Psycho

To reference the array you would do this: document.formname['fields[]'] So, to validate that the first field has a value the code would look like this if(!document.formname['fields[]'][0].value) { alert('Oops!'); return false; }

Um: function updateList1(optionValue) { document.getElementById('list2').disabled = (optionValue!='1'); document.getElementById('list3').disabled = (optionValue!='2'); if (optionValue=='3') { alert('foo'); } }

He may not know - specifically. I currently have hundreds of emails from "Bank of America" that were trapped by my company's spam filter. All of them are asking me to log in and verify information, get a free upgrade, etc., etc. However, I am not a customer of Bank of America. The a**hole sending those emails is simply spamming as many email addresses as possible in hopes that some will click the links and attempt to log in. The internet has made this type of scam very cheap and easy. If a spammer gets only .01% of people to actually fall for the scam and he sends emails out to 1,000,000 people, then that would equate to 100 people that he now has their banking login credentials. The solution is simple - always validate/cleanse ANY user input. This includes POST, GET & COOKIE values. If the value passed in a URL/form/cookie is supposed to be an integer, then make sure it is. Always use mysql_real_escape_string() on anything used in a query. The bottom line is never trust anything - if I save a user submitted value as a session variable I will validate before saving and when retrieving it - because I'm that anal about it. I'm by no means perfect, but the problem I see all the time is where people think that they are "hard coding" the value for the user to select, so they don't include any validation. One example would be a link to a "profile" page which passes an ID in the URL. Since the developer creates the links for the user he may think he doesn't need to validate the ID, but the user can type anything they want into the address bar. Another one is select lists. I've seen some people who think that they do not need to validate select list values because the user can only select the values they give them, right? That is unless the user creates their own form to post to the site. For me the problematic issue is what to do with user submitted data that gets saved to the database which 1) can be displayed in HTML content and which 2) can be edited by the user. In these situations I prefer to save the content as-is to the database (using mysql_real_escape_string(), of course), but to then use htmlspecialcharacters() or some other method when displaying the input to the page. That way if the user needs to modify their content, I can repopulate a textbox/textarea with the original content. If you use htmlspecialcharacters() before saving to the database, the text may be unusabe for editing. The bottom line is to always think about how the data is going to be used and to validate and cleanse it appropriately.

It works for me in IE7 but not in FF3. I believe the problem is that your reference to the other two select lists is not complete. It looks liek the code is trying to reference them only by their name, but not giving any "context" of that name. If they were in a form you could reference them via the form object like so document.forms['formName'].elements['fieldname'] But, in this case I would just use getElementById(). Also, you don't need full If/Esle satements, simply assign the disabled value of the other two select lists based upon the value of select list 1. function updateList1(optionValue) { document.getElementById('list2').disabled = (optionValue!='1'); document.getElementById('list3').disabled = (optionValue!='2'); }

So? You should always have appropriate validation and error handling for user submitted data. What do you base that on? I would guess the overhead of encrypting/unencrypting you are doing would be more costly. If you want to save all POST values to the session, it only takes two lines of code unset($_SESSION['post']); //remove prev. values $_SESSION['post'] = $_POST; //Add new post values Not in my opinion, you should still validate the data. If you don't want the user accessing the data, use SESSION PHP does what you tell it - just like any programming language. The quality of the code is only as good as the logic used. This is precisely the reason I would suggest that doing all this is pointless. You are introducing more complexity into the process than you need to. If something goes wrong you won't know if it's due to the obfuscation of the GET vars or in some other logic.

I'm no expert, but I believe you need to send the connection info in clear text, so I think that trying to encrypt the password would be useless - you would have to include the functionality to unecrypt it in the script anyway. So, if someone had access to the config settings, they would also have access to the manner to unencrypt it. The best solution I cna think of is to NOT include the code with the database connection info within the webroot directory or sub directories. Put it in a directory not accessible via the web. Take a look at this tutorial: http://www.phpfreaks.com/tutorial/php-security/page1

So what is the problem with simpy validating the parameters passed on the query string? All I see is an overcomplex method of masking the values in a query string. If these values are confidential you shouldn't be passing them through GET anyway. Personally I have no fear of passign data through GET when it suits me because I always validate user input.

You are going to have to try and rephrase your question as it is not at all clear what you are trying to achieve.

