本文整理汇总了PHP中funcSanitize函数的典型用法代码示例。如果您正苦于以下问题:PHP funcSanitize函数的具体用法?PHP funcSanitize怎么用?PHP funcSanitize使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了funcSanitize函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的PHP代码示例。
示例1: funcSanitize
<?php
include 'includes/Link.php';
include 'includes/SharedFunctions.php';
echo "<b>This is the Discontinued Stock View</b>";
$strUserID = funcSanitize($_POST["UserID"]);
//query to get all baskets
$strQuery = "SELECT stockID, Name, NoOfItems, RRP FROM tblItem where NoOfItems = -1 order by NoOfItems";
//execute query
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
if (mysql_num_rows($strResult) != 0) {
echo "<p><table><tr><td class='titleRow'>stockID</td><td class='titleRow'>Name</td><td class='titleRow'>NoOfItems</td><td class='titleRow'>RRP</td></tr>";
while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) {
echo "\n<tr>";
echo "\n<td><a href='default.php?Action=ViewItem&stockID=" . $line["stockID"] . "'>" . $line["stockID"] . "</a></td><td>" . $line["Name"] . "</td><td>" . $line["NoOfItems"] . "</td><td>" . $line["RRP"] . "</td>";
echo "\n</tr>";
}
echo "</table>";
} else {
echo "<p>No Outstanding orders to display!";
}示例2: tblSession
$strQuery = "INSERT INTO tblSession (PHPSESSIONID, TimeStmp) values ('" . session_id() . "', '" . $strNow . "')";
$strResult = mysql_query($strQuery) or die("Query Failed:" . mysql_error());
}
?>
<HTML>
<HEAD>
<TITLE>Sci-Fi Vault</TITLE>
<link rel="stylesheet" href="stylesheets/mainstylesheet.css" type="text/css">
</HEAD>
<BODY bgcolor="#FFFFFF" text="#000000" link="#000000" vlink="#000000" alink="#000000" leftmargin="0" topmargin="0">
<?php
$strStockID = funcSanitize($_GET['Item']);
if ($strStockID == "") {
echo "<meta http-equiv='REFRESH' content='0; URL=index3.php'>";
exit;
}
//Write Debug information
funcDebug("this is a test debug");
//connect to server
funcDebug("Connecting to database");
$link = mysql_connect("localhost", "sfvault_readStor", "fhyF=ruR^#1|WO") or die("Could not connect: " . mysql_error());
funcDebug("Connected to database");
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//run query to see if result is returned
funcDebug("stockID: " . $strStockID);
$strQuery = "SELECT * FROM tblItem where stockID LIKE '" . $strStockID . "'";示例3: getenv
<?php
//connect to server
include 'includes/Link.php';
include 'includes/SharedFunctions.php';
$ip = getenv("REMOTE_ADDR");
$httpref = getenv("HTTP_REFERER");
$httpagent = getenv("HTTP_USER_AGENT");
$strNow = date('Y-m-j G:i:s');
$strItem1 = funcSanitize($_POST["SPitem1"]);
$strItem2 = funcSanitize($_POST["SPitem2"]);
$strItem3 = funcSanitize($_POST["SPitem3"]);
$strItem4 = funcSanitize($_POST["SPitem4"]);
$strItem5 = funcSanitize($_POST["SPitem5"]);
$strItem6 = funcSanitize($_POST["SPitem6"]);
funcLogToDebug("submitSpecialItemsFP.php: " . $strItem1 . "," . $strItem2 . "," . $strItem3 . "," . $strItem4 . "," . $strItem5);
//first thing is first, remove all special items (subcategory) tags for the posted category
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '0' where DisplayonFrontPage = '1'";
//echo $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 1st item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem1 . "'";
//echo "<br>" . $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 2nd item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem2 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 3rd item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem3 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 4th item
$strQuery = "UPDATE tblItem SET DisplayonFrontPage = '1' where stockID = '" . $strItem4 . "'";示例4: mysql_query
$strUpdateQuery = "UPDATE tbl_UserLogin SET LastLoginTime = '" . $strNow . "', UserStatus = '0' where UserID = '" . $strUserID . "'";
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed:" . mysql_error());
//echo $value;
//echo "<b>" . $cookieData;
//echo $_POST["url"];
