hitman6003

What other text? The variable assignments aren't printed to the screen...the contents of the variable may/may not be echo'd or printed to the screen. I'm surprised that your sessions and redirect headers are working since there is data being sent to the browser before those are called.

It's always easier to store who has seen something like a thread than who hasn't. I've never looked at phpBB's code, but I would imagine they associate the user to the thread when it's been read. So, when I click on it, a row in a table is inserted that says "hitman6003 has read thread xyz at 0230GMT".

Why wouldn't you change the text color using CSS? <style> body { color: #FFFFFF; }

meh... Are you hurting for space, than an extra MB or two (cause a row of 2 int columns doesn't take much room) is really gonna make a difference? Use an index and don't worry about it. Doing it the second way, if you wanted to query "Who's friends list is user 123 on?", you would have to query an expand everyone's list to get that information.

StackOverflow's top voted php post is about SQL injection: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php

Just sanitize your input. Check to make sure the user(s) provide input that is correct/valid and use the "real_escape_string" functions before doing inserts. http://php.net/mysql_real_escape_string http://php.net/mysqli.real_escape_string

use the DateTime object. $date = new DateTime($row['etd']); print $date->format('d-m-Y'); http://php.net/datetime.format Edited to change format from "Y-m-d" to "d-m-Y".

well...after further investigation, I appear to be wrong about that. I think the problem is that you are checking for "$_POST['submit']" to exist, but the image input type doesn't pass a value.

The HTML input tag does not have an image type that is also a submit button. http://www.w3schools.com/tags/tag_input.asp You could change the look of the button using CSS, or use javascript to submit the form when the image is clicked.

If they are on separate lines, use the explode function on the input... $songs = explode("\n", $_POST['songs']);Just make sure you sanitize the input before doing anything with it.

Provide the connection variable with mysqli_real_escape_string.. mysqli_real_escape_string($con, $_POST['ecuid'])

if you start with the object style mysqli, you have to use it...can't switch between them...so your use of mysql_i_connect_error() won't ever return anything. Aside from that, add in some debug to check for expected results: <?php function login($username, $password) { $con = new mysqli("db_server.com", 'User', 'plain text password', 'whateverdb'); if ($con->connect_errno) { die($con->connect_error); } $pass = md5($password); $query = "SELECT * FROM user WHERE username = '$username' AND password = '$pass'"; if ($result = $mysqli->query($query)) { if ($result->num_rows > 0) { print "<pre>got the following results:\n\n"; while ($row = $result->fetch_assoc()) { print_r($row); } } else { print "no rows were returned!"; } } else { die($con->error); } }

You're still not using the mysqli object correctly...it has four options: hostname, username, password, database. http://php.net/mysqli.__construct mysql_error will not work when using mysqli...use mysqli->connect_error or mysqli_connect_error(). http://php.net/mysqli.connect_error You're using "mysql_query" instead of the mysqli object's "query" method. http://php.net/mysqli.query

If you are going to use it like that, you'll need to adopt the object oriented style... $con = new mysqli($host, $user, $pass, $database); $result = $con->query("SELECT something FROM somewhere"); if ($result->num_rows > 0) { while ($row = $result->fetch_assoc()) { echo $row['something'] . "\n"; } }

SocialCloud has the answer...use either mysql_* functions, or mysqli_* functions, don't mix them.