premiso

<script type="text/javascript" language="Javascript"> function showContent(idAlternate) { var hideShow = document.getElementById(idAlternate); if(hideShow.style.display == 'block') { hideShow.style.display = 'none'; } else if(hideShow.style.display == 'none') { // added another = here it should be == hideShow.style.display = 'block'; } } </script> Added an extra = to the elseif and create a var to house the document element, this way you do not have to keep calling that, just the variable. I have not clue if the below would break it but I never use javascript: <a href="#" onclick="showContent('ContentToDisplay'); return false;">Show/Hide Div</a> That should work, untested but yea. I would suggest getting FireFox as it has a "Error Console" that will post you all the javascript errors, if there are any, your page has. Great for debugging javascript.

<?php if ( isset($_POST["que2"])) { $question1=$_POST["que2"]; $question2 = $_POST["que2"]; // not sure why you are setting this to same thing as above and not using it anywhere...but ok. if ($_POST["que2"] == "62") { echo "<b>You put:$question2</b>"; echo "<p><b><font color=\"green\">That is Correct!</b></font>"; }elseif ($_POST["que2"] == "") { echo ""; }else { echo "<b>You put:$question2</b>"; echo "<p><b><font color=\"red\"> Incorrect, try again!</b></font>"; } } else { $question1=""; } ?> Basically if the $_POST["que2"] isset you want to run that code inside the if, by putting the code I put inside the if outside of it you defeated the purpose of that check. EDIT: decided to post some cleaner code: <?php if ( isset($_POST["que2"])) { //$question1=$_POST["que2"]; not needed twice for the same variable. $question2 = $_POST["que2"]; // not sure why you are setting this to same thing as above and not using it anywhere...but ok. }else { $question2=""; } // use the variable you defined here. if ($question2 == "62") { echo "<b>You put:$question2</b>"; echo "<p><b><font color=\"green\">That is Correct!</b></font>"; }elseif ($question2 != "") { echo "<b>You put:$question2</b>"; echo "<p><b><font color=\"red\"> Incorrect, try again!</b></font>"; } ?> Removed the last echo as it is not needed cause it does not print anything out.

If this is an intranet application your only worry is someone on the intranet sniffing your packets. If it is out in the open via the internet you have worries as the amount of hops you have to go through to get to the website can be a ton. Especially if that person travels. Do a tracert on the ip of your host and it will tell you how many times your connection has to be bounced off another node to reach it's destination. Each bounce could have a potential sniffer. Especially if a hacker looks at the javascript and realizes what it is doing he can easily sniff out the data. Now you could try passing it via POST over GET which is a bit more secure. I mean for the most part about 85% of webpages with a login system only use post to verify a user without SSL locked up. Rarely that data gets out. But, if you are only checking a username, post is flawed cause anyone can create a form to post to your page and be logged in. The real key is to have a verification system. As I always see, convenience for the user is 2nd to security of the user/company. If they have to type in a password to identify themselves it is worth it to secure the system that much more. At least that is my 2cents.

No there is not. The best way is to create a user login system which accesses a database to check credentials to secure it and once the user is successfully logged in use session on each page to see if the user is logged in.

Shared hosts are just bad news. Very insecure (most of them) and one person on that shared host can screw up stuff for the next. So yea my bet is someone is abusing it.

He is asking for the equivalent, not for a harsh response. The more coming over from ASP to PHP the better IMO. Check out the header function. I believe it would be this: header("Cache-Control: public"); Hope that helps ya.

Either or works. With the return in there that breaks the switch.

You could take the concept of the replaceTableTitle and do it that way. function replaceTableTitle($title) { switch (strtolower($title)) { case 'howtoapply': return "How To Apply"; break; // etc } // if we get here just upercase the first word return ucfirst($title); } Then just replace this part of the code: echo "<tr class=\"jobs\" valign=\"top\"><td class=\"jobs\"><strong>" . replaceTableTitle($key) . ":</strong></td><td class=\"jobs\">".$val."</td></tr>\n";

