Posts by cwarn23

When combining tables to make one big table, you need to have a common column to pair with which in your case appears to be the column named "code". A tutorial can be found at http://www.tizag.com/mysqlTutorial/mysqljoins.php and below is a query example:

SELECT *
FROM fruit, cart
WHERE fruit.code = cart.code

I always thought the first was the start recoed and the second was the last record.

I think 3,3 is wrong run an if statement to make sure the count variable is not equal to or greater to 3 this would confuse MySql's brain.

Below is a direct quote from the select syntax of the official mysql manual:

LIMIT {[offset,] row_count | row_count OFFSET offset}

As you can see, it makes an if statement. It can be broken down to two parts. The first is:

LIMIT {row_count}

The above statement make just the row count and note that when something is in brackets it is an optional parameter optional. However, if you were to fill in the optional parameter, since there are now two parameters, the if statement would change to the following where the offset is at the end:

LIMIT {row_count OFFSET offset}

And now for the part that is confusing most people in this thread. An offset is never relative to the row_count. So say you wanted to limit from rows 6 to row 8 you would use LIMIT 6, 2 as you are telling mysql how many rows to count on after six. That's what offset means in any language weather it's mysql, graphics, english etc.

So to explain what LIMIT 3, 3 does. It will limit from result 3 to result 6 as it has counted three rows from result 3. I would have to say that if anything was the error it would be …

I would suggest using sessions to check what stage the user is at then make php exit the script with a message if the user has viewed a page in the wrong order. Below is an example:

<? session_start();
//page1.php

$_SESSION['pagestatus']=1;
?>
<a href='page2.php'>Next page</a>

<? session_start();
//page2.php
if ($_SESSION['pagestatus']!==1) {
    die('You have viewed the pages in the wrong order.');
    } else {
    $_SESSION['pagestatus']=2;
    }
?>
<a href='page3.php'>Next page</a>

<? session_start();
//page3.php
if ($_SESSION['pagestatus']!==2) {
    die('You have viewed the pages in the wrong order.');
    } else {
    $_SESSION['pagestatus']=3;
    }
?>
Final page

There are a few bugs and security holes in that script. So try the following:

mysql_connect(" ") ; //add variables in function
mysql_select_db(" "); //add variables in function

if(!empty($_GET["c"]) && !preg_match('/[^0-9]/',$_GET['k']))
{ $k = $_GET["k"] ; $cnt = $k; $k += 3;  }
else
{$cnt = 0; $k = 3;}
 
$table = '<table  >';
 

$result = mysql_query('SELECT var1 FROM '.mysql_real_escape_string($tab1).' LIMIT '.mysql_real_escape_string($cnt).', 3') or die(mysql_error());  

//for loops are faster than while loops when used properly.
for ($i=0;$row = mysql_fetch_assoc( $result );$i++)
{
       $var1 = $row['name'];
if ( $i == 3 ) {
            $table .= '</tr><tr>';
            $i = 0;
        }
 

$result1 = mysql_query('SELECT * FROM tab2 WHERE var2= "'.mysql_real_escape_string($var1).'"');
$row = mysql_fetch_assoc( $result1 );
$var2 = $row['var2'];
        $table .= "<td > blah blah blah";
 
}
 
$table .= "<tr><td  ><a href=link.php?c=next&k=".$k.">next</a></td></tr>";
echo $table;

Also, you may want to note that the following script commonly used will cause an error on some servers:

//mysql connections

$result=mysql_query('SELECT * FROM `table`');
while ($row=mysql_fetch_array($result)) {
    echo 'test didn\'t work. There shouldn\'t be any rows in the table.';
    break;
    }

Instead the following should be used:

//mysql connections

$result=mysql_query('SELECT * FROM `table`');
if (mysql_num_rows($result)>0) {
while ($row=mysql_fetch_assoc($result)) {
    echo 'test didn\'t work. There shouldn\'t be any rows in the table.';
    break;
    }
}

Well actually I would use htmlentities() to prevent any html from going into the database and at the same time use mysql_real_escape_string(). To help explain below is an example code for a youtube clip:

<object width="560" height="340"><param name="movie" value="http://www.youtube.com/v/vWF4x01MkzE&hl=en&fs=1"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/vWF4x01MkzE&hl=en&fs=1" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="560" height="340"></embed></object>

However the only piece of that you ever need to record into the mysql database is v/vWF4x01MkzE&hl=en&fs=1 Then you can validate and place that string into the 2 spots where it is needed within the common code. That is all of the code except that little url seems to stay the same with all the youtube scripts. That's how I would do it.

