obsidian

It closes out the PHP tags of the executing script so that the included script doesn't throw a parse error. If your eval'd script doesn't have PHP tags around it, it is not needed.

When you are intentionally executing code that someone else has written, this is a perfect use for the eval() function. We have to do the same thing for our internal CMS at work, and you will find yourself using eval() quite a bit within a full CMS. Now, keep in mind that you have to do some extensive checking for security measures, too, or they will be able to run any script they can write. If you have them on their own server, this won't be as big a deal, though. <?php $txt = file_get_contents('hello.php'); eval('?>' . $txt); ?>

There is really not too much to critique from the design perspective. I think the banner needs some help. The gradient on your navigation really doesn't seem to emphasize the design, and it definitely doesn't serve to separate your navigation from the rest of the header. Typically speaking, you only want to use images for navigation when you are doing some sort of effect with it. Otherwise, it's really a waste of resources. For what you are doing, plain text in the navigation will work just fine. The text on the page is big, too. I would definitely shrink down text sizing a bit. Also, it's a bit odd that your "Credentials" heading is indented a tad while your "Information about you" is not. Overall, it's clean, but there is nothing that would really catch my eye and make me want to spend time on the site. A little more color (or better use of it, maybe) or an image or two may really be able to spice up a design.

Here's one more idea for you: <?php $banners = array( 'home' => 'image1.jpg', 'about' => 'image2.jpg', 'contact' => 'image3.jpg' ); $page = isset($_GET['page']) ? $_GET['page'] : 'home'; // default to home page echo "<img src=\"{$banners[$page]}\" />"; ?>

Out of curiosity, did you see my previous post? Sessions is not a horrible way to go, but I didn't see any reference to my code, so I wasn't sure if you saw it at all.

My bad. I took a cursory glance at it, and I misinterpreted what it was you are doing. I would just do the same check on the $titlereplace location before you try to write it. Also, the user executing the script has to have write access to the directory on the server. Check the location to which you are writing the directory as well for user permissions.

This is the line of the script that actually calls the movement function: setTimeout('lefttime=setInterval("scrollmarquee()",30)', delayb4scroll) The 30 is the number of milliseconds between the animation calls. You need to increase the number of milliseconds to slow it down. Bump it up to 100, 200, etc until you get the desired effect.

If you want to see if your arrays have values assigned to them, you can just do a count on them: <?php if (isset($result) && count($result) > 0) { // process result } ?>

I'm with revraz on this one. I would store a table of "naughty" usernames with a count and timestamp of attempts. If there have been X number of minutes from the last attempt, delete the record, but if there have been 3 wrong attempts in the last X number of minutes, they cannot attempt again until the time has expired.

You also need to check your PHP max upload size and max execution time to be sure your script can handle the larger loads.

You are trying to write to the /includes directory off the doc root, so you need to be sure that directory exists before you write to it: <?php $dir = $_SERVER['DOCUMENT_ROOT'] . '/includes/'; if (!file_exists($dir)) { if (FALSE === mkdir($dir, 0775)) { die('Could not create directory!'); } } // Directory is now created, so move your file ?>

Yes, when your page refreshes, you lose the value of your $order_by variable. I wold recommend something like this to pass both the sort column and the order by: <?php $sort = isset($_GET['sort']) ? $_GET['sort'] : 'un'; // default to whatever column $ord = isset($_GET['ord']) && in_array($_GET['ord'], array('ASC', 'DESC')) ? $_GET['ord'] : 'ASC'; switch ($sort) { case 'un': $col = 'predictions.username'; break; } $q = "SELECT * FROM table_name ORDER BY $col $ord"; ?> Hope that helps.

The best way to handle specific errors is to use PHP5 and take advantage of Exception handling. This makes your life incredibly easier. Here is a very simplistic example of error handling to do what you are after: <?php /** * Define your DBException class to trap DB errors */ class DBException extends Exception {} try { if (mysql_connect(/* your connection info */) === FALSE) { throw new DBException('connection_error.php'); } } catch (DBException $e) { $file = $e->getMessage(); header("Location: $file"); exit; } catch (Exception $e) { die('Unexpected error encountered: ' . $e->getMessage()); } ?> Of course, a much better way to handle things would be to assign the error numbers to anything you wish and handle all the exceptions by error number rather than passing the filename through the message string, but this at least gives you the principle of exception handling.

Same here, thus the comment in my code "...continue script"

You can just match from the ending anchor: <?php if (preg_match('/([\d]+)\.[a-z]{3,4}$/', $url, $match)) { echo "Number is $match[1]"; } ?>

First off, I would recommend to write a true resize where you resize the image itself using the GD library. This will help with both page load time as well as the resolution of the resized image. Secondly, there really is no reason to do the resize() method recursively. If your width is over the limit, just replace the width with the limit and then ratio the height to match: <?php function resize($width, $height, $width_limit) { if ($width > $width_limit) { $ratio = $width_limit / $width; $width = $width_limit; $height = round($height * $ratio); } // ...continue script } ?>

Also, you want to validate your post values, even when coming from a select box. I was able to change the post values and enter a rating other than the typical (positive, negative or neutral): http://deazys-services.com/_coding_/ebay_feedback/seller.php?id=asd

It sounds as though your $seller variable doesn't really contain the data you are expecting. You are assigning the data from $_POST['seller'], but are you positive that the post variable is being set as intended? Try echoing out your query strings before actually executing them. Once you are sure they reflect what you are after, you can execute them successfully.

One other note, when you pull quoted text out of the database for output, you may want to consider the htmlentities() function with the ENT_QUOTES flag set to be sure that you don't open yourself up to XSS as well.

Well, there are a couple options. If you want your server to not parse the code, just change the extension to one that is not recognized as PHP, but if you are wanting to actually display the contents of a file as code, try looking at the highlight_file() and highlight_string() methods.

Agreed with the suggested method, and I would add to the second issue the idea to have an auto timeout or logout if the user has no activity for X number of minutes. So, log their actions, and if the user has not had any action in 10 minutes (or whatever), just auto log them out and allow another user to have access.

You can insert into the second table via a select on the first (http://dev.mysql.com/doc/refman/5.1/en/ansi-diff-select-into-table.html): INSERT INTO purchase_table p (model_no, model_name, qty) SELECT i.model_no, i.model_name, i.qty FROM inventory_table i;

MySql is notorious (possibly too strong a word) for not always using the index that you would want, if it thinks there is a more optimal one to use. If you know the name of the index you wish to use on a specific query, you can always use FORCE INDEX to specify the one you want. http://dev.mysql.com/doc/refman/5.1/en/index-hints.html

We're not in the business of writing systems for people entirely: that is what the freelancing section is for. If you have specific questions regarding the direction to head or clarification on some code with which you are struggling, feel free to request assistance, but this is not the section to inquire about someone providing your full schema and/or code for you.

Just a quick note about your second sample... According to the PHP Manual for number_format(), the method must be called with either 1, 2 or 4 parameters, not 3. So, if you want your second example, you must provide the number of decimal places as your second argument as well: <?php echo number_format($nr, 2, '.', ','); ?>