Psycho

I agree with Xyph. You can spend hundreds of hours trying to harden your application against attacks - both externally and internally. It all depends on what level of security you are wanting to achieve and how much you are willing to invest. If you were wanting to limit by IP addresses but cannot implement that, I am assuming that the user base is somewhat limited and you are mostly concerned about rogue users attempting to access your application. I have a few suggestions if that is the case: 1. Go ahead and implement an IP check. If the IP is one that the user has used previously let them log in normally with username/password. If it is a different IP make the user go through an extra level of authentication. E.g. send a passcode to their email address that they have to use in addition to their username/password to authenticate and to add the IP for that user. 2. Be sure to have a lockout process if a particular user fails login x number of time in a row 3. Have a check to see if a particular IP address has x number of login failures (for any username) within a time period. Then lock out any more submissions from that IP address.

There's a very simple solution: str_replace() Since the values are always decimals less than 1 and greater than -1, you can simply replace '0.' with '.' echo str_replace('0.', '.', '0.123'); // .123 echo str_replace('0.', '.', '-0.123'); // -.123 Of course this would not work if there were numbers such as 10.123

Try putting a negated quote match just before the http" $return = preg_replace('@[^"\'](https?://([-\w\.]+[-\w])+(:\d+)?(/([\w/_\.#-]*(\?\S+)?[^\.\s])?)?)@', '<a href="$1" target="_blank">$1</a>', $return);

I'm thinking there is a more efficient way to get what you want rather than having such rigid requirements on the position field. But, you can run a single query to update the position field when records are deleted. This will handle when there are gaps in the position and will also reorder if two records have the same position. Which one comes first will be dependent upon the ORDER BY parameters. You must have the ORDER BY use the position first, but then you can add name or something else to determine which record would come first if there were duplicates on the position. But, if you don't supply anything it would most likely be the one created first will come first in the position. Also, this would only work if there is a unique ID column in your table, which I would assume you have. just replace with your applicable table and field names UPDATE table_name AS primary JOIN (SELECT secondary.id, secondary.position, @rownum := @rownum + 1 AS new_position FROM table_name AS secondary JOIN (SELECT @rownum := 0) AS r ORDER BY secondary.position) as temp ON primary.id = temp.id SET primary.position = temp.new_position

gacoksa, did you even TRY what I provided you? It will do what you want - you just don't understand enough about SQL to know that it will and you are dismissing it out of hand. Not only is double posting a waste of time so is not trying the solutions provided. The code you are trying to use is worthless. You don't need a while loop. The format of the query I provided will work. This is ALL you need include ("koneksi.php"); $con = mysql_connect($servername,$username ,$password); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("smsd"); $group = mysql_real_escape_string(trim($_POST['group'])); $message = mysql_real_escape_string(trim($_POST['message'])); $balas_sms = "INSERT INTO outbox (phone_number, text) SELECT phone, '$message' FROM contacts WHERE group_name = '$group'"; $hasil_balas_sms = mysql_query($balas_sms);

And who said we are selecting a "field" called `I LOVE YOU`? Did you notice that it is defined in that query as a String enclosed by single strait quote marks 'I LOVE YOU' and not a field with back ticks `I LOVE YOU`. Did you even take the 5 seconds needed to try the perfectly valid solution I provided you? No, because if you had you would have seen that it will work. It is perfectly valid to SELECT other things than fields. You can select static values, expressions, date/time, etc. etc. The MySQL manual is littered with such examples. mysql> SELECT 1 + 1; -> 2

My . . . whatever do you mean?

This topic has been moved to MySQL Help. http://forums.phpfreaks.com/index.php?topic=364058.0

<< Moving to MySQL forum >> INSERT INTO b_table (phone, message) SELECT (phone, 'I LOVE YOU') FROM a_table WHERE group = 'xy' 13.2.5.1. INSERT ... SELECT Syntax

Well, you can set the pointer back to the beginning [mysql_data_seek()] and run through the results again or just use a for type loop on the results set twice using an incrementing index to select the appropriate row [mysql_result()]. But really there is no need and would be inefficient. Just run the loop once and perform both sets of operations. If you are outputting data for those two operations, just assign the output content to variables and then output the variables later.

