ToonMariner

there are many issues - is your database secure, are your queries open to injection, do you use user submitted data to include files... there isn't enough time in the day to discuss every potential security flaw and how to best protect your site - you will have to keep good backs - log what people are doing and what they are submitting to your site and monitor - if you identify a problem see how it happened and plug that hole.

you can put multiple vars inside the isset construct... if(isset($foo,$bar,$x)) { ...yourcode if they are all set }

<?php if ($username != $profilesname) echo { '<div align=\"center\"><a href=\"http://www.runningprofiles.com/members/include/friendrequest.php?username=$profilename\" onclick=\"popUp(this.href,\'console\',200,500);return false;\" target=\"_blank\">Add to frinds list</a></div>';?> you are right in that javascript should control new winows but try and keep javascript code out of your markup.. <?php if ($username != $profilesname) echo { '<div align=\"center\"><a href=\"http://www.runningprofiles.com/members/include/friendrequest.php?username=$profilename\" class="popup">Add to frinds list</a></div>';?> would be a better solution with the following javascript.. $("a.popup").click(function{window.open($(this).attribute("href")); return false;} // jquery // non jquery solution. function popUps() { var links = document.getElementsByTagName('a'); for(var i = 0; i < links.length; i++) { if (links[i].className && links[i].className == 'popup') { links[i].onclick = function () { window.open(this.href); return false; } } } window.onload = popUps;

i know mate!!! - pot to kettle and all that

I'm telling you

yes

touche... lol - i was actually looking for the server settings - thought you could choose which character replaces ' ' - too many times i see it use %20 funnily enough thats the way to go as in this case each and every response is pointless!!! you need to submit the form with the get method for any search functionality worth its salt (want to be able to save searches) therefore you won't even get the chance to convert the search string until its received on the next page...

lol my regex crapness once more!!!! $txt = preg_replace('/\[url\](.*)?\[\/url\]/', '<a href="$1">$1</a>', $txt); see if that works - i'm not on form today - sorry.

<?php ini_set("display_errors","1"); ERROR_REPORTING(E_ALL); session_start(); $con = mysql_connect("localhost","uname","pw") or die('Could not connect: ' . mysql_error()); mysql_select_db("DB", $con); // Same checking stuff all over again. if(isset($_POST['submit'])) { if(empty($_POST['username']) || empty($_POST['pwid']) ) { echo "Sorry, you have to fill in both your name, username and password"; exit; } // Create the variables again. $username = mysql_real_escape_string($_POST['username']); $pwid = $_POST['pwid']; // Encrypt the password again with the md5 hash. // This way the password is now the same as the password inside the database. $pwid = md5($pwid); // Store the SQL query inside a variable. // ONLY the username you have filled in is retrieved from the database. $query = "SELECT username,pwid FROM roster WHERE password = '$pwid' AND username='$username'"; $result = mysql_query($query); if(!$result) { // Gives an error if the username given does not exist. // or if something else is wrong. echo "The query failed " . mysql_error(); exit(); /* this would benefit from a redirect to a page giving better information to the user and maybe logging some errors. */ } else { // Now create an object from the data you've retrieved. $row = mysql_fetch_object($result); // You've now created an object containing the data. // You can call data by using -> after $row. // For example now the password is checked if they're equal. // By storing data inside the $_SESSION superglobal, // you stay logged in until you close your browser. $_SESSION['username'] = $username; $_SESSION['sid'] = session_id(); // Make it more secure by storing the user's IP address. $_SESSION['ip'] = $_SERVER['REMOTE_ADDR']; // Now give the success message. // $_SESSION['username'] should print out your username. //move this to after your redirect further below.. } } // Start a session. If not logged in will be redirected back to login screen. if(!isset($_SESSION['username'])){ header("Location:ExamLogin.php"); exit; } echo "<h3>Welcome! You are now logged in " . $_SESSION['username'] . "</h3>"; echo "<a href="logout.php">Logout</a>"; ?>

$str = '3278 Blue Jay dr, scottsdale AZ 44559'; $str = preg_replace('/\s+/','+',$str);

me again - must slow down today... $txt = preg_replace('/\[url\](.)*?\[\/url\]/', '<a href="$1">$1</a>', $txt);

session start must be the first line in your code (it has to come beofre you can do anything with sessions so it common to put this line in first to avoid any confusion). you don't appear to be checking the password and that code is open to sql injection attacks. headers already sent is because you have outputted some html before you you try the redirect. you cannot start output (even whitespace) before sending headers unless you use output buffering...

guys - use the native functionality - its much more efficient. looping over a string based on its length to 'split' it is what str_split does. the code is simpler (easier to manage) and far less work to achieve the same goals.

you don't. http://www.alistapart.com/articles/succeed - try using this instead - it will alow you code to take the url and do with it what ever you want...

if that conditional is at the top of each page then it will always evaluate to true. so even if you have entered your details that redirect will occur long before you get to the code that checks if your details and sets the session.

my bad... try this <?php $txt = preg_replace('/[url](.)*?[/url]', '<a href="$1">$1</a>', $txt); ?>

<?php $str = "Hello twitter"; $str = ":" . implode('::',str_split($str)) . ":"; echo $str; ?> that should give you: :h::e::l::l::: ::t::t::w::i::t::t::e::r:

$txt = str_replace("(.)*?", "<a href="$1">$1</a>", $txt);

document.write is not the way to do this......... you have the DOM so use it.

@corbin???? you can do' anything' with jQuery

what does the body tag have to clear???

you need to use the dom to to tell it where to insert the new node you created... so for your script... <script type="text/javascript" id="addP"> var p = document.createElement("p"); p.appendChild(document.createTextNode("This is a paragraph.")); document.getElementById('addP').insertbefore(p); </script> there is no native insertafter method in javascript or at least as far as I am aware but as this is a script tag it doesn't really matter....

no its just a simple case of making the title a link to the page that shows the article.

if you use jquery (if you don't you should!) http://docs.jquery.com/Events/load#fn... $('table').load(function(){ ... }; ); obviously that would run on ALL tables in your page so you can make it more specific with a class or id or what ever you choose..

try readonly="readonly" - should be posted but still sent with headers - thats if the info needs to be visible in the form - if not then the hidden field is best.