requinix

...Are you running the PHP source through the validator? What is the full document? Maybe there's an error somewhere else causing this.

// Again, never trust user input! $user = $sql->real_escape_string($_POST['username']); $query = "SELECT id, password, username, UNIX_TIMESTAMP(created) AS salt FROM users WHERE username = '{$username}'"; Variable mismatch.

You probably mean to use mysql_query().

Take a look at the entire $_FILES array and see if it has what you expect. Also, the "name" isn't entirely trustworthy. You should make sure it has a valid extension (I can't tell what you're uploading though), otherwise someone could upload a PHP script or something.

"Still"? Alright, the whole thing then. 1. Missing a semicolon on the mysql_query() line. 2. foreach is for arrays, not conditions. Use a while loop. 3. I doubt mysql_query2 is a function variable.

And the case-insensitive counterpart to strpos() is stripos.

1. The entire decimal part should be optional, not just the decimal point. Otherwise you're setting a minimum number of digits (two, with the \d+ and the \d{1,}). 2. {1,2,3} is entirely invalid syntax. It's a range, not a list of possible counts. I'd add parentheses to PaulRyan's solution. /^\d+(\.\d{1,3})?$/

if($row['totalCount'] < (" . $nchecked . ")) { I don't know what you're doing with $nchecked but I'm quite sure you should be using if($row['totalCount'] < $nchecked) {

PayPal does have billing agreements. You send the user to PayPal, they click the "I authorize this business to bill me any amount at any time" (basically) checkbox, and you get a billing agreement ID. Through a set of API calls you can bill to that ID without needing user intervention. Know that the user can void the agreement at any time. Example: at my work we use it for recurring payments (eg, subscriptions).

if($_POST['report_year'] == 2011) echo 'selected'; You're validating as XHTML so you have to use the full name="value" form for attributes.

So make your code "disable". I don't know what you're talking about. Remember this is your code. You can make it do whatever you want. You want it to disable something? Then make it disable something.

Keep a "suspended" flag for employees and turn it on when suspending. Then don't give the admin user any way to turn it off.

How about posting your actual code?

Don't put the two pieces of data into the same column. Have one for the username and one for the email address.

It is impossible to prevent the user from accessing those files: in order to hear them they have to be downloaded to the user's computer. The best you can do is encrypt the files and decrypt them in the player. But even then the player could be reverse-engineered and someone could discover the encryption key and algorithm.

Your srcs and hrefs are relative, looking like <img src="folder/image.jpg" /> The browser will calculate the absolute path according to the current directory. After your rewriting of the first page it's "/list/all" so the browser will look for "/list/all/folder/image.jpg". Use a leading slash to make them absolute paths. That way the current directory won't matter. <img src="/folder/image.jpg" />

Exactly. If your code has to run linearly then it means you have something that relies on the AJAX call. A better solution would be to move that reliant code into the AJAX callback: statement 1; // 1 statement 2; // 2 ajax(function() { ajax statement 3; // 5 ajax statement 4; // 6 }); statement 5; // 3 statement 6; // 4 becomes statement 1; statement 2; ajax(function() { ajax statement 3; ajax statement 4; statement 5; statement 6; });

Because not all of those s have titles.

Seems alright enough. What does your form look like? And what is the problem you're having? "No joy" isn't really much for us to go on.

There's also a couple other problems: count='count+1' will actually try to set the count to the string "count+1", then to fix that you'll put the quotes around the 'count' but you'll be using the wrong quotes (backticks ` are for names, apostrophes ' and quotes " are for strings), and there shouldn't be quotes around the project_to_id number because numbers don't get quotes. And that $post value better be escaped.

Or you can be more explicit with the matching. RewriteRule ^Complete-AC-Systems$ product_list.php?cat_id=2 RewriteRule ^Complete-AC-Systems__Packaged-Systems$ product_list.php?cat_id=7 Also, this is horribly inefficient. Just modify your product_list.php so that it can look up the IDs given the names.

RewriteRule does not include the query string. You have to test for that manually with a RewriteCond. RewriteCond %{QUERY_STRING} =ref=test RewriteRule ^directory/page.html http://www.website.com/directory/page.html?ref=test2 [R=301,L] If that still doesn't work, try adding a /? after the ^.

You can submit the form in Javascript by calling the .submit() method on it.

PCRE expressions need delimiters but you've got a lot of freedom as to what they are. Slashes are traditional. However if you want to use slashes in the expression itself, like I did with the /?, then you'd have to escape it lest it be interpreted as a delimiter. I don't like needlessly escaping things so I just changed to a different delimiter: # (another popular one). Between the two delimiters is the expression itself and after the delimiter comes optional "flags" (or "modifiers"). The /i flag (the shorthand tends to be written with the slash delimiter) means case-insensitivity. A [a-z] by itself is literally "a lowercase letter a-z" and would thus only match HTML tags written in lowercase. Of course they may all be lowercase for you, but it's cheap enough to do just in case that's not true. The manual has everything listed out if you'd like to keep reading.

If you do the seeded-RAND() I mentioned then the order will change a bit: rows located earlier that the deleted record will sort the same relative to each other, but rows after the deleted record will appear randomly interspersed. At least in MySQL 5.5. mysql> create table test (a int); Query OK, 0 rows affected (0.12 sec) mysql> insert into test values (1),(2),(3),(4),(5),(6),(7),(,(9),(10); Query OK, 10 rows affected (0.03 sec) Records: 10 Duplicates: 0 Warnings: 0 mysql> select * from test order by rand(123); +------+ | a | +------+ | 6 | | 4 | | 9 | | 8 | | 2 | | 10 | | 3 | | 5 | | 1 | | 7 | +------+ 10 rows in set (0.06 sec) mysql> delete from test where a=10; Query OK, 1 row affected (0.03 sec) mysql> select * from test order by rand(123); +------+ | a | +------+ | 6 | | 4 | | 9 | | 8 | | 2 | | 3 | | 5 | | 1 | | 7 | +------+ 9 rows in set (0.03 sec) mysql> delete from test where a=5; Query OK, 1 row affected (0.04 sec) mysql> select * from test order by rand(123); +------+ | a | +------+ | 7 | | 4 | | 9 | | 2 | | 3 | | 6 | | 1 | | 8 | +------+ 8 rows in set (0.04 sec)