phporcaffeine

The first way you had it is a simple as logic would allow. The other option is to redesign the way the whole thing is working. For instance, if $a is a GLOBAL then could you put code inside of "do y;" that will determine if $a is false and if $a is true it will just return null. Then you can execute "do y;" at a more 'code convenient' time. That would at least take the "do y;" argument out of the original condition. Depending on how your script works and what the functions do that may not work though. Regardless, look at your script through different lenses like that and you may figure out different ways of doing it.

Assuming a linux distro ... In the case of a root kit, what typically happens is an attacker uploads 'something' to the web server that is seemingly harmless by itself. Within the file that the attacker uploaded however, is a set of instructions to download binary files from somewhere else on the internet using something like curl or wget. Those binary files get downloaded and then escalate their user privileges to root and then start doing some really nasty stuff like messing with your SSH/FTP service ... etc.

if ($a && complexandtimeconsumingfunction()) { do x; } "x" will not fire unless both $a AND complexandtimeconsumingfunction() are/return true ... precluding the fact that $a is true ... which if I understand your post correctly, is what you want? so .... if ($a && complexandtimeconsumingfunction()) { do x; } else { do y; } Or am I missing something?

It isn't so much that the PHP code is different as it is the use of the Structured Query Language is different, in this case you'll need to learn about something called T-SQL. Have a look at: http://www.microsoft.com/Sqlserver/2005/en/us/learning-resources.aspx

Alright, without seeing your code I would say that if a user from the internet actually installed something of the nature that you describe I would say your issue extends far beyond PHP code weaknesses. Personally, I would say the box has probably been rooted (i.e. a root kit was installed) and I would not trust the box at all. I would whack the box and start over. Now a PHP code weakness may have been what allowed the attacker to cause the server to download the root kit mind you. My first recommendation is to stop outbound port 80 from the server. If your app needs outbound 80: (i.e RSS ... etc) then use a proxy like squid or something. The second recommendation is to format the server and build the OS again from scratch. Reinstall your PHP app. As far as code weaknesses go, pay attention to any upload abilities that the script has. Are you properly validating uploads (i.e mime types, expected file sizes, file extensions ... etc).

Bandwidth, Firewall and Server Load Issues are the usual suspects in cases where 'it was working fine but now it isn't'.

<?php $startDate = array('06/30/2009', strtotime('June 30th 2009')); $endDate = array('08/30/2009', strtotime('August 30th 2009')); $inc = $startDate[1]; while ($inc < $endDate[1]) { $inc = $inc + 604800; $options[] = "<option value='" . date('Y/m/d', $inc) . "'>" . date('F jS, Y', $inc) . "</option>"; } ?> <select name='date' id='date'> <option value='<?=$startDate[0];?>'><?=date ('F jS, Y', $startDate[1]);?></option> <?php foreach ($options as $value) { echo $value . "\n"; } ?> <option value='<?=$endDate[0];?>'><?=date ('F jS, Y', $endDate[1]);?></option> </select>

As a possible solution ... Copy the quote character as it appears in the feed ... then in your display script do a str_replace('funnyQuote', '"', $rssFeed) and see if it will hit on the special quote character and replace it with an actual quote character.

liquidkrep, Is this a Joomla CMS?

BTW, you can also use php mysql_fetch_assoc() Versus mysql_fetch_array($result, MYSQL_ASSOC) ... either is fine though. In your example $result would be the resource handle of the query so you couldn't display that. I'm not sure what your asking.

Ha ... I sure did!

You would appear to have it with that. [DEBUG] I would add: OR die(mysql_error()); on the end of your query statement if it doesn't work.

CV, I think the 'at' is part of his database value which is why I went the way I did, so you could explode it prior to fleshing out the timestamp.

please encapsulate your code with the [ code ] [/ code ] tags (no spaces between braces)

If you're unable or not inclined however, I do private consulting. You can reach me through this forum or at http://rthconsultants.com

$dateValueFromOldDatabase = '24th Dec 2009 at 13.19'; $dateAndTime = explode(' at ', $dateValueFromOldDatabase); $newDatabaseDateFormat = mktime(15, 19, 0, 12, 24, 2009);

Have a look at: http://us2.php.net/mktime ... should be what you need for the date conversion from readable to timestamp. Now the DOB will probably have to be done by using a LEFT JOIN to select the values than concatenate them into one string and insert them.

We need to see all of the code please, not just the snippet you think may be relevant.

You may want to look at the actual MTA also. For instance, a default sendmail installation will stamp every outbound header with "Reply-to: machine_cname@machine_ipaddress" and most mail servers will not accept mail that has an invalid reply-to

Louis, PHP's cURL library will allow you to do what you want but requires a learning curve and non-core dependencies which may not be available on 3rd party hosts. Another alternative is to make a POST request with PHP by making a socket connection. You can find a ready made script for this at: http://codetree.rthconsultants.com/2009/07/php-make-a-post-request-to-a-url/

This should work: <?php session_start(); include("connect.php"); $MembersInfo = $_SESSION['membersInfo']; $id = $MembersInfo['id']; $sql="SELECT * FROM gq_answers where userid = '$id' "; $result=mysql_query($sql); $num_rows = mysql_num_rows($result); if ($num_rows >= 1) { header("Location: ../dashboard.php?e=1"); } else { foreach ($_POST as $key => $value) { $tables[] = trim($key); $values[] = mysql_real_escape_string($value); } mysql_query("INSERT INTO gq_answers (" . implode(", ", $tables) . ") VALUES ('" . implode("', '", $values) . "')"); } header("Location: ../dashboard.php"); } ?> Just make sure all the input fields on your form are use the column name in the database as the field's name. Make sure you shift or pop any array elements that don't have table columns too .... like the submit button ... etc.

What is the $b index of the $value array? I don't see where the $b index would be coming from? The $a index is defined in the for loop but $b is not defined. <?php session_start(); include("connect.php"); $MembersInfo = $_SESSION['membersInfo']; $id = $MembersInfo['id']; $sql="SELECT * FROM gq_answers where userid = '$id' "; $result=mysql_query($sql); $num_rows = mysql_num_rows($result); if ($num_rows >= 1) { header("Location: ../dashboard.php?e=1"); } else { foreach ($_POST as $key => $value) { $tables[] = trim($key); $values[] = mysql_real_escape_string($value); } mysql_query("INSERT INTO gq_answers (" . implode(", ", $tables) . ") VALUES ('" . implode("', '", $values) . "')"); } header("Location: ../dashboard.php"); } ?> Just make sure all the input fields on your form are use the column name in the database as the field's name. Make sure you shift or pop any array elements that don't have table columns too .... like the submit button ... etc.

Google "php mysql tabbed results" or "php mysql pagination"

Firstly, in_array() requires at least two parameters. If your looking to find the existence of a string within a string or a 'subString' then try this: <?php $content = 'this is my text'; $patterns = array('html', 'body', 'script', '<script>', '</script>'); foreach ($patterns as $value) { if (strstr($content, $value)) { echo "Found"; } else { echo "Not Found"; } ?>

Your getting into the differences in character sets. You'll have the most difficulty with this when it comes to MySQL. My suggestion is to do an entity translation. I would take the ASCII character from the user input and translate it into the HEX equivalent and then store that into the database as a VARCHAR. Then when you pull it out of the database, translate it into the ASCII equivalent.