Wolphie

This should be in the javascript forum. However, head on over to www.w3schools.com

Yes, if you know the form values to login into it. For example, the name of the username input box and any other additional parameters such as id, etc.. Again, the same with the password field and submit button; and if any hidden input's exist. Once you know those, you can re-create that form on another page. You'll also need to know the URL in which the log in form is re-directed to, to insert into action="" But yes, it is possible. Click right and select "View Source" in your browser while viewing the webmail login page.

Ok, I know about having to set the 404 error handler directive in the lighttpd configuration file or a .htaccess file. But what's required to achieve actual clean URLs with lighttpd? Are rewrite rules still required? If so, anybody got a simple example? (I suck at regular expressions). And what's needed to achieve this where PHP is concerned? I know apache needs to use mod_rewrite and needs rewrite rules, and then you need to examine the query string and explode it in PHP.

Try using strip_slashes();

Most visual editors have their own security. E.g. for escaping and securing. (I've never had a problem with TinyMCE)

I'm not too familiar with fwrite() an fopen() but i'll give it a shot. error_reporting(E_ALL); $content = (isset($_POST['content']) ? $_POST['content'] : false; function saveArticle() { $fp = fopen('article.txt', 'w'); $format = date('d/m/Y') . '\r\n'; $format .= eregi_replace('<br />', '<br />\r\n', $content); // May not work, I suck with regular expressions. fwrite($fp, $format); fclose($fp); } ?> This is just a basic example of what __I think__, you aren't that clear about what you want. (I also don't see the point)

Well, $_POST, $_GET and $_REQUEST are pretty much the same thing. $_REQUEST does both $_POST and $_GET and sometimes $_COOKIE. $_GET calls data from the URI. $_POST calls data from the server. (I think)

If get wasn't there, you wouldn't be able to have dynamic pages. Such as articles.php?article_id=45

Can we see some of the code you use to insert the data into the database?

You can assign a key to an array. <?php $array_1 = array("Value 1", "Value 2", "Value 3"); $array_2 = array("One" => "Value 1", "Two" => "Value 2", "Three" => "Value 3"); $array_3 = array("One" => "Value 1", "Two" => array( "One" => "Value 1", "Two" => "Value 2", "Three" => "Value 3" ), "Three" => "Value 3"); ?> If you've assigned a string as a key, then it should be called as a string. print $array_2["Three"]; // Value 3. If you haven't assigned a key to an array or the key you've assigned is an integer then you call it as one. print $array_1[2] // Value 2, also used for selecting individual values from arrays. If you have a nested array, the same applies. print $array_3[1]; // Value 1. print $array_3["Two"]["Three"]; // Value 3. print $array_3["One"]; // Value 1. print $array_3["One"][2]; // Value 2. print $array_3[2]["One"] // Value 1.

First things first, avoid dreamweaver at all costs. Use Notepad++(free) or phpDesigner 2008(not free). The best place to learn PHP is here or here. Since I don't use dreamweaver, i'll show you how I would do it. <?php error_reporting(E_ALL); // Turn error reporting on. // Put database connection code here. /* if($con = mysql_connect('localhost', 'username', 'password')) // Create connection to database mysql_select_db('db_name') // Select database. else { die('<strong>MySQL Error: </strong>' . mysql_error()); // If it fails, display an error. } */ $str = (isset($_POST['search'])) ? htmlentities(htmlspecialchars(mysql_real_escape_string($_POST['search']))) : false; // Secure POST data. if(isset($_POST['submit'])) { // Check to see if the form has been submitted. If TRUE hide the form. $sql = sprintf("SELECT * FROM `db_name` . `table_name` WHERE `field_name` LIKE '%s'", '%' . $str . '%'); // MySQL query string with wildcards. $sql = mysql_query($sql); if(mysql_num_rows($sql) > 0)) { // Check to see if anything was returned from the query. while($row = mysql_fetch_array($sql)) { // Create a loop to loop through the database. print $row['table_name']; // Print the table name's in a loop. print '<br />'; } } else { // No results returned from query. print 'Search returned no results.'; print '<p>Please try again.</p>'; } } else { // If form has not been submitted (returns FALSE), show the form. ?> <html> <head> <title>Search</title> </head> <body> <form action="<?php print $_SERVER['PHP_SELF']; ?>" method="POST"> <p> <label for="search">Search:</label><input type="text" name="search" id="search" /> <input type="submit" name="submit" value="Search" /> </p> </form> </body> </html> <?php } // mysql_close($con); ?> I prefer POST data rather than GET when it comes to forms.