And also to test your theory below is some code the will prove that javascript cannot communicate with php:

<?
function myfunction($var){
return $var;
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script language="javascript" type="text/javascript">
function ILovePHP(var1) {
b = "<?=myfunction('var1');?>";
alert(b);
}
</script>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Untitled Document</title>
</head>
<body>
<form action="" method="post"><input name="armandecastro" name="armandecastro" type="text" onChange="ILovePHP('this is a test string');"></form><p>
</body>
</html>

Now in the above example, the alert box should contain the text 'this is a test string' but instead it just has var1 because it cannot pass variable 1 to php. So try entering the text in the javascript function and getting php to process it and you will get the above results.

Edit:
By saying that, there is nothing stoping you from linking to an invisible iframe that will do php processing 4 you.

Well as I mentioned earlier, the following function should be able to validate anything that goes into the url bar.

function validation($input) {
$input = mysql_real_escape_string($input);
$input = htmlentities($input);
return $input;
}

And if you wanted to make sure that your $_GET variables are always varified then use the following script.

function validate($input) {
$input = mysql_real_escape_string($input);
$input = htmlentities($input);
return $input;
}
foreach ($_GET AS $key => $val) {
$_GET[$key]=validate($val);
}

Is this what your looking for? It uses google to search a selected site for selected keywords.

<?php

function search($search_term,$site)
{
global $dsite;
$bits = explode('/', $site);
if ($bits[0]=='http:' || $bits[0]=='https:')
	{
	$site=$bits[0].'//'.$bits[2].'/';
	} else {
	$site='http://'.$bits[0].'/';
	}
$dsite=$site;
$site=urlencode($site);
$search_term=urlencode($search_term);
$curl_handle=curl_init('http://www.google.com.au/search?hl=en&q=site%3A'.$site.'+'.$search_term.'&meta=');
curl_setopt($curl_handle, CURLOPT_HEADER, false);
curl_setopt($curl_handle, CURLOPT_FAILONERROR, true);
curl_setopt($curl_handle, CURLOPT_HTTPHEADER, Array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15") ); // request as if Firefox   
curl_setopt($curl_handle, CURLOPT_POST, false);
curl_setopt($curl_handle, CURLOPT_NOBODY, false);
curl_setopt($curl_handle,CURLOPT_CONNECTTIMEOUT,4);
curl_setopt($curl_handle,CURLOPT_RETURNTRANSFER,1);
$buffer = curl_exec($curl_handle);
curl_close($curl_handle);

$bufferb=strip_tags($buffer,'<cite>');
preg_match_all("/<cite>[^ ]+ - [0-9]+k - <\/cite>/",$bufferb,$match['url']);
unset($bufferb);
$match['url'][0]=preg_replace('/<cite>([^ ]+) - [0-9]+k - <\/cite>/','$1',$match['url'][0]);
$bufferb=strip_tags($buffer,'<br><div>');
preg_match_all("/<div[^>]+>[^<]+<br>/",$bufferb,$match['des']);
unset($bufferb);





$bufferb=strip_tags($buffer,'<a>');
preg_match_all("/<a href=\"[^\"]+\"\ class\=l[^>]+>[^<]+<\/a>/",$bufferb,$match['title']);
$id=0;
while (isset($match['title'][0][$id]))
    {
    $match['title'][0][$id]=strip_tags($match['title'][0][$id]);
    $id+=1;
    }

$result['url']=$match['url'][0];
$result['des']=$match['des'][0];
$result['title']=$match['title'][0];
unset($match);
unset($buffer);
unset($bufferb);
unset($id);

return $result;
}

echo "<form method='post' style='margin:0; padding:0;'><table border=0 cellpadding=0 cellspacing=0>
<tr><td align='right'>Website:</td><td><input type='text' size=40 name='site'></td></tr>
<tr><td align='right'>Search Term:</td><td><input type='text' size=40 name='searchval'><input type='submit' value='search'></td></tr></table></form><br>";
if (isset($_POST['searchval']) && strlen($_POST['searchval'])>=1)
    {
    $result=search($_POST['searchval'],$_POST['site']);
    $id=0;
    echo "<table border=0 cellspacing=0 cellpadding=0 width=640><tr><td bgcolor='#66CCFF'><table border=0 cellpadding=3 cellspacing=0><tr><td>".
    '<b>Website searched: '.$dsite.'<br> There were '.count($result['title'])." results found with the term '<i>".$_POST['searchval']."</i>'</b></td></tr></table></td></tr>";
    while (isset($result['url'][$id]) && isset($result['des'][$id]))
        {
        echo '<tr><td><a href="http://'.$result['url'][$id].'"><font color=#0000FF>'.$result['title'][$id].'</font></a></td></tr><tr><td>'.$result['des'][$id].'</td></tr><tr><td height="16px"></td></tr>';
        $id+=1;
        }
    echo "</table>";
    }
?>

