jcbones

Without extensive look at your code, I would suggest looking at tokens based on time. Setting the token in the session, and then making sure the next page request matches that token. Of, course, you would change the token each new request.

What is meant is, if 1 variable from the form is set, then all the variables will be set. You need to make sure the form is sending the variables though, but that is where sanitation and validation comes into play.

IMHO, output bufferings only good use is to cover up bad coding practices.

LIKE using the wildcard (%) is what you are looking for.

This is similar to where you should be, taking all the info out of a database, and dumping it back to the screen: commented up <?php include('connection.php'); //make sure you have a mysqli connection. $sql = "SELECT * FROM `{$myusername}-mail` ORDER BY date ASC"; //define your sql statement. $result = mysqli_query($connection,$sql) or trigger_error($sql . ' - has encountered an error at:<br />' . mysqli_error($connection)); //call the sql statement, if it errors give us de-bugging info. $fields = mysqli_fetch_fields($connection); //get your field list. $field_count = mysqli_num_fields($connection); //get the number of fields. echo '<table>' . "\n" . '<tr>'; //start a table. $i = 0; //define a counter. foreach($fields as $field) { //for each field if(++$i == 1) { //if this is the first run of the foreach statemnt. echo '<th colspan="' . $field_count . '">' . $field->table . '</th></tr><tr>'; //print out a table header with the table name. } echo "\n" . '<th>' . $field-name . '</th>'; //print the column name at the top of each column. } echo '</tr>'; //ends the column row. while($row = mysqli_fetch_row($result)) { //while you still have data left in the table: echo '<tr><td>' . implode('</td><td>' , $row) . '</td></tr>'; //dump it all into a row, matching the data to the correct column. } echo '</table>'; //ends the table. Sometimes it helps to just see it, with comments to follow what it is doing.

$data[40962]['Data'][0] = $new_width; $data[40962]['Text Value'] = $new_width . ' pixels'; The problem is determining the first array index of 40962 and 40963.

preg_match_all OR DomDocument class OR SimpleHTMLDom class I've used all three, and would suggest the 1st and 3rd. In my experience the 2nd doesn't always like HTML.

I would trim this down a might, as you are running a lot of queries. // Create connection $con=mysqli_connect("localhost","root","","inshapewebsite"); // Check connection if (mysqli_connect_errno($con)) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } $query = "SELECT Calories FROM food where Food IN (" . implode(',',$_SESSION['foodTypes']) . ")"; $result = mysqli_query($con,$query) or trigger_error(mysqli_error($con)); while($row = mysqli_fetch_array($result)) { echo $row['Calories']; $calories += $row['Calories']; } echo 'The amount of Calories is: ' . $calories;

You change your result resource when you ask for the email address. Then that runs to its end in the while loop, there is nothing else from the resource ID. This is because you bound the second resource id to the same variable name as the first resource id, overwriting your $result variable. This is one of the roadblocks of running queries inside of query loops. You should join the phpbb table to your other query, so everything is pulled at the same time.

I know it is fixed, but just would like to note that you cannot bind parameters to column names nor table names in prepared statements.

You will need to detail the expected values, AND your table structures. these two mysqli_query ($con2, "UPDATE table SET totalraters = totalraters + 1 WHERE id='$id' "); mysqli_query ($con2, "UPDATE table SET ratingsum = ratingsum + '$value' WHERE id='$id' "); Can be combined mysqli_query($con2,"UPDATE table SET totalraters = totalraters + 1, ratingsum = ratingsum + $value WHERE id = $id"); I'm still not sure what `table rating` looks like, nor how it ties into the other tables, so I won't put a query here for it as it may lead down the wrong rabbit hole, until structure and usage is addressed.