If a checkbox is not checked then nothing is submitted for the field in the POST data - not a null value, an empty string, etc. The POST array will not include an index for that field. So, using isset() is the right approach. But, the implementation needs to be tweaked. When the checkbox isn't checked you are setting the variable $history to an empty string. Then you attempt to perform an explode() on that, thus the error. So, if my assumptions are correct IF the checkbox(es) are checked you want a string of the valuess that are comma separated, otehrwise you want an empty string. $history = (isset($_POST['history']) && is_array($_POST['history'])) ? implode(', ', $_POST['history']) : '';

Then you would need to concatenate the queries into one string, and run that. I think you would just delimit the queries using a semicolon. If all the records use the same field name for the id then jsut create a loop to go through each table by name and do the delete operation for any record where the field value is the vale you are searching for. Personally, I wouldn't do such a thing. When dealing with databases I think the developer should be explicit in every action that is taken. The developer should state precisely what tables to delete data from and exacty why. Trying to automate this only has the potential to cause problems. This is the perfect scenario for the creation of a class where you could create all the delete operations individually and then chain them as necessary.

How is that complicated? That is basic database maintenance. Just include the appropriate table names and column names. mysql_query("DELETE FROM table1 WHERE user_id='{$userID}'"); mysql_query("DELETE FROM table2 WHERE user_id='{$userID}'"); mysql_query("DELETE FROM table3 WHERE user_id='{$userID}'"); mysql_query("DELETE FROM table4 WHERE user_id='{$userID}'");

Yeah, I misread your examples. It didn't make sense to me whythere should be an OR there, but I was just following what I "thought" you asked for. cbolson's fix should do the trick. I also noticed another minor bug. I made a last minute change and didn't make all the needed changes for that. change this line $output = "The Site you selected is: $site<br />\n"; To this in order for the site name to be displayed $output = "The Site you selected is: {$_POST['site']}<br />\n"; I primarily rewrote the code to hopefully show some better techniques to use and a more fluid flow for the logic. For example, by putting the values into arrays you can easily modify the selections on the page by simply adding/editing/removing values from the arrays - the logic is totally unaffected. Likewise, you'll notice I did not intermingle the logic and the HTML. The logic does all the comparisons and prepatory work and creates variables as needed. Personally, I would probably break the code into three different files using includes() as needed. I would put the arrays into a single file (or maybe a file for each). And, I would put the html code into it's own file. You would then have three different files for data, logic, and the display.

Give this a go. Much more manageable than what you have now. Let me know if you have any questions. <?php $site_list = array( ' RapidShare.com' => 'rapidshare.com/users/', ' Rapidshare.de' => 'rapidshare.de', ' MegaUpload.com' => 'megaupload.com', ' HotFile.com' => 'HotFile.com', ' FileDropper.com' => 'filedropper.com', ' FileQube.com' => 'fileqube.com', ' Rapidshare.de' => 'rapidshare.de', ' MyFreeFileHosting.com' => 'myfreefilehosting.com', ' FileDen.com' => 'fileden.com', ' Easy-Share.com' => 'easy-share.com', ' FileFactory.com' => 'filefactory.com', ' Uploading.com' => 'uploading.com', ); $filetype_list = array ( '.txt', '.bmp', '.gif', '.jpg', '.png', '.psd', '.psp', '.pdf', '.mp3', '.wav', '.wma', '.avi', '.flv', '.mov', '.mp4', '.swf', '.wmv', '.exe', '.gz', '.pkg', '.rar', '.zip', '.iso', '.torrent' ); $form = false; $output = ''; if(!isset($_POST['site'])) { $form = "Choose a site to search::<br />\n"; //Create radio group for site selection foreach($site_list as $siteName => $siteURL) { $form .= "<input type=\"radio\" name=\"site\" value=\"{$siteURL}\" /> {$siteName}<br />\n"; } } elseif(!isset($_POST['filetypes'])) { $form = "Choose File Types to Search:<br />\n"; $form .= "<input name=\"site\" type=\"hidden\" value=\"{$_POST['site']}\">"; //Create checkboxes for file type selection foreach($filetype_list as $fileType) { $form .= "<input type=\"checkbox\" name=\"filetypes[]\" value=\"{$fileType}\"> {$fileType}<br />\n"; } } else { $typesAry = $_POST['filetypes']; $link = "http://JneroCorp.com/?q=" . implode('+OR+', $typesAry) . "+OR+site:http://{$_POST['site']}/"; $output = "The Site you selected is: $site<br />\n"; $output .= "The Filetypes selected are: " . implode(', ', $typesAry) . "<br /><br />\n"; $output .= "Link: <a href=\"{$link}\">{$link}</a>\n"; } if ($form!=false) { $output = " <div style=\"border: 2px #bbe2ef solid; background: #f0fbff; padding: 12px; width: 270px; margin: 25px auto 0 auto;\"> <form method=\"post\" action=\"{$_SERVER['PHP_SELF']}\"> {$form} <br /> <input name=\"submit\" type=\"submit\" value=\"Next Step!\" /> </form> </div>"; } ?> <html> <head></head> <body> <?php echo $output; ?> </body> </html>

