PHP - Need Input To Resolve This... Please :)

I need to find a way to resolve a relative path outside the document root, in a cross-platform friendly manner.

My users have a settings page where they are able to set the path to a folder where files should be included. This path may not exist at the time of saving the setting. The given path is then retrieved from the database when files are  being saved, the path is checked to see if a folder needs to be created, and the file is saved to the path.

Two possible paths they may use a
* files (This is the webpath: http://site.com/files or absolute path /home/user/public_html/files)
* ../files (This is the absolute path: /home/user/files where the webroot is /home/user/public_html/)

The first path is easy to deal with. However, I'm having a rough time resolving the second path into a usable system path (i.e. /home/user/files). This needs to be cross platform compatible (windows/'Nix). I've played around with realpath(), but I'm just not finding something that works for me. Any suggestions?

Hi:

I have few small issues with a Contact Us form I am putting together.

1 - When quotes or apostrophes are added to the input fields, they get turned into '\ (slashes).
The "myCodeLib.php" file has a function to remove the slashes. I use it in the same way in the
admin area and it works fine, so I don't see what I am missing:
Code: [Select]
<?php

//STRIP SLASHES

if(get_magic_quotes_gpc()) {
  $_POST = array_map('stripslashes',$_POST);
  $_GET = array_map('stripslashes',$_GET);
  $_COOKIE = array_map('stripslashes',$_COOKIE);
}

?>

2 - A small issuse, but the Email validation doesn't seem to work entirely. It will accept a single character (like an "a") as valid, but it looks like it's suppose to check for a format like "a@a.com"


3 - How can I properly SPAN this code that write out the error: Code: [Select]
echo $error;
I want to do Code: [Select]
<span class="textError">echo $error;</span> to make it red but I keep getting a snytax error


This is the full code:
Code: [Select]
include('include/myConn.php');
include('include/myCodeLib.php');


<?php
$error = NULL;
$myDate = NULL;
$FullName = NULL;
$Address = NULL;
$City  = NULL;
$State = NULL;
$Zip = NULL;
$Phone = NULL;
$Email = NULL;
$Website = NULL;
$Comments = NULL;
if(isset($_POST['submit'])) { 

 $myDate = $_POST['myDate'];
 $FullName = $_POST['FullName'];
 $Address = $_POST['Address'];
 $City = $_POST['City'];
 $State = $_POST['State'];
 $Zip = $_POST['Zip'];
 $Phone = $_POST['Phone'];
 $Email = $_POST['Email'];
 $Website = $_POST['Website'];
 $Comments = $_POST['Comments'];
 
 if(empty($FullName)) { 
   $error .= '-- Enter your Full Name. <br />';
 }
 if(empty($Email) || preg_match('~^([0-9a-zA-Z]([-.\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\w]*[0-9a-zA-Z]\.)+[a-zA-Z]{2,9})$~',$Email)) { //<- if email is empty, or doesn't follow the expression.
  $error .= '-- Enter your Email. <br />'; //<- this is the error message.
 }

if($error == NULL) {
  $sql = sprintf("INSERT INTO myContactData(myDate,FullName,Address,City,State,Zip,Phone,Email,Website,Comments) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s')", //<-database structure must be right.
                        mysql_real_escape_string($myDate),
                        mysql_real_escape_string($FullName),
                        mysql_real_escape_string($Address),
                        mysql_real_escape_string($City),
                        mysql_real_escape_string($State),
                        mysql_real_escape_string($Zip),
                        mysql_real_escape_string($Phone),
                        mysql_real_escape_string($Email),
                        mysql_real_escape_string($Website),
                        mysql_real_escape_string($Comments));

  if(mysql_query($sql)) {
    $error .= 'Thank you for your comment!';
  }
  else {
    $error .= 'There was an error in our Database, please Try again!';
  }
}
}

echo $error;

$myDate = $_REQUEST['myDate'] ;
$FullName = $_REQUEST['FullName'] ;
$Address = $_REQUEST['Address'] ;
$City = $_REQUEST['City'] ;
$State = $_REQUEST['State'] ;
$Zip = $_REQUEST['Zip'] ;
$Phone = $_REQUEST['Phone'] ;
$Email = $_REQUEST['Email'] ;
$Website = $_REQUEST['Website'] ;
$Comments = $_REQUEST['Comments'] ;

mail( "email@website.com", "Contact Request",

"Date Sent: $myDate\nFull Name: $FullName\nAddress: $Address\n City: $City\n State: $State\n Zip: $Zip\n Phone: $Phone\n Email: $Email\n Website: $Website\n Comments: $Comments\n",    
"From: $Email" );

