Web Dev Rob 6

Just to double check, the file you posted is called upload.php, as that is where your form data is being posted. If so, change the submit button code to the following and report back:

[CODE]
if ( isset($_POST['submit']) ) {

$name = $_FILES['myfile']['name'];
$tmp_name = $_FILES['myfile']['tmp_name'];
$location = "avatars/$name";
move_uploaded_file($tmp_name,$location);
$query = mysql_query("UPDATE Persons SET imagelocation='$location' WHERE Id ='$Id'");

echo $_FILES['myfile']['error']; //the error message returned

}
[/CODE]

Web Dev Rob 6

Following works for me fine:

[CODE]$name = $_GET['record'];
$the_catagory = $_POST['catagory']; //the variable from the

if ($the_catagory == "players") {

} elseif ($the_catagory == "events") {

} elseif ($the_catagory == "sales") {

}[/CODE]

Web Dev Rob 6

Can you post the html for your form and say what fields you want excluding. I'll post up some updated code then :)

Web Dev Rob 6

To bold the text you'll need to send the email in html format, you'll need to add some extra headers and pass them to the mail function, so you have your code the same but add the following:

[code=php]
$headers = 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\n";
$headers .= "From: noreply@youremail.com" . "\n";

$send_contact = mail($to, $subject, $message, $headers );
[/code]

That extra option line outpoutting is weird. What is outputted to the screen when you add the following after your loop?

[code=php]
echo $job_output;
die();
[/code]

Web Dev Rob 6

Slightly off topic, you should clean the contents of $_POST['search'] before using it in the SQL query as $search=$_POST['search'] represents a security risk

Web Dev Rob 6

[QUOTE=bkimbriel;1471590]Thank you so much! That worked perfect. Any clue as to why Option 1 keeps showing up though?

It displays perfect now except with...

Job 1 - Option 1 - Quantity 1
Job 2 - Option 2 - Quantity 2

  • Option 1 -[/QUOTE]

Can you post your updated code?

Web Dev Rob 6

Slightly off topic, but have you considored using MySQL's full text searching instead of LIKE?

Web Dev Rob 6

[QUOTE=evstevemd;1471557]
What are risks when uploading files other than limiting some extensions (like exe's)?[/QUOTE]

That also depends on how you're checking your extension. E.g. say you're getting the extension from the filename via $_FILES['myfile']['name'] using PHP's string functions, the value of $_FILES['myfile']['name'] can be faked. For images you can use [URL="http://www.web-design-talk.co.uk/280/php-image-upload-checking/"]PHPs image functions to check the file type[/URL].

Alternatively, you should use the fileinfo PECL extension.

You also have risks with people inserting malicious code into images, uploading them, then executing the file on your server - you could use the above mentioned PECL extension or [url]http://en.wikipedia.org/wiki/Magic_number_(programming)#Magic_numbers_in_files[/url]

You should also considor where the actual file is being uploaded on server (you shoiuld diable script exection on the upload directory), the maximum file size, if your user could find this location and if the file is directly accessible, once uploaded.

There is also a risk of a denial of service atatck if the user uploads many large files - you should place a limit on the number of files a user is able to upload in a given time period.

Sure there are loads more, can't think of anymore of the top of my head :)

Stefano Mtangoo commented: thanks for that +6

Web Dev Rob 6

To output the job as you want, there are a few ways. YOu could remove your three 3 loops and have a single loop:

[code=php]
while(list($key,$value) = each($_POST['job'])) {

$job = $_POST['job'][$key];
$material = $_POST['material'][$key];
$quantity = $_POST['material'][$key];

$job_output .= $job . ' - ' . $material . ' - ' . $quantity . "\n";

}
[/code]

This will output your jobs like:

Job 1 - Option 1 - Quantity 1
Job 2 - Option 2 - Quantity 2