AyKay47

if(strpos($p, "-") !== FALSE) { //execute true block } else { //handle error }

Here is a hint, $_GET the id from the query string you passed. You also need to implement proper debugging steps, use Jessica's signature for that!

To directly answer your question, patterns need to be wrapped in delimiters (e.g /$pattern/, ~$pattern~). But as Jessica said, strpos() will be a faster/more efficient solution for a character search in a string.

Showing us a working example would help a lot.

You will need an async listener for an invite action (probably via AJAX). We will need to see the logic in your code to give you any specific help.

How exactly is the data for the alleles being stored (e.g. are they separated by a space or some distinct character)?

Since you are returning only 1 row, you do not need a while loop. A good debugging habit to get into is to also output the SQL statement and check for errors there. What output is being displayed?

the mysql extension has been deprecated which means in a later version of PHP it will be removed. Using MYSQLI or better yet PDO is encouraged. Here is a link to the PDO extension to get you started. To directly answer your question, mysql_real_escape_string()'s purpose is to make data safe to pass through an SQL statement. However it is not always needed depending on what type of data you are passing (e.g ints, floats). Sometimes casting a data type is sufficient.

91weblessons: To be frank, don't give web lessons if you do not know what you are doing. Your file upload backend code leaves a HUGE security hole that would allow me to pass any file I wanted to the server, not to mention what ChristianF already mentioned.

Post the relative code to this thread.

What part(s) don't you understand? What have you tried so far? Help me help you.

Perhaps if you post the context in which this function is being used we can help you further.

Adding to what requinix posted, it looks like you are using the `rank` column as a unique index when it should not be (as requinix stated above it does not belong in the table at all). Instead use that field as a unique identifier of each user in the table and name it something generic like `ID`.

I fail to see the difference between embedding a dynamic random image and reading a random dynamic image to implement your logic.

Most likely the render() function is rejecting reset.php because it is not located in the templates directory, so file_exists() is returning a boolean false value. If nothing has been output to the browser yet you can use header() to redirect to reset.php and pass the necessary values. $i = 0;$qs = "";$check = array("test" => "hello", "test2" => "hello2");foreach($check as $key => $val){ if(!$i) $qs .= "$key=$val"; else $qs .= "&$key=$val"; $i++;} header("Location: reset.php?$qs"); You could also restructure the render function to accept files in other directories if that is the case. Also, every time that pass.php is re-executed it will check to see if a POST request has been sent, if it hasn't, then it will render() login_form.php

Instead of reading the file to the browser like you are now, embed the image in the html instead. <img src='/path/to/image.jpg' /> That way a user will be able to right click and save the image.

IMO there should always be a whitelist of file extensions so that users cannot download scripting files etc. The $_FILES superglobal array gets populated with several bits of information about the file(s) that was uploaded via html form. This includes (might forget some) ['size'], ['tmp_name'], ['name'], ['error'], ['type']. Use this information to validate the file and check for any errors. This might also help.

You most likely have magic_quotes_gpc enabled which is escaping the double quotes and throwing the query off. That being said, your script is WIDE open to SQL injection as you are not sanitizing the user input whatsoever not to mention the gaping security holes that allowing a user complete control of your database causes. I cannot think of a scenario where I would give a user complete control of my database, what is your logic here and we will help you to implement it correctly.

Before tampering with anything else, please post the results of a phpinfo() call.

Where are the HTTP_EVE server values coming from? Double check those values, because they aren't comparing correctly.

The call to mysql_query() is returning a boolean false value instead of a resource. Start your debugging there.

Usability wise it is very similar to ereg_replace only it is more robust. Should be able to replace ereg_replace with preg_replace without any error. Now, why are you using eval()?

preg_replace

Then post the updated code, because in the above code you have not called session_start() before attempting to use sessions.

Is the array a fixed or variable length? With a variable length array the above code will not work.