Fenhopi

Here's the code for my blog: <? echo "<div class='box2'><h2>Add a new blog entry</h2><BR>"; $req_user_info = $database->getUserInfo($req_user); $username = mysql_real_escape_string($_SESSION['username']); $id = mysql_real_escape_string($_GET['user']); $query = "SELECT * FROM blogs WHERE byuser='$id' ORDER BY blogid DESC"; $qq = $database->query($query); $result = mysql_fetch_array($qq); //Post a new blog ?> <form method="post" action="addingblog.php"> Title:<br /> <input name="title" size="40" maxlength="255"><br /> Introduction:<br /><textarea name="intro" rows="7" cols="30"></textarea> <br> Main post <br /><textarea name="blogpost" rows="7" cols="30"></textarea> <br> <INPUT NAME="post1" TYPE="image" SRC="images/OOitupbutton2.jpg" ALT="Submit Form"> <br /> </form> <? What would I have to change to prevent XSS attacks?

You could try making a loop that takes information from one database and adds it to the new one.

I have this code: if(!$selectlikerow['likes'] == ""){ echo $selectlikerow['likes']; echo " likes this<br>"; } if(!$selectdislikerow['dislikes'] == ""){ echo $selectdislikerow['dislikes']; echo " dislikes this<br>"; } if($selectdislikerow3['dislikes'] == ""){ if($selectlikerow2['likes'] == ""){ echo "<table><tr><td><form method=\"post\" action=\"like.php\">"; echo "<input class=\"inputfield\" name=\"like\" type=\"hidden\" id=\"like\" value=\"$username\""; echo "<input class=\"inputfield\" name=\"oodleid\" type=\"hidden\" id=\"oodleid\" value=\"$oodleid\""; echo "<INPUT NAME=\"post\" TYPE=\"image\" SRC=\"images/likebutton.jpg\" HEIGHT=\"15\" WIDTH=\"40\" ALT=\"like!\"></form>"; echo "</i></td>"; } } if($selectlikerow3['likes'] == ""){ if($selectdislikerow2['dislikes'] == ""){ echo "<td><form method=\"post\" action=\"dislike.php\">"; echo "<input class=\"inputfield\" name=\"dislike\" type=\"hidden\" id=\"dislike\" value=\"$username\""; echo "<input class=\"inputfield\" name=\"oodleid\" type=\"hidden\" id=\"oodleid\" value=\"$oodleid\""; echo "<INPUT NAME=\"post\" TYPE=\"image\" SRC=\"images/dislikebutton.jpg\" HEIGHT=\"15\" WIDTH=\"40\" ALT=\"like!\"></form>"; echo "</i></td></tr></table>"; } } The image buttons I use as submit buttons display in Firefox and Safari, but not IE. However, some other image buttons I have work in IE. Such as my log on button. Appreciate all help.

I have a system that's supposed to check if your name is in the "likes" column. $selectlike2 = "SELECT likes FROM oodles WHERE likes='%$username'"; $connectselectlike2 = $database->query($selectlike2); $selectlikerow2 = mysql_fetch_array($connectselectlike2); if($selectlikerow2['likes'] == ""{ echo "you heaven't liked"; } else{ echo " you have liked"; } This doesn't work however. It echos that I haven't liked it (that my username isn't in the likes column) even though it is. Is there a better way of doing this?

Just figured it out before I saw your post. Thanks for replying though! Appreciated!

Hi, I'm making a system similar to the like system in facebook. THis is what I got: $insertlike = "UPDATE status SET likes='$username' WHERE statusid='$statusid'"; And that works fine. But when another user likes the same post he replaces the previous user who like the post. Is there anyway I can add his username to the already added username? Thanks for your time and help!

I couldn't get the query working, it kept echoing my status twice.. here is what I got: echo "<img src=\"images/oodlestreamsign.jpg\">"; $username = $_SESSION['username']; $friend_statuses = "SELECT status.*, friends2.user1 FROM statuses, friends2 WHERE statuses.byuser=friends2.user1 or '$username' AND friends2.user2='$username' ORDER BY statuses.dtime DESC"; $result = $database->query($friend_statuses); // Loop While($myrow = mysql_fetch_array($result)) { //VARS $user = $myrow['byuser']; //Echoes echo "By <a href=\"userinfo.php?user=$user\">$user</a>"; echo "<h3>"; echo $myrow['status]; echo "</tr></td>"; echo "<br><tr><td>On: <i>"; echo $myrow['dtime']; echo "</b></td></tr><tr><td><br>"; echo "</i></td></tr><hr><br>"; } echo mysql_error(); }

Thank you very much! That was very useful.

Yes I did. I have a ton of similar scripts on that page. I think it's because it doesn't like the join-query..