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " logged in from " . funcSanitize($_SERVER["HTTP_REFERER"]));
if ($_POST["url"] == 'BasketLogin.php') {
//echo $_POST["url"];
echo "<meta http-equiv='refresh' content='0;url=/ChooseDelivery.php?strUserID=" . $strUserID . "'>";
} elseif ($_POST["pagelink"] == "") {
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " forwarding to account management");
echo "<meta http-equiv='refresh' content='0;url=/UserOutstandingOrders.php?strUserID=" . $strUserID . "'>";
} else {
//echo $_GET["url"];
//echo "<meta http-equiv='refresh' content='0;url=/UserOutstandingOrders.php?strUserID=" . $strUserID ."'>";
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " forwarding to " . funcSanitize($_POST["pagelink"]));
echo "<meta http-equiv='refresh' content='0;url=" . $_POST["pagelink"] . "'>";
}
} elseif ($conNumberofRows == 0) {
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " doesn't appear in the database..");
echo "User and/or Password incorrect";
echo "<meta http-equiv='refresh' content='0;url=/UserLogon.php?UserPassError=1'>";
$strUpdateQuery = "UPDATE tbl_UserLogin SET UserStatus = '" . $strUserState . "' where UserID = '" . $strUserID . "'";
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed:" . mysql_error());
//echo "<br>" . $strUserID;
//echo "<br>" . $strPassword ."(" . md5($strPassword) .")";
//echo "<br>" . $strEmailAddress;
} else {
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " multiple user entries with this user/pwd/combo");
echo "Serious Error here! More than 1 entry in the database with this user/password/email combination.";
}示例5: mysql_query
//update tblItems with new stock value
$strUpdatedStockValue = $line["NoOfItems"] - $qty;
//funcDebug ("Updated stock value: " . $strUpdatedStockValue);
$strUpdateStockQuery = "UPDATE tblItem SET NoOfItems = '" . $strUpdatedStockValue . "' WHERE stockID = '" . $itemcode . "'";
mysql_query($strUpdateStockQuery) or die("Update Query Failed: " . mysql_error());
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("ColumnLock to blank Query Failed: " . mysql_error());
} else {
//oh dear, no stock left
echo "Not enough stock I'm afraid for that item";
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
exit;
}
}
//header('location: ' . $_SERVER['PHP_SELF']);
if (isset($_POST['Search'])) {
header('location: ' . $_POST['page'] . "?Search=" . funcSanitize($_POST['Search']));
} else {
header('location: ' . $_POST['page']);
}
exit;
}
?>
<HTML>
<br><a href="index3.php">index3.php</a>
<br><a href="session.php">session.php</a>
</HTML>
示例6: funcSanitize
<?php
include 'includes/SharedFunctions.php';
$strStockID = funcSanitize($_POST["stockID"]);
echo "<meta http-equiv='Refresh' content='0; url=default.php?Action=AmendItem&stockID=" . $strStockID . "'>";示例7: funcSanitize
<?php
include 'includes/Link.php';
include 'includes/SharedFunctionsStrict.php';
$strUserOrdertoAdd = funcSanitize($_POST["email"]);
funcDebug("AddPreOrder.php: AddPreOrder.php fired " . $strUserOrdertoAdd);
$strSessionID = "PreOrder";
$strAuthCookie = "PreOrder";
$strNow = date('Y-m-j H:i:s');
foreach ($_POST as $key => $val) {
$arrItem = split("#", $key);
$strUserID = $arrItem[0];
echo $key;
exit;
}
$strAddressQuery = "SELECT * from tbl_UserLogin where UserID = '" . $strUserID . "'";
$strAddressResult = mysql_query($strAddressQuery) or die("Query Failed :" . mysql_error());
$conNumberofRows = mysql_num_rows($strAddressResult);
if ($conNumberofRows == 0) {
echo "You've not got a delivery address";
echo "<br><br> Click <a href='UserDetails.php?strUserID=" . $strUserID . "'>here</a> to go back to shop";
exit;
}
while ($line2 = mysql_fetch_array($strAddressResult, MYSQL_ASSOC)) {
if ($line2["FirstName"] != "") {
$strFirstName = trim(funcDecrypt(hex2bin($line2["FirstName"])));
}
if ($line2["SurName"] != "") {
$strSurName = trim(funcDecrypt(hex2bin($line2["SurName"])));
}
if ($line2["AddressLine1"] != "") {示例8: mysql_query
$strLimit = "LIMIT 5";
