0

I've just launced a site and members sign up and create profile pages. We are discovering if they type the "&" symbol and/or other symbols like "<" it results in a catchable fatel error when you try to go to that members profile page.

Please Help!

4
Contributors
13
Replies
14
Views
7 Years
Discussion Span
Last Post by metalix
0

Where would the problem most likely be? I ask because there's the php page where the member types and submits thier bio, there's a different php page that displayes the bio, and there's xml pages that are handeling all the transfering.
I'll include a part of the code I think may be the problem and I'll include the site link below for your referance.

Public profile php:

//wrap profile summary
	if(strlen($dtrData["summary"]) > 100){
		$dtrData["summary"] = wordwrap($dtrData["summary"], 100, "<br />", true);
	}
	Footprint::$Page->GetNodesByDataSet("label", "summary")->SetInnerHTML(Codec::HTMLEncode(str_replace(array("<br>", "<br />", "</br>"), "\n", $dtrData["summary"])));

html being included in php:

<div class="artistBio"><span style="font-size:24px; color:#21242c; font-weight:bold;">About <span data-label="name_artist">name_artist</span></span>
        		<pre data-label="summary">summary</pre></div>

xml code:

<command id="get-profile-data">
			SELECT
				account.id AS account_id,
				account.fk_user_id,
				account.name_first,
				account.name_last,
				account.name_artist,
				account.country,
				account.summary
</command>

The site is www.bumpitordumpit.com, if you click on the members link to go to the member directory then scroll down or do a search for "Sentinel". Click on the members picture and you will see the errar that we are getting. Not all of the profiles are doing this... I even noticed one a few minutes ago that had a "&" symbol in the bio and it was fine, so now I don't know what the problem is.

Thank you for any help you can give.

0

Can you post a code sample of the page

Sorry didn't reply to you directly but I just posted some code and stuff to look at.
Thanks

0

can you post the full page codes because i dont think the error is on that page

0

can you post the full page codes because i dont think the error is on that page

How do I do that? just copy all the code here? Which page do you want to see... or do you mean all of them?

0

copy and paste the page that is coming from. the page where the users are typing the symbol

0

copy and paste the page that is coming from. the page where the users are typing the symbol

Ok, here it is. Also, i have another php file that has xmlencoding and stuff on it. I've pasted that below this first section

php code:

<?php
require_once($_SERVER["DOCUMENT_ROOT"] ."/_GLOBAL/init.php");
//##########################################################################################
	
//--> Begin :: Page
	//open database
	Footprint::$DB->Open();
	
	//require session
	Footprint::$User->RequireSession();
	
	//require account session
	Extension::$Account->RequireSession();
	
	//require permission
	Footprint::$User->ContinueOrDenyPermission("1022");
	
	//get page template
	Footprint::$Page->LoadFile(Footprint::FilePath("account/profile.html"), Footprint::$RootPath);
	
	//set login link
	Extension::$System->LoginLink();
	
	//get query data
	$inpPage = Footprint::$Request->Input("page", "1");
	$inpResultsPerPage = Footprint::$Request->Input("results_per_page", "20");
	
	//get form data
	$inpAction = Footprint::$Request->Input("action");
	$inpUsername = Footprint::$Request->Input("username");
	$inpEmail = Footprint::$Request->Input("email");
	$inpPassword = Footprint::$Request->Input("password");
	$inpPasswordConfirm = Footprint::$Request->Input("password_confirm");

	$inpNameArtist = Footprint::$Request->Input("name_artist");
	$inpNameFirst = Footprint::$Request->Input("name_first");
	$inpNameLast = Footprint::$Request->Input("name_last");
	$inpSummary = Footprint::$Request->Input("summary");
	$inpSex = Footprint::$Request->Input("sex");
	$inpAge = Footprint::$Request->Input("age");
	$inpCountry = Footprint::$Request->Input("country");
	//$inpZip = Footprint::$Request->Input("zip");
	
	//get listing photo input data
	$inpLabel = Footprint::$Request->Input("label");
	$inpPhotoID = Footprint::$Request->Input("account_photo_id");
	
	//validate data
	if($inpAction == "Update") {
		if($inpUsername == "") {
			Footprint::$Errors->Add("Please supply a username.");
		}
		else {
			if(!Footprint::$User->IsUsernameAvailable($inpUsername, Footprint::$Request->Session("user_id"))) {
				Footprint::$Errors->Add("That username is not available.");
			}
		}
		if($inpEmail == "") {
			Footprint::$Errors->Add("Please supply an email address.");
		}
		else {
			if(!DataValidator::IsValidEmail($inpEmail)) {
				Footprint::$Errors->Add("Please supply a valid email address.");
			}
			else {
				if(!Footprint::$User->IsEmailAvailable($inpEmail, Footprint::$Request->Session("user_id"))) {
					Footprint::$Errors->Add("That email address is not available.");
				}
			}
		}
		if($inpPassword == "") {
			//do nothing
		}
		else {
			if($inpPasswordConfirm == "") {
				Footprint::$Errors->Add("You must also confirm the password.");
			}
			if($inpPassword != "" && $inpPasswordConfirm != "") {
				if($inpPassword != $inpPasswordConfirm) {
					Footprint::$Errors->Add("Your passwords you entered did not match.");
				}
			}
		}
		if($inpNameFirst == "") {
			Footprint::$Errors->Add("Please supply your first name.");
		}
		if($inpNameLast == "") {
			Footprint::$Errors->Add("Please supply your last name.");
		}
		if($inpSex == "") {
			Footprint::$Errors->Add("Please supply your sex.");
		}
		if($inpAge == "") {
			Footprint::$Errors->Add("Please supply your age.");
		}
		if(!DataValidator::IsInt($inpAge)){
			Footprint::$Errors->Add("Please supply your age.");
		}
		if($inpCountry == "") {
			Footprint::$Errors->Add("Please supply your country.");
		}
		//if($inpZip == "") {
			//Footprint::$Errors->Add("Please supply your zip code.");
		//}
	}
	if($inpAction == "Upload") {
		if(Footprint::$Request->File("file") == null){
			Footprint::$Errors->Add("Please supply photo to upload.");
		}
	}
	//check for action
	if(Footprint::$Errors->Count() == 0 && $inpAction == "Update") {
		//update user
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-user", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%username%", $inpUsername);
		Footprint::$DB->SQLKey("%email%", $inpEmail);
		Footprint::$DB->SQLKey("%password%", $inpPassword);
		Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->ExecuteNonQuery();
		
