Psycho

The request would be server -> payment gateway, not client -> server. Exactly! The 3rd party site has to provide the CC processor with the amount to be charged. What we are talking about here is an ordering workflow where the application calculates the order total at the beginning of the checkout process and then passes that total through several pages to complete the order. It is a fairly simple task to manipulate values in a hidden field. So, it would be foolish to rely upon that calculated value once it is submitted from the client to the next page. Just calculate the total and stare it as part of the order in the DB.

"Critical" in this sense is any data that you do not want the user to control or have access to. Amazon wouldn't calculate the total for your order and then populate a hidden field with that value to propagate the total through the pages to complete the order. If they did, there would be thousands of people placing orders with a cart total of $0.01 by manipulating the data.

And what problems are you having with your current code? Your explanation is unclear. When you say " . . . if published year comes before the birth year, append this entry to a new text file." I have no idea what you mean. Are you wanting to edit the text file being read to remove that content and put into a new text file? If so, how to determine what the new text file will be named? As far as You will need to read all of the data into an array and then parse the values to find those records. Or, you could put this data into a database where it belongs and make everything much easier.

$myName = 'Alison'; $maxLetters = strlen($myName); $randIndex = rand(0, $maxLetters-1); $randLetter = substr($myName, $randIndex, 1); echo "Random letter from \$myName '{$myName}': Index {$randIndex}, Letter {$randLetter}";

Read the manual. The substr() function only takes one parameter for the start position. So, if it was to go from 0 to n from the right side it would then need another parameter to know if the index is from left to right or right to left. Instead, positive numbers indicate left to right and negative numbers mean right to left. Look at all the examples in the manual and it should start to make sense for you.

@benanamen: This is bad advise. You should never use hidden fields to pass 'critical' data to be relied upon. All data passed via GET, POST, COOKIE, etc. should assumed to be malicious, tainted, etc. It is a trivial task to manipulate data in a hidden field. Hidden fields have their purpose but, in this case, there is no good reason to use it since you would have to compare the POST value to what is in the DB on each submission anyway. So, the logical solution is to just rely upon the DB value anyway.

This makes no sense $_POST['grand_total'] = $_SESSION['grand_total']; What is the purpose of setting the value of a POST value? I will assume that you have code that was hard-coded to use the value sent via POST and instead of refactoring that code you decided to just overwrite the POST value using the SESSION value. I would highly recommend refactoring the code to correctly use the appropriate value. If you have code that is referencing POST values when you aren't actually using them it will lead to confusion later on. Secondly, why use SESSION at all? You should have a DB record for the order and you can get the current/correct value on any page load that you need it. Session data can be hijacked. I'm not an expert on all the vector points of attack and someone would need to review more of your code to know if you are at risk. But, using the data stored in the DB is far safer.

There is a freelance forum if you want to find someone to do work for you at a price

+1. I "mostly" follow those standards with only a couple exceptions. But, as Jacques1 states, consistency is key. But, I would definitely try to somewhat follow a common standard. Even if you are the only one that will work on the code it would be worthwhile when requesting help on this forum. And, as others have stated USE COMMENTS.

This forum is for people to get help with code they have written. Copy/pasting a ton of code and asking us to try and decipher it is a lot to ask from people providing support for free. Can you show the specific code for retrieving/displaying the content on the players_13 page?

You'll have to wait for this one. Shuffle really isn't 'random' - it took 245,760 iterations to get the value (every time) on my machine. $letters = array('H','e','l','l','o',',',' ','W','o','r','l','d','!'); $string = ''; while($string != 'Hello, World!') { shuffle($letters); $string = implode('', $letters); } echo $string;

This code grabs the text from this forum post. Sort of a recursive implementation. $url = 'http://forums.phpfreaks.com/topic/298555-skinning-a-cat-or-how-many-ways-to-output-hello-world/'; $content = file_get_contents($url); $output = preg_match("#Or how many ways to output ([^\)]*)#", $content, $match); echo str_replace('"', '', $match[1]);

foreach(array(72,101,108,108,111,44,32,87,111,114,108,100,33) as $l) { echo chr($l); }

Well, if we're just showing different ways to skin a cat: $fun = array( 'First Word' => 'Programming', 'Second Word' => 'in', 'Third Word' => 'PHP', 'Fourth Word' => 'is', 'Fifth Word' => 'fun!', 'Programming in PHP is fun!' ); $fullSentence = array_pop($fun); foreach($fun as $key => $val) { echo "$key, $val<br />"; } echo $fullSentence;

