Daniel0

This is a help site. We help people, but don't do people's work for them.

What kind of files would that be? Maybe there exists an alternative converter for Linux.

You could check that the domain name actually exists.

Well, yeah, any valid email address matches that pattern.

Well, you need to build a server, install an operating system on it, hook it up to the internet, and install the necessary services as well. You need to lock it down with various security measures. You need to purchase a domain name and setup the DNS zones so the domain points to the IP address of your server. You need to upload your files (FTP/SFTP/SCP) or perhaps check it out from version control (SVN/CVS/Mercurial/Git) and setup the HTTPd. You'd probably have to setup a database as well. Surely you must know what you are doing when you deploy the website.

Maybe the package file is corrupted. Try downloading it again.

Use rm -rf directoryname. The -r flag means recursive and the -f flag means force (i.e. ask no questions). Be careful with that command though.

Insofar it's possible, I delegate the task of frontend design to someone who is better at making things pretty than I am. For that reason it makes sense for me to start with the database design based on the project's requirements. I would probably start with the database even if I would be the one designing the frontend as well. I'm more of a programmer than designer, so for me the essential part of the application is the database, and the application revolves around that and the contents within it. Exactly how the user interfaces with the data shouldn't have any impact on how it is stored. As I see it, you can completely revamp the UI without touching the database, but you cannot completely revamp the database without touching the UI because the UI is a visual representation of the database, so I think it's more important to have the database sorted out first.

The signatures use BBCode for formatting, like you do in the posts: http://www.phpfreaks.com/forums/index.php?action=help;page=post#bbcref (note that some of the ones listed there are disabled) PHP Freaks becomes PHP Freaks.

Maybe see this post where I gave an example of a simple filtering class: http://www.phpfreaks.com/forums/index.php/topic,253279.msg1189813.html#msg1189813 And my comments on it in a later post: http://www.phpfreaks.com/forums/index.php/topic,253279.msg1189922.html#msg1189922 You could probably borrow some of the logic in that to make a validation class.

Well, then fix it

I don't understand what you mean with "secure AJAX calls". Also, in your signature, you shouldn't have E_ALL & ~E_NOTICE, but E_ALL or even better E_ALL | E_STRICT. Notices should be fixed, not ignored.

You can have both case-sensitive and case-insensitive collations in MySQL. latin1_general_cs is case-sensitive for instance.

If you want to validate the format, then use this regular expression: (?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(??:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(??:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\]) http://tools.ietf.org/html/rfc2822#section-3.4.1

Right, so the table runeweb_forum_threads has a field called last_post. If this stores a date, order by that field. If it references a row in runeweb_forum_comments, then join the corresponding row and order by its date field. You should not store timestamps or dates as VARCHARs though, but rather as DATETIME or TIMESTAMP.

I meant the tables in your database.

When people ask me to enter my email twice, I copy it from the first field to the second field. Just saying. I think it's annoying having to repeat myself. I think it's annoying having to repeat myself.

I don't know. I'm sure you know how your application works better than I do. Maybe if you posted your how your topics and replies (or posts or whatever you call it) tables look like I could tell you.

Order your topics descendingly by the timestamp of its most recent reply.

