Posts by hielo

You need ... LIMIT offset, rowCount -- ex:

SELECT blabla
FROM a INNER JOIN b ON a.a = b.b
ORDER BY a.id DESC LIMIT 50, 10

will give you at most 10 rows, starting with row 50.

Upon closer inspection I see that you are mixing mysqli_ (with an "i") with mysql_ ( without an "i") functions. To clarify, you are connecting to the database using mysqli_connect, but then you are using mysql_real_escape_string() and mysql_query(). Stick with mysqli_ since mysql_ function are now deprecated. Read the manual to see how mysqli_query() is different from mysql_query(). The same goes for the other function. The number of parameters are different, so just adding and "i" to the function call will not work.

Copy and paste the following into your index.php file. The connect-db.php file is the same I posted earlier. Read through the comments to understand what the code is doing.

<?php
# specify your table first
$mysql_db = 'attendance';

# include your db connection file
require 'connect-db.php';

# if it makes it here, then the connection was successful.  Do your select * FROM $mysql_db
# AFTER the updates (see line 87) so that your page may reflect the updated information.

# this will be used to save any potential errors
$feedback=Array();

// Now there is student_id hidden field in the first column.  It should correspond to the unique id 
// record on your table.
if( array_key_exists('student_id',$_POST) )
{
    // Notice that the name of the hidden field is "student_id[]" (with brackets at the end).  This
    // way PHP "sees" an array of student_id fields.
    foreach($_POST['student_id'] as $id)
    {
        $id = intval($id);
        // The corresponding fields for a given row also have the student_id. So, instead of 
        // name="present", …

Try:

function getWorkingDays($startDate, $endDate, $holidayList)
{
    $working_days = 0;
    $begin = strtotime($startDate);
    $end = strtotime($endDate);
    if($begin > $end)
    {
        echo "startdate is in the future! <br />";
    }
    else
    {
        foreach($holidayList as $k=>$v)
        {
            $holidayList[$k] = strtotime($v);
        }

        $no_days = 0;
        $weekends = 0;
        $holidays = 0;
        while($begin <= $end)
        {
            $no_days++;
            $what_day = date("N", $begin);
            if($what_day > 5)
            {
                $weekends++;
            }
            elseif( in_array($begin,$holidayList) )
            {
                $holidays++;
            }
            $begin += 86400;
        };
        $working_days = $no_days - ($weekends + $holidays);
    }
    return $working_days;
}

The second parameter of function createChatBox(chatboxtitle,minimizeChatBox) should be chatName (not minimizeChatBox) since you are using chatName on line 19.

I have declared the variables in the register_new.php script as $username=$_POST['username'];
$passwd=$_POST['passwd'];

The problem is not $username. The problem is $_POST['username']. If your page is hosted at yoursite.com/member.php, when you type that url directly onto the browser's address bar you are submitting a GET request (or if you have a <form> that does not explicitly specify method="post", it defaults to a GET request), not a POST request. Yet, line 8 of your script assumes that there is a field/key named username in$_POST. You need to test to see if username exists in $_POST before you attempt to use it. Try:

<?php
// include function files for this application
require_once('require_fns.php');
session_start();

//create short variable names
$username = null;
$passwd   = null;

if( array_key_exists('username', $_POST) )
{
    $username = $_POST['username'];
}

if( array_key_exists('passwd', $_POST) )
{
    $passwd = $_POST['passwd'];
}

if ($username && $passwd) {
// they have just tried logging in
  try  {
    login($username, $passwd);
    // if they are in the database register the user id
    $_SESSION['valid_user'] = $username;
  }
  catch(Exception $e)  {
    // unsuccessful login
    do_html_header('Warning:');
    echo 'You have not filled the form out correctly.
          Please go back and try again.';
    //do_html_url('login.php', 'Login');
    do_html_footer();
    exit;
  }
}
do_html_header('Home');
check_valid_user();
// give menu of options
display_user_menu();
do_html_footer();
?>

How could I request id, name only from users for example

In general, you would just need SELECT tableName.columnName, otherTableName.columnName FROM ....

The order in which you list the columns/fields after the SELECT doesn't matter. So you could do:
SELECT user.id, user.name, forums.lastAutherID FROM forums INNER JOIN users ON forums.lastAuthorID = users.id or SELECT forums.lastAutherID, user.id, user.name FROM forums INNER JOIN users ON forums.lastAuthorID = users.id.

As a matter of fact, just because you can have a JOIN between/among tables it does not mean you are required to select a field from evey joined table. As an example, the following selects only from user table even though there is an inner join with forums:
SELECT user.id, user.name FROM forums INNER JOIN users ON forums.lastAuthorID = users.id.

