mdewyer

According to the PHP documentation for mysqli_real_escape_string (http://php.net/manual/en/mysqli.real-escape-string.php), you need to pass the link/resource identifier as the first parameter of the function. So, give this a shot: $dob = mysqli_real_escape_string($dbc, $_POST['dob']);

Sure thing!

My bad. Sorry I missed the "i" there. I was just trying to convey the importance of sanitizing user-submitted values and gave the example I'm most familiar with, totally missing that mysqli was being used. Hopefully that points you in the right direction though. (Like PFMaBiSmAd said, the documentation for those functions will be very helpful.)

Thanks for the replies and input guys! I just wanted to clarify that the code I showed was "semi-pseudo" and I was just trying to better illustrate the question (faster to select through MySQL, or get PHP involved too). I wasn't too worried about the correctness of it, but I do appreciate the corrections anyhow And yeah, I understand that the "7" part of the INT has to do with the "display width" of the field with zero's and what not. Sorry for including that. I think with your feedback and some good planning, a db table should be able to handle this quite easily all by itself, and that's what I needed to know! Thanks!

You might want to try using PHP's sort function (http://php.net/manual/en/function.sort.php) on the image array when it's created. Try putting sort($this->files_arr); right before the line $_SESSION['imgarr'] = $this->files_arr; Check out the "sort flags" parameter for the sort function if it's not quite sorting the way you'd like. Not sure if it'll work or not. Also, it looks like the gallery saves the file array to a session variable, so you'll probably have to clear your session to see the changes. That, or add the sorting to the code a few lines above that pulls from the session.

Like PFMaBiSmAd said, you probably don't have an input name="dob" in your form, since it's not even getting to the query string. Also, please, please, please, sanitize your variables before you put them into the database! A simple $dob = mysql_real_escape_string($_POST['dob']); $gender = mysql_real_escape_string($_POST['gender']); will help immensely.

If I follow you correctly, here's how I would do it: $result = mysql_query("SELECT A,B FROM USS"); while ($row = mysql_fetch_assoc($result)) { $teste[] = '"' .$row['A']. ' ' .$row['B']. '"'; }

Say I have a MySQL table with two fields: "id" (primary key, INT(7)) and "hash" (indexed, VARCHAR(32)), and there will be hundreds of thousands of records in this table. Would it be faster / less CPU intensive to use MySQL to match both the id and hash fields to cleaned / sanitized request vars, or just match the id field with MySQL, and then use PHP to determine whether or not the hash is correct? So, mysql_query("SELECT * FROM table WHERE id='" .$id. "' AND hash=' .$hash. '"); or: $query = mysql_query("SELECT * FROM table WHERE id='" .$id. "'"); $row = mysql_fetch_assoc($query); if ($row['hash'] == $hash) .. One scenario you're requiring MySQL to match two things (the hash field would be 32 characters long, like a md5 string), the other way it would only have to find one field (a unique, primary key integer, which should be very fast), but MySQL would need to pull the data and put into an array that PHP can then read to determine if the other field is a match. I'm thinking the all-MySQL way would be faster, but I didn't know about it having to search through hundreds of thousands of records for a string of that size. Any thoughts? Thanks!