Posts by broj1

For one thing you are missing quotes arround associative index names. Since the array elements are complex variables you should also enclose them in curly braces to get them parsed properly in a double quoted string. Another issue is that you echo the if condition which is not right. Then you are missing a space before selected and the angle bracket after the selected goes to the next echo statement (otherwise it might get lost). See my attempt at the correct code:

echo "<option value=\"{$row['province']\""; 
if($_POST['prov'] == $row['province']) {
    echo ' selected="selected"'
}
echo ">{$row['province']}</option>";

You have a space in the src URL, just before the $photo variable:

echo "  ".$results['image']."<a href='http://www.mysite.org/br/s.php?id=$id'><img src='/cate/upload/ $photo' width='100%' height='100%'></a>"

Decide on how many characters you can display. Then change line 30 from:

<td ><?php echo $row['service_content']; ?></td>

to:

<td >
<?php 
$contentLength = strlen($row['service_content']);
// check if the length of the content exceeds max number of chars e.g. 120
if($contentLength > 120) {
    echo substr($row['service_content'], 0, 120) . '...';
} else {
    echo $row['service_content'];
}
?>
</td>

Here is and example of a script that resets the password and mails new password to the user.

http://www.daveismyname.com/tutorials/php-tutorials/reset-password-script/

I prefer slightly different approach. When user forgets his password he is sent a temporary link to a form where he can create new password. You can find examples by googling a bit (i searched for php forgot password reminder script).

1.but the field total is empty when add value to quantity

Establish initial values and put them into the input fields.

1. the float don't work for per exemple 2.50 it give 2.5 but for 2.75 is work fine like usualy float.

Get rid of the toString() method since toFixed() already returns a string. Use number_format() in PHP part for the same purpose.

<?php 
// number of decimals
$NoOfDecimals = 2;
// initial values for quantity and total
$initialQuantity = 1;
$initialTotal = number_format($initialQuantity * $row_itemdetaille['price'], $NoOfDecimals);
?>
<form action="" method="post" name="formulaireajout" class="formulaireajout" id="formulaireajoutid">
<input name="price" type="text" id="pricefield" value="<?php echo $row_itemdetaille['price']; ?>" readonly>
<input name="quantity" type="number" min="1" max="20" value="<?php echo $initialQuantity;?>" id="quantityfield">
<input name="total" type="text" id="totalfield" value="<?php echo $initialTotal;?>" readonly>
</form>

<script type="text/javascript">
$("#quantityfield").change(function() {
var value = parseFloat(<?php echo $row_itemdetaille['price']; ?>);
var quantity = parseInt($("#quantityfield").val());
var total = value * quantity;
$("#totalfield").val(total.toFixed(<?php echo $NoOfDecimals;?>));
});
</script>
</body>

You can either download it to your local (or any other) server or just include it from one of the CDNs (content delivery networks) which in my opinion is better method, since:
- it is always there for you, hosted on reliable server
- it is tuned for good performance (caching, availability...)

You can download jquery from here: http://jquery.com/download/. Choose the newest version if you do not have any legacy code. Download it to a directory that is readable by your web server and reference it in your scripts.

If you include it form the CDN just put the scriot tags in the head of html pointing to the jquery URL, like:

<script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>

See https://developers.google.com/speed/libraries/devguide.

Then put the code snippet from the above to the end of the html body - just before the closing </body> tag.

...
<script type="text/javascript">
    $("#quantityfield").change(function() {
        var value = parseFloat(<?php echo $row_itemdetaille['price']; ?>);
        var quantity = parseInt($("#quantityfield").val());
        var total = value * quantity;
        $("#totalfield").val(total.toString());
    });
</script>
</body>
</html>

You should not echo any output before the header command. Remove line 56:

echo "<p class='red-info'> Record Saved! </p>";

so the headers can be sent. This command is pointless anyway since the page would get redirected.

OK, this is tested jquery, nicely broken down so it can be easily understood :-)

$("#quantityfield").change(function() {
    var value = parseFloat(<?php echo $row_itemdetaille['price']; ?>);
    var quantity = parseInt($("#quantityfield").val());
    var total = value * quantity;
    $("#totalfield").val(total.toString());
});

Use javascript and on change event on the quantitiy input field that would triger a function. Something like (not tested):

<input name="quantity" type="number" min="1" max="20" value="1" id="quantityfield" onchange="updateQuantity();">
...
<script type="text/javascript">
function updateQuantity() {
    var quantity = document.getElementById("quantityfield").value;
    var price = <?php echo $row_itemdetaille['price']; ?>;
    document.getElementById("totalfield").value = quantity * price;
}
</script>

or jquery version (again not tested since it is getting quite late here)

$("#quantityfield").change(function() {
    $("#totalfield").val(
        $("#quantityfield").val() * <?php echo $row_itemdetaille['price']; ?>;
    )
});

What was the problem with the layout? TCPDF is quite flexible and I did not have problems creating nice tables.