http://www.php.net/manual/en/ini.core.php#ini.auto-prepend-file

Except it's modular, configurable and can be changed at run time. Yours is implementation specific and is determined at compile time. Imagine you have a class called Form, which has an aggregate of FormElements. You might have this: $form = new Form(); $form->addDefaultFilters(array('Trim')); $form->addElements(array( new FormElementText('username', array( 'label' => 'Username:', 'validators' => array( 'length' => array( 'type' => 'Length', 'options' => array( 'max' => 20, 'min' => 3, ), ), ), )), new FormElementText('birthday', array( 'label' => 'Birthday', 'filters' => array( 'date' => array('type' => 'NormalizeDate') ) 'validators' => array( 'date' => array('type' => 'Date'), ), )), new FormElementText('email', array( 'label' => 'Email', 'validators' => array( 'length' => array('type' => 'Email'), ), )), )); I introduced validators here as well, and those would be written sort of like the filters. Our Form can make form HTML markup, and it can validate and filter the submitted content. We would have abstract factories for both validators and filters, so calling e.g. FilterAbstract::factory('NormalizeDate') could give us an instance of a class called FilterNormalizeDate, which will convert various types of date input to ISO 8601 format. This would allow our users to enter e.g. "10th of April, 2009" or "April 10, 2009" without being told that they entered an invalid format. Each FormElement would proxy to the set validators, and a Form would be a chain validator for all its FormElements. Same thing for filtering. So we might do $form->setInput($_POST)->isValid(). This would iterate over all the aggregate elements setting the values, filtering it and checking if all the input is valid. Our FormElements and Form might have a method called render(), which would render it to HTML. Calling this on an object would automatically add the FilterXss filter (if it doesn't already exist in the chain) on the elements. You might have a class called DomainObject that represents, well, a domain object. This will map to a table row in a database. This class might have a method like this public function saveFromForm(Form $form). Some DBMS have native support parametrized queries, but others might not. Those database components that do not could ship with a filter for safe insertion, and add that filter to an element's chain when using the saveFromForm() method. Because of the way the filters were designed, a filter will only be run once even if you get the value multiple times, so existing filters wouldn't be applied multiple times. You now have a highly modular implementation for handling user input through a form in a secure manner. Of course because we decided to make a modular implementation, the filters and validators could be used in any arbitrary scenario where it is necessary to validate and/or filter some sort of value. Have you read any post in this thread. Filtering like that is not the way to go. Filter values as you need to.

Care to cite your sources?

I think it's a stupid function. Not very well designed. I'd do something this if you needed chain filtering: abstract class FilterAbstract { private $_options = array(); protected $_value; private $_rawValue; private $_filtered = false; public function __construct($value = null, array $options = array()) { $this->setValue($value)->setOptions($options); } public function setValue($value) { $this->_value = $this->_rawValue = $value; $this->_filtered = false; return $this; } public function getValue() { if (!$this->_filtered) { $this->_filter(); $this->_filtered = true; } return $this->_value; } public function getRawValue() { return $this->_rawValue; } public function setOption($option, $value) { $this->_options[$option] = $value; return $this; } public function getOption($option, $default = false) { if (!isset($this->_options[$option])) { return $default; } return $this->_options[$option]; } public function setOptions(array $options) { foreach ($options as $option => $value) { $this->setOption($option, $value); } return $this; } public function __toString() { return $this->getValue(); } public function filter($value) { return $this->setValue($value)->getValue(); } abstract protected function _filter(); } class FilterXss extends FilterAbstract { protected function _filter() { $this->_value = htmlentities( $this->getRawValue(), ENT_QUOTES, $this->getOption('charset', 'ISO-8859-1') ); } } class FilterTrim extends FilterAbstract { protected function _filter() { $this->_value = trim( $this->getRawValue(), $this->getOption('charlist', " \t\n\r\0\x0B") ); } } class FilterChain extends FilterAbstract { private $_filters = array(); public function addFilter(FilterAbstract $filter) { $this->_filters[] = $filter; return $this; } public function addFilters(array $filters) { foreach ($filters as $filter) { $this->addFilter($filter); } return $this; } protected function _filter() { $value = $this->getRawValue(); foreach ($this->_filters as $filter) { $value = $filter->filter($value); } $this->_value = $value; } } $xssFilter = new FilterXss(); echo $xssFilter->filter('<b>Hello</b>') . PHP_EOL . PHP_EOL; $trimFilter = new FilterTrim(); echo $trimFilter->filter(' test ') . PHP_EOL . PHP_EOL; $chainFilter = new FilterChain(); $chainFilter->addFilters(array($xssFilter, $trimFilter)); echo $chainFilter->filter(' <b>hello</b> '); Output: <b>Hello</b> test <b>hello</b>

You know, there is a reason why magic_quotes is deprecated.

You shouldn't apply filters on all values in $_GET/$_POST/$_REQUEST. Do it when you need it instead.