		//update account
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-account", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%name_first%", $inpNameFirst);
		Footprint::$DB->SQLKey("%name_last%", $inpNameLast);
		Footprint::$DB->SQLKey("%name_artist%", $inpNameArtist);
		Footprint::$DB->SQLKey("%summary%", $inpSummary);
		Footprint::$DB->SQLKey("%sex%", $inpSex);
		Footprint::$DB->SQLKey("%age%", $inpAge);
		Footprint::$DB->SQLKey("%country%", $inpCountry);
		//Footprint::$DB->SQLKey("%zip%", $inpZip);
		Footprint::$DB->SQLKey("%account_id%", Footprint::$Request->Session("account_id"));
		Footprint::$DB->ExecuteNonQuery();
		
		//notify user
		Footprint::$Notices->Add("Your account has been updated.");
	}
	//- - - - - - - - - - - - - - - - - - - -//
	if($inpAction == "Upload") {
		//prepare destination path
		$ImagesDirectory = Footprint::FilePath("_MEDIA/photos/");
		$FileInfo = pathinfo(Footprint::$Request->File("file")->FileName);
		$FileName = "img_". rand() .".". ($FileInfo["extension"] == "" ? "jpg" : $FileInfo["extension"]);
		$FullSavePath = $ImagesDirectory . $FileName;
		
		chmod($ImagesDirectory, 0755);
		
		//save file
		Footprint::$Request->File("file")->SaveAs($FullSavePath);
		
		//create new listing photo
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("create-new-photo", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->SQLKey("%label%", ($inpLabel == "" ? "N/A" : $inpLabel));
		Footprint::$DB->SQLKey("%filename%", $FileName);
		Footprint::$DB->ExecuteNonQuery();
		
		//close database
		Footprint::$DB->Close();
		
		//redirect back here
		Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php");
		Footprint::$Response->Finalize();
	}
	//- - - - - - - - - - - - - - - - - - - -//
	if($inpAction == "Delete Photo") {
		//get current data
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID);
		$FileName = Footprint::$DB->GetDataString();
		
		//delete file
		unlink(Footprint::FilePath("_MEDIA/photos/". $FileName));
		
		//delete listing photo
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("delete-photo", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID);
		Footprint::$DB->ExecuteNonQuery();
		
		//close database
		Footprint::$DB->Close();
		
		//redirect back here
		Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php");
		Footprint::$Response->Finalize();
	}
	//- - - - - - - - - - - - - - - - - - - -//
	if($inpAction == "Delete Account") {
		//set user id to inactive
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("set-user-record-inactive", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->ExecuteNonQuery();
		
		//close database
		Footprint::$DB->Close();
		
		//redirect back here
		Footprint::$Response->RedirectURL = Footprint::URL("login/logout.php");
		Footprint::$Response->Finalize();
	}
	//end check for action
	
	//get data
		//setup data pager
		Footprint::$DataPager->RecordsPerPage = $inpResultsPerPage;
		Footprint::$DataPager->CurrentPage = $inpPage;
		
		//start timer
		Footprint::$Timer->Start();
		
		//get data
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo-records", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->SQLKey("%record_to_start%", Footprint::$DataPager->RecordsPerPage * (Footprint::$DataPager->CurrentPage - 1));
		Footprint::$DB->SQLKey("%records_per_page%", Footprint::$DataPager->RecordsPerPage);
		$tblData = Footprint::$DB->GetDataTable();
		
		//stop timer
		Footprint::$Timer->Stop();
		
		//get total record count
		Footprint::$DataPager->TotalRecords = Footprint::$DB->GetFoundRows();
	//end get data
	
	//data results
		//get blank chunk
		$BlankChunk = Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->GetDOMChunk();
		
		//build results
		for($i = 0 ; $i < count($tblData); $i++) {
			$BlankChunk->Begin();
			$BlankChunk->Root()->SetAttribute("class", ($i % 2 == 0 ? "alt" : ""));
			$BlankChunk->GetNodesByDataSet("field", "account_photo_id")->SetAttribute("value", $tblData[$i]["photo_id"]);
			$BlankChunk->GetNodesByDataSet("label", "photo_path")->SetAttribute("src", Footprint::URL("_MEDIA/photos/view.php?f=". $tblData[$i]["filename"]));
			$BlankChunk->GetNodesByDataSet("label", "photo_link")->SetAttribute("href", Footprint::URL("_MEDIA/photos/". $tblData[$i]["filename"]));
			$BlankChunk->GetNodesByDataSet("label", "label")->SetInnerText($tblData[$i]["label"]);
			$BlankChunk->End();
		}
		if(count($tblData) > 0) {
			//render chunk
			$BlankChunk->Render();
			
			//remove no_results_row
			Footprint::$Page->GetNodesByDataSet("label", "no_results_row")->Remove();
		}
		else{
			//remove blank_results_row
			Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->Remove();
		}
		
		//set photo limit - if there are already 1 photos uploaded - remove form
		if(count($tblData) == 1) {
			//remove photo_upload_form
			Footprint::$Page->GetNodesByDataSet("label", "photo_upload_form")->Remove();
		}
		
		//replace paging info
		Footprint::$Utility->ApplyDataPaging(Footprint::URL("account/profile.php"));
	//end data results 
	
	//get current data
	Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-profile-data", Footprint::FilePath("account/profile.sql.xml"));
	Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
	$dtrData = Footprint::$DB->GetDataRow();
	
	//check for post back
	if($inpAction == "" && Footprint::$DB->GetFoundRows() > 0) {
		$inpUsername = $dtrData["username"];
		$inpEmail = $dtrData["email"];
		$inpNameFirst = $dtrData["name_first"];
		$inpNameLast = $dtrData["name_last"];
		$inpNameArtist = $dtrData["name_artist"];
		$inpSex = $dtrData["sex"];
		$inpAge = $dtrData["age"];
		$inpCountry = $dtrData["country"];
		//$inpZip = $dtrData["zip"];
		$inpSummary = $dtrData["summary"];
	}
	
