scootstah

So what's the error?

I don't know what "that" is. But your error came from the SSI.php file. And considering that code is requiring the SSI.php file, I'm going to say that's not it.

Agreed. Even though Smarty is big and clunky, it still converts its templating language into raw PHP, which is a lot faster than processing all that stuff every page load.

Can you show more code or explain what you're trying to do?

In there.

__set() is used to assign class variables that don't exist. Likewise, __get() is used to return class variables that don't exist. You can see some examples on the php manual. http://www.php.net/manual/en/language.oop5.overloading.php#language.oop5.overloading.members And to see all magic methods: http://www.php.net/manual/en/language.oop5.magic.php

Is listimages' id auto_increment, or is it added via mysql_insert_id when a listing is added? If it is auto_increment then you need to make another column in listings with an image id, then join on that instead of the listings id.

Make the data into an array, then use asort() to sort it low-to-high, then use end() to get the last item in the array. $array = range(1 ,997); asort($array); echo end($array);

You should use fgets() with some regular expressions. Should git'r'done.

Then no, there is no alternative. Of course, you could always set up a cron on your own machine to hit the website every minute.

So then you need to add a time to your SESSION that you set when they login. $_SESSION['login_time'] = time(); So then just compare time if ($_SESSION['login_time'] < strtotime('-15 minutes')) { session_destroy(); }

You're a looking for a magical "do this and forget about it" solution for sanitizing. One simply does not exist. You need to sanitize on a per-use basis. That's just the way it is. There are libraries and such that make this process easier, but you still need to do it on a per-use basis. Every specific piece of data that comes into your app needs to be checked that it matches what it should be. For example if someone is putting in a username, it probably doesn't need to contain HTML so strip any of that away. Then if that same someone puts in a forum post, you may want it to contain HTML - so now you can't strip it away. If you used the exact same sanitation routine than the HTML would also be stripped from the forum post, which isn't what you wanted. This is why there can't be a standard, or a magical one-use function. It's just too specific.

$str = str_replace("\n", "", $str);

Don't store dates like that. Either use MySQL DATETIME or PHP time().

What do you mean it would yield unexpected results? Well, that function offers no control. It simply sanitizes everything in the same way. If, for example, you ever wanted to save data to the database without losing any HTML then you couldn't use this function because of its HTML sanitation. I thought the code was meant to keep from code from being interjected to keep hackers from destroying the database or server. This is SQL injection. It is covered by mysql_real_escape_string() (or if you use prepared statements then you don't have to worry about it). HTML is a different. It isn't going to harm the database. What it may harm is individual users that view it after it is outputted, so this is why you may want to sanitize on output if you want to show HTML.

Maybe you should look into SVN or Git.

Yeah, that's right.

The MySQL is just an array, the same as any other PHP array. Show me what a print_r($row) returns please.

That is a disturbing amount of loops within loops within loops o.O

Have you tried it without the http:// in the url?

According to the spec, quotes are optional. doubledee, try looking at the page source and seeing what the URL actually is. This should be able to tell you why it's not working.

Try this } else if (!isset($_SESSION['loggedin'])) { /* echo login form here*/ //This is the code for the Log in Form echo'<div id="join"> <a href="spartacus_joinsite.php">{ JOIN! }</a><br /> </div> <div class="signin"> <div id="titles"> { SIGN IN } </div><br /> <form method="post" action="spartacus_home.php"> <table> <tr><td> Username: <input type="text" name="username" /> </td></tr> <tr><td> Password: <input type="password" name="userpassword"/> </td></tr> <tr><td> <input class="submit" name="loginsubmit" type="submit" /> </tr></td> </table> </form> </div>'; }

Why not just do $this->var?

What do you mean it would yield unexpected results? Well, that function offers no control. It simply sanitizes everything in the same way. If, for example, you ever wanted to save data to the database without losing any HTML then you couldn't use this function because of its HTML sanitation.

Oh. Well then just set $enemy to $row. $enemy = $row; If that doesn't work then I guess I am misunderstanding what you want to do.