mrMarcus

Help us/me to help you. I asked you if when you view the page course of your form, does your form action have the desired value for the id parameter? E.g <form action="editphp.php?id=<?php echo $row['id']; ?>" method="POST"> // is $row['id'] supplying an expected value when you view the browser source code?

$_GET['id'] will still be retrievable. @ryan1234 - if you view the page source of your form is id= populated with the expected value/id ($row['id'])?

Post your form please. EDIT: When you say it "sends the id like this: update.php?id=.........." does id= actually have an id appended to it as a value? E.g. update.php?id=12345 Posting a series of dots is not helpful. Do you have an `id` column in the table? Are you sure?

There are several ways to approach this that would *work*; however, the one that makes the most sense is to have "Open" as the default value for the `status` column in the `unbanappeal` table. That way, any time an appeal is submitted, it is automatically an "open" ticket. Then, once the issue/ticket has been closed (or whatever you do with it), you can then update the `status` to "Closed". That is your best bet. To address your current method, naturally all records would update based on your UPDATE query. You are not specifying a specific record. For future reference, use mysql_insert_id() (however, the method you are currently using is not recommended; use the method I posted already): $query = mysql_query("INSERT INTO unbanappeal (username, email, topic, banned_you, ban_reason, unban_reason, ticket_id) VALUES ('$username','$email', '$topic','$banned','$banned_for','$why_unban','$ticket_id')") or die(mysql_error()); $insert_id = mysql_insert_id(); $set = mysql_query("UPDATE unbanappeal SET status = 'Open' WHERE `id` = ". $insert_id); That is dependent on you having an ID column of sorts with AUTO INCREMENT. Another method would be to add the "Open" value to the INSERT query: $query = mysql_query("INSERT INTO unbanappeal (username, email, topic, banned_you, ban_reason, unban_reason, ticket_id, status) VALUES ('$username','$email', '$topic','$banned','$banned_for','$why_unban','$ticket_id','Open')") or die(mysql_error()); Again, use first method with default value for `status` column.

$sql = "INSERT INTO subcategories (subcat_name, subcat_cat, subcat_description) VALUES('" . mysql_real_escape_string($_POST['subcat_name']) . "', NOW(), " . mysql_real_escape_string($_POST['subcat_cat']) . " " . mysql_real_escape_string($_POST['subcat_description']) . " )"; Your original error message is related to not having $_POST['subcat_cat'] and/or $_POST['subcat_description'] wrapped with single-quotes. Since I don't know the field type of each, I can only assume that `subcat_description` is string while `subcat_cat` may or may not be numeric. TO be on the safe side, I'm going to assume it's string, too. Try this: $sql = "INSERT INTO subcategories ( `subcat_name`, `subcat_cat`, `subcat_description` ) VALUES( '" . mysql_real_escape_string($_POST['subcat_name']) . "', '" . mysql_real_escape_string($_POST['subcat_cat']) . "', '" . mysql_real_escape_string($_POST['subcat_description']) . "' )";

if ($_POST['one'] == 6) { echo 'Correct'; } else { echo 'Incorrect'; }

The user 'abcb_showrooms' does not have permission to use DELETE. You need to grant that user the proper permissions.

You don't have an `id` field in your `login` table. So... $_SESSION["userid"]=$row["id"]; Is not populating $_SESSION['userid'] with anything. So... if ($_SESSION["userid"]=="") { header ('Location: incorrect_login.php'); } With always return true.

Noticed typo in my code above... This line: if (($_POST['start_time'] - $now) < $seconds) { Should be: if (($now - $_POST['start_time']) < $seconds) { And: if (isset($_POST['submit'])) { Is relying on a submit button/input field with the name "submit".

People hate CAPTCHA's. They are annoying and slow down a process. On top of that, captcha's can be bypassed now by spam-bots. For beating bots, you can try some simple, yet highly effective, tactics. First, you need to understand the mindset of a bot: 1. Its all about spamming as many forms on as many sites as quickly as possible. The bot hits your site, locates any/all forms, and goes to work autopopulating any/all fields it can find. All of this within seconds (at most; and depending on how fast your HTML is rendered). Keeping that in mind, using a timer within the page/form to detect how quickly your form was submitted from time of page load is highly effective (actually, since I have implemented this tactic on several of my sites, all spam activity has been eliminated 100%). session_start(); $_SESSION['start_time'] = time(); if (isset($_POST['submit'])) { if (ctype_digit($_POST['start_time'])) { $now = time(); $seconds = 5; // this is the number of minimum seconds that must pass before the user can submit the form; change to whatever value is appropriate for your form, ie. if it takes approx 60 seconds to fill out your form, then increase this number accordingly. Remember that a bot will fill out the form as quickly as possible (talking near instantly) if (($_POST['start_time'] - $now) < $seconds) { // form submitted too quickly; do not allow processing } else { // OK; continue with processing } } else { // bot changed value of 'start_time'; stop processing } } <form action="" method="post"> <input type="hidden" name="start_time" value="<?php echo $_SESSION['start_time']; ?>"/> ... </form> 2. Bots will typically attempt to fill out any and all form inputs/textareas, etc. You can place a hidden <textarea name="info" style="display:none"></textarea> within your form to attract bots. Then, within your processing code, check to see if there is a value within this textarea. Since it is hidden to the user, there should be no value. If there is, then you know it was a bot that entered that value. Now, there are certain e-readers and such that might display this hidden field (devices for the visually impaired that will read all inputs out to the user), so you will want to ensure they don't get caught in a loop hole with text advising them not to enter any values within that box should it be made available to them.

