.josh

umm...Alphanumeric is letters+numbers. I think what he's wanting to do is exclude special chars and things like punctuation marks, operators, etc...

well i see in your $my_variablle_results = shell_exec("call my java program"); you have an extra l in variable is that a typo you made here or is that in your code?

Your response should have been: "Hey yeah, I can add that feature if you want, but it wasn't in the contract, so I'll have to charge you for it!"

From the manual: $plussevendays = mktime(0, 0, 0, date("m"), date("d")+7, date("Y")); $plusonemonth = mktime(0, 0, 0, date("m")+1, date("d"), date("Y")); $plussoneyear = mktime(0, 0, 0, date("m"), date("d"), date("Y")+1);

Dunno how you plan on retrieving this date in question, but assuming you have an id associated to it in the row... // important thing here is to get the date, so do whatever you got to do to get it $sql = "select datecolumn from table where id = '$id'"; $result = mysql_query($sql); if ($result) { $date = mysql_result($result, 0, 0); $date = strtotime($date) + 86400; if ($date > time()) { // do something } }

post your form

okay wait wait wait, you said you want to list out how many of each type of weapon is used by players, in descending order? Shouldn't you be doing your group by on your userweapons table?

Well anyways I think this is what you're looking for... SELECT WeaponID, Name FROM weapons GROUP BY WeaponID ORDER BY WeaponID DESC

can you post the query you tried

You would use checkboxes or a multi select dropdown (not radio buttons, because radio buttons are for making only 1 choice), and then you will make use of the zip functions.

Think what you're looking for is using a GROUP BY with your ORDER BY

and cross site scripting, spam, etc...

You also incorrectly assume that people only try to hack sites to get to the information...

Although I would recommend using just one function called IsValid(), seeing as how both of those functions do the exact same thing...

Okay if I read that right, all you need to do is in your thankyou.php just echo the vars out.

Well you could either pass all of the data to javascript and onmouseover/click have javascript display the popup, or you can make a separate php script that retrieves the specific data based on the cell data, and use ajax to call that script, retrieve the data and display it. Either way, this isn't really a php solution per se. That is, you'd use php to retrieve the info either way, but to do the whole onmouseover/click with the popup, that's strictly javascript.

are you wanting the full sized image to be on a page all by itself? Just wrap a url tag around it with it as the target. Are you wanting some kind of popup thing? You're gonna have to use javascript for that.

I really don't understand what your beef here is, except that to be honest, I think your real issue is that it's not in the more "popular" forum.

No...if we were to just put everything in one forum, THEN it would be an absolute mess. THAT'S the bigger picture. Please refer to my grocery store produce section analogy in the comments forum you posted in.

It doesn't matter where it's being used. The poster isn't asking for help on what to do with the query results. He's asking about the query itself.

Well technically since he's asking about security in general, it could possibly go to the application design/layout forum. But this is where we practice that leniency you suggested. Look man, don't be sore just because your thread got moved. It was moved to the sql forum because that's where you stand to get the most help. Despite your beliefs, questions there do get answered very often; we have several people who answer questions there very well. In fact, they are some of the top posters here, having well over 10k posts in answering questions. Just be patient, and stop trying to make a stink in other people's threads.

1. The problem is strictly MySQL. There is no actual PHP coding help needed 2. That's your real problem right there, not that it's in a different forum, but that it's in a lower volume forum 3. Now that's just being kind of hypocritical, don't you think? I can just see someone in the JS forum bitching about his topic being moved, saying ..."it's not as if it's a MySQL question!!"

Both of them have an inherent risk. It's easier to spoof GET vars because it's passed right there in the url bar. It's *harder* to spoof POST vars because they are not. But it's not that much harder, as it's really easy for someone to just tamper with your form and click the submit button. You can rightclick > view source, copy/paste into an editor, add/change whatever you want in the form, load it up in the browser, and click the submit button. Or better yet, most browsers these days have plenty of addons to do that right on the page "live," taking out even those simple steps. The point is, rather than trusting either, trust neither. Always assume that any incoming data is a potential threat, and sanitize accordingly. If you are expecting the input to be a set thing like a number, check to make sure it's a number, and if it's in the expected range. use mysql_real_escape_string on data going into your database. If you have for instance a controller to load a page inside your main page (like a tabbed menu), or like a table of data for the user to order results by, don't just blindly sortby the variable or include the variable. Put the allowed values in an array and check if it's in the array. And the list goes on.

I got the shortest straw.

Right. We understand it's all "php related." But the point is to further divide it into more specific categories. The problem was not with the code itself, but with the query string, therefore it got moved to the sql forum. It's like going to the produce section of the grocery store. You don't see all the fruits jumbled up together in one giant pile, just because they are all fruits. You see them separated into individual bins. Apples with apples, oranges with oranges, etc..