?>



<form name="myform" action="" method="post">

<input type="hidden" name="myDate" size="45" maxlength="50" value="<?php echo date("F j, Y"); ?>" />

<div id="tableFormDiv">

<fieldset><span class="floatLeftFormWidth"><span class="textErrorItalic">* - Required</span></span> <span class="floatFormLeft">&nbsp;</span></fieldset>


<fieldset><span class="floatLeftFormWidth"><span class="textErrorItalic">*</span> Full Name:</span> <span class="floatFormLeft"><input type="text" name="FullName" size="45" maxlength="50" value="<?php echo $FullName; ?>" /></span></fieldset>


<fieldset><span class="floatLeftFormWidth">Address:</span> <span class="floatFormLeft"><input type="text" name="Address" size="45" maxlength="50" value="<?php echo $Address; ?>" /></span></fieldset>


<fieldset><span class="floatLeftFormWidth">City:</span> <span class="floatFormLeft"><input type="text" name="City" size="45" maxlength="50" value="<?php echo $City; ?>" /></span></fieldset>


<fieldset><span class="floatLeftFormWidth">State:</span> <span class="floatFormLeft"><input type="text" name="State" size="45" maxlength="50" value="<?php echo $State; ?>" /></span></fieldset>


<fieldset><span class="floatLeftFormWidth">Zip:</span> <span class="floatFormLeft"><input type="text" name="Zip" size="45" maxlength="50" value="<?php echo $Zip; ?>" /></span></fieldset>


<fieldset><span class="floatLeftFormWidth">Phone:</span> <span class="floatFormLeft"><input type="text" name="Phone" size="45" maxlength="50" value="<?php echo $Phone; ?>" /></span></fieldset>


<fieldset><span class="floatLeftFormWidth"><span class="textErrorItalic">*</span> Email:</span> <span class="floatFormLeft"><input type="text" name="Email" size="45" maxlength="50" value="<?php echo $Email; ?>" /></span></fieldset>


<fieldset><span class="floatLeftFormWidth">Website:</span> <span class="floatFormLeft"><input type="text" name="Website" size="45" maxlength="50" value="<?php echo $Website; ?>" /></span></fieldset>


<fieldset><span class="floatLeftFormWidth">Comments:</span> <span class="floatFormLeft"><textarea name="Comments" cols="40" rows="10"><?php echo $Comments; ?></textarea></span></fieldset>

</div>



<input type="submit" name="submit" value="Submit" class="submitButton" /><br />



</form>



</div>

Can someone please help me with this...

now i am getting this error

( ! ) Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'talos342c'@'localhost' (using password: YES) in C:\wamp\www\myNewweb\storescripts\connect_to_mysql.php on line 19
Call Stack
# Time Memory Function Location
1 0.0008 380440 {main}( ) ..\index.php:0
2 0.0012 384880 include( 'C:\wamp\www\myNewweb\storescripts\connect_to_mysql.php' ) ..\index.php:11
3 0.0012 385528 mysql_connect ( ) ..\connect_to_mysql.php:19

Hello All,   I'm kinda new to PHP and web development and I seem to have a very wierd problem which is driving me nuts (for the last 2 days)...so I'd appreciate any and all help in getting it resolved.   Okay, so here's the problem:   In the code below, I used to have just the first statement below...which essentially accepted input as a textbox for a text field named qty_pkg (in the underlying MySQL table)...and that used to work just fine.   So then I decided to change the input type for that field to be a radio button, accepting one of two choices i.e. "UoM" or "Qty", and therefore I added the remainder of the code, whilst also commenting/remarking out the first statement.   What happens (when I added the radiobutton-related code) is that control no longer goes into the TRUE portion/logic of the "if ( !empty($_POST))" condition-check, but rather, it seems to go into the "ELSE/FALSE" portion of that conditional check. However, a record does get added to my table, even though I do not have an "INSERT INTO..." clause in the ELSE porition of that check. Also, what gets displayed on screen is as follows: ------------------------------------------------------------------------------------------------------------------------------------ Array() There's something wrong somewhere!!! Array() ------------------------------------------------------------------------------------------------------------------------------------   Now, if/when I comment/remark the radiobutton-related code, the "if ( !empty($_POST))" logic seems to work fine and the following is displayed on screen (which is what I expect): ------------------------------------------------------------------------------------------------------------------------------------ Array ( [datepicker] => 10/30/2014 [store_id] => 48 [new_store_name] => [item_id] => 5 [new_item_name] => [pkg_of] => 1 [price] => 1 [flyer_page] => 1 [limited_time_sale] => Array ( [0] => fri [1] => sat ) [nos_to_purchase] => 1 [create-and-add-more] => Create and Add More )
Notice: Undefined index: qty_pkg in /var/www/create.php on line 54
Array ( [0] => Array ( [item_id] => 5 [0] => 5 [item_name] => BD Cheese Strings [1] => BD Cheese Strings [section_id] => 7 [2] => 7 ) ) ------------------------------------------------------------------------------------------------------------------------------------   The other wierd thing is that if/when I now uncomment the first statement (which used to work just fine before) the "if ( !empty($_POST))" logic no longer seems to work the way it used to.   Does/can someone see something wrong with my code somewhere?