Ah I forgot you were using the fetch_array. Only use this if you really want both set (non-assoc and assoc) results other wise use fetch_assoc. <?php // the order above has to be as such so when we get to the foreach it displays properly. $result = @mysql_query("SELECT location, fte, shift, salary, description, qualifications, preferred, howtoapply, url, contactname, contactphone, contactemail, added, id, title, employer FROM $db_table ORDER BY id DESC"); // I usually define columns I want out but yea, this will ensure the proper order you want them displayed later on. if (!$result) { exit("<p>Error performing query: " . mysql_error() . "</p>"); } elseif (mysql_num_rows($result) == 0){ echo "<h4>Sorry, there are no job listings at this time.</h4>"; } else { while ($row = mysql_fetch_assoc($result)) { // changed to fetch_assoc to only grab one set of data. // no clue why you define these, I would just access them as needed. $row['added'] = date("m/d/y", strtotime($row['added'])); // convert newline characters to HTML break tag ( <br /> ) $row['description'] = nl2br($row['description']); $row['qualifications'] = nl2br($row['qualifications']); $row['preferred'] = nl2br($row['preferred']); $row['howtoapply'] = nl2br($row['howtoapply']); echo "<h3>".$row['title']."</h3>\n"; //table format echo "<table width=\"600\" border=\"0\" cellspacing=\"3\" cellpadding=\"3\" class=\"jobs\" summary=\"This table lists all of the available jobs listed with the Washington State Biomedical Association in the Northwestern region of the United States.\">"."\n"; echo "<tr class=\"jobs\" valign=\"top\"><td width=\"110\"><strong>Title:</strong></td><td width=\"490\">".$row['title']."</td></tr>\n"; echo "<tr class=\"jobs\" valign=\"top\"><td><strong>Employer:</strong></td><td class=\"jobs\">".$row['employer']."</td></tr>\n"; foreach ($row as $key => $val) { if ($key == "added") break; // because that means we past the last line we wanted displayed this way. if ($val != "") echo "<tr class=\"jobs\" valign=\"top\"><td class=\"jobs\"><strong>" . ucfirst($key) . ":</strong></td><td class=\"jobs\">".$val."</td></tr>\n"; } echo "</table>\n"; echo "<div>(Added on: " .$row['added']. ")</div>\n"; echo "<br/><br/>\n"; } } mysql_close(); ?> Give that a try and see if that works.

Honestly you can do it how you want to. mysqli class, if you can use it, does offer alot of easy to use functions and provides more functionality, but it is also limited to PHP 5 I believe. So if the code you are writing needs to be on a multitude of systems, than this is not the way to go. If it is only used on your current system, I would go with the mysqli class and use that. The end result is you do not have to use mysqli, although it is more efficient it is not required. I tend to find mysqli a bit nicer with the extras it provides.