}
$strCOQuery = "SELECT * FROM tbl_Orders where emailAddress = '" . $strUserID . "' and status = 'SENT' order by IPNDateTime DESC " . $strLimit;
$strCOResults = mysql_query($strCOQuery) or die("Query Failed :" . mysql_error());
if (mysql_num_rows($strCOResults) != 0) {
echo "<p>\n<table id='rightmenus'>";
echo "<tr><td id='headings'>Order No</td><td id='headings'>Email Address</td><td id='headings'>Payment Received</td><td id='headings'>Cost</td><td id='headings'>Status</td></tr>";
while ($line = mysql_fetch_array($strCOResults, MYSQL_ASSOC)) {
echo "<tr> <td> <a href='/stock2/OrderView.php?strOrder=" . $line["OrderNo"] . "'>" . $line["OrderNo"] . "</a></td><td>" . $line["emailaddress"] . " </td><td> " . $line["IPNDateTime"] . "</td><td>£" . sprintf("%01.2f", $line["Shipping"] + $line["Cost"]) . "</td> <td>" . $line["Status"] . "</td> </tr>";
}
echo "</table>";
} else {
echo "<p>No Completed Orders";
}
echo "<p><b>Pre Orders</b> ";
if (funcSanitize($_GET["subAction"]) == "PO") {
echo "(all)";
$strLimit = "";
} else {
echo "(last 5...)";
$strLimit = "LIMIT 5";
}
$strPOQuery = "SELECT * FROM tbl_PreOrder where emailaddress = '" . $strUserID . "' order by date DESC " . $strLimit;
$strPOResults = mysql_query($strPOQuery) or die("Query Failed :" . mysql_error());
if (mysql_num_rows($strPOResults) != 0) {
echo "<form action='submitPreOrder.php' method='POST'>";
echo "<p>\n<table id='rightmenus'>";
echo "<tr><td id='headings'>stockID</td><td id='headings'>Date Recieved</td><td id='headings'>Qty</td><td></td></tr>";
while ($line = mysql_fetch_array($strPOResults, MYSQL_ASSOC)) {
echo "<tr> <td> " . $line["stockID"] . "</td><td>" . $line["date"] . " </td><td> " . $line["qty"] . "</td><td> \r\n\t\t\t\t<input type='checkbox' name='combineorder[]' value='" . $line["stockID"] . "#" . $line["qty"] . "#" . $line["emailaddress"] . "#" . $line["uid"] . "'>\r\n\t\t\t\t</td> </tr>";
//echo "<input type='hidden' name='qty' value='" . $line["qty"] ."'>";示例9: funcSanitize
dateline[9] = month + "/" + date + "/" + year2;
dateline[10] = month + "-" + date + "-" + year2;
dateline[11] = days[day] + " " + months[month] + " " + date;
dateline[12] = days[day] + ", " + date + " " + months[month] + " " + year;
document.write(dateline[Style]);
//-->
</script>
</div>
</td>
</tr>
</table>
<BR>
<?php
include 'includes/SharedFunctionsStrict.php';
$strUserID = funcSanitize($_GET["user"]);
echo $strUserID;
/************************************************************************
* connect to database
*************************************************************************/
$link = mysql_connect("localhost", "sfvault_readStor", "fhyF=ruR^#1|WO") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
$strQuery = "SELECT * from tbl_UserLogin where UserID = '" . $strUserID . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
$conNumberofRows = mysql_num_rows($strResult);
if ($conNumberofRows = 1) {
while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) {
if ($line["FirstName"] != "") {
$strFirstName = trim(funcDecrypt(hex2bin($line["FirstName"])));
}示例10: mysql_connect
<HTML>
<HEAD><link rel="stylesheet" href="stylesheets/mainstylesheet.css" type="text/css"></HEAD>
<BODY>
<?php
//standard functions
include 'includes/SharedFunctionsStrict.php';
//Connect to database
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
mysql_select_db("sfvault_store") or die("Could not select database");
//Place posted email address in to a string
$strEmailAddress = funcSanitize($_POST["email"]);
//check user is in our database
//Does User Exist
$strUserQuery = "SELECT UserID,emailAddress,password FROM tbl_UserLogin where emailAddress = '" . $strEmailAddress . "'";
$strUserResult = mysql_query($strUserQuery) or die("Query Failed:" . mysql_error());
//User Exists, so Error gracefully, then forward the user on
$conNumberofRows = mysql_num_rows($strUserResult);
if ($conNumberofRows == 0) {
//if not, log to event log and forward to front page.
