Daniel0

No offense, but how is that piece of information relevant to the matter at hand?

http://dev.mysql.com/doc/refman/5.1/en/select.html The WHERE clause comes before the ORDER BY clause.

Are you talking about when the data is in the database? It has no effect there. It's only so characters that have special meaning in an SQL query will not mess up the query when you use them. Say I want to insert John in a table: INSERT INTO table (something) VALUES ('John'); That works well, but if I want John's we'll get in trouble: INSERT INTO table(something) VALUES ('John's'); In this case, the single quote has a special meaning in the sense that it's a string delimiter. Thus it has to be escaped.

http://www.phpfreaks.com/tutorial/basic-pagination You sure seem to need a lot of things ASAP. Maybe you should pay someone if you're in such a hurry.

Try this: ... ORDER BY MONTH(user_birthdate), DAY(user_birthdate);

Then you are double escaping it. Look through your code and see if you are running it through an escaping function twice. Your database is not vulnerable to XSS. There are different contexts in which data might appear. In an SQL context you would escape it for SQL. In an HTML context you would escape it in another way (and yet another way in e.g. JSON).

I assume you are talking about in a URL? Try urlencode.

Ah yeah sorry, I forgot to escape the parentheses. Try this: $string = preg_replace('#eval\(base64_decode\("[0-9a-zA-Z+/=]+"\)\);#', '', $string);

Cool story. Thanks for letting us know.

http://ispconfig.org/documentation.htm

Using regex would be fairly straightforward because a base64 encoded string will use a finite set of characters. $string = preg_replace('#eval(base64_decode("[0-9a-zA-Z+/=]+");#', '', $string);

$string = preg_replace('#<p>\s*(.*?)\s*</p>#i', '<p>$1</p>', $string); $string = preg_replace('#<p>\d+</p>#', '', $string);

I'd like to see you do that

flush

Time. What do you mean by 'an attached patch'? A solution to the problem? Assuming their bug tracker allows you to attach files (like you can on this forum), you could attach a file that is patched (a version of the file where you fixed the bug), or better yet a diff.

Maybe you should check out what var_dump does

If you use open source libraries/frameworks, that's not entirely true. What's preventing you from creating a bug report with an attached patch to projects like jQuery, Zend Framework, PHPUnit or Doctrine? All of these four are pretty large projects, so they're being overlooked by a lot of people and tested (security/performance/stability) in real environments by a lot of people. It'll likely be better than what you can churn out, and it'll save you a lot of time. You just have to be careful with what you choose to use. Also, it's no different than if there is a bug in PHP itself. Who do you then turn to? Right, the PHP devs.

We cannot really tell. You would check the length immediately before inserting it into the database. It is probably doing some other sort of validation during the form processing. If you have absolutely no experience with programming whatsoever, you should start a simpler project though.

The PHP documentation team can. is_dir is_file

if (strlen($string) > 140) { echo 'too long'; } Then remove the part that makes it moderated.

I disagree. What if someone else wants to?

lol (for real).

How about error handling?

Do you have error reporting on?

I suppose you can do this: return strpos($string, 'No <b><a href="http://dmoz.org/">Open Directory Project</a></b> results found') !== false; Then it'll return false if there is no listing for that domain.