Daniel0

You include files using preprocessor directives (the ones starting with a hash sign).

45/219

You could also use mcrypt.

No, it'll be safe for everything. <?php $pdo = new PDO('mysql:dbname=test;host=localhost', 'root', 'password'); $statement = $pdo->prepare('SELECT * FROM users WHERE username = ? LIMIT 1'); $user = $statement->execute($_GET['username'])->fetch(); ?>

Use prepared statements with PDO.

PHP Freaks Forums > General Discussion > Miscellaneous > Topic: any visual css editor script It was moved from the PHP help forum

[quote author=GameYin link=topic=106377.msg816005#msg816005 date=1203134316] www.GAMEYIN.com [/quote] [quote=Firefox error message]Redirect Loop Firefox has detected that the server is redirecting the request for this address in a way that will never complete.[/quote]

You develop it like you would with any other application. Nothing different from developing a forum system than developing a social networking sites (except for the features).

And then you'll have the benefit of being able to run PHP from the command line by just typing php.

You're definitely doing something wrong if you get 10,000 line long controllers. Example: /user/login = UserController::loginAction() /user/register = UserController::registerAction() /news/read/189 = NewsController::readAction() /news/post = NewsController::postAction() /news/edit/846 = NewsController::editAction() (you don't have to use those naming conventions though)

That depends on the programmer. <?php class Database_MySQL extends Database { // ... public function insert($table, array $data = array()) { $columns = $values = array(); foreach($data as $key => $value) { $columns[] = "`{$key}`"; $values[] = '?'; } $query = "INSERT INTO `{$table}` (" . join(', ', $columns) . ') VALUES (' . join(', ', $values) . ')'; $statement = $this->db->prepare($query); return $statement->execute(array_values($data)); } // ... } ?> Code uses PDO. I know some people do this: <?php $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $email = mysql_real_escape_string($_POST['email']); // etc... but that's their choice. Also, you might not always need the data with slashes so it makes more sense to add it when needed instead of removing them when it's not.

Just add a new one below: RewriteRule page-(.*)-type-(.*).htm$ /?page=$1&type=$2& RewriteRule page-(.*).htm$ /?page=$1

How does your table look?

Have you checked that the user is allowed to connect from the place you are getting the access denied error at?

You cannot have WHERE clauses in an INSERT. What are you doing to check against after all?

I believe the ob_gzhandler() callback function takes care of checking whether the user agent is capable of handling gzipped content.

Both links work fine for me.

It looks pretty good. Not much to say about that. The search box and button are a bit difficult to see - at first I wasn't even able to see them and I wondered why there was just some text saying "Search" at the top.

As I said, it's just a naming convention used by some people, nothing else. In PHP4 the following would work perfectly fine, but people might get confused: <?php class Test { var $_variable; // some methods } $obj = new Test(); $obj->_variable = 'Test'; echo $obj->_variable; ?>

Only if you're a crap programmer (hope I didn't offend anyone).

It's because IE sucks. There is the Microsoft way and then there is the standard way. IE will not show custom error pages unless they are over 512 kB in size.

Prefixing a variable name with an underscore is a common convention meaning it's a private or protected property (or method if it's the method name). He does it outside a class though which is a bit unusual.

Could you post a link to your site so I can see?

Well, I'd say it's kind of self-explanatory. The file doesn't exist.

It must be $this->contains.