                <!-- <?php echo standardInputField('Qty / Pkg', 'qty_pkg', $qty_pkg, $errors); ?> -->

                

                <div class="control-group">

                    <label class="control-label">Priced by:</label>

                    <div class="priced-by-radio-container">

                        <div class="pb-radiobuttons-container">

                            <label class="indent-to-the-left">

                                <input class='priced-by-radiobutton' type='radio' name='qty_pkg' value='UoM' $pb1>

                                <span class='no-highlight'>Unit of Measure</span>

                            </label>

                            <label>

                                <input class='priced-by-radiobutton' type='radio' name='qty_pkg' value='Qty' $pb2>

                                <span class='no-highlight'>Quantity</span>

                            </label>

                        </div>

                    </div>

                </div>

                

                <?php echo standardInputField('UoM Name/Pkg. Of:', 'pkg_of', $pkg_of, $errors); ?>

                <?php echo standardInputField('Price:', 'price', $price, $errors); ?>

                <?php echo standardInputField('Flyer Page #:', 'flyer_page', $flyer_page, $errors); ?>

    print_r($_POST);
 
    if ( !empty($_POST))

    {

        // keep track of $_POST(ed) values by storing the entered values to memory variables

        $store_id = $_POST['store_id'];        

        $item_id = $_POST['item_id'];        

        $qty_pkg = $_POST['qty_pkg'];

        $pkg_of = $_POST['pkg_of'];



...
...
            $sql = "INSERT INTO shoplist (store_id,item_id,qty_pkg,pkg_of,price,flyer_page,limited_time_sale,flyer_date_start,nos_to_purchase,section_id,shopper1_buy_flag,shopper2_buy_flag,purchased_flag,purchase_later_flag,no_flag_set)

                    VALUES(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";

            $q = $pdo->prepare($sql);

            $q->execute(array($store_id,$item_id,$qty_pkg,$pkg_of,$price,$flyer_page,$limited_time_sale,$flyerDateStart,$nos_to_purchase,$section_id,$initialize_flag_N,$initialize_flag_N,$initialize_flag_N,$initialize_flag_N,$initialize_flag_Y));

    }
    else

    {

        echo "<br />There's something wrong somewhere!!!<br />";

        print_r ($_POST);

        

        $qty_pkg = '';

        $pkg_of = '';;

Thanks.

hello dear PHP-experts



have set up a server at localhost
with phpMyAdmin

i get back the site " it works " if i type in localhost

i get access to the phpMyAdmin if i  type localhost/phpMyAdmin


so  far so good

now i  wanted to go ahead: i ve uploaded a file called php_info.php to the htdocs folder.

i changed permissions accordingly. (see below)

linux-c5sz:/srv/www/htdocs # ls -l
insgesamt 28
-rwxrwxrwx 1 root   root   302 13. Mär 2006  favicon.ico
drwxrwxrwx 2 root   root  4096  6. Nov 2013  gif
-rwxrwxrwx 1 root   root    45 11. Jun 2007  index.html
-rwxrwxrwx 1 root   root  2356 28. Sep 2013  info2html.css
-rwxrwxrwx 1 martin users  188  3. Dez 19:07 php_info.php
drwxrwxrwx 6 root   root  4096  3. Nov 17:40 phpMyAdmin
-rwxrwxrwx 1 root   root    26 13. Okt 15:32 robots.txt
linux-c5sz:/srv/www/htdocs #

what makes me wonder is - i cannot see the content of the file of php_info.php - why is this so


see below




 

<?php

// Zeigt alle Informationen (Standardwert ist INFO_ALL)
phpinfo();

// Zeigt nur die Modul-Informationen.
// phpinfo(8) führt zum gleichen Ergebnis.
phpinfo(INFO_MODULES);

?>

well i wonder why i cannt see any information in thebrowser   is this a bug ?

