Crimpage

Have a look at View Source in your web browser and see what is before that error message. It will show you whether it is a blank line that has been sent or <HTML><HEAD> tags etc...

Where is the thankyou message kept? What you are trying to do is this... Im not going to give you the whole code, just the steps you want to take: [code]if ($tos) // Box is checked, all good {     do the mysql command     show the thank you message     whatever else you want to do ONLY IF THE BOX IS CHECKED } else { // Box not checked... bad person... BAD!     Show message saying they didn't check the box, please press back... or whatever } See how the thank you message is only shown IF the check the box...   [/code]

Probably, It is not that hard tho. User enters email address and presses submit. $newpass = generate_key(); <- There are heaps of scripts out there to generate random strings just find one cause that function is not default... $newencpass = md5($newpass); Then update the database with the new password and if that works, email them the $newpass (which is the unencrypted password). Simple. Dave.

I'm not sure how you would do that exactly. HTML is easily definable because they are enclosed within <>. SQL is not, unless you strip all SELECT, FROM and WHERE words from $_POST. What sort of SQL injection are you worried about? are you directly running an entry from a post field into an sql statement? If not, just look at addslashes(). Cheers, Dave

You have to use the original column name. $sql = "SELECT LEFT(websites_url, 1) AS 'websites_url_letter', websites_url           FROM websites         WHERE websites_url='$letter'           ORDER BY websites_url ASC;"; You might be able to use the HAVING clause. I don't know the specifics of it, but someone else might be able to let us know if it will work. Cheers, Dave.

The path is just / basically means that the cookie is valid for all of net-petz.com. You can make it /subfolder and that would mean it is only valid for net-petz.com/subfolder/ - Dave

I don't know what database class you are using, but it looks like $database->loadObjectList(); doesnt actually return the results, only a resource id / pointer to the results. You still need to do a fetchrows function to pull the actual results from the resource pointer. I use the mysql class from phpbb so I do: [code]$sql = "whatever"; $result = $database->sql_query($sql); <- that runs the query and returns the resourceid.\ while ($row = $database->sql_fetchrow($result)) { do stuff; }[/code] All of that actually itterates through the resourceid link and pulls the actual results. - Dave.

Hi All, I use the e-dir script to show folder contents etc... I have modded the hell out of it for my own use, including having a variable starting directory. In the script, you can set the start directory to be whatever you like, including something outside of the apache/iis wwwroot folder. However when the script generates the html link to the file it will look like it is a subdirectory of the wwwroot folder, and therefor the file does not exist. It's a little confusing. Let say my wwwroot folder is at: c:\wamp\www and i have the script pointing my start directory to d:\ the script will show everything from my D drive. all well and good. But, when I click on one of the files it links to: http://server/file.jpg which apache thinks is at c:\wamp\www\file.jpg Is there anyway of making php or apache pull files from outsite of the wwwroot folder on the fly or does everything need to be within the wwwroot folder? Cheers, Dave

How many websites will be in the database that start with t? or any particular letter. Your sql would want to look like this. SELECT * FROM table WHERE wwwfield like 'http://www.t%' If you only want 1 result then you would add SELECT * FROM table WHERE wwwfield like 'http://www.t%' limit 1 if the "http://www." is not stored in the database then you can just say: where wwwfield like 't%' Dave.

Hi All, I tried a seach but could not find anything. Is there a way for PHP to find the windows username of the current logged on user? I know it is possible, just dont know what language can do it, and if PHP can. Thanks, Dave

Still looking for help on this if anyone knows how to either generate calendar events and email (i assume using headers etc...) or any other integration / utilisation of exchange that php can manage. Thanks, David

Hi All, Just a quick question. When using PHP and returning a Micorosoft SQL datetime field, it always returns it as "September 1 2006 12:00 AM" instead of "09-01-2006 00:00:00" as its stored in the database... I'm hoping its just an option i can change somewhere as I just want it to return the normal value. Thanks for you help. David.

So you have data sitting in $_storage that you want to set to the $_SESSION variable. Can you print_R($_storage) and let me know how it looks. Thanks, Dave

Yes, going on from what Ken just said. The code above may help you move the array data, but I dont know why you would.

I don't think you can just say $s = $_SESSION; I think you will need to iterate through each value in the array and move it to the new array. I don't have any code but it would be similar to this... [code] <?php function movearray($given_array) {     foreach($_SESSION as $key => $value)     {       if (isarray($value))       {             movearray($value);         } else         {         $s[$key] = $value;         }     }  } ?> [/code] So that will go down as far as necessary through the arrays until it finds something that is not an array and moves it to $s. I havent tested it, but something similar to this should work. Cheers, Dave EDIT: Actually, looking over this, if there is sub array's it will not keep it. You should be able to modify it so that the if(isarray) should create the subarray, then add the values to that subarray. I hope that makes sense...

Hi All, Wondering if it is possible for php mail to mimick Outlook Calendar events? You know how you create an even and invite another member and it sends them an invite... Not quite after all that, but just a calendar event they can accept and it will put it in their calendar. And, is it possible to work with outlook/exchange in any other way from php? I'm doing a lot of stuff for my work at the moment but everything is individual, cant tie together outlook with emails and the webpage. Cheers, Dave

[code]function nicetrim ($s, $l) { // limit the length of the given string to $MAX_LENGTH char // If it is more, it keeps the first $MAX_LENGTH-3 characters // and adds "..." // It counts HTML char such as &aacute; as 1 char. //   $MAX_LENGTH = $l;   $str_to_count = html_entity_decode($s);   if (strlen($str_to_count) <= $MAX_LENGTH) {   return $s;   }   $s2 = substr($str_to_count, 0, $MAX_LENGTH - 3);   $s2 .= "...";   return htmlentities($s2); }[/code]

And just past that on this line [code]$sql_user_check = "SELECT username FROM users WHERE username='$username'";[/code] Where has $username been defined? It is defined later, but not before that line.

On a side note: I dont think its very smart from a design point of view to have a table per username. There should never really be the case where you need to do this either... Have a bit of a read into relational database structures and designs.

Well, there would be nothing stopping me from just going to edit.php?id=10 and editing it... So you should maybe think about a login page or restricting access to it somehow...

I would use a meta refresh url jobbie on that one... Google it. I would have thought that the page you open could be location1.php and at the top of that page you have header("Location: location2.php"); as nothing should be output to the browser yet...

Edit Plus

No. With mysql_fetch_array () you can specify whether you want to to be assoc or num. the default value is both. result_type     The type of array that is to be fetched. It's a constant and can take the following values: MYSQL_ASSOC, MYSQL_NUM, and the default value of MYSQL_BOTH.

That would kind of defeat the purpose of using these proxies to hide / manipulate your IP Address... There is never a solid way to keep someone out of your website. There is always a way to pretend that you are someone else... I'm not sure what your website does or how far people will go to create a new account, but here are a couple of things you could implement: Log the IP address: You might as well, now with broadband and static IP addresses being more common, this is still a good start. Require email verification / account activation: A lot of people only try to break / crack things because the oportunity is there. If you make a couple of extra hoops that they have to jump through to get it, some will just not bother... like me :) Random character validation: You know the thing where is shows you 6 or so random characters so that you have to enter it in to stop people using programs that will automatically fill in forms etc... again, just another hoop.

i have only had a quick look and dont see anything from first glance... However when you use a character, you addslashes then search on that... you dont end up removing the slashes etc when the data is returned to the page...