	//replace page elements
		//selected tab
		Footprint::$Page->GetNodesByDataSet("label", "tab_profile")->SetAttribute("class", "selected");
		
		//username
		Footprint::$Page->GetNodesByDataSet("label", "username")->SetInnerText(ucfirst(Footprint::$Request->Session("username")));
		
		//form elements
		Footprint::$Page->GetNodesByDataSet("label", "footprint_alerts")->SetInnerHTML(Footprint::$Utility->GetAlerts());
		Footprint::$Page->GetNodesByDataSet("field", "username")->SetAttribute("value", $inpUsername);
		Footprint::$Page->GetNodesByDataSet("field", "email")->SetAttribute("value", $inpEmail);
		Footprint::$Page->GetNodesByDataSet("field", "password")->SetAttribute("value", $inpPassword);
		Footprint::$Page->GetNodesByDataSet("field", "password_confirm")->SetAttribute("value", $inpPasswordConfirm);
		Footprint::$Page->GetNodesByDataSet("field", "name_first")->SetAttribute("value", $inpNameFirst);
		Footprint::$Page->GetNodesByDataSet("field", "name_last")->SetAttribute("value", $inpNameLast);
		Footprint::$Page->GetNodesByDataSet("field", "name_artist")->SetAttribute("value", $inpNameArtist);
		Footprint::$Page->GetNodesByDataSet("field", "sex")->GetNodesByAttribute("value", $inpSex)->SetAttribute("selected", "selected");
		Footprint::$Page->GetNodesByDataSet("field", "age")->SetAttribute("value", $inpAge);
		Footprint::$Page->GetNodesByDataSet("field", "country")->GetNodesByAttribute("value", $inpCountry)->SetAttribute("selected", "selected");
		//Footprint::$Page->GetNodesByDataSet("field", "zip")->SetAttribute("value", $inpZip);
		Footprint::$Page->GetNodesByDataSet("field", "summary")->SetInnerHTML($inpSummary);
	//end replace page elements
	
	//close database
	Footprint::$DB->Close();
	
	//finalize request
	Footprint::$Response->Finalize(Footprint::$Page->ToString());
	
	
//<-- End :: Page

//##########################################################################################
?>

html code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<?xml-stylesheet type="text/xml" href="_THEME/account/profile.xsl"?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>My Account Profile</title>
<link href="../_THEME/account/profile.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="account/profile.js" type="text/javascript"><!--*--></script>
</head>
<body>
<div xslt-region="nav">Profile</div>
<div id="bodycontent">
	<div id="header">
		<div id="leftColum">
    		<div id="profileImage"><img src="../_THEME/account/media/profile-image.png" data-label="profile_image" width="187" height="162" /></div>
    	</div>
    
    	<div id="rightColum">
    		<div class="artistNamebar">
        		<div style="padding-right:75px;">
          			<div class="subTab"><a id="tablink" href="account/tracks.php" title="Tab Link"><span>Track List</span></a></div>
         			<div class="subTab"><a id="tablink-static" href="#" title="Tab Link"><span>Edit Profile</span></a></div>
          			<div class="subTab"><a id="tablink" href="profile/index.php" title="Tab Link"><span>View Profile</span></a></div>
         			 <div class="subTab"><a id="tablink" href="account/index.php" title="Tab Link"><span>Home</span></a></div>
        		</div>
        		<div class="starIcon"></div>
        		<div class="artistName"><span class="name" data-label="username">username</span></div>
      		</div>
            
            <div class="bottom-padding">
            <form action="" method="post" name="form" id="form">
    <span data-label="footprint_alerts">footprint_alerts</span>
    <table border="0" cellpadding="3" cellspacing="0" class="form" data-label="register-table">
      <tr class="header">
        <td colspan="2">Login Information</td>
      </tr>
      <tr>
        <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Username:</td>
        <td class="field"><input type="text" data-field="username" maxlength="45" size="20" name="username"/></td>
      </tr>
      <tr>
        <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Email Address: </td>
        <td class="field"><input type="text" value="" maxlength="128" size="30" name="email" data-field="email"/></td>
      </tr>
      <tr>
        <td class="field_label"> Password:</td>
        <td class="field"><input type="password" data-field="password" maxlength="40" size="15" name="password"/></td>
      </tr>
      <tr>
        <td class="field_label"> Confirm Password:</td>
        <td class="field"><input type="password" data-field="password_confirm" maxlength="40" size="15" name="password_confirm"/>
          <br />
          Leave both password fields empty to keep the existing password.</td>
      </tr>
      <tr class="header">
        <td colspan="2">Account Information</td>
      </tr>
      <tr>
        <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Artist Name: </td>
        <td class="field"><input type="text" value="" maxlength="90" size="25" name="name_artist" data-field="name_artist"/></td>
      </tr>
      <tr>
        <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> First  Name:</td>
        <td class="field"><input type="text" value="" maxlength="90" size="25" name="name_first" data-field="name_first"/></td>
      </tr>
      <tr>
        <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Last Name: </td>
        <td class="field"><input type="text" value="" maxlength="90" size="25" name="name_last" data-field="name_last"/></td>
      </tr>
      <tr>
        <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Summary: </td>
        <td class="field"><textarea data-field="summary" name="summary" cols="50" rows="10"></textarea></td>
      </tr>
          <tr>
            <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Sex: </td>
            <td class="field"><select name="sex" data-field="sex">
                <option value="">---- Select a Sex ----</option>
                <option value="f">Female</option>
                <option value="m">Male</option>
              </select>
            </td>
          </tr>
          <tr>
            <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Age: </td>
            <td class="field"><input type="text" value="" maxlength="7" size="10" name="age" data-field="age"/></td>
          </tr>
          <tr>
            <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Country: </td>
            <td class="field"><select name="country" data-field="country">
                <option value="">---- Select a Country ----</option>
                <option value="United States">United States</option>
              </select>
            </td>
          </tr>
          <!--<tr>
            <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Zip Code: </td>
            <td class="field"><input type="text" value="" maxlength="90" size="25" name="zip" data-field="zip"/></td>
          </tr>-->
      <tr>
        <td class="label">&#160;</td>
        <td class="field"><input type="submit" value="Update" name="action"/></td>
      </tr>
      <tr>
        <td class="label">&#160;</td>
        <td class="field"><input type="submit" value="Delete Account" name="action" data-field="button_delete_account"/></td>
      </tr>
    </table>
  </form>
  			<br />
 		 	<fieldset data-label="photo_container">
  <legend>Photos</legend>
  <form action="" method="post" name="form" id="form" enctype="multipart/form-data" data-label="photo_upload_form">
    <table border="0" cellpadding="3" cellspacing="0" class="form">
      <tr>
        <td class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Label:</td>
        <td class="field"><input type="text" value="" maxlength="255" size="25" name="label" data-field="label"/></td>
      </tr>
      <tr>
        <td valign="top" class="field_label"><img src="../_MEDIA/icon-required.gif" alt="Required Field" width="15" height="15" align="absmiddle" /> Photo:</td>
        <td class="field"><input type="file" name="file" data-field="file"/><br />
<span style="color:#666; font-size:12px;">Photos can be .jpg or .png <br />
(file title should have no-spaces and be all lowercase letters)</span></td>
        
