ignace

search.php?query=This%20Is%20What%20I%Look%For&by=state&order=DESC&size=100 query=This%20Is%20What%20I%Look%For by=state order=DESC size=100 $validBy = array(..); $validSizes = array(..); $query = $_GET['query'];//This Is What I Look For $by = in_array($_GET['by'], $validBy) ? $_GET['by'] : 'state'/*default*/; $order = 'DESC' === $_GET['order'] ? 'DESC' : 'ASC'/*default*/; $size = in_array(intval($_GET['size'])), $validSizes) ? intval($_GET['size']) : 10/*default*/; $sql = "SELECT field1, field2 FROM table WHERE field3 LIKE '%$query%' ORDER BY $by $order LIMIT $size";

Change: $x = 'Message Must be greater than 2 letters'; To: $x[] = 'Message Must be greater than 2 letters'; Same for: $x = 'The user does not exist';

When your page loads for the first time: <form action="<?php echo $action;?>" method="post"> Will output: <form action="" method="post"> The user fills out the form and submits, the output is now: <form action="post_req_form.php" method="post"> --- Change: <form action="<?php echo $action;?>" method="post"> To: <form action="" method="post"> And: $action = "post_req_form.php"; To: include('post_req_form.php');

$scheme = !empty($_SERVER['HTTPS']) && 'on' === $_SERVER['HTTPS'] ? 'https' : 'http'; $url = $scheme . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; print "<a href="doc.php?url=$url">clickie</a>";

$query = '... ORDER BY date DESC';//!important $currentDate = ''; while ($row = mysql_fetch_assoc($result)) { if ($currentDate !== $row['date']) { echo $row['date'], '<br>'; $currentDate = $row['date']; } echo $row['cat'], ' ', $row['sometext_for_url'], '<br>'; }

class Configuration { const DB_HOST = 'host'; const DB_USERNAME = 'username'; const DB_PASSWORD = 'password'; const DB_NAME = 'name'; } class Database { protected $_host = null; protected $_username = null; protected $_password = null; protected $_name = null; public function __construct() { $this->_host = Configuration::DB_HOST; $this->_username = Configuration::DB_USERNAME; $this->_password = Configuration::DB_PASSWORD; $this->_name = Configuration::DB_NAME; } }

if (preg_match('/[0-9]{2}\/[0-9]{2}\/[0-9]{4}/', $date))

if ($y <= 100) $moved = 1; else { should be: if ($y <= 100) { $moved = 1; } else same for south, west and east.

What do you mean by that? are you talking about the end-user? or a co-developer? $row = mysql_fetch_assoc($result);//selects one row

That's what it is at.. Then why did you say your code was: ORDER By date_time Try: ORDER By date_time ASC Which is actually the same as the previous statement

SELECT * FROM albums ORDER BY date DESC

The first step in securing your application is know thy enemy and their methods. SQL Injection is one and Session Hijacking is another and I'm only scratching the surface. I have seen people apply 10 or more functions to some input while a simple typecast or intval() would have sufficed. Apply what you know about the expected input and validate the provided input against that knowledge: If it's a string then it may have a minimum and maximum length, it may only contain alphanumeric characters, etc.. Write tests and testable code and make sure your tests cover most of your code. Provide both valid as invalid input and make sure your test fails if the input is invalid.

remove the headers() function from the config.php file and put it into a separate file afterwards call it using: include_once('headers.php');

if(!eregi("^[_a-z0-9-]+(.[_a-z0-9-]+)*@[a-z0-9-]+(.[a-z0-9-]+)*(.[a-z]{2,3})$",$email)) eregi() is deprecated use PCRE instead of POSIX. add $status = ''; before the if (!eregi()) and change $status = "We're sorry, but you've entered an incorrect email address.<br>"; to $status .= "We're sorry, but you've entered an incorrect email address.<br>"; What is the specific problem does it output: $status = "There was a problem sending your feedback, please try again later.<br><br>";?

ORDER By date_time DESC

First of all I don't want to be an ass I may sound like one but that is purely the fault of the emotionless state of text. Second I agree with pfmabismad on all discussed points. Third too bad we always have to screw someone's thread while discussing. It would be much nicer if we could all sit around a table and drink a nice beer while we are at it. And I'm not going to say globals are good but I like to use 'global' when I'm prototyping it shows me what variables a function needs (argument list) and which external variables it uses to achieve it's goal and may serve as a guideline for the eventual OO design. My previous employer used PHP to prototype pieces of the application and used Java for the eventual release. IMO doesn't PHP deserve such a discrimination. The same goes for those that call PHP a bad programming language because it has a GOTO statement or it's others so said flaws.. Mail Zend and tell them they are idiots and while you are at it tell them to remove GOTO and rewrite the namespaces implementation

Could someone please fix the quick edit? I was editing my post and when I pressed submit nothing got changed (because the maximum time you can edit expired) and all text was gone never to be retrieved again. Split from this topic

Yes that is if you use an OOP approach but what for those that use the procedural approach?

How would I access $oldErrorHandler if global didn't exist?

http://tinymce.moxiecode.com/ (most (ab)used WYSIWYG) Or if you are into programming your own plugins and are looking for a customizable editor then take a look at: http://developer.yahoo.com/yui/editor/ (A great WYSIWYG)

PHP is a language with many possibilities (including global and goto) and what's a curse for one may be a blessing for another. Provide an example then. For 'global' something like: $oldErrorHandler = set_error_handler('error_handler'); function error_handler($errno, $errstr, $errfile = '', $errline = 0, $errcontext = array()) { global $oldErrorHandler; .. } For 'goto' command-line routines (cron, etc..). Quick-and-dirty

if(!$this->dbConnectionID){ echo(mysql_errno().":".mysql_error()); exit; } Never heard of Exception's? function Database(){ $Config = new Configuration(); Don't use composition use aggregation instead (it allows for easier testing): function Database(Configuration $config) Plus you may want to look at the singleton pattern because if you would use Configuration in many parts of your application you would create a serious overhead.

PHP is a language with many possibilities (including global and goto) and what's a curse for one may be a blessing for another.

Then use something like: $config = array(); //Database $config['database']['host_address'] = 'localhost'; $config['database']['username'] = 'root'; $config['database']['password'] = ''; $config['database']['name'] = ''; //Other Site Configuration Data Then in your code: $dbConfig = $config['database']; $db = new Database($dbConfig['host_address'], $dbConfig['username'], $dbConfig['password'], $dbConfig['name']); Keep doing this same method throughout your application and you can by adjusting the configuration settings alter your application's behavior.

Don't. Stick to that one table and add the extra field