broj1

Try using [htmlspecialchars](http://www.php.net/manual/en/function.htmlspecialchars.php) function which will replace < and > with their html codes. if ($content !== false) { echo htmlspecialchars($content); }

Tis is how I did it and it proved to be a good concept. I have defined access levels which were integers. The higher the level (value) the higher the privileges. Between each level I had a space for new levels if I need them later. The access level is …

AHarrisGsy is right, upvote for that. I'll just to simplyfy it a little bit: if(isset($_SESSION['SESSION_NAME'])) { echo '<a href = "/Logout.php" > Logout </a>'; } else { echo '<a href = "/Login.php" > Login </a>'; }

Put the php code before the html, that will check whether either of the forms was submitted and what the selected value was: <?php // if either of submit buttons was pressed, $_POST['submit'] would be set // and you can check the selected values if(isset($_POST['submit'])) { // the selected value …

The function does not know about the mysqli object. You should either pass it as a parameter or initialize mysqli within the function (as lastMitch suggested). $mysqli = new $mysqli('host', 'user', 'password', 'db'); function PM($mysqli) { $query = "SELECT * FROM posts"; $result = mysqli_query($mysqli, $query) or die(mysqli_error($mysqli)); while($row = …

Insert some debug code say after line 89: echo "Username query: $query_checkuser<br />"; echo "Password query: $query_checkpswd<br />"; echo "Entered password: $password<br />"; echo "Password in the DB: $p_password<br />"; and check whether queries and values are correct.

Post the structure of the array. I think we will have to use [recursion](http://www.codewalkers.com/c/a/Miscellaneous/Recursion-in-PHP/) here to traverse the array.

So you are saying that the dropdown div is pushing the content down to make room for autosuggestions? If yes, post the CSS for the dropdown class.

Instead of echoing the parts of the string asign it to a string variable and use [substr_replace](http://www.php.net/manual/en/function.substr-replace.php) function, i.e.: $str = "parentarray ['136|Balkhs','481|Herat','564|Kabol','979|Qandahar',"; $newStr = substr_replace($str, ']', -1, 1);

You can also use mysql [events](http://dev.mysql.com/doc/refman/5.1/en/events.html) for triggering (v >= 5.1). I have actually never used them so do not know the deatils.

You are appending a string to a variable `$partner_block` that is not defined anywhere else (at least not in the code you posted): $partner_block .= '<OPTION value="'.$partner_id.'">'.$partner_name.'</OPTION>';

Another variation is to use Ajax. The difference form Atli's approach is that the page does not get refreshed each time you click a link, only the content in the div changes. Te easiest way to do it is to use jQuery and it's ajax methods. http://api.jquery.com/jQuery.ajax/ http://www.w3schools.com/jquery/jquery_ref_ajax.asp With the …

You are trying to assign `$pricetotal` to the `$_SESSION["cart_array"]` array several times on the beginning but `$pricetotal` variable is not existing yet at that point. It is getting created on line 99. Maybe you should assign it to a hidden input if you want to use it after POSTing the …

I am not familiar with dojo but I guess your problem appears to be reading the DB results. The `mysql_fetch_array` function returns only one row so you should run it in a while loop to retrieve all rows. while ($row = mysql_fetch_array($result2)) { // do whatever you need with the …

You have done it OK, only a double quote (as part of html attribute value) is missing after `240`. echo('<embed src="flash/' . rand(1, 5) . '.swf" type="application/x-shockwave-flash" width="320" height="240"></embed>');

Where do you do any calculations for the chart especially for the values in question? If you want to know what is good library for drawing charts I highly recommend [jQplot](http://www.jqplot.com/).