      </tr>
      <tr>
        <td class="label">&#160;</td>
        <td class="field"><input type="submit" value="Upload" name="action" data-field="button_upload"/></td>
      </tr>
    </table>
    <hr />
  </form>
  <table width="100%" border="0" cellpadding="0" cellspacing="0" class="results">
    <tr class="header">
      <td>Photo</td>
      <td>Label</td>
      <td>&#160;</td>
    </tr>
    <tr data-label="blank_results_row">
      <form action="" method="post" name="form" id="form">
        <td><a target="_blank" data-label="photo_link"><img border="0" data-label="photo_path" alt="photo_path" /></a></td>
        <td data-label="label">label</td>
        <td class="wrap_text max_width"><input data-field="button_photo_delete" type="submit" value="Delete Photo" name="action"/>
          <input data-field="account_photo_id" type="hidden" value="" name="account_photo_id"/>
        </td>
      </form>
    </tr>
    <tr data-label="no_results_row">
      <td colspan="7"><h3>No photos found.</h3></td>
    </tr>
  </table>
  <!--xslt-include href="../../_GLOBAL/paging-table.html"-->
  </fieldset>
  </div>
  
    	</div>
        
	</div>
 
</div>
</body>
</html>

XMLEncode code:

//--> Begin Method :: XMLEncode
			public static function XMLEncode($Input) {
				$Input = str_replace("&", "&amp;", $Input);
				$Input = str_replace("<", "&lt;", $Input);
				$Input = str_replace(">", "&gt;", $Input);
				$Input = str_replace("\"", "&quot;", $Input);
				$Input = str_replace("'", "&apos;", $Input);
				return $Input;
			}
		//<-- End Method :: XMLEncode
		
		//##################################################################################
		
		//--> Begin Method :: XMLDecode
			public static function XMLDecode($Input){
				$Input = str_replace("&amp;", "&", $Input);
				$Input = str_replace("&lt;", "<", $Input);
				$Input = str_replace("&gt;", ">", $Input);
				$Input = str_replace("&quot;", "\"", $Input);
				$Input = str_replace("&apos;", "'", $Input);
				return $Input;
			}
		//<-- End Method :: XMLDecode
0

Try the following code below, this is the php code you gave me. replace all the php code you posted on here with this one

What i changed.
i added this line
where it would check for errors

if (ereg('[^A-Za-z0-9]', $inpUsername)) {
			Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
		}

That line means that any character that isn't alphanumeric will be invalid. which means no symbols will be allowed to be entered


Enjoy

<?php
require_once($_SERVER["DOCUMENT_ROOT"] ."/_GLOBAL/init.php");
//##########################################################################################
	
//--> Begin :: Page
	//open database
	Footprint::$DB->Open();
	
	//require session
	Footprint::$User->RequireSession();
	
	//require account session
	Extension::$Account->RequireSession();
	
	//require permission
	Footprint::$User->ContinueOrDenyPermission("1022");
	
	//get page template
	Footprint::$Page->LoadFile(Footprint::FilePath("account/profile.html"), Footprint::$RootPath);
	
	//set login link
	Extension::$System->LoginLink();
	
	//get query data
	$inpPage = Footprint::$Request->Input("page", "1");
	$inpResultsPerPage = Footprint::$Request->Input("results_per_page", "20");
	
	//get form data
	$inpAction = Footprint::$Request->Input("action");
	$inpUsername = Footprint::$Request->Input("username");
	$inpEmail = Footprint::$Request->Input("email");
	$inpPassword = Footprint::$Request->Input("password");
	$inpPasswordConfirm = Footprint::$Request->Input("password_confirm");

	$inpNameArtist = Footprint::$Request->Input("name_artist");
	$inpNameFirst = Footprint::$Request->Input("name_first");
	$inpNameLast = Footprint::$Request->Input("name_last");
	$inpSummary = Footprint::$Request->Input("summary");
	$inpSex = Footprint::$Request->Input("sex");
	$inpAge = Footprint::$Request->Input("age");
	$inpCountry = Footprint::$Request->Input("country");
	//$inpZip = Footprint::$Request->Input("zip");
	
	//get listing photo input data
	$inpLabel = Footprint::$Request->Input("label");
	$inpPhotoID = Footprint::$Request->Input("account_photo_id");
	