Oh and is it possible to mash more than 2 tables

Yes. Just add more join clauses ON the related column. For example, on your original post, forums.lastAuthorID is related to user.id. So if you have a other tables with fields user_id that are also related to user.id, then your query would be:

SELECT * FROM (forums INNER JOIN users ON forums.lastAuthorID = users.id
                                             (INNER JOIN thirdtable ON thirdTable.user_id = user.id)
                                             (INNER JOIN fourthtable ON fourthTable.user_id = user.id)
                             )

try:
SELECT * FROM forums AS F INNER JOIN users AS U ON F.lastAuthorID = U.id

To help you understand ... forums AS F simply makes F an alias for forums. Similarly, ... users as U makes U an alias for users. The AS keyword is optional, so it could have been written as
SELECT * FROM forums F INNER JOIN users U ON F.lastAuthorID = U.id and it still would have worked. You are not required to "alias" the table names, so you could have also written it as SELECT * FROM forums INNER JOIN users ON forums.lastAuthorID = users.id. Notice that the ON clause uses the actual table names since there are no prefixes.

If you are going to use header('Location: ...'), you cannot use echo. So your else clause should be:

            ...
            else
            {
                $_SESSION['id'] = $row['id'];
                $_SESSION['user'] = $myusername;
                $_SESSION["startTime"] = date("r");

                //you call header AFTER you have set your session variables.
                header("Location: index.php");
                exit;
            }

However, i would also like to get the roleid returned

That implies that you don't know the initial roleid. So your function should not be accepting $roleid and shouldn't be part of the WHERE clause since you don't know what it is. Try:

function getUserRole($username)
{
    $roleid = false;
    $con=dbConnect();
    $query="select userrole.roleid from user 
                    inner join userrole on user.id = userrole.userid 
                    inner join role on role.id = userrole.roleid 
            where username = :username";
    $sql=$con->prepare($query);
    $sql->bindValue(':username',$username);
    $sql->execute();
    $sql->store_result();
    if($sql->num_rows>0)
    {
        $sql->bind_result($roleid);
        $sql->fetch();
    }
    $sql->free_result();
    $sql->close();
    $con->close();
return $roleid;
}

The main issue is, it's not detecting any vulnerability

How do you know that it is not detecting any vulnerabilities? Are you echoing (and inspecting) the intermediate results

so it doesn't post into injection_result table

Well, that's because what you have is a hybrid of the INSERT and UPDATE statements. The correct syntax is:

INSERT INTO `tableName` (`fieldName1`,`fieldName2`) VALUES ('value1', 'value2');
-- and for updates
UPDATE `tableName` SET `fieldName1` = 'value1', `fieldName2`='value2'

After executing a query, you should check to see if it fails. You are not doing error checking after executing queries. Otherwise you would have found the error.

I want to know if I can use the event listener to help trigger a php code that will make a query to update that specific user

Yes. Give all your update buttons a common class, and your delete buttons a common class (see sample code below). Then you bind an event listener for the update buttons, and one for the delete buttons. If you give your <tr> an id that references the EmployeeID (assuming that EmployeeID is unique on that query result), then you can determine which record to UPDATE/DELETE.

<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.2/jquery.min.js"> </script>
<script>
$(document).ready(function()
{

        $('.update-button').on('click', function(){
                        // go to jquery's site and read about the closest() method
                        var tr = $(this).closest("tr");

                        // you will need to "collect" the data in the text fields
                        // since this is what the user has changed
                        var fields={};
                        $("input",tr).each(function(){
                            //here I am dynamically creating:
                            //  fields.firstname and assigning it its corresponding text field value
                            //  fields.lastname and assigning it its corresponding text field value
                            fields[$(this).attr("name")] = $(this).val();
                        });

                        fields.action_requested="update";

                        // if you open your page in chrome and do right-click > inspect > console
                        // you should see the contents of fields
                        if( typeof(console)!='undefined')
                        {
                            console.log( 'fields=',fields );
                        }

                        //send the data to process.php
                        $.ajax({ method: "POST",
                                  url: "process.php",
                                  data: fields
                                })
                               .done(function( msg ) {
                                    alert( "Data Saved: " + msg );
                                });
                });

        $('.delete-button').on('click', function(){
                        // go to jquery's site and read about the closest() method
                        var tr = $(this).closest("tr");
                        var fields={'action_requested':'delete'};
                        // …

Please provide a sample value for $row_pages['link'] and $row_injection_text['injection_code'].

On line 11, where are you initializing $row_injection_text? I am wondering if you meant to write $row_pages?