Many forum and CMS systems have certain requirements and dependencies, therefore it may not work. However, using an iframe would be best.

By the way, it should be like this: <?php $line = array('name' => 'Wolphie', 'Age' => '19'); echo <<<EOT Name: {$line['name']} Age: {$line['age']} EOT; ?> For multiple lines and in-line variables use: <?php $name = 'Wolphie'; echo <<<END This is a paragraph that has multiple lines. My name is $name END; ?>

oops yeah my bad, it's 8am and I haven't slept lol

Download jQuery from here for some AJAX. Place it in the same folder as you're developing. Basic example: <html> <head> <title>Quiz!</title> <script type="text/javascript" src="jquery.js"></script>' <script type="text/javascript"> $(function() { // Checks if the DOM is ready to be manipulated. $('form').submit(function(){ // Adds a submit handler to the form. $.ajax({ // Begins the call. type: 'POST', // Specifies the type of request. url: 'results.php', // URL to make the request to. data: { q1: $('input[name=q1]:checked').val() }, // Data to be sent. dataType: 'html', // Format in which data is returned error: function() { / If an error occurs display an alert. alert("An errorhas occurred, please try again."); }, success: function(data) { // If successful. $('div#quiz').empty(); // Empty the contents of the DIV, including form. $('div#quiz').html(data); // Replace the HTML of the DIV with the results. }, complete: function() { // If complete. $('div#quiz').fadeIn('slow'); // Fade in the DIV slowly. } }); }); return false; // IMPORTANT! Must be returned FALSE, otherwise page will refresh! }); </script> </head> <body> <div id="quiz"> <form method="post"> <table> <tr><td>Name</td></tr> <tr><td><input type="text" name="name" id="name" /></td></tr> <tr><td>Question 1</td></tr> <tr> <td><input type="radio" name="q1" id="a1" value="1" checked="yes"><label for="a1">Answer 1</label></td> <td><input type="radio" name="q1" id="a2" value="2" /><label for="a2">Answer 2</label></td> <td><input type="radio" name="q1" id="a3" value="3" /><label for="a3">Answer 3</label></td> </tr> <tr><td><input type="submit" name="submit" value="submit" /></td></tr> </table> </form> </div> </body> </html> results.php <?php error_reporting('E_ALL'); $name = (isset($_POST['name'])) ? htmlentities(htmlspecialchars($_POST['name'])) : false; // Check if NAME is set, and secure. $q1 = (isset($_POST['q1'])) ? $_POST['q1'] : false; if($name) { print '<p>' . $name . '</p>'; if($q1 == 3) // Answer is supposed to be 3. print '<p>Question 1: Correct!</p>'; else print '<p>Question 1: In-Correct!</p>'; // Note: You don't need curly braces for 1 line blocks. } else { print '<p>Please enter your name.</p>'; print '<p><a href="index.php">Go Back</a>.</p>'; } ?> Although you don't need to use AJAX or jQuery. It might not work, but it's 8am and I haven't slept yet.

How are you checking to see if the answers are even correct?