	//validate data
	if($inpAction == "Update") {
		if($inpUsername == "") {
			Footprint::$Errors->Add("Please supply a username.");
		}
		if (ereg('[^A-Za-z0-9]', $inpUsername)) {
			Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
		}
		else {
			if(!Footprint::$User->IsUsernameAvailable($inpUsername, Footprint::$Request->Session("user_id"))) {
				Footprint::$Errors->Add("That username is not available.");
			}
		}
		if($inpEmail == "") {
			Footprint::$Errors->Add("Please supply an email address.");
		}
		else {
			if(!DataValidator::IsValidEmail($inpEmail)) {
				Footprint::$Errors->Add("Please supply a valid email address.");
			}
			else {
				if(!Footprint::$User->IsEmailAvailable($inpEmail, Footprint::$Request->Session("user_id"))) {
					Footprint::$Errors->Add("That email address is not available.");
				}
			}
		}
		if($inpPassword == "") {
			//do nothing
		}
		else {
			if($inpPasswordConfirm == "") {
				Footprint::$Errors->Add("You must also confirm the password.");
			}
			if($inpPassword != "" && $inpPasswordConfirm != "") {
				if($inpPassword != $inpPasswordConfirm) {
					Footprint::$Errors->Add("Your passwords you entered did not match.");
				}
			}
		}
		if($inpNameFirst == "") {
			Footprint::$Errors->Add("Please supply your first name.");
		}
		if (ereg('[^A-Za-z0-9]', $inpNameFirst)) {
			Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
		}
		if($inpNameLast == "") {
			Footprint::$Errors->Add("Please supply your last name.");
		}
		if (ereg('[^A-Za-z0-9]', $inpNameLast)) {
			Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
		}
		if($inpSex == "") {
			Footprint::$Errors->Add("Please supply your sex.");
		}
		if($inpAge == "") {
			Footprint::$Errors->Add("Please supply your age.");
		}
		if(!DataValidator::IsInt($inpAge)){
			Footprint::$Errors->Add("Please supply your age.");
		}
		if($inpCountry == "") {
			Footprint::$Errors->Add("Please supply your country.");
		}
		//if($inpZip == "") {
			//Footprint::$Errors->Add("Please supply your zip code.");
		//}
	}
	if($inpAction == "Upload") {
		if(Footprint::$Request->File("file") == null){
			Footprint::$Errors->Add("Please supply photo to upload.");
		}
	}
	//check for action
	if(Footprint::$Errors->Count() == 0 && $inpAction == "Update") {
		//update user
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-user", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%username%", $inpUsername);
		Footprint::$DB->SQLKey("%email%", $inpEmail);
		Footprint::$DB->SQLKey("%password%", $inpPassword);
		Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->ExecuteNonQuery();
		
		//update account
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-account", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%name_first%", $inpNameFirst);
		Footprint::$DB->SQLKey("%name_last%", $inpNameLast);
		Footprint::$DB->SQLKey("%name_artist%", $inpNameArtist);
		Footprint::$DB->SQLKey("%summary%", $inpSummary);
		Footprint::$DB->SQLKey("%sex%", $inpSex);
		Footprint::$DB->SQLKey("%age%", $inpAge);
		Footprint::$DB->SQLKey("%country%", $inpCountry);
		//Footprint::$DB->SQLKey("%zip%", $inpZip);
		Footprint::$DB->SQLKey("%account_id%", Footprint::$Request->Session("account_id"));
		Footprint::$DB->ExecuteNonQuery();
		
		//notify user
		Footprint::$Notices->Add("Your account has been updated.");
	}
	//- - - - - - - - - - - - - - - - - - - -//
	if($inpAction == "Upload") {
		//prepare destination path
		$ImagesDirectory = Footprint::FilePath("_MEDIA/photos/");
		$FileInfo = pathinfo(Footprint::$Request->File("file")->FileName);
		$FileName = "img_". rand() .".". ($FileInfo["extension"] == "" ? "jpg" : $FileInfo["extension"]);
		$FullSavePath = $ImagesDirectory . $FileName;
		
		chmod($ImagesDirectory, 0755);
		
		//save file
		Footprint::$Request->File("file")->SaveAs($FullSavePath);
		
		//create new listing photo
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("create-new-photo", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->SQLKey("%label%", ($inpLabel == "" ? "N/A" : $inpLabel));
		Footprint::$DB->SQLKey("%filename%", $FileName);
		Footprint::$DB->ExecuteNonQuery();
		
		//close database
		Footprint::$DB->Close();
		
		//redirect back here
		Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php");
		Footprint::$Response->Finalize();
	}
	//- - - - - - - - - - - - - - - - - - - -//
	if($inpAction == "Delete Photo") {
		//get current data
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID);
		$FileName = Footprint::$DB->GetDataString();
		
		//delete file
		unlink(Footprint::FilePath("_MEDIA/photos/". $FileName));
		
		//delete listing photo
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("delete-photo", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID);
		Footprint::$DB->ExecuteNonQuery();
		
		//close database
		Footprint::$DB->Close();
		
		//redirect back here
		Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php");
		Footprint::$Response->Finalize();
	}
	//- - - - - - - - - - - - - - - - - - - -//
	if($inpAction == "Delete Account") {
		//set user id to inactive
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("set-user-record-inactive", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->ExecuteNonQuery();
		
		//close database
		Footprint::$DB->Close();
		
		//redirect back here
		Footprint::$Response->RedirectURL = Footprint::URL("login/logout.php");
		Footprint::$Response->Finalize();
	}
	//end check for action
	
	//get data
		//setup data pager
		Footprint::$DataPager->RecordsPerPage = $inpResultsPerPage;
		Footprint::$DataPager->CurrentPage = $inpPage;
		
		//start timer
		Footprint::$Timer->Start();
		
		//get data
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo-records", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->SQLKey("%record_to_start%", Footprint::$DataPager->RecordsPerPage * (Footprint::$DataPager->CurrentPage - 1));
		Footprint::$DB->SQLKey("%records_per_page%", Footprint::$DataPager->RecordsPerPage);
		$tblData = Footprint::$DB->GetDataTable();
		
		//stop timer
		Footprint::$Timer->Stop();
		
		//get total record count
		Footprint::$DataPager->TotalRecords = Footprint::$DB->GetFoundRows();
	//end get data
	
	//data results
		//get blank chunk
		$BlankChunk = Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->GetDOMChunk();
		