To recap the above two posts:

// check whether $_GET has any value and if the value is valid
// (you might use some more proper validation depending on the value of the movie ID)
if(isset($_GET['movie_id']) && !empty($_GET['movie_id'])) {
    $query = "SELECT movie_name,movie_year,movie_director,movie_leadactor,movie_type,movie_running_time,movie_cost,movie_takings FROM movie WHERE movie_id= " . mysql_real_escape_string($_GET['movie_id']);
    $result = mysql_query($query, $db) or die(mysql_error($db));
} else {
    echo 'The movie ID is missing!';
}

And please note: mysql extension is a bit old and is about to become a history. Switch to mysqli or even better, the PDO.

Just to alert admins that some spamming is just happenning in the PHP forum here on Daniweb. Please take a look.

Are you viewing this locally? Do you have a web server with php running? Is your script a PHP file?

In other words: PHP scripts should have a .php exstension (not .html) and should be run on a PHP enabled web server (could be localhost or a server embeded into your IDE).

Something like:

<?php

// set styles the way you want
if($time < 8) {
    $tdStyle='background-color:green;';
} else {
    $tdStyle='background-color:red;';
}

while($row=mysql_fetch_array($result))
{    
    echo "</td><td style=\"$tdStyle\">";        
    echo $row['full_name'];        
    echo "</td><td style=\"$tdStyle\">";        
    echo $row['section'];        
    echo "</td><td style=\"$tdStyle\">";        
    echo $row['time'];        
    echo "</td><td style=\"$tdStyle\">";        
    echo $row['reason'];        
    echo "</td></tr>";
}
echo "</table>";  
?>

Please note the escaped double quotes so you can use them directly in a double quoted string.

Something like (not tested):

// check if the number of fields is multiple of 4
if(count($array) % 4 == 0) {
    // start building the query
    $query = 'INSERT INTO yourdatabase (`field1`, `field2`, `field3`, `field4`) VALUES ';
    // add values to the query
    for($x = 0; $x < $count($array); $x += 4) {
        // add a set of four values to the query
        $query .= "('{$array[$x]}','{$array[$x + 1]}','{$array[$x + 2]}','{$array[$x + 3]}'),";
    }
    // get rid of the last comma in the query
    $query = rtrim($query, ',');
    // run the query
    ....
}

Maybe this link can help a bit:

http://stackoverflow.com/questions/3740845/php-session-without-cookies

But keep in mind there are security issues with this.

Have you corrected the missing $ in line 1 of your code (as JorgeM suggested). You might have overlooked it since the error wasn't explicitly mentioned (just guessing).

Also you can examine the contents $_GET array by adding this code in the beginning of the script:

die(print_r($_GET, 1));

if you split this big function to a small separate function it will be simple to detecte and correct errors

I think 203428's suggestion is excelent. Your function is doing a lot of small tasks that can be split into smaller functions. That would make the code much more readable and easier to debug. For example code between lines 55 and 65:

//check age group
if ($age = "b") {
    $agegroup = "18-23";
} else if ($age = "c") {
    $agegroup = "24-30";
} else if ($age = "d") {
    $agegroup = "31-40";
} else if ($age = "e") {
    $agegroup = "40-1000";
}
$agegroups = explode("-", $agegroup);

could be made into a function (or method of a class):

function getAgeGroupArray($age) {

    if ($age = "b") {
        $agegroup = "18-23";
    } else if ($age = "c") {
        $agegroup = "24-30";
    } else if ($age = "d") {
        $agegroup = "31-40";
    } else if ($age = "e") {
        $agegroup = "40-1000";
    }
    return explode("-", $agegroup);    
}

or more concise form (you can stick to the above form if you wish :-):

function getAgeGroupArray($age) {

    switch($age) {
        case 'b': return array('18', '23'); break;
        case 'c': return array('24', '30'); break;
        case 'd': return array('31', '40'); break;
        case 'e': return array('41', '1000'); break;
    }    
}

Now just call the function in the code:

$agegroups = getAgeGroupArray($age);

You can do this with other tasks like deleting a record etc.