Think about what it's like for your users then! Instead of resizing a large image using HTML/CSS, create the thumbnail within some sort of photo editor (perhaps even MS Paint?). That will shrink the size of each image dramatically. And that way, if the user wants to view the larger version of any given image, just create a link on the thumbnail that points to the larger image in question. Don't forget, a lot of people use their smart phones for browsing now and these kinds of issues (excessively large images) can cause them to close their browser.

If you are not including a file, it doesn't just execute anyway. Perhaps you're not understanding how sessions work. Can you post a more complete code, ie. an example page with your included file(s), session_start(), conditions to control user content, etc. Minus any non-relevant code (E.g. CSS, Javascript, etc).

I"m trying to follow what you're talking about, but I just can't. if(isset($_SESSION['user_id'])){ // user is logged in/$_SESSION['user_id'] is set } Once you have created the session variable for 'user_id', simply using that condition above will always return true. Regardless of whether you include your logged_in.php file.

Then it must be wrapped in single quotes: $sql = "SELECT BikeCode,Model,Price FROM Bike WHERE BikeCode = '". $id ."'";

The query is (structurally) fine assuming the `BikeCode` field is numeric. I would recommend you echo the query to ensure you're receiving desired results; however, since you are looping the query, that will make it more difficult. First thing that stuck out to me (that does not necessarily have anything to do with your issue at hand) is that you are looping a query. This should be avoided: foreach ($contents as $id=>$qty) { $sql = 'SELECT BikeCode,Model,Price FROM Bike WHERE BikeCode = '.$id; Revise your code to avoid this. Look into MySQL's "IN" clause, and look to move your query outside of the foreach() loop: $sql = 'SELECT BikeCode,Model,Price FROM Bike WHERE BikeCode IN ('. $several_ids_separated_by_commas .')';

Your concatenation was wrong: <input type="text" name="kat_'. $i .'" id="category"> <input type="text" name="kai_'. $i .'" id="cost"><br />

IE also has an issue where if you hit the "Enter" button instead of clicking the "Submit" button it will not process without a hidden field matching the name of the Submit button. However, I do not see this as being an issue for you as you don't seem to be checking for form submission (that I can see), like so: if (isset($_POST['Submit'])) {

Only issue I can think of off the top of my head involving IE and form submission is when using an image as the submit button: <input type="image"/> Are you using an image as the submit button? IE (not 100% sure about IE9) will send the clicked coords of the button, in which case, you need to check for form submission using _x and/or _y appended to your POSTed button name.

It updates for me. It updates for me at the link you provided.

Is it safe to say that $jodyConnect has been set at some point? I don't see it in your code (should be your mysql_connect())? If you echo $updateSQL, are you getting expected results? Is your script reaching the query? Or is that initial condition failing?

To CC somebody it's just a simple addition to the mail headers: $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=UTF-8\r\n"; $headers .= "From: ".$book_full_name." <".$email_to.">" . "\r\n" . "Reply-To: " . $book_email ."\r\n"; $headers .= "Cc: [email protected]\r\n"; mail($email_to, $subject, $body, $headers);

Are the line breaks NOT being preserved in the database? If you do a simple, straight insert into the db from a textarea box with multiple carriage returns, they should be retained. Then, do a simple output of that record using only nl2br() to ensure that you're setup correctly. <div class='info'>". nl2br($row['info']) ."</div>

You really shouldn't use nl2br() on data being inserted into a database. Preserve the line-breaks on insert, and use nl2br on output.

Are you asking the difference between a <textarea> box and an <input> field? If so, see here.

There is no need to display the password at any time. If a user does not remember their password, you'll need to build a password recovery tool for them. And, assuming you're hashing the password (using md5() or the like), you cannot reverse it. It is a one-way hashing function.