OldWest

Does it change if you have a slash after: $ourDir = "../templates" like $ourDir = "../templates/"

What's the output of just: $ourDir = "../templates"; $ourDirList = @opendir($ourDir); while ($ourItem = readdir($ourDirList)) { echo $ourItem; }

Can you post your code please for the select box?

Can you post the code you tried so far to generate and populate the list?

My first guess is the session settings in your php.ini local and remote are different.. Can you post your login script (with page) and one secure page?

Are you running the query directly in phpMyAdmin? Or can you send your php and html processing query script? Are you echoing all the fields in your php/html?

I am not sure of your experience with programming with php & mysql. But to answer your first question, there are several ways you can configure your code to be inserted into a database. You want to be sure the data being entered is sanitized - meaning it's free of any characters or symbols that could destroy your database or site files. There are several php functions that do just that. The password should use the php md5() function to create a hash of the password in the database for extra security. Using an SSL connection is also not a bad idea for passing secure data through an http connection. The password field type (in html) should be of type=password .. this will ensure the characters are dotted out for visual security.. Hope this helps some.

Pikachu2000, it was my bad on suggesting a new thread ... I just thought due to the nature it was better suited for the MySQL forum.. Apologies for the extra leg work.

Which line is 594 ? Possible causes: 1) Badly placed or missing curly braces.. 2) If this is part of a larger class, and you segmented the code with <?php ?>, could cause this. 3) Using short tags <? ?> instead of <php ?> possibly on something that is tied into this script or page. My suspicion tells me to start looking at this line: <option value="'.$data['credentials_id'].'">'.$data['credentials_name'].'</option></select>';

This may or may not work for your needs, but might give some food for thought: require_once 'xml_string.php'; if(!$xml=simplexml_load_string($xmlstr)){ trigger_error('Error reading XML string',E_USER_ERROR); } $xml->name->'root'->name='New Value'; echo $xml->asXML();

Does something like this help? function replaceNodeText($objXml, $objNode, $strNewContent){ /* This function replaces a node's string content with strNewContent */ $objNodeListNested = &$objNode->childNodes; foreach ( $objNodeListNested as $objNodeNested ){ if ($objNodeNested->nodeType == XML_TEXT_NODE)$objNode->removeChild ($objNodeNested); } $objNode->appendChild($objXml->createTextNode($strNewContent)); } $objXml= new DOMDocument(); $objXml->loadXML('<root><node id="1">bla</note></root>'); $objXpath = new domxpath($objXml); $strXpath="/root/node[@id='1']"; $objNodeList = $objXpath ->query($strXpath); foreach ($objNodeList as $objNode){ //pass the node by reference replaceNodeText($objXml, &$objNode, $strImportedValue); }

Nice. Thanks

This should be a rather simple operation to run. I am not sure about running on CLI (command line interface), but I would start with something using SimpleXML like: require_once 'xml_string.php'; if(!$xml=simplexml_load_string($xmlstr)){ trigger_error('Error reading XML string',E_USER_ERROR); } $message=(string)$xml->user[5]->name=='Alex Jones'?'User found!':'User not found!'; echo $message; Of course you will need to modify this to suite your needs, but should get you on the right path. Hope this helps.

Can you post up the XML? And also clarify when you want to achieve as an end result?

thorpe, I updated my script and it's working fine, but is this the best it can be in terms of security? Should I also escape the id and city_name? the id is auto increment inserted and city_name is a select box which has predefined values.. thanks for any critique. $title = mysqli_real_escape_string($cxn,$_POST['title']); // cleans the data that is passed. $description = mysqli_real_escape_string($cxn,$_POST['description']); // cleans the data that is passed. $query = "INSERT INTO Postings (id, city_id, title, description) VALUES ('','$_POST[city]','$title','$description')" or mysqli_error();

You will need to modify the code The Little Guy posted as well based on your table names etc.. And probably need to tweak that around some as well to do exactly what you need. YOU SHOULD SERIOUSLY TAKE THIS POST TO THE SQL FORUM TO VERIFY THE EXACT SQL YOU SHOULD USE TO RUN ON YOUR TABLES.

There is a tab in phpMyAdmin titled "SQL". Click on that. There will be a query in the textbox. Delete that and copy in the code that "The Little Guy" posted AT YOUR OWN RISK! ... But that's the idea.. Make sure you have a complete backup of your database and all table data etc before running any SQL on your stuff.. You can make a complete backup under tab "EXPORT" - click the checkbox "Save file as" and then run the export by clicking "Go".. SERIOUSLY USE THIS AT YOUR OWN RISK. YOU COULD LOSE ALL OF YOUR DATA IF THIS IS NOT DONE CORRECTLY! YOU'VE BEEN WARNED!

PFMaBiSmAd, thanks for the critique. i think i read about that deprecation somewhere on that addslashes().. the interesting thing is my form could not submit if i had any apostrophes, quotes, etc in my fields .. and by adding addslashes(), my submission would pass w/out errors.. but i guess thats even more dangerous off the top!

Are you using phpMyAdmin to view the database entries?

First off, can you please print the output of your queries using the <pre> format like this: echo '<pre>'; print_r($lmem); echo '</pre>'; Then I can probably give you some guidance to resolve your issue.

What format is the database? MySQL? Access? etc.. Or is it a spreadsheet like Excel?

And just as a side note. Not sure about the mysql statements, but the mysqli requires 2 arguments for it to work properly like: $cxn = mysqli_connect($host, $user, $pass, $db) or die("Could not connect to the server."); $id = mysqli_real_escape_string($cxn,$_GET['id']); $posts_by_city_sql = "SELECT id, city_id, title FROM postings WHERE city_id='" . $id . "'"; $posts_by_city_results = (mysqli_query($cxn, $posts_by_city_sql)) or die("Was not able to grab the Postings!");

For reference, here is the working code: $query = "INSERT INTO Postings (id, city_id, title, description) VALUES ('','$_POST[city]', '" . addslashes($_POST['title']) . "' ,'" . addslashes($_POST['description']) . "')" or mysqli_error();

Oh damn! I meant addslashes!! And I have it working now..

I am simply trying to use stripslashes for my mysqli insert statement, and errors are driving me nuts.. I've tried several variation and pattern with apostrophes and quotes to no avail. Should I even be using stripslashes to clean my data? Or is there a better function? Notice: Use of undefined constant title - assumed 'title' in C:\wamp\www\php\simple_classifieds\add_posting.php on line 57 $query = "INSERT INTO Postings (id, city_id, title, description) VALUES ('','$_POST[city]','" . stripslashes($_POST[title]) . "','$_POST[description]')" or mysqli_error();