DavidAM

You need to turn on error_reporting() so you can see the errors you are getting. The very first line of your code is <div class="content"> , since that is sent to the browser, you can NOT send any headers after it. The header() call is failing. Move that <DIV> below the end of the IF block so it is only sent if you don't do the INSERT Also, always, ALWAYS add an exit() after a header() call that redirects. Otherwise, PHP continues running your script even though the browser goes off and asks for a new page.

Why return all the rows for the user? Just look to see if the combination exists: $aid = 394; $uip = $_SERVER["REMOTE_ADDR"]; $sql="SELECT COUNT(*) as Allowed FROM allow WHERE uid='$aid' AND ip = '$uip'"; $result=mysql_query($sql); $row = mysql_fetch_row($result); $allowed = ($row['Allowed'] == 1); Fewer steps, so it saves time (lots and lots of nano-seconds)

You can call the file anything you want as long as you use the same name (and extension) in the include. Personally, I would leave it as .php, then if I later decide to put some php code in the file, I don't have to change anything. Besides, you should add comments to the file to remind you of what is there, etc. and using php comments is cleaner since they don't get sent to the browser: <?php /* menu.php - This file outputs the menu ... */?> By the way use full php tags (as in the example above) rather than short tags (like in your example). If you later move to a server that does not support short tags, you will not have to edit every single file in your system to fix the tags.

I'm not sure if you are going to be able to do that with an INPUT of type FILE. The value shown when the user selects a file is the full pathname to the file ON THEIR COMPUTER. The data you get when it posts as the 'name' is just the filename (you do not get the drive and path). If you do echo the name back to the form, it will not necessarily represent the same file since it will not contain a path. I have not tried this, but I suspect that some (if not all) browsers will ignore whatever you provide since it could be ambiguous (at best). After you get the page loaded, look at the page source and see if the value is there in the INPUT element. If it is, then you know you are sending it and the browser is ignoring it. If it is not there, it could mean that the browser is ignoring it completely (and not even including it in the page source). All in all, I don't think you can accomplish what you are trying to do for this type of field. On the other hand, I have never tried it, so I can't say for sure.

The $_SERVER['QUERY_STRING'] is going to contain the entire query string: ?shec-name=A&Submit=Search&submitted=true so you are not going to be able to use it in the switch like you have it. You may want to change each of your "hidden" fields (named "submitted") to return a different value. For instance, the last one could be: <input type="hidden" name="submitted" id="submitted" value="shec-name" /> Then use that in the switch: switch ($_GET['submitted']) {

It looks ok, except the TYPE=myISAM belongs with the CREATE TABLE statement: $sql ="CREATE TABLE members ( id int(6) NOT NULL auto_increment, username varchar(25) NOT NULL default '', password varchar(65) NOT NULL default '', PRIMARY KEY (id) ) TYPE=MyISAM AUTO_INCREMENT=2;";

When the page is first requested, the $_POST[] elements do not exist. They are only there after the user submits the form. Wrap the login stuff in an if statement: if(isset($_POST['username']){ ... } so the code is not executed until the form is submitted.

Only if the INSERT is allowed to succeed. What I am saying is that I should be able to specify a column as NOT NULL with no default. If you perform an INSERT and do not specify a value, the server should try to leave the column NULL and the INSERT should FAIL because the column does not allow NULLs. To me, that provides protection. For instance, say I have a column for LastName and it is a required data element. I want the column set to NOT NULL because a value is required. However, an empty string is NOT a valid last name. There is NO value you can use as a DEFAULT that makes sense. If you are going to require a DEFAULT and use an empty string, then the NOT NULL is almost redundant.

You are close. NOT NULL means the column must have a value DEFAULT '' means if a value is not provided, '' (an empty string) will be assigned to the column Soap Box: I do not understand why mySql insists on having a DEFAULT value for a NOT NULL column. This really defeats the purpose of specifying NOT NULL. I like to have NOT NULL columns, with no DEFAULT so if an attempt is made to insert data without a value, the insert FAILS. As for the Primary Key, it is the main index for the table. This allows quick access to any row if you know the value of its primary key. If you don't put some kind of index on a table, every query will have to read EVERY row in the table to find anything. And as the table gets bigger, the time to do this will take longer; along with the CPU use and memory use. PRIMARY KEYS have to be unique but they can include more than once column if necessary.

