smc

The database space and bandwidth requirement will pale in comparision to the requirements of the images themselves. Is it required? Well if you do time().microtime(); technically no because it is highly unlikely two people will execute at the same time and take the same time for server transfer. However having said that for your records, keeping track of the files, and allowing user ease (because if you are allowing them to create custom galleries then it is pretty much a must for DB) I would HIGHLY recommend a DB. Like I said, you're planning on commiting substantial resources to the images the DB will seem insignificant.

I'm not sure if I understand your question entirely. What I think you're saying is you want to continue to redefine a URL. As in, the user visits http://example.com clicks a link that brings them to http://example.com?id=NUM, that page displays links that are http://example.com?id=NUM&cat_id=1, http://example.com?id=NUM&cat_id=2, etc. This you just have to create the links to update to the variable. You can do this a number of ways. The most straight forward is hard coding the variable in: <?php $myDomain = "http://example.com" $myLink = $myDomain . "?id=" . $_REQUEST['id'] . "&cat_id=1"; $myLink2 = $myDomain . "?id=" . $_REQUEST['id'] . "&cat_id=2"; ?> The other way is to grab the current page. Know these predefined PHP variables: $_SERVER['PHP_SELF'] :: If the PHP you are using is at http://example.com/apples/oranges/banana.php this variable will return /apples/oranges/banana.php. $_SERVER['QUERY_STRING'] :: This will return all the attaches to the URL. For example, if you went to http://example.com/myphp.php?id=apples&cat=oranges this variable will return ?id=apples&cat=oranges. <?php $myDomain = "http://example.com"; //There is a predefined variable for this too but it slips me at the moment $myLink = $myDomain . $_SERVER['PHP_SELF'] . $_SERVER['QUERY_STRING'] . "&cat_id=1"; $myLink2 = $myDomain . $_SERVER['PHP_SELF'] . $_SERVER['QUERY_STRING'] . "&cat_id=2"; ?> Hope this helps.

Either syntax will accomplish what you're looking for. Where to put it depends on in what order you want to check for it. Personally I don't do much with case-switches so however you would traditionally incorporate a boolean if statement.

<?php $myDomain = "http://www.myweb.com/"; //This is your base domain $currentPage = "0001"; //This is the current page. You can substitute this with a $_SERVER variable to get the current page $newPage = $currentPage++; //This adds 1 to the current page value $linkAddress = $myDomain . $newPage . ".html"; //This will put it all together, the myDomain, tacks on the current page +1 the finishes it up with .html ?>

Multiple options. 1) empty(); (Returns TRUE if it is empty, or FALSE if not) 2) if( $myVariable == "" ){} (Executes inner code if it is empty) 3) If you want to check if the variable is even set... isset( $myVariable ); (Returns TRUE if set, FALSE if not)

Sure, there are multiple approaches. For one, you could do time() . microtime(); which would just name the file on the precise moment of upload. Another option would be to generate the file name and check it against your DB to make sure it hasn't been used already.

When entering " into the username you reveal your SQL and method of encryption ERROR!You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'd41d8cd98f00b204e9800998ecf8427e"' at line 1 Leaving you open to brute forcing / sql injection. If I find more I'll post here.

I would be careful with hard coded passes. Off the bat I don't see anything immediately exploitable but I'm far from a premo-hacker.

<?php str_replace( "<?php", "highlight_string(", $questionFromDB ); str_replace( "?>", ");", $questionFromDB ); ?> If that doesn't work then do the get position in a string function (escapes me at the moment) and then isolate the section from that point to the end point.

