ToonMariner

Just on this line.... echo "<option value=\"<a href=\'http:". $urls[$i]. "'". "</a>\""; change to... echo "<option value=\"<a href=\'http:". $urls[$i]. "'>" . $options[$i] . "</a>\"";

Now not wanting to disappoint BUT is the only difference that '01' changes to '02' and '_SS500_SC' and '_V1124758743_'? basically you need to match patterns. If the above were true then something like.... $lookfor = array('/\.01\._SS500_SC/' ,  '/_V(.)*_/'); $replace = array('.02.' ,  ''); $new = preg_replace( $lookfor, $replace ,$old); see if that fits the bill.

you can use $_SERVER[HTTP_REFERER'] to get the url of the last page but this is not always sent by the client! you could indeed use js - not knwoing the answer but imagine it would be something to do with the history object.... sure someone will enlighten us both on that one though...

Quite simply you have set the expire time on your cookie to -1 second ergo the cookie will be deleted immediately... set it to something useful like 3600 * 24 * 28 (4 weeks). PS This is my take on cookies --- i have seen many people use set cokkie several times in one script asigining new cookie name each time. I personnally only ever set one cookie (if at all) and use a delimiter to separate the value. This means only one cookie header is sent and all the information is still available. I have never looked at the efficiency of multiple cookies versus delimited ones - hopefully someone will add their comment and the matter.

try this: [code] <?php //search for cat results only $querycategory="SELECT * FROM prods_to_cats WHERE category_id='$cat'"; $categoryresult=mysql_query($querycategory, $dbh); if (mysql_num_rows($categoryresult) == 0) { exit("<p>I'm sorry, your search returned zero (0) results."); } else { while ($categoryrow= mysql_fetch_array($categoryresult)) {   $itemid=$categoryrow['id'];   $querycat="SELECT * FROM product WHERE id='$itemid' AND close_out='1' ORDER BY product_id ASC";   $catresult = mysql_query($querycat, $dbh);   // now you can display the results returned   while ($row= mysql_fetch_array($catresult)) {   $title = $row["product_id"];   $item = $row["id"];   $image = $row["image"];   $descrip = $row["title"];   $stockstatus = $row["stat"];   $msrp = $row["regular_price"];   $close = $row["close_out"];   if($stockstatus=='IN STOCK')   {     $stockstatus="<font color=#009933>IN STOCK</font>";   }   else   {     $stockstatus="<font color=#FF0000>OUT OF STOCK</font>";   }   if($close=='1')   {     $gooddeal="<font color=#FF0000>CLOSE OUT!!</font>";   }   else   {     $gooddeal="";   }   echo "$count.)&nbsp;<table border=0><tr><td><a href='http://www.watchesandthings.com/files/$image'><img src='http://www.watchesandthings.com/files/thumbnails/$image' width=70 height=100 border=0>[/url]</td><td>$title  $descrip MSRP $$msrp $stockstatus    $gooddeal</td></tr></table>" ;   } }    //end of outer while } ?> [/code]

the if statement is at the top so that if someone has put some data in, it is updated in the database BEFORE you go and check if there is any free space. If they filled it up and you did the update AFTER the query to check if there is any space then they would still be given the form to buld more stuff.. Correct ? : is shorthand for if else statement so that line says if $_POST['farm'] is greater than 0 $farm = $_POST['farm'] else $farm = 0 and your last one is correct - you simply insert variables into your string to update the database.

Stop highlighting my inadequacies!!!!!! and yes i normally use fetch_assoc but could be arsed guessing if the field names were correct or not so just went on the old numeric index.

You're a gentleman and a scholar.... cheers mate.

OK couple of fixes first.... <?php //buildings.php //open database connections require_once('db.php'); if ($_POST['farm'] || $_POST['house'] || $_POST['mine']) { $farm = $_POST['farm'] > 0 ? $_POST['farm'] : 0; $house = $_POST['house'] > 0 ? $_POST['house'] : 0; $mine = $_POST['mine'] > 0 ? $_POST['mine'] : 0; $qry = "update buildings set nfarms = nfarms + " . $farm . ", nhouse = nhouse + " . $house . ", nfarm  = nfarm +  " . $farm . ""; $qry = mysql_query($qry); } //define planet size define("TLAND", 200); //get current number of buildings $qry="select nfarms,nhomes,nmines from buildings"; $qry = mysql_query($qry); $row = mysql_fetch_row($nf); $nf = $row[0]; $nh = $row[1]; $nm = $[2]; //check for free land sapce $fland = ((TLAND) - ($nf+$nh+$nm)); //output current data echo "Total land: " . TLAND; echo "Free land: " . $fland; echo "Number of Farms: " . $nf; echo "Number of Homes: " . $nh; echo "Number of Mines: " . $nm; //allow building form if ($fland>0) { ?> <form action="<?=$_SERVER['PHP_SELF']?>" method="post"> <input size="4" type="text" name="farm"> <input size="4" type="text" name="house"> <input size="4" type="text" name='mine'> <input type="submit" name="submit" value="Build"> <?php } else { echo "No free land to build upon"; } ?> try that...