Although you didn't entirely answer my question (scan the website or single webpage) I will assume you want to scan the website in which case will require a bot. I have recently written a bot to scan for site security holes and the bot template is as follows:

<?
set_time_limit(0);
function domain($domainb) {
	$bits = explode('/', $domainb);
	if ($bits[0]=='http:' || $bits[0]=='https:')
		{
		return $bits[0].'//'.$bits[2].'/';
		} else {
		return 'http://'.$bits[0].'/';
		}
	unset($bits);
	}
if (isset($_GET['site'])) {
    echo '<head><title>Bot scanning website - '.domain($_GET['site']).'</title></head><body>';
    } else {
    echo '<head><title>Bot scanner</title></head><body>';
    }
echo '<center><font size=5 face=\'arial black\'><b>PHP Bot Scanner</b></font><br><form method=\'get\' style=\'margin:0px; padding:0px;\'><input type=\'text\' name=\'site\' size=64 value="'.$_GET['site'].'"><input type=\'submit\' value=\'Scan\'></form></center>';
if (substr_replace($_GET['site'],'',3)=='ftp') {
exit('You may not connect to the ftp protocole');
}
if (!isset($_GET['site'])) { exit(''); }

$_GET['site']=domain($_GET['site']);

function url_exists($durl)
		{
		// Version 4.x supported
		$handle   = curl_init($durl);
		if (false === $handle)
			{
			return false;
			}
		curl_setopt($handle, CURLOPT_HEADER, true);
		curl_setopt($handle, CURLOPT_FAILONERROR, true);  // this works
		curl_setopt($handle, CURLOPT_HTTPHEADER, Array("User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15") ); // request as if Firefox   
		curl_setopt($handle, CURLOPT_NOBODY, true);
		curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
		$connectable = curl_exec($handle);
		curl_close($handle);  
        if (preg_match('/200 OK/i',substr_replace($connectable,'',30))) {
            return true;
            } else {
            return false;
            }
		}
//below function will only get links within own domain and not links outside the site.
function getlinks($generateurlf) {
    $datac=file_get_contents($generateurlf);
    preg_match_all('/(href|src)\=(\"|\')[^\"\'\>]+/i',$datac,$media);
    unset($datac);
    $datac=preg_replace('/(href|src)(\"|\'|\=\"|\=\')(.*)/i',"$3",$media[0]);
    $datab=array();
    foreach($datac AS $dfile) {
        $generateurle=$generateurlf;
        if (!in_array(substr_replace($dfile,'',4),array('http','www.'))) {
            if (substr_replace($generateurle,'',0, -1)!=='/') {
                $generateurle=preg_replace('/(.*)\/[^\/]+/is', "$1", $generateurle);
                } else {
                $generateurle=substr_replace($generateurle,'',-1);
                }

            if (substr_replace($dfile,'',1)=='/') {
                if (domain($generateurle)==domain($generateurle.$dfile)) {
                    if (in_array(strtolower(preg_replace('/(.*)[.]([^.\?]+)(\?(.*))?/','$2',basename($generateurle.$dfile))),array('html','htm','xhtml','xml','mhtml','xht','mht','asp','aspx','adp','bml','cfm','cgi','ihtml','jsp','las','lasso','lassoapp','pl','php','php1','php2','php3','php4','php5','php6','phtml','shtml','search','query','forum','blog','1','2','3','4','5','6','7','8','9','10','11','12','13','14','15','16','17','18','19','20','01','02','03','04','05','06','07','08','09','go','page','file')) || substr($generateurle.$dfile,-1)=='/' || !preg_match('/[\.]/i',basename($generateurle.$dfile))) {
                        $datab[]=$generateurle.$dfile;
                        }
                    } …

I have just completed the first version of the script. The main script is as follows:

<?
set_time_limit(0);
ini_set('magic_quotes_gpc','Off');
include('db.php');
mysql_connect($dbhost,$accountname,$password)
or die("Could not connect to MySQL server");
mysql_select_db($database) or die(mysql_error()." Could not select database");

$data=file_get_contents('wordlist.txt');
$words=explode("
",$data);
unset($data);

