jdock1

Yes I am. Thats what I need inserted in the database. I need to be able to add offers through a database and echo out the results so I can order them & easily delete them. Instead of putting it all on a static page. Its just so much easier. I need to insert the code through a form.

Yes sorry here it is & yeah it does only contact 1 field <?php $offer = $_POST['offer']; $query = "INSERT INTO offers VALUES ('$offer')"; ?> <b><a href="http://site.com/admin/template.txt" target="_new">Current offer template</a></b> <form action="" method="post"> <textarea name="offer" cols="50" rows="15"></textarea> <br><br> <input type="submit" value="Insert" name="insert" /> </form> </font> <?php if ($_POST['insert'] == "Insert") { mysql_query($query,$link); echo mysql_errno($link); #echo "<br><font size='5' color='#00CC00'>Offer successfully added.</font><br>"; } ?> & I am only getting the error output as "1064". Idk any other mysql error tracking code on the top of my head so I just use that but like I said when I do it without the php code I get 0 & it inserts in the database succesfully thanks!

$query = "INSERT INTO offers VALUES ('$offer')"; I dont think this would be the problem? Its a simple insert. Idk I am inserting it through a textarea , which is where I get $offer from $_POST

Im building a list of offers and adding them to a table in a database. Pretty much all it is is HTML. Im inserting an ahref link that has a php echo in it. So it looks like this: <div class="offerlinks"><a href="http://website.com/offer/blahblah&blah=blah&sid=<?php echo $_SESSION['uid'];?>">Offer name</a><br><b>Info:</b> Signup<br><b>Value</b> 1 pt</div> When I insert this (through my form) I get mysql error 1064 which is syntax error. I tested it without the php & it gives me 0, which worked fine. I need the php code so I can append userid to the SID var. Am I doing something wrong? Well I guess I obviously am so the real question is what am I doing wrong & how could I do it the right way? Thanks guys

But can anyone explain the actual problem to me?I would love to know I have been searching for ever. & I have read that post. Over, and over, and over again. I dont get what I am doing wrong. Its pissing me off!

So, using this code will set the cookie? & If cookie is set, will do header redirect? Idk why Im asking. Im gonna try it, thanks! But in case it doesnt Id like to know. Thanks

Ok I have NEVER had problem like this before. First of all, I am not that great with cookies or headers. But I know how to set cookies & sessions & how to use them. Any way, this is the most important feature & page on my app. Its for the register page, it sets a cookie that is needed to prevent fraud. I did the development of this script on my local server & this is my first time testing it on a real server. My issue is, I keep getting the damn headers already sent error; Warning: Cannot modify header information - headers already sent by (output started at /../../..//mysite.com/admin/includes/linkmysql.php:2) in /../../../mysite.com/reg.php on line 36 I literally tried everything. I completely rewrote the page to work around this. I cannot stress enough how important this cookie is. I dont udnerstand. The php is b4 all the html, etc etc. There should be no other "headers being sent". Heres the code; <?php require_once 'is_email.php'; $result = is_email(@$email, true, true); if (isset($_POST['register_clicked']) && $_POST['register_clicked']==1) { $uname = $_POST['uname']; $upasswd = $_POST['passwd']; $email = $_POST['email']; if (!(strlen($uname) > 0 && strlen($uname) < 31)) echo '<td colspan="3" align="center" class="FormError"> USERNAME length must be between 1 and 30! </td>'; else if (!(strlen($upasswd) > 0 && strlen($upasswd) < 41)) echo '<td colspan="3" align="center" class="FormError"> PASSWORD length must be between 1 and 30! </td>'; else if ($upasswd != $_POST['passwdconf']) echo '<td colspan="3" align="center" class="FormError"> PASSWORD doesn\'t match! </td>'; else if (!is_email($email)) echo "<td colspan='3' align='center' class='FormError'>{$email} is not a valid email address! (result code $result)</td>"; else { include_once('admin/includes/linkmysql.php'); include('admin/includes/func.php'); if (!newuser($uname, $upasswd, $email)) echo "<td colspan='3' align='center' class='FormError'>Username already in use!</td>"; else { echo '<strong><font color="black">Registration Completed!</font></strong>'; $value = "no-delete"; setcookie("Muffins", $value, mktime (0, 0, 0, 12, 31, 2015)); #if (isset($_POST['autologin'])) #{ add_login($uname); $_SESSION['login_name'] = $uname; ?> <!--<script language="javascript" type="text/javascript"> window.location.href = "index.php?a=home"; </script> --> <?php } } } ?> <?php if (isset($_COOKIE['Muffins'])) { Header ('Location: http://mysite.com/index.php?a=noreg'); } ?> line 36 is obviously the line with the setcookie. I have no idea why it is referencing the include file, it has two lines of code that defines the mysql connections. This code is at the top of the page, before all the HTML etc. NO reason why it should be giving me header errors rigght!?? Im having the same issue with another page. I ban users thru setting a value in a mysql table, when the "system" notices the ban value is set, it redirects them to an account banned page using a header. BUT ITS THE SAME ******** THING!!!!! NEVER in my YEARS of coding have I ran into such AN ANNOYING & SENSELESS ISSUE! Sorry I am just SO frustrated, due to this I have not worked on this in days I pretty much gave up. I cannot launch this site that I have been working on for years without this working. THANK YOU FOR ALL YOUR HELP!!! Much appreciated.

