kicken

That is the wrong way to go about it. You should have a table which links them together, eg: create table user_read_docs ( userId int, docId int ); That table would have one row for every document the user read. If desired you could store additional info there such as date read, number of times, etc. With that setup you can exclude read docs using a left join on that table, such as select * from docs d left join user_read_docs rd on d.docId=rd.docId and rd.userId=1245 where rd.docId is null

You're better off asking a lawyer that question. I would say possibly. Also if you do set some up it may be worth having a lawyer write them up to ensure they are valid and cover all your bases. edit: If you don't care too much, you could probably just throw a "Use this site at your own risk, we are not responsible for anything" claim up. May deter your users some though. Could work til you get something more official in place though.

Run it through strtotime to get a timestamp value, then use the date function to format it how you want. When you run it through strtotime you should check the result to ensure success, incase they enter a date it can't understand or is invalid.

Make sure you are loading the correct dll file. Along with the version you need to match up the compiler (vc6 / vc9) and thread safety (ts / nts). You should be able to find that info in your phpinfo output if you are not sure what you have.

That statement was directed at a post which has since been deleted, not at anything you said. On to your problem, unless someone who know's how Nuke works can direct you more specifically, essentially you need to find out where in the database it is storing these articles. When you figure that out, find out what the column type is and change it if necessary. It should probably be a TEXT type which should allow for a fairly large article. If yours doesn't fit there are bigger types, but it might be better to split it into multiple articles and link them together. Finding the field will just take some time poking around the database, or finding some documentation somewhere that will tell you.

Like I said, it all depends on when the GC routine gets run. On my dev laptop for instance, where I am the only one ever hitting pages my session will remain active indefinitely. I've worked on stuff, gone away for a day, come back and my session is still going strong. Reason being that the GC routine is rarely ever run with only one person. That 1440 seconds is how long a session has to be inactive for before php will kill it, but PHP will only kill it if the GC routine is run. It won't end it the second it passes that mark. For an active site such as these forums, chances are the GC routine would get run fairly regularly. For a not so active site, it will be run fairly little. I believe by default it is configured so that it only has about a 1% chance of being run on each call to session_start. You could of course change these settings to make it run more or less often if desired. The manual page I linked above has all the details on the settings and what they do.

the value of session.gc_maxlifetime would be a rough estimate, but reality will differ. PHP doesn't actively timeout sessions. On each call to session_start there is a chance for it to run a session clean up routine. this routine will check all the session save files and if the time between now and the files last access time is greater than the lifetime it deletes the file, essentially killing the session. If your site does not get much traffic this routine won't get many chances to run so a session could stick around for a lot longer, days maybe even. That is why if you want any sort of stability or control over a timeout you have to implement it yourself.

So I assume you want to do a dbField=1 for which ever ones are checked, and just ignore those that are unchecked? In your PHP you'll have to create all the conditions for the ones that are checked. eg $cond = array(); foreach ($_POST['checkboxes'] as $val){ $cond[] = $val.'=1'; } $sql = '... WHERE '.implode(' AND ', $cond); Of course, you'll want to ensure you prevent against sql injection. Probably use some sort of map array to map the checkboxes on the page to the DB fields they correspond to.

You can change fiddle with the ini settings using ini_set/ini_get. If you want more refined control over the timeout period though you should implement it yourself. On each page load, compare the current time to their last activity time (also set on each page load in the session). If the difference between the two is greater than your time limit, invalidate the session. if (isset($_SESSION['last_activity'])){ $diff = time()-$_SESSION['last_activity']; if ($diff > 300){ $_SESSION=array(); } } $_SESSION['last_activity'] = time();

A variable being NULL in PHP does not mean it is compared to nulls in the sql query. When you sub the variable into your query it will be the empty string so you'd have your query like: WHERE acca = '' I'm not sure if mysql considers the empty string an 0 to be equal or not. What do you want to happen if no checkbox is checked? No results? You likely need to just do a test in PHP and modify your query accordingly. if (!isset($_POST['acca'])){ do something for when checked} else { do something for when not checked. }

