requinix

Turn off magic_quotes.

You need a URL for that resized image. Something like resize.php?newsid=123&width=110&height=146 The script then looks up the image to resize and outputs a resized version. Basically, what you have now but in its own script*. The "crazy characters" are the binary image data. They're good. But you have to tell the browser that it should display as an image, rather than the HTML it assumes. Before you output anything, header("Content-Type: image/jpeg"); * It doesn't have to be its own script - you could reuse an existing script for it. The issue is that you output the image and only the image. No HTML or anything else with it.

If those are the only two possibilities, // will grab the email. If it fails then the whole string is the email.

Wrong quotes. Backticks are for names of objects in the database (databases, tables, fields, etc.) while single- and double-quotes are for strings. LIKE "%tblhosting.domain%" But you don't want strings. How is this search supposed to work? Find all invoice items that have a description containing any hosting domain?

Look into LOAD DATA INFILE. Something like LOAD DATA INFILE "cities.csv" INTO TABLE `cities` FIELDS TERMINATED BY "," OPTIONALLY ENCLOSED BY '"' ESCAPED BY "\\" LINES TERMINATED BY "\n" (`csvcity`, `csvstate`) SET `city` = `csvcity`, `state`= `csvstate`

You can't use aliases in WHERE clauses - pretend that aliasing happens after the conditions. HAVING doesn't have that restriction. SELECT *, (original_price - price) AS profit FROM items HAVING profit While I'm at it, 1. If a number is supposed to be a number, don't put quotes around it. 2. Are you sure you want to ORDER BY RAND()? Do you actually want [i]all[/i] of the results in a random order? Or do you just want a couple of them chosen randomly?

That's not all your code. Can you post the whole thing?

For some reason it was decided that if you're loosely comparing two numeric strings, PHP will compare them as numbers. Comparison Operators As random as spiderwell's comment is, he actually said the right answer: use a strict comparison instead.

It requires the ssh2 PECL extension. Apparently you don't have that installed. Try asking whoever maintains the server for it, or look for an alternative such making a simple web service.

There are a number of false positives in there... Pay attention to the ones involving glob().

SimpleXML $xml = new SimpleXMLElement($string, 0, false); echo (string)$xml->Transaction->Description;

REAL uses floating-point which means it cannot always give exact values. Use DECIMAL if you need exact values.

Off the top of my head, both GIFs and JPEGs allow for arbitrary comments. It is entirely possible for images to contain malicious code. [edit] Besides, getimagesize() only inspects a very small amount of the image. Just enough to grab the information it needs. It does not validate images.

Thanks for the description but that wasn't what I was asking for.

GD doesn't know what "nefarious code" is. It was a "I believe" that it will not keep unrecognized stuff. For most people I would say "easier" but you won't really know until you try.

Nicest option is to redirect to some page immediately after the operation. Thus refresh only refreshes that page. Otherwise you can include nonce tokens: unique values that are only good for one use. Record that token somewhere, like the session, and only allow the operation if the token hasn't been used.

- Without going through the source code, I believe GD will write the image from scratch, because otherwise it would have to remember all the little bits of fluff it encounters when loading the data - and then write them back, assuming that the fluff is still accurate even after modifying the image. (Saying this because I know specifically of a few things that depend on the image data, thus changing the image data screws them up.) - JPEGs are best for photographs. If people upload a PNG then it's quite possible they're not uploading a photograph (eg, some icon or glyph), in which case you probably want to keep it as a PNG. Then there's GIFs which can be animated. So it'll probably be better to keep whatever format they use. - GD is quick and simple but isn't that great at preserving quality during operations (especially with palette images). If you need to keep quality, try ImageMagick instead.

Look into KML. Much easier.

What it sounds like you're asking, no. The referrer is the only piece of history the browser sends (if it even does) and it's only the previous page (supposedly).

Such as index.php?location=index.php And boom goes the dynamite.

Substituting that whole segment? You can just find the "/ref=" and grab everything else after it - don't need any "numbers, letters, and underscores" logic. #/ref=.*#

Do any of the values have a dollar sign? Like $25.00? Or the generic question: what are the exact values of those two variables?

Which looks like...?

Who wrote the original code?

You're not checking the password at all... Also, 1. Use POST. 2. Hash the password in your JavaScript before sending it in the URL and/or use SSL.