.josh

regex is not good for trying to parse html content, especially nested html content. Regex is good at parsing regular languages. HTML is a context-free language. Use DOM instead.

Also a word of advice: you should not put user-submitted values directly into your database queries. You need to validate that they are expected values in expected formats, or escape them, or use prepared statements. If you do not, a user can inject arbitrary sql syntax into the query string and wreak all kinds of havoc to your database and site, depending on how your database is structured, what's in there, etc..

as for your 2nd issue: http is a stateless protocol, so it doesn't remember what happened previously, unless you make it remember. you set this: $term = $_POST['term']; Well that posted variable doesn't exist when you submit the form again. One way to fix this would be to put another hidden field in the form, same as the id i mentioned above. Alternatively you could use a session variable, though that would be a bit more complex and you'd have to consider when/where to unset it (like if the user decides to go to the original form it is entered in)

You aren't passing the id in the form submit. You just have the stuff displaying, and a submit button. Then in your $_POST condition you are looking for $id which doesn't actually exist. One way to fix this is to just before the submit button, add a hidden text field: echo "<input type='hidden' name='id' value='$id' />"; and then where you check the form submission: if (isset($_POST['submit'])) { $id=(int)$_POST['id']; // cheap way to sanitize the input value, assuming the id is an integer. if not, validate it before using it in your query $likes = $liked+1; $insert= mysql_query("UPDATE Players SET choice='$chosen' WHERE id=$id"); }

This isn't entirely accurate.. the hosting provider could have it setup to add stuff to files output. This is usually common for hosts that provide free or reduced price/ad supported hosting packages. Of course, this isn't "magical" in the sense that it's just appearing out of nowhere, but it does give the appearance of it, since you can go through all your files and not actually find it..

well spaces aside, escapeshellarg and/or escapeshellcmd should be used for making sure someone doesn't try to pass arbitrary commands

There are probably a couple of linebreaks at the end of the file, and possibly other blank spaces thrown into the mix. Try using array_map with trim and array_filter on the array. Example: $array = array_filter(array_map('trim',$array)); This will remove any extra spaces and tabs from each array element, and also remove any empty array elements.

ah okay, i guess you will need to use exec for that. Just be really careful if you intend to pass values through exec that come from users or other sources users can affect.

Actually character classes support ranges with hyphens, so that would actually match 2,0,1,2(again),3, or 0 (again). The "problem" is that it only supports single characters for ranges (unless escape sequences are involved, but you can't use them for this). Psycho showed correct way to do it with regex. The \d is shorthand for [0-9], so another way of writing it would be #2[0-9]|30#

There is a pear package for reading/writing excel files in php: http://pear.php.net/manual/en/package.fileformats.spreadsheet-excel-writer.intro.php However, it doesn't have ability to do everything you can do by actually using excel. More advanced things will get lost in translation. But it will work fine for basic stuff. You're going to find similar no matter what language you look at; excel is proprietary software.

Also to be clear, client.php should encode it. server.php should decode it.

p.s. - are you sure you even need to run that through exec? If you include or require it, it will parse the code in launched.php when you run launcher.php. And you don't need to pass arguments to it; just set and look for vars like normal. There is rarely ever a reason to actually use exec for anything; one of those things you should avoid if possible.

exec expects a string argument. wrap it in quotes.

well this is just a guess but it *sounds* like maybe they offer delivery to some place and there's some places they can't or won't go to.

Listen mister, I wasn't being stuck up. I simply told you a better method. YOU initiated the assfuckery by assuming I was just telling you you were doing it wrong. YOU got snippy when it was pointed out that there are better ways of doing things. If you were really interested in knowing those better ways, you would have asked how. But instead, you got snippy about it, so you would have gotten snippy about it regardless of whether or not it was shown to you. Not to mention the fact..I didn't just "point out" you were "wrong". Firstly I didn't even say you were doing it wrong. What you are doing "works." But I tried to mention a better way of doing it, and why. WTF more was I supposed to show you? You already managed to work out making a database and a column, specifying a type and all that. I told you to use a different column type - a date/time based one. WTF more was I supposed to show or tell you about that? Did you want me to walk you through changing the column type? Because it seems based on where you're at now, you already know how to do that. Also, I didn't say piecing together other bits of code was stealing. The "crime" I pointed out was that you don't seem interested in learning what those pieces of code really do, or possible alternatives. And this was all AFTER you started being a douchebag. And you know what? Even if I was and asshat from the getgo - which I wasn't - so the fuck what? AGAIN I will point out to you that YOU came HERE asking for FREE help. So if I decide to be a prick about it, that's my prerogative and you can't rightfully say a damn thing about it. You aren't some paying client or otherwise have some authority to demand or expect people to bend over backwards kissing your ass. Good Lord, I offered a bit of advice to help you out and in no way was I condescending about it and you make out like I'm looking down on you. I wonder how you would have reacted if I really did open things up calling you a fucking idiot. Why do I get the feeling that you're one of those people who resent having to go ask someone for help, assuming they are out to make you feel like an idiot and not actually help, because THAT is what makes those things happen - it's a self-fulfilling prophecy.