I'm guessing you figured it out since the thread is marked solved, but for future googlers... The reason is because your not surrounding your attribute values in your HTML in quotes. For example this: echo "Product Name : <input type='text' name='productname' value=". $row['product_name'] ." /><br />" will generate the output (given your sample input): Product Name : <input type='text' name='productname' value=Amd Athlon X2 /><br /> When the browser sees that it will use Amd as the value of the attribute, and the Athlon and X2 parts will be considered new attributes (which will simply be ignored as they are invalid). To get the whole string to appear as the value, you have to put it in quotes: Product Name : <input type='text' name='productname' value='Amd Athlon X2' /><br /> which means PHP such as: echo "Product Name : <input type='text' name='productname' value='". $row['product_name'] ."' /><br />"

You can do that, and it will not cause any error. PHP will "short-circuit" conditionals so that as soon as it determines the condition cannot be satisfied it will stop executing it. In the given example if isset($_GET['filter']) is false due to it not existing, php will never execute the in_array portion and no undefined index error will be generated. @monkuar If I understand your code correctly, you want to check that the value in $_GET['filter'] exists as a key in your $letters2 array. in_array only searches the values of the array, not the keys. To check for the key you can use either array_key_exists or just isset() on that key, eg: if (isset($_GET['filter']) && isset($letters2[$_GET['filter']])){ echo 'Hey!'; }

Apache understands multiple extensions, and for each extension it will look up the mime type, language, and handlers for that extension. In mis-configured servers the php handler is applied to the .php extension in a way that does not require it to be the end extension. It only has to exist in the name somewhere. If it does not appear in the name, apache will not run the PHP handler on that file so the code will not run. You can read the small bit in the apache docs about multiple extensions for some further details and information on why it behaves this way. No, the issue revolves entierly around what the file was named. If '.php' does not appear anywhere in the name, it will not be executed. Try it your self, rename your test file to just somefile.jpg and load it. All you'll get is a broken image (or error page, depending on how your browser handles invalid images). Unless I have some particular need to maintain the file name, I almost never keep the original name. For an avatar for example, I just name them with the user's ID number. so I'd have a directory say /images/avatars and it has all the various files which are just for example 1383.jpg or 1893.png, whatever that user's ID number is. The only part I keep is the very last extension so that it is served with the proper mime type. I also always verify that the final extension is one that is expected and allowed. In the case of an image upload it has to be .jpg, .png, or .gif. Even if you do need to preserve the actual file name, you can do so by saving it in your DB record as an additional column, then name the actual file something random with a harmless extension. Rather than link directly to the file, you would use a PHP script to serve the file and it can restore the name by sending special headers to the browser before offering to download the file. By serving the file via PHP yourself rather than via apache you also prevent PHP code from running in any case. The destination path for move_uploaded_file has to be a local file system path, not a URL. eg, /home/yoursite/uploads/ getimagesize will do this. It will return false if the image is invalid. Your sample file that just contained the php code would not pass that check as it's not a valid image. Some image formats allow meta-data though and that meta-data is plain text. For example .gif has fields for a comment to indcate what program created it, or .jpg has fields for things like date, author, camera, etc. Someone could take a valid image, and throw PHP code into these meta-data fileds. This is why in addition to a getimagesize() format validation, you have to ensure the file cannot be run, using steps mentioned previously. Basically, ensure the file name only contains one '.' character. Yes, substr_count, but if you do like mentioned above and generate your own random file name, then just make sure you only append one extension to your file name. What I do in the case of images is use the return value of getimagesize to determine the extension. In the array it returns there is a field that will tell you if the image is a gif, jpg, or png so I just have a few if statements to set a $ext variable appropriately based on that field. It needs to be writable for your PHP scripts to save the files there. You should just ensure no files have their executable bit set. After the upload you can do chmod($file, 0644); to ensure the bit is not set. Note the leading 0 is important and must be kept.

