mgoodman

@Andy, I was talking about WebStyle's code, not FatDank's code. FatDank's code is fine, but WebStyle's certainly is not.

That's extremely insecure WebStyles. An attacker could use that to include PHP scripts located pretty much anywhere on the server. (http://yourserver.com/index.php?page=../someotherfile)

PHP can't do that because it doesn't handle the connection; PHP only processes the request. I don't know anything else useful on this subject, sorry I couldn't help you.

As WebStyles said, you have to use $_SESSION. Here's a simplified class that can handle flash messages for you: class FlashMessage { public static function wirte($message) { self::_startSession(); $_SESSION['flash.message'] = $message; } public static function check() { self::_startSession(); if (isset($_SESSION['flash.message'])) { $m = $_SESSION['flash.message']; unset($_SESSION['flash.message']); return $m; } else { return null; } } protected static function _startSession() { if (session_id() === '') { session_start(); } } } To use it you just do this in process_form.php FlashMessage::write('You missed some fields!'); and then do this on login_form.php: echo FlashMessage::check();

Then you'll have to use PHP. It shouldn't be a problem though. I had a small site where users could upload files and I didn't have any problems with it slowing down. Try it first and then if there's any problems you can go back and fix it up.

You could always use FTP.

You need to do something like this: class User { public $users = array(); public function getAll() { $query = mysql_query("SELECT `username`, `password` FROM `user` ORDER BY `id` DESC"); while($result = mysql_fetch_assoc($query)) { $this->users[] = $result; } } // the rest of your User class code } and then in your switch: case index: $user = new User($connect); $user->getAll(); foreach ($user->users as $userInfo) { echo echo '<a href="#">' . $userInfo['username'] . '<a/><br/>'; echo echo '<a href="#">' . $userInfo['password'] . '<a/><br/>'; } break;

if(isset($_POST['Submit'])) // If the form has been submitted then do this stuff { $contents = file_get_contents('config.php'); // Store the contents of config.php in the $contents variable $var_letters = range('a', 'g'); // Create an array and store it to $var_letters variable. Same as array('a', 'b', 'c', 'd', 'e', 'f', 'g') foreach($var_letters as $letter) // Go through each letter and perform this code { $oldline = '$' . $letter . ' = ;'; // The string that you are searching for ($a = ; or $b = ; or $c = ; etc.) $newline = '$' . $letter . ' = \'' . $_POST[ $letter ] . '\';'; // The string you are going to replace it with ( $a = $_POST['a']; ) echo "Replacing <tt>$oldline</tt> with <tt>$newline</tt><br />"; // Print out a status message $contents = preg_replace('~\$'.$letter.' =.+?;~s', $newline, $contents); // Replace contents (from config.php) with the new line based on the regular expression } file_put_contents('config.php', $contents); // Write the new contents back to config.php } include 'config.php'; // Include the config file Hope that helps.

@op: Perky's code contained some syntax errors. Here's the fixed version: <select name="dropdown"> <option value="value 1" <?php if ($_POST['dropdown'] == 'value 1') echo 'selected="selected"'; ?>>value 1</option> <option value="value 2" <?php if ($_POST['dropdown'] == 'value 2') echo 'selected="selected"'; ?>>value 2</option> <option value="value 3" <?php if ($_POST['dropdown'] == 'value 3') echo 'selected="selected"'; ?>>value 2</option> </select> edit: explanation $_POST['dropdown'] is where the selected value would be stored when the user submits the form. So, for each option the code checks to see if it was selected, and if it was it prints out selected="selected" (which will set that as the "default" option). If that doesn't make sense then let me know and I'll try to explain it differently.

You are going to have to run a query no matter what. If you really wanted to make it more efficient then you could consider using a count query instead of using mysql_num_rows: $query ="SELECT COUNT(*) as count FROM users WHERE username='$username'"; $result = mysql_fetch_assoc(mysql_query($query)); if ($result['count'] > 0) { // username is taken } Since that query only returns a number, it's less information to transmit than if you return the entire row and then perform a count after the fact.