I run it by initiating the process via button on the web page. The process I built above was meant to be initiated by the user and not a nightly process. But, as I first stated, this would be a whole lot easier to help with if the end goal was better explained. How do you run the AJAX code? Via a cron job or what? Good question.

If you would give a better explanation of what you are trying to achieve a suitable answer might be given. The AJAX idea could definitely be a viable one. I have some code to process thousands of folders with files int hem. Rather than do them all in one shot I have the script first "grab" all the folders and paths and store them in the db, then each successive AJAX call will process the next folder. Each time a folder completes the AJAX function on the client page is triggered and will send a another request that processes the next folder. This all continues indefinitely until the last folder is processed and an appropriate code is returned back to the page making the AJAX call and it then ends.

Ok, you do realize that there is a built-in function within PHP to do exactly what you asked for which Mark Baker first suggested, right? But instead you decide to build a customer function for something PHP already does. Brilliant! You could replce those four lines of code with just this echo number_format($row_RSInvoiceHeader['Invoice_Total'], 2);

No reason that shouldn't work, but that function is way more overly complicated than it needs to be. This will do the same thing much more efficiently: function autopad($array=array(), $length=0) { $outputSize = abs((int)$length); while($outputSize>sizeof($array)) { $arrSize = sizeof($array); $array = array_merge($array, array_slice($array, 0, Min(($outputSize-$arrSize), $arrSize))); } return $array; } After further review, the original code is even more flawed than I thought. In addition to the inefficient logic, the orignal code would continue merging the original array into the output array until the length was met. So, if the original array was 10 elements long and you needed it to be 100 elements long, it would take 9 loops to get to that length. The code I posted will add the "current" array to itself until it reaches thecorrect length. Therefore on each cycle of the loop, the current array is twice the size it was on the last cycle. To get to 100 records a 10 record array would need only 4 cycles of the loop: Original: 10 First cycle: 20 (10 + 10) Second cycle 40 (20 + 20) Third cycle 80 (40 + 40) Fourth cycle 100 (80 + 20) As you can see the reduction in processing will be exponential the larger you need the output to be. Using the larger of your sample arrays above with an output size of 3000, the original function required 272 loops, wheras the second function only required 9.

Several problems there. 1. You are trying to run a function within the query string. If you need to run a function on a value it needs to be outside the delimiting strings. 2. You can run htmlspecialchars() on the values before inserting into the database, but I would suggest against it. If youneed a method for those values to be edited you will have to find a way to revert the code to it's original state - which may not always be possible. I suggest saving the data "as entered" into the database, then use the approritate method when displaying the value. So if you are displaying the value on the page in the HTML content then use htmlspecialchars(). But, if you need to poulate the text back into the textarea to be edited, then you don't need to do anything. However, you should always use mysql_real_escape_string() when saving user submitted values to the db. Your query could look something like this: $employee_id = mysql_real_escape_string($_POST['employee_id']); $employee_name = mysql_real_escape_string($_POST['employee_name']); $assessor_id = mysql_real_escape_string($_POST['assessor_id']); $assessor_name = mysql_real_escape_string($_POST['assessor_name']); $sql="INSERT INTO table (employee_id, employee_name, assessor_id, assessor_name) VALUES ('$employee_id','$employee_name','$assessor_id','$assessor_name')";

Yes, number_format() is what you want. $original = 12.3456789; $two_decimal = number_format($original, 2); //Output: 12.35 It will also have the effect of increasing the value to two decimals if less than two. In addition, it will round the value to two decimals if needed.

