requinix

Why? Be very specific.

It wasn't even $i=>$nation either

You don't need $xml at that point, just $nation. Exact same way you can do a foreach($array as $value) and only need to use $value. foreach ($nation->region as $region) {

"Seconds" would be a Unix timestamp. Sure you can use that. Or just a regular date and time string. You know, like MySQL's DATETIME type.

I don't know you would think to store only the time but don't. Store a complete timestamp, either as a Unix timestamp or a full string date and time.

That's fine buggy and all but $con = new PDO( DB_DSN, DB_USERNAME, DB_PASSWORD ); $con->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); $stmt = $con->prepare("SELECT COUNT (*) FROM users WHERE username = :username"); that code has absolutely nothing to do with your Users class. Where do you bind a username to $stmt?

You can check if it's the boundary easily by 1) removing the boundary you insert before the attachments (which isn't shown in the code you posted) and 2) attaching the boundary at the beginning of the loop (instead of the end). Also, the headers are wrong. The attachment sans-boundaries should look like "Content-Type: image/png\n" . "Content-Disposition: attachment; filename=\"$thefile\"\n" . "Content-Transfer-Encoding: base64\n\n" . $data . "\n\n";

A moot question because your code uses variable variables and that is a problem. Change your form to name the answers' inputs like <whatever those things are name="answer[1]" blah blah blah> Then $_POST["answer"] will be a very convenient array structure for you to look at. Obviates most of the code you have there now.

You're going about the entire process the wrong way. No automated actions, no checking if sessions are active. Keep track of the last time a user performed an action. Update it every time they do something, be it use AJAX or load a page or anything you can know about. Then define "online" to be "whose last action was no more than X minutes ago", and likewise "offline" to be "whose last action was at least X minutes ago". Choose X to be something reasonable; the session expiration (if you have one) is probably too long but a reasonable upper bound on the number you choose.

And what does Apache's error log have to say on the matter?

I have no idea what you're talking about. The file extension is wrong.

Change the delimiters to something else, and modify the regex so it will also return the ESQ line (and others that aren't COS).

So you're looking for the "COS" in Loaded options from XML file: '/Thisis/some/Users/sumuser/Desktop/SM_Folder/COS/Contract_Proof_COS/processing/ID2PDF_options.xml' Is the folder structure always the same? At least in terms of the SM_Folder/*? Then it's as simple as /^Loaded options from XML file: '/.*/SM_Folder/([a-z]{3})/Contract_Proof_\1/processing/ID2PDF_options.xml'$/im (\1 being a backreference to the [a-z]{3} matched earlier) If the folder structure varies much more than that then how do you know where to find the "COS"?

For #1 then just refer to #2. rawurlencode() it shall be. If you want to replace spaces with hyphens then replace spaces with hyphens.

What is your sorting code now?

Step 1. If the dates aren't the same then sort by that. if ($a[0] != $b[0]) { list($am, $ay) = explode("/", $a[0]); list($bm, $by) = explode("/", $b[0]); return strcmp($by . $bm, $ay . $am); // reverse } Step 2. Sort by the ID number. ??? Don't know how you want to handle the alphanumeric ones. Step 3. Remove the array_reverse() stuff because you can do that in the sorting instead.

You don't need to decode it, that happens automatically.

You seem to have completely missed the part where I showed you how to construct $path and $targetpage.

...and TRUNCATE TABLE will delete everything - it doesn't take a WHERE.

Take a look at this. [edit] Ah, that's PDO. Uh... try either of these.

If you're using mysqli you might as well take the safest path and use prepared statements. No escaping required. (In fact trying to escape the data will just mess it up.)

The one time I know where mysql_real_escape_string() won't protect you is if you don't use quotes around the value. $query = "SELECT * FROM table WHERE id = " . mysql_real_escape_string($_GET["id"]); http://www.example.com/path/to/script.php?id=1+OR+username=0x61646D696E (that's "admin" as a hex value, which MySQL lets you do in place of strings) SELECT * FROM table WHERE id = 1 OR username=0x61646D696E [edit] As for XSS, htmlentities() or htmlspecialchars() with ENT_QUOTES (only conditionally required) will guarantee that whatever string you run them will not be interpreted as HTML markup. For better or worse.

Javascript framework? What types of elements? All the same random value or different values for each?

What's your full code? The stuff you showed in your first post looks right...

The scope issue is that variables declared outside of functions (one scope) are not automatically available inside of functions (completely different scope). I agree that you should try to make everything OOP (because right now only $mysqli is), but if you want to stick with procedural code just pass $mysqli to the function: function calls($duplicates, $mysqli) { (since you're using the same name for this variable you won't have to change your code to use it) include 'config.php'; calls(123, $mysqli);