The article shows you how to guard against that using a .htaccess file to correct the bad server configuration. As I mentioned in the other thread, it's always a good idea to flat out disable any script handlers in a directory that receives user uploads. If you can't use the .htaccess for some reason, you can simply ensure that no file has '.php' anywhere in it's filename with a simple str_replace while (strpos($filename, '.php')!==false){ $filename = str_replace('.php', '', $filename); }

Sure, but as you may have noticed excel files are not text files. Your script has to be able to properly understand the format of the data you get back after reading the file. There are a few libraries out that which can process excel files, I'd suggest using one of them.

They are essentially the same. Your just passing the parameters and sql together in a call vs doing it separately by preparing the query first then binding parameters later.

While one directory per user may be a bit excessive, it can be beneficial to break up the images over multiple directories. I recall reading somewhere that some filesystems do not handle directories with thousands of files very well, and as a rule of thumb it was suggested to try and keep the number of files per directory 1500 or less. Regardless of how the filesystem may handle it though, it's nice to keep the number per directory down anyway just incase you need to browse that directory for some reason in the future. One old system I worked on stored all uploads in a single folder which ended up having 20000+ files in it. Occasionally someone would open that folder, either accidentally or intentionally to get a file, and it would take 10+ minutes for it to load all the files. What I will do if I am expecting a lot of files is pre-pend the filename with a random number (or a db record ID number if applicable), then save it in sub directories based on these numbers. For example, if I uploaded my avatar.png, the script would change the name to something such as 123avatar.png, and then save it into a location such as /images/avatars/1/123avatar.png. It took the 1 from the file name and used it as a directory name. This way all the files get spread out over several directories. There are two main things to consider regarding security for uploaded files 1) Ensure nobody can upload executable code. You can guard against this in a number of ways. Ensure there is no way for someone to upload a file name *.php (or similar script extension if available). Make sure your server is not configured to parse other extensions for scripts. Doing that will make it so even if someone uploaded a file with code in it (such as an image with PHP embedded in it) the server will not execute it. With apache it is also possible to configure the server to not allow PHP at all for any file type within that directory (so even .php files, if someone managed to upload one, would not execute). 2) Ensure only people allowed to see the files can see them. This generally involves storing the files below the web root and making them accessible via a proxy script which first validates user permissions. In you specific case with avatar images, point #2 doesn't really apply so much. Everyone will need to see them, so you can simple store them inside your web root somewhere, and link to them directly when you use them. For point #1, you just need to ensure they are an image (getimagesize() can tell you that) and ensure they are stored with the correct extension (.jpeg, .png, or .gif). Reject any non-image extension such as .php.

How big the PHP script file is does not really make much of any difference on execution time. Obviously if it is generating a lot of output though, the end user has to download all that which depending on connection speed can take a while. One way to help speed that up is to compress the output before sending it to the client. Most browsers these days support gzip compression. The data is sent from the server in a compressed format using the gzip algorithm and then the browser will automatically decompress it on it's end before displaying it to the user. Compression works well on text, especially text that is repetitive so applying to HTML, JS, or CSS can reduce the amount of data being transferred significantly. As for how to do this there are a few different ways. Apache has an extension called mod_gzip which will automatically compress files if the browser requests it. I've never used it so I'm not sure if it will handle output from PHP scripts as well or only static files. Someone else or some google research could probably answer that for you. PHP itself, if compile with gzip support, will allow you to compress it's output using a combiniation of output buffering (ob_start) and the handler function ob_gzhandler. If you handle it through PHP though you need to take care that the client actually supports gzip otherwise they will get useless output. Browsers that support it will indicate so via an additional header, Accept-Encoding I believe is the name. There exists some applications which will cache your PHP scripts (or arbitrary data your scripts may use often) in order to increase execution and access times. For example memcached or APC. Googling the terms php opcode cache could get you started on finding out more details

If your just going to keep picking random numbers until that statement is true, why bother with the random numbers at all? Just use $myrow['mp'] and $myrow['hp']. Your going to need to better explain what your trying to do if you need more help.

