Bjom

DELECT FROM myTbl WHERE DATE(myDate) < CURDATE() assuming you have a field called myDate in the table myTbl that identifies the record's "age" and it needs to be a timestamp or date type.

UNION is for adding a second identical "table" to another, that means adding rows to an existing table. What you most likely want to do is adding columns and you do that by using JOIN. The syntax is like this: SELECT tblA.fld1, tblB.fld2 FROM tblA JOIN tblB ON tblA.refID = tblB.ID and the trick is to have a field in the one table that references (and thus links) the other table. have a look here at the manual too. hth Bjom

This is one line of code, retrieving info that is vital for analyzing your problem. As should be obvious with either a quick glance at the code, the manual or if it is not obvious then simply from trying it, you can put it anywhere. It does not appear that you even tried this. Your comment about "echoing everything" when all you need to echo is get_magic_quotes_gpc() also points to this direction. Just read the answers, act upon them and stop whining. Bjom

here and here if you don't like being "lectured" read the manual first and ask then. As for echoing "every single line". Well yes, if nothing else helps. But there are IDEs which have line by line execution functionality. And: you are very welcome. Bjom

Read the php manual on sessions. It's explained pretty well imho. But as thorpe points out: it is far less secure and it is mainly useful as a workaround in cases where you a) switch servers within a session, like when moving over to a proxy (ssl over a proxy is an example), but then you should reconsider your strategy and reconfigure ASAP anyway b) it is absolutely impossible to work with cookies So while it is good to know that the possibility exists, it is not advisable to use it as a standard method. Try and google for "session fixation" and you'll find good info about the security issues at hand. Bjom

did you try inserting it somewhere? if not, why not? how do you expect to learn stuff if you don't try it?

the "automatic" logout can only mean: when after 60 minutes of inactivity the user does anything he will get logged out or redirected to the login page. I have written an authentication class that provides that kind of functionality. You can check it out here and use it if you like, play around with it - or simply read it. there is an example in the download that you can play around with...

if(isset($matches[0], $matches[2])){

Check out my authentication class if you like - or use it. Can be found from this thread it's fairly easy to integrate has quite some nice features and does the actual authentication, while you define your login page's design yourself.

in line xxx... in which line would that be? did you place your if (isset(... right? It needs to be right after the first preg_match...

addslashes and stripslashes is not the same as mysqli_real_escape_string. With the latter all that stripping and adding is done in the background for you. You actually never should use addslashes/stripslashes for that purpose. Some literature is outright bad. (also never use or die() )

You are missing that you can escape certain characters in PHP and for that the \ is used. So \' is an escaped '. This for example would not work, producing a syntax error, because a ' is missing: 'Dangerous ' Character' So to assign Dangerous ' Character to a string using single quotes you need to escape the inner single quote with backslash in front. 'Dangerous \' Character' produces 'Dangerous ' Character' if you need the backslash add another one, because the first was "used up" escaping the '

should work, but will continue testing values unnecessarily, when it has already found the number. $numberArray = array(80,100, 120, 160); $inNumber = 85; foreach($numberArray as $value) { if($value > $inNumber) { $nearHighNum = $value; break; } } echo $nearHighNum;

see here

try this: echo get_magic_quotes_gpc(); if it returns "1" then this is the problem... can you use .htaccess files? then this will turn them off: php_flag magic_quotes_gpc Off if not you need to use stripslashes() also do a vardump on the variables containint the values that get sent to your db and make sure THOSE are correct - and compare again...

you dont seem to be clear yourself as what you want and in what place. if you want it all in one line - this query is the way to go. if you need single values to "mess" with, then you need no concatenation at all, simply get the values and do the rest in php. I suggest you look for a few tutorials on how to connect and query databases and to read the chapter on SELECT in the MySQL manual and alos the chapter on mysqli in the PHP manual.

uhuh. and would you paste it here?

that was one point, why I asked the OP to be more specific. There might be more trouble. But since you are not willing to provide any information and seem to think this is a quiz show....do not expect any answers. You're on your own.

I've sent you a query that does it. You have not yet commented on whether or not it worked as you liked or what's the problem.

not from what you posted. try echo $insert_query; to see what you actually pass to the server also in the field list you have "county" 2x instead of county and country

that applies both functions. yes. can't see and say anything more than before. it depends when you apply the function and what you do with the $postcontent variable later. *shrug*

strip the spaces?

you can still produce loopholes - it depends on how you use the htmlentities. So post your code and we can review it.

use [ php] [ /php] tags around the code, pls. makes it easier to read - and to find errors. It's then easy to see that the parentheses ) closing the field list - is outside the quotes.... always echo your queries and test them... <?php //let's create the query mysql_connect ("BLAN","BLANK","BLANK"); mysql_select_db("BLANK"); $insert_query = ("insert into subscriptions ( title, forename, surname, tel, mob, fax, e_mail, e_mail2, address1, address2, address3, city, county, post_code, county, baddress1, baddress2, baddress3, baddress4, bcity, bcounty, bpost_code, bcountry, nameOnCard, card_type, card_number, exp_month, exp_year, card_verification_no, start_month, start_year, issue_no" ). "VALUES ( " . $_SESSION['title'] . ", " . $_SESSION['forename'] . ", " . $_SESSION['surname'] . ", " . $_SESSION['tel'] . ", " . $_SESSION['mob'] . ", " . $_SESSION['fax'] . ", " . $_SESSION['e_mail'] . ", " . $_SESSION['e_mail2'] . ", " . $_SESSION['address1'] . ", " . $_SESSION['address2'] . ", " . $_SESSION['address3'] . ", " . $_SESSION['city'] . ", " . $_SESSION['county'] . ", " . $_SESSION['post_code'] . ", " . $_SESSION['country'] . ", " . $_POST['baddress1'] . ", " . $_POST['baddress2'] . ", " . $_POST['baddress3'] . ", " . $_POST['baddress4'] . ", " . $_POST['bcity'] . ", " . $_POST['bcounty'] . ", " . $_POST['bpost_code'] . ", " . $_POST['bcountry'] . ", " . $_POST['nameOnCard'] . ", " . $_POST['card_type'] . ", " . $_POST['card_number'] . ", " . $_POST['exp_month'] . ", " . $_POST['exp_year'] . ", " . $_POST['card_verification_no'] . ", " . $_POST['start_month'] . ", " . $_POST['start_year'] . ", " . $_POST['issue_no'] . " )"); mysql_query($insert_query); ?>

You mix up two different concepts of "user". There are those people that are using your site - your users, as defined by your table "users". And there are database users. The DB "user" is the "user" to create a database connection. Different people can all use the same user at the same time - and you will neither have to tell them the name, nor the password. That stays in your PHP script. You could even just use the root user all the time, but this is bad because he has all rights to modify and delete and do whatever to your DB, so if anyone finds a way to do something unexpected with your site, the whole DB is in danger. Solution: you create ONE new database user and via GRANT you give him only those restricted rights that he needs. Now you need a login script in php, that allows users to enter their username and password (as stored in your DB table), this script will then connect to the DB with the DB usernames that you created and compares the entered (POSTed) values to the database table. If it finds them - then ppl can continue, if not...redirect them or whatever. Hmm. I hope that makes things a bit clearer. I'm not sure if I got my point across. It's kind of late here. If not, please do not hesitate and simply ask again. You can find an example of a working "authentication" class (i.e. login) from my post in the beta-test forum. It's rather easy to use, even though because of the functionality it is quite large and complicated in itself - read the source for the AuthExample.php first... I invite you to use it or simply take it as an inspiration or to learn from it. You find a link to it here regards Bjom