Here's my code: <?php if($session->logged_in){ echo "<img src=\"images/oodlestreamsign.jpg\">"; $username = $_SESSION['username']; $friend_statuses = "SELECT oodles.*, friends2.user1 FROM oodles, friends2 WHERE byuser=friends2.user1 AND user2='$username' ORDER BY oodles.dtime DESC LIMIT 0, 10"; $result = $database->query($friend_statuses); // Loop While($myrow = mysql_fetch_array($result)) { //VARS $user = $myrow['user1']; //Echoes echo "By <a href=\"userinfo.php?user=$user\">$user</a>"; echo "<h3>"; echo $myrow['oodle']; echo "</tr></td>"; echo "<br><tr><td>On: <i>"; echo $myrow['dtime']; echo "</b></td></tr><tr><td><br>"; echo "</i></td></tr><hr><br>"; } } else{ echo "<img src=\"images/welcomebanner.jpg\" alt=\"Welcome to Opheim online\">"; } ?> This works on my local database, once I upload it says that "mysql_fetch_array(): supplied argument is not a valid MySQL result resource in".. I don't get why it gives me that error..

Alright, thanks a lot! If I wanted to add myself/$username to the list of statuses, how would I do that?

Could you please provide me with an example how I would make a join.. I've looked it up but I don't seem to understand how to put it together right..

So this is what I have: if($session->logged_in){ echo "<img src=\"images/oodlestreamsign.jpg\">"; $username = $_SESSION['username']; $friends = "SELECT user1 FROM friends2 WHERE user2='$username'"; $result = $database->query($friends); // Loop While($myrow = mysql_fetch_array($result)) { //VARS $user = $myrow['user1']; $status = "SELECT * FROM status WHERE byuser='$user' ORDER BY dtime DESC"; $statusresult = $database->query($status); $myrow2 = mysql_fetch_array($statusresult); //Echoes echo "By <a href=\"userinfo.php?user=$user\">$user</a>"; echo "<h3>"; echo $myrow2['status']; echo "</tr></td>"; echo "<br><tr><td>On: <i>"; echo $myrow2['dtime']; echo "</b></td></tr><tr><td><br>"; echo "</i></td></tr><hr><br>"; } } else{ echo "Not a lot of Statuses"; } This works, the only problem is that the statuses by users are displayed in the order I have added my friends, instead of in the order my friends posted their statuses.. Help please?

Hi, I have a database that holds friendships. I've created a database called statuses. Everytime a user makes a status it's added in to the status database. Now I need to make a system that retrieves statuses of friends only.. How would I do that? Thank you!

Hey I'm trying to use an image as a submit button for my form. I use this code: <INPUT NAME="post" TYPE="image" SRC="images/scribblebutton.jpg" HEIGHT="30" WIDTH="80" ALT="OO it up!"> To trigger the php script. However when I use the image as a button it doesn't post the values like it does when I use a normal submit button.. Any ideas?

I already have a session that retrieves their user name on the page where I'm loading the picture to. And yes, their user name is stored with the picture they upload so that it's easier to retrieve for each individual user. However I don't want to call the session in the other page. It seems easier for me to just grab the variable already stored in the previous page. It must be some easy way to do that?

But storing it in a database seems so pointless seeing as that's why I need it in the firstplace. I need to Store the user name in a variable so that I can use his I'd to retrieve the right picture with the other page.

So I need to get a variable stored in one page so that I can use the info stored in it on another page. I tried using a form and retrieve the $_POST function, but that obviously only works when the form is posted, which I don't Need. Does anyone have an alternative solution?

Lol! That was painfully obvious. Thanks.

So I have this function that retrieves a picture, and it needs to be in a separate page because I can't call a header function if I have an echo in front of it.. Is it possible to call a function from another page so that I can display the picture in my page that has a lot of echo's in front of it? Or is there a better solution out there?

Okay, those are great ideas, thanks! I'm confident this will solve my issue regarding the raw file. However I also have a problem that it says that headers are already sent, so my: header('Content-type: image/jpg'); won't work. And that's sort of an essential part. Headers are already sent in a file i have included, and it has to be included, is there anyway I do something to get around this? Thanks for the reply guys!

Try 127.0.0.1 instead of localhost. Or change your port to 2525

Lol, it seemed like for some reason it didn't want to display it in Safari. Just firefox. Thanks for the help guys.

So, I've managed to store a picture into a database. This happens to be a profile picture for the user. I know that I'll need the query to be: $query = mysql_query("SELECT * FROM tbl_images WHERE byuser='$id'"); But that's about it. Whenever I try and write up a code to display the picture I only get it displayed as a raw file, which isn't cool. I heard that I can't have any html codes when I display a picture, but if this is so how is it possible to view it in my users' profile page? All help appreciated!!

I'm not sure exactly where I'd add that, but I tried adding it in both the upload.php script and the preview picture script and no change. Thanks for the suggestion though!