No and there shouldn't be. For example, let's say you need to find out what NAICS industry code a person should be classified as based upon their job. Would a software developer go in "31 Manufacturing" or "51 Information" or "54 Professional, Scientific, and Technical Services"? Most likely the respondent won't know. So you can provide a list of jobs that would make sense to the respondent with the appropriate code as the value. however, some of them will have the same classification.

Well, yes and no. It does not specifically mean "unknown". It means "unknown" or "inapplicable" information - i.e. it does not exist. If I do a DB query on the parents table and JOIN it to the children table, a user with no children will have null values. If I do a COUNT() using GROUP BY for those children I get 0. If the result of the count was unknown I would get a null count. It can mean either or - which is why Codd had proposed using two different NULLs to differentiate the two. Codd's rules:

Bug 201056 - default select option changes on reload (if multiple options have same value) Reported in 2003. So don't hold your breath on it. But, as I described above, it's pretty trivial to solve in this particular instance.

It is not sending a POST. FF simply has some built in functionality to retain/repopulate current form input when a refresh is performed. This happens when clicking the refresh button or F5. But, if you perform a "hard" refresh using Ctrl-F5 then it completely reloads the page as would be expected for a normal refresh. This makes sense as a feature. I have had instances where I was entering data into a form and accidentally refreshed the page losing my data. In fact this occurs for any input fields even if there is no form - so no POST could even occur. However, I did some testing and found something really odd. When trying to reset/reselect a select list the functionality is starting from the last option and working backwards looking for a match. Take this sample select list: <select name="sel"> <option value="">-- Choose One --</option> <option value="A">Apple</option> <option value="B">Banana</option> <option value="A">Apricot</option> <option value="P">Pear</option> <option value="A">Avacado</option> </option> As you can see, the three options beginning with "A" all have the same value. But, all the other options have a unique value. If you select one of the options with a unique value and click refresh or F5 (in FF) the same option will be reselected. However, if you select any of the options with the value "A" and perform a refresh (again in FF) the "Avacado" option will be selected - even if the previous option was Apple or Apricot. Not sure why the logic works from the last option to the first. You can create a flat HTML page with just that code above and test it yourself.

Yeah, not a bug deal by any means. A user hitting refresh on that page should be an edge case scenario. But, I found a fairly simple way to work around the issue if you want. 1. When creating the random value append a ".0" to then end of the value. So, a "2" because "2.0". That way, when the page refreshes, if the selected option was random with a value of "2.0" FF will only find a match on the Random option and not the true option with a value of 2. 2. Then in your processing code you should already be be doing some sanitization of the vaue to ensure they are ints. If not, you need to be doing this. $value = intval($_POST['post_value']). Since all your post values are in an array, you could easily use array_map() to do the whole lot in one line of code $selections = array_map('intval', $_POST['selections']);

OK, this is splitting hairs and is really diving into the depths of semantics. But, I have to respond regarding the last two posts on what NULL represents. NULL does not, necessarily, represent an "unknown" value. It was originally used to represents a value that does not exist. An unknown value infers that there is a value or at least there could be a value. NULL is the absence of a value. In other words, it is known that there is no value. That is how I have always conceptualized NULL. If you look at the results I posted on the previous page isnull($var) and $var === NULL only return true when the value or $var is explicitly set to NULL or $var has not been set. Even if $var is set to an empty string it is not considered NULL because an empty string is a value. Let's just be glad that the concept of two different NULL types has never been implemented.

Try: $optionsHTML = "<option value='{$randomID}' selected='selected'>Random</option>\n" . $optionsHTML;

I looked at the page and it is very odd indeed, but I see what is happening and it is exactly as I described above. The reason it looks to be behaving differently is because the random VALUES are changing on reloading the page. Again, this is a behavior implemented in FF. I assume so a user doesn't lose their input on a form if they happen to hit refresh by accident. When the page first loads a select list might look like this: <select name="select"> <option value="2">Random</option> <option value="1">Option 1</option> <option value="2">Option 2</option> <option value="3">Option 3</option> </select> When the user refreshes the page FF will reset the value that is currently selected. In this case since no option was selected the first option, Random with a value of 2, is the one considered selected. However, when the user refreshes the page, the code to build the page will set a new value for the "Random" option. FF will look for the first option with the previously selected value (2). If the new value for Random was not 2 then FF will select "Option 2" because it's value is 2. An easy way to not have this behavior should be to also set the random options to be selected by default <select name="select"> <option value="2" selected="selected">Random</option> <option value="1">Option 1</option> <option value="2">Option 2</option> <option value="3">Option 3</option> </select>

