Wolphie

The cookie value would be over-written with the new users login details. For example one user logs in as "test1", the nickname cookies value is now "test1". If that user logs out, and a different user named "test2" logs in, then that cookie would be over-written with "test2". Although, when a user logs out, the cookie information should be deleted any way and then set again if a login occurs.

Can we see the code that you have for that specific bit please?

You're missing a tick quote. //grab the cname id in `tbl_hosting_cname` $q = "SELECT idcname FROM `tbl_hosting_cname WHERE cname='$cname'"; $r = mysql_query($q); It should be: $dbserver = "localhost"; $dbuname = "database"; $dbpword = "password"; $con = mysql_connect($dbserver, $dbuname, $dbpword); if(!$con){ die('Could not connect to the database server :' . mysql_error()); } //Select Database mysql_select_db("vri_inkcontrol", $con); //Get idcname $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$cname' AND dname='$dname'"; $r = mysql_query($q); //Put idcname query into an array $r_array = mysql_fetch_assoc($r); //Store idcname result from previouse query $idcname = $r_array['idcname']; //trap duplicate records //If the number of rows returned by above query is not greater then we if(mysql_num_rows($r) == 0){ //Insert idcname in `tbl_hosting_cname` since id doesn't exist $q = "INSERT INTO `tbl_hosting_cname` SET cname='$cname'"; mysql_query($q); //grab the cname id in `tbl_hosting_cname` $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$cname'"; $r = mysql_query($q); //now we must grab the id cname from array $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$cname'"; $r = mysql_query($q); $row = mysql_fetch_assoc($r); $idcname = $row['idcname']; $r = mysql_query("SELECT * FROM `tbl_hosting_domain` WHERE cname='$idcname' AND dname='$dname'"); if(mysql_num_rows($r) !== 1){ $q = "INSERT INTO `tbl_hosting_domain` (idcname, cname, ip, ns1, ns2, ftpaddress, ftpuname, ftppword, pop, smtp, webmailaddress, diskspace, bandwidth, nummailboxes, mailboxquota, numdatabases, exp) VALUES ('$idcname', '$dname', '$ip', '$ns1', '$ns2', '$ftpserver', '$ftpuname', '$ftppword', '$pop', '$smtp', '$webmailaddy', '$adiskspace', '$ambw', '$amboxes', '$amboxesquota', '$adbases', '$exp')"; mysql_query($q); $route = "Location: index.php?section=newaddyes"; }elseif(mysql_num_rows($r) == 1){ $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$cname'"; $r = mysql_query($q); $row = mysql_fetch_assoc($r); $idcname = $row['idcname']; $q = "UPDATE `tbl_hosting_domain` SET (ip = '$ip', ns1 = '$ns1', ns2 = '$ns2', ftpaddress = '$ftpserver', ftpuname = '$ftpuname', ftppword = '$ftppword', pop = '$pop', smtp = '$smtp', webmailaddress = '$webmailaddy', diskspace = '$adiskspace', bandwidth = '$ambw', nummailboxes = '$amboxes', mailboxquota = '$amboxesquota', numdatabases = '$adbases', exp = '$exp' WHERE cname='$idcname'"; $route = "Location: index.php?section=newaddyes"; }else{ $route = "Location: index.php?section=newaddno"; } It's also very bad practice to insert variable values directly into SQL queries. This makes your code extremely vulnerable to injection. You should use http://php.net/manual/en/function.mysql-real-escape-string.php to escape each string to help prevent injection. Also these lines confuse me: //grab the cname id in `tbl_hosting_cname` $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$cname'"; $r = mysql_query($q); //now we must grab the id cname from array $q = "SELECT idcname FROM `tbl_hosting_cname` WHERE cname='$cname'"; $r = mysql_query($q); Both queries are the same and you're reassigning the first declaration of the variables with the second query?

Not necessarily. Although I haven't tried this out myself, this may be useful: http://svay.com/blog/index/post/2009/06/19/Face-detection-in-pure-PHP-(without-OpenCV)

Yes, that is wrong. Unless it's given as a parameter to eval() then that code will not be executed, but instead be treated as a string (unlike JavaScript on the other hand which is interpreted by the browser)

What is the JavaScript code you're actually trying to use?

http://classicasp.aspfaq.com/forms/what-is-the-limit-on-querystring/get/url-parameters.html May be useful.

