Daniel0

Try doing var_dump($_POST); before the query. The file db-open.php wouldn't happen to mess with $_POST, right?

Yeah... use double quoted strings for accessing your array indices in this case

Can't you just use absolute paths?

You can use the DirectoryIterator for that.

That'll just confuse people when characters are silently stripped from their password.

Or just turn magic quotes off.

I mean kind of like this (also changed some other stuff to make it look nicer). <?php include '../include/db/db-open.php'; $postTypesResults = $mysqli->query("SELECT editPageUrl FROM post_types WHERE active = 1 AND id = " . ((int) $_POST['postTypeId']) . " LIMIT 1"); include '../include/db/db-close.php'; if ($postTypesResult = $postTypesResults->fetch_object()) { header("Location: ".$postTypesResult->editPageUrl); exit; } else { echo 'Link not found'; } Are you sure it's submitting using POST and not GET?

Variable substitution only works in double quotes strings. Single quoted strings are evaluated literally. http://dk.php.net/manual/en/language.types.string.php

I don't see what the problem is and why you cannot use mysql_real_escape_string(). That function is designed exactly to do what you want.

You're missing a starting delimiter.

First of all, you should use a MySQL WHERE instead of selecting a lot and doing a manual linear search through the result set. Regarding $postTypeId, have you tried echoing it? Are you sure it's the right name?

Generally speaking, user agent sniffing is a bad idea. It breaks forward compatibility and it's the reason why why modern user agent string are long and cryptic.

1) Post in the correct forum. 2) Use or [php] tags (I edited your post this time). 3) Do you expect us to guess what your "problem" is?

How is that confusing? What are you having trouble with exactly? I'll have to say that I still don't see the point though.

It kills a baby and a kitten each time you use it.

Personally, I think method chaining makes the code much cleaner to read if done properly. Performance-wise it doesn't matter at all. It's purely a matter of personal preference.

Indeed that is what I meant. There is no reason to decrease the number of possible passwords.

Why do you want to prohibit certain characters from the password?

That's only on the client side unless your server is chroot'ed. The root directory on a file system is always the top-most folder because of the tree like structure a filesystem is organized in.

If Navigation.php is in a folder called public_html, then it is per definition not in the root folder...

For the most part, the only reason why you would want to manually clean up resources in PHP is if your script is going to run for a long time.

Search engines only see the output.

Not necessarily. Some ISPs allow you to purchase extra public IP addresses.

That should be adequate protection. Any kind of random token will suffice.

We have had one. Lots of spam in it, but not very many legitimate posts. It was removed again a little while ago.