mikesta707

I would suggest filtering what you want using regex. If you are unfamiliar with regex, you can read about it here: http://www.regular-expressions.info/ PHP has built in reegex functions (the preg_xx family of function). You will probably be most interested in preg_match. If you are uncomfortable with regex, you could try parsing the string using PHP's simple string parsing functions (a combination of str_replace, strpos, etc.)

When you create the messages (IE do the actual inserting of the submessages into the database) you will also need to store the message being replied to's ID into the subID column. Now there are various ways to do this, depending on how your message system is set up. What I have done in the past is have a page (called view.php or something) that shows each individual thread. This page would get the current message to be viewed's ID from $_GET (which of course could be passed through a link on the previous page). In the form that allows people to add sub-comments, I simply pass the comments ID (gotten via $_GET) in a hidden field, and in the form processing I store the value of the hidden field. IN your case, you would want to store this value in subID.

Well you are selecting everything from your table... Are you sure you have more than two rows?

are you sure that all of those email forms were filled out? You don't check if all of them are sent, and if some aren't, that will result in a BCC string like my@email.com,other@email.com,,,ISkippedLines@email.com.... which would result in a malformed header and may cause your email to fail

I did a google search and found a post on another forum that may be relevant to your problem of particular note is the following: in laymens terms, this means that PHP normally does stop executing when a user aborts (IE closes the browser or tab) however, the server will only detect this abortion when it tries to send data to the user (and of course fails). Since you didn't post any code, I can't really be of more help, sorry.

It seems that you think that $_SESSION is some type of special variable that has special actions based on what you do. it is like every other array you would use in PHP, the only difference being it is SUPER GLOBAL, and thus available in all scopes at all times, assuming that you use the session start() statement. Its unclear what your asking in the OP. Are you asking if what you posted is valid? Yes it is, but begs the question of where your $product_id and $quantity variable come from. Are they assigned earlier? What is their value? As far as your question to "I don't know what goes in the [] part" what thorpe says is correct. To explain further, that is the key you assign to the value of that particular element in the array. Its the same as any other associative array. You of course want to use relevant values for the keys. Now, back to your original code snippet. Assuming that you want to store the values that the user entered into the product field and quantity field that you post via a form (I will assume the method is post in my example) you could store the values the user entered in session data via $_SESSION['product_id'] = $_POST['product_id']; $_SESSION['quantity'] = $_POST['quantity']; This of course assumes you have a form that the user enters data to. You could also pas these values through $_GET or a cookie or whatever means you choose. But you would have the change the session assignment accordingly. Perhaps if you could give a more concrete example of what you are trying to accomplish with sessions, i can give a more straightforward answer

Do any of you guys have any experience with the Unity software? I decided to check it out since I've always been interested in game development. After doing a tutorial, I was blown away. It makes game creation so easy, and really simplifies alot of the tasks that a pain to do programmatically (like positioning, audio, etc.) I feel kind of cheap since it makes everything so easy, but it does still allow me to get neck deep in code if I want, without having everything get extremely complex in large projects. For anyone interested in game development I would check out Unity. I can tell its definitely not for everyone, as you lose a certain amount of control over certain things, but its definitely worth messing with.

Posting the code would help, but on line 13, there is an include statement. This statement is pointing to a file that isn't there. Find where ever the file "list_.inc.php" is, and change the include path to reflect its correct location.

if you want to set a background image dynamically (IE without a page reload) you will have to use Javascript. With PHP I suppose you could pass a hidden field or something and use that field as a flag to decide whether or not to set a background image.

whats happening is the followign line $x = $_GET['x']; is trying to grab the value of x from the $_GET super global. However, you fail to remember that if you don't pass x in the $_GET superglobal (like when you just load the page, without the ?x=whatever stuff) PHP will still try to grab the value. You should check if its set before you assign it something $x = (isset($_GET['x'])) ? $_GET['x'] : ""; if its not set, $x will be set to the empty string, which will proc your else statement (as intended I assume)

um can you post the line that creates that error? I'm not sure what what i posted has to do with PHP as its just html. and what do you mean by "Have an image come up instead"?