.doc file or .docx? Completely two different formats. MS Word 2007 and higher uses .DOCX which is essentially an archive that has an XML file within it that stores all of the data. This can easily be traversed with the SimpleXML library. If it's a .DOC file then I can't help you, sorry.

http://php.net/manual/en/book.simplexml.php

Remove the line $row = mysql_fetch_assoc($result); and it should work.

There is still many more improvements you could make. However, this should be slightly better. It uses a single function to process the file upload. I haven't actually tested this. <?php define('DS', DIRECTORY_SEPARATOR); function error_handler($level, $message, $file, $line, $context) { if ($level === E_USER_ERROR || $level === E_USER_WARNING || $level === E_USER_NOTICE) { echo '<strong>Error:</strong>' . $message; return TRUE; } return FALSE; } function custom_error($message, $level) { $call = next(debug_backtrace()); trigger_error($message . ' in <strong>' . $call['file'] . '</strong> on line <strong>' . $call['line'] . '</strong>', $level); } function upload_file($file, $dir) { if (is_array($file)) { $config = array(); $config['website_addr'] = 'http://www.thenudedeer.com'; $config['types'] = array('image/gif' => 'gif', 'image/pjpeg' => 'jpg', 'image/jpg' => 'jpg', 'image/jpeg' => 'jpg', 'image/png' => 'png', 'image/x-png' => 'png'); $config['max_filesize'] = 512000; if (!array_key_exists($file['type'], $config['types'])) { die('Invalid file type specified.'); } if ($file['size'] > $config['max_filesize']) { die('The file is too large.'); } $up_dir = $_SERVER['DOCUMENT_ROOT'] . DS . $dir . DS; if (file_exists($up_dir . DS . $file['name'])) { die ('File already existed, [img=http://'. $config['website_addr'] . DS . $dir . DS . $file['name'] . ']'); } else { copy($file, $up_dir . $file['name']) or die('Could not copy file.'); } // All done! :-) echo "<br />"; echo "<font color=red><b>"; echo "Upload successful"; echo "<br />"; echo "Copy and Paste the following Code"; echo "</font><br/>"; echo "<font color='green'><b>"; echo "<br />"; echo "[img]http://" . $config['website_addr'] . DS . $dir . DS . $file['name']; echo "[/img]"; echo "<br/>"; echo "<br/>"; echo '<img class="img" src="' . $dir . DS . $filename.'">'; echo "<br />"; echo "<br />"; echo "</font>"; echo "<br /><br />"; } else { custom_error('upload_file() expects parameter 1 to be an array.', E_USER_ERROR); } } ?> Example: <?php $files = $_FILES['userfile']; upload_file($files, 'dirname'); ?>

It's not updating because of the second line. You just have $_POST; sitting there doing nothing. You also are missing the quotes around the array key.

The reason why it isn't working is because every time the script is ran, the array gets reset. In order to store something so you can come back to it and use it later, you must use some form of storage. This could be sessions, cookies, text files, databases etc.. <?php session_start(); function sanitize($input) { if (!empty($input)) { $input = strip_tags($input); $input = htmlentities($input); return trim($input); } else { return FALSE; } } if (isset($_POST['submit'])) { $word = $_POST['word']; if (sanitize($word)) { $_SESSION['words'][] = $word; } else { echo 'Please enter a word'; } } ?> <form method="post" action="<?php $_SERVER['PHP_SELF']; ?>"> <input type="text" name="word" /> <input type="submit" name="submit" value="submit" /> </form> Every time you enter a word and hit submit, the value will be appended to the $_SESSION['words'] array. **EDIT** thorpe got there before me.

You aren't really explaining yourself very well. This may help: http://php.net/manual/en/book.simplexml.php

It's better to just use MySQL for this kind of thing. It's no quicker writing to a text file. It also makes using this data far easier when it's all together and can be easily queried.

$query = "SELECT * FROM pubs LIMIT $offset, $rowsPerPage WHERE rsCounty ='" . $_GET['rsCounty'] . '"; When inserting a string in a MySQL query you must surround the variable/string within single quotes.