How you do this depends on how you will use it. You are pulling financial data from Yahoo. If you were to have a LOT of requests, Yahoo could block you. How often is the data updated? It may make sense to parse the data and store it for repeated requests for some amount of time then, after that time expires, fetch new data. But, that's really a different questions. Also, do you ONLY need the date with a specific date? If so, add the logic to the code that reads the data. So, to your code. If the resources is really a CSV file, then the current process is flawed. You don't need to split using \n or on the commas. In fact, that can break if there are other line breaks or commas in the data. PHP has functions for reading csv files which you should use: http://php.net/manual/en/function.fgetcsv.php When reading each line, you will want to test the date field to see if it matches the ones you are looking for. Without knowing the format of that field it is impossible to provide any sample code. Run your code above and change the for loop to this and show us the output for($i=0;$i<count($lines);$i++) { echo "<pre>".print_r($lines[0], true)."</pre>"; }

sigmahokies, You need to understand that just because something works does not mean it is correct. I can store a user's password in plain text in the database and it will work, but is absolutely wrong. Yes you "can" pass all of the data and it will work. But, it is not correct and will eventually cause you problems either in this project or another one some time later if you do the same thing. You should treat ALL user supplied data as "dirty". It could be that something is corrupted unintentionally or, worse, it malicious data intended to do harm. For your page above, it should only accept the ID for the process of setting up the form for edit. The code should do a SELECT query to get the current data instead of relying upon data submitted by the user via $_GET. Here is a quick rewrite of your code in a more logical format. This is not what I would consider complete, but is more complete than the current code and shows an example of a logical flow. There may be some minor errors in syntax as I did not test it. <?php $Garydb = mysqli_connect("XXXXX","XXXXX","XXXXX") or die("Could not connect MySQL Database"); mysqli_select_db($Garydb, "XXXXX") or die("Could not find a Database"); $response = ''; if(isset($_GET['id'])) { //User passed the ID of a record to be updated //Get current values to populate form field $id = intval($_GET['id']); $query = "SELECT First_name, Last_name, Locations, birthdate, Email FROM WHERE ID = {$id}"; $result = mysqli_query($Garydb, $query); if(!mysqli_num_rows($result)) { //No record matching the passed ID $response = 'Error: No record matching requested id.'; } else { //Define variables for form fields from current DB result $row = mysqli_fetch_assoc($result); $first_name = $row['first_name']; $last_name = $row['last_name']; $locations = $row['locations']; $birthdate = $row['birthdate']; $email = $row['email']; } } elseif ($_SERVER['REQUEST_METHOD']!='POST') { //User posted a form if data to be updated for a record $id = intval($_POST['id']); $first_name = trim($_POST['first_name']); $last_name = trim($_POST['last_name']); $locations = trim($_POST['locations']); $birthdate = trim($_POST['birthdate']); $email = trim($_POST['email']); if ($id && $first_name && $last_name && $locations && $birthdate && $email) { //All the posted value are not empty/zero //Should really have better validation logic $update = "UPDATE Members SET FirstName = '$first_name', LastName = '$last_name', Locations = '$locations', birthdate = '$birthdate', Email = '$email' WHERE ID = $id"; if(!mysqli_query($Garydb, $query) || ) { //Query failed $response = 'Error: Unable to update record.'; } elseif(!mysqli_affected_rows($link)) { //No records were updated. Record may have been deleted or ID manipulated $response = 'Error: No records updated.'; } else { $response = 'Record was updated.'; } } else { //Not all fields have values or non-zero $response = 'Error: Missing data required for update.'; } } else { //No POST or GET data submitted $response = 'Error: No data received.'; } ?> <!doctype html> <html> <head> <title>Update Members info</title> </head> <body> <?php //If there was a response, show it. Else show form. if($response) { echo "<div style=\"color:red;\">{response}</div>"; //Could add a link to go back to a listing page or somewhere appropriate } else { ?> <form action="insert.php" method="POST"> <table> <tr> <td>Identify Number:</td> <td><?php echo $id ?><input type="hidden" name="id" value="<?php echo $id; ?>"</td> </tr> <tr> <td>First Name:</td> <td><input type="text" name="first_name" value="<?php echo $first_name; ?>"></td> </tr> <tr> <td>Last Name:</td> <td><input type="text" name="last_name" value="<?php echo $last_name; ?>"></td> </tr> <tr> <td>Locations:</td> <td><input type="text" name="locations" value="<?php echo $locations; ?>"></td> </tr> <tr> <td>birthdate:</td> <td><input type="text" name="birthdate" value="<?php echo $birthdate; ?>"></td> </tr> <tr> <td>Email:</td> <td><input type="text" name="email" value="<?php echo $email; ?>"></td> </tr> <tr> <td colspan="2"><button type="submit">Update</button></td> </tr> </table> </form> <?php } ?> </body> </html>

Your UPDATE query has a WHERE clause as follows: WHERE ID='$id' The value of $id is defined here: $id = $_GET['id9']; However, there is no 'id9' field in your form. You provided a name for a TD element <td name="id9"><?php echo $edit ?></td> A TD element is not a form field and will not be included in the data passed with the form submission. You should use a hidden input field - although I usually use a text field at first so I can ensure the field is getting populated. There is a lot wrong with what you are doing. I hope this is just a learning exercise.