		//build results
		for($i = 0 ; $i < count($tblData); $i++) {
			$BlankChunk->Begin();
			$BlankChunk->Root()->SetAttribute("class", ($i % 2 == 0 ? "alt" : ""));
			$BlankChunk->GetNodesByDataSet("field", "account_photo_id")->SetAttribute("value", $tblData[$i]["photo_id"]);
			$BlankChunk->GetNodesByDataSet("label", "photo_path")->SetAttribute("src", Footprint::URL("_MEDIA/photos/view.php?f=". $tblData[$i]["filename"]));
			$BlankChunk->GetNodesByDataSet("label", "photo_link")->SetAttribute("href", Footprint::URL("_MEDIA/photos/". $tblData[$i]["filename"]));
			$BlankChunk->GetNodesByDataSet("label", "label")->SetInnerText($tblData[$i]["label"]);
			$BlankChunk->End();
		}
		if(count($tblData) > 0) {
			//render chunk
			$BlankChunk->Render();
			
			//remove no_results_row
			Footprint::$Page->GetNodesByDataSet("label", "no_results_row")->Remove();
		}
		else{
			//remove blank_results_row
			Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->Remove();
		}
		
		//set photo limit - if there are already 1 photos uploaded - remove form
		if(count($tblData) == 1) {
			//remove photo_upload_form
			Footprint::$Page->GetNodesByDataSet("label", "photo_upload_form")->Remove();
		}
		
		//replace paging info
		Footprint::$Utility->ApplyDataPaging(Footprint::URL("account/profile.php"));
	//end data results 
	
	//get current data
	Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-profile-data", Footprint::FilePath("account/profile.sql.xml"));
	Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
	$dtrData = Footprint::$DB->GetDataRow();
	
	//check for post back
	if($inpAction == "" && Footprint::$DB->GetFoundRows() > 0) {
		$inpUsername = $dtrData["username"];
		$inpEmail = $dtrData["email"];
		$inpNameFirst = $dtrData["name_first"];
		$inpNameLast = $dtrData["name_last"];
		$inpNameArtist = $dtrData["name_artist"];
		$inpSex = $dtrData["sex"];
		$inpAge = $dtrData["age"];
		$inpCountry = $dtrData["country"];
		//$inpZip = $dtrData["zip"];
		$inpSummary = $dtrData["summary"];
	}
	
	//replace page elements
		//selected tab
		Footprint::$Page->GetNodesByDataSet("label", "tab_profile")->SetAttribute("class", "selected");
		
		//username
		Footprint::$Page->GetNodesByDataSet("label", "username")->SetInnerText(ucfirst(Footprint::$Request->Session("username")));
		
		//form elements
		Footprint::$Page->GetNodesByDataSet("label", "footprint_alerts")->SetInnerHTML(Footprint::$Utility->GetAlerts());
		Footprint::$Page->GetNodesByDataSet("field", "username")->SetAttribute("value", $inpUsername);
		Footprint::$Page->GetNodesByDataSet("field", "email")->SetAttribute("value", $inpEmail);
		Footprint::$Page->GetNodesByDataSet("field", "password")->SetAttribute("value", $inpPassword);
		Footprint::$Page->GetNodesByDataSet("field", "password_confirm")->SetAttribute("value", $inpPasswordConfirm);
		Footprint::$Page->GetNodesByDataSet("field", "name_first")->SetAttribute("value", $inpNameFirst);
		Footprint::$Page->GetNodesByDataSet("field", "name_last")->SetAttribute("value", $inpNameLast);
		Footprint::$Page->GetNodesByDataSet("field", "name_artist")->SetAttribute("value", $inpNameArtist);
		Footprint::$Page->GetNodesByDataSet("field", "sex")->GetNodesByAttribute("value", $inpSex)->SetAttribute("selected", "selected");
		Footprint::$Page->GetNodesByDataSet("field", "age")->SetAttribute("value", $inpAge);
		Footprint::$Page->GetNodesByDataSet("field", "country")->GetNodesByAttribute("value", $inpCountry)->SetAttribute("selected", "selected");
		//Footprint::$Page->GetNodesByDataSet("field", "zip")->SetAttribute("value", $inpZip);
		Footprint::$Page->GetNodesByDataSet("field", "summary")->SetInnerHTML($inpSummary);
	//end replace page elements
	
	//close database
	Footprint::$DB->Close();
	
	//finalize request
	Footprint::$Response->Finalize(Footprint::$Page->ToString());
	
	
//<-- End :: Page

//##########################################################################################
?>
0

Try the following code below, this is the php code you gave me. replace all the php code you posted on here with this one

What i changed.
i added this line
where it would check for errors

if (ereg('[^A-Za-z0-9]', $inpUsername)) {
			Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
		}

That line means that any character that isn't alphanumeric will be invalid. which means no symbols will be allowed to be entered


Enjoy

<?php
require_once($_SERVER["DOCUMENT_ROOT"] ."/_GLOBAL/init.php");
//##########################################################################################
	
//--> Begin :: Page
	//open database
	Footprint::$DB->Open();
	
	//require session
	Footprint::$User->RequireSession();
	
	//require account session
	Extension::$Account->RequireSession();
	
	//require permission
	Footprint::$User->ContinueOrDenyPermission("1022");
	
	//get page template
	Footprint::$Page->LoadFile(Footprint::FilePath("account/profile.html"), Footprint::$RootPath);
	
	//set login link
	Extension::$System->LoginLink();
	
	//get query data
	$inpPage = Footprint::$Request->Input("page", "1");
	$inpResultsPerPage = Footprint::$Request->Input("results_per_page", "20");
	
	//get form data
	$inpAction = Footprint::$Request->Input("action");
	$inpUsername = Footprint::$Request->Input("username");
	$inpEmail = Footprint::$Request->Input("email");
	$inpPassword = Footprint::$Request->Input("password");
	$inpPasswordConfirm = Footprint::$Request->Input("password_confirm");

	$inpNameArtist = Footprint::$Request->Input("name_artist");
	$inpNameFirst = Footprint::$Request->Input("name_first");
	$inpNameLast = Footprint::$Request->Input("name_last");
	$inpSummary = Footprint::$Request->Input("summary");
	$inpSex = Footprint::$Request->Input("sex");
	$inpAge = Footprint::$Request->Input("age");
	$inpCountry = Footprint::$Request->Input("country");
	//$inpZip = Footprint::$Request->Input("zip");
	
