schilly

$query = "SELECT * FROM intheloop ORDER BY priority ASC, priority2 ASC $limit";

you know you could just do this: $online_users = mysql_result(mysql_query("SELECT count(id) FROM characters WHERE online = 1"),0); "id" is your primary key for the table.

anywhere you use sessions, you need to have session_start(); at the top of your file. If you don't call session_start(), none of your session calls will work.

nice thanks roopurt18. I'll check that out next time I need to use curl.

for ($i = 1; $i <= $numQuestions; $i++) { $output .= '<tr> <td align="left" valign="top" border="0"> <p>'.$questions[$i].'</p> <textarea rows="5" cols="53" id="data'.$i.'" name="data'.$i.'">'.$_POST['data'.$i].'</textarea> </td> </tr>'; } echo $output; now you have the output in the variable and echo'd it as well to the browser

well im assuming they're targeting websites and most sites are hosted insided a www dir so all you really need to do is search for the www dir and post htaccess files inside the folders in that dir. i think most servers are set up as /var/www/sites too. i'm assuming brute force through ssh for this but i'm no expert. the logs would tell though. definitely change all your passwords and make sure they are very strong.

couple things: I'd change $_REQUEST to either $_POST or $_GET depending what the vars are. I'm assuming $_POST. I didn't even know that curly brackets worked on arrays. $fields{"Name"} but I would change those to hard brackets $fields["Name"] This may or may not work depending on your mail server: $headers2 = "From: Trevor @ GrowShow/GrowFrame.com"; Put an email address in there: $headers2 = "From: Trevor admin@GrowFrame.com"; Put this at the top of your page: ini_set ("display_errors", "1"); error_reporting(E_ALL); Now use comments and echos to find out exactly where it's breaking. Also is there an extra bracket at the bottom. From your formatting I can't tell what that last bracket is closing. edit: ah good catach mjdamato. couldn't figure out that bracket.

that's definitely outside the apache user access so i would say ssh attack. looks as though they got root access too?

Can someone give me examples on when to use a multi column index vs two single column indexes? thx.

would the master root be outside the working dir of apache and there have to be ssh or ftp?

if you're loading external pages you probably want to use curl. i do anyways for anything external. Also if you switch servers, file_get_contents may not support external urls. by default i'm pretty sure it doesn't. you need to enable the fopen wrappers.

Yikes. That's rough. Did you have an .htaccess file before hand? Did you check the ftp logs? ssh logs? It might not have been through the website.

<?php $user="********"; $password="******"; $database="************"; $title=$_POST['title']; $keywords=$_POST['keywords']; $desc=$_POST['desc']; $category=$_POST['category']; $url=$_POST['url']; mysql_connect("sql313.000space.com",$user,$password); @mysql_select_db($database) or die("Oops! We cannot connect to the database at this time."); $query="INSTERT INTO roms (title,keywords,desc,category,url) VALUES ('$title','$keywords','$desc','$category','$url')"; mysql_query($query) or die("ERROR: $query - " . mysql_error()); mysql_close(); ?> Note your db hostname is quotes. Also you need to define your fields in the INSERT query. Change (title,keywords,desc,category,url) to whatever your fields are name in your table. You don't need to input the id if it is auto incremented. I assumed that was the blank '' you had in your query.

start with this: $mysqlDataAllPub = mysql_query( "SELECT * FROM $DB_ONLINEPUB WHERE `publish` = '1' ORDER BY `name` ASC") or die(mysql_error());

you need to provide mysql_connect with a username and password. see www.php.net/mysql_connect. $link = mysql_connect('localhost',$user,$password);

you could try that. why does your script have to run so long?

i would check your my.cnf file to see if there is a flag in there.

change myPage.html to myPage.php. now in the current script set $myStr = to whatever you want above the include statement. Now in myPage.php change this: <script type="text/javascript">var myVar='<?php echo $myStr; ?>';</script> Now when you include the page it will insert that variable that you set. Make sense?

Are you sure it's the db connection? Is there a max execution time in the mysql config? How are you running this? Won't you hit the PHP max executing time? If you can, it would be much better to do whatever you're doing in batches.

you will need to encode the "&" signs. mailscript thinks it's a separate variable. print_r($_GET); on mailscript.php and you'll see what I'm talking about.

<?php $result = mysql_query($sql) or die(mysql_error()); ?> Is $_GET['id'] and $_GET['member'] set? What is happening on this page? Nothing showing up?

ooops my bad.

if you want to send an html email through the mail() fn you need to format the body differently as you need the proper tags to represent an html email. Quick google search: http://www.webcheatsheet.com/PHP/send_email_text_html_attachment.php Either that way or use PHP Mailer.

probably best to have them fill out an excel sheet, export it to csv then upload it to you. you can either parse it yourself when it's uploaded and call the INSERTs one by one or you can load the file directly into MySQL. If you want to load the file directly into mysql you probably want to read this: http://dev.mysql.com/doc/refman/5.1/en/load-data.html

$i starts at 0 so you will never reach $num.