teynon

Just to add to some additional importance to the XSS vulnerabilities other users were discussing, visit: http://cwe.mitre.org/top25/index.html#CWE-79

Define not working.

You should include more detail such as what it's doing instead of what you expected it to do.

Ok, this thread seems like it will never end given the current situation. You need to clearly define your problem. Your first post referenced error messages and when you were replied to, you pretty much changed what the entire question was about. I can say a few things about your code, though. 1) Yes, you should not be using the meta redirect in your login script. echo "<meta http-equiv='refresh' content='0;URL=index.php'>"; Instead, you should use a header redirect. header("Location: index.php"); die(); 2) Administrative functions should be separated and blocked, as Christian has stated. You need to read up on PHP login systems and read up on login security. It's likely that given your experience (based on the code posted), that you will have multiple security vulnerabilities straight from the start. I can already identify multiple major security vulnerabilities like SQL Injection. So the best solution for you is to read up. Secondly, this is a school project, so I think the best way for you to learn is to just try and do it. It might seem harsh, but the best way for you to learn how to do it is to try it. https://www.google.com/webhp?q=PHP+login+tutorial

Then you should focus on fixing the script that is inputting those phone numbers.

I would focus on normalizing your database first. You could try to run an update query to normalize what you have. UPDATE phonetable SET phone = CONCAT(substring(phone, 0, 3), substring(phone, 4, 3), substring(phone, 8, 4)) WHERE tblid IN (SELECT tblid FROM phonetable WHERE phone LIKE '___-___-____') I haven't tested the above query, you should create a backup table and run those queries in a test environment first. There may be better ways of normalizing the database, but off the top of my head, the one above might work.

It looks like your trying to fool your own website into accepting a submit option because you don't know where the form submission handler is. You should look for the PHP handling of the form and change that portion. I'm actually quite surprised that $('zip').submit() works since it should probably be $('#zip').submit(). You can change the name of an input, but I don't think that's you're best option. If you are dead set on changing the name, jQuery has the .prop method. $('item').prop('name', 'Not the best solution');

You are going to need to use an AJAX request and use the results to build your select. Here is a quick random google'd ajax jquery tutorial:http://www.php4every1.com/tutorials/jquery-ajax-tutorial/ You'll need to build the select and append it the way you are doing now. Only difference being that you are using an ajax request.

Definitely your other script is the problem. You are including the image as a "name" for the checkbox. You'll need to post or fix the other script.

To further explain KevinM1's answer. An if statement uses boolean logic. Here is an example of some boolean logic: true AND false = false true OR false = true (true or false) && true = true In your if statement, you are passing two individual booleans in that statement. if($keyword == "balance"||"BALANCE") // breaks down into: if (($keyword == "balance") || "BALANCE") if $keyword == "balance" works as you expect, but the second part is just checking a static string's value. PHP considers a non empty string to be TRUE in boolean logic, so what you've actually written is this: if ($keywords == "balance" || true) So as KevinM1 said, you need to change all your if statements to be if ($keyword == "monkeys" || $keyword == "MONKEYS") { You could also try something like this: if (strtolower($keyword) == "monkeys") This would make matching the string case insensitive.

Additionally, it looks like your submitting your form from a javascript function. You should probably look through your javascript function because it is probably failing in IE. I also believe that in IE if a form is submitted by javascript and not the direct action of the submit button, that the submit button is not sent with the post variables. Adding my fix above will resolve that as well.

The problem with checking a button on a post is that if the user submitted the form by means of an enter key, then the button won't be submitted. Try creating a hidden element in the form. <input type="hidden" name="formSubmitted" value="1"> Then, run your isset check on that variable. It's just a flag for your code to know that the form has been submitted. if (isset($_POST['formSubmitted'))

WIthout looking at your table, you could probably do this with two queries. 1) SELECT count(*) FROM deltager WHERE gjest1 IS NOT NULL 2) SELECT COUNT(*) FROM deltager WHERE gjest2 IS NOT NULL You could join them together into a single query as well. SELECT count(*) AS count1, (SELECT count(*) FROM deltager WHERE gjest2 IS NOT NULL) AS count2 FROM deltager WHERE gjest1 IS NOT NULL You could also use a union and return the results on separate rows. I don't know what your database looks like though. If you have numerical values and you litterally want a total of the numbers in those rows, you could use sum in a simplified query SELECT sum(gjest1), sum(gjest2) FROM deltager

You could run a foreach loop. (http://php.net/manual/en/mysqli-stmt.execute.php) $query->bindParams("iii", $param1, $param2, $param3); $query->execute(); foreach ($insertVals as $values) { $param1 = $values[0]; $param2 = $values[1]; $param3 = $values[2]; $query->execute(); }

http://coding.smashingmagazine.com/2011/11/30/a-guide-to-php-error-messages-for-designers/ Read this before you post about error messages.

You can use a long conditional or a CASE: UPDATE `subjecttaken` SET `Remarks` = IF (`Grade` = 'INC', 'INCOMPLETE, IF (`Grade` = '75', 'PASSED', IF (`Grade` = '', 'No Grade', IF (`Grade` > 75, 'PASSED', 'FAILED')))) WHERE `SNum` = '$SNum'

I think you are just trying to explode the strings by character? str_split will explode a string into an array. I think you can just reference a string as an array as well, although I haven't tried it in a while. http://php.net/manual/en/function.str-split.php

$myvar[0]->metadata->rdi

1) Why would I change something that works? 2) What portions are you referring to? If you are referring to the &$'s, I originally set this up because someone was using a PHP4 server and I didn't have any decent DOM's. I pulled in some PHP 5 features, but I don't see any major reason why I should remove the &$'s.

Here's how you could use the original script I posted. Example results at: http://tomsfreelance.com/DOMe/DOM_Import2.php (view the source to view the xml output) <?php require_once("DOMe.php"); $dom = new DOMe(""); $dom->importHTML(file_get_contents("file2.html")); echo $dom->generate(); $users = $dom->getElementsByTagName("users"); $data = array(); foreach ($users as &$userGroup) { $elements = $userGroup->getElementsByTagName("user"); foreach ($elements as $user) { $userGroup->remove($user); } } echo $dom->generate();

I actually just posted something very similar to this See http://forums.phpfreaks.com/topic/275068-extract-data-from-html-table/?do=findComment&comment=1415740

http://www.cheatography.com/davechild/cheat-sheets/regular-expressions/ Look at the right for "." - Any character except newline. Try this: ^([\d\D]*)(<!\-\- PHP: Header End \-\->)([\d\D]*)$

What have you tried? - http://www.whathaveyoutried.com

I set up a basic database and simulated your setup. Change your while to this: while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { having while ($row = mysql_fetch_array($result, MYSQL_ASSOC) or die(mysql_error())) { will always die when the resource runs out. Only use or die(mysql_error()) on an actual query.

I added a function "getElementsByTagName" so you can extract data easier. Here is how you might do it: <?php require_once("DOMe.php"); $dom = new DOMe("div"); $dom->importHTML(file_get_contents("file.html")); echo $dom->generate(); $rows = $dom->getElementsByTagName("tr"); $data = array(); foreach ($rows as $row) { $cells = $row->getElementsByTagName("td"); $cellData = array(); foreach ($cells as $cell) { $cellData[] = $cell->generate(); } $data[] = $cellData; } echo "<pre>" . print_r($data, true) . "</pre>"; Output / example is at http://tomsfreelance.com/DOMe/DOM_Import.php Make sure you get the updated code at http://tomsfreelance.com/DOMe/DOMe.phps