    
function generate($langto,$dword,$result) {
    $data=file_get_contents('http://langtolang.com/?selectFrom=english&selectTo='.$langto.'&txtLang='.$dword.'&submitButton=Search');
    $data=preg_replace('/(.*)\<tr class=(\"|\'|)title(\"|\'|)\>(.*)\<td([^\>]+)?\>[^\<]+\<\/td\>(.*)\<td([^\>]+)?\>[^\<]+\<\/td\>(.*)/is',"$1",$data);
    preg_match_all('/\<td width\=\"40%\"\>[^\<]+\<\/td\>/is',$data,$matches);
    unset($data);
    $dtranslations=preg_replace('/\<td width\=\"40%\"\>([^\<]+)\<\/td\>/i',"$1",$matches[0]);
    for ($a=0, $b=1; isset($dtranslations[$b]); $a+=2, $b+=2) {
        //if ($dtranslations[$a]==$dword) {
            $c=$a/2;
            if (count($result['english'])<=$c) {
                //$result['english'][]=$dtranslations[$a];
                $result['english'][]=$dword;
                }
            $result[$langto][]=$dtranslations[$b];
            //}
        }
    unset($dtranslations);
    return $result;
    }
echo '<head><title>Word Indexer</title></head><body>'.str_repeat(" ", 256).'<br>'; flush();
foreach ($words AS $word) {
$check = mysql_query('SELECT * FROM `translations` WHERE `english`="'.mysql_real_escape_string($word).'"') or die(mysql_error());
if (mysql_num_rows($check)==0) {
$time_start = microtime(true);
$translation = generate('albanian',$word,array());
$translation = generate('arabic',$word,$translation);
$translation = generate('breton',$word,$translation);
$translation = generate('catalan',$word,$translation);
$translation = generate('chinese_simplified',$word,$translation);
$translation = generate('chinese_traditional',$word,$translation);
$translation = generate('corsican',$word,$translation);
$translation = generate('czech',$word,$translation);
$translation = generate('danish',$word,$translation);
$translation = generate('dutch',$word,$translation);
$translation = generate('esperanto',$word,$translation);
$translation = generate('estonian',$word,$translation);
$translation = generate('finnish',$word,$translation);
$translation = generate('french',$word,$translation);
$translation = generate('gaelic',$word,$translation);
$translation = generate('georgian',$word,$translation);
$translation = generate('german',$word,$translation);
$translation = generate('greek',$word,$translation);
$translation = generate('hebrew',$word,$translation);
$translation = generate('hungarian',$word,$translation);
$translation = generate('icelandic',$word,$translation);
$translation = generate('indonesian',$word,$translation);
$translation = generate('italian',$word,$translation);
$translation = generate('japanese',$word,$translation);
$translation = generate('korean',$word,$translation);
$translation = generate('kurdish',$word,$translation);
$translation = generate('latvian',$word,$translation);
$translation = generate('lithuanian',$word,$translation);
$translation = generate('malagasy',$word,$translation);
$translation = generate('norwegian',$word,$translation);
$translation = generate('polish',$word,$translation);
$translation = generate('portuguese_brazil',$word,$translation);
$translation = generate('portuguese_portugal',$word,$translation);
$translation = generate('romanian',$word,$translation);
$translation = generate('russian',$word,$translation);
$translation = generate('serbo_croat',$word,$translation);
$translation = generate('slovak',$word,$translation);
$translation = generate('slovenian',$word,$translation);
$translation = generate('spanish',$word,$translation);
$translation = generate('swahili',$word,$translation);
$translation = generate('swedish',$word,$translation);
$translation = generate('turkish',$word,$translation);
$translation = generate('vietnamese',$word,$translation);
$translation = generate('yiddish',$word,$translation);
$translation = generate('walloon',$word,$translation);
$translation = generate('welsh',$word,$translation);

for ($i=0;isset($translation['english'][$i]);$i++) {
mysql_query('INSERT INTO `translations` SET `english`="'.mysql_real_escape_string($translation['english'][$i])
.'", …

Well to help answer the questions of why the action= will go to test.php?action=test only when method=post is that when method=get, the parameters in the form overwrite the parameters specified in the action=. However, when using method=post, there are no parameters that can possibly overwrite the action= since it is posting them. So basically it is a browser problem and not a server problem.

Try this:

$realUser_q = mysql_query("SELECT Username FROM my_db WHERE Username = $user ") or die(mysql_error());
$realUser=mysql_fetch_array($realUser_q);
//above sets the $realUser[] Array
//example usage: $realUser['mysql_column_name']
echo $realUser['Username'];

Hope that helps answer the question.

I have made a use at your own risk function that will convert a number of currencies. The reason why I say use at your own risk is that it uses another website for the conversions. First there is the convert function which is as follows:

function currency_convert($Amount,$currencyfrom,$currencyto)
{
$buffer=file_get_contents('http://finance.yahoo.com/currency-converter');
preg_match_all('/name=(\"|\')conversion-date(\"|\') value=(\"|\')(.*)(\"|\')>/i',$buffer,$match);
$date=preg_replace('/name=(\"|\')conversion-date(\"|\') value=(\"|\')(.*)(\"|\')>/i','$4',$match[0][0]);
unset($buffer);
unset($match);
$buffer=file_get_contents('http://finance.yahoo.com/currency/converter-results/'.$date.'/'.$Amount.'-'.strtolower($currencyfrom).'-to-'.strtolower($currencyto).'.html');
preg_match_all('/<span class=\"converted-result\">(.*)<\/span>/i',$buffer,$match);
$match[0]=preg_replace('/<span class=\"converted-result\">(.*)<\/span>/i','$1',$match[0]);
unset ($buffer);
return $match[0][0];
}