google "mod rewrite" and "beautify urls"

&& is that really what your code is? need to change that to &&

Firstly, I would like to say that I only meant "sanitize your values" in the broadest of senses, as in "Don't just directly accept user input into your query." I certainly agree that using prepared statements is better than simply escaping them or whatever, but the point is that preparing your statements (among other things) effectively "sanitizes" the input. I apologize that the intention of my statement was not clear to you. I will certainly admit I could have been clearer, though to be fair, that wasn't the focus of this thread. But I would also note that you should be validating for expected values regardless, which often times makes prepared statements superfluous in the security dept. For example if you expect a user to enter a number and you validate this with a regex like ~^[0-9]+$~ (or some equivalent check), and then reject the input accordingly.. well this effectively makes the security offered from the prepared statement superfluous. Of course, that's not the only thing prepared statements have to offer, so I'm not saying don't use them at all.

If you have more than one submit button and want to know which one was pressed, you can give the buttons unique names and/or values and look at them. Or, you can use a hidden form field with a value unique to the form. Or, you can put a unique ?formID=foobar appended to the url of the form action url. However, note that php cannot directly detect if a form button was pressed. php is parsed server-side. Button click events happen client-side. Even if you do one of the above methods, there is no guarantee that the user actually pressed that button. Some browsers allow for "Enter" to be pressed to invoke the click. Or, javascript could be used to invoke the submit. Or someone could write a script or use a program to otherwise programatically make a request to the script with relevant values.

IMO a better way to approach this is to use checkboxes instead of radio buttons (or alternatively a multi-select dropdown if you like that "look" better). This will allow you to easily add more people without having to worry about adding additional radio buttons to cover combinations of people (like "both" - what happens when you add a 3rd? you will then also have to add radio buttons for Julia and Pete, Julia and John, Pete and John, Julia and Pete and John, etc. and that will go up exponentially as you add more people!), and it will also allow you to easily make database queries. Example: <form action="#" method="post"> <input type="checkbox" name="driver[]" value="Julia">Julia <input type="checkbox" name="driver[]" value="Pete">Pete From <input type="text" name="date1" size="12" id="inputField" /> To <input type="text" name="date2" size="12" id="inputField2" /> <input type="submit" value="Submit" name="submit"/> </form> Then in your script you will receive driver as an array of values. And in your query you can use an IN operator to select where any of the values are found. Example: $drivers = "'".implode("','",$_POST['driver'])."'"; $query = "SELECT * FROM wizardlog WHERE driver IN ($drivers) AND date between '$date1' and '$date2' "; I will also note as other posters that you should sanitize the values before using them in database queries.

This (along with all your other posts) tells me you just go around trying to grab snippets of code and throw it together and hope for the best instead of stepping back to actually learn the language formally. This will inevitably lead to using bad code and things breaking, and it's a bit silly to blame anybody or anything except yourself for this. More confirmation that you aren't really trying to learn the language. If you actually did the research, you would see that ASP and PHP are very similar in regards to date/time handling functions. I get what you're saying, and I don't necessarily disagree with this mentality. Everybody has to start somewhere, baby steps and all that. But it is foolish to summarily dismiss advice given because of this. It's even dumber to get all snippy about it. You came here asking for help, not the other way around. You're acting like a bum walking up to someone's car asking for some money because they are hungry and then bitching because someone gave you food instead of money. Or no enough money, etc. You mentioned breaking your ASP way of thinking. I think perhaps instead you should work on breaking your ASS way of thinking. Again, you came here, asking for help. Free help. You happened to get help from people who do this thing for a living. You will literally not find a person on this entire planet better than Barand when it comes to databases. He's like 100 years old and has been doing database stuff since...you know what, I'm almost positive he had a hand in frakking inventing databases. So when he says something, it's not a matter of opinion, it's a matter of fact. Of course you didn't know this. But just like your coding style, you like jumping out of the airplane without first checking your chute and learning how to use it, or figuring out where you're going to land, and then getting upset at the chute and the ground like they are the ones working against you.

ooh eeh ooh ah ah?

I cn b kind enuf 2 rite d code of wot he said if u cn b kind enuf 2 put monies in my paypal pl0x kk thx.

You can do a basic shell of a webpage and then use AJAX (javascript) to load the content. This will make the bulk of your stuff not show up in the viewsource. However it makes your site reliant on javascript to work, and anybody who is determined to see/get the page's sourcecode can quite easily get it from somewhere else besides viewing the source. You should not worry about this sort of thing. There is nothing you can output that can't be found somewhere else, and you can't do anything about it anyways. Instead you should just focus on your server-side validation/security and offering up a great product or service or whatever your site is about.

An alternative.. you could force the user to pick your stored format and then accept/reject based on it. Basically what you would do is treat their input as a search and offer up suggestions that match your records and force them to pick one. Then if it's on your list of ones you don't want to accept, deny it. This may or may not be feasible for you if your setup does not involve having a full list of values.