mikesta707

well, it would help if you showed an actual mysql error change your last line to $result = mysqli_query($dbc, $query) or die('Error querying database ' . mysql_error()); and see what happens.

short tags are basically the php opening tags that look like <? as opposed to long tags which look like <?php. try changing all short opening tags (IE <? ) to long opening tags (IE <?php)

well then try the whole url, as in <?php require('mysite.com/views/'.$controller.'/'.$view.'.php'); ?> and if that doesn't work than the files either don't exist, or don't exist where you think they exist

well, the way your doing it won't really work. I'm not entirely sure, but having a bunch of fields with the same name will result in the last field being the value from $_POST[whatever] (or maybe the first). However, if you change it from <input type="text" name="scorer" /><br /> to <input type="text" name="scorer[]" /><br /> then the scorer post var will be its own array (note the [] at the end of the name) then you simply iterate through the array $scorers = $_POST['scorer']; foreach($scorers as $scorer){ //database insert code here }

are you sure that file exists then? if the views folder is in the same directory as your index.php page, then its going to the right folder... try the whole url, like mysite.com/views/otherfolder/jobs.php

not doing that! but what exactly are you trying to accomplish with this loop. Right now it doesn't seem to be accomplishing anything useful for anyone. What should your loop be doing?

because that is essentially the same exact thing as the first code... your basically doing hey set this variable to this value while this variable has a value do echo that value since you never do anything but echo the value, the while will always be true and thus it becomes an infinite loop

require('/views/layouts/'.$controller.'.php'); the ../ means to go up a folder I believe

<html> <?php .... elaboration here .... header('Location: path/to/file.php'); ?>

well if you are going to preform math on count, you want to it be an integer, not a string (which it currently is) so change $count = "0"; to $count = 0; you can also change $count = $count + 1; to $count++; its a little easier but i doubt that has anything to do with your error

because, since you assigned the value of scorer to the variable $scorer, thus making it not empty, your while loop will always run true. you created an endles loop.

jeez 5 of them? but... I don't see them anywhere... where are they?

else if will only not compile when using a colon to define you if statement, like so elseif($a == $b): echo $a." equals ".$b; the following is perfectly fine: if ($a > $b) { echo "a is bigger than b"; } elseif ($a == $b) { echo "a is equal to b"; } else { echo "a is smaller than b"; } while the following will NOT work if($a > $b): echo $a." is greater than ".$b; else if($a == $b): // Will not compile. echo "The above line causes a parse error."; endif; Sorry if i sounded like an ass

you could also use a php header //after form process header('Location: http://www.example.com/'); just make sure there is no output before you call that function, or you will get a header error. Output being any echos, prints, any HTML at all, etc.

Oh, well then put your email script on the confirm.php page, and then you can use the $_POST variables

um.. no else if and elseif are both perfectly fine.

Make sure that y is what you expect it to be. That if statement looks fine to me, assuming that you have correct values for $y. try echoing $y before the if statement and see what it is

well it depends. How do you go from the register page to the mail page?

Only if you apply salt's (as md5 and sha1 both are proven to be decryptable) or if you perform the encryption on the client-side if it passes the wire your a done deal as a man-in-the-middle attack on a none encrypted line (http) will make it easy for a hacker to just grab the password. ahh yes truth, but someone already mentioned salts so I assumed he already assumed to use salts. crackers hackers tomatoe potatoe, I'm not one for techniqualities

if ($y <= 100)

well unless you take the information from that page and pass it to the mailing page also, there is no way that you can access the form's data on the mail page

Is that the page that the form data submits to? if so just add it in there like //why so many e's at the end of your variable? $messageee .= "<br>If you need assistance with your login information please contact Daniel Garvin at danielg@fleco.com"; $messageee .= "<br><br>"; $messageee .= "<br>Regards, <br>Texas Fluorescents<br />"; $messageee .= "form data: <br />Username:".$_POST['Username']." etc."; $messageee .= "</body></html>";

I'm pretty sure htmlentities is the same as specialchars, but does more, so I would use htmlentities instead. basically htmlentities will take the input string, and turn any html that the user has put there into html entities (so instead of the html executing on the page, it will just show up on the page.) Basically the reason if I write <a href="whatever">taco</a> instead of seeing a link named taco, you see the HTML itself. This is a must if you have any sort of user input system (IE forums, comments, etc.) encrypting your passwords is a very good idea, as encrypted passwords are far harder to crack than non-encrypted passwords. Making your site "impenetrable" will be difficult because website security goes well beyond just PHP, but with these tips you can make your site pretty much safe from most SQL injection hackers. Most sites still have vulnerabilites (even bank websites) but those vulnerabilities are so small that no one but the best "hackers" can usually exploit them. As long as you always sanitize whatever the user gives you, you should generally be fine

I told you, you are using the array_walk function completely wrong array_walk('fmessage', array_keys($_POST), array_values($_POST) array walks parameters go as so bool array_walk ( array &$array , callback $funcname [, mixed $userdata ] ) you need to pass an array into the array walk function. I don't even know why you are using that function to be completely honest. Would you care to elaborate what you are trying to accomplish with this function?

Yeah you will probably want to have 2 different session variables, 1 for if they are logged in, and a second for their user id if they are logged in.