Ah, now that I know the old variables was just to shorten, this will work instead: <?php // the order above has to be as such so when we get to the foreach it displays properly. $result = @mysql_query("SELECT location, fte, shift, salary, description, qualifications, preferred, howtoapply, url, contactname, contactphone, contactemail, added, id, title, employer FROM $db_table ORDER BY id DESC"); // I usually define columns I want out but yea, this will ensure the proper order you want them displayed later on. if (!$result) { exit("<p>Error performing query: " . mysql_error() . "</p>"); } elseif (mysql_num_rows($result) == 0){ echo "<h4>Sorry, there are no job listings at this time.</h4>"; } else { while ($row = mysql_fetch_array($result)) { // no clue why you define these, I would just access them as needed. $row['added'] = date("m/d/y", strtotime($row['added'])); // convert newline characters to HTML break tag ( <br /> ) $row['description'] = nl2br($row['description']); $row['qualifications'] = nl2br($row['qualifications']); $row['preferred'] = nl2br($row['preferred']); $row['howtoapply'] = nl2br($row['howtoapply']); echo "<h3>".$row['title']."</h3>\n"; //table format echo "<table width=\"600\" border=\"0\" cellspacing=\"3\" cellpadding=\"3\" class=\"jobs\" summary=\"This table lists all of the available jobs listed with the Washington State Biomedical Association in the Northwestern region of the United States.\">"."\n"; echo "<tr class=\"jobs\" valign=\"top\"><td width=\"110\"><strong>Title:</strong></td><td width=\"490\">".$row['title']."</td></tr>\n"; echo "<tr class=\"jobs\" valign=\"top\"><td><strong>Employer:</strong></td><td class=\"jobs\">".$row['employer']."</td></tr>\n"; foreach ($row as $key => $val) { if ($key == "added") break; // because that means we past the last line we wanted displayed this way. if ($val != "") echo "<tr class=\"jobs\" valign=\"top\"><td class=\"jobs\"><strong>" . ucfirst($key) . ":</strong></td><td class=\"jobs\">".$val."</td></tr>\n"; } echo "</table>\n"; echo "<div>(Added on: " .$row['added']. ")</div>\n"; echo "<br/><br/>\n"; } } mysql_close(); ?> The above should work, remember that the initial select is setup in a way so that the foreach loops through it right and displays only the columns it should at the time, once it hit's added it stops so it does not display the last few column. If that still does not work I would do this for a test: <?php // the order above has to be as such so when we get to the foreach it displays properly. $result = @mysql_query("SELECT location, fte, shift, salary, description, qualifications, preferred, howtoapply, url, contactname, contactphone, contactemail, added, id, title, employer FROM $db_table ORDER BY id DESC"); // I usually define columns I want out but yea, this will ensure the proper order you want them displayed later on. if (!$result) { exit("<p>Error performing query: " . mysql_error() . "</p>"); } elseif (mysql_num_rows($result) == 0){ echo "<h4>Sorry, there are no job listings at this time.</h4>"; } else { while ($row = mysql_fetch_array($result)) { // no clue why you define these, I would just access them as needed. $row['added'] = date("m/d/y", strtotime($row['added'])); // convert newline characters to HTML break tag ( <br /> ) $row['description'] = nl2br($row['description']); $row['qualifications'] = nl2br($row['qualifications']); $row['preferred'] = nl2br($row['preferred']); $row['howtoapply'] = nl2br($row['howtoapply']); echo '<pre>'; // remove after test print_r($row); // remove after test die(); // remove after test echo "<h3>".$row['title']."</h3>\n"; //table format echo "<table width=\"600\" border=\"0\" cellspacing=\"3\" cellpadding=\"3\" class=\"jobs\" summary=\"This table lists all of the available jobs listed with the Washington State Biomedical Association in the Northwestern region of the United States.\">"."\n"; echo "<tr class=\"jobs\" valign=\"top\"><td width=\"110\"><strong>Title:</strong></td><td width=\"490\">".$row['title']."</td></tr>\n"; echo "<tr class=\"jobs\" valign=\"top\"><td><strong>Employer:</strong></td><td class=\"jobs\">".$row['employer']."</td></tr>\n"; foreach ($row as $key => $val) { if ($key == "added") break; // because that means we past the last line we wanted displayed this way. if ($val != "") echo "<tr class=\"jobs\" valign=\"top\"><td class=\"jobs\"><strong>" . ucfirst($key) . ":</strong></td><td class=\"jobs\">".$val."</td></tr>\n"; } echo "</table>\n"; echo "<div>(Added on: " .$row['added']. ")</div>\n"; echo "<br/><br/>\n"; } } mysql_close(); ?> And see what gets printed out.

Well you asked for an in-depth explanation and that is why. If you want more help I would suggest posting the code for OutlandsMain($email, $password); Because that is what outputs to the JS, not the code above, the issue/error would be in there.

Use double quotes to display the actual variable data and single quotes to display the literal version of the variable. <?php $pass = "test"; echo $pass; // = test echo '$pass'; // = $pass echo "$pass"; // = test echo '' . $pass . ''; // = test echo '{$pass}'; // = test (because of the { } ) ?> Hope that clears it up.

Here is an example of one way to optimize it. <?php $result = @mysql_query("SELECT loc, fte, shift, salary, quals, prefd, howto, url, contName, contPhone, contEmail, added, jobtitle, empl, id FROM $db_table ORDER BY id DESC"); // I usually define columns I want out but yea, this will ensure the proper order you want them displayed later on. if (!$result) { exit("<p>Error performing query: " . mysql_error() . "</p>"); } elseif (mysql_num_rows($result) == 0){ echo "<h4>Sorry, there are no job listings at this time.</h4>"; } else { while ($row = mysql_fetch_array($result)) { // no clue why you define these, I would just access them as needed. $row['added'] = date("m/d/y", strtotime($row['added'])); // convert newline characters to HTML break tag ( <br /> ) $row['desc'] = nl2br($row['desc']); $row['quals'] = nl2br($row['quals']); $row['prefd'] = nl2br($row['prefd']); $row['howto'] = nl2br($row['howto']); echo "<h3>".$row['jobtitle']."</h3>"."\n"; //table format echo "<table width=\"600\" border=\"0\" cellspacing=\"3\" cellpadding=\"3\" class=\"jobs\" summary=\"This table lists all of the available jobs listed with the Washington State Biomedical Association in the Northwestern region of the United States.\">"."\n"; echo "<tr class=\"jobs\" valign=\"top\"><td width=\"110\"><strong>Title:</strong></td><td width=\"490\">".$row['jobtitle']."</td></tr>"."\n"; echo "<tr class=\"jobs\" valign=\"top\"><td><strong>Employer:</strong></td><td class=\"jobs\">".$row['empl']."</td></tr>"."\n"; foreach ($row as $key => $val) { if ($key == "added") // edit changed this to key over val like it should be. break; // because that means we past the last line we wanted displayed this way. if ($val != "") echo "<tr class=\"jobs\" valign=\"top\"><td class=\"jobs\"><strong>" . replaceTitle($key) . ":</strong></td><td class=\"jobs\">".$val."</td></tr>"."\n"; } echo "</table>"."\n"; echo "<div>(Added on: " .$row['added']. ")</div>"."\n"; echo "<br/><br/>"."\n"; } } function replaceTitle($title) { $replaceArray = array("loc" => "Location", "fte" => "FTE", "shift" => "Shift", "salary" => "salary"); // add the rest of the titles here. return $replaceArray[$title]; } mysql_close(); ?> Questions let me know. May not be the best, but a way to make it more dynamic with less code.