On line 20 of Page 2, you are expecting a "field/parameter" named "engineers" as a POST request, but on line 13 of Page 1, you are not passing an object -- you need to extract the value of #engineers and pass it onto to Page 2. The load() method will emit a POST request if you pass an object as a second argument OR a GET request if you pass a string. Since Page 2 uses $_POST, then on line 13 of Page 1 you need:

$('#display_info').load('sqlPage2.php', {'engineers': $('#engineers').val()}  );

For the sake of completeness, if you wanted to use $_GET on Page 2 instead, then you would need:

$('#display_info').load('sqlPage2.php', 'engineers='+ encodeURIComponent( $('#engineers').val() )  );

Lastly, on Page 2 you should be generating just the <table> markup, not the <html>,<head>,<body> tags. As a matter of fact,
Page 2 is sending code to "re-include" the jquery library. Your Page 1 already included jquery, and since you are using ajax, the browser does not refresh the page -- which means that you don't "loose" the jquery library when you send the request.

As for the <table> on Page 2, the first <form> tag should "hug" the <table>. The second <form> seems unnecessary. Since you are using ajax, the page actually loaded is Page 1, but your second form is targetting Page 2. The net effect is that the browser will navigate to Page 2. You should be really refreshing Page 1.

<?php
//Page 2
    $servername = 'localhost';
    $username = 'root'; …

I find some of the OO aspects a bit confusing: It seems that an image is turned into an object simply to be able to process it from within an array, programatically.

If I am not mistaken, you are referring to lines 17- 23 on your original post. If so, all that it is doing is is pre-loading the images to ensure that the browser caches the images. That way when the rollover effect is triggered, instead of fetching the images from the server, the browser will use the cached images. If you don't cache the images, every time you swap the images, the browser will fetch the image from the server. If you are on a slow internet connection, you will experience a "flicker" effect while the image loads directly from the server.

On your original post I see:

<img src="/images/black_menu1.jpg" name="button1" width="185" height="30" border="0">

which indicates that black_menu1.jpg is the "initial" image that appears where the <img> tag is located. The question is, does it render properly upon initial page load? If so, then that implies that your site has a top-most folder named images, and hopefully all the images you are trying to preload are in that folder.

var path = '/images/';

should be:

var path = '/';

You need to do the iteration on the server (via PHP). Since all four of your PHP array have the same number of elements, iterate over one of them and use that numeric index to retrieve the equivalent element from the other arrays. Try:

<?php 
$tipi = array("asd","222","dda","xcs"); 
$gun = array("qwe","vvv","zzz","bffg"); 
$ay = array("asd","bbb","23a","wqe"); 
$yil=array("zzz","sad","cxc","zxca"); 
?>
<script type="text/javascript"> 
var tipi = new Array();
var gun = new Array(); 
var ay = new Array();
var yil = new Array();
<?php
for($j=0,$limit=count($tipi);$j<$limit;$j++)
{
    echo 'tipi[',$j,']="',str_replace('"','\\"',$tipi[$j]),'";',PHP_EOL;
    echo 'gun[',$j,']="',str_replace('"','\\"',$gun[$j]),'";',PHP_EOL;
    echo 'ay[',$j,']="',str_replace('"','\\"',$ay[$j]),'";',PHP_EOL;
    echo 'yil[',$j,']="',str_replace('"','\\"',$yil[$j]),'";',PHP_EOL;
}
?>
</script>

You can easily troubleshoot your problems provided you have the right tools:
A. Colorzilla extension for Firefox
Once this extension is installed, you can click on it to "activate" it for the page currently loaded on your browser. Then hover on the menu you are interested and once you are on the red sub menu, clicking it will cause colorzilla to "capture" that color. You can then retrieve the color name from the plugin and search for it in you source code (which could be inline css or a linked css file).

B. Web Developer Toolbar
Once installed you can click on CSS > View Style Information. After doing this, you can then mouse over the submenu of that you are interested in. You will then see a changing DOM "path" to the element that you are after (including IDs and CLASS names). If you know the ID and/or CLASS name of the elements you are interested in, then you can search for that ID and/or CLASS in your css.

C. Firebug Extension for Firefox
You can just right click on the sub-menu item that you are interested in and then choose "Inspect with Firebug". You should see some "sub-window" with a left and a right "pane" On the left pane you can click on the exact item you are after (ex: a span, div, etc) and on the left you will see the css for that item.

In case you are curious, …

Load the page in your browser. Then view the source code. Within the source code look for:
#D50512

That is the "red" color that you are seeing.

try:

$result = mysql_query("SELECT * FROM comments") or die(mysql_error());
while( $row = mysql_fetch_assoc($result) )
{
  echo $row['alias'], ': ', $row['comment'], '<br />', PHP_EOL;
}

<input name="name"... /> should be name="username"... />. You your comment:
// Set cookie / Start Session / Start Download etc... is inaccurate. You need to start the session BEFORE you even begin sending any output. That means that you cannot start the session after you have send <html>...