Then there are the different currency codes you can use which are as follows:

-------------
CONVERT FROM:
-------------

British Pound         GBP
Euro                  EUR
US Dollar             USD
Japanese Yen          JPY
Chinese Yuan          CNY
Australian Dollar     AUD
Swiss Franc           CHF
Canadian Dollar       CAD
Thai Baht             THB
Indian Rupee          INR
Indonesian Rupiah     IDR
Hong Kong Dollar      HKD


-----------
CONVERT TO:
-----------

Euro                  EUR
British Pound         GBP
US Dollar             USD
Japanese Yen          JPY
Chinese Yuan          CNY
Australian Dollar     AUD
Swiss Franc           CHF
Canadian Dollar       CAD
Thai Baht             THB
Indian Rupee          INR
Indonesian Rupiah     IDR
Hong Kong Dollar      HKD

And then to use the function you can use the following:

echo currency_convert(150,'EUR','GBP');

You have a broken loop statement!!
Try the following:

$table_field = 'name';
$result = "select * from table";
while($myrow = mysql_fetch_array($result)) {
 $text .= $myrow[$table_field] . ", "; // Note: if I use 'name' it works fine...
}
echo $text;

I just realised that this thread relates to a movie series called Stargate. For all we know there could be a burried stargate in egypt where 10000 years ago the achients could have enhabited the planet and transported species from a variety of planets from the universe. Crazy theory but very possible just like any other theory.

Although I couldn't understand all of that question(s) to empty all sessions just use the following:

$_SESSION=array();

I would surely love to see one..

Well here is a function:

function currency_convert($Amount,$currencyfrom,$currencyto)
{
$buffer=file_get_contents('http://finance.yahoo.com/currency-converter');
preg_match_all('/name=(\"|\')conversion-date(\"|\') value=(\"|\')(.*)(\"|\')>/i',$buffer,$match);
$date=preg_replace('/name=(\"|\')conversion-date(\"|\') value=(\"|\')(.*)(\"|\')>/i','$4',$match[0][0]);
unset($buffer);
unset($match);
$buffer=file_get_contents('http://finance.yahoo.com/currency/converter-results/'.$date.'/'.$Amount.'-'.strtolower($currencyfrom).'-to-'.strtolower($currencyto).'.html');
preg_match_all('/<span class=\"converted-result\">(.*)<\/span>/i',$buffer,$match);
$match[0]=preg_replace('/<span class=\"converted-result\">(.*)<\/span>/i','$1',$match[0]);
//return $buffer;
unset ($buffer);
return $match[0][0];
}
//Theory: currency_convert(Amount,From,To)
echo currency_convert(150.5,'GBP','AUD');

And the possible entries that can be entered into the from and to field are as follows:

-------------
CONVERT FROM:
-------------

British Pound         GBP
Euro                  EUR
US Dollar             USD
Japanese Yen          JPY
Chinese Yuan          CNY
Australian Dollar     AUD
Swiss Franc           CHF
Canadian Dollar       CAD
Thai Baht             THB
Indian Rupee          INR
Indonesian Rupiah     IDR
Hong Kong Dollar      HKD

-----------
CONVERT TO:
-----------

Euro                  EUR
British Pound         GBP
US Dollar             USD
Japanese Yen          JPY
Chinese Yuan          CNY
Australian Dollar     AUD
Swiss Franc           CHF
Canadian Dollar       CAD
Thai Baht             THB
Indian Rupee          INR
Indonesian Rupiah     IDR
Hong Kong Dollar      HKD

As you can see all the names have abbreviations. For this script, you need to use these abbreviations to be able to convert currencies. And in case if you are wondering how it works, it uses the yahoo currency converter which as far as I am aware hasn't clearly stated anying that could cause legal problems with this script. And also note it takes about 3 seconds to process this function.

You can also preg_match a specific set of characters/letters/numbers so that if certain characters are found in the string that should never exist then it would fail the function test. An example is the following that checks if characters other than A-Z a-z 0-9 +-/\* are found. So the example is:

<?
if (preg_match('/[^a-zA-Z0-9+-/\*]/is',$value)) {
return false;
} else {
return true;
}
?>

So to place that in your script it would be the following:

<?
function valid($value) {
mysql_real_escapte_string($value);
if (preg_match('/[^a-zA-Z0-9+-/\*]/is',$value)) {
return false;
} else {
return true;
}
}
?>

So basically you can decide what characters are and are not allowed except for the \ and ^ character which is used in the mysql_real_escape_string. Also note that the ^ character must be right after the bracket.

