Alex

Where is $fedid defined?

Yea, that's one example of user input.

You should use mysql_real_escape_string on all user input that goes into a query, regardless of the type of query.

That doesn't help any. Clearly that area on the site requires some kind of authentication, because when we go there we just get redirected to the home page.

Check out this pagination tutorial by CV: http://www.phpfreaks.com/tutorial/basic-pagination

No, this isn't a data type issue, they're both of type string. Just one is 128 bytes long and the other is 439 bytes long.

Place the PDFs in question outside of the document root, then after authentication load them through PHP.

Their length, apparently.

Actually, inside of double quotes there's no need to put quotes around the array indexes. Edit: @mikesta707: Similarly, if you're using an array inside of double quotes without quotes on the index it's not necessary to use curly brackets. Variables coming from outside sources like forms or the query string will be in $_POST and $_GET superglobals respectively. The only way that these variables would be pre-defined and work without accessing $_POST, $_GET, or $_REQUEST (which is basically a hybrid of $_GET, $_POST and $_COOKIE superglobals) is if register globals was on (which is a security risk, highly discouraged, depreciated as of PHP 5.3.0). Perhaps there were some changes on your server that caused this happen. For timed refreshes you can do this: header('refresh: 5; url=http://www.phpfreaks.com');

I'm gonna assume you mean href (because herf doesn't exist), do you mean something like this: $text = <<<TEXT <a href="/help/index.php">Something</a> Blah Blah Blah <a href="/help/something.php">Something</a> TEXT; $text = preg_replace('~href="([^"]+)~', "href=\"http://www.somesite.com$1", $text); echo $text; Output: <a href="http://www.somesite.com/help/index.php">Something</a> Blah Blah Blah <a href="http://www.somesite.com/help/something.php">Something</a>

So the path to the directory that you want to remove is ../../upload, is that correct? If that path is correct and the problem lies somewhere else I'd suggest putting in debugging echos in varies parts of the code to see exactly what is and what isn't being executed, from that you should be able to determine what's going wrong.

First off, you shouldn't use the ereg functions, they're depreciated. Instead use the PCRE functions. In your case preg_replace. If you show us exactly what needs to be done we can help you with the pattern.

You are defining $file_dir, right? For debugging purposes you should put error_reporting(E_ALL); at the top of your page.

Or set the length of the string inside the first parameter for the for loop to make things look cleaner: for($i = 0, $stringLength = strlen($string); $i < $stringLength ; $i++)

The topic solved mod hasn't been reinstalled since the forum update.

Read the manual.

If your query is returning more than one record you need to create a loop. $info=mysql_query($sql); while($row = mysql_fetch_assoc($info)) { echo $row['award'] . '<br />'; echo $row['aw_year'] . '<br />'; }

Do you mean something like: $arr = Array('A', 'B', 'C'); foreach($arr as $val) { echo $val . "=>" . ord($val) . ":"; } ord chr

When returning the information from the database run it through nl2br before displaying it.

There's a few things that should be corrected. 1. You should never use $_SERVER['PHP_SELF'] for a form action, doing so leaves you vulnerable to XSS attacks. Instead, either type in the name of the file, or leave it blank. Note that the latter will not validate as valid (X)HTML. 2. Currently you're also vulnerable to SQL injections. To correct this escape all user input that will be used in a mysql query with mysql_real_escape_string. 3. Finally, I'm not sure exactly what you're trying to output. You can't just echo the query. Here's an example on how to get a row from the record returned. $info=mysql_query($sql); $row = mysql_fetch_assoc($info); echo $row['some_column_name']; mysql_fetch_assoc

You're missing a ; at the end of this line: $pname=$_GET['pname']

unique is a mysql reserved word. It's suggested that you don't use mysql reserved words for things like columns, tables and such, but if you must use back ticks (`): $query = mysql_query("INSERT INTO `unique` (email) VALUES ('$e')")or die(mysql_error());

Still, you should be using that instead. The reason why it's not working is because you have multiple flaws in your form. First off your method is POSTA, when it should be POST. Additionally your input which is supposed to be named posts is named POST.

You should be using isset. if(!isset($points, $posts, $user_uname))

http://dev.mysql.com/doc/refman/5.1/en/reserved-words.html http://php.net/manual/en/reserved.php