Try the attached code instead:

<?php
session_start();
$DEBUG=true;
$SELF=basename(__FILE__);
?>
<html>
<body>
<?php

$link = mysql_connect('localhost', 'username', 'password') or die('Could not connect: ' . mysql_error()); 
echo 'Connected successfully'; 
mysql_select_db('database') or die(mysql_error()); 


if(isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']))
{  
    $username = mysql_real_escape_string($_POST['username']);  
    $password = mysql_real_escape_string($_POST['password']);  

    $sql="SELECT `active` FROM `users` WHERE `username`='".$username."' AND `password`='".$password."'";
    $search = mysql_query($sql) or die(mysql_error());  
    $match  = mysql_num_rows($search);  

    if($DEBUG)
    {
        echo '<br />Executed: '.htmlspecialchars($sql,ENT_QUOTES);
        echo '<br />Total Matches: '.$match;
    }
}  

if($match==1){  
    echo '<p>Login Complete! Thanks</p>';  
    // Set cookie / Start Session / Start Download etc...  
}
else
{ 
    echo  '<p>Login Failed! Please make sure that you enter the correct details and that you have activated your account.</p>';  
}  
?>          


        <h3>Login Form</h3>  
        <p>Please enter your name and password to login</p>  



        <!-- start sign up form -->  
        <form action="<?php echo $SELF; ?>" method="post">  
            <label for="name">Name:</label>  
            <input type="text" name="username" value="" />  
            <label for="password">Password:</label>  
            <input type="password" name="password" value="" />  

            <input type="submit" class="submit_button" value="Login" />  
        </form>  

</body>
</html>

save the code below as a single file named hielo.php and try it:

<?php
$SELF=basename(__FILE__);
?>
<html>
<head>
<title>Search the Database</title>
<style type="text/css">
form{display:block; text-align:center;}
table#dbSearch{border:3px double black;width:50%;margin:0 auto;text-align:left;}
table#dbSearch tbody tr td{padding:.5em 0px;border-bottom:3px double black;}
label{display:block;width:45%;text-align:right;float:left;font-weight:bold;}
select{border:1px solid #999999;}
option{min-width:10em;}
td.buttonContainer{text-align:center;border-bottom:0px solid black !important;}

table#dbResult{border:3px double black;width:90%;margin:0 auto;text-align:left;}
</style>
</head>
<body>
<form action="<?php echo $SELF; ?>" method="post">
<table id="dbSearch">
	<tbody>
		<tr>
			<td>
				<label for="name">Enter Name:</label>
				<select id="name" name="searchterm[0]">
                    <option value="">Select Names</option>
                    <option value="Pink">Pink</option>
                    <option value="Jhon">Jhon</option>
                    <option value="Foysal">Foysal</option>
                    <option value="Aparna">Aparna</option>
				</select>
			</td>
		</tr>
		<tr>
			<td>
				<label for="year">Enter Year:</label>
				<select id="year" name="searchterm[1]">
                    <option value="">Select Year</option>
                    <option value="2000">2000</option>
                    <option value="2001">2001</option>
                    <option value="2002">2002</option>
                    <option value="2003">2003</option>
                    <option value="2004">2004</option>
                    <option value="2005">2005</option>
                    <option value="2006">2006</option>
                    <option value="2007">2007</option>
                    <option value="2008">2008</option>
                    <option value="2009">2009</option>
                    <option value="2010">2010</option>
                    <option value="2011">2011</option>
                    <option value="2012">2012</option>
               </select>
			</td>
		</tr>
		<tr>
			<td>
				<label for="month">Enter Month:</label>
				<select id="month" name="searchterm[2]">
					<option value="">Select Month</option>
                    <option value="January">January</option>
                    <option value="February">February</option>
                    <option value="March">March</option>
                    <option value="April">April</option>
                    <option value="May">May</option>
                    <option value="June">June</option>
                    <option value="July">July</option>
                    <option value="August">August</option>
                    <option value="September">September</option>
                    <option value="Octobar">Octobar</option>
                    <option value="November">November</option>
                    <option value="December">December</option>					
				</select>
			</td>
		</tr>
		<tr>
			<td class="buttonContainer"><input type="submit" name="Submit" value="SEARCH" /></td>
		</tr>
	</tbody>
</table>
<?php
if(isset($_POST['Submit']) && 'SEARCH'==$_POST['Submit'])
{
	$searchOptions=array('0'=>'name','1'=>'year','2'=>'month');
	mysql_connect('localhost','root','...') or die(mysql_error());
	mysql_select_db('birth') or die(mysql_error());
	foreach($_POST['searchterm'] as $index=>$value)
	{
		if(empty($value))
		{
			unset($_POST['searchterm'][$index]);
		}
		else
		{
			// LIKE search
			$_POST['searchterm'][$index]=sprintf("(`%s` LIKE '%%%s%%')",$searchOptions[$index], mysql_real_escape_string($value) );