OK, once you have questions, come back. Happy coding.

OK, it is obvious. Change the code:

if(isset($GenreArray)) {
    $genres = serialize($GenreArray);
} else {
    $genres = ''; // this is in case user selects nothing (to be on the safe side)
}

to:

if(isset($_POST['Genre'])) {
    $genres = serialize($_POST['Genre']);
} else {
     $genres = ''; // this is in case user selects nothing (to be on the safe side)
}

$GenreArray is not existing in this code.

As you can see the $_FILES['Poster'] is still an array. You have to change the code for the $Poster variable to:

$Poster = $_FILES['Poster']['name'];

or better also escape it (since it can contain quotes):

$Poster = mysql_real_escape_string($_FILES['Poster']['name']);

Once you do this you can remove the die statement (comment it out for now).

Sorry, my fault. The correct code is:

die(print_r($_FILES, 1));

Please post the output.

The third value in the query says 'Array'. The poster is supposed to be there, but it is an array that could not be converted to a string. In other words the code

$Poster = $_FILES['Poster'];

seems to be returning an array. Can you change the debug code (the die statement) to:

die($_FILES);

and post what you get displayed.

And another thing. The query gets also corrupted because of the single quote in the synopsis text (... Marion's relatives). You have to escape all the single quotes in the input fields for two reasons: first: they can corrupt your query (like in your example) and second: they enable the most dangerous attack - the SQL injection. To escape input use mysql_real_escape_string function like this:

$Synopsis = mysql_real_escape_string($_POST['Synopsis']);

The query will now look like this: ... Marion\'s relatives (see the escaped single quote). Use escaping on all fields.

OK, let's do some basic debugging. In order to do that you have to change the code slightly. First you have to assign a query to a variable (say $query) and then use this variable in a mysql_query command. But before using it we will display the query for inspection. Try this code:

    include_once('db.php');

    if($_SERVER['REQUEST_METHOD'] == 'POST'){ 
    $Movie_Name = $_POST['Movie_Name'];
    $Poster = $_FILES['Poster'];
    if(isset($GenreArray)) {
    $genres = serialize($GenreArray);
    } else {
     $genres = ''; // this is in case user selects nothing (to be on the safe side)
    }
    $IMDB_Rating = $_POST['IMDB_Rating'];
    $Quality = $_POST['Quality'];
    $Year = $_POST['Year'];
    $Trailer = $_POST['Trailer'];
    $Synopsis = $_POST['Synopsis'];
    }

    // the query
    $query = "INSERT INTO movieinfo VALUES ('','$Movie_Name','$Poster', '$genres', '$IMDB_Rating', '$Quality', '$Year', '$Trailer','$Synopsis')";

    // temporary debug code
    die($query);

    if (mysql_query ($query))
        echo "Successfull";
    else
        echo "Failed"; // you were missing a semocolon here !!!

This code will assemble the query, display it on the screen and stop. Please post the displayed query here.

The trouble is probably in the following statement on line 15:

if (mysql_query ("INSERT INTO movieinfo VALUES ('','$Movie_Name','$Poster', '$GenreArray', '$IMDB_Rating', '$Quality', '$Year', '$Trailer')"))

where you are trying to use the $GenreArray variable, which is of an array type instead of a string. I suppose you want to save genres as a comma separated string. In that case you have to implode the array $GenreArray using the comma as a glue before using it in a query:

if(isset($GenreArray)) {
    $genres = implode(',', $GenreArray);
} else {
    $genres = ''; // this is in case user selects nothing (to be on the safe side)
}

if (mysql_query ("INSERT INTO movieinfo VALUES ('','$Movie_Name','$Poster', '$genres', '$IMDB_Rating', '$Quality', '$Year', '$Trailer')"));

When you read the data back from the database use explode, to get an array.

The other option is to serialize the $GenreArray array before using it in a query.

if(isset($GenreArray)) {
    $genres = serialize($GenreArray);
} else {
    $genres = ''; // this is in case user selects nothing (to be on the safe side)
}

if (mysql_query ("INSERT INTO movieinfo VALUES ('','$Movie_Name','$Poster', '$genres', '$IMDB_Rating', '$Quality', '$Year', '$Trailer')"));

When you read data back from the database in this case use unserialize to get an array.

