scootstah

You are calling mysql_query() twice.

Perhaps someone uploaded a file that wasn't deleted with a fresh install. You should check around for any suspicious files.

Because it's a shitty browser. IE doesn't support preventDefault. You can use this instead: evt.preventDefault ? evt.preventDefault() : evt.returnValue = false;

I'll have to check that out. I hate the way phpMyAdmin handles manual queries. I always forget to click the little "show query" link and lose the query I just typed out. :s

And the issue is ... ?

Again, in this case you are not putting the user's input into the database. Therefore you don't need to do anything, the value will always be either 1 or 0, no matter what they enter. But to clarify, all you would need to do is exactly what Pikachu said; $value = (int) $_POST['value']; No matter what they entered into the "value" field, it would always be an integer and nothing else. If they entered SQL injection it would be simply changed to 0.

Cast meaning as this variable will be only 1 or 0, so it's impossible to inject? if so topic solved ty In this case it's not possible to inject anyway, since you are not actually putting the user's input into the database. But what Pikachu means is that instead of taking the user's input and escaping it to put in the database, instead typecast it to the appropriate data type. If you typecast a string to say an int, any non-integer characters will be removed. So even if the string contained injection, it would just become 0.

It appears to work for me.

An easy way would be to count all open tags, and then count all closed tags. If the amount of closed tags is less than the open tags, add as many as you need. It might screw up the layout of what they posted but at least it will be confined to that area.

Technically no, since you are not using the user's input.

You could also typecast and use abs(). $topic_id = abs((int) $_GET['tid']); Either way works.

You gotta be careful with Craigslist. You'll definitely want a solid contract.

You should try to split up the tables and normalize as best you can. For example, you might have a products table holding all of the product names. Then have a cart table, holding a user id, product id, and some options like size, color, quantity etc.

I would store the contents of the cart in an array instead of a string. You can work on it a lot easier and you don't have to use explode a bunch of times. When you add something it might look like, $id = $_GET['id']; $size = $_GET['size']; $qty = $_GET['qty']; $cart[$id] = array('size' => $size, 'qty' => $qty); This way, you can add as much additional information about the item as you want with very little effort.

I'm not sure what your issue is, but you appear to be storing credit card info in plain text in your database, and emailing it in plain text. That is badbadbadbadbadbad.

Your code is a little confusing, but I think this is what you wanted: http://jsfiddle.net/pkvsq/

Code?

Check the Apache error.log

You could use XML to store data in a file. If I may, what is your reason for not wanting to use a database?

How much memory/CPU usage is it consuming in task manager?

I don't know, print the error and find out.

Hmm, neat. It's still not fool proof though, because it doesn't account for days. 01:00:00 would be < 23:59:59, even though it could technically be after.

The error is because the query failed due to an error, and thus returned FALSE. You can see what the error is with mysql_error(). Also, putting queries inside loops is generally not a good idea. You can most likely do what you want with a single query.

Yes, I see that now. I didn't notice the scroll bar on his post earlier, so I didn't see the line break in the form. If you know what it does, why did you suggest it as a solution? Adding (!)empty() will not change the results he gets. A variable containing a line break will result in empty() returning FALSE. See above. I'm tired, and had a long day. I don't put in a lot of effort to people that don't put any effort in on their part. My apologies. Stop busting my balls.

This will NOT WORK. Check the manual, and understand what the function does before offering it as a solution. Thanks, but I know what it does. Psycho posted at the same time I did.