL SUM returns NULL on empty. empty() checks for 0.00, 0, NULL, ' ' and blank arrays

using empty() will check for 0.00 [float] if( $variable <1 && empty($variable)) { echo '0.00'; }

can this be solved and put to a rest OP used an unpreffered method using double double variables and escaped by using curly bracket. instead of using an array to do so.

but you have global $cid01; //outputs cid01 is this not the same as //outputs cid01 $cid = $_SESSION['cid'];

and what if you do global $cid; just winging it here without seeing the full code.

what is the "real" question?