Being that there is obviously more than one column in the `table rating` table, then you would need to specify the column that you want the value stored in. You should always add de-bugging into your scripts, it will help you with these time consuming errors: change mysqli_query ($con2, "INSERT INTO table rating VALUES '$final' WHERE id='$id' "); to mysqli_query ($con2, "INSERT INTO table rating VALUES '$final' WHERE id='$id' ") or trigger_error(mysqli_error($con2));

I just think the logic flows better with arrays. Right now you are trying to compare if all of the values end up the same a the access key: ($key1 + $key2 + $key3 + $key4 + $key5 + $key6 + $key7 != $accessgranted) This will work NO MATTER HOW the keys are chosen. The sequence could be reversed and they would still get the access. Matter of fact, there could be 1,000's of different sequences that you could come up with that would equal the pass code in that one line of code. With arrays, you can be sure that the pass code was clicked in the correct order.

My take is that you should be looking at arrays: <?php session_start(); //editable variables: $correctLockSequence = array(1,2,3,4,5,6); $lockURI = 'http://www.mywebsite.com/main.php'; $lockOpenedURI = 'http://www.mywebsite.com/passed.php'; $lockBarricadedURI = 'http://www.mywebsite.com/loginfailed.php'; //dynamic variable knowledge base: $numberOfLocks = count($correctLockSequence); //starting processing: //get the lock number sent in the URL: $currentLockNumber = (isset($_GET['lock'])) ? $_GET['lock'] : 0; //Lets us know that the lock rotation is NOT complete. $rotationComplete = false; //set our current selected lock in the session array: $_SESSION['selectedLocks'][] = $currentLockNumber; //if our number of locks selected is equal to the number of locks needed: if(count($_SESSION['selectedLocks']) == $numberOfLocks) { //then our rotation is complete. $rotationComplete = true; //but our page is locked: $pageLocked = array(); //so we look at each index in the array: foreach($_SESSION['selectedLocks'] as $key => $lock) { //if each index does equal the corresponding index in the correctly sequenced array: (unlock the page, else lock it down)! if($correctLockSequence[$key] == $lock) { $pageLocked[] =0; } else { $pageLocked[] = 1; } } //redirects: //if the rotation is not complete, go get another lock code: if($rotationComplete == false) { header('Location: ' . $lockURI); exit(); } elseif(in_array(1,$pageLocked)) { //else if rotation is complete, and some keys did not match, then barricade the store: header('Location: ' . $lockBarricadedURI); exit(); } else { //else everything matched up, and you can let them in. header('Location: ' . $lockOpenedURI); exit(); }

This is PHP not ASP! Blah@!!!

In your script.js file, replace error: function(res){ alert("Unexpected error! Try again."); } with: error: function(jqXHR, textStatus, errorThrown){ alert("ERROR: "+errorThrown); } Then you should see something that points you in the right direction.

So if it is sent via javascript, then most likely you are using an AJAX request? If so, then you shouldn't be leaving the page until you get a response. Really though, there isn't enough to go on here. To many variables, not enough info.

Not really a lot of cleaning up to do: <?php //PHP retrive data $id = isset($_POST['id']) ? (int)$_POST['id'] : 0; if($id > 0) { //Query the DB $db1 = mysql_query("SELECT * FROM table1 WHERE uid = " . $id); $db2 = mysql_query("SELECT * FROM table2 WHERE uid = " . $id); if($db1 === false && $db2 === false) { die("Database Error"); } echo " <center><b>Get UID '$id' </b></center><br>"; while ($row = mysql_fetch_assoc($db1)){ echo "UID :{$row['uid']} <br> ". "Username : {$row['username']} <br> ". "Phone : {$row['phone']} <br> ". "Email : {$row['acct_email']} <br> ". "--------------------------------<br>"; } while ($row = mysql_fetch_assoc($db2)){ echo "UID :{$row['uid']} <br> ". "Username : {$row['username']} <br> ". "Phone : {$row['phone']} <br> ". "Email : {$row['acct_email']} <br>" . "--------------------------------<br>"; } } //php search $searchid = trim($_POST['name']); //check whether the name parsed is empty if($searchid == "") { echo "<center><h2>Please input Serial ID or Searching by Name</h2></center>"; exit(); } $query = "SELECT * FROM table WHERE username LIKE '%$searchid%'"; $query2 = "SELECT * FROM table WHERE username LIKE '%$searchid%'"; $results = mysqli_query($link, $query); $results2 = mysqli_query($link, $query2); if(mysqli_num_rows($results) >= 1) { echo " <center><b>Keyword '$searchid' is found </b></center><br><br>" ; $output = ""; while($row = mysqli_fetch_array($results)) { $output .= "User ID: " . $row['uid'] . "<br />" . "Username :" . $row['username'] . "<br />" . "Phone: " . $row['phone'] . "<br />" . "Email: " . $row['acct_email'] . "<br /><br />" . "--------------------------------<br>"; } } if(mysqli_num_rows($results2) >= 1) { $output2 = ""; while($row = mysqli_fetch_array($results2)) { $output2 .= "User ID: " . $row['uid'] . "<br />" . "Username :" . $row['username'] . "<br />" . "Phone: " . $row['phone']. "<br />" . "Email: " . $row['acct_email'] . "<br />" . "--------------------------------<br>"; } echo $output . ' ' . $output2; } I will suggest though that you migrate to mysqli or PDO. It shouldn't be to difficult as you have mysqli in your second half of the code. Mysql is outdated and not really good to use anymore. It will be taken out soon™ Edit: this forum hates tabs!