Your tom and queen fields should be INT fields that hold the ID number of a record for the appropriate cats. Then you just use an INNER JOIN in your query to join the rows together. eg: SELECT progeny.registrationId as catId, progeny.name as catName, tom.registrationId as tomCatId, tom.name as tomCatName, queen.registrationId as queenCatId, queen.name as queenCatName FROM cats progeny INNER JOIN cats tom ON progeny.tom= tom.registrationId INNER JOIN cats queen ON progeny.queen = queen.registrationId WHERE progeny.registrationId = 123

Super simplistic example: <?php function tokenizeCss($str){ $tokens=array(); $len=strlen($str); $i=0; $state='selector'; $newState=null; $tokenValue=''; while ($i<$len){ $ch = $str[$i]; switch ($ch){ case '{': $tokens[] = array('type' => $state, 'value' => $tokenValue); $tokens[] = array('type' => 'ruleset-begin', 'value' => '{'); $state='ruleset'; $tokenValue=''; break; case '}': $tokens[] = array('type' => $state, 'value' => $tokenValue); $tokens[] = array('type' => 'ruleset-end', 'value' => '}'); $state='selector'; $tokenValue=''; break; default: $tokenValue .= $ch; } $i++; } if (!empty($tokenValue)){ $tokens[] = array('type' => $state, 'value' => $tokenValue); } return $tokens; } $css = ' p > a{ color: red; } a.link:hover{ text-decoration: underline; } '; $tokens = tokenizeCss($css); $colors=array( 'selector' => 'red', 'ruleset' => 'blue', 'ruleset-begin' => 'orange', 'ruleset-end' => 'orange' ); foreach ($tokens as $tok){ $color = $colors[$tok['type']]; echo '<span style="color: '.$color.';">'.$tok['value'].'</span>'; }

You break it down into it's fundamental parts using a parser script (aka a lexer) For example (quote for color): p > a is a selector token { is a begin ruleset token color is a property name token red is a property value token ; is a end statement token } is a end ruleset token You would create a lexer that will break the css string down into tokens like that, then you can re-assemble the string from the tokens while applying whatever coloring or formatting you need around each token value.

First, a little clean up to make the code easier to read and understand. <?php $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("terra_elegante_operations", $con); $escaped = array_map('mysql_real_escape_string', $_POST); $sql=" INSERT INTO customer_information ( `account_#`, `name_first`, `name_last`, `address`, `city`, `state`, `zipcode`, `telephone`, `telephone_alt` ) VALUES ( '{$escaped['account_#']}', '{$escaped['name_first']}', '{$escaped['name_last']}', '{$escaped['address']}', '{$escaped['address']}', '{$escaped['city']}', '{$escaped['state']}', '{$escaped['zipcode']}', '{$escaped['telephone']}', '{$escaped['telephone_alt']}' )"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "1 record added"; ?> Now, in order to prevent against any problems with quotes, you need to escape all your values. mysql_real_escape_string will take care of this for you, using array_map() is a convenient way to apply it to the entire post array. Normally you wouldn't want to do that, in the case of a quick script for your own personal use only though it works well. As mentioned when your putting array values directly into a string you have to enclose them with {} or PHP will not parse it correctly. The problem is the quote characters around the key names. Also as mentioned, using special characters in column names should be avoided. In order for mysql to recognize your account_# column it has to be surrounded by backticks (`). I surrounded all columns with them as it does not hurt. Ideally, you should stick to a-z, 0-9, and _ when you name your fields. When putting values into a query, string values have to be quoted. numeric values can be put in without quotes however including quotes does no harm so you can just put quotes around all the values to be sure. You can see how I surrounded each variable with single-quotes above. edit: apparently I missed page two.

Do you mean you want a script that just sits there and waits until a particular db column gets changed? Essentially you'd just make a while(true) loop and inside it query that column and when it changes do something. Not very efficient though. Perhaps you could explain your situation / goal?

Regardless of if your making a site or a library, regex is not the right tool for the job here. You should essentially parse the CSS codes into tokens then apply the formatting. How accurate your parser needs to be can depend on how accurate you want your highlighting. A simple parser that will separate out selectors, properties and values shouldn't be too hard to do to start with.