I would make them constants. $row = mysql_fetch_assoc($global_settings); foreach ($row as $key => $val) { define($key, $val); } You can make them strtoupper since constants tend to be in CAPS for easy recognizing. At least that is how I would do it. define This: <title><?php echo $row_global_settings['site_name']; ?> - User Management</title> Becomes: <title><?php echo site_name; ?> - User Management</title> EDIT: Removed the while loop, noticed it was not needed.

I think it would be better to output the actual error. I think the issue is the ; in the SQL but not sure. I seem to remember issues with that. Change this: } else { echo "<span style='color: red;'><b>Query failed. Check your SQL statement.</b></span><br />"; } to } else { echo "<span style='color: red;'><b>Query failed. Check your SQL statement.<br />" . $query . " <br />MySQL Error: " . mysql_error() . "</b></span><br />"; } At least in development that will help you immensely to find the issue.

I would honestly create an array of the columns you expect, or pull them from the database using SQL. Then do a check if $key is not in the array, then do not add it to the SQL, as it could break your sql and be an attempt of an attack on your server. <?php $cols = array("rm_loc", "patient"); // etc foreach ($_POST as $variable => $value) { if (in_array($variable, $cols)) { $$variable = $value; } } ?>

SQL injection is easy, just use mysql_real_escape_string As for the refresh/xss if you do not want html to be executed strip_tags would work, but using the functions above you should be able to test if there is such code in the input box and if there is reject it.

A shot in the dark with the little code provided. Your example of http://mysite.com/feed.csv does not go into a subfolder as this does: $file = 'http://213.161.76.14/feeds/feed.csv'; So maybe changing it to: $file = 'http://213.161.76.14/feed.csv'; Might solve the problem?

I do not think you can do a join delete. I am not sure of this but I think you need 2 seperate statements. <?php $sql="delete products WHERE products.CATID = $catid"; $sql2="delete category WHERE category.ID = $catid"; ?> If you can do it in one blow your SQL is wrong. <?php $sql="delete category, products WHERE category.ID = $catid AND products.CATID = $catid"; ?> You ahve to set it equal to $catid each time.

It makes sense. The number is smaller because 12 represented in the right way is 00 given that it is am and not pm.

Either way if you revert back to the old code...FIX IT like suggested. If you get an error, look up on what the error is. An undefined index means that you are trying to use a variable that has not been defined. You can check if a variable has been defined with isset Also as suggested earlier, read up on variables/proper usage in echo and print as your code will never work because you are including variables completely wrong. Look at the code posted and see how the usage is done there. Doing your own research is half the battle with coding. You find a problem research it. Why does that cause a problem, what is the issue. I cannot tell you how many hours I have spent at php.net and google researching all my problems I come across and it never seems to fail me as I almost always get the answer I need or something close to it. As stated the version of the code I posted is a lot closer to what you want to achieve, but if you want to do it yourself and find out why do the leg work and research it.

switch($type){ case "moglo": function createpet("moglo.png"); break; } should be switch($type){ case "moglo": createpet("moglo.png"); break; }

Yea, sorry I did not realize that $result was being used for the result like it should be (duh). Anyhow did you get it figured out?

Where are you testing if the cookie has been set? Also what are the values of $cookiePath and $cookieDomain, as that can make or break the function. edit: Ah, setcookie has to be called before any input is sent to the browser. That is the issue right there. Move the include file above the <html> tag and I bet it will work.