	//get listing photo input data
	$inpLabel = Footprint::$Request->Input("label");
	$inpPhotoID = Footprint::$Request->Input("account_photo_id");
	
	//validate data
	if($inpAction == "Update") {
		if($inpUsername == "") {
			Footprint::$Errors->Add("Please supply a username.");
		}
		if (ereg('[^A-Za-z0-9]', $inpUsername)) {
			Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
		}
		else {
			if(!Footprint::$User->IsUsernameAvailable($inpUsername, Footprint::$Request->Session("user_id"))) {
				Footprint::$Errors->Add("That username is not available.");
			}
		}
		if($inpEmail == "") {
			Footprint::$Errors->Add("Please supply an email address.");
		}
		else {
			if(!DataValidator::IsValidEmail($inpEmail)) {
				Footprint::$Errors->Add("Please supply a valid email address.");
			}
			else {
				if(!Footprint::$User->IsEmailAvailable($inpEmail, Footprint::$Request->Session("user_id"))) {
					Footprint::$Errors->Add("That email address is not available.");
				}
			}
		}
		if($inpPassword == "") {
			//do nothing
		}
		else {
			if($inpPasswordConfirm == "") {
				Footprint::$Errors->Add("You must also confirm the password.");
			}
			if($inpPassword != "" && $inpPasswordConfirm != "") {
				if($inpPassword != $inpPasswordConfirm) {
					Footprint::$Errors->Add("Your passwords you entered did not match.");
				}
			}
		}
		if($inpNameFirst == "") {
			Footprint::$Errors->Add("Please supply your first name.");
		}
		if (ereg('[^A-Za-z0-9]', $inpNameFirst)) {
			Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
		}
		if($inpNameLast == "") {
			Footprint::$Errors->Add("Please supply your last name.");
		}
		if (ereg('[^A-Za-z0-9]', $inpNameLast)) {
			Footprint::$Errors->Add("Invalid Name only A-Z,a-z and 0-9 is allowed.!";
		}
		if($inpSex == "") {
			Footprint::$Errors->Add("Please supply your sex.");
		}
		if($inpAge == "") {
			Footprint::$Errors->Add("Please supply your age.");
		}
		if(!DataValidator::IsInt($inpAge)){
			Footprint::$Errors->Add("Please supply your age.");
		}
		if($inpCountry == "") {
			Footprint::$Errors->Add("Please supply your country.");
		}
		//if($inpZip == "") {
			//Footprint::$Errors->Add("Please supply your zip code.");
		//}
	}
	if($inpAction == "Upload") {
		if(Footprint::$Request->File("file") == null){
			Footprint::$Errors->Add("Please supply photo to upload.");
		}
	}
	//check for action
	if(Footprint::$Errors->Count() == 0 && $inpAction == "Update") {
		//update user
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-user", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%username%", $inpUsername);
		Footprint::$DB->SQLKey("%email%", $inpEmail);
		Footprint::$DB->SQLKey("%password%", $inpPassword);
		Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->ExecuteNonQuery();
		
		//update account
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("update-account", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%name_first%", $inpNameFirst);
		Footprint::$DB->SQLKey("%name_last%", $inpNameLast);
		Footprint::$DB->SQLKey("%name_artist%", $inpNameArtist);
		Footprint::$DB->SQLKey("%summary%", $inpSummary);
		Footprint::$DB->SQLKey("%sex%", $inpSex);
		Footprint::$DB->SQLKey("%age%", $inpAge);
		Footprint::$DB->SQLKey("%country%", $inpCountry);
		//Footprint::$DB->SQLKey("%zip%", $inpZip);
		Footprint::$DB->SQLKey("%account_id%", Footprint::$Request->Session("account_id"));
		Footprint::$DB->ExecuteNonQuery();
		
		//notify user
		Footprint::$Notices->Add("Your account has been updated.");
	}
	//- - - - - - - - - - - - - - - - - - - -//
	if($inpAction == "Upload") {
		//prepare destination path
		$ImagesDirectory = Footprint::FilePath("_MEDIA/photos/");
		$FileInfo = pathinfo(Footprint::$Request->File("file")->FileName);
		$FileName = "img_". rand() .".". ($FileInfo["extension"] == "" ? "jpg" : $FileInfo["extension"]);
		$FullSavePath = $ImagesDirectory . $FileName;
		
		chmod($ImagesDirectory, 0755);
		
		//save file
		Footprint::$Request->File("file")->SaveAs($FullSavePath);
		
		//create new listing photo
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("create-new-photo", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->SQLKey("%label%", ($inpLabel == "" ? "N/A" : $inpLabel));
		Footprint::$DB->SQLKey("%filename%", $FileName);
		Footprint::$DB->ExecuteNonQuery();
		
		//close database
		Footprint::$DB->Close();
		
		//redirect back here
		Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php");
		Footprint::$Response->Finalize();
	}
	//- - - - - - - - - - - - - - - - - - - -//
	if($inpAction == "Delete Photo") {
		//get current data
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID);
		$FileName = Footprint::$DB->GetDataString();
		
		//delete file
		unlink(Footprint::FilePath("_MEDIA/photos/". $FileName));
		
		//delete listing photo
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("delete-photo", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%account_photo_id%", $inpPhotoID);
		Footprint::$DB->ExecuteNonQuery();
		
		//close database
		Footprint::$DB->Close();
		
		//redirect back here
		Footprint::$Response->RedirectURL = Footprint::URL("account/profile.php");
		Footprint::$Response->Finalize();
	}
	//- - - - - - - - - - - - - - - - - - - -//
	if($inpAction == "Delete Account") {
		//set user id to inactive
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("set-user-record-inactive", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->ExecuteNonQuery();
		
		//close database
		Footprint::$DB->Close();
		
		//redirect back here
		Footprint::$Response->RedirectURL = Footprint::URL("login/logout.php");
		Footprint::$Response->Finalize();
	}
	//end check for action
	
	//get data
		//setup data pager
		Footprint::$DataPager->RecordsPerPage = $inpResultsPerPage;
		Footprint::$DataPager->CurrentPage = $inpPage;
		
		//start timer
		Footprint::$Timer->Start();
		
