Logician

When I: "select * from (table);", they are not alphabetical. I am wanting the table alphabetical when I select *.

Cool, so do you know how it can be done?

I have a column called alphabet, with the fields B, A, C, D: alphabet -------- B A C D I am wanting to know how I can go about moving A up to where B is, so: Alphabet -------- A B C D There are other fields from other columns on this same line: A | Active | Always This procedure would be similar to: ALTER TABLE (table) CHANGE COLUMN (column) (new column name) (type) AFTER (column);, but for a field instead of a column.

When I used it in an interpolated PHP thing, it broke my page. Thanks for the information.

I use PHP's mysql_real_escape_string() when using MySQL's INSERT. What I am wondering is if PHP's mysql_real_escape_string() should also be used when using MySQL's DELETE?

Thanks, The Little Guy. That worked perfectly.

Wow, I meant columns. Sorry about that confusing post. I have been stressing due to crossing the line over to a state of development nightmare. I make allot of mistakes when I stress. ... so when I execute: select * from alphabet; instead of seing: ... I want to see:

When I execute; select * from alphabet; I get the rows: Is it possible to move the column "D" over, so I get: ?

So, it was working all along. I only noticed now when I checked MySQL from terminal. I got it working the way I needed it using the HTML element <PRE> Solved.

OK, I am back on using MySQL with PHP again. This is what I just tried. Its being entered into the MySQL field, but there are not line brakes. $query = "INSERT INTO orders (events) VALUES ('".date(DATE_RFC822)."\nWRITING ORDER TO DATABASE\n')";

ah har! Thanks again haku, it worked a treat!

What I am trying to do is use: if (is_file(./products/$row['gender']/blue.png)) {echo "blue.png";} $row['gender'] is causing a problem. I have tried: {$row['gender']} {.$row['gender'].} .$row['gender']. but they didn't work. drat! Do you know whats wrong?

Arghhh!!! I just tried: ... so close! Thanks haku!

Is it possible to use if() with a file? I am trying to use it like this. if (./blue.png) {echo "blue.png<BR>";}

I see. Damn it! Do you know how making a line brake can be done in MySQL?

I've narrowed it down to being MySQL, because when I try to insert directly, it still doesn't work. The code I am using is: It should be sitting:

Does anyone know why I am not getting lines brakes when using \n when inserting the following into a MySQL field?

Thorpe, thank you very much showing me that example! Its made things allot clearer! What I am going to do is use: query = 'insert into newsletters (email) values ('.mysql_real_escape_string($_POST['email']).')'; Would it be wise to use mysql_real_escape_string for all $_POST['']'s? The PHP manual said mysql_real_escape_string escapes special characters. So I am assuming that is everything but letters and numbers? Oh ow, will this also strip the @ symbol? Is there anything else you recommend I should look into with PHP security?

Thanks for the information! I don't know what to make of the example given in that manual. What is %s? $user and $password are not defined? Do you know where I can find an example of where mysql_real_escape_string is used in my case?... so I can compare it with a process that is familiar to me.

I have been working on a website for some time now. My work is now 95% finished and now I am starting to look at security, as I am using PHP. My webpage uses HTML FORMS. When most of these forms get send back to the server, 50% of the time PHP is inserting the value of the FORM inputs into MySQL. To give a basic run down, I have a newsletter sign up system. "Enter your e-mail address"... and then the user enters their e-mail and submits.. PHP runs a MySQL query to insert that FORM value into the database along the lines of this: I fear this is very vulnerable to injection attack as it means a trouble maker can come along and enter anything they want into my database, potentially wiping it out. I believe I need to "sanitize" my input with a MySQL "real_escape_string" or something? Is there anything real obvious I should look out for when it comes to PHP security? Is there a way to forbid all strings/arguments except the few I need or something perhaps?

I have more important things to do my friend, especially as I am 27, unemployed and still living at home.

Perhaps, but I have accomplished my desired outcome. That saying if it works don't change it (or something like that I'm too mind smacked), well, yeah that applies now.

This was what I needed. $_SESSION['order']['cartcontenttext'] = 'Small: '.$content['sizes'].' Medium: '.$content['sizem'].' Large: '.$content['sizel'].' Extra large: '.$content['sizexl'].'';

Defined by PHP refusing to parse the page. The quote on the end is the closing quote is it not?

Yes. Fair enough. I am now going to take 2nd best. I've mind hammered myself so much I am temporarily uncapable of detecting minor erros. Could you please help me with this, its not working can I cannot see why right now: $_SESSION['order']['cartcontenttext'] = 'Small: '.$content['sizes'].'Medium: '.$content.'Large: '.$content['sizel'].'Extra large: '.$content['sizexl']';