Pikachu2000

My response wasn't aimed at you; I must have had the thread open before you submitted. But honestly, as far as I'm concerned since it can't, with certainty, prevent things from being submitted that shouldn't be submitted, it can't be considered validation. So I guess we'll have to agree to disagree on that point. Anyhow, I haven't seen you around in a while. Good to see you back.

Your <select> field needs a name= attribute, which you would then use to get the value of the <option> from the $_POST array, validate it, and use that value in the delete query.

Again, javascript is not validation. You must do validation on the server side. All javascript can be considered is a convenience to the user when properly implemented, or possibly a large annoyance when improperly implemented. Using htmlentities is fine to help prevent XSS, but you also need to add code server side to prevent submitting the form with required fields left empty and prevent email header injection. The problem is almost never caused by human users, but by spambots, and they don't pay attention to javascript at all.

Your host should have a section in their FAQs about how to properly connect to the database server, but surely you don't want to connect with the http protocol like you're trying to do now.

Excuse me?

That's exactly my point. If it can be disabled by the user, it isn't validation at all.

Javascript is not validation. Validation must be done server-side to be effective. Now, what makes you think you're getting XSS attacks? What is happening/not happening that should not/should happen?

In regard to the question about the href= attribute in your <img and <a tags, the correct way is to provide the full URL. IOW, the way you have it is already the right way.

$_SESSION != $_Session. You should also avoid using short open tags and stick with the full <?php tag syntax.

That should go in the "PHP Coding Help" forum. This particular forum is for help directly related to using this web site.

It should be more like this: //No perms, echo error or forward or something die("You do not have permissions to view this page!"); } if(isset($_POST['submit'])) { //User is loggin in $data = array_map( 'trim', $_POST ); // assuming you don't have a multidimensional $_POST array, otherwise need recursive function list( $data['username'], $data['password'] ) = explode( '-', $_POST['userpass']); if($data['username'] == "" || $data['password'] == "") { header( 'Location: inc/invalidcredentials.php' ) ; }

Um, yeah. It wasn't really meant to be plug and play . . . What is the name= attribute of the form field you're using for the new combined field?

That code is out of date by at least a decade, and is not at all secure. None of the form data is escaped before using it in the db query, there is no reason to use stripslashes() on data from the database except in the case it was improperly inserted to begin with, session_register() has been deprecated since the mid-1800s, I believe . . .

Or you could use list with it to minimize other editing: list( $data['username'], $data['password'] ) = explode( '-', $str); That would keep the same structure in the $data array. They still need to be sanitized/escaped of course.

$array = explode( '-', $_POST['combined_uname_pass_field']); then the username would be in $array[0] and the pass in $array[1]

explode it into two array elements. Of course, neither the username nor password will be able to contain a hyphen . . .

To remove all data from the table: TRUNCATE TABLE tablename

Look at MySQL's SUBSTRING_INDEX() function for that.

Thread locked. I've had enough.

Not to mention that comparing dates in php that are stored in a database is about as efficient as a steam powered light bulb.

That's not the right way to store dates in a database. In fact it's a pretty bad way to do it since you lose the ability to run comparisons on them, as you've undoubtedly noticed. Dates should be stored in YYYY-MM-DD format.

And a new IRC server too!

Have you done anything to verify that's actually what's happening? Like perhaps echoing the query string along with the error?

Have you checked to see if 'Array' is somehow in the database? That would be my first guess. Either that, or it's happening in code other than what you've posted.

Before you go run off and do that, you might want to check GoDaddy's FAQs. I've never had a problem sending mail from one of their hosting servers.