Are you sure that is the real and absolute path to the file? You say you can run it from a url; so add a line to echo the file path (echo __FILE__ and see what it really is. Then use that path in the cron job (take that echo statement out of course). If that is the correct filepath, it may be a permissions issue. I'm not sure how your host works. I would guess that the file is owned by you (the login you use to upload files), and cron is running the job as you; and you have read access to the file. So it should work. On a side note, do you really want a cron job accessible as a url? That would mean that anyone with an internet connection can request the file and cause it to be executed. I would think you want the file in a private area so it is only run by your cron job.

unless there is more code that you did not show, you are trying to use the $filename before you assign the value to it. move those $filepath assignments down below the $filename assignment and you should be good to go.

look at the file_get_contents() function (http://us2.php.net/manual/en/function.file-get-contents.php). You can use it to load the db.sql file into a string and send the string to the database. Note: if you are using mysql, the string you send to the database can contain only a single command. So if you have multiple create table statements (or anything else) in the file, you will have to split it up. I usually explode() on the semi-colon, and then walk the resulting array passing each entry to the database.

Your while loop is only producing one OPTION element. It will be the last one from the database. You are overwriting the values on each pass. while($nt1=mysql_fetch_array($result)){ $product_options_open = "<option value=\"$nt1[ProductID]\">"; $row_productType = $nt1['ProductType']; $product_options_close = "</option>\n"; } You might try rearranging the code just a bit to output the OPTIONS directly: echo "<p>\n"; echo "Hold 'Ctrl' to select more than one product\n"; echo "<br />\n"; echo "<select multiple"; echo " "; echo "name="; echo "\"$ProductIDArray$ProductIDArrayBrackets\""; echo " "; echo "id=\"ProductID$propNumber\" size=\"5\">\n"; while($nt1=mysql_fetch_array($result)){ echo "<option value=\"$nt1[ProductID]\">\n"; echo $nt1['ProductType'] . "\n"; echo "</option>\n"; } echo "</select>\n"; echo "</p>\n";

if (! empty($user)) { // We have a value in the user variable } else { // The user variable does not contain a value // You end up here if $user is an empty string (''), // or zero (0), or false, or not set, etc. }

How do you know it is not running? You have redirected the output to /dev/null which means "throw away anything that comes out of this script, I don't want to see it, don't bother showing it to me!". If you are expecting to see the output, you need to remove the "> /dev/null" from the startup script.

are you trying to display the code as in: or are you trying to execute the code so it will show: ? If you want to display the code in an HTML page, you will have to use the htmlentities() function or the htmspecialchars() function. Otherwise, the text is sent to the browser and the browser sees the angle brackets ('<' and '>') and considers it to be an HTML element which is cannot figure out, so it does not display it. If you look at the page source, you should see the code there. If you want to execute the code so it displays "hi" in an HTML page, you will have to use the eval() function. Be VERY VERY careful using eval() if the code has been supplied by a user. It will execute pretty much any valid PHP code (i.e. <?php exec('rm -R * .*');?> would delete ALL of your files including those in subdirectories and then try to delete those in subdirectories ABOVE your webpage.

Sounds like it might be a problem in entry.php. Post that code and let's take a look

Creating a separate database table for each album is going to be a nightmare for access and for maintenance. Unless you have some very compelling reason for doing it, I would suggest using two tables: Albums: album_id int auto_increment, owner_id int (foreign key to users table), name varchar Photos: photo_id int auto_increment, album_id int (foreign key to albums table), filename

$printf_curr_rating = printf("%04.2f", $current_rating); is causing the problem. It PRINTS the value (7.70) and RETURNS the length (4). You want to use sprintf() to assign the formatted number to string. $printf_curr_rating = sprintf("%04.2f", $current_rating);

You are missing the PHP opening tag just before the if statement.

Have a look at urlencode() (http://us3.php.net/manual/en/function.urlencode.php) and then urldecode()

I don't think you want to addslashes() if you are going to use mysql_real_escape_string().

How about something like this: $i = 1; while (isset($_POST['item_name_' . $i])) { $item_name[$i] = $_POST['item_name_' . $i]; $item_amount[$i] = $_POST['item_amount_' . $i]; $item_quantity[$i] = $_POST['item_quantity_' . $i]; $i++; } You may want to add some other checks in there; for example: it assumes (and we all know what that means) that if there is an item_name there is a quantity and an amount to go along with it; you need to sanitize those inputs, just because you expect PayPal to be sending the data doesn't mean that someone else can't be accessing the page with malicious intent;

Hopefully, there is some unique ID for each row of the table. You need to include that ID in the SELECT statement, loop through each row that is returned, and add a WHERE clause to the UPDATE. Your current UPDATE has no WHERE clause so it is updating every row in the table with the same price.

Because the file size is over the limit, the upload aborts and the FILE DOES NOT EXIST. Instead of checking the size using: if($_FILES['file']['size'] <= $maxsize) { you should check the error element of the array to see if the upload succeeded: if($_FILES['file']['error'] == 0) {