ManiacDan

Right, this code proves nothing other than you still say something which most of us think is impossible. Barand is right, this data is already escaped by something. Though that has no bearing on implode()

Better yet, post code that proves this is happening, along with the output.

1) Don't use md5, it's insecure, even with a salt (especially with a 5-character salt). Use at least sha1, but there's a password thread in the forums about how to do it properly. 2) mysql_ functions are deprecated, you should use the mysqli_ equivalent, or PDO 3) You should be using the boolean values for true and false, not the word "true" (though your other return is an actual error message).

Because...like I already said, the mysql_real_escape_string is being run before the function is called (that's how programming languages work, from the inside out). Since your function incorrectly establishes a database connection inside of itself, the m_r_e_s is being called before the connection is established, which throws an error. And the solution, like I already said, is to establish a database connection FIRST. If you have 400 queries on your page you'll be establishing 400 database connections, which is 399 too many. You also assign the connection to $Conn without ever using $Conn.

Oh I'm quite sure. Symfony has the base class, the peer class, the query class, and an override class for each of those (since it deletes and rewrites the parent classes every time you regenerate your data model from the yml file). To find an object in the DB, you instantiate a new instance of the Query class (which extends the baseQuery). The Query class uses values from the Peer class to determine table names and restrictions (which are usually inherited from the basePeer class), then returns an instance of the main class (extending baseMain). There's actually SEVEN classes per table, since foreign keys are stored in the tableMap class...which I assume can be extended, but I've never seen that. It's really...really ridiculous.

If you just recently learned how to program, do not accept credit card payments. You are nowhere near good enough to do it properly, and the code you write will most likely be illegal. You won't need an SSL certificate if you use paypal or google checkout. SEO is a completely separate question, and there are plenty of articles on it. Question 3 is...unfinished.

To clarify: If your MySqlSelect function establishes a database connection (it shouldn't, that's wrong), that will happen AFTER your call to mysql_real_escape_string, which requires a pre-existing database connection. Establish the connection before you build the query, or used PDO and prepared statements.

It just annoys me that there's a facebook plugin but they don't support composite foreign keys. Get data modeling right before you start doing extra crap. There's also a LOT of file bloat. Every database table is represented by SIX PHP classes, many of them empty. In order to add a custom setter to a file, you have to open at least 3 more so you make sure you're hitting all the right functions. And forget about trying to load symfony in something like Zend which will try to scan the project file for autocomplete information, there's too many objects. The fact that it loads every translation file on the entire site every time you load anything bothers me too. The overhead is ridiculous, nothing is compartmentalized. Each "bundle" is not necessarily self-contained, everything is in the global scope to the symfony app. In contrast to this, everything is heavily namespaced, so you need to import a dozen classes before you can do anything useful in a controller, but other things like translations and template files are automatically global with no importing necessary. Silly.

A friend of mine just asked me about learning Symfony2, so I'll c/p what I said to him: My favorite framework is closed source, but I did enjoy https://github.com/gmr/framewerk when I worked with it.

Click the icon itself to find out why your site is insecure.

Dreamweaver does not produce code that is usable by anything but dreamweaver. If you can't figure out how to do this (incredibly simple) task within dreamweaver, it can't be done until you stop using dreamweaver. Dreamweaver, like frontpage before it, is a tool for people who don't want to learn the underlying language or make something very complex. It stands up quick and dirty websites without any fancy features (as you've noticed). Learning PHP on your own will greatly increase your ability to solve these problems.

Is there a reason you're using the word "spry"? Is that a web template that I'm not familiar with? This is ajax powered, most ajax tutorials focus on this exact topic (having a drop-down depend on values from another drop-down)

What about the Scream mask on the bottom shelf?

Fisheye lens is cheating! My home workspace is a big desk with a keyboard/mouse on it, facing a window. My office workspace is a cubicle with a laptop docking station, additional monitor, and wireless mouse/keyboard combo. I've never made my workspace anything non-standard for some reason. I'll spend a month on a table to play D&D on, but my computer desk is always "stock" from Ikea or wherever. The machine itself is what I work on.

Note that number_format is only to be used immediately before printing. Don't do additional math on a number which has been formatted.

Javascript is the only way, usually. Why not just make all your widths a percentage instead of a number of pixels?

Do we have a thread for reporting bugs/weirdness? I posted in reply to "test" but I don't know if it's being followed.

action=get cannot and will never upload an image. Ever. You are 0% there with action=get, it's impossible.

I was wrong, it probably wasn't that. You get NO errors from this code, and the problem is intermittent? Have you checked your server's error logs?

Damn, how did I miss the big red box? I read the page twice to make sure.

Depends on how your form fields are named. Show an example of the checkbox and corresponding text box.

if(move_uploaded_file($_FILES['upload']['tmp_name'], $target)) { That line copies the uploaded file to the target destination. However, you already have an existing destination file. The move might be failing because there's a file in the way. You have no error handling, so it's hard to be sure. Delete (unlink) the existing file directly before that line.

You're not understanding what we're saying: Your code is horribly insecure and someone has noticed. Go to a page on your site with &lang=en in the URL. Change it to &lang=aaaa0000aaaa0a0aa. You will see this same error. You do absolutely no checking to see if the file that your system is trying to load is actually one it should be loading. Someone is trying to break into your system. Stop them. Validate the inputs in the code (validating inputs does not mean dumping debug information to the screen)

+1 to what requinix said. You're making your variables wrong in the first place, that's why the solution is so convoluted.

You've never given us the right file, so I guess...good job getting it working.