you could use the style attribute <body style="background-color:#4682b4">

Ahh I see. The problem is that you are inside a function, and even though you include the db.php script, the $local_link variable is not in the scope of the function. I suggest simply passing the local_link into the function, but you could also use the global keyword (though I highly advise against it.) EDIT: sorry the above is incorrect, I must have misread your code. As PF said, you are referencing $link. Perhaps it should be $local_link (or vice versa)

Almost. The valid form of the query you posted would be You need to connect each equivalency test with a logical operator (AND or OR). Also, this is just 1 part of managing and building a database. You have to first create the database/populate it with data/ etc.

is it the same error?

The select form named "weeks" is outside of the form tags and thus are not included in the $_POST data that the form submits also, please use code tags when posting code, and dont double post

I dont see anywhere in which you create $local_link. Perhaps you are fogetting the mysql_connect/select_db lines for the local table.

Well we need to know a little more about the system before we can help. How is your database structured?

Glad you got your problem fixed. Marking your topic as solved

Yes, this is very possible and the concept is used by spammers everywhere. Assuming you can do the part that gets the details to check, you can use PHP's Curl library to submit the form with the relevant data. Try reading the following tutorial on submitting forms with Curl: http://www.maheshchari.com/submit-a-form-to-remote-server-with-php-curl/

well firstly, you are echoing $row['artist'] correctly. I don't see any problems there. You could try substituting $row['artist'] for $artistsearch (since they should technically be the same value as that is what you are looking for in your SELECT query). However, if you want to use $row['artist'] you can try debugging the problem with the following steps: print_r your $row array to see its contents (and verify they have the data you expect them too) check your database to make sure that the rows returned have the correct values in the artist column echo or print your $artistsearch variable to verify it has the correct data. A question: When you run this code, what happens? Is $row['artist'] seemingly blank (IE nothing is echoed where it should be echoed)? Is it the wrong artist?

Hmm well what size is it with that code? I don't see any mistakes at first glance. Is there perhaps a style or other html directive somewhere in your code that alters the size of the iframe?

Well you simply check the first index of the string, and compare it to a slash. if it is you are safe to remove it if (!empty($variable) && $variable[0] == "/"){//check if its empty first to avoid possible error substr($variable, 1); }

You are missing the closing brace for the following if statement: if ($_SERVER['REQUEST_METHOD'] == 'GET' and elseof($_GET) == 0){ I'm not sure where you mean to end this if statement's code block, but where ever it should end you need to insert the closing bracket

To answer your other question about injections, you don't use a database of any kind, so you don't need to worry about injections. However, if you output the contents of your guest book on a page, you do want to make sure that you convert any html to their respective html entities. You do that some what, but there is a better way. This task is so common that PHP created a built in function for converting html code to its respective entities. its called htmlentities(). You have the right idea with converting < (less than sign) to its entity, but you don't go as far as the htmlentities function (manual entry: http://php.net/manual/en/function.htmlentities.php) also, there is a PHP function for converting new lines into HTML lines breaks called nl2br nl2br: http://php.net/manual/en/function.nl2br.php. //old version $msg = str_replace ("<","<",$msg); $msg = str_replace ("\n","<br>",$msg); $site = str_replace ("<","<",$site); $site = str_replace ("\n","<br>",$site); $email = str_replace ("<","<",$email); $email = str_replace ("\n","<br>",$email); $name = str_replace ("<","<",$name); $name = str_replace ("\n","<br>",$name); //can be replaced by $msg = nl2br(htmlentities($msg)); $site = nl2br(htmlentities($site)); $email = nl2br(htmlentities($email)); $name = nl2br(htmlentities($name)); if you are interested in creating a database (which I suggest you do, as its overall better than using txt files) and want to know how to make variables safe for inserting into queries, I wrote a tutorial on the basics of sanitizing variables. You can read it here: http://wp.me/p1AGMt-22