Ah! You got it. That works for me. Thank you guys alot for the help. This is also good for me. Thank you for your code & taking the time to create this. I incorporated everything you guys suggested & I have it up & working now!!

The absolute best email validation solution atleast in my opinion is is_email http://code.google.com/p/isemail/ I incorporate it into all of my sites. It verifys addresses against all RFC codes

Wow, thank you I appreciate the info. But I think this is way to advanced for me! I am pretty good with PHP but with SQL Im still learning. I cant even think of a way to do this. So I already have a table userinfo that has the all of the members information, userid, email, pass, etc etc. Im wondering if I can maybe add a value in that table called something like "msgdata" , with a value of 0 or 1. Default is 0, then when the user clicks the "x" in the message it will execute a query to update msgdata to 1. When its set to 1, the message dissapears. Thats probably the easiest way for me. I just need to think of how to implement this with PHP. I just remembered that if I issue a new message the user wont see it then if its set to 1. Now idk! Somehow implement a message ID like you suggested? Like I said, Im just having trouble thinking of how I can code all of this up. Im going to try

So will that actually set the cookie though?

Yeah i Yeah im sorry im terrible with words & explaining stuff. I would like for the user to be able to click an x or a link that says close or whatever, so it wont show up in his account, but will still be available to other users that have not closed it out. I think the way Im even going about it is shoddy. Like I said, I created a page where I edit the message in HTML thru a textarea, its saved in a database table, then from there I made an include page that fetches the value from the database & echos it. I then put the include code in the index page. Make sense? lol... So what would you think the best way to go about this would be?

I know php can do pretty much everything, so Im trying to think up a way to set a "global message" on my homepage. So far, I coded a page where I can set & edit the message. The message is stored in a database, where I "fetch" & echo on the index page. So thats up & working. Now what I want to do is make it delete-able by the user. There will be an x or close link on it, & it will erase the message when hes logged in. I was thinking Id have to use a cookie for this but I cant think up anyway to make it hide when the member closes it out?

I just did a huge import from an app I have been working on. No issues except for this. I uploaded & imported all files & databases from my wampserver (localhost, local server) to my main online server. Before I continue with the problem, I have to give you info on how the files work. I am using a "controller" to view the files. Meaning, from index.php, I call all the files. For example, instead of mysite.com/register.php, its mysite.com/index.php?page=register. The index defines the doctype & html tags etc. The other files that are called through index.php are just pure php code, it does not contain the head & body tags etc. So, the issue is , when the surfer submits a form, i need to set a cookie. this cookie is VERY important. I cannot get it to work. I am getting the header warnings after submit Of course, this is to be expected. But I tried it on my local server, & it worked. I am not very familiar with cookies, this is a side of PHP i never really even touched. I know almost everything but that. So the php code is before the html code on the page, so I figured it was worth a shot. Im guessing the problem here is, since the code being outputted as index.php code + the form page code. So the cookie is being set after the html tags. How can I fix this? I need it to work thru the controller. I cannot just make it a single file, all files on the site needs to be thru this controller, otherwise it will mess everything up. Ino I could just add the code from index.php plus the form page code & just run the php code before all of the html tags, but like I said it has to be called thru index.php. I appreciate your replies, & I hope you guys dont think im an idiot & can understand my question, im terrible with words!

Omg wow I am so dumb. Thank you so much for clearing that up for me! I swear if I would just stop and think a little longer my post count on this site would be cut in more than half!

Ok, now im trying to include files from another directory, but its not finding the files. Please see my code: $includes = array('login.php','/controller/register.php','abc.php','admin/inc/links.php','admin/inc/gFunctions.php'); // a list of the permitted include files that this index.php file may include. You could also build this array from a glob() statement executed against a specific folder holding the include files $page = isset($_GET['page']) ? strtolower($_GET['page']) . '.php' : ''; if(in_array($a,$includes)){ include_once('./' . $page); // the leading './' prevents php from searching the include path to find and include the file } else { include_once("home.php"); } In this test, I made a folder "controller" to put the include files in. I put register.php in the controller directory. When I went to the URL, it didnt do anything, acting like it couldnt find it. How could I set it up so I can put the include files into another folder & put them in an array to view them from the index page? Sorry for my stupidity, I code alot and sometimes after so long I just get a block. Also, I have includes in other pages, such as for example register.php. Once I started to use that code, I was getting errors when trying to register. It doesnt seem that it is including the files for register.php, or any page for that matter. Thats why in the code above you see "admin/inc/gFunctions.php", etc. I figured I just have to include them from the index file. Im sure thats all I have to do, but I just need to know how to include to another folder on my server. Thank you so much for all your help! I really appreciate it. I hope you understand what Im trying to do. I am terrible at words and explaining my coding controversies!