Yes absolutely. The implementation would depend upon if the options are fixed or are coming from a database list, but the logic is similar (this also works for SELECT lists). The examples below assume that the list is fixed, so I will use an array for the available options/values: First create an array with the checkbox values and titles $option_list = array( 'a' => 'Apples', 'b' => 'Bananas', 'c' => 'Cucumbers' ); Then, set a variable to the POSTed value (if it was submitted) just like the other values $option = (isset($_POST['option'])) ? trim($_POST['option']) : ''; Add the following validation if(!in_array($option, array_keys($option_list))){ $errors[] = "The option is invalid"; } Next, at the top of the form page, create code to generate the HTML code for the options (selecting the option that was posted) $optionHTML = ''; foreach($option_list as $opt_value => $opt_text) { $checked = ($option==$opt_value) ? ' checked="checked"' : ''; $optionHTML .= "<input type=\"radio\" name=\"option\" value=\"{$opt_value}\"{$checked} />{$opt_text}<br /> "; } Then just include the options within your form. Here is the original code with the above implemented (NONE OF THIS IS TESTED): <?php $option_list = array( 'a' => 'Apples', 'b' => 'Bananas', 'c' => 'Cucumbers' ); //Set fields based upon posted values or empty string $name = (isset($_POST['name'])) ? trim($_POST['name']) : ''; $tel = (isset($_POST['name'])) ? trim($_POST['tel']) : ''; $option = (isset($_POST['option'])) ? trim($_POST['option']) : ''; $email = (isset($_POST['email'])) ? trim($_POST['email']) : ''; $subject = (isset($_POST['subject'])) ? trim($_POST['subject']) : ''; $message = (isset($_POST['message'])) ? trim($_POST['message']) : ''; $error_msg = ''; //Perform the validations if(isset($_POST['submit'])){ $errors = array(); if(empty($name) || strlen($name) < 6 ){ $errors[] = "The name is invalid"; } if(empty($email)){ $errors[] = "The email is invalid"; } if(empty($subject)){ $errors[] = "The subject is invalid"; } if(empty($message)){ $errors[] = "The message is invalid"; } if(!in_array($option, array_keys($option_list))){ $errors[] = "The option is invalid"; } if(empty($errors)) { //No errors send email mail( MAIL_DETAILS ); //Use an include/header here to show a properly formatted thank you page echo "Thanks for your contact!"; exit(); } else { //Errors occured, set the error message to be displayed on the form $error_msg = "The following errors occured<br /> "; $error_msg .= "<ul> " . implode('</li> </li>', $errors) . "</li> </ul> "; } } //Include the form here //Will show if page was not posted of if there were errors include('the_form.php'); ?> <?php $optionHTML = ''; foreach($option_list as $opt_value => $opt_text) { $checked = ($option==$opt_value) ? ' checked="checked"' : ''; $optionHTML .= "<input type=\"radio\" name=\"option\" value=\"{$opt_value}\"{$checked} />{$opt_text}<br />\n"; } ?> <br /> <?php echo $error_msg; ?> <form method="post" action="contact_CHECK.php" onsubmit="return validateForm(this)"> <table width="484" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="160">Name: *</td> <td width="23"> </td> <td colspan="2"><input type="text" name="name" id="name" value="<?php echo $name; ?>" /></td> </tr> <tr> <td>Telephone number:</td> <td> </td> <td colspan="2"><input type="text" name="tel" id="tel" value="<?php echo $tel; ?>" /></td> </tr> <tr> <td>Email address: *</td> <td> </td> <td colspan="2"><input type="text" name="email" id="email" value="<?php echo $email; ?>" /></td> </tr> <tr> <td>Options: *</td> <td> </td> <td colspan="2"><?php echo $optionHTML; ?></td> </tr> <tr> <td>Subject: *</td> <td> </td> <td colspan="2"><input type="text" name="subject" id="subject" value="<?php echo $subject; ?>" /></td> </tr> <tr> <td valign="top">Message: *</td> <td> </td> <td colspan="2"><textarea name="message" id="message" cols="40" rows="15"> value="<?php echo $message; ?>"</textarea></td> </tr> <tr> <td> </td> <td> </td> <td colspan="2"> </td> </tr> <tr> <td> </td> <td> </td> <td width="90"> </td> <td width="211"><input type="reset" name="reset" id="reset" value="Reset" /> <input type="submit" name="submit" id="submit" value="Submit" /></td> </tr> </table> </form>

