fenway

It's a PHP function... you can't pass it to mysql.

Sure... check what you datadir is.

You can use a LEFT JOIN, then restict on friend_id IS NULL and ignored_id IS NULL.

It should be a lowercase p: TIME_FORMAT( prog_time, '%h %i %p')

Which table is catid in?

Users like me... time for a new computer.... ;-)

You can't -- that's how proxies work. If you're behind a firewall, your internal/private IP is not visible to the outside world.

Next time, consider asking your friend BEFORE you post... otherwise, you're wasting everyone's time.

OK... now I understand... no need for 2nd query! Change your initial query to: $result = mysql_query("SELECT *, TIME_FORMAT( prog_time, '%h %i %P') AS prog_time2 from tablehd"); And then you can retrieve the value with "$info['prog_time2']" -- anywhere inside that while() loop. I'm also not sure what that if() is doing....

You can't echo $ptime like that... it's a result set! You need to (a) run mysql_fetch_assoc() and get back each row and (b) alias the expression to be able to reference it more easily. In principle, you can cheat with mysql_result(), but it's bad practice. Also, I thought this was coming from data stored in the DB.

That's right, you need to store it as MD5()... just make sure to encrypt it before you store it (i.e. in application code).

Post both queries (I only see one), and the table structure -- a JOIN should be able to do this.

What's the syntax error? Can you echo $sql?

1. Huh? 2. Why?

That's a very stange path...?

Huh?

Well, that's a PHP issue... you're passing the wrong UID.

Where's the EXPLAIN... and, say, a proper query (without php variables)?

Yes, mostly painless, just keep an eye on your queries for a while.

You can use INSERT... ON DUPLICATE KEY UPDATE.

Impossible... certain things simply have to be strings literals (like the values passed to LIMIT clauses). It's annoying, but that's how it is. At least table names make sense.

HAVING is for anything that gets evaluated after the "main" query... so in this case, it's possible that it's not aliased under after the main query has been executed, meaning that it's not visible to the WHERE clause "in time".

You don't need any php code... use TIME_FORMAT(), as suggested above a number of times. Post your query.

How many times have you successfully restored a vulnerable site to usability? This was an extremely complicated and cleverly devised attack, not limited to SQL injection... hence it was not a simple task. It took a lot of very skilled and experience people weeks to track it down. And data integrity was the primary concern, so the site was taken down as a precaution.

Searching for "refman" in google produces the MySQL Reference Manual as hit #6 --- yeesh.