Hi,

WHAT:

So I cannot for the life of me figure out why I'm getting this error. I'm trying to create a function that will display the user information from the database in a table but I have like a ton of these errors on the page and I don't know whats wrong.

STEPS TO RESOLVE:

So I've gone over my code a bunch of types to make sure that all the variables and what not were spelled correctly and as far as I can tell they are.

I've also googled this issue to see if I can find a solution but none of them are very helpful.

I honestly don't know whats wrong so kinda hard to find ways to resolve an issue, I don't even really know what this error means.

THE CODE:

This is where I put the function into action

 <?php
   display_table(
     array(
      "id" => "Id",
      "emailaddress" => "Email",
      "firstname" => "First Name",
      "lastname" => "Last Name",
      "salesperson" => "Salesperson",
      "phonenumber" => "Phone Number",
      "extension" => "Extension",
      "type" => "Type"
    )
  );
   ?>

//This is the function
<?php
function display_table($fields, $data, $rows, $page){
  if(isset($_GET['page'])){
    $page = $_GET['page'];
  } else {
    $page = 1;
  }
  $firstRecord = ($page - 1) * ROWS_PER_PAGE;
  $pageNumbers = ceil($rows / ROWS_PER_PAGE);

  echo '<div class="table-responsive w-75 mx-auto py-3">
  <table class="table table-dark table-bordered table-sm">
  <thead>
  <tr>';

  foreach($fields as $key){
    echo '<th class="py-2">' . $key . '</th>';
  }

  echo '</tr>
  </thead>
  </tbody>';

  $keys = array_keys($fields);

  for($record = $firstRecord; $record < $firstRecord + ROWS_PER_PAGE; $record++){
    $row = $data[$record];
    echo '<tr>';

    for($recordCount = 0; $recordCount < count($keys); $recordCount++){
      $column = $keys[$recordCount];
      echo '<td class="py-2">' . $row[$column] . '</td>';
    }

    echo '</tr>';
  }

  echo '</tbody>
  </table';

  for($pages = 1; $pages <= $pageNumbers; $pages++){
    echo '<a class="btn btn-dark mx-1" href=?page=' . $pages . '</a>';
  }
}
?>

Any help/advice would be really appreciated

Hi,

I found a very nice script for saving my TwitPic images in full size. I have tested this script for a couple of times yesterday and it seems that this way of saving images is now blocked by amazon or TwitPic.

Using the API it's not possible to download the images as fas I can see, does anyone has an idea ?

http://forrst.com/posts/TwitPic_Hack_Get_Full_TwitPic_Image_using_PHP-mFQ

Code: [Select]

<?php
function imgResize($width, $height, $target) 
{

        if ($width > $height) 
        {
                $percentage = ($target / $width);
        } 
        else 
        {
                $percentage = ($target / $height);
        }

        $width = round($width * $percentage);
        $height = round($height * $percentage);

        return "width=\"$width\" height=\"$height\"";

}


                
        // full url of the TwitPic photo
        $url = "http://twitpic.com/1pfhfd";

        // make the cURL request to TwitPic URL
        $curl2 = curl_init();
        curl_setopt($curl2, CURLOPT_URL, $url);
        curl_setopt($curl2, CURLOPT_AUTOREFERER, true);
        curl_setopt($curl2, CURLOPT_RETURNTRANSFER,true);
        curl_setopt($curl2, CURLOPT_TIMEOUT, 10);

        $html = curl_exec($curl2);

        $HttpCode = curl_getinfo($curl2, CURLINFO_HTTP_CODE);
        $totalTime = curl_getinfo($curl2, CURLINFO_TOTAL_TIME);
        
        // if the HTTPCode is not 200 - you got issues
        if ($HttpCode != 200)
        {
                ?><p>Unable to connect to TwitPic. Please try again later.</p><?
        }
        else
        {
                // if you are not getting any HTML returned, you got another issue.
                if ($html == "")
                {
                        ?><p>Yikes! TwitPic is experiencing heavy load. Please close this window and try again.</p><?
                }
                else
                {
                        $dom = new DOMDocument();
                        @$dom->loadHTML($html);
                        // grab all the on the page
                        $xpath = new DOMXPath($dom);
                        $hrefs = $xpath->evaluate("/html/body//img");
                         foreach( $hrefs as $href ) { $url = $href->getAttribute('id');
                                // for all the images on the page find the one with the ID of photo-display
                                if ($url == "photo-display")
                                {
                                        // get the SRC attribute of the element with the ID of photo-display
                                        $image = $href->getAttribute('src');
                                       