The method in the form is POST while you are reading $_GET. Change it to $_POST. $customer_id = $_POST['id']; And for security reasons validate and/or escape it. if(!isset($_POST['id']) || !is_numeric($_POST['id'])) { header('location:logout.php'); } $customer_id = mysql_real_escape_string($_POST['id']);

You might be better off declaring the method this way: public function load_Array($data) { $this->anArray = array(); foreach($data as $element) { $this->anArr[] = $element; } ... Now you can pass an array as argument (as cereal suggested): $andy->load_Array(array("andy","bill"));

Have you escaped the double quotes: if($exfreeformaddress == '') { $spanStyle = 'background-color: yellow;'; } else { $spanStyle = 'background-color: white;'; } $body .= "<span style=\"$spanStyle\">Address - " . $exfreeformaddress . "</span>\n";

The $query variable does not contain a valid resource since there is an error in the query. You can not perform a concatenation within a double quoted string. Correct the query this way: remove the `.` and enclose the array element `$_POST[category]` in curly braces). I also changed `&&` to …

I hope I got your question. You want to draw radio button which is either enabled or disabled, depending on a query result. $result=mysqli_query($mysqli,"SELECT tableselect FROM reserve WHERE reserveDate = '". $date ."' AND reserveTime = '". $time ."'"); if($row = $result->fetch_array(MYSQLI_ASSOC)){ echo $row['tableselect']; if($t){ $disabledAttr = ' disabled="disabled"'; } …

szabizs gave you excellent example in his post above. I am merely adapting it to your code: } else { // counter for rows $currentRow = 1; while ($myrow = mysql_fetch_array($pnts)) { $sql = "SELECT * FROM `Player` WHERE `PlayerID` = " . $myrow["PlayerID"]; //echo $sql; $playerar = mysql_query($sql); if …

And browse [this site](https://www.owasp.org). It is a lot of information but it is not a bad idea to become familiar with most of it.

Check the query. Insert this code right after line 5: die($sql); It is a simple debugging technique. It will display the query and you can inspect it and test it in phpmyadmin. You can also post it here.

You do quite a lot of building checkbox code with concatenation of string and with all the quotes you have to take care of you can quickly miss one and the browser won't render correctly. Have you checked the html source (in Firefox: right click on page -> View page …

Classes are part of Object Oriented Programming concept (OOP). PHP first supported only traditional procedural programming style but with version 5 (and partly four) the OOP functionality was added. It has been mature for quite some time now and many functions have both versions (i.e. [mysqli_query](http://php.net/manual/en/mysqli.query.php)). The benefit of OOP …

The same goes for the `password` variable.

Did you maybe forget to declare the ID colums Autoincrement? That way you can leave the id values out and db will autogenerate them. Edit: sory pritaeas, posted just seconds after you did :-)

As long as this is not a higly confidential banking or government site this might be enough. Hopefully you have done the password hashing as per good practices. You might want to check [this link](http://si1.php.net/manual/en/faq.passwords.php). Other aspect of security is input data validation/sanitization (username and password) to prevent sql injections.

You have to add a `WHERE` clause to the query: // first check if a querystring exists at all (avoiding errors) if(isset($_GET['customer_name'])) { // escape the value form the url (security) $customer_name = mysql_real_escape_string($_GET['customer_name']); // then use the value in WHERE statement $sql="SELECT id,customer_name FROM Customers WHERE customer_name='$customer_name'"; } And …

As simple as: $search = $_SESSION['search']; $_SESSION['search'] is already a string since it came from the form input. You can use it in a query but make sure you at least escape it first: $query = "SELECT * FROM tablename WHERE somefield LIKE '%" . mysqli_real_escape_string($search) . "'";

Enclose $data['id'] in curly braces since it is a complex variable so PHP knows what variable to parse from this string. mysql_query("Delete FROM Customers WHERE id = {$data['id']}"); See [this link](http://php.net/manual/en/language.types.string.php#language.types.string.parsing.complex).

This [link](http://blog.teamtreehouse.com/how-to-debug-in-php) might help you a bit.