See the exec/shell_exec/system commands.

Also note that I find these functions are a use at your own risk type functions because they can cause some servers to crash when security is tight on the server. And that includes the passthru function.

But running exe's with php, don't you think in the long term it would work out better to convert the exe's to php weather you find a converter or reprogramming it in php. The reason why I comment on that is what would be a possible use of running exe's remotely from a website. Seems like too much of a security problem to me.

What about putting it into a if statement like the following:

if (mail($to,$subject,$message,$headers)) {
//message sent
} else {
//message failed to send
}

Also if you want to check each email individually then you can put the mail function inside a foreach loop.

Woah ! Something like a keylogger ? Is it in php or java/vb.net ?

It is php and to dehash sha1 you can simply use the following scripts (page titles are on second line of each code box):

<?
//db.php
//configure below mysql variables
$dbhost='localhost';
$accountname='root';
$password='';
$database='my database';
?>

Above box will configure the database. The database needs a table with the name 'dehasher' and two columns each named 'word' and 'hash'. Also the above must be named db.php
Below is the search page (index.php)

<?
//index.php
if (isset($_GET['hash']))
	{
	set_time_limit(0);
	ini_set('memory_limit','512M');
	ini_set('mysql.cache_size','1073741824');
	include('db.php');
	mysql_connect($dbhost,$accountname,$password)
	or die("Could not connect to MySQL server");
	mysql_select_db($database) or die(mysql_error()."Could not select database");
	$rowid=0;
	$sqlresult=mysql_query("SELECT * FROM `dehasher`");
	while ($row = mysql_fetch_array($sqlresult))
		{
		if ($_GET['hash']==$row['hash'])
			{
			$word=$row['word'];
			$dehashed=1;
			break;
			}
		}
	mysql_free_result($sqlresult);
	unset($row);
	}
echo "Enter in the details below and click the dehash button to dehash the code.<br>
<b>Please note it may take a few minutes to dehash due to the size of the database</b><br>
<table border=1 cellpadding=5 cellspacing=0 bgcolor=#FFCCCC><tr><td>
<form style='padding:0; margin:0;'>
<table border=0 cellpadding=0 cellspacing=0 bgcolor=#FFCCCC><tr><td>
Insert hash below</td><td>Hash type</td></tr><tr><td valign=top>
<input type='text' name='hash' size=50> </td><td align=left><input type='submit' value='dehash'>
</td></tr></table>
</form></td></tr></table>";
if (!isset($dehashed)) { $dehashed=0; }
if ($dehashed==1)
    {
    echo "<p>.<p><font size=3>The hash was decrypted successfully.<br>Below are the details:<br>
    <table border=1 cellpadding=0 cellspacing=0><tr><td>
    <table border=0 cellpadding=4 cellspacing=0><tr>
    <td bgcolor=#EEBBBB><font face='arial'><b>Word</b></font></td><td bgcolor=#FFCCCC>".$word."</td></tr><tr>
    <td bgcolor=#D8CCCC><font face='arial'><b>Hash</b></font></td><td bgcolor=#E9DDDD>".$_GET['hash']."</td></tr></table>
    </td></tr></table>";
    } else if (isset($_GET['hash'])) {
    echo "<b>Your hash could not be decrypted.</b>";
    }
?>

And below is the database generator:

<?
//generator.php
set_time_limit(0); …

I just love this question. In my opinion, it is best to use more than one hash so that it is harder to crack. And so that those online database chrackers can't store your hash, include the whirlpool hash. So below is a function I have made for a much better hash:

function truehash($hashzzz) {
return hash('crc32b',hash('whirlpool',$hashzzz));
}

The function above will be really hard to crack as it uses oppisite types of output. One of the advantages with the function above is that crc32b is short (less data recorded) and whirlpool is long (containing more data). And since a whirlpool hash is 128 characters long, I doubt anybody will have a giant database of the whirlpool conversions. Of course you could use all of the hashes in the function but may make take a bit of cpu.
Any other comments?

while($row=mysql_fetch_array($quer)) {
echo $row[uniqueid].") ".$row[stem]."<br>";
$qid= $row[uniqueid];
$sql1="select * from scale where uniqueid=$qid ;";
$quer1=mysql_query($sql1);
while($row1=mysql_fetch_array($quer1))
{

?>
<input type="<?php echo $row[type]; ?>" name="<?php echo $row[questionID]; ?>" value="<?php echo $row1[label]; ?>"> 
<?php echo $row1[label]; ?> <br> 
<?php