Sure this is easy BUT i just can't find the solution. OK i have 2 arrays. arr1 = 5,7,1,4,6,3,2; arr2 = 3,5,4,7; I want to use the order of values in arr1 to sort the order of arr2. the result would yield:- arr2 = 5,7,4,3 any help appreciated - and I'm sure I will be wearing a dunce hat when someone shows how simple it is!!!!! Brain just not working today....

mysql_insert_id();

you have not submitted the query prior to calling the insert id!!!! [code]$query = "INSERT INTO cms_stories(section,added_by,headline,byline_name,appeared,published,opening,body_text,quote,term_one,term_two,term_three,term_four,notes) VALUES     ('$section','$added_by','$headline','$byline_name','$appeared','$published','$opening','$body_text','$quote','$term_one','$term_two','$term_three','$term_four','$notes')";     $story_id=mysql_insert_id();[/code] cahneg to: [code]$query = "INSERT INTO cms_stories(section,added_by,headline,byline_name,appeared,published,opening,body_text,quote,term_one,term_two,term_three,term_four,notes) VALUES     ('$section','$added_by','$headline','$byline_name','$appeared','$published','$opening','$body_text','$quote','$term_one','$term_two','$term_three','$term_four','$notes')"; $query = mysql_query($query);     $story_id=mysql_insert_id();[/code]

You seem to be missing the idea behind primary keys - they are primarily there to identfy a unique record. You don't need to do anything with them as the database does that itself. If you try to do what you have suggested and have more than 1 admin then the database would NEVER let you have 2 primary key values of 0 - it couldn't be a key then! You are better off adding a field to the table indicating the users permissions level....

you can just use a preg_match!!!!! <?php $username = $_POST['regusername']; $password = "/".$_POST['regpassword']."/"; if (preg_match($username,$password)) { //deny completeion of registration... } else { // carry on... } ?>

well in that case the only vunerability is the include $page bit. Say soneone had a page they had written to send out mass e-mails and it was located here: http://www.dodgeysite.com/email.php they could use your page to exploit that by simply setting page=http://www.dodgeysite.com/email.php in the url. On my sites i always use a control on includes that are driven by the users input. my includes always look like include($_SERVER['DOCUMENT_ROOT'] . $page); that way the file being included MUST reside on your domain.

would need to see the code for generating the e-malis, how the user submits the content for the e-mail and any associated login stuff (like if the user must be logged in and a session is created.). The only thing I could suggest in this little lot is this. record the ip address the request originated from and store this in the database along with the time of the request.  Each time the script runs it should check the ip address against the database and if there is not sufficient time between the last e-mail and now - deny the request. I think a 10 minutes interval would be sufficient.....

A million and one ways to do it........... perhaps you should put this in the freelancer pages - if its for a comapny someone will want a piece of pie! ;)

Can you show the html for the form please. also.... are you defining $User_Name = $_POST['User_Name'] if not then it would look like you are relying on register globals being ON and it is now defualt to OFF (the correct settng IMO). you could try this..... $User_SQL = "SELECT `User_Name`, `Password` FROM Table_1 WHERE User_Name = '" . $_POST['User_Name'] ."' "; $User_SQL = mysql_query($User_SQL);

you will have to read the contents of the file with file_get_contents in order to use the contents as a variable (if you have older versions of php then you will need fopen, fread and fclose - read the manual on file_get_contents). imply including a file means that file is trated as part of the script (note php automatically breaks out so if it were a snippett of code you would need to start with <?php in the include file!).

its not weak at all! that expression is doing exactly as it is told!!! ;) what you have said in the regex is match any string where first 7 chars are alphanumeric follwoed by any numer of numbers follwed by anynumber of alphanumeric characters. the first string you have is abcdefg5hi abcdefg - 7 alphanumeric 5 - any number of numers hi - any number of alphanumeric. your second string is 1234567T890 1234567 - 7 alphanumeric T - FAILS HERE AS THIS IS NOT A NUMBER! 90 - any number of numbers those are two completely different patterns that you are trying to match. come back with a explanation of what you're trying to achieve......

I can't see why you would need to do any pattern matching on this... eval should work fine with breaking out of php. also itr is recommended that you do not use the short hand tags - use <?php instead!!!

First off I would alter your include to require_once. Secondly the error you are getting suggests you are calling a method from a class that has not been instantiated. Some where in your code you are missing $class = new classname; (replace these with your own names of vars and classes.)

OK this is how i would do it.... [code] <?php // create a comma separated string of ranks to display. $ranks = "3,4,5"; $qry = "SELECT * from `users` WHERE `uRank` IN (" . $ranks . ") ORDER BY `username` ASC"; $qry = mysql_query($qry); ?> <ul> <?php while ($row = mysql_fetch_assoc($qry) ) { ?> <li><?php echo $row['username']; ?></li> <?php } ?> </ul> <?php [/code] Now you can put all the html to control the look around the echo statement.. I have used a list but if you are displying other information associated with that user then a table would be appropriate.

The same way you get teh values of other form elements. The variable rc will be passed in the $_POST or $_GET array depending on which method you use to submit the form. If you are trying to retrieve it in that manner now and not getting anything try replacing <?=$rcid;?> with <?php echo $rcid; ?> I know its longer but I hate shorthand php ;) If that is still failing make sure rcid is set - you can do that quickly by changing type from hidden to text and see if it has an initial value.

You chappy has used the timestamp - my choice for date/time too (well untill 2038 anyway!) A timestamp is the number of seconds since 1 Jan 1970 (or something like that) I find it nice and easy in terms of storage and date/time manipulation (apart from birthdays when many are outside the supported time window).