funcLogToDebug("passwordRetrieval.php: No user in DB for " . $strEmailAddress);
echo "<meta http-equiv='refresh' content='0;url=/index3.php'>";
} else {
//User Does exist so end
//Generate 8 digit random password
$length = 8;
$key_chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$rand_max = strlen($key_chars) - 1;
for ($i = 0; $i < $length; $i++) {
$rand_pos = rand(0, $rand_max);示例11: session_set_cookie_params
<?php
//expires cookies after 1/2 hour
$sessionExpire = 60 * 30;
session_set_cookie_params($sessionExpire);
//start new session
session_start();
if (!isset($_SESSION['cart'])) {
$_SESSION['cart'] = array();
}
include 'includes/SharedFunctions.php';
if (isset($_POST['Update'])) {
$qty = funcSanitize($_POST['qty']);
$itemcode = funcSanitize($_POST['item']);
$strBool = 0;
$counter = 0;
//additional check to make sure $qty is a numeric
if (ereg("[0-9]+", $qty)) {
funcDebug("Quantity string is numeric");
} else {
echo "Invalid Input, stop trying to put non-numerics in the quantity field";
exit;
}
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//is row locked?
$strLockCheck = "SELECT ColumnLock FROM tblItem WHERE stockID = '" . $itemcode . "'";
$strLockResult = mysql_query($strLockCheck) or die("Query Failed: " . mysql_error());
while ($line = mysql_fetch_array($strLockResult, MYSQL_ASSOC)) {示例12: funcSanitize
<HTML>
<HEAD></HEAD>
<?php
include 'includes/SharedFunctions.php';
$strUserName = funcSanitize($_GET["UserID"]);
$strVerifyCode = funcSanitize($_GET["VerifyKey"]);
funcDebug($strUserName);
funcDebug($strVerifyCode);
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
$strUserQuery = "SELECT UserID FROM tbl_UserLogin where UserID = '" . $strUserName . "'";
$strUserResult = mysql_query($strUserQuery) or die("Query Failed:" . mysql_error());
//User Exists, so Error gracefully, then forward the user on
$conNumberofRows = mysql_num_rows($strUserResult);
if ($conNumberofRows == 1) {
//here's our user
$strNow = date('Y-m-j h:i:s');
//User Doesn't exist so carry on Adding
$strAddUserQuery = "UPDATE tbl_UserLogin SET UserVerified='1' where UserID='" . $strUserName . "'";
$strAddUserResult = mysql_query($strAddUserQuery) or die("Query Failed:" . mysql_error());
echo "\r\n\r\n<table border='0' cellspacing='0' cellpadding='5' width='900' align='center'>\r\n <tr>\r\n <td width='500'><a href='http://shop.scifivault.com/index3.php'><img src='images/scifi-small-best.jpg' width='403' height='62' border='0'></a>\r\n\r\n </td>\r\n <td align='right' valign='top' width='300'>\r\n\r\n\r\n </td></tr>\r\n\r\n<tr><td>\r\n<br> <font face='verdana'>Thankyou! You've succesfully verified.\r\n\r\n<p>Feel free to sign on and shop. Click on the link below to hurry things along.\r\n<br><br><a href='index3.php'>Back to Shop</a></font></td><td></td></tr>\r\n\r\n</table>\r\n\r\n\r\n\t\t";
funcLogToDebug("VerifyUser.php: " . $strUserName . " verified successfully");
//echo "<meta http-equiv='refresh' content='10;url=/index3.php'>";
} else {
//we've got more than 1 user with the same user ID in the db (Shouldn't be possible)示例13: funcSanitize
<?php
include 'includes/Link.php';
include 'includes/SharedFunctions.php';
$basketCode = funcSanitize($_GET["BasketID"]);
echo "<b>This is the Basket Contents View (" . $basketCode . ")</b>";
//query to get all items in basket
$strQuery = "SELECT t.item, c.name, t.qty, c.RRP, c.SaleRRP, c.ShortDescription, c.stockID\r\n\t\tFROM tblBasket t\r\n\t\tINNER JOIN tblItem c\r\n\t\tON t.item = c.stockId\r\n\t\tWHERE t.PHPSessionID = '" . $basketCode . "'";
//execute query
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
if (mysql_num_rows($strResult) != 0) {
