ohdang888

or you could have a "click here to print this" and that would like to print.php?id=blah and you would use a counter to store how many times that has been uploaded.

are you using sessions?

i'm not sure about your problem, but you need to move session_start() to the first line.

should i use mysql_real_escape_string() for information drawn from a session? edit: ALSO, the url would be something like test.php?blah=40 and then i get put the "40" in a variable. Do i ned to use the escape string on that too even though it won't go into my database?

get rid of those spaces in between the ' and the . make it this blah'.$feeback.'blahdsfdsfas

this is my entire logout.php script <?php session_start(); $id = $_SESSION['id']; connect to db. mysql_query("UPDATE `users` SET `online_now` = 'no' WHERE `id`='{$id}' ") or die(mysql_error()); session_destroy(); echo "<meta http-equiv='refresh' content='0;url=http://localhost/index.php?source=logged_out'>"; ?> now obviously its extremely simple, but its works.

are you trying to get the log.txt file in the directory before logs? if so, turn this: $hFile = fopen( "./logs/log.txt", "a+" ); into this: $hFile = fopen( "../logs/log.txt", "a+" );

edit mistakes... up.

hahaha. sorry. The (hack) then talking about google got me kinda thinking... so anyways, i think you may be "over-logic-ing" all this. i'm fairly certain there are simple html tags to turn crawlers away.

i don;'t thin kthis will matter, but try it... $query = "UPDATE `uploads_content` SET `first_name` = '$first_name', `email` = '$email', `city` = '$city', `state` = '$state', `link` = '$link', `story` = '$story', `approved` = '0' WHERE `id` = '$id' ";

$String = $_POST["message"]; echo '<table><tr><td>'; echo $String; echo '</td></tr></table>';

i don't get what you are trying to do... are you trying to hack into something? trying to mess with google? I'll pass. They made a few BILLION dollars in profit last quarter... lets just say they've been spending an extra buck or two on prosecuting hackers.

go back to the scipt that was the form that users entered info into. check to see the name of the text field of "thanks" matches "5"

try this $String = $_POST["message"]; echo '<table><tr><td>'.$String.'</td></tr></table>';

ohhh alright. thanks. gosh i love this forum!

i've got a question also... the link you provided shows this example on the page <? $query = sprintf("INSERT INTO products (`name`, `description`, `user_id`) VALUES ('%s', '%s', %d)", mysql_real_escape_string($product_name, $link), mysql_real_escape_string($product_description, $link), $_POST['user_id']); mysql_query($query, $link); ?> what is the %s and %d mean?????

on WHERE 'id'= '$id' change it to `id` = '{$id}'

i;m not quite sure. try doing this $x = your array if($ip == $x){ blah }

ok. thanks. my fault . BUT, i want it to display the code, just not activate it (does that make sense?)... what do i need to add on this?

if($ip == whatever you want){ carry out this action }

ok this must be something with the way my php is set up. according to http://us3.php.net/manual/en/function.strip-tags.php when i put in <?php $text = '<p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>'; echo strip_tags($text); echo "\n"; // Allow <p> and <a> echo strip_tags($text, '<p><a>'); ?> i should get: Test paragraph. Other text <p>Test paragraph.</p> <a href="#fragment">Other text</a> But instead it doesn't.. it double spaces the "test paragraph" and then puts "other text" in a link.

ok so i'm doing this (code below) and its not working. "Test" is coming up as font size 6 <font size=1> <? $text = '<font size= 6>Test'; $text1 = strip_tags($text); echo $text1; ?>

i don't know if my magic quotes are on or off. Is there a test i can run to see, or where can i change it?

well... if i clean it up BEFORE it ever goes into the database, won't that solve the security issue?