scootstah

Use ORDER BY in your query to order the posts by the date posted.

In the edit form leave out parseBBCode. Problem solved... Oops, my skim reading led me to believe you were storing it in the database after you parsed it. Carry on.

On lynda.com you can only be signed in on any device at one time. So if you sign in on your desktop and then sign in on your laptop, it will invalidate the desktop. It would be pretty easy to implement, just invalidate the session of the same ID when it logs in again. You could even use an AJAX script to log them out automatically.

The problem with the way you are doing it is what if they need to edit it? They are going to get back HTML instead of BBCode, unless you convert it back.

This ought to do it: echo '<select>'; $option = ''; for($i = 0; $i <= 11; $i++) { $timestamp = strtotime('+' . $i . ' month'); $month_text = date('F', $timestamp); $month_num = date('n', $timestamp); $year = date('Y', $timestamp); $option .= sprintf('<option value="%d-%d">%s</option>', $year, $month_num, $month_text); } echo $option; echo '</select>'; EDIT: Updated.

While handy, that's going to take significantly more space to store.

Oops, guess I skipped over the error. Check the folder permissions.

Because it's not an image, so it returns false.

You haven't set a default timezone in the php.ini.

In the future, the little "topic solved" button helps us know the problem is resolved.

So is it fixed?

Because the query failed due to an error. After mysql_query, run echo mysql_error();

This is the same idea as writing your own contract. Yeah, you may hit the major points, but a well paid lawyer will probably be able to rip it to shreds. Is the couple hundred bucks to hire a lawyer worth less than going bankrupt when you get sued later on?

Learn Javascript, then use jQuery. Things will be a lot easier and make more sense.

Okay. What happens if you execute this query in phpMyAdmin or the mysql command line tool? select * from client_information where concat (account_number,name_first,name_last,address,city,state,zipcode,telephone,telephone_alt,email) like '%angeleyezz%'

http://xdebug.org/

You need the HTTP location, not the physical file location. example.com/images/blah.jpg

PHP Freaks Tizag Devshed CSS Tricks is pretty nifty too. As for your original post. There are many aspects of web security. It would take a long time to start telling you all of them. Instead, you need to figure out what your script will be doing and start locking it down from there. For example, you are making a community site. This means you will likely have a login system, member profiles, user-generated content, etc. So it looks like you will have a lot of untrusted user input. With ALL user input, you should do at least the following: - sanitize it for database interaction. You can either do this by escaping problem characters (like mysql_real_escape_string) or by using prepared statements (the better choice). - sanitize for XSS attacks. This can be done either on input, or output, but if user content is going to be displayed somewhere on your website it must be done either way. Those are the two biggies. Along with that, you'll want to make sure the data entered is what you are expecting.

Right, but I'd like to see how your table is setup. If you have phpMyAdmin, or the mysql command line tool can you run this query: SHOW FIELDS FROM client_information and post the results please?

What does the source look like?

Can you show me what a SHOW FIELDS FROM client_information looks like?

You used to be able to embed Javascript in image files. Again, it was not limited to .gif files. This was a vulnerability in certain browsers that I am quite sure has been fixed quite a while ago. You have to understand that vulnerabilities effect different things differently. Especially when you're talking something as broad as images. Lots of applications deal with images. Just because you can embed some malicious code in a file that exploits one application, it does not mean it will exploit every application it comes in contact with. You may have heard about a vulnerability in some other application involving .gif files.

Do you want to just display it as it is in the code blocks, or actually serve an XML document? If the first, use htmlspecialchars() as mentioned. If the second, you'll need to use a header to set the content type to XML. header('Content-Type: text/xml; charset=utf-8');

I appear to be fairly late to the party, but I feel it's worth stating that a simple trick for this type of problem, is to simply rtrim off the last ','. to do this, you build the string in a variable: $str = ''; $x = 1; // set $x for ($i=1; $i<=100; $i += 9) { $str .= "'$i',"; } $str = rtrim($str, ','); echo $str; I sometimes do this too. However, I believe all he wanted was to populate an array. He thought that by adding the commas to a string, like "1, 2, 3" it would make this: array(1,2,3). searls03 by what I can gather it looks like you are trying to make a line break or new column or something every 9th row. If so, you are severely over-complicating it. You can use the modulus operator to do this. See the following example: for($i=1; $i<=100; $i++) { echo $i . ' '; if ($i % 9 == 0) echo '<br />'; } This will echo the numbers 1-100 and insert a line break every 9th number.

Yes, it is in seconds. EDIT: By the way, it is not too difficult to expand PHP sessions to implement some of your own features, such as a consistent timeout. You can do this with the session_set_save_handler.