}
echo "<hr>"; 
}

I am unsure if this is solved but to add to the info, if no rows are found the same error will be reported. To solve this, replace the code in the quote with the following:

if (mysql_num_rows($quer)>0) {
while($row=mysql_fetch_array($quer)) {
echo $row[uniqueid].") ".$row[stem]."<br>";
$qid= $row[uniqueid];
$sql1="select * from scale where uniqueid=$qid ;";
$quer1=mysql_query($sql1);
while($row1=mysql_fetch_array($quer1))
{

?>
<input type="<?php echo $row[type]; ?>" name="<?php echo $row[questionID]; ?>" value="<?php echo $row1[label]; ?>"> 
<?php echo $row1[label]; ?> <br> 
<?php

}
echo "<hr>"; 
}
}

Do you meen something like sessions. Sessions will allow you to pass variables between pages and are very simple to use. Simple place at the very top of your pages that use sessions the following code:

<?
session_start();

Then below is an example of how to use the session array:

<?
session_start();

$_SESSION['variable_name']='apple';
$_SESSION['testing']='orange'.
?>
<a href='page2.php'>Page 2</a>

Then page2.php

<?
session_start();

echo $_SESSION['variable_name'];
echo " is different to a ";
echo $_SESSION['testing'];
?>

Try resetting the variable $query_recpayment to the following:

$query_recpayment = "SELECT `amountpaid`, `username`, `amountpaid` FROM `paymentsummary` WHERE `username` = '%s' AND `foryear` = '%s' AND `forlevel` ='%s'";

As you can see the end part had a long php syntax error since a variable cannot assign those extra values in the format of which you did. Also I believe there was a mysql syntax error where it says `amountpaid`. Also in addition, I added the appropriate quotes to solve any escaping string errors (mysql errors). If you need the extra values that were added at the end then please explain what they were for so I can help place them appropriately.

Well for the phpbb cms I will have a look for any hacks to do this but codewise it is the following line which needs to be configured weather you can do it though the config file or if a hack is needed:

mysql_connect('localhost', 'mysql_user', 'mysql_password');
//above needs to be changed to
mysql_connect('website.com', 'mysql_user', 'mysql_password');

So I will check out phpbb for you as it may be possible to do it through the config file.
---------------
Edit:
I just tried installing phpbb3 from a remote database and it appears what you need to do is first install phpbb3 on the server which supports mysql and at the same time specify the domain instead of localhost as the connection address. Then after installation, confirm in the config.php file that mysql is set to load from the remote server (currently the current server) and is not set to localhost. After that, you may transfer all the files to the other server that hasn't got databases and should read the remote server as it was specified during installation. The reason why the files need to be installed on the server with mysql is because of a validator that checks what types of databases are available.

If you are talking about to put the php variable into the javascript code then the following will do the job:

<?
session_start();
/* then more php code
 * $_SESSION['MM_enrolltype'] should = 'block' or 'unblock'
 */




$_SESSION['MM_enrolltype']='block';
?>
<script language="JavaScript">
var buttonstatus = '<? echo $_SESSION['MM_enrolltype']; ?>';
function changebuttonstatus() {
if (buttonstatus=='block')
    {
    buttonObject1.style.display='none';
    buttonObject2.style.display='inline';
    buttonstatus = 'unblock';
    } else {
    buttonObject1.style.display='inline';
    buttonObject2.style.display='none';
    buttonstatus = 'block';
    }
}
</script>
 
<style>
<?
if ($_SESSION['MM_enrolltype']=='block') {
    echo "#buttonObject2 {display:none}";
    } else {
    echo "#buttonObject1 {display:none}";
    }
?>
</style>
<a href="javascript:changebuttonstatus()">Change button status</a>
<p>
<div id="buttonObject1">
<input type='submit' name='Submit' value='Enroll Now' disabled />
</div><div id="buttonObject2">
<input type='submit' name='Submit' value='Enroll Now' />
</div>
<?




//more php code
?>

Just use the file_get_contents() function. Very simple but make sure you place the http:// or https:// before the domain. Below is an example:

<?
$webpage_data=file_get_contents("http://www.google.com/");
echo $webpage_data;
?>

If you want the secure folder sessions to not be read from any other folder, then at the top of all your php files in the secure folder place the following code and it will make the session data in that folder only viewable within that folder.

<?
session_name("srmcvkdoejh48fo4mnf8");
session_start();

include doesn't return the contents of a file.

you would need to do a ob_start(), then include, then ob_get_contents() to get the file contents from an include.

i would use file_get_contents();

That is technically incorrect. Include can retieve the contents of a php file if the php file is designed to submit the contents. Below is an example to prove that.