Why not just do something like: index.php <?php error_reporting('E_ALL'); $sql = "SELECT `parent` FROM `db_name` . `categories`"; $sql = mysql_query($sql); if(mysql_num_rows($sql) > 0)) { while($row = mysql_fetch_array($sql)) { print '<a href="article.php?parent=' . $row['id'] . '">' . $row['name'] . '</a>'; print '<br />'; } } else { print 'No Categories Available.'; } ?> article.php <?php error_reporting('E_ALL'); $parent = (isset($_GET['parent'])) : htmlentities(mysql_real_escape_string($_GET['parent'])) ? false; $child = (isset($_GET['child'])) : htmlentities(mysql_real_escape_string($_GET['child'])) ? false; $article = (isset($_GET['article'])) : htmlentities(mysql_real_escape_string($_GET['article'])) ? false; if($parent) { $sql = sprintf("SELECT `child` FROM `db_name` . `categories` WHERE `parent` = '%'", $parent); $sql = mysql_query($sql); if(mysql_num_rows($sql) > 0 ) { while($row = mysql_fetch_array($sql)) { print '<a href="article.php?child=' . $row['id'] . '">' . $row['name'] . '</a>'; print '<br />'; } } else { print 'Invalid ID'; } } else { print 'Invalid ID'; } if($child) { $sql = sprintf("SELECT * FROM `db_name` . `articles` WHERE `cat_id` = '%s'; $sql = mysql_query($sql); if(mysql_num_rows($sql) > 0) { while($row = mysql_fetch_array($sql)) { print '<a href="article.php?article=' . $row['id'] . '">' . $row['name'] . '</a>'; print '<br />'; } } else { print 'Invalid ID'; } } else { print 'Invalid ID'; } if($article) { $sql = sprintf("SELECT * FROM `db_name` . `articles` WHERE `id` = '%s' LIMIT 1", $article); $sql = mysql_query($sql); if(mysql_num_rows($sql) > 0) { if($obj = mysql_fetch_object($sql)) { print '<a href="article.php?article=' . $obj->id . '"><h1>' . $obj->name . '</h1></a>'; print '<p>' . $obj->content . '</p>'; } } else { print 'Invalid ID'; } } else { print 'Invalid ID'; } ?> Obviously you'll need to adjust it to meet your requirements.

(X)HTML and CSS validation, yes.

Remove the "/>" from the end of the form tag. Elements that have "/>" at the end close themselves such as images, input fields, links. e.g. <link rel="stylesheet" type="text/css" href="stylesheet.css" /> <img src="image.png" border="0" alt="My Image" title="My Image" /> <input type="text" name="username" id="username" />

Just out of curiousity is $user_check an integer(number)? Because from what I understand in PHP, you can only use comparison operators (other than == and !=) on an integer. However, you're using it on a string. if($user_check > '0') // '0' == a string if($user_check > 0) // 0 == an integer

Yes you can, if the parameters exist in the URI. For example: index.php?uid=45&username=Wolphie <?php $uid = htmlentities($_GET['uid']); // Remember to secure values! $username = htmlentities($_GET['username']); // Remember to secure values! print $uid; // Returns 45 print $username; // Returns "Wolphie" ?> <?php if(isset($_GET['param']) && isset($_GET['param'])) { // The code inside the parathenses doesn't look pretty but ah well! print 'The GET parameters are set.'; } else { print 'The GET parameters need to be set!'; } ?>

<?php for($i = 0; $i < 100; $i++) { print $i; exit; // This will loop only once each time the script is executed. } ?>

Sessions are also extremely popular for shopping carts and eCommerce. I tend to only store a single session variable to determine whether a user is logged in or not; rather than storing their username etc.. in session variables. Cookies pretty much accomplish the same task except sessions are stored on the server, and cookies are stored locally. Remember to click "Topic Solved"

Bear in mind that PHP is a server side language and JavaScript is a client side language. You could communicate with the server using Ajax, and add some nifty effects in to make it look no so *ugly*. Try googling jQuery.

