scootstah

The only thing I could see happening is someone making a tool for ease of use. Like you only have that little square of a map, but someone could load a huge ass map and everything is right there. I can't think of anything off the top of my head to circumvent that though.

Remember that if you do that, you are changing the assignment of $value each time... so it's only going to be assigned to the last ternary statement. Is this for checkboxes or something? If so you could do something like: echo '<input type="checkbox" ' . ($display[0] == 1 ? 'checked="checked"' : '') . ' />';

Well what I would do is come up with some sort of permitted coordinates for each user. Like, they can move X 4 times and Y 4 times. Then you can calculate all of the coordinates they are allowed to use. That way, nobody can do anything unintended because they aren't allowed to use the coordinates in the first place.

Are you getting the data straight from the database, or are you putting it through sanitation functions and such?

I see now. So then how are you handling it normally? For instance, couldn't a user just click the arrows a bunch of times and create their own map in that way?

How about $value = $display[0] == 1 ? 'checked' : '';

I'm not sure I understand how a third party could exploit that. The only way for PHP to detect a clicked link is to either use AJAX, or to pass the link through a script, like this: <a href="redirect.php?url=http://google.com">Click Me</a> redirect.php <?php $url = $_GET['url']; header('location: ' . $url);

You have a flaw in your logic. You should be using AND not OR. if ($_FILES['file']['type'] != 'application/zip' && $_FILES['file']['type'] != 'application/x-zip-compressed' && $_FILES['file']['type'] != 'application/x-zip') { header('location: scontrol.php?alert=notzip'); } This way, if $_FILES['file']['type'] is one of the three the IF will fail, as expected.

if ($ibforums->input['display1'] == 0 OR $ibforums->input['display1'] == 1){ When using logical operators in an if statement you have to use the whole condition again.

The only problem with this is that if you display the data back into a textarea, you will have to convert the <br />'s back into newlines otherwise you will have a bunch of <br />'s in your textarea. So you can either do that, or use nl2br() on output instead of input.

yes, you will need the PDO driver for prepared statements if you choose to go that route, depending on what PHP version you are running, you may or may not have the driver installed/enabled. Or mysqli.

If you are using PHPMyAdmin you simply need to change the table/column Collation to something like utf8_general_ci or utf8_unicode_ci

Maybe you should have a look at http://www.phpfreaks.com/tutorial/basic-pagination

Use prepared statements (preferred) or escape it like AyKay said.

You almost had it. <a href="<?php echo $number; ?>"><?php echo $number; ?></a>

Something like: $result = mysql_query("SELECT COUNT(page123) FROM products"); list($count) = mysql_fetch_row($result); for($i = 1; $i <= $count; $i++) { echo $i . ' '; }

That's what I figured. That's not how it works. You need to load the page through the Apache server by accessing the server through a web browser.

No, those errors shouldn't affect code execution. What was your problem with mail()? If that wasn't working then perhaps the same issue is preventing this from working.

Haha, good point - I totally over looked that...

I'm a little unsure what you mean by "share" and "map" it. Are you trying to directly access the PHP file in a network folder? You need to browse to the file in a web browser, with the server's IP or domain. Like http://1.2.3.4/script.php If you only want to allow certain people from viewing it you could use Apache's mod_access for that. To do that you need to create an .htaccess file in the docroot of your server with this code: Order Deny,Allow Deny from all Allow from 1.1.1.1 2.2.2.2 3.3.3.3 Change the IP's to the ones you want to view the website, separated by spaces.

It seems to be an issue with Mail. You can hide the error with error_reporting(E_ALL ^ E_STRICT);

I think it is you who doesn't get it. The included file has the same variable scope, thus you don't need to pass a GET to it... just use the variable itself. process.php $ID = $_GET['ID']; include ("Page.php"); Page.php echo $ID;

It's because the query failed, so $insert_status is false. Your query needs to be insert into ... values ... instead of insert into ... value ...

I don't really understand what you are asking. Can you show some code or a screenshot or something and explain in more detail?

I'm going to assume you fixed this, since I don't see any issue with the footer.