<?phpsession_start();//you need to sanitize the username as you are outputti

1. <?php
2. session_start();
3. //you need to sanitize the username as you are outputting it into markup below in order to prevent
4. //the possibility of cross-site-scripting attacks
5. $username = htmlspecialchars($_GET['username']);
6. $_SESSION['username'] = $username;
7.  
8. //Database Information
9. $dbhost = "";
10. $dbname = "";
11. $dbuser = "";
12. $dbpass = "";
13.  
14. //Connect to database
15. mysql_connect ( $dbhost, $dbuser, $dbpass)or die("Could not connect: ".mysql_error());
16. mysql_select_db($dbname) or die(mysql_error());
17.  
18. //do the query
19. $query = mysql_query("SELECT * FROM images ORDER BY idnum DESC LIMIT 1");
20.  
21. //generate an array of all images
22. $images = array();
23. while($image = mysql_fetch_array($query)) {
24.   //this adds each image to the images array
25.   $images[] = $image;
26. }
27. ?>
28.  
29. <html>
30.   <head>
31.     <title>Home - Site in Development</title>
32.     <link rel="stylesheet" type="text/css" href="styles.css"/>
33.      <script type="text/javascript">
34.        /*
35.        Image is a reserved word, and while Image1 wouldn't have been an issue, it doesn't
36.        describe what this function was doing.  Similarly, "frame" is a bad id as it can
37.        be easily confused with the frame html tag.  I also modified this function to
38.        accept the url that it wants to switch to as an argument, that way you don't
39.        have to write a new function for every image, and there
40.        */
41.        function switchImageUrl(url) {
42.         document.getElementById('img-frame').src = url;
43.         return false;
44.        }
45.      </script>
46.   </head>
47.   <body>
48.     <div id='account_links'>
49.       <?php
50.       if ($_SESSION['username']) {
51.         echo "Welcome $username!";
52.       } else { ?>
53.         <a href='login.php'>Login</a> | <a href='register.php'>Register</a>
54.       <?php } ?>
55.     </div>
56.  
57.     <h1>Picture Captions</h1>
58.     <br/>
59.     <br/>
60.     <div id="left_bar">
61.       Submit a picture <a href="upload.php">here</a>.
62.     <hr/>
63.     <h2>Top Images</h2>
64.     <br/>
65.  
66.     <div id="front_pg_images">
67.       <!--you'll notice that we don't have to do the mysql query again,
68.       we can just use the images array we got at the beginning -->
69.       <?php foreach($images as $image) { ?>
70.         <img src="<?php echo $image['filename'];?>" width="72px" height="58px" id="front_pg_thumbnail"/>
71.         <?php echo $image['name']." - by ".$image['submitter']."<br/>"; ?>
72.         <!--This was modified to output the image's filename as the argument that will be passed to
73.         the javascript function.  You would probably be better off setting the URL as a rel attribute on the
74.         button and binding an event listener (putting inline javascript on html tags is a big no-no-->
75.         <button onClick="switchImageUrl('<?php echo $image['filename']; ?>')" align="left">View</button><br/>
76.         <br/>
77.       <?php } ?>
78.     </div>
79.    
80.     <div id="center_frame">
81.       <img src="frame.jpg" name="default" id="img-frame" align="left" valign="top">
82.     </div>
83.   </body>
84. </html>