                                        // get the image size
                                        $imagesize = getimagesize($image);
                                       
                                        ?>
                                                <a href="<? echo $url; ?>" target="_blank"><img class="twitpic" src="<? echo $image; ?>" "<? echo imgResize($imagesize[0], $imagesize[1], 450); ?>"></a>
                                        <?
                                        break;
                                }
                        }

                }
        }
       
?>

My script IS working, but I can't get around a blank array error when no errors exist.

Below is my code, and as you can see, I am being handed this:
Notice: Undefined variable: error in C:\wamp\www\php\form_validation.php on line 19 as a result of my ... if (is_array($error)) { ... .. I could do if (@is_array($error)) { (note the @), but I hate using that thing... I've tried several things with no luck, so any ideas welcome at this point.


<?php
  if (isset($_POST['set_test'])) {
      if (!preg_match("/^[A-Za-z' -]{1,50}$/", $_POST['first_name'])) {
          $error[] = "Please enter a valid First Name";
      }
      if (!preg_match("/^[A-Za-z' -]{1,50}$/", $_POST['last_name'])) {
          $error[] = "Please enter a valid Last Name";
      }
      if (is_array($error)) {
          foreach ($error as $err_message) {
              echo $err_message . "<br />";
          }
      }
  }
?>

I hope I can explain what is happening.  I have created two forms in PHP.  The first 'almost' works, i.e. it shows the data.  But I have two problems - 1) the second pulldown menu is always empty and 2) $value from the first pulldown menu ALWAYS equals the last entry thus the last 'if' in the function subdomains ($domains) is always called (but still empty).  The code may explain this better than me:

<!DOCTYPE html>
<html>
<body>
   <!-- processDomains.php is this file - it calls itself (for testing purposes so I can see what is happening) -->
   <form action="processDomains.php" method="post">
   <?php
       // create the domains array (there are actually several entries in the array but I cut it down for testing)
       $domains = array (1 => 'Decommission', 'Migration');
    
       echo "Select Domain:";
       echo "<br>";
    
       // Make the domain pull-down menu - this displays correctly
       echo '<select name="domain">';
       foreach ($domains as $key => $value) {
          echo "<option value=\"$key\">$value</option>\n";
       }
       echo '</select>';

       // input doesn't matter what is 'submitted', always goes to last $value
       echo '<input type="submit" name="submit" value="Submit">';

       // call function subdomains
       subdomains ($value);
    
       function subdomains ($domains) {
           // define values for each array - each array contains available choices for the subdomain pulldown menu
           $migration = array (1 => 'Application Migration', 'Application Patch', 'Application Upgrade');
           $decommission = array (1 => 'Applications', 'Servers', 'Storage');
    
           if ($domains === 'Migration') {
              echo "Select subdomain:";
              echo "<br>";
              // Make the Migration pull-down menu
              echo '<select name="migration">';
              foreach ($migration as $key => $value) {
                  echo "<option value=\"$key\">$value</option>\n";
              }
              echo '</select>';
           } else if ($domains === 'Decommission') {

              /* ===
               * since 'Decommission' is the last entry in the 'Domains' pulldown list, $value ALWAYS equals
               * 'Decommission' and $domains equals $value. So this menu SHOULD work but is always
               * empty.  Thus, two problems - the pulldown menu is always empty and $value isn't based
               * upon user input.
              */
              echo "Select subdomain:";  // this prints so I know I'm in 'Decommission (I eliminated the echo "$domain" to show I'm always coming here)'
              echo "<br>";
              // Make the 'Decommission' pull-down menu
              echo '<select name="decommission">';
              foreach ($decommission as $key => $value) {
                  echo "<option value=\"$key\">$value</option>\n";
              }
              echo '</select>';
              echo '<input type="submit" name="submit" value="Submit">'
           ) // end of 'if-else'
    } // end of function 'subdomain'
     
?>
</form>
</body>
</html>

Let me say thank you in advance and I appreciate the help!  I know I'm doing something (or more than one thing) wrong and I hope someone can tell me what it is.    Best Regards!
Edited by mac_gyver, 19 January 2015 - 09:37 PM.
code tags around posted code please

