.josh

It's a ternary operator. (condition)? true : false Same as saying if(is_numeric($_GET['currentpage'])) { $currentpage = (int) $_GET['currentpage']; } else { $currentpage = 1; }

Actually I think this is probably a little better preg_match("~(?:Deposited|Awarded)\s([^\s]+)\s\(([^\)]+)\)(?:\sto\s([^\b]+))?~",$s,$match); echo "<pre>"; print_r($match); echo "</pre>";

preg_match("~(?:Deposited|Awarded)\s([^\b]+?)\b\s\(([^\)]*)\)(?:\sto\b\s([^\b]+)\b)?~",$s,$match); echo "<pre>"; print_r($match); echo "</pre>";

for ($x = 0; $x < 10; $x++) { $string .= rand(0,9); }

oh and also, that regex will fail if the input is not at least 2 chars long (the first and last letter/number only ones)

if(!preg_match("~^[a-zA-Z0-9]\w*[a-zA-Z0-9]$~",$val,$match)) { // not valid } ^ start of string (so first char must be an [a-zA-Z0-9]) [a-zA-Z0-9] match 1 character that is a letter or number (no underscore) \w* match 0 or more alphanumeric characters (number, letter, underscore) [a-zA-Z0-9] match 1 character that is a letter or number (no underscore) $ end of string (so last char must be an [a-zA-Z0-9]) Basically it says to start at the beginning of the string, only match if the first character is a letter or number, then match any amount of numbers, letters, or underscores, all the way to the end of the string. But then it has to match only a letter or number at the end of the string, so the * gives up the last char to see if that last [..] matches. If it doesn't, regex fails.

Based on your post, I have a sneaking suspicion that nothing short of (re)writing the code for you is going to 'help' you.

http://money.howstuffworks.com/personal-finance/debt-management/magnetic-stripe-credit-card1.htm

Perhaps you should clarify your situation. I interpreted your original post to say that you thought that doing a select distinct would somehow return a multi-dimensional array. Well, it doesn't. Nor does any query. At least, not in this context. _fetch_whatever pulls one row at a time. That's why you put it into a loop. You mentioned something about having 4 of the same name. Well, what do you want to happen? Do you only want a list of names returned, no duplicates? Use the select distinct.

Queries never return multi-dim arrays. At least, not in a form you can directly use. They will always return a result source, and your _fetch_assoc would pull out the info 1 row at a time (each time you call it). So when you call _fetch_assoc, you get a single-dim array of the current row. SELECT DISTINCT name FROM Member would return just 1 column 'name' and each row would only contain a single name. So for instance, if your table looks like this: name John Mary Joe Mary John John Joe You would get Joe John Mary So you would do something like this: $query = "SELECT DISTINCT name FROM Member"; $result = mysqli_query($cxn,$query); while ($row = mysqli_fetch_assoc($result)) { echo $row['name'] . "<br/>"; } And it would echo out Joe John Mary

Your "pay" would be the recognition. Anyway the amount would/should only cover server expenses and a little profit for phpfreaks owners I get 'recognition' by helping out for free, on a free board, just the same. Cover server expenses and a little profit? Sorry, you lost me at that 'a little profit.' Why should someone else get paid for my work? Where do you work? What would you say if your boss came up to you and said "Sir, we're going to stop paying you, but go ahead and keep working. We'll continue to make money off you." pfft. Whatever. I should go and set up a lemonade stand out on the sidewalk. Get a couple of neighborhood kids to run it for me. I get all the money. Their 'pay' will be me telling them and others what a great job they are doing.

search for guestbook tutorials. Same principle.

I would not offer help on a paid board, unless I were somehow receiving some of that pay.

you could always use an absolute path : http://www.mysite.com/includes/headers/images/header.jpg

well probably your path is wrong. Inside headers.html you are putting the image path relative to where headers.html is, but that won't work when it's being included into a file somewhere else. The relative path would be from the file that's including it.

no. Those would be in index.php. When you include one thing in another, it's just like copy/pasting it inside it. When you request index.php, it is the same as it being this (minus the comments; i put them there for notes): <body> // came from index.php <img src = '/includes/headers/images/header.jpg' /> // came from header.html/php </body> // came from index.php

Well see, that's the point. You're passing vars through the url anyway, so they have to be validated anyway, so putting it into a session var is superfluous.

Example: ./index.php ./includes/headers/header.php ./includes/headers/images/header.jpg index.php <body> <?php include "includes/headers/header.php"; ?> </body> header.php <img src = '/includes/headers/images/header.jpg' /> if all header.php is doing is echoing out html, you can rename it header.html.

Well...if we were to compare session variables to GET variables in a general sense, using a session variable vs. a raw GET variable (pre-validated) would be more secure, yes. But its not necessarily more efficient. For starters, you'd just replace validation code with maintenance code, since the value would persist (as in, writing code to update the session variable). Also, you have to consider the physics of pagination. The point is to click a link, and each link causes the content to be altered. The only way your script would know that one link was clicked instead of another, is by attaching a value to it, which would be using GET, anyways. Unless you were to have the links pointing to different pages like 1.php 2.php 3.php but even then, someone can just directly type that into your url, and you'd have to be checking for that somewhere else anyways (be it custom 404 pages, mod rewrites, etc...). You could use an AJAX or FLASH interface or even make a whole bunch of mini-forms with just submit buttons, but once again, you should be validating the incoming info anyways, as even POSTed info can be altered pretty easily. Point is, session vars are generally more secure than raw GET vars in a general sense, but you can't really use just session vars with pagination, so it's kind of moot.

session data is serialized and stored in a flatfile and retrieved upon demand. Using them all at once (like in a loop or function that walks an array or whatever) would add up (as ken pointed out, 9 or 10 does not constitute 'adding up' unless the data is extremely large. Simple vars like pagination page number is nowhere near breaking point), but using them individually would not.

Why all the conditions? Just do (preserving your quotes) echo '<img src="../../elements/images/layout/' . $star . 'star.jpg" alt="' . $star . ' star"/>'; or (changing quotes) echo "<img src='../../elements/images/layout/{$star}star.jpg' alt='{$star} star'/>";

Be more specific than "it's not working." Is the problem that the page is loading whether you're an admin or not? Something wrong with page info itself? First thing I see wrong is: $query = "SELECT * FROM admin WHERE AdminID = AdminID"; AdminID = AdminID is wrong. Should be AdminID = '$somevar' Beyond that, ^^ be more specific.

mysql_real_escape_string is not the catch-all solution many people think it is. But neither is it bad. It just does 1 thing, when you should be checking for 2 or 3 or more things. Simply escaping quotes is not enough to 100% prevent injection. It's just 1 possible checkpoint. The real goal should be to validate input, not pacify it. Make sure it is what it is supposed to be. Trash it if it's not. Conform or die! For instance, if you expect an integer, check to make sure it's an integer. There are several built in functions like is_int, ctype_digit, is_numeric that can be used, depending on the situation. Or you can use regex to validate the format. Or force it to be an integer by casting it as one. (edited to linkify functions)

Well, you can't in the USA, either. Trick is to use your money to keep from going to prison in the first place. Or if it looks like prison time is inevitable, use your money to make the sentence as short and sweet as possible.

Another way of looking at var[aa][xx] var[aa][yy] var[aa][zz] is like this: var[aa] = array('xx' => 'something', 'yy' => 'something', 'zz', => 'something'); So you see, [aa] is not empty because it has 3 elements.