Genesis730

In line 9 you add 1 to the variable $s... then in line 10 you ask if $s = 3, if not you set it back to 0... if you keep setting $s back to 0 in line 10 then the test in the beginning of line 10 will never result in 3...

Me1337, mysql_real_escape_string or MRES is an important part of handling user input as far as security. You ALWAYS want to sanitize (make sure input is what you expect it to be and ONLY what you expect, nothing that might cause problems) user input cause you never know what might be sent.

also the line before (line 26) has a ( and needs a {

Bump any other input would be awesome

none at all, it just doesn't do anything...

I tried Chrome's debugger with no avail

ROCKINDANO i sent you a link to a very basic example, it's at http://piratepad.net/QkbxCuYxCz this example has no error checking or security (which you should have so nobody goes and sends out emails to your users... but should be a starting point.

In the DB you should have a column called newsletter (or some variation that is significant so you know what it is for) and either a 1 or 0 for true or false, whether they want the newsletter or not... Then you can make a textbox form that when you click sent, it queries the DB and collects all the emails from users that have newsletter set to 1 (for true) and sends it to those emails.

I have some js files I want to use to be able to change values in a DB without reloading the page, also with just 1 click.. As it is, when I click the link to change the DB, nothing happens at all... and I don't know if I just have a simple mistake or what... Here's what I have *** jQuery.js *** $(document).ready(function() { $(".wrench").click(function() { var anchor = $(this).attr("id").split("-"); var span = $("#span-" + anchor[1]); var textBox = $("#text-" + anchor[2]); var userID = anchor[3]; var type = anchor[4]; $.getJSON('../admin_click_update_db.php', { 'text': textBox.val(), 'UID': userID, 'type': type }, function(data) { if (data.error == false) { if (span.text() == 1) { span.text(0); } else { span.text(1); } } else { alert(data.errorMessage); } }); }); $(".textBox").change(function() { var id = $(this).attr("id").split("-"); var val = $(this).val(); $.getJSON('../admin_field_update_db.php', { // not used yet... } }); }); *** ADMIN_CLICK_UPDATE_DB.PHP *** <?PHP $data = array(); $data['error'] = false; $data['change'] = false; if(isset($_GET['param1']) && isset($_GET['param2']) && isset($_GET['param3'])) { $data['change'] = true; $UID = mysql_real_escape_string($_GET['UID']); $type = mysql_real_escape_string($_GET['type']); $text = mysql_real_escape_string($_GET['text']); if($type == 0) { $new = 1; $query = mysql_query("SELECT activated FROM JQtest WHERE ID = '$UID'" ); if(mysql_result($query,0) == 1){ $new = 0; } } elseif($type == 1) { $new = 1; $query = mysql_query("SELECT disabled FROM JQtest WHERE ID = '$UID'" ); if(mysql_result($query,0) == 1){ $new = 0; } $query = mysql_query("UPDATE `JQtest` SET disabled='$new' WHERE username='$UID' "); if(!$query){ $data['error'] = true; $data['errorMessage'] = mysql_error(); } else { $data['error'] = false; } } else { $data['error'] = true; } echo json_encode($data); } ?> *** admincenter.php *** <?PHP require_once('user_functions.php'); echo '<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script> <script type="text/javascript">window.jQuery || document.write("<script src=\'js/jquery-1.6.2.js\'>\x3C/script>")</script> <script type="text/javascript" language="javascript" src="js/javascript.js"></script>'; $title = "Admin Center"; require_once "header.php"; $username = $_SESSION['username']; $result = mysql_query("SELECT ulevel FROM `JQtest` WHERE username = '$username'"); $row = mysql_fetch_array($result); $rank = $row['ulevel']; $span = 0; $text = 0; // or textbox if (!LoggedIn()) { header("Location: index.php"); } echo '<div id="main" align="center">'; $result = mysql_query("SELECT * FROM `JQtest` ORDER BY registered DESC LIMIT 10"); if((mysql_num_rows($result) < 1)) { echo "There are no accounts yet"; } else { echo '<table cellspacing="2" cellpadding="5" border="0" align="center"> <tr align="center"> <td><b>Username</b></td> <td><b>Email</b></td> <td><b>Rank</b></td> <td><b>Activated</b></td> <td><b>Disabled</b></td> <td><b>Delete Acct</b></td> </tr>'; while( $row = mysql_fetch_array($result)){ echo ' <tr align="center"> <td>'.$row[2].'</td> <td>'.$row[6].'</td> <td> <input type="text" value="'.$row[1].'" id="text-'.$text.'" size="1"></td> <td><span id="span-'.$span.'">'.$row[14].'</span><a href="#" id="w-'.$span.'-'.$text.'-'.$row[0].'-0"><img src="images/wrench.png"></td>'; ++$span; echo ' <td><span id="span-'.$span.'">'.$row[11].'</span><a href="#" id="w-'.$span.'-'.$text.'-'.$row[0].'-1"><img src="images/wrench.png"></td>'; ++$span; echo ' <td><a href="#"><img src="images/cross.png"></td> </tr>'; ++$text; $span = 0; } } echo '</table> </div>'; require_once "footer.php"; ?>

You have $message .= '<a href"http://www.mywebsite.com/verify?activationCode=$activationKey">Click here to activate your account.</a>'; should be $message .= '<a href="http://www.mywebsite.com/verify?activationCode=$activationKey">Click here to activate your account.</a>'; You forgot the = in a href="...

Just realized i was using MRES so yes, that was the solution : Problem SOLVED!

Change line 56 from if ($_POST['submitbtn']) { to if(isset($_POST['submitbtn'])) { I believe you need to call isset when checking to see if a form is submitted or not

I have copied and pasted it exactly, and MichA-'el fails on mine being that I'm using " in the regex i didn't even think that i had to escape a ' but even doing so I get the same result, so could there possibly be a setting that's altering something and causing my issue??

To help prevent the users from finding the files you could use .htaccess URL rewrite to disguise the URL location as a different one, so when they try to access the folder, it won't exist

Still fails when i use your suggestion and try to escape the '