ignace

You just call it and pass the location of the file as an argument: $pdftext = pdf2txt('/path/to/file.pdf');

Yes this is a custom function he probably meant it as some sort of prototype for which you still have to write out the body.. heart, lungs, .. just kidding

Take a look at memcache as it probably is the best around: http://be.php.net/memcache

That is indeed correct but it was just a sample and part of something bigger (as we all are ) And would end up in something like: function delete_user_file($userfile) { global $db; // retrieve db connection $userid = $_SESSION['userid']; // assuming the programmer performed an is_user_file($userfile) $query = 'DELETE FROM files WHERE owner = %u AND fullpath = "%s"'; $result = mysql_query(sprintf($query, $userid, $userfile), $db); return mysql_affected_rows($result) > 0 ? true : false; }

We'll need some more information or some sample data, maybe this helps? $highestPointer = 0; $sizeOf = sizeof($update); for ($i = 0; $i < $sizeOf; ++$i) { $pointer = max($update[$i]); if ($pointer > $highestPointer) { $highestPointer = $pointer; } }

I can't tell you how others do it but i can tell you how i would do it: Using access-control the same principle OS's use for sharing files (both user-based as role or group-based). tables (very simple user-based access control): ------------ users (id) files (id, owner, fullpath); -- If the user uploads a (non-malicious) file: INSERT INTO files (id, owner, fullpath) VALUES (NULL, $user_id, $fullpath); -- View user files: SELECT * FROM files WHERE owner = $user_id -- Remove a user file DELETE FROM files WHERE fullpath = $fullpath AND owner = $user_id

It trims more then just whitespace (if the second parameter is left out): * " " (ASCII 32 (0x20)), an ordinary space. * "\t" (ASCII 9 (0x09)), a tab. * "\n" (ASCII 10 (0x0A)), a new line (line feed). * "\r" (ASCII 13 (0x0D)), a carriage return. * "\0" (ASCII 0 (0x00)), the NUL-byte. * "\x0B" (ASCII 11 (0x0B)), a vertical tab. It's worth noting that you can also add your own characters: print trim('adbecfa', 'cab'); // dbecf

$jsonarray = json_decode('{"canvas_url":"http://www.site.com/someurl/"}'); var_dump($jsonarray);

Right! All 1 or 0? Never ever a string of some sort.. Oh no wait we'll just add an if to our loop and a while later hey let's add an if to our loop and a while later hey let's add an if to our loop... Good thing you know what spaghetti code is It is spaghetti code Technically it's a hack. Know your framework..

Make sure the filedelete is within the user directory define('USERS_DIRECTORY_PATH', realpath('/path/to/users/directory')); // http://shiflett.org/articles/session-hijacking $user = $_SESSION['username']; if (!is_valid_username($user)) { // be sure to use this on your authentication or before storing trigger_error('..error messages for admins..'); // use in conjunction with set_error_handler() which stores the information in a database or sends an e-mail.. die('..personalised error message for the user..'); } // optional: check the user against the database and get a hard-to-guess type of directory (/path/to/users/directories/q3547stghbq6347htq77jy46q7j6q7/*.*) $directory = implode(DIRECTORY_SEPARATOR, array(USERS_DIRECTORY_PATH, $user)); if ($action == 'delete') { $user_file = filter_get_user_file($_GET['filedelete']); if (is_user_file($userfile, $directory)) { delete_user_file($userfile, $directory); } } function filter_get_user_file($input_userfile) { return basename($input_userfile); } function delete_user_file($userfile, $directory) { return unlink(implode(DIRECTORY_SEPARATOR, array($directory, $userfile))); } function is_valid_username($username) { return ctype_alpha($username); } function is_user_file($file, $userdirectory) { return file_exists(implode(DIRECTORY_SEPARATOR, array($userdirectory, $file))); } These functions are not closing but they give you a good start

can also be accomplished by using type conversion: $message_id = (int) $_GET['messageid'];// converts 1' OR 1=1-- to 1

You can't modify your headers if their is already output: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <?php // user has clicked a delete hyperlink if($_GET['action'] && $_GET['action'] == 'delete') { unlink($_GET['filedelete']); header("Location:files.php"); exit(); } ?> modify to or use http://be.php.net/manual/en/ref.outcontrol.php: <?php // user has clicked a delete hyperlink if($_GET['action'] && $_GET['action'] == 'delete') { unlink($_GET['filedelete']); header('Location:files.php'); // if you don't need string parsing use ' instead of " exit(); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> I must advice you to validate your input imagine what this url will do:

Wrong section.

The best part is this is up-to-date code (atleast for SimpleCMS it is) And just say you are referring to Drupal

This goes also for your technique pal 100 ternary operations? And now think that this html document interfaces with multiple php documents (ajax) or is used as a partial for many documents, must be fun to edit each and every php file (ternary operation) If you otherwise would just have to alter that stupid hidden and checkbox value which would be done in 2 seconds. And if it is such a bad practice then why is this also used within the Zend framework?

Please post your all relevant code. The current code tells us nothing

Do you get any error messages? What is the output you get? Are you sure there are any records at all? try: read_message.php?messageid=1' OR 1=1-- Which gives: SELECT * FROM messages WHERE message_id = '1' OR 1=1--' AND to_user = 'someusername' Oh! look at that: Each and every message in the database

I made it so that if it's not a numerical numbers -> redirect the person to the index page... I don't think you are fully aware of what XSS is (http://en.wikipedia.org/wiki/Cross-site_scripting) plus there are many more vulnerabilities to which you have to protect not only your scripts but even your server(s)

post your script here again or pm me the code

Can you provide us with an example?

Try: if (!strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') && !empty($_POST)){ Instead of: if (!strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') && !empty($_POST)){ } // this shouldn't be here but rather after your last mail() statement P.S. clear your mysql_connect() data not all people who browse these forums are friendly

http://be2.php.net/manual/en/book.pdf.php Google knows all your answers (and secrets..)

Yeah, I see more problems then you are asking for <?echo "$fromuser\n";?> should be: <?="$fromuser\n";?> //or <?php echo "$fromuser\n"; ?>

if(isset($_POST["submit"])){ } 1) When you now press submit it executes nothing 2) If submit never has a value (<input type="submit">) isset() always returns false which in turn will never execute the if body therefor i recommend using: if (!strcasecmp($_SERVER['REQUEST_METHOD'], 'POST') && !empty($_POST)) which will first verify that their is a POST request header (and which implies something was send as the default is GET), then we verify if $_POST contains any data (which should if they send something). This latter makes sure we have something to process. Note: This can be shortened to if (!empty($_POST)) I just like to double-check

Because: 1) You don't need additional php code ($_POST['checkboxName'] will do the trick) 2) You also can use strings as a checked and unchecked value (although this also works with the ternary operation it is view data per se) 3) Maintaining is easy because you only need to worry about $_POST['checkboxName'] and the data only needs to be modified in the html document (1 html document - * php documents) I reckon that you can use a function for this but doing for every ternary operation is redundant