			// EQUAL search
			//$_POST['searchterm'][$index]=sprintf("(`%s`='%s')",$searchOptions[$index], mysql_real_escape_string($value) );

		}
	}
	
	//OR search
	$sql='SELECT * FROM `entry` WHERE '.implode(' OR ',$_POST['searchterm']);
	
	//AND search
	//$sql='SELECT * FROM `entry` WHERE '.implode(' AND ',$_POST['searchterm']);

	$result=mysql_query($sql) or die(mysql_error());
	$total=mysql_num_rows($result);
	if(0==$total)
	{
		echo '<p>No results found.</p>';
	}
	else
	{
		$row=mysql_fetch_assoc($result);
		echo '<p>Total items found:',$total,'</p>';
		echo '<table id="dbResult"><thead><tr><th>',implode( …

There was some problem on the result page,...

You mean syntax problem? I noticed that you have <select name="name[]"...>. What field on the db should be searched when this list is selected? On your posts I keep seeing SELECT * FROM entry WHERE 'wre' LIKE. Do you really have a field name wre?

Also, change ALL your:
<option>XXX</option> to <option value="XXX">XXX</option>

I take it this is a problem with language, rather that an imperative.

Assuming you are correct about that, all I have to say is "LOL".

You are not allowed to nest HTML forms. To clarify, this is NOT allowed:

<form action="test1.php">
  ...
  <form action="test2.php">
    ...<input type="submit" value="Inner Submit" />
  </form>
  ...<input type="submit" value="Outer Submit" />
</form>

You have to get rid of the inner form(s). You can nest the entire table within a "master" form:

<form name="EditHome" method="post" enctype="multipart/form-data" action="SaveHome.php">
<input type="hidden" name="id" value="<?= $id ?>">

<table align="center" width="100%" border="0" bgcolor="f59422" cellspacing="0" cellpadding="0">


<tr>
<td valign="top" height="50">
    <table width="100%">
    <tr>
<td valign="top" height="50">
    <table width="100%" bgcolor="f8ab60">
    <tr>
    <td valign="top">
	    <table width="100%">
	    <tr>
		<td valign="top">
		<!-- <FORM> -->
<INPUT TYPE="button" VALUE="Return to Property Admin" onClick="parent.location='property_admin.php'">
<!-- </FORM> -->
</td>
<td valign="top">
		<!-- <FORM> -->
<INPUT TYPE="button" VALUE="Add a Picture" onClick="parent.location='AddPicture.php?home_id=<?= $id ?>'">
<!-- </FORM>  -->
</td>
<td valign="top">		
		<input type="submit" value="SAVE"  />
		
		</td>
		</tr>
		</table>
    </td>
    </tr>
    </table>
</td>
</tr>
</tr>

    </table>
</form>

if you had:

var strA="abc123def";
var strB="123";

/* then the following would be used to check if str "contains" one or more consecutive digits */
var re=/[0-9]+/;

alert( re.test(strA) );//true - strA contains digits
alert( re.test(strB) );//true - strA contains digits

/* however, the following checks to see if it "consists entirely" (think "equals") of digits */
var re=/^[0-9]+$/;
alert( re.test(strA) );//false - strA does NOT consist entirely of digits
alert( re.test(strB)  );//true - strA consists entirely of digits


/* this one would be for a string that "ends" in digits (regardless of what is at the beginning) */
var re=/[0-9]+$/

/* this one would be for a string that "starts" with digits (regardless of what is at the end) */
var re=/^[0-9]+/

Look for online tutorials on regexs. It will be more productive for you if you first read up a "formal" regex tutorial.

