Muddy_Funster

ok, never @suppress your database actions. Is there actualy a file being uploaded here? I see no check for if file exists...

Before going on, do you actualy have text fields with full text indexing on them in your table?

Option 1 - Just install an outdated varsion of PHP, where all the rest of the depreciated functionality still works too. Option 2 - edit the scripts so that they don't use short open tags then wait for the next problem. Option 3 - use an up to date version of the script that you are trying to install which doesn't require depreciated functions (ok, it's short open tags you need just now, this is before you even install it, imagine how many warnings and notices and other problems its going to throw once it's installed!). Option 4 - like option 3 but use a different SEO script that is up to scratch with modern language requrements.

yeah, you don't put quotes around table names or column lables (the example I used was backticks - they are something different - and were only there because there were spaces in the names you gave initialy) if you do that SQL Server thinks you are trying to pass it a string value instead of a refference

good luck with that, I hope your running on a Linux server, because (and I speek from experience) there just isn't an easy way to code it yourself on Windows.

1 - my first post on this thred (that you quoted) was against the use of select *, I was carying on the theme. 2- It's a simple basic example, please don't concern yourself with the securty of my code. Of couse I use selects, although when I'm feeling especialy paranoid I run them as stored procedures through an intermediary refference table making it twice removed from the front end. I have already made it clear that there is no need to pull the password out of the database for your initial complaint, it can be checked in place with no loss of end user support. I suppose we should stop masking password fields and show our passwords next to our names on our profile pages as well? What makes passwords different, what defines them, IS how we treat them. They aren't just another bit of information to stick against our name on a social networking site, they aren't supposed to be passed around like just another piece of data. PMSL I like it.

If you know the person that coded the cart in the first place it it's going to be about 100x better for you to wait for them you answer you than to go poking about in there yourself, either with or without the help of others.

Not if it's windows baised, PHP sendmail can handle SMTP authentication on a linux server, by altering the php.ini file to include it, but it's not supported in a windows environment. And PEAR Net_SMTP isn't even close to the easiest way to get the job done (in fact I don't think they could see each other with a telescope!), using some well documented third party stuff would probably be easier. If you do opt for the PEAR rout you'll find a heavily commented mail function on my blog page in my sig that you are free to use and abuse to suit your needs, it should take a little bit of the pain out of it (not much mind you).

let's see the exact query as you are trying to run it

hmm one way hashes have nothing to do with it. Let me try and break this down for you, you seem to be having dificulty here: signup -> hash your password -> put it in db -> login -> pull hashed password out of db during login check (along with every other bit of info as it's a SELECT *) -> sql injection captures hashed password for all users -> sql injection uses direct comparison with capured hash and stored hash to circumvent the point in hashing the password in the first place -> injection attacker has now got full access to any and all accounts. My point is, as long as you never return a password (hashed or not), it's never made available to anyone that doesn't already know it. your turn, explain why you would actualy return the password? What do you gain?

how adventurous are you feeling? You could use my old friend the PEAR Net_SMTP class for sending mail through authenticated SMTP if your feeling masachistic, or you can download a third party script library from a number of sites if you would preffer.

On the back of another thread with similar questions - ignore the word global, don't even think about coding with it. Right, on to your other questions, first some sample code for ilustration: <?php $name = getName('my Name'); include 'page2.php'; //page2.php has the function getName($name) in it $anotherName = getName('my Name'); ?> $name will fail, $anotherName will work. The code is efectivly parsed in a top down manner, so it will process the $name line then process every line in the page2.php then process the $anotherName line. This means that PHP has no idea about the getName() function untill after it has passed the $name line. However, PHP can "scan" the current page for the function definition and run it from anywhere on the same page as it is currently processing. This is an over simplification, but it should give you the idea. If the file is not included, and there is no other process used to access the code contained within that file then the current code file has no knowledge of it. Except when dealing with class libraries, these are preloaded at runtime and are accessable on any page. it is in these libraries that all of php's in built functions reside, hence why you don't have to include or refference any of these files directly. You can autoload your own libraries as well, but that's another topic.

it meens that 0 is the default value of $gmt. so if nothing is passed in for that when the function is called it will have a value. it saves enforcing a refference for a fairly static value and at the same time makes the function more robust as it won't fail with an "undefined variable" warning if no value is passed in. So for this example when the function is called $type MUST be some value at runtime, but $gmt will default to 0 if value is passed in for it.

as a rule of thumb - ignore the fact that global even exists (especialy, and I don't mean this in a nasty put you down kind of way, with your current knowledge regarding variable scope). If there is information you want to get into a function, refference it. If there is information you want to make available after the function has processed it's part, return it. Honestly, I'm not being derogatory about this: as well as other problems, when you get to making your own classes and librarys, rogue global's will seriously screw with your happines. It's a far better thing to learn now not to work with them, than to try and adapt your thinking and your code later on.

why would you post an SQL Server question in the MySQL forum, and not stipulate that you are in fact not using MySQL? What are your exact table names and column lables?

you could display the matching resultset from the database, after it's inserted. that would let you match against numerical array values rather than dynamic element names.

if you return the encrypted version of the password from the database, what's the point in encrypting it in the first place? seriously? not in any script directly accessable by an end user, no.

standard port for SMTP is port 25, not 26. The only reason it would be looking at 26 is if you had already altered your php.ini file.

look at mysql_real_escape_string() and urlencode() they should fix your problem

no problem, good luck

you want to use refferencing - here, some example code to ilustrate how variable refferencing works in functioin calls: <?php function exampleRefference($referenceVariable){ $q = "this refferences -| $referenceVariable |-\n<br>"; return $q; } $r = exampleRefference("direct string input"); echo $r; $variable = "sting input using a variable"; $r = exampleRefference($variable); echo $r; $r = exampleRefference("\$variable"); echo $r; ?> produces the following: this refferences -| direct string input |- this refferences -| sting input using a variable |- this refferences -| $variable |- Does that help any?

well you never actualy execute the $editQuery statement....

there in lies the problem, here's a hint: your $myUname is set in the page code, your $q query is being run in the displayMembers() function...

please explain

something like SELECT (cars.price * sales.totalSales) as revenue FROM cars INNER JOIN sales ON ( cars.`car code` = sales.`car id` ) GROUP BY cars.`car code`