scootstah

The problem is that you are using some other kind of apostrophe and not a back-tick. This is correct: $query = mysql_query("SELECT COUNT(`user_id`) FROM `users_vu` WHERE `email` = '$email'");

That's not encryption and is just as easy to see as plain text. I don't think there's a lot of merit for doing something like this. Your users are stupid to begin with to disclose sensitive information in a random website. Plus if you're not using SSL it's rather pointless. But since you asked, you can do it with the mcrypt library. http://www.php.net/manual/en/function.mcrypt-encrypt.php

Whoops, I must have been spacing when I wrote that. Here, try this instead: if (empty($name) || empty($surname) || empty($age) || empty($weeks))

Run a trim for all $_POST values and then see if they are empty. $_POST = array_map('trim', $_POST); $name=$_POST["name"]; $surname=$_POST["surname"]; $age=$_POST["age"]; $weeks=$_POST["weeks"]; if (!empty($name) && !empty($surname) && !empty($age) && !empty($weeks)) { // something is empty } EDIT: Also, is that really something you need to log?

I assume you are using CodeIgniter? $this->input->post() returns a boolean (FALSE) if the item is not found, so you can't use isset.

Okay, then you need to do something like foreach ($this->input->post('recipient[]') AS $recipient) { if (!$this->users->getUserByUserID($recipient)) { $outputArray['message'] = 'One or more of the recipients could not be found in the database!'; } } There's a big problem with this though in that you will have a whole bunch of queries. A better way would be to pass an array to a method that checks for all of the recipients all at once.

mysql_insert_id

Yes. Though I think your logic is off a little. I don't think $recipient is ever going to be false. Can you show me the getUserByUserId() method?

$recipient is only going to be equal to the last iteration of the foreach loop. You need to do the check inside the foreach loop to check each item.

http://www.jplayer.org/ is pretty nice.

And this is not hard coded?

You can use the following .htaccess to prevent PHP from executing: RemoveHandler .php .phtml .php3 RemoveType .php .phtml .php3 php_flag engine off AddType text/plain .pl .cgi .php Options -Indexes -ExecCGI

I guess I don't see any benefit to this over using plain HTML. Also, no support for any attributes?

An IP check is too unspecific. There's a lot of circumstances where two users will have the same IP. Aside from that, some user's IP changes frequently. You would probably track the current session and their last login time.

copy

It just requires that you have a way to reference both tables. For example your sales.productcode references products.id Not necessarily. It really depends what kind of data you need. Usually you use JOINs, but in this case you needed a subquery to gather the number of sales for a particular year. If we only used a JOIN in this case, it would result in all the rows for the sales being returned. It would be like, ID | Name | Year ------------------ 1 | Soda | 2012 NULL | NULL | 2012 NULL | NULL | 2012 NULL | NULL | 2012 You'd then have to count the number of sales in PHP which is unnecessary. Instead, with a subquery, we can get just one row per product showing the number of sales. Something like ID | Name | Year | num_sales ------------------------------ 1 | Soda | 2012 | 4 Hope that makes sense.

I haven't tested this so it may or may not work, give it a go. SELECT ID AS prod_id, Name, (SELECT COUNT(*) FROM Sales WHERE ProductCode=prod_id AND Year='$year') AS num_sales FROM Products; It should give you a row "num_sales" with the number of sales for each product and the desired year.

You need to use JOINs. Post your table layouts and I can help you more. Run this query for each table and post the results: SHOW CREATE TABLE tablename;

So download SMF and start reading.

As a result, would the \ be inserted into the salt value in the database as well? Fail Meh. Like I said, it's been a long time since I've worked that way. I remember having to stripslashes data from a database at one point... must have been for some other reason.

Have you tried an IDE? I used to think a simple text editor was all I needed too, but then I tried an IDE. The only time I use a regular text editor now is just for real quick edits, or stuff that I don't want to make into a project in my IDE. IDE's tend to get in my way. Yeah, that's how I felt too. I have my Eclipse setup to be pretty minimal though. For example, the annoying help box that pops up with every keystroke is disabled. It only pops up if I want it to by hitting ctrl+space. Most of the time it is unneeded, though sometimes I need it to remember which order parameters go in in a function (since PHP seems to make that as illogical as possible). I mostly like it for automatic bracket/quote closing. I like the way Eclipse auto-indents too. It may seem silly but some editors have shoddy auto-indenting. Anyway, I like Eclipse because it gives me some of the advantages of an IDE but it doesn't hold my hand.

Hmm, perhaps it does not then, I thought it did. I've used only prepared statements for a long time. *shrug*

Use prepared statements. Why exactly do you need quotes in your salt?

Yes.

What exactly are you trying to do? Using globals is doing it wrong.