To backup a database you use mysqldump command on the db server. You must provide a root password (or dbuser password with appropriate access rights), :

mysqldump -u root -pdyourassword yourdbname > yourdbname_backup.sql

To do it from a php script use the system command:

$result = system('mysqldump -u root -pdyourassword yourdbname > somepath/yourdbname_backup.sql');
if(!result) {
    echo 'Something went wrong when trying to backup the db!';
}

Make sure the user that the web server runs under, has appropriate write access rights for the path where the backup is going to be writen to.

To enable users to download the file, provide the link to the backed up file (make sure that the file is in the publicly accessible folder).

You can also compress the file i.e. using gzip.

Also have a look at this post, too:

http://forums.devshed.com/php-development-5/php-script-download-mysql-dump-315780.html

Is the total field declared as NOT NULL in your table? If it has to have a value you have to make sure the value exists in the query.

You can also check the query if you insert this temporary debug code on line 8:

die($insertSQL);

This will display the constructed query and stop the script. You can examine the query or copy it to phpmyadmin and test it there.

This topic has been already marked as solved but I would like to add useful information that deserves to be added, and this is OWASP top 10 list of vulnerabilities of web apps and guides on how to minimize them. It might be a slightly more complex reading but it is worth it if you do a serious web development.

Do you want to start a war? <= [just kiddin]

Seriously, this is a question you won't get a definite answer to. I think both are good. PHP for me is better since I know it :-) (or at least I think I do). As far as I know PHP has more installations worldwide. An not to forget, PHP is open source.

You declared $pass variable but used $password in the query. And also you should check for existence of the data sent from the form and only if it exist query the database.

In additon to that you should use quotes when queryinig for strings.

And in addition to that you should clean the strings before sending them to the database to avoid injection attacks. So:

if(isset($_POST['email']) && isset($_POST['password'])) {
    $email = mysql_real_escape_string($_POST['email']);
    $password = mysql_real_escape_string($_POST['password']);

    ...

    $result = mysql_query("SELECT id FROM users WHERE email = '$email' AND password = '$password'");
}

And if I may add: you are using the almost obsolete mysql_* functions which are going to be kicked out of php soon. I strongly suggest you switch to mysqli API or PDO.

It will, when you correct a couple of mistakes:

1. the ?> end tag goes before the <form> tag
2. the if (isset($_POST['pay'])) should be changed to if (isset($_POST['print']))

I would (personaly) put the whole form processing in another file and cahnge the action attribute of the form to point to that file. Just my approach.

The condition for granting a login is incorrect:

if($result)
{
    echo "Login granted. <br>";
    ...

The fact is that whatever you get with the select query yields a result (even empty resultset). The $result variable is not your result yet, but just a special type - a mysqli_result object that will help you retrieve row(s). So the code

$row=mysqli_fetch_array($result);

retrieves the actual data. You have to compare it to the data entered into the form to confirm the login or at least check (count) if the $row array exist. So something like this:

require("C:\wamp\www\Onex\connect_db.php");
if(isset($_POST['login']) && !empty($_POST['login'])) {
    $uname = mysqli_real_escape_string($_POST['uname']);
    $pass = mysqli_real_escape_string($_POST['pass']);
    $login_query="select * from register where username='$uname' and password='$pass'";
    $result = mysqli_query($con,$login_query);
    if($result)
    {
        $row=mysqli_fetch_array($result);

        if(
            isset($row["username"]) && 
            isset($row["password"]) && 
            $row["username"] == $uname && // this is not strictly necessary
            $row["password"] == $pass // this is not strictly necessary
        ) {
            echo "Login granted. <br>";
            echo " Username: ".$row["username"]." and Password: ". $row["password"];
        } else {
            echo "Incorrect login. Please try again.";
        }
    } else {
        echo "Incorrect login. Please try again.";
    }
}
mysqli_free_result($result);
mysqli_close($con);

"Select query returns a result set upon success, whereas Insert query returns a true value upon success"

This just means that INSERT query returns true if it succeeds to insert the data into database. On the contrary the SELECT query return rows. If query is unsuccessful it returns false in both cases. It is good idea if you check for this (as IIM suggested).

But query within is getting fired up for wrong credentials

What exactly is happening? What do you get?

Do tell me if i need to add snaps ?

Are you talking about spirit that Germans lovingly call snaps? If yes it might help, but do not overdose :-) Just kidin. Yes if you have snapshots that might help.