<?
//index.php
$var=include('myfile.php');
echo "<hr>";
echo $var;
echo "<hr>";
echo $myvar;
?>

<?
//myfile.php
$output="<html>";
$output.="<body bgcolor=#00FFFF>";
$output.="This is the body";
$myvar='This is a test';
$output.="</body>";
$output.="</html>";
//submit output.
return $output;
?>

As you can see, in my example you can include a php file and return the execution of php code. Really simple but you must return the contents as displayed html will not be passed on. This means for my above example to work, you cannot use the echo or print function within the myfile.php and all the code in the php file need to be pure php (in myfile.php). Just a note to keep in mind.

If you are using Xampp then you will need to enable the rewrite module in the apache httpd.conf file to use the .htaccess files(located C:/xampp/apache/conf/httpd.conf). To do this, first create a copy of the file located C:/xampp/apache/conf/httpd.conf or relative to your installation folder then open the original in notepad. After opening it in notepad, search for the term "LoadModule rewrite_module" without the quotes and when you find it, remove the hash at the beginning of the line. Then search for "AllowOverride None" without the quotes and at least twice will be found and need replacing with "AllowOverride All" (without the quotes). Then save the file and you should be able to use .htacess files. Another set of instructions just reworded of what I have said can be found at http://www.knowledgebase-script.com/demo/article-599.html
You may wonder how I know this, because I also have Xampp. Also when renaming a text file to ".htaccess", you may find that to be impossible to do due to a windows explorer error bug so just open notepad and save the file as ".htaccess" and that will create the file.

Also if it is all files you want to not have the extension use the following code in the .htaccess file.

RewriteEngine On
RewriteRule ^([^.]+)$ $1.php

I have had to do similar things in the past and I find division and rounding to be the answer. An example is as below:

$loop=0;
while ($loop<=100)
	{
	$val=$loop/10;
	if ($val==round($val))
		{
		echo ($i % ($amount / 10) == 0) ? "<div class=\"load\"></div>" : "";
		}
	$loop+=1;
	}

Hope that helps to answer your question.

So the line in the middle of the example above is basically telling the server to 'get' the variable 'nflag' from the url bar and to echo/display it.
From: http://www.daniweb.com/forums/thread147753.html

You may want to check the reply I made on your previous post.
The array $_GET[] basically just tells the server to get a variable from the url bar and the name of that variable goes between the two brackets. So say for example the address is as follows:
http://www.daniwebs.com/forums/newreply.php?do=postreply&t=14773
Then to get the variable 'do' you would use the following code to print/echo/display it to the browser:

<? echo $_GET['do']; ?>
Above produces below
postreply

or if you wanted to get the other variable in that address you would use

<? echo $_GET['t']; ?>
above produces below:
14773

So the $_GET array and any other array beginning with $_ (dollar sign then underscore) is a inbuilt function.
As for the default value, there is no default value as it only holds the values that are in the url bar.

Below is a sample of a form using preview and submit if it helps.

<?
if (isset($_POST['submit']))
	{
	//form submission data
	}
?>

<html><body>
<form method='post'>
<textarea cols=50 rows=12 name='formtext'><? echo $_POST['formtext'] ?></textarea>
<input type='submit' value='submit' name='submit'>
<input type='submit value='preview' name='preview'>
</form>
</body></html>

<?
if (isset($_POST['preview']))
	{
	echo $_POST['formtext'];
	}
?>

PHP Parse error: syntax error, unexpected T_VARIABLE in /home/mysite/public_html/guestbook/getdrawings.php on line 1

I have tested the provided code both as it currently is and with many different modifications and from what I have found, although with single character changes errors can be made, I don't think that with this code alone that a T_variable error could occure. Especially with line 1 being

<?php

The only possible error I could see on line one (if you have an odd server) is removing the letters

php

from line 1. Other than that I would say that a global variable such as ini settings may be interfering with the script.
So basically I just couldn't reproduce the error and was working for me fine.

If alignment of the image wont work, why not make a barrier around the image. An example is

$imgwidth=64; //Image width
$imgheight=64; //Image height
echo '<tr id="divider"><td>
<table border=0 cellpadding=0 cellspacing=0 width=$imgwidth 
height=$imgheight align=left>
<tr><td>
'.$row['profileimg'].'
</td></tr></table>
'.$row['username'].'</td></tr>';

The above is just from the top of my head so don't be too suprised if there is a bug or 2.

Once again I have solved my own topic. I found that html can do php's posting job. That is when you have a form which posts information, you do not need the $_POST variable inside the form as the html part (method=post) already posts the info. So that makes php's $_POST function act similar to a $_GET function. So the code I first posted can be replaced with the following:

echo "<form method='post'>";
//variable deleted

//form fields
echo "<input type='submit' value='Submit ' name='dataappend'></form>";

Note that the onclick event has also been deleted and the submitting process works just as good as before but without displaying the double submit.