benanamen

So you already knew that you are using code that has been obsolete for over ten years? If you already know that why are you using it?

You are using obsolete Mysql code that will not work at all in the latest version of Php. You need to use PDO with prepared statements. It has been obsolete for over ten years now.

Storage. Also what would be the considerations between sending data as UTF-16 vs UTF-8?

What have you tried?

I just looked at an OpenCart DB I have on the server and it does indeed store the total in the order table. Thanks for the feedback.

@Jacques1, I see that you are setting the charset in the connection. Per the manual: Ideally a proper character set will be set at the server level http://php.net/manual/en/mysqlinfo.concepts.charset.php The manual continues that doing it that way is an alternative. The DB is where I have always set it. What can you tell me about this?

* Edit: Never mind. Long day.

SELECT * FROM your_table WHERE timestampdiff(minute, timestamp_column, Now()) > 20

One if the most important things is that passwords, rather, password hashes are properly created and stored in the DB as such. A forgot password is really a password reset since there is no way of knowing what the password is. Never ever store a password as plain text. If you are current on your PHP version >=5.50 you can use password_hash and password-verify Search this forum. Excellent answers to this question have already been posted.

@Psycho, I was just thinking, if you are using real time credit card processing, at some point you are going to have to pass the total value to the third party processor such as paypal or authorizenet. How do you propose to do that without the total being $_POST'd from a hidden field or where ever?

Post an sql dump of your database.

You are using obsolete MySQL code that will not work at all in the latest version of PHP. You need to use PDO with prepared statements.

I have had to tell people about the empty action not being spec so many times I am actually burned out on that subject. People don't seem to grasp that things change when versions change and what was once OK may not be anymore.

@Jacques1, "Survive The Deep End" is a great read.

You know, sometimes that happens when you start posting before you had your morning coffee. Admittedly, since the OP provided literally no information I just kinda threw that out there. * Even a bad example is still an example. (Of how not to do something) Lets fix this with the right info on the subject. https://www.owasp.org/index.php/Web_Parameter_Tampering Video Explaining: https://www.youtube.com/watch?v=l5LCDEDn7FY&hd=1

Still makes no sense. You are doing something wrong. And why couldn't you? You haven't shown your code, but you should be able to pass it using a hidden field. <input type="hidden" name="order_total" value="where_ever_total_comes_from">

First off, you never send user supplied data directly to the database. Second, the parenthesis around the variables are not needed. If you turned on error reporting you would know what the problems are.

The mcrypt link is actually http://php.net/manual/en/function.mcrypt-create-iv.php

You dont use var_dump as part of your code. That is for debugging. Per the manual: var_dump — Dumps information about a variable $email = 'email@email.com'; echo $key = sha1($email.'my_super_duper_secret_sauce_here'.microtime()); // YOU HAVE TO DO THIS IN THE BROWSER. You also need to save the key to a DB. The key constantly changes so you cant compare what is generated directly. It will NEVER match. //https://www.mysite.com?k=0281cdeb4fa63c4ca087e8052b0c1685fc0a51e6 if ($key_from_db==$_GET['k']){ echo 'Match'; } else { echo 'No Match'; }

<?php $customers = array( array( 'Name' => "Bob", 'id' => 5, 'date' => '17/10/1015' ), array( 'Name' => "Jim", 'id' => 8, 'Date' => '02/04/2010' ), array( 'Name' => "Sally", 'id' => 3, 'Date' => '09/12/2013' ) ); foreach ($customers as $key => $value) { foreach ($value as $k => $v) { echo "$k = $v\n"; } } ?> Is it any good? It is if you need it.

UPDATE [table_name] SET [column_name] = (SELECT [column_name] FROM [table_name] WHERE [column_name] = [value]) WHERE [column_name] = [value];

Whats with all the selects? Your logic is very bad. Also, you don't put spaces in form/variable names and they should always be lowercase. At least your using PDO so thats a good start.

Ahhh, very clever Barand. Good one. If you don't need to know the card color, the card array is not even needed.

One other important benefit is you know what columns you are dealing with. If you come back to your code a year later or someone else reads the code, you will have to go look at the DB to see what is there or print_r the result. Aside from that selecting data you don't need by using * is just lazy.

Can someone tell me under what circumstances you would want to skip the first row of your query result? I cant for the life of me think of one. Beuler?......Beuler?......Beuler?......