echo "<p><table><tr><td class='titleRow'>Qty</td><td class='titleRow'>Name</td><td class='titleRow'>QuickFind</td><td class='titleRow'>Cost/Item</td><td class='titleRow'>Cost</td></tr>";
while ($line = mysql_fetch_array($strResult, MYSQL_ASSOC)) {
if ($line["RRP"] == $line["SaleRRP"] or $line["SaleRRP"] == 0.0) {
$strPrice = $line["RRP"];
} else {
$strPrice = $line["SaleRRP"];
}
echo "\n<tr>";
echo "\n<td>" . $line["qty"] . "</td><td> " . $line["name"] . " </td><td><a href='default.php?Action=ViewItem&stockID=" . $line["stockID"] . "'>" . $line["stockID"] . "</a></td><td>" . sprintf("%01.2f", $strPrice) . "</td><td>" . sprintf("%01.2f", $strPrice * $line["qty"]) . "</td>";
echo "\n</tr>";
}
echo "</table>";
} else {
echo "<p>Nothing in this basket!";
}示例14: mysql_connect
<p> </p>
</td>
<td width="100%" align="center" valign="top">
<?php
//connect to database server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to the correct database
mysql_select_db("sfvault_store") or die("Could not select database");
if ($_GET["p"] == "") {
$strPTag = "0";
} else {
$strPTag = funcSanitize($_GET["p"]);
}
$strSearch = funcSanitize($_POST["Search"]);
if ($strSearch == "") {
$strSearch = funcSanitize($_GET["Search"]);
}
//echo $strSearch ." is here";
//break up the results sets into a number of pages ***************************************************************
$strNumberQuery = "select count(*) as ItemCount from tblItem where NoOfItems <> -1 and (Name like '%" . $strSearch . "%' or Description like '%" . $strSearch . " %' or stockID like '%" . $strSearch . "%')";
$strNumberResult = mysql_query($strNumberQuery) or die("Query Failed: " . mysql_error());
while ($lineRes = mysql_fetch_array($strNumberResult, MYSQL_ASSOC)) {
$strTotalItems = $lineRes["ItemCount"];
}
if ($strSearch == "") {
$strTotalItems = "0";
}
//echo $strTotalItems . "<BR>";
$strPages = ceil($strTotalItems / 5);
if ($strPages != 0) {
if ($strPTag != 0) {示例15: getenv
include 'includes/SharedFunctions.php';
$ip = getenv("REMOTE_ADDR");
$httpref = getenv("HTTP_REFERER");
$httpagent = getenv("HTTP_USER_AGENT");
$strNow = date('Y-m-j G:i:s');
//$strPrice = substr($item, strpos($item,"(" )+1 , strrpos($item,")")- strpos($item,"(" )-1);
//echo $_POST["SubjectTag"];
$strSTag = funcSanitize(substr($_POST["SubjectTag"], 0, strpos($_POST["SubjectTag"], "#")));
//echo "<br>" . $strSTag;
$strCTag = funcSanitize(substr($_POST["SubjectTag"], strpos($_POST["SubjectTag"], "#") + 1, strrpos($_POST["SubjectTag"], "#") - 1 - strpos($_POST["SubjectTag"], "#")));
//echo "<br>" . $strVTag;
$strVTag = funcSanitize(substr($_POST["SubjectTag"], strrpos($_POST["SubjectTag"], "#") + 1));
//echo "<br>" . $strCTag;
$strItem1 = funcSanitize($_POST["item1"]);
$strItem2 = funcSanitize($_POST["item2"]);
$strItem3 = funcSanitize($_POST["item3"]);
//first thing is first, remove all special items (subcategory) tags for the posted category
$strQuery = "UPDATE tblItem SET DisplayonSubCatPage = '0' where SubjectTag = '" . $strSTag . "' and CategoryTag = '" . $strCTag . "' and VersionTag = '" . $strVTag . "' and DisplayonSubCatPage = '1'";
//echo $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 1st item
$strQuery = "UPDATE tblItem SET DisplayonSubCatPage = '1' where stockID = '" . $strItem1 . "'";
//echo "<br>" . $strQuery;
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 2nd item
$strQuery = "UPDATE tblItem SET DisplayonSubCatPage = '1' where stockID = '" . $strItem2 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
//run query to update 3rd item
$strQuery = "UPDATE tblItem SET DisplayonSubCatPage = '1' where stockID = '" . $strItem3 . "'";
$strResult = mysql_query($strQuery) or die("Query Failed :" . mysql_error());
redirect("default.php?Action=SpecialItems", 0, "");