		//get data
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-photo-records", Footprint::FilePath("account/profile.sql.xml"));
		Footprint::$DB->SQLKey("%fk_user_id%", Footprint::$Request->Session("user_id"));
		Footprint::$DB->SQLKey("%record_to_start%", Footprint::$DataPager->RecordsPerPage * (Footprint::$DataPager->CurrentPage - 1));
		Footprint::$DB->SQLKey("%records_per_page%", Footprint::$DataPager->RecordsPerPage);
		$tblData = Footprint::$DB->GetDataTable();
		
		//stop timer
		Footprint::$Timer->Stop();
		
		//get total record count
		Footprint::$DataPager->TotalRecords = Footprint::$DB->GetFoundRows();
	//end get data
	
	//data results
		//get blank chunk
		$BlankChunk = Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->GetDOMChunk();
		
		//build results
		for($i = 0 ; $i < count($tblData); $i++) {
			$BlankChunk->Begin();
			$BlankChunk->Root()->SetAttribute("class", ($i % 2 == 0 ? "alt" : ""));
			$BlankChunk->GetNodesByDataSet("field", "account_photo_id")->SetAttribute("value", $tblData[$i]["photo_id"]);
			$BlankChunk->GetNodesByDataSet("label", "photo_path")->SetAttribute("src", Footprint::URL("_MEDIA/photos/view.php?f=". $tblData[$i]["filename"]));
			$BlankChunk->GetNodesByDataSet("label", "photo_link")->SetAttribute("href", Footprint::URL("_MEDIA/photos/". $tblData[$i]["filename"]));
			$BlankChunk->GetNodesByDataSet("label", "label")->SetInnerText($tblData[$i]["label"]);
			$BlankChunk->End();
		}
		if(count($tblData) > 0) {
			//render chunk
			$BlankChunk->Render();
			
			//remove no_results_row
			Footprint::$Page->GetNodesByDataSet("label", "no_results_row")->Remove();
		}
		else{
			//remove blank_results_row
			Footprint::$Page->GetNodesByDataSet("label", "blank_results_row")->Remove();
		}
		
		//set photo limit - if there are already 1 photos uploaded - remove form
		if(count($tblData) == 1) {
			//remove photo_upload_form
			Footprint::$Page->GetNodesByDataSet("label", "photo_upload_form")->Remove();
		}
		
		//replace paging info
		Footprint::$Utility->ApplyDataPaging(Footprint::URL("account/profile.php"));
	//end data results 
	
	//get current data
	Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("get-profile-data", Footprint::FilePath("account/profile.sql.xml"));
	Footprint::$DB->SQLKey("%user_id%", Footprint::$Request->Session("user_id"));
	$dtrData = Footprint::$DB->GetDataRow();
	
	//check for post back
	if($inpAction == "" && Footprint::$DB->GetFoundRows() > 0) {
		$inpUsername = $dtrData["username"];
		$inpEmail = $dtrData["email"];
		$inpNameFirst = $dtrData["name_first"];
		$inpNameLast = $dtrData["name_last"];
		$inpNameArtist = $dtrData["name_artist"];
		$inpSex = $dtrData["sex"];
		$inpAge = $dtrData["age"];
		$inpCountry = $dtrData["country"];
		//$inpZip = $dtrData["zip"];
		$inpSummary = $dtrData["summary"];
	}
	
	//replace page elements
		//selected tab
		Footprint::$Page->GetNodesByDataSet("label", "tab_profile")->SetAttribute("class", "selected");
		
		//username
		Footprint::$Page->GetNodesByDataSet("label", "username")->SetInnerText(ucfirst(Footprint::$Request->Session("username")));
		
		//form elements
		Footprint::$Page->GetNodesByDataSet("label", "footprint_alerts")->SetInnerHTML(Footprint::$Utility->GetAlerts());
		Footprint::$Page->GetNodesByDataSet("field", "username")->SetAttribute("value", $inpUsername);
		Footprint::$Page->GetNodesByDataSet("field", "email")->SetAttribute("value", $inpEmail);
		Footprint::$Page->GetNodesByDataSet("field", "password")->SetAttribute("value", $inpPassword);
		Footprint::$Page->GetNodesByDataSet("field", "password_confirm")->SetAttribute("value", $inpPasswordConfirm);
		Footprint::$Page->GetNodesByDataSet("field", "name_first")->SetAttribute("value", $inpNameFirst);
		Footprint::$Page->GetNodesByDataSet("field", "name_last")->SetAttribute("value", $inpNameLast);
		Footprint::$Page->GetNodesByDataSet("field", "name_artist")->SetAttribute("value", $inpNameArtist);
		Footprint::$Page->GetNodesByDataSet("field", "sex")->GetNodesByAttribute("value", $inpSex)->SetAttribute("selected", "selected");
		Footprint::$Page->GetNodesByDataSet("field", "age")->SetAttribute("value", $inpAge);
		Footprint::$Page->GetNodesByDataSet("field", "country")->GetNodesByAttribute("value", $inpCountry)->SetAttribute("selected", "selected");
		//Footprint::$Page->GetNodesByDataSet("field", "zip")->SetAttribute("value", $inpZip);
		Footprint::$Page->GetNodesByDataSet("field", "summary")->SetInnerHTML($inpSummary);
	//end replace page elements
	
	//close database
	Footprint::$DB->Close();
	
	//finalize request
	Footprint::$Response->Finalize(Footprint::$Page->ToString());
	
	
//<-- End :: Page

//##########################################################################################
?>

Ok, not working yet, I placed the code in but i noticed they are only placed for username, password, first name, ext... How do I place it for the summary section which doesn't get data validated?

0

copy the line under the username and place it in the first name etc

Truly, thank you for all the assistance but that didn't fix the problem. The other accounts are still getting the error and I created a new account and typed in symbols and stuff and I still got the error.

Anyother ideas?

0

try this

<?PHP
//set your value
$var = $_POST['var'];
$var = str_replace('&','&amp;',$var);
$var = str_replace('<','&lt;',$var);
$var = str_replace('>','&gt;',$var);
?>

just remember to put the & replace at the top.
this isn't the best solution, but it works and is easy to understand. 
just do this for every input. (stop people hacking)
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.