Pikachu2000

$sql = "SELECT id, category, bilde, title FROM oppskrift_table WHERE category = 'Appetizers & Beverages' ORDER BY title ";

The form field name= values look backwards to me. Just sayin' . . .

Hahaha. Yeah, I'm around again. Probably not nearly as much as I used to be, but who knows? My poor Stars didn't do so well today . . .

Look at the opening php tag for the require_once() in template.php. Notice anything missing?

If you're saying you have bar stored in a variable without the double quotes and want to echo it with quotes: $foo = 'bar'; echo '"' . $foo . '"';

The only validation you have is probably the Javascript for the form, which is pretty much useless as an actual validation method. Spambots and pretty much anyone who knows how to shut off Javascript in their browser can easily bypass it. All user input needs to be validated on the server side. Anything on the client side should be considered to be nothing more than a convenience (or inconvenience in some cases) for the user.

No. You're over-complicating it to death. Just table.field is fine, backticks should never be needed with that syntax. Your initial problem was caused by one of the AS aliases: as out, not a table or field name. Really, your best course of action would be to simply forget about the backticks and use a different field alias; one that isn't a reserved word.

I'm relatively certain you don't need backticks with this syntax: table.field, and if you did use them for whatever reason, it would be `table`.`field` rather than `table.field`

All string type user data should be escaped before being allowed anywhere near a query string. mysql_real_escape_string or mysqli_real_escape_string, depending on whether you use mysql or mysqli extension functions.

'quotes' and `backticks`

Kicken linked the manual page. Did you even bother to look at it?

If phpinfo shows it as off you should be good to go. What are the current symptoms and updated code?

With the code indented and formatted a bit better, it's much easier to see where these problems are: <?php if (isset($_GET['success']) && empty ($_GET['success'])) { echo'You\'ve been registered successfully! Please check your email to activate your account'; } else { if(empty($_POST)=== false && empty($errors) === true) { $register_data = array( 'username' =>$_POST['username]'], 'password' =>$_POST['password]'], 'first_name' =>$_POST['first_name'], 'last_name' =>$_POST['last_name]'], 'email' =>$_POST['email]'], 'email_code' =>md5($_POST['username']+ microtime()) ); register_user($register_data); header('Location: register.php? success'); exit(); } else { if (empty($errors) === false) { echo output_errors($errors); } } ?>

EDIT: The same thing Jessica said follows, but in a long-winded format : ) Using the .= (concatenation) operator appends a value to an already initialized variable. The = (assignment) operator initializes the variable and assigns a value to it. Since register_globals was silently initializing variables with names that correspond to the form field names without your knowledge, your .= operation was concatenating the same value to it again. So to initialize and assign a value to a variable, use the = operator . . . And if you're able to do so, restart Apache so the changes to php.ini take effect immediately.

Post your current code.