Other issues with your code:

• check first if the username posted from the form conforms to basic rules (min and max length, allowed characters etc); if not return the user to the login page
• escape the strings before sending them to the database!!!!!!!!!!! (you can use mysqli_real_escape_string function)
• hash the password, do not store the plaintext of it in the database
• count the rows read from the database. if 0 - no match, if 1 - perfect match, if > 1 - something went wrong (same user saved many times)
• do not let the user know what went wrong so instead of "No such user registered." echo "Wrong credentials, please try again.". No need to help the potential attackers.

I took some time to have a closer look at the jquery code as well. I changed it a bit to make it clear and working. See the comments in the code and consider the following:

• I made the template containing the filter (the three select elements within a div) hidden: <div id="template" style="display:none;">; this template is only used for clonning when user clicks +. This is neccessary to get the filter clonned before it gets chained (otherwise you can not clone select elements with all the possible values)
• the template is within the div with id=template, while the added filters are within the div with id=filters
• upon clonning the id of the clonned div has to be changed from the 'template' to filter + somesequentalnumber
• upon clonning also the id and name attributes of the select elements have to be changed (just by adding same somesequentalnumber to them)
• after that the select elements have to be chained
• on page load the first set of select elements is cloned, added and chained so you have the first filter (the template filter remains hidden)
• when you process the $_POST array you first unset (remove) the elements that you actually do not need (the submit button and the values of the three template select elements)

I hope this is what you are after. Also I hope that changing the code did not break your existing project. But this way it is clear how everything works.

This is the changed code:

<?php …

but even without adding any additional elements, if i print the values using php, I am not getting what I have selected. instead, i am getting the first element in the <option>.

I have had a look at the jquery code. The problem is that you call the $('#clone').click() on line 54 of your last posted code. This function call generates a new set of select elements immediately on page load and this set is hidden. The elements have the same name attributes as the first set that is visible. Upon clicking of a submit button the unchanged values of the second hidden set override the selected values of the first set in the $_POST array.

The solution is to remove the call to the .click() function on line 54 and let the user call it by clicking on + sign (which is how this method should be used).

The problem of same name attributes still remains though. The jquery code should be amended to assign different names to new sets of select elements. I am not an expert in jquery but will have a look at it once I find time.

There are two problems:

1. The new select elements do not get inserted within exiting form tags but outside. Probably the div with the id=filter should be inside the form.
2. the newly inserted select elements all have the same name which is semester. You have to make up a logic in the js script that will assign a sequential name attribute to each inserted select element.

Select names should not have the [] appended to them (you use this approach for grupped elements like radio button or checkbox groups). So:

<select class="semester" name="semester">

The third select element does not have a name attribute at all, so add it.

And this is how you display the values:

if(isset($_POST['submit'])) {
    foreach($_POST as $value) {
        echo $value;
    }
}

I you do not want to use the 'submit' element, you can skip it:

if(isset($_POST['submit'])) {
    foreach($_POST as $key => $value) {
        if($key != 'submit') {
            echo $value;
        } 
    }
}

What about savings replys? How i can store in database?

On furm submit save the answers. If second answer is yes, save also the third answer. Do an INSERT query to save to DB. Do not use mysql extension, use PDO or at least mysqli

In addition, i need to generate report by pie chart or something like that..

Use jqplot library or similar javascript library for generating charts

Hi

I have just replied on a post that was posted 43 years ago. My reply was also 43 years ago. I had that feeling that time just flies lately but this might be a little too fast. Or is it just some issue with unix time.

This is the link to the article.
http://www.daniweb.com/web-development/php/threads/461757/feedback-system-phpmysql#post2008638

EDIT: it is back to normal. I was just extremely lucky to whitnes this extraordinary event for a very short time.

I have already done that. Have a look at your personal messages.

If you click on my avatar or name on the left side of the post you get to my profile page. Find a button there that says Send private message. I have just sent you a provate message so you can also just reply to it.

If you look at the source code for the html in browser you will see a script inserted into the jquery load method (probably through the search box):

// the script is inserted after this code
$("#result").load("search-data.php?keyword=

The script is encoded in a way using character codes, and you can decode it using fromCharCode function. This code is then executed using eval. It checks/sets a cookie and opens an iframe, positioned off your screen. The source for the iframe is a php script (http://davidedwardsphotos.com/cubsdb/64P2WFxK + php exstencion) which I could not access anymore.

See the code in attached pdf.

It is important that you sanitize all input by removing all the tags from the input data using i.e htmlspecialchars() function if there is a chance that the input will get to the html code (as in your case).