You might be able to find if your site name exists in the string with strpos.

EVERYTHING before: <? require_once($_SERVER["DOCUMENT_ROOT"] . "/Mensajeria/includes/session.php"); ?> is sent as soon as the server sees it. Which would mean that the server MUST send the headers also. You cannot make any header function calls after ANY output (including BOM's, blank lines, or char's of any kind), because PHP cannot put information into the header of a document after it is sent.

You probably should re-think this. I say this because there is nothing stopping me from changing someones email address, if I have their username. You should PULL the data from the database, and then let them change it by running an update on the data. You, of course, wouldn't pull the data, until you were sure that person was allowed to edit it. You would then run a simple update query on the data, which will update it if it is different, but will not if it is the same. Then return that data back to the page, in a form, in case they mis-spelled something, or need to change it again.

You can't jump out of php and back into php inside of an echo statement. PHP doesn't know what is going on. Change: echo '<br >' . $entries_time . '&nbsp&nbsp&nbsp&nbsp' . ?> <a href="ask_3.php"> <?php $entries_title ?> </a ><?php . '<br >'; To: echo '<br >' . $entries_time . '&nbsp&nbsp&nbsp&nbsp<a href="ask_3.php">' . $entries_title . '</a ><br >';

See if this works for you: <?php session_start(); function spamcheck($field) { $field=filter_var($field, FILTER_SANITIZE_EMAIL); if(filter_var($field, FILTER_VALIDATE_EMAIL) && empty($_SESSION['mail_sent'])) { $_SESSION['mail_sent'] = 1; return TRUE; } else { return FALSE; } } if (isset($_REQUEST['email'])) { $mailcheck = spamcheck($_REQUEST['email']); if ($mailcheck==FALSE) { echo "Invalid input"; } else { $name = $_REQUEST['name'] ; $company_name = $_REQUEST['company name'] ; $email = $_REQUEST['email'] ; $telephone = $_REQUEST['telephone'] ; $message = $_REQUEST['message'] ; $content = <<<EOF Name: {$name} Company: {$company_name} Email: {$email} Telephone: {$telephone} ------------------------------------------------------- {$message} EOF; mail("cboscia@inspirecreativeworks.com", "I am interested in Inspire Creative Works $subject", $content, "From: $email" ); echo "Thank you for using our mail form"; } } else { echo "<form method='post' action='send_form_email.php'> Email: <input name='email' type='text'><br> Subject: <input name='subject' type='text'><br> Message:<br> <textarea name='message' rows='15' cols='40'> </textarea><br> <input type='submit'> </form>"; } ?>

No, just make sure your database name is filled out in the DB_NAME constant definition. It is being passed to the mysqli class in the constructor. What is the error you are getting now?

You need to make sure error_reporting is turned on E_ALL, and display errors is on. You cannot output an image, and HTML in the same script. You will have to separate them.