I am writing a script that will parse my PHP classes and check for things like coupling, visualize my objects and connections, dependencies, check for convention usage, etc.   So, I have a simple file upload.  I'm never saving the files, just get contents and dump the file and work with the string version.   I'm writing it for me, but I figure I might want to open it for others to use in the future, so I may as well write it that way to begin with -- so I need to validate user input.  Problem is, the user input is supposed to be valid PHP code.  I'm thinking that, as long as I'm careful, I shouldn't be executing any code contained in strings, but I'm no security expert and I want a warm fuzzy that my thought on this is correct.  What kinds of things do I need to look out for?  Is it possible to inject when working with strings?   My initial thought is to regex the entire file and replace key portions with known replacements.  So ( and ) would become !* and !^ or $ would become @~ (combinations that -- I think -- don't make sense to php?)  But that may be completely unnecessary processing time if I'm not in any danger, here.  Thanks ahead of time for any help.   PS - as a side question -- what's the best way to verify a file is a php file?  I know of getimagesize for images, but should I just check for <? to verify it's php?  That seems like it would be too easy to fool -- then again, it might not matter much.   -Adam

I have a calendar select date function for my form that returns the date in the calendar format for USA: 02/16/2012.  I need to have this appear as is for the form and in the db for the 'record_date' column, but I need to format this date in mysql DATE format (2012-02-16) and submit it at the same time with another column name 'new_date' in the database in a hidden input field.  Is there a way to do this possibly with a temporary table or something?

Any ideas would be welcome.

Doug

Hi people, I really hope you guys can help me out today. I'm just a newbe at php and i'm having real trouble.

Bassically all I want to do is have a user type in a company name in a html form.

If what the user types in the form matches the company name in my php script i want the user to be sent to another page on my site.

If what the user types in the form doesnt match the company name in my php script i want the user to be sent to a differnt page like an error page for example.

this is my html form:

Code: [Select]
<form id="form1" name="form1" method="post" action="form_test.php">
  <p>company name:
    <input type="text" name="company_name" id="company_name" />
  </p>
  <p>
    <input type="submit" name="button" id="button" value="Submit" />
  </p>
</form>
And this is the php code I'm trying to process the information on:

Code: [Select]
<?php

$comp_name = abc;

if(isset ($_POST["company_name"])){
 if($_POST["company_name"] == $comp_name){

     header("Location: http://www.hotmail.com");
exit();
 }

else{
   header("Location: http://www.yahoo.com");
exit();   
 }
}
?>
The thing is i'm getting this error when i test it:
Warning: Cannot modify header information - headers already sent by (output started at D:\Sites\killerphp.com\form_test.php:10) in D:\Sites\killerphp.com\form_test.php on line 17

Please can some one help me out, i'm sure this is just basic stuff but i just cant get it to work 

Cheers.

i'm not sure how to ask this question on google, so i'm going to ask for your help.

here's the code that i have the question about

<form action='findMovie.php' method='post'>
<table>
<?php
$result = mysql_query ("SELECT genre FROM genres ORDER BY genre");
while ($row = mysql_fetch_array($result)) {
$genre = $row['genre'];
echo "<tr><td>" .$genre ."</td><td><input type='hidden' name='" .$genre ."' value='" .$genre ."'><input type='submit' name='listMovies'></td></tr>";
}
?>
</table>
</form> 

so i have this form that creates a list of submits from a table that i have created.  the form works perfectly fine (i realize the design is not that great... i'm just going for functionality now)

what i need is to turn the value of the hidden field (which is dynamically created by a variable) into a variable in the handler so that I can search my movie table and get the movies by genre. 

does this make sense?  and any help is greatly appreciated.  i'm not a great programmer, but i do it in my spare time as a hobby.  so go easy on my coding, it works and that's the most i'm concerned with at the moment. 

thanks ahead of time

I thought I'd done this a hundred times before... but I am lost. Even after running mysql_real_escape_string, strip_tags and addslashes etc, I can still enter SQL into my input and it screws with the query. I can't simply use regex to check for valid characters since it's an input that lets the user format a post with BBcode and characters they want. What's the proper way to 'clean' the input, then? Thanks in advance

I need to allow a user to input a CSV file and to display what
they've got, possibly for corrections.  I'm thinking of limitations
for filesize, what happens if the columns overlap the page, and
realtime.

What seems to be a good way of providing this functionality?

Any suggestions?

Thanks!

Mark