Validation doesn't have to force the user to do anything if you don't want. For example, a user could easily enter anything they want into the e-mail address field, and it may not be a valid e-mail address. So you'd be trying to send an e-mail to an invalid e-mail address. Validation can help solve this issue by checking to see whether or not a user has entered a valid e-mail address. Or another example would be to check whether or not they've entered a legit first name and last name (by legit I don't mean it has to be their actual name because there is no way to validate that) but to check to see wether the user has entered any illegal characters such as "@$^£% etc.. Also you can validate the phone numbers and website addresses by checking for specifics. A phone number should only contain spaces, numbers and hyphens. And a website address should (but not always) contain "http://" and ".com, .net, .org" etc..

We would need to see your code.

I'm unsure as to why you had the $validateOK variable and then you had an IF statement use that variable. It didn't seem to be doing anything so I removed that. I removed the second exit() down the bottom, since there really is no need for it. And yes, as you said.. I put the mail() function within an IF statement, so if it succeeds proceed with the redirect, otherwise produce an error. If you have no requirement for validation then no, you don't need this. However, it is good practice to use it.

No idea why you need to be using exit() when after redirecting. Try this: <?php // Website Contact Form Generator // http://www.tele-pro.co.uk/scripts/contact_form/ // This script is free to use as long as you // retain the credit link function sanitize($input) { $input = stripslashes($input); return trim($input); } // get posted data into local variables $EmailFrom = "info@gruffe.co.uk"; $EmailTo = "info@gruffe.co.uk"; $Subject = "Webmail Enquiry"; $First = sanitize($_POST['First']); $Last = sanitize($_POST['Last']); $Company = sanitize($_POST['Company']); $Address = sanitize($_POST['Address']); $Telephone = sanitize($_POST['Telephone']); $Mobile = sanitize($_POST['Mobile']); $Website = sanitize($_POST['Website']); $Message = sanitize($_POST['Message']); // prepare email body text $Body = ""; $Body .= "First: "; $Body .= $First; $Body .= "\n"; $Body .= "Last: "; $Body .= $Last; $Body .= "\n"; $Body .= "Company: "; $Body .= $Company; $Body .= "\n"; $Body .= "Address: "; $Body .= $Address; $Body .= "\n"; $Body .= "Telephone: "; $Body .= $Telephone; $Body .= "\n"; $Body .= "Mobile: "; $Body .= $Mobile; $Body .= "\n"; $Body .= "Website: "; $Body .= $Website; $Body .= "\n"; $Body .= "Message: "; $Body .= $Message; $Body .= "\n"; if (mail($EmailTo, $Subject, $Body, "From: <$EmailFrom>")) { header('Location: ' . $_POST['return']); } else { // Error occurred, mail did not send } ?>

Functions in PHP are case-insensitive.

if (!isset($_SESSION['endOfTimer'])){ $endOfTimer = time() + 20; $_SESSION['endOfTimer'] = $endOfTimer; } else { $timeTilEnd = $_SESSION['endOfTimer'] - time(); echo 'You have '.$timeTilEnd.' seconds left.'; } if($timeTilEnd < 0) { if ($status == "Online"){ mysql_query("UPDATE data SET uptime=uptime+1 WHERE id='$id'"); } elseif($status == "Offline"){ mysql_query("UPDATE data SET downtime=downtime+1 WHERE id='$id'"); } session_destroy(); ?> <META HTTP-EQUIV=Refresh CONTENT="1"> <?php } ?> If you notice, the two MySQL queries do not end with a semi-colon. if ($status == "Online"){ mysql_query("UPDATE data SET uptime=uptime+1 WHERE id='$id'") } elseif($status == "Offline"){ mysql_query("UPDATE data SET downtime=downtime+1 WHERE id='$id'") }

What is the code you have at the moment?

This isn't possible using variables alone in a PHP script. Sessions/cookies/databases etc.. are required to store information about a particular transaction so that it can be retrieved and re-used at a later date.

date_default_timezone_set() is a PHP function that sets the default timezone on the server. The function date() formats output and generates the date based on the default timezone of the server. Essentially this means, if you set a different timezone using the date_default_timezone_set() function then the function date() will change to correspond with the new timezone.