WatsonN

I know you need to escape your quotes in the HTML echo "<polygon fill=".$info['fill_colour']." stroke=\"black\" id=".$info['id']." points=".$info['coordinates']." />"; Should work

Setup a cron job on the server.

@scootstah Thank you very much for explaining that. I agree, but if mysqli is better I'll be glad to use it. It gives me a reason to make new stuff and play with my old code.

I have the same question, I have always used MySQL but now i'm hearing I should be using MySQLi? If so, why? What is so much better about this versus the old MySQL? I am simply curious. Thank you

How is the user logged in? Is it a cookie or something, show us your login code.

How are staff picks determined? Is there a table just for it or a column in your existing table for it or what? EDIT: adding missing information.

I looked over your code and your form is using POST but all your if statements are wanting a GET, this may be from one of your includes, but that may be part of why it isn't displaying what you want.

Use error_reporting(E_ALL); to check whats up, your cookie code worked for me. -- I only tested the setcookies

What exactly are you trying to achieve, I'm lost? I also noticed you said the second box doesn't work, it is most likely because it's the exact same thing as the first one and using the exact same MySQL query.

You could create a new page for each or you could put all your pages into a SQL database and use the GET or POST to call a certain row into the page.

I'm not sure how your page is set up but if your pulling the image by page id you could use GET or POST for the image name.

If you do it the way you are doing it, via the address bar, I would use custom names instead the file name. If you don't someone could call a filename and load one. You are not losing Google juice from doing that I personally include the header and footer but you can do it either way, it won't make a difference to the user.

I would seriously consider changing your username and password for your SQL server. Also, did you mean retrieve the votes, because it looks as if the submit code is there already?

<?php if($_GET['action'] == "add"{ /*Do stuff*/ } ?>

Echo out the content before and after trim where you think everything is being deleted and see what you can tell. I'm sorry, but I'm not doing it all for you, but I 'm more than glad to help

You can use mysql_real_escape_string() to prevent injections from user content. http://php.net/manual/en/function.mysql-real-escape-string.php A MySQL connection is required before using mysql_real_escape_string() otherwise an error of level E_WARNING is generated, and FALSE is returned. If link_identifier isn't defined, the last MySQL connection is used. Note: If magic_quotes_gpc is enabled, first apply stripslashes() to the data. Using this function on data which has already been escaped will escape the data twice. Note: If this function is not used to escape data, the query is vulnerable to SQL Injection Attacks. Note: mysql_real_escape_string() does not escape % and _. These are wildcards in MySQL if combined with LIKE, GRANT, or REVOKE EDIT: added notes