seanlim

I think PHP tags technically wouldn't matter, as long as the input is always treated as a string and never written to a file to be parsed by PHP again. Even if you had: $content = "<?php /*some evil stuff*/ ?>"; echo $content; it would NOT be parsed by PHP as valid PHP code. However, you would still want to properly escape those while printing the output, e.g. by using htmlentities. If you really do have reason for stripping those PHP tags, you will probably need to use preg_replace. EDIT: well, since you need to allow HTML tags too, htmlentities might not work (which would also escape the html tags). However, any PHP code should still not be parsed by PHP, and will just be sent to the browser and interpreted as invalid HTML markup. The next step you could take would be to validate the input to see if it has a valid HTML syntax.

As its name suggests, you cannot select multiple elements using getElementById. Replace your javascript with this: <script type="text/javascript"><!-- // set your interval in milliseconds var reloadInterval = 5000; // this will run when the document is fully loaded function init() { setTimeout('reload()',reloadInterval); } // this reloads the iframe, and triggers the next reload interval function reload() { var iframes = document.getElementsByTagName('iframe'); if (!iframes) return false; for(var i=0; i<iframes.length; i++) iframes[i].src = iframes[i].src; setTimeout('reload()',reloadInterval); } // load the init() function when the page is fully loaded window.onload = init; --></script>

What do you mean "still no success"? Your code above seems to be able to strip out the unwanted tags in your example. What's your criteria for "success"?

For a start, I think the header redirects need to be of the format: header("Location: /path/to/file.php"); You seem to be missing the "Location: " bit.

I believe this would have to be done by setting the appropriate Content-Disposition header, either with server configurations or, if you are serving the files by PHP, by setting that header field. It will then be up to the browser to display the video using whatever video players are available on the local machine.

If $_POST is giving Array() when no checkbox is selected, simply check for the non-existence of $_POST['delete'] i.e. (!isset($_POST['delete'])) or use the if-else conditional posted above.

I think this would work? if (isset($_POST['delete'])) { // mysql delete code here... } else { echo "Select a checkbox!"; } Print_r doesn't show anything because your condition is testing for the existence of $_POST['delete']. If it doesn't exist, print_r isn't called at all!

1. You would want to use $_POST['...'] in your <input> fields too. 2. Use Content-Type instead of contentType I can't see anything else in your code that could cause the file_get_contents function to return false, apart from the possibility that the server is rejecting the HTTP request and not returning a response. If it still doesn't work, hopefully someone else will be able to spot the problems in your code.

Shouldn't the line in the foreach loop be: $ids[] = $val; If it still doesn't work, output the query string: echo "DELETE FROM photos WHERE img_ID IN (".implode(',',$ids).")";

I think the remaining errors are due to your use of the variables $account, $dob, $site, and $PrizeID. Where are those values defined? Shouldn't you be using $_POST['account'], $_POST['dob'], and $_POST['site'] instead? And is error reporting turned on? If not, turn it on!

You missed out the name attribute for your submit button! Put in name="submit" and you should at least get some visible result (or error)..

Possibly, an invalid HTTP request is being generated. Test this by printing out $context, see if it is formatted correctly. You are also not accessing the POST-ed variables through the global $_POST variable, maybe that's an issue? Or maybe you have omitted that portion of the code...

You probably want to test if the value is in the array of $_GET['no_way']. <select class="postform" name="no_way[]" multiple size="5"> <option <?php if (in_array('all', $no_way)) { ?>selected="selected"<?php }?> value="all">Any</option> <?php foreach ($options_amount as $option) { ?><option <?php if (in_array($option, $no_way)) { ?>selected="selected"<?php }?> value="<?php echo $option; ?>"><?php echo $option; ?></option><?php }?> </select> Try using var_dump($_GET['no_way']) to understand how it is structured.

That's the wrong content type. In http_build_query, you are specifying the content type of your POST request, which is application/x-www-form-urlencoded, not what you are requesting for. The web service will specify the json content-type.

I am assuming that you do not own "somewebservice.com" and therefore do not have access to their service logs, and the log you are referring to that of your own PHP form? I tried running the snippet you provided for attempt 2, and you ARE indeed required to provide a Content-Type for the request. Apart from that, the code works well and is able to properly generate a HTTP POST request and retrieve the appropriate response. If you have already tried adding a Content-Type to your request and it still doesn't work, I am thinking the error lies somewhere else in offer.php. Try something along the lines of exit()-ing with a message within your if condition just to make sure the first POST is successful.

does the request at least appear in the access log now? also (not too sure if it has any effect, but) it should be good to explicitly set the content-type of your http request. i.e. application/x-www-form-urlencoded since you are using http_build_query.

In your second attempt, shouldn't the <form> have method="post" too? Is that why there isn't an entry in your access log?

Yup, it isn't a good idea to include files directly from ANY source of input. If you have to, make sure you validate it and ensure that the filename is "allowed" to be included. You can do this by maintaining an array of allowed files and using the in_array function. On to your actual question, if you want to access the member function of the Page class, you should be able to do so from the included file, as if the contents of the file were within the constructor i.e. $this->setTitle("About Us"); should call the setTitle function.

that will depend on how your log in system works. if you are using sessions, you could store the user id in a session variable and retrieve it using $_SESSION['user_id']

You will have to tie your MySQL query to your PHP code, i.e. insert the currently-logged-in user's id into the MySQL query: SELECT m.memberid, p.memberid, p.uploaded, p.downloaded, p.total_posts, p.invites_left, p.points FROM tsue_members m, tsue_member_profile p WHERE p.memberid=m.memberid AND p.memberid="3"; where the 3 is the user id of the user.

i don't think that is valid MySQL syntax! You will need: $describeQuery="select ProductCode , SUM(SalesVolume) as SalesVolume, Year from MonthlySales WHERE Year=1990 GROUP BY ProductCode, Year";

I'm not exactly sure, but even as a best-practice, it isn't advisable to use == for string comparisons as it might return some unexpected results. http://www.php.net/manual/en/language.operators.comparison.php I would suggest using strcmp for your condition instead of trim($_SESSION['id'])==''

This is possible with PHP, only if you do not mind a page load/form submission in between. PHP is a server-side script; in general, content sent to the user's browser cannot be changed once it is sent. If you do not mind a form submission and the page reloading between the selection of the first box and the "appearance" of the second box, this method would work fine. However, in the second portion of code, you should be writing: if($_POST['Sokval'] == "anställda") { instead (or GET depending on your form submission type), as you are reading from a form submission. If you do not want a form submission between them, i.e. when you select the first box, the second box automatically appears without the page reloading, PHP will not be enough. You will have to look at a client-side language like Javascript.

You can do this either via PHP or MySQL. But since your data is already nicely stored in MySQL, I would suggest using MySQL for this: select ProductCode , SUM(SalesVolume) as SalesVolume, Year from MonthlySales GROUP BY ProductCode, Year Alternatively, if you want a PHP solution for any reason, you could maintain an array of the sales volume by product and year. Then, loop through the values of each row of your query, and add the sales volume for each month to the correct array entry.

How is the data structured? Array of OOP objects in PHP? Rows in MySQL? Assuming the former since this is a PHP forum, you can use usort on the array and define your own function to sort by date. Read the manual for more information about writing a user-defined sort function.