It's not being over paranoid. It's assuming that each query being made has the potential to be a major security risk, therefore we secure it to prevent such a risk even if it was a harmless query. I don't want the entire thing done for me, just something to help me understand HOW to accomplish it. Drupal snippet: <?php /** * Helper function for db_query(). */ function _db_query_callback($match, $init = FALSE) { static $args = NULL; if ($init) { $args = $match; return; } switch ($match[1]) { case '%d': // We must use type casting to int to convert FALSE/NULL/(TRUE?) return (int) array_shift($args); // We don't need db_escape_string as numbers are db-safe case '%s': return db_escape_string(array_shift($args)); case '%%': return '%'; case '%f': return (float) array_shift($args); case '%b': // binary data return db_encode_blob(array_shift($args)); } } function _db_rewrite_sql($query = '', $primary_table = 'n', $primary_field = 'nid', $args = array()) { $where = array(); $join = array(); $distinct = FALSE; foreach (module_implements('db_rewrite_sql') as $module) { $result = module_invoke($module, 'db_rewrite_sql', $query, $primary_table, $primary_field, $args); if (isset($result) && is_array($result)) { if (isset($result['where'])) { $where[] = $result['where']; } if (isset($result['join'])) { $join[] = $result['join']; } if (isset($result['distinct']) && $result['distinct']) { $distinct = TRUE; } } elseif (isset($result)) { $where[] = $result; } } $where = empty($where) ? '' : '('. implode(') AND (', $where) .')'; $join = empty($join) ? '' : implode(' ', $join); return array($join, $where, $distinct); } function db_rewrite_sql($query, $primary_table = 'n', $primary_field = 'nid', $args = array()) { list($join, $where, $distinct) = _db_rewrite_sql($query, $primary_table, $primary_field, $args); if ($distinct) { $query = db_distinct_field($primary_table, $primary_field, $query); } if (!empty($where) || !empty($join)) { $pattern = '{ # Beginning of the string ^ ((?P<anonymous_view> # Everything within this set of parentheses is named "anonymous view" (?: [^()]++ # anything not parentheses | \( (?P>anonymous_view) \) # an open parenthesis, more "anonymous view" and finally a close parenthesis. )* )[^()]+WHERE) }x'; preg_match($pattern, $query, $matches); if (!$where) { $where = '1 = 1'; } if ($matches) { $n = strlen($matches[1]); $second_part = substr($query, $n); $first_part = substr($matches[1], 0, $n - 5) ." $join WHERE $where AND ( "; // PHP 4 does not support strrpos for strings. We emulate it. $haystack_reverse = strrev($second_part); } else { $haystack_reverse = strrev($query); } // No need to use strrev on the needle, we supply GROUP, ORDER, LIMIT // reversed. foreach (array('PUORG', 'REDRO', 'TIMIL') as $needle_reverse) { $pos = strpos($haystack_reverse, $needle_reverse); if ($pos !== FALSE) { // All needles are five characters long. $pos += 5; break; } } if ($matches) { if ($pos === FALSE) { $query = $first_part . $second_part .')'; } else { $query = $first_part . substr($second_part, 0, -$pos) .')'. substr($second_part, -$pos); } } elseif ($pos === FALSE) { $query .= " $join WHERE $where"; } else { $query = substr($query, 0, -$pos) . " $join WHERE $where " . substr($query, -$pos); } } return $query; } function db_query($query) { $args = func_get_args(); array_shift($args); $query = db_prefix_tables($query); if (isset($args[0]) and is_array($args[0])) { // 'All arguments in one array' syntax $args = $args[0]; } _db_query_callback($args, TRUE); $query = preg_replace_callback(DB_QUERY_REGEXP, '_db_query_callback', $query); return _db_query($query); } function _db_query($query, $debug = 0) { global $active_db, $queries, $user; if (variable_get('dev_query', 0)) { list($usec, $sec) = explode(' ', microtime()); $timer = (float)$usec + (float)$sec; // If devel.module query logging is enabled, prepend a comment with the username and calling function // to the SQL string. This is useful when running mysql's SHOW PROCESSLIST to learn what exact // code is issueing the slow query. $bt = debug_backtrace(); // t() may not be available yet so we don't wrap 'Anonymous'. $name = $user->uid ? $user->name : variable_get('anonymous', 'Anonymous'); // str_replace() to prevent SQL injection via username or anonymous name. $name = str_replace(array('*', '/'), '', $name); $query = '/* '. $name .' : '. $bt[2]['function'] .' */ '. $query; } $result = mysql_query($query, $active_db); if (variable_get('dev_query', 0)) { $query = $bt[2]['function'] ."\n". $query; list($usec, $sec) = explode(' ', microtime()); $stop = (float)$usec + (float)$sec; $diff = $stop - $timer; $queries[] = array($query, $diff); } if ($debug) { print '<p>query: '. $query .'<br />error:'. mysql_error($active_db) .'</p>'; } if (!mysql_errno($active_db)) { return $result; } else { // Indicate to drupal_error_handler that this is a database error. ${DB_ERROR} = TRUE; trigger_error(check_plain(mysql_error($active_db) ."\nquery: ". $query), E_USER_WARNING); return FALSE; } } ?>