GingerRobot

well in the file functions.php on line 155 there is some output to the browser. Either remove this output, or take a look at the function ob_start();

you can also typecast the pagenum..i saw an article on the zend website about this: $page num = (int)$_GET['pagenum']; I quite like that method as its very short. Given that it is only to prevent malicious attemps, i dont see a need to handle the error by informing them that it was invalid - just to make sure that it cant do any damage etc.

Thanks, i thought you used the global keyword to make variables inside the function accessible ouside. Thanks again.

Is there a way to make a variable available inside a function that was created outside of it, without passing it into the function as a parameter? Ive got some variables from a database, and i want to be able to use them inside a function. Thanks in advance.

I dont really do javascript, sorry

Ok, thanks. I got what i was looking for: ($var == 1) ? "yes" : "no";

I cant find the short way of doing if statments using the ? and : Does anyone know what it is? Thanks in advance.

Well the only thing i can assume is that you're not including your s3.cfg.php file, because i guess it cant find the array... add: print_r($available_styles); on the fine before the foreach.

Well your method in your form was get, so it seems safe to pass the color through the url, this bit: ?style=$_style; So, you wont actually need your form, put that in place of the the form.

If this is scripts where people are going to be posting a topic/reply, you'll want to make sure that the time limit is quite long. Also, i would make sure you dont just give an error, make sure you return their orginal text incase someone was typing something long and loses it.

Oh i see: [code] <?php                     foreach ($available_styles as $_style) { echo "<a href='s3.php?style=$_style'><img src='$_style.jpg' /></a>"; } ?> [/code] then have a file clled red.jpg, blue.jpg etc I think that should work

As was mentioned, this is still not a total solution; someone could easily look at the page's source and view the hidden field and its contents. Do not rely on these things to work, make sure you fully validate the information from the form.

Well what happens? Also, your action is to s3.php but you say the file is s3.cfg.php - you need to make either the action the same as the file name, or the file the same as the action. Also, can you edit your post and use the [code ][/code ] tags to highlight your php?

There are two tutorials for this sort of thing on this website: http://www.phpfreaks.com/tutorials/36/0.php http://www.phpfreaks.com/tutorials/78/0.php Ive not tried them myself, but take a look :)

I could be wrong, but i think you need to use the eval() function: http://uk2.php.net/eval

http_referer cannot be trusted, it can be spoofed. Also, some firewalls prevent the data from being sent and browsers can be setup to not send it too.

As for the 2nd question, that would depend on wether you are trying to allow any numeric value or just whole numbers. If you want any number allowed, look at the function is_numeric. If you want to check post data to make sure it is a whole number, look at the fuction ctype_digit. It may seem like you should use is_int() to check for a whole number, but this also checks the variable type - post data is sent as a string so the function returns false on any post data.

I would still use a database - this is the thing they are good for.

So you want to store everyone's profile in each person's session? Bad idea  - it will be difficult(impossible?) to update member Xs session after member Y changes thier profile. This is exactly what a database is good for, so thats what you should use.

Well an attitude like that isn't exacty going to get you helped, especially seeing as you aren't really asking for help to do with PHP. No-one but yourself can tell you how to go about this, it is a problem dependant on how YOU want it to work.

I would go for the first idea of using the image, blocking IPs is not usually a good idea. Gast posted an example of this here: http://www.phpfreaks.com/forums/index.php/topic,100764.msg398112.html#msg398112

Excellent, its quite often pesky typing mistakes!

Well it seems as if it isn't getting the section from the database, try echoing it out: $section = $row['section']; echo "Section: $section";

So what is it outputting then?

Ok, well the short answer is dont. IPs are unreliable and many people's IP address change very regularly. Also, some ISPs force all their clients through a proxy, making all their IPs the same. If you were to ban one person from that ISP, all would be banned.