I provided a link to the manual page for the function. All you need to do is sort($myArray); and the elements in the array will be sorted.

Use the sort() function.

According to this post, for what appears to be the same issue, the OP found that his host supported PHP5 but parsed php files using PHP4 by default. He solved the issue by naming his files with a .php5 extension. I know some hosts also allow you to set the default parsing method.

The data you are receiving it url encoded. So, you should decode it first. Then parse the data into the specific values. You can then save the individual values into appropriate database fields. Rough example: $stringFromJava = "4%2C3%2C4%2C3%20%2C4%2C3%2C4%2C3%20%2C2%2C3%2C2%2C3%20%2C3%2C3%2C3%2C3%20%2C3%2C3%2C3%2C3%20"; $stringFromJava = urldecode($stringFromJava); $outputAry = array(); $groups = explode(' ', $stringFromJava); foreach($groups as $group) { $valuesAry = array(); $values = explode(',', $group); foreach($values as $value) { //If value is not numeric, skip it if(!is_numeric($value)) { continue; } //Add value to group values array $valuesAry[] = $value; } //Add validation logic for the group if(count($valuesAry) != 4) { continue; } $outputAry[] = $valuesAry; } echo "<pre>" . print_r($outputAry, TRUE) . "<pre>"; Output: Array ( [0] => Array ( [0] => 4 [1] => 3 [2] => 4 [3] => 3 ) [1] => Array ( [0] => 4 [1] => 3 [2] => 4 [3] => 3 ) [2] => Array ( [0] => 2 [1] => 3 [2] => 2 [3] => 3 ) [3] => Array ( [0] => 3 [1] => 3 [2] => 3 [3] => 3 ) [4] => Array ( [0] => 3 [1] => 3 [2] => 3 [3] => 3 ) )

Sounds like you have a string and not an array - what is the DB field type that you are storing this in. Would seem this needs to be sanitized as a string. But, . . . If you are storing data as comma separated values into a DB, then you are doing it wrong. Without knowing what the data represents, it is impossible to provide concrete advice. But, I would think this should be stored in a single separate table. I will assume each "group" of numbers is a record and each value in the group correlates to different values. So, you might have a table that has fields such as this: id: primary key for the 'array' records rec_id: a foreign key reference to the records for which this data is associated with val_1: the first value val_2: the second value val_3: the third value val_4: the fourth value Obviously, the fields shoudl be given more descriptive names. But, that format allows you to associate one or more "records" (e.g. 1,2,3,4) to some other entity.

Because he doesn't know the full scope and purpose of your database. I agree with Jacques1 in that you should not delete rows from one table just to populate the same data into another table. There are some legitimate reasons why that might be appropriate, but I'm confident that is not the case here. If you need the data for historical purposes, just have a column in the table for a "deleted" flag. Then, YOU need to analyze your table. Are there columns that need to be unique (other than an internal primary key)? If so, those constraints could be moved to the business logic. But, assuming there are no unique fields other than the primary key it is much simpler. Then you would just need to make one last decision. It is assumed that most/all current queries should not return/operate on these "deleted" rows. depending on how many queries you have already built and/or the complexity you expect there will be you could 1) Modify the queries to exclude/include the deleted records as needed or 2) Create a VIEW with the records already filtered based on the deleted field and user that in the applicable queries.

Create a function and call it within the ajax response code. Here is some untested code: In the ajax response code, something like: updateSeatsAvail($('input[name="seatch"]'), response.seats); function updateSeatsAvail(selObj, seats) { selObj.empty(); //Remove current seat options for(var seat=0; seat<=seats; seat++) { selObj.append($("<option></option>").attr("value", seat).text(seat)); } }

Let me state it simply. You cannot send/set headers if any output has been made to the browser. The includes echo/print statements as well as any content not within PHP tags. In the code you just posted there is such content: $_X=base64_decode($_X);$_X=strtr($_X,'SgPO9YZWFKmqyfxcjLJRzuM5vNts1b.{B4nC]i/2Dl0EheA [d8=Qp>VXo H}6GIw7ka3TrU<','=R9odmplAEPyk8gv[53xrMezqZHi7YhW<DsG{>CcX}1N/afj6]JtuS .BUnwVKLQO20ITF4b');$_R=str_replace('__FILE__',"'".$_F."'",$_X);eval($_R);$_R=0;$_X=0; ?> <<== this would be output to the browser of at least two line breaks characters! <?php /** * * @ Universal Decoder PHP 5.2 Let me also try to again explain WHY this is the case. Your browser uses the headers to determine how to handle the content that it will be sent. It may be an HTML page, a download, a PDF, etc. The browser will do different things for each of those situations. If the browser receives headers that it will be sent an HTML page, but is instead sent a PDF file you will see a lot of "junk" displayed in the browser. That is why the headers must all be sent before any content is sent. As soon as any content is detected by the browser (even a space or line break) it has to commit to how it will process that content.