The solution is simple, but first you would have to fix your validation code. You are setting the variable $name to each of the POSTed values. That is obviously a mistake. You should be setting $name = $_POST['name'], $email = $_POST['email'], etc. However, you are only setting those values if the validation for the field passes. No need for that, if ALL validations do not pass you wont send the email anyway. I would set those values by default. Then on the form, use those variables to populate the value of the fields (when validation fails). Here is what I would do Validation page <?php //Set fields based upon posted values or empty string $name = (isset($_POST['name'])) ? trim($_POST['name']) : ''; $tel = (isset($_POST['name'])) ? trim($_POST['tel']) : ''; $email = (isset($_POST['email'])) ? trim($_POST['email']) : ''; $subject = (isset($_POST['subject'])) ? trim($_POST['subject']) : ''; $message = (isset($_POST['message'])) ? trim($_POST['message']) : ''; $error_msg = ''; //Perform the validations if(isset($_POST['submit'])){ $errors = array(); if(empty($name) || strlen($name) < 6 ){ $errors[] = "The name is invalid"; } if(empty($email)){ $errors[] = "The email is invalid"; } if(empty($subject)){ $errors[] = "The subject is invalid"; } if(empty($message)){ $errors[] = "The message is invalid"; } if(empty($errors)) { //No errors send email mail( MAIL_DETAILS ); //Use an include/header here to show a properly formatted thank you page echo "Thanks for your contact!"; exit(); } else { //Errors occured, set the error message to be displayed on the form $error_msg = "The following errors occured<br /> "; $error_msg .= "<ul> " . implode('</li> </li>', $errors) . "</li> </ul> "; } } //Include the form here //Will show if page was not posted of if there were errors include('the_form.php'); ?> Form page (the_form.php) <br /> <?php echo $error_msg; ?> <form method="post" action="contact_CHECK.php" onsubmit="return validateForm(this)"> <table width="484" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="160">Name: *</td> <td width="23"> </td> <td colspan="2"><input type="text" name="name" id="name" value="<?php echo $name; ?>" /></td> </tr> <tr> <td>Telephone number:</td> <td> </td> <td colspan="2"><input type="text" name="tel" id="tel" value="<?php echo $tel; ?>" /></td> </tr> <tr> <td>Email address: *</td> <td> </td> <td colspan="2"><input type="text" name="email" id="email" value="<?php echo $email; ?>" /></td> </tr> <tr> <td>Subject: *</td> <td> </td> <td colspan="2"><input type="text" name="subject" id="subject" value="<?php echo $subject; ?>" /></td> </tr> <tr> <td valign="top">Message: *</td> <td> </td> <td colspan="2"><textarea name="message" id="message" cols="40" rows="15"> value="<?php echo $message; ?>"</textarea></td> </tr> <tr> <td> </td> <td> </td> <td colspan="2"> </td> </tr> <tr> <td> </td> <td> </td> <td width="90"> </td> <td width="211"><input type="reset" name="reset" id="reset" value="Reset" /> <input type="submit" name="submit" id="submit" value="Submit" /></td> </tr> </table> </form>

Yes, that is what is says.

No, it means it is available in PHP 5, specifically in versions 5.2.3 or higher.

You page has many different forms and I'm not sure what validation should be run for one or another. But, as Nightslyr stated, you just need on onsubmit trigger for the form. The function that is called should ultimately return true (to submit the form) or false (do not submit the form) whenthere is a problem. Here is a simple example <html> <head> <script type="text/javascript"> function validateForm(formObj) { if (formObj.uname.value=='') { alert('You must enter a name'); return false; } //No errors occured return true; } </script> </head> <body> <form name="test" onsubmit="validateForm(this);"> Name: <input type="text" name="uname"> <br /> <button type="submit">Submit</button> </form> </body>

You need to provide more information and some of your actual code. There's nothing about posting data that will strip the spaces by default, so you have an error in your code - which you didn't post. Even the code you did post isn't correct. On the output you only show code that echos the Last name and the age, but you show the first name displayed. Did you check the generated HTML code to see if the entire value is there and possibly not shown because of an HTML format problem?