...
<a href="http://{target}"><xsl:value-of select="name" /></a><br />
...

rename Member_Library_Trial.html to Member_Library_Trial.php

AND also change: <?php $_SESSION['name']?> to: <?php echo $_SESSION['name'];?>

well, I see three function calls bolded, but what you need to do is call just ONE function and from that function you do your first ajax call. On that first ajax call, you should have a callback function - the function that executes upon completion of the ajax request. WITHIN THAT callback function call your other ajax function - ex:

<script>
function clickHandler(cb){
  disablebatch(); 
  //assuming that the following two are making the ajax calls
  //then calling these sequentially will still give you problems
  //  selectinactivecourse(cb.checked); 
  //  allbatches(cb.value);
  //
  //instead call the first one, passing the checkbox reference
  //(intead of just true/false):
  selectinactivecourse(cb); 
}

function selectinactivecourse(checkBox)
{
  //here you checkBox.checked will evaluate to true or false
  //depending on the state of the checkbox. So by passing the reference
  //to the checkbox you still can get the needed info you had previously
  var isChecked=checkBox.checked;

   //doyour ajax stuff
   xhr=...;
 
  //here you have your anonymous callback function
  xhr.onreadystatechange=function(){
     if( xhr.readyState==4)
     {
        allbatches(checkBox.value);
     }
   };

  xhr.send(...);
}
</script>
<input type="checkbox" value="<?php if(isset($_POST['inactive_check'])) echo $_POST['inactive_check']; ?>" onclick="clickHandler(this)" id="inactive_check" name="inactive_check" <?php if(isset($_POST['inactive_check'])) echo "checked";?>></div><div style=" float:left; padding-top:2px; padding-left:5px;">

A. at the end of line 17 you have horizontal[fishPos[fishNumber] . That's a syntax error. You are missing a closing bracket after fishNumber .

B. On line 24 you have setInterval(fish1Swim, 100); , but there is no such thing as function fish1Swin(){...} declared anywhere, so I don't see how you can claim that you can make one fish swim (especially after the syntax error outlined on point A.). What you do have is function swimFish(){...} which expects a number, so what you need to do is call it once foreach of your fishes:

function startSwimming() {
        setInterval("fishSwim(1)", 100);
        setInterval("fishSwim(2)", 100);
        setInterval("fishSwim(3)", 100);
}

c. fishPos is declared as number on line 9, but you are using it as an array in lines 17-20. Also, based on lines 18-20, it seems like you are "depending" on something like fishPos[1] for fish1, fishPos[2] for fish2, etc. So line 9 should be changed to an array where indices 1,2, and 3 are required to be initialized:

//the -1 is irrelevant. It's indices 1-3 that you need for fishPos[1]-fishPos[3].
var fishPos = [-1,0,0,0];

If you implement the changes above, you should see three fishes swimming in unison across the street. I'll leave it up to you to make them swim in different directions/rates.

try not to use the decrated method

I meant to write "deprecated".

you need to make sure that $_POST is an array. When none of the options is selected, then there is NO such thing as $_POST!!!

if( is_array($_POST['licences']) )
{
  $temp = implode(",<br />", $_POST['licences']);
}

if keyup does not work, try keypress :

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
	<head>
		<title>hielo</title>
<script src="http://code.jquery.com/jquery-latest.js"></script>
<script type="text/javascript">
$(function(){
	$('#description').bind('keyup',function(){
		var val=this.value;
		$('input[name=fruit]').each(function(){
				this.checked=val.indexOf(this.value)>-1;
		});
	});
});
</script>
	</head>
	<body>
	<div><input type="checkbox" name="fruit" value="orange"/>Oranges</div>
	<div><input type="checkbox" name="fruit" value="apple"/>Apple</div>
	<div><textarea name="description" id="description" rows="7" cols="50"></textarea></div>
	</body>
</html>

making the question I shall ask a fair question.

So what's your question. You never actually asked a question.

On another note, when posting "blocks" of code, wrap them in [ CODE ] and [/ CODE ] (without the spaces around the word "CODE" - I used spaces so you can see the needed syntax). Alternatively, you can press on the "button" labeled CODE on the editor. Here's what it would look like if you do it right:

var str="hello";
alert( str );

To write inline-code (highlight a single code statement) use [ icode ] and [/ icode ]. Notice how alert("hello"); is highlighted when you use icode.

look at the success option.
http://docs.jquery.com/Plugins/Validation/validate#toptions

You can see a full demo at http://jquery.bassistance.de/validate/demo/milk/ (look at the source code)

jQuery.ajaxSetup( ) will allow you to setup async as default

did you try the remote option? On the server, you should check for $_GET and return true OR false (lowercase) without any leading and/or trailing spaces.

$(document).ready(function() {

    $("#register_form").validate({
        onkeyup:false,
        rules: {
            username: {
                required: true,
                minlength: 3,
				remote:"username_availability.php"// remote check for duplicate username
            }
        },
        messages: {
            username: {
                required: "username is required.",
                minlength: jQuery.format("username must be at least {0} characters in length."),
                remote: jQuery.format("{0} is already in use")
            }
        }
    });
});

<?php
include('database_connection.php');                                  
if (isset($_POST['username'])) {                                                               
    $username = mysql_real_escape_string($_POST['username']);                                  
    $check_for_username = mysql_query("SELECT user_id FROM users WHERE username='$username'"); 
    if (mysql_num_rows($check_for_username)) {
        echo "true";                                                                           
    } else {
        echo "false";//No Record Found - Username is available
    }
}
exit;
?>

Prepared Statements are a mechanism/feature to prevent sql injection.
PDO, mysql, mysqli are "software layers" that allow you to interact with the db server, but not all of them support prepared statements.

