DrFishNips

Ah right I see whats going on here. All rows fit the criteria of 1=1 for some reason so I changed it to id='1000' and got this in other words it works. Thanks again.

I thought that was going to work but it didn't. If I echo the query heres what it says It didn't display any results so I got rid of the id LIKE part and heres what the query says Now that looks like it has it right but for some reason it just displays every single entry in that medicine ailments table. 8 and 18 are ID's of ailments in the DB so the id=18 part is right. Any idea why its displaying all the DB entries instead of just 8 and 18?

Nice one thanks a lot/.

DOUBLE POST

I'm trying to match the ID of entries with strings of text containing many different ID's. For example I have a string with ID's "19 26 126 76 193". Using this query $query = "SELECT * FROM $dbtable WHERE $page LIKE '%$item%' ORDER BY $ord" it detects all the 2 digit ID's eg. it'll display 19, 26, and 76 but it wont display the 3 digit numbers. I've tried everything do I just have to resort to using PHP outside the query?

Ah right. I was actually gonna look up the difference between 1 and 2 = signs today. Thanks a lot.

Sorry heres the PHP http://pastebin.com/mdbf6e98 If there is 1 entry mysql_num_rows says its 1 and if there are 2 it says its 2 etc. the problem only emerges when there are no rows. It says there is 1 for some reason.

I'm getting this error when I use this query SELECT * FROM potg_articles WHERE uploader='$member' ORDER BY id it says Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 28 in /var/www/potg/members/articles.php on line 59 Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 28 in /var/www/potg/members/articles.php on line 60 Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 28 in /var/www/potg/members/articles.php on line 61 Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 28 in /var/www/potg/members/articles.php on line 62 when I echo $num it says 1 but there are no entries in the DB that match the query. Any ideas what might be wrong?

I have a form which when you click the "More" button javascript adds a new row to the table with new input fields. That part works but I have no idea how to get the input into PHP $_POST variables because I don't know what they're called. First off is there any way to know for sure what a javascript created input field is named? Heres the script I'm using <script language="Javascript" type="text/javascript"> function addRow() { // grab the element, i.e. the table your editing, in this we're calling it // 'mySampleTable' and it is reffered to in the table further down on the page // with a unique of id of you guessed it, 'mySampleTable' var tbl = document.getElementById('mySampleTable'); // grab how many rows are in the table var lastRow = tbl.rows.length; // if there's no header row in the table (there should be, code at least one //manually!), then iteration = lastRow + 1 var iteration = lastRow; // creates a new row var row = tbl.insertRow(lastRow); // left cell // insert a cell var cellLeft = row.insertCell(0); // here we're just using numbering the cell, like anything else you don't // have to use this, but i've kinda noticed users tend to like them // takes what we did (create the plain text number) and appends it the cell // we created in the row we created. NEAT! // 2nd cell // another cell! var cellSubstances = row.insertCell(1); // creating an element this time, specifically an input var subs = document.createElement('input'); // a data type of text subs.type = 'text'; // the name of the element txtRow, and because this is dynamic we also // append the row number to it, so for example if this is the eigth row // being created the text box will have the name of txtRow8. super fantastic. subs.name = 'substances' + iteration; // the exact same thing with a unique id subs.id = 'substances' + iteration; // set it to size of 40. setting sizes is good. subs.size = 18; // same thing as earlier, append our element to our freshly and clean cell cellSubstances.appendChild(subs); // Dosage var cellDosage = row.insertCell(2); // create another element, this time a select box var dos = document.createElement('input'); // name it, once again with an iteration (selRow8 using the example above) dos.type = 'text'; dos.name = 'dosage' + iteration; // the exact same thing with a unique id dos.id = 'dosage' + iteration; // set it to size of 40. setting sizes is good. dos.size = 4; cellDosage.appendChild(dos); // mg text var mgText = row.insertCell(3); // Last var cellLast = row.insertCell(4); // create another element, this time a select box // crates options in an array // the Option() function takes the first parameter of what is being displayed // from within the drop down, and the second parameter of the value it is carrying over cellLast.appendChild(but); // append our new element containing new options to our new ce } function removeRow() { // grab the element again! var tbl = document.getElementById('mySampleTable'); // grab the length! var lastRow = tbl.rows.length; // delete the last row if there is more than one row! if (lastRow > 2) tbl.deleteRow(lastRow - 1); } </script> heres the HTML form <table border="0" cellpadding="0" cellspacing="0" id="mySampleTable" width="100%" style="color:ffffff"><tbody> <tr name="first"> <td valign="top">Substance(s): </td> <td valign="top"><input maxlength="30" name="substances" id="substances0" size="18" type="text"></td> <td valign="top"><input maxlength="10" name="dosage0" id="dosage" size="4" type="text"></td> <td valign="top">(mg.)</td> <td valign="top" align="right"><input type="button" value="More" onclick="addRow();" /></td> </td> </tr> </table> and heres the PHP variables $substance0 = mysql_real_escape_string($_POST['substances0']); $dosage0 = mysql_real_escape_string($_POST['dosage0']); $substance1 = $_POST['substances1']; $dosage1 = $_POST['dosage1']; $substance2 = $_POST['substances2']; $dosage2 = $_POST['dosage2']; $dosage0 and $substance0 come from the normal HTML inputs so I can get them into PHP variables but I can't get the 2 extra input fields that javascript added. Heres the webpage http://192.168.1.3/potg/index.php?get=members&page=trip&action=add you'll have to register but it only takes 10 seconds. No email verification or anything like that.