Hello everyone, In an attempt to make a more streamlined login script I created a function for it. I access it through using this: (Note: The dataEncode function does addslashes( htmlentities( INPUT ) ); ) <?php $loginData = array( "username" => dataEncode( $_POST['xtcms_login_username'] ), "password" => md5( $_POST['xtcms_login_password'] ) ); authUser( $loginData['username'], $loginData['password'], 1 ); ?> The authUser function: <?php function authUser( $user, $pass, $requiredLevel ){ global $xtcms_prefix, $lang; dbConnect(); $sql = mysql_query( "SELECT * FROM " . $xtcms_prefix . "users WHERE username = '$user' AND password = '$pass'" ) or die( errorReturn( mysql_error() ) ); if( mysql_num_rows( $sql ) > 1 || mysql_num_rows( $sql ) < 0 ){ errorReturn( $lang[XTCMS_LANG]['unknown_error'] ); }elseif( mysql_num_rows( $sql ) == 0 ){ errorReturn( $lang[XTCMS_LANG]['incorrect_credentials'] ); } $result = mysql_fetch_array( $sql ); mysql_close(); if( $result['rank'] == 0 ){ errorReturn( $lang[XTCMS_LANG]['user_not_active'] ); }elseif( $result['rank'] > $requiredLevel ){ authReturn( FALSE ); }else{ authReturn( TRUE ); } } ?> And the authReturn function <?php function authReturn( $result, $redirect = '../index.php' ){ global $lang; if( $result == TRUE ){ $loginResult = $lang[XTCMS_LANG]['auth_success']; }else{ $loginResult = $lang[XTCMS_LANG]['auth_failure']; } require( XTCMS_TEMPLATE_PATH . "/global_header.tpl" ); require( XTCMS_TEMPLATE_PATH . "/auth_result.tpl" ); require( XTCMS_TEMPLATE_PATH . "/global_footer.tpl" ); die; } ?> Is this secure? Or have I left myself open to injection/xss?

I am currently making an installation script for a PHP kit I've made. During the installation process it outputs the results, ie: I intend to have up to 3 pages worth of text during the installation. I would like, however, for the page to scroll down with the text as it is created so that the user is always on the bottom of the page. I have seen this kind of installation with a few scripts and the ModernBill software. Any info you've got on how to do this would be much appreciated. Thanks.

Assuming you want to search for the name in fname and fname is a column in your database... <?php //Make your MySQL connection $search = "fname"; $sql = mysql_query( "SELECT * FROM `example` WHERE fname = '$search'" ) or die( mysql_error() ); //Make sure you're doing a mysql_fetch_row if you're only getting one row from the Database $row = $mysql_fetch_row( $sql ); //OR - You probably will be getting more than one entry, many first names are similar.. so... instead we do: $myResults = mysql_fetch_array( $sql ); //To list results: print_r( $myResults ); //To print the one result from $row echo( "Name: " . $row['fname'] ); ?> Addendum on beboo002's post. I HIGHLY recommend you DO NOT use his type of code. That will query what is submitted in the form field and can leave your database open to serious SQL injection and hacking.

Please clarify what you are trying to achieve. Are you trying to make it so that when they submit the form it processes the query but shows a different page? Basically this is what is happening: (Your Page With Forms) -- User Submits ---> (orderform.php) orderform.php then processes the form data using whatever PHP you have coded into it. If you want it to display a message you can do a simple: print( "My Message!" ); or echo( "My Message!" ); on the form before or after the data. Alternatively, if you want to process the data then display another page you can do: header( "location: myPage.php" ); The above will then redirect your page to myPage.php (providing you've not displayed any messages using print; or echo;. If you have printed any text from the PHP script you will receive a header error)

Hey all, A few months back I developed a ban extension script for Invision Power Boards to ban users from the Main Website if they were banned from the forums. Although the script works as a champ and as intended, the problem arises when a user has the same IP address as someone who has been banned in the past. 99% of the time this happens, the user is using AOL. Since AOL, in their infinite wisdom, chose to issue IPs to a few thousand individuals per IP I need a method of detecing if a user is using AOL, and if so the script won't ban them. But how? I'm aware of gethostbyaddr, but is there a way to use that to detect if they are aol, even though the hostname changes? Thanks for any insight you all can provide! -Smc

A cron job is really your best bet. Just run a cron that says <?php if( strtotime( $mySQL ) >= time() ){ $sql = mysql_query( "UPDATE myTable SET activityColumn = 'true'" ); } ?> Or along those lines