-only PDO and mysqli support prepared statements.
-mysql and mysqli can be used only with mysql database server
-pdo can be used with various db servers

I prefer to use PDO since it does support prepared statements and it gives me the flexibility to potentially change to a new host where the db server might NOT be mysql but say postgresql.

you have to return false when there is an error. Since you are NOT doing that, the form gets submitted and quickly reloaded (hence the "flash"). Try:

function validate() {
	var ok=true;
	ok=ok && firstname();
	ok=ok && lastname();
return ok;
}

function firstname() {

	var x=document.forms["signup"]["firstname"].value;
	if (x==null || x=="") {
		document.getElementById("error").style.visibility = "visible"; 
		document.signup.firstname.focus();
		return false;
	}
return true;
}
function lastname() {

	var x=document.forms["signup"]["lastname"].value;
	if (x==null || x=="") {
		document.getElementById("error").style.visibility = "visible"; 
		document.signup.lastname.focus();
		return false;
	}
return true;
}

a comma separated list of email addresses is OK. It is even shown in example 4 on the manual:
http://php.net/manual/en/function.mail.php

Your problem is that you keep using document.write AFTER the page has loaded. You should only use it WHILE the page is still loading. Try creating a div with an id and whatever you intend to put via document.write, instead insert it into the div. Also, on the <a> tag, just use href="#" instead of href="javascript:" - ex:

<html>
<head>
<title>Hello everyone</title>
</head>
<body>
<script type="text/javascript">
window.onload = initAll;
function initAll(){
actRedirect();
}
function actRedirect(){
var actLink = document.getElementById("activeRedirect");
actLink.onclick = redirectNow;
}
function redirectNow(){
 window.setTimeout(function(){window.location.href='http://google.com';}, 5000);
 document.getElementById('target').innerHTML="Please wait, you will be redirect to google soon!";
}
</script>
<div id="target"></div>
<a href="#" id="activeRedirect"> Redirect to Google now.</a>
</body>
</html>

read comments in code below:

//queue that keeps track of which requests are currently active
var ajaxRequest=[];

//this function is where you would be making your ajax request
function requestPage(url)
{
  //now see if url is within ajaxRequest. If so, then just return
  var tempQ = ',' + ajaxRequest.join(",") + ',';
  if( tempQ.indexOf(url) > -1 )
  {
   return false;
  }

  //if you make it here, there is no ongoing request to the specified url
  //so be sure to add it to the queue
  ajaxRequest[ajaxRequest.length]=url;

  /* here is the rest of your code that is supposed to emit the ajax request
     I expect you to have an onreadystatechange function somewhere here. You need to make sure you remove the url from the queue when the request has completed - ex: UNSTESTED */
  http.onreadystatechange=function(){
    if( http.readystate==4 )
    {
       if( http.status==200 )
       {
          //request was successful
          ...
       }
       tempQ = tempQ.replace(',' + url + ',' , '');
       ajaxRequest=tempQ.substring(1,tempQ.length-1).split(",");
    }
  };
}

Change line 14 from this: clickLink.onClick = promptWhatsName(); to this: clickLink.onclick = promptWhatsName;

<?php
//your page must start by calling session_start() first:
session_start();

//THEN you can begin saving data onto $_SESSION
//assuming that in YOUR example, $details is an array - ex:
$details=array('firstName'=>'john', 'lastName'=>'doe');

//then you just assign the array to $_SESSION
$_SESSION['ecart']=$details;
?>

page2.php
<?php
//If you need to retrieve the $_SESSION in page2.php, you MUST call session_start() first
session_start();

echo $_SESSION['ecart']['firstName'];
?>

search for articles on CURL:

<?php
if( isset($_POST['send']) )
{
	//Connect to DB server
	$conn = mysql_connect('localhost','root','') or die(mysql_error());

	//Select database
	mysql_select_db('ems',$conn) or die(mysql_error());


	$FName = mysql_real_escape_string($_POST['FName']);
	$LName = mysql_real_escape_string($_POST['LName']);

	$sql = "INSERT INTO `ems`.`tbl_dummy` (`FName`, `LName`) VALUES ('$FName', '$LName');";
	mysql_query($sql) or die(mysql_error());
	