Nice one. Thanks a lot I didn't even know you could use % on text areas. Good old CSS. Can you do that with all form elements?

Yep heres an example http://toxicopoeia.com/plantsofthegods/ On Firefox and Opera that message textarea fits inside the green box. On Galeon its a little too big. If I adjust it so it fits in the green box on Galeon then its too small on Firefox and Opera. If your on Windows I dunno if you can get Galeon. I haven't tried IE yet I'll test it out now. As for screen resolutions 800x600 and lower the page doesn't fit on the screen. Thats not much of a problem though.

My site always changes slightly depending on what browser I'm looking at it with. Some browsers the layout is slightly off and if I change the layout to fit that browser then the layout is off on the other browsers. I was thinking of adding layout variables all over the site which change depending on what browser is detected. I could even do it with screen resolution. Is this the best way to ensure your site can be viewed properly by all browsers and screen resolutions?

Yeah your probably right. Heres the articles page I'm talking about http://toxicopoeia.com/plantsofthegods/index.php?get=members&page=articles&action=add you have to register to be able to upload articles and edit them. It only takes a few seconds though theres no anti bot field or verification email bullshit. Whats best way to escape out dangerous characters is it the addslashes function or mysql_real_escape_string. What I'm trying to do is make this input form immune to SQL injections and other attacks. The form adds an entry to a DB and it also creates a HTML file named id.html in the articles folder the ID being an automatically assigned number (the ID of the new entry).

I only realized how vulnerable my site was after it got hacked. I patched it up by stripped all input variables of everything except A-Z and 0-9. It did the trick but I have script where users can upload articles and edit them so I don't wanna strip that of every symbol. Would preg_replacing all symbols with their corresponding ASCII work? Heres the script I'm using function testvars($var) { $vars = array ( "[!]" => "&#33;", '["]' => '&#34;', "[%]" => "&#37;", "[¥]" => "&#165;" ); I've ran into a few problems already like I can't replace " ' or $ for some reason. Anyone have a better solution?

My sites been hacked a good few times and I think I've finally patched up all the vulnerabilities. I have the whole site backed up so losing datas not a problem. What I'm wondering though is what kind of files might hackers hide in the servers files and how would I find them? What should I do to make sure theres no malicious files or changes left by hackers? I mean in the webservers files. I'm not familiar with managing servers I never touch anything thats not in the WWW folder.