requinix

There's probably some sort of redirection happening.

Think of it less like splitting the string and more like finding all the characters and pairs of characters. How to do that? Reeegulaaar expreeessions. With preg_match_all(). preg_match_all('/[abcd]?./', $string, $matches); // and use $matches[0]

It's not. Doesn't have to be valid to be "hidden" from view.

Do a View Source of the page.

It sets a cookie? How about some speculation? If you don't mind the client having to repeat the request then you can use that cookie to tell whether to rewrite to the "login" script: (authenticated) traffic without that cookie is sent through the script, the rest does not. 1. First visit they don't have the cookie 2. Rewritten to the login script which sets the cookie and does whatever else 3. Script also sends a Location: header matching the current request so the client comes back 4. Second visit they have the cookie and aren't rewritten RewriteCond %{HTTP_COOKIE} (^|;\s*)cookie_being_set= RewriteRule login.php [L] <?php // cookie and whatever else // repeat the request header("Location: http://{$_SERVER["HTTP_HOST"]}{$_SERVER["REQUEST_URI"]}");- Not perfect because it requires cookies, but your setup seems to not mind that anyways- You may have to play around with s and s to get mod_rewrite executing after mod_auth

I'd agree you should put it somewhere special, but the primary problem is how crazy the code is. 1. How about putting all that in a database? XML file? Both very maintainable, very readable, and very simple to look up against. 2. If it must stay in code a switch is much cleaner: switch ($file_extension) { case "doc": case "docm": case "docx": case "dotm": case "dotx": case "pages": case "wps": $doc_extension = "docx"; $file_type = "Word Document"; break; case "pdf": case "pdp": $doc_extension = "pdf"; $file_type = "PDF"; break; // ... default: $doc_extension = "unknown"; $file_type = "Unknown"; break; }

Reconsider your URLs for a second. What if people sign up with names like "admin" or "cpanel" or "images"? How about putting the usernames at the second level like /user/bob?

As it is now you're just executing _parse_quote() with the post ID and message being strings you really didn't intend for it to use. You have to do something more sophisticated that doesn't involve executing _parse_quote() until preg_replace() starts making the replacements. Are you running PHP 5.3 or later?

You also need to check for an error during the upload ($_FILES['uploadfile']['error']). Your script will "simply die" if ftp_login() fails. How about actually showing some kind of error if that, or ftp_connect(), fails? And do you have your php.ini configured for development? It should have error_reporting = -1 display_errors = onor something more intelligent if you know how to do that.

That XML looks valid. We need to see some code. It's possible, even likely, that during the copy/paste into the post the text was automatically converted from UTF-16 to UTF-8.

"Supposed". That's the point. I applaud you moving to 5.5, don't get me wrong there. I just find it surprising someone would move to a .0 release of PHP that's not even a month old. PCI compliance probably wants you to be up to date with security patches. There's no way it could/should require you to be on the latest and greatest version of a product.

MySQL can't do that. Make your code execute that file after it does the query.

The first one seems fine. What happens when you try it? The second one is missing a semicolon and has a tab character in the filename. The third one has syntax errors.

What have you tried?

Upgrading to 5.5? Jumping the gun a bit much? preg_replace('/expr/e', 'foo', $string)is basically equivalent to preg_replace_callback('/expr/', function($matches) { return foo; }, $string)where foo is actual PHP code. You also have to deal with closures and scope, though, so your code ends up looking something like $self = $this; $source_content = preg_replace_callback($search, function($matches) use ($self) { return $self->_quote_replace($self->left_delimiter) . "php" . str_repeat("\n", substr_count($matches[0], "\n") . $self->_quote_replace($self->right_delimiter) }, $source_content);

He probably has, actually. Did you see that the real_escape_string() lines are escaping variables? Those haven't been defined either... as far as the code posted shows. That's why he needs to post the rest of the code.

1. You didn't post all your code. 2. real_escape_string() is not a function but a method of mysqli. 3. You didn't post all your code. 4. Don't use it when you're using prepared statements. 5. $dat_date appears to be undefined but I don't know for sure because 6. You didn't post all your code.

They're fudging the truth. You probably can't access anything above the webroot through Apache (ie, through a website), but your PHP should be able to get there just fine. Example: with a folder structure like /home /you /public_html /various things accessible on the website /config /db.php /other filesthen you can include $_SERVER["DOCUMENT_ROOT"] /* public_html */ . "/../config/db.php"; // /home/you/config/db.php

You must session_start() for PHP to do session stuff for you. If you want to manually read the session cookie, query the database, and reconstruct data, that's stupid but you can go right ahead. As for opening up multiple connections, you're the one in charge of when and how that happens so just make sure you reuse (either explicitly or by passing the same information to most database drivers' connect methods) the connection for both sessions and normal usage.

Strings, actually. http://www.php.net/manual/en/language.types.string.php

"\3" == chr(3) Are you seeing the pattern? [edit] "\nnn" for n=0-7 is the escape for a character in octal.

Change the one RewriteCond to RewriteCond %{REQUEST_URI} ^/(.+)and then use %1 in place of the %{REQUEST_URI} in the RewriteRule.

"\2" == chr(2) Escape the \ or use single quotes.

It's missing quotes around the search value.

Keep in mind you don't have to just put in "X" values: you can set anything in any box you want. Seems like there's still an infinite loop when "O" tries to fill in the bottom-right corner, as the code you posted earlier would demonstrate. What is your code now?