Many solutions to that. Basically you have to have two columns for each value in different languages. The field names can have language in their names (such as comment_en, comment_fr for english and french languages). The language is stored somewhere (like in a cookie, in a session or as user preference). So if using a session variable you would select a comment in selected language like this:

if(isset($_SESSION['lang'])) {
    // read the language abbreviation if set
    $lang = $_SESSION['lang'];
} else {
// otherwise set to default (english)
    $lang = 'en';
}
$query = "SELECT comment_$lang FROM comments";

If you would like to provide interactive change of language, you can put language in querystring (or use ajax in specific cases).

The problem is that $offerpricepl is not defined yet in the first iteration of the while loop. Put the test first and then echo the row:

...
while($row1 = mysql_fetch_array($result1)){  

    // this is the heading row
    echo "<tr><td>" . "Selection" . "</td><td>" . "Profit/Loss" . "</td></tr>";

    // now define the value of the $offerpricepl variable
    if ($row1['selection']=='eur/usd')
                {
                $bidpricepl=$bid;


            $offerpricepl=$bid1;

            }
    elseif ($row1['selection']=='usd/jpy')
            {
            $bidpricepl=$bid2;

            $offerpricepl=$bid3;

            }
    elseif ($row1['selection']=='usd/cad')
            {
            $bidpricepl=$bid4;

            $offerpricepl=$bid5;

            }
    elseif ($row1['selection']=='eur/jpy')
            {
            $bidpricepl=$bid6;

            $offerpricepl=$bid7;

            }
    elseif ($row1['selection']=='eur/chf')
            {
            $bidpricepl=$bid8;

            $offerpricepl=$bid9;

            }
    elseif ($row1['selection']=='gbp/usd')
            {
            $bidpricepl=$bid10;

            $offerpricepl=$bid11;

            }
    elseif ($row1['selection']=='aud/usd')
            {
            $bidpricepl=$bid12;

            $offerpricepl=$bid13;

            }
    elseif ($row1['selection']=='usd/chf')
            {
            $bidpricepl=$bid14;

            $offerpricepl=$bid15;

            }

    // now you can use the $offerpricepl variable
    echo "<tr><td>" . $row1['selection']."<td>".$offerpricepl. "</tr>";
}
echo "</table><br>";

The code would be also cleaner if you used switch instead of if / elseif.

Also I do not know why heading row must be repeated each iteration.

In real life nothing is 100% secure. But if you are opening access only for a short time (only for assessment), you should be quite safe. Nevertheless consider the following:

Your phpmyadmin should be configured securely: create a user for your teacher, grant him only the necessary privileges, allow him to access only from predefined IP address (or range).

Also mysql should be installed securely (I hope you ran mysql secure installation script).

Make sure your webserver is setup securelly, too. You can google for tips about that (i.e. if you are using XAMP google for xamp security).

Shut down unnecessary services, especially insecure ones (ftp, telnet...).

How to make a captcha code unhackable ?

What do you mean by this? Captcha is meant to protect against automated scripts and robots (it tries to confirm that the human is using the service). It is not meant to protect from unaothorised access fom hackers.

How to many ways a hacker can hack a web ?

Most common: SQL injection, Cross site scripting or XSS, session hijacking, but there are many others.

A good starting point for securing your web app is OWASP, escpecially the OWASP top ten cheat sheet.

Why did i got my comment voted down ?

I can't see any downvotes on your comment.

Many issues here:

• database is a mysql reserved word so it is a bad idea to use it for the table name (and is missguiding also), but if you insist, enclose it in backticks
• sending two queries is not necessary if you retrieve all data with the first one
• escape all the values from $_REQUEST before using them in queries otherwise you risk an SQL injection attack: $username = mysql_real_escape_string($_REQUEST['username']);
• better use $_POST and $_GET arrays instead of $_REQUEST since you already use GET and POST in the same script
• check for existence of values before using them: if(isset($_REQUEST['username'])) ...
• mysql database extension is very old, witch to mysqli or even better to PDO

First try to turn error_reporting to E_ALL and display_errors to on in the php.ini. Your script probably has some errors but the errors aren't displayed (just my guess).

If the other issue is not related then please mark this thread as solved and start a new one.

The nature of the forum is such that all memebers see the topic and the ones that have time try to help. Everyone gains by learnig solutions to various problems. This is why I would prefer that we carry on through the forum not on skype. I do not have much time to offer you a full time assistance and also am on a 3G connection most of the time (limited bandwith and traffic) so Skype is not my favourite way of communication.

So try to describe the problem as clearly as possible, post the relevant code and help will come sooner or later.