I don't follow what you mean about it randomizing all the drop-downs. Are you really talking about POSTing here? One thing I've always notice about FF is that if you have a form that you've made selections/changes to and click refresh the page reloads with the same data displayed in the fields as if the site had scripted it for sticky form fields. But, FF is doing it automatically. If you select Ctrl-F5 it will do a hard refresh. If this is what you are talking about - it is a feature of FF. You can probably work around it if you need. Using a header() after a POST is a good way to clear the data to prevent a double post, but you could probably also use it to prevent this behavior in FF. But, I see no harm in it.

You need to debug your code. You have way too much going on in there for us to "see" the problem. You even have a lot of included JS files that could be causing a problem. Change the onsubmit action to call a function that just does a simple alert. If that works, then add back sections of code for the validation logic that you can test. If you add a section back and it fails then you know what needs to be fixed. However, if the simple alter does not fire, then there is something preventing the onsubmit trigger from calling the function. Many times this is due to a compilation error in the JavaScript. So, it could be in the JS on that page or in any one of the included JS files.

What error/problems are you experiencing? What have you tried and what were the results?

As per your regex, the problem is in your quantifier (i.e the '*'). '/name="action" value="(.*)">/' That '.*' is telling the regex engine to find every possible character, up to the LAST instace of '">'. So it is capturing the start of the value to the very last closing tag on the page (with a parameter) in it. You need to either make the quantifier lazy by using '.*?' (which is not too efficient) or better yet, change your expression to this: '/name="action" value="([^"]*)">/' So now, after it finds the matching text at the beginning (up to the opening quote for the value) it will capture all non-quote mark characters - up to the next quote mark. So the regex will be matching/returning the content of the value parameter as you wanted.

As I think Mahngiel was alluding to, an uploaded image will not be available from $_POST['field_name']. With file uploads the form needs to have the appropriate enctype and you need to reference the file differently using the $_FILES super global.

Well, it all depends on what you want to do with the error, but you could do something like this: if( ($_POST['type']=='faculty' && $_POST['course'] != 'na') || ($_POST['type']!='faculty' && $_POST['course'] == 'na')) { //Invalid } or you could just populate the course list without the 'na' option. Then, put some text on the form that when selecting 'student' that a course must also be selected. Then when the form is posted if faculty is selected just ignore the course selection. Also, why are you escaping the input for query use before you have done all your validations? That will lead to problems eventually.

Never, EVER run queries in loops. It is probably the most inefficient thing you can do. I've seen it bring servers to a crawl. Having said that, I tried looking at your logic and just couldn't focus enough to understand it and am not willing to invest the time. SO, I will provide some suggestions based upon what I see you are trying to achieve. First off, it appears you are wanting to show the vacation calendar for the entire calendar year. You might want to rethink that and create a process where you can specify the start and end periods to report on.The reason I say this is because when you get to December you are only going to be seeing data a few weeks out. You would probably want to see data into the next several months. Anyway, I would run ONE query to get all vacation plans by users where the end_date of the vacation is > the start date of the report AND the start_date of the vacation is < the end date of the report. That will get all the vacation plans that overlap any part of the report period. I would have the results ORDERED BY name, start date and then end date. Important the first table in the query should be the users table with a LEFT join on the other tables. This will ensure that all staff will be listed in the report even if they have no vacations planned yet. Next I would extract all the records from the results into a temporary array using the user id or name as the primary indexes and then sub arrays for each vacation request. Then I would start a process to create the calendar. As each day is being created I would check the first record in the sub array for each user. If the vacation period in that record is for the current day I would indicate that in the output. If the period for that record ends before the current day I would remove that record and look at the next one.