Oh yeah that would work lol see I cant believe I didn't think of that.

Ok now I have another question. I have to require users to view pages through index.php. Otherwise, if they figure it out & go to the default page (for example, index.php?page=news, they would go to mysite.com/news.php) it displays the page, a very messed up version of the page (filesare not literal & defined in index.php). I cannot allow users to go to the default php file. How can I restirct this!? I cant believe I didint even think of this either, its just as important! Thank you! Respect.

Wow guys thank you so much. I havent tested it yet but it looks like it will work. See, I belive I would still be considered a "novice" php programmer to the PHP world, but I can do almost anything with php and build pretty complex dynamic applications, but im still at the point where I cant think of solutions to anything, but when I see an example I can build from it and make use of it. I can definitely make this work. I really appreciate the replies! Still definitely open to more suggestions, theres no such thing as being to secure

When I first started the code on my application a few years ago, I was still starting out and didnt realize how dumb it was to use this. I wanted my site to display pages dynamically through index.php (like index.php?page=help or index.php?page=contact) So I used this code if (isset($_GET['page'])) { include_once($_GET[' .".php"); } else include_once("home.php"); include_once("footer.php"); So for any php file I have on my webserver, I can call it through index.php. For example, if I had uploaded news.php, I could view it through http://mysite/index.php?page=news I realized this huge security flaw a while ago, but continued work anyway thinking it would be an easy fix, but nothing ive tried is working and I cant find any help online. Anyway, I need to use this. I have over 100 pages coded up already. The index.php page has important functions & other code as well as all of the css. All the other php files that need to be viewed through index.php is not relative to any of the css and include files. In other words, I would have to edit every single file to include code from index.php to that file. This is a very serious security flaw. I did alot of tests and its very vulnerable, I can access the admin side of the application and even secret server files using path traversal hacks (../../) etc. How can I fix this? So if someone were to enter a non existent php page, (mysite.com/index.php?page=nonexistent) it would redirect them elsewhere so they don't see the php error messages , and most importantly, disallow them from viewing any other page such as secret admin files (mysite.com/index.php?page=/admin/includes/functions.php) ? The best way to do this for me would probably be by setting up allowed pages, and if someone goes to a URL that is not on the allowed list, display a 404 or redirect them elsewhere. Is this possible? Please help! I did my research, I can't find anything that helps me out. I am extremely upset idk what to do. I really want to cry because I cant fix it! I put so much time and work into this application. If I cant fix this, years of hard coding went to waste. I would never release this application to the public with such security flaws. After I get this fixed, im going to consult with a security specialist to try anything they can to hack it & secure it. I do not have the money for it at this time though, otherwise I would just hire them to fix this for me. Thank you!!!! I really appreciate & respect any replies!

Hmm im not sure I really understand the code. Would it work like this? $query = "SELECT count(*) as countof FROM mytable WHERE ip = '{$_SERVER['REMOTE_ADDR']}'"; mysql_query($link,$query); if ($query) { echo "Duplicate IP"; } So my understanding is that query is looking for the same IP in the table already? If thats so, then my code is valid, if that query is true & it found a matching IP, it echos the error? Also, I have been thinking about that. Do alot ISPs issue the same IP? How common is that? & what do you mean by nat'd? Sorry for all the questions! Thanks for your reply& advice!

Damn.. yea good points. When you mentioned the java applet at first I thought good idea, but that would be so dumb. No one is going to want to install that, as soon as they see that they would think "virus". And there would be wayyyyy to many compatibility issues. Im not going to code real far into this, Im just going to make a database of ips, match them on new signups and set cookies. Therefore if the user is using a proxy, the cookie will still block access to a new reg. Of course they can just delete it, but I need to have some security, so people don't think they can just register a new account anytime. Im also going to implement user logging, which when a user requests a cashout, im going to monitor all of the ip addresses & activity on the account to screen for fraud. Thanks for the advice.

Basically what im doing is trying to check if a new users ip exists in the database, if so theup.n it will prevent the account signup. I already have a table with the ip lists, but I need to match them, to see if it already exists. Surely theres a way to do this? I already did my research, so please, don't " " me! Thanks guys!!!!

Anybody got any suggesstions?

I know that. Thats why Im asking what the best way to go about it is. Im not saying block all proxys, but try to beat somebody who changed their ip addy for the purpose of regging a new account.