HPWebSolutions

What I mean is, don't do mysql_real_escape_string on variables you are going to be inserting into the database dozens of lines of code before the sql query, which can happen in larger applications. Always do the the escaping right as you're doing the query so you are 100% certain that everything going into the MySQL query is properly escaped. For example, instead of doing $num = mysql_real_escape_string($_POST['num']); // 20 more lines of code mysql_query("UPDATE num SET value=$num, someField=$num WHERE id=1;"); do this instead: $num = $_POST['num']; // 20 more lines of code mysql_query("UPDATE num SET value='".mysql_real_escape_string($num)."'. someField=".mysql_real_escape_string($num)." WHERE id=1;"); or: $num = $_POST['num']; // 20 more lines of code $set_pairs = 'value='.mysql_real_escape_string($num).', someField='.mysql_real_escape_string($num); mysql_query("UPDATE num SET $set_pairs WHERE id=1;");

No problem, let me know if you have any more trouble.

Is switching web hosts an option? I support it on our shared web hosting accounts. I don't think it is too unusual of a thing, as there is a ton of software out there that requires encryption to run. I run WHMCS, which is encrypted, with no problems on our server. You can read more about our hosting plan at http://hpwebsolutions.com/Web-Site-Hosting.html. The prices aren't the cheapest because our market is people who require a ton of support which increases costs tremendously. If you can't encrypt the software then there's not really any other way to secure the source code other than not providing it to the customer. You could manage all of the instances of your software on your own server that only you have ftp access to.

Does the user have to be logged in to look at the page? If so, you could store the number of times they looked at a particular page that day in a database, and stop them from looking at it anymore that day if they exceed the threshold. If they aren't going to be logged in, you could store a $_SESSION variable with data in it regarding the number of times the user looked at each page, and deny access to the page if they have looked at it too many times. The key will be checking these values before displaying any page.

You are very welcome, glad I could help. As far as mysql_real_escape_string goes, I'm not sure how you regulate usernames, but for instance if a user had a username that could inject sql into your db, such as '; DROP TABLE users; -- then you might have a problem. That may not be a good example, but I hope you see what I mean. To be on the safe side, I use it every single time I make a db query. You'll always want to use it right before or in the query on the query string to ensure that everything is escaped and that you didn't miss something.

One potential solution is that you could use AJAX to call each process separately, notifying the user that the processes have been started using some javascript. You could even use a javascript progress bar to update the user on the status of the job. It would be somewhat complicated to do this, but not impossible.

In the second set of code, under the dashed line, It looks like your value for city is still the value of venue, is that what you mean to do? Also, when you take the OR venue.... out of the query, are you also removing the second parameter "GetSQLValueString("%" . $colname2_venue . "%", "text")"?

It's difficult to diagnose a 500 server error without having access to it and the code. Basically, all it means is that the server has met an error it doesn't know how to handle. What are you doing right before you get the error?

I should also mention that you will probably want to use mysql_real_escape_string before performing any DB query to prevent possible SQL injection attacks. Note that you may experience conflicts if you have magic_quotes turned on in your PHP configuration file, which automatically escapes certain characters. It has been recommended by the PHP devs not to rely on magic_quotes, which is officially deprecated as of PHP 5.3.

change "select * from scouts" to "select * from scouts where username = '".$_SESSION['userName']."'"

I haven't used the Paypal shopping cart recently, but I'd assume that you can use a javascript function to submit the one form when the other is submitted. You would need to look into submitting forms with javascript. You could use document.formname.submit();

Hi Luke, Can you please post the HTML and PHP code for your website's form? I suspect it might have to do with the name your are giving to each field. Is the input name being duplicated for each field? Also, please post the code snippet that is inserting into the second database. Do you have a live website where I can see this in action?

Yes, Search Engine Optimization is certainly needed to improve the traffic and conversions on a website. If you aren't convinced by the above posts, you can try a little experiment that could have dramatic effects on your placings in the search engines: just optimize your title tags. Right now, this is one of the biggest factors in ranking well on google. Optimize your titles and then see where your website is placing in the search engines for your keywords.

I haven't been on in a few days. Have you gotten this to work yet? If not, please post the current code snippet you are using to get it out of the database.

There are two easy options. 1, just do all of the work in subscribe.php, both subscribing and unsubscribing. 2, pass the variables in the url uinsg key=>value parameters, and then pull them out using the $_GET array. i.e.: header ("Location: unsubscribe.php?email=".$email_address."value2=".$value2);