	$params=array();
	$params[]="FName=".urlencode($_POST['FName']);
	$params[]="LName=".urlencode($_POST['LName']);

	$ch = curl_init(POSTURL);
	curl_setopt($ch, CURLOPT_POST ,1);
	curl_setopt($ch, CURLOPT_POSTFIELDS, implode('&', $params) );
	curl_setopt($ch, CURLOPT_FOLLOWLOCATION  ,1);
	curl_setopt($ch, CURLOPT_HEADER      ,0);
	curl_setopt($ch, CURLOPT_RETURNTRANSFER  ,1);
	$data = curl_exec($ch);
}
else
{
	$data=<<<BLANKFORM
	<form action="{$_SERVER['PHP_SELF']}" method="post" enctype="application/x-www-form-urlencoded" id="frm_test">
		<label>First Name: </label><input name="FName" type="text" /><br />
		<label>Last Name: </label><input name="LName" type="text" /><br  />
		<input name="send" type="submit" value="Save" />
	</form>
BLANKFORM;

}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>PHP TO ASP :: testing only</title>
</head>
<body>
<?php echo $data; ?>
</body>
</html>

WRONG:

xmlhttp.send("username=" + username.value);
 xmlhttp.send("password=" + password.value);

You cannot call send() multiple times. You must call it exactly once. To pass multiple parameters you must separate each value with an ampersand and you should encode each value:

xmlhttp.send("username=" + encodeURIComponent(username.value) + "&password=" + encodeURIComponent(password.value) );

At the top of each page, will it lose any function?

No

I.e. will the search engines that are looking for meta tags still see them?

Yes. Ultimately if you have index.php and within index.php you put include 'meta.php'; the browser will ultimately receive the HTML in meta.php but will NOT know that it is actually in meta.php. The browser "thinks" that it is from index.php. The same goes for the search engines.

can i use the mysql_fetch_array twice in different places in my code

Yes

Probably the easiest solution is to build a complete unique array in the first loop, and use that

My suggestion would be to reset the pointer to the query result. IMMEDIATELY BEFORE the SECOND while put mysql_data_seek($rs, 0); http://us2.php.net/manual/en/function.mysql-data-seek.php

You need to convert your date STRINGS to an actual date first - Try:

/* http://dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html#function_str-to-date */
$startDate='12-10-2010';
$endDate='15-12-2010';

$sql= "SELECT * FROM `tblPerson` WHERE `subscriptionDate` BETWEEN 
STR_TO_DATE('$startDate','%d-%m-%Y') AND STR_TO_DATE('$endDate','%d-%m-%Y')";

try:

SELECT * FROM table WHERE type='cool' AND (id NOT IN(2,3,5) )

//you can use an associative array and retrieve $args['foo'] $args['lorem'] within the function
$a=array("foo"=>'bar', "lorem"=>'ipsum');
example( $a );

//OR you can cast it to a "generic" object and access it at $args->foo and $args->lorem 
$a= (object) array("foo"=>'bar', "lorem"=>'ipsum');
example( $a );

You can use:

echo $item["label"] . ": " . $item["value"] . "<br />" ;

OR:

echo "{$item['label']} :  {$item['value']} <br />" ;

(the {} forces the engine to evaluate a variable that is wrapped/embedded in a string.)

Problem now would be that without the ID field queried I can't call a single-record for edit by ID, right?

correct. If all you want is the field->name (as opposed to other field metadata), then the easiest approach would be to get a row of data and get name from that row. This is probably what you are after:

<?php
//This section gathers the field names
// and puts them in the first row of the table
$sql = "SELECT `ID`, `Code`, `Account Info`, `Ph#`, `User`, `PW`, `Web`, `Active` FROM `vendors` ORDER BY `Company/Name` ASC";
$query = mysql_query($sql) or die(mysql_error());

/*
lookup these functions in the PHP manual if you are not familiar with them:
	mysql_num_rows()
	mysql_fetch_assoc()
	implode()
	array_keys()
	array_slice()
*/
if( mysql_num_rows($query) > 0)
{
	$row=mysql_fetch_assoc($query);
	
	echo '<table>';
	echo '<tr><th>'.array_keys( array_slice($row,1) ).'</th></tr>';
	do{
		//save the value of id
		$id=$row['ID'];
		
		//"erase" ID from $row
		unset($row['ID']);
		
		//implode will "join" all the $row elements using '</td><td>' as the 'glue'
		echo '<tr><td>'.implode('</td><td>',$row).'</td><td><a href="?id='.$id.'">[Edit]</a></td></tr>';
	}while($row=mysql_fetch_assoc($query));
} 
else
{
	echo 'No Records found';
}
?>