More or less guessing: On line 276 (reply code) you have: $model_quote = printInvoice("Residential - Curbside/Garage", "S5-E", 119, $qts5e, $s5e_quote_residence, $total); Shouldn't it be: $model_quote = $model_quote . printInvoice("Residential - Curbside/Garage", "S5-E", 119, $qts5e, $s5e_quote_residence, $total); Seems like you are loosing all previous information here. But I might be wrong …

I think a little bit of optimization can be done using [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php): ... // define the query with ? in places of variables $query = "UPDATE registrar_grade_archive SET grade = ? WHERE student_id = ? AND subject_id = ? AND school_id = ? AND advisor_faculty_id = ? AND subject_handler_id …

The value you are getting is a [Unix timestamp](http://en.wikipedia.org/wiki/Unix_time) which is time expressed in number of seconds after 1.jan. 1970. You can convert from/to Unix time [here](http://www.epochconverter.com/). The fact is that php date function uses unix timestamp and has ways of converting it to variety of [formats](http://php.net/manual/en/datetime.formats.php), as Bachov Varghese …

Good practice when working with processing forms is to check if the value has been entered first and then also clean the input using [htmlspecialchars](http://php.net/manual/en/function.htmlspecialchars.php) function (i.e. to prevent nasty users to inject scripts or html code in input box): <!-- php file --> <html> <head> <title>Reading Data from text …

To give you some ideas: - as simplypixie said, use an autocrement type for the ID field in the database table; this way the IDs will get generated automatically, will be unique and you do not have to wory about them - when you fetch the data use [mysqli_fetch_array](http://php.net/manual/en/mysqli-result.fetch-array.php) function …

// check if form has been submitted: if(isset($_GET['submit'])) { // establish a DB connection (assuming mysql) ... // check if the appropriate category has been selected // and escape it $category = mysql_real_escape_string($_GET['category']) // construct the query $q = "SELECT * FROM theTable WHERE category='$category'"; // get the result ... …

If I understand the question correctly you would like to suplement numbers with words in two languages. I would do that with arrays. If the range of numbers is not too big you can map numbers to words directly: $englishWords = array( 1 => 'one', 2 => 'two', 3 => …

The simplest way of doing it would be using separate rules for printing using `print` [media type](http://www.w3schools.com/css/css_mediatypes.asp).

> First, I need the result of the function to first print out the results like so: For this use the [implode](http://php.net/manual/en/function.implode.php) function: echo implode(',', getArrayUsers($id)); The second part of the question I do not quite understand. Can you reword it?

`1353658977` seem to be date in unix timestamp which converts to `Fri, 23 Nov 2012 08:22:57 GMT`. If you get `1970-01-01` something must be wrong since the unix timestamp for this date is 0. If `$rtTransaction->getAddedOn()` returns timestamp then it ovbiously returns 0.

Enclose the datepicker in div tags with id (i.e. datepicker-wrap) and assign a function to a onclick event of the radio button function toggleVisibility(id) { var element = documentGetElementByID(id); element.style.visibility = element.style.visibility == 'hidden' ? 'visible' : 'hidden'; } Or you can use jQuery [toggle](http://api.jquery.com/toggle/) method.

If the above code is html (not php) then you have to do it this way: <input type='radio' name='choice_a' value='<?php echo $answer;?>'> <input type='radio' name='$quiz_no' value='<?php echo $answer;?>'> To pass this to another php file for checking / processing enclose fields in form tags and set action attribute (and add …

If you want to secure the form field values during the transmission from the browser to the server you can use HTTPS.

On line 35 the each of the values should be enclosed in quotes, not the whole string `$values`. Try this: $values = "'" . implode("','", $escaped_values) . "'"; This code will produce a string: `'value1', 'value2' ..., 'valueN'` which you can safely use in your query (remove the quotes around …

> How can i get result between two date from database where date is in unix timestamp // result in seconds $difference = $date2 - $date1 Convert seconds to whatever you want.

There are many closing `</a>` tags without the opening `<a>` tag in your table cells. Has this error happened during the copy/paste operations? On line 61 you have a typo `<td nowarp>` should be `<td nowrap>`.

First test whether the form was submitted i.e by checking for the existence of $_POST['submit'] (or whatever you name the submit button). if(isset($_POST['submit'])) { // do all the assigning of $_POST to variables here and querying } else { // display the form or redirect to a page with the …