You could do this: $page = (isset($_GET['page'])) ?: 'home'; That will only work with PHP 5.3+ though, so if you are using something lower than that you would have to do this: $page = (isset($_GET['page'])) ? $_GET['page'] : 'home'; After that you just use $page instead of $_GET['page'] in your if statements: $page = (isset($_GET['page'])) ?: 'home'; if ($page == 'home') { // include home page } if ($page == 'someotherpage') { // include some other page } In case you don't know, ? : is called a ternary operator. It's basically like a mini if statement. It does the same thing as this if statement: if (isset($_GET['page'])) { $page = $_GET['page']; } else { $page = 'home'; }

Well you're going to have to query for those 25 users eventually. Maybe you should try some simple caching for 5 or 10 minutes. I'm sure that the user list doesn't have to be completely accurate all the time, does it? You could do a simple file cache where you generate the HTML needed to display the user list and then save that in a file. Let's say you have something like 15 requests per second, if you do those 25 queries for each request then over the course of 10 minutes you've performed 15,000 queries. However if you queried the information and stored it in a cache for 10 minutes then you are down to 25 queries per 10 minutes.

Well as your title suggests you've figured out that you need to use preg_replace. Try this: $contents = file_get_contents('config.inc.php'); $regex = array( 'expressions' => array( '/\$db_host = \'\';/', '/\$db_user = \'\';/', '/\$db_pass = \'\';/' ), 'data' => array( '$db_host = \'' . $_POST['host'] . '\';', '$db_user = \'' . $_POST['username'] . '\';', '$db_pass = \'' . $_POST['password'] . '\';' ) ); $contents = preg_replace($regex['expressions'], $regex['data'], $contents); // fwrite $contents back to config.inc.php

I see a few problems. You might not have a / on the end of $dirName. You also have "!$path" in there, which which would return false. Without looking at the PHP manual I'm pretty sure that the first argument for mkdir is the path, not a boolean value.

It's hard to tell with that tiny bit of code you've provided. It would be nice to know what $dirName is set to. It would also be nice to know what sort of problem you are having. You just said that "file creation is what's messing [you] up". What sort of problems are you having and can you post the code that defines $dirName? Also, have you set the working directory to the correct one for the index.html file you're trying to copy?

You would be better off to invest some time in SEO if you want to have your pages found on search engines. Just search Google and you'll find loads of information about it.

I'm not quite sure that I understand your problem, but I'm gonna take a shot at it anyways. mysql_query will only return false if there is an error executing the query (even if there are no results). So unless your query is incorrect (MySQL errors) then it will always execute the first block. If you need to do it that way then I suggest using mysql_num_rows. That will tell you how many rows are in the result.

If I understand what you are trying to do correctly then this should work: $pics_dir = '/var/www/pics/'; // Your directory with 200 pictures $new_dir = '/var/www/new_pics/'; // The directory you want to copy them to // Read all the files in the pictures directory then remove the . and .. results $pictures = array_filter(scandir($pics_dir), function($value) { if ($value == '.' or $value == '..') { return false; } else { return true; } }); // pick a random key from the array $random_photo = array_rand($pictures); // get the file extension $file_ext = array_pop(explode('.', $pictures[$random_photo])); // copy the file copy($pics_dir . $pictures[$random_photo], $new_dir . 'somenewname.' . $file_ext); This requires PHP 5.3+, but it would be easy enough to fix for older versions by changing array_filter.

I've never used setFetchMode() before but it does take an argument which you have not supplied. http://php.net/manual/en/pdostatement.setfetchmode.php That could be the problem. Put this at the top of your file: ini_set('display_errors', 1); error_reporting(E_ALL); and see if it displays any errors when you try to open the page.

Your query is flawed. You need to remove the like part next to city_id an country_id.

<?php echo $where; ?> Basically you just want to see what $where is getting set to. I think that's probably what is breaking your query. You could also try to echo out the query, but just doing where would be simpler and save time.

Your query is correct so it seems that you are having a problem with $where = isset($_POST['where']) ? $_POST['where'] : ""; First off, you need to sanitize that input using mysql_real_esacpe_string. If you don't then that leaves your site open to an SQL injection attack, which could allow the attacker to destroy your database. If someone was to type a'; DROP TABLE hotels -- in the location field then your entire hotels table would be gone. They could do the same for cities and countries. Or, if you had sensitive user information they could possibly take that as well. As far as your problem getting the wrong results is concerned, try echoing out $where and see what it is being set to.

// Get Data From Result $row=odbc_fetch_array($result); // Show data print($row[plunum]); } Why's there a random } there? I think that might be your problem.

Shouldn't it be as simple as if ($ir['donatordays'] > 0) { $interest_rate = .06 } else { $interest_rate = .02 } Maybe I misunderstood your question, if so please let me know.

You must send headers before any page content is sent. Anything that gets echoed onto the page is content, even if it can't actually be seen once the page is rendered. If you need to generate content before you determine the headers then you can utilize output buffering to "save" the content and then send it out after you set the headers. http://php.net/manual/en/book.outcontrol.php