KevinM1

Who?

Ugh, that's ugly. A much cleaner version: <!DOCTYPE html> <html> <head></head> <body> <a id="linkToChange" href=""></a> </body> <script type="text/javascript"> function generateLink(/* argument list, if necessary */) { // do whatever you need to generate the link's href and text var link = document.getElementById('linkToChange'); link.href = // something link.innerHTML = // text } </script> </html> Not a fully fleshed out example, as it depends on what you actually need to do to generate the link info, to say nothing about the number of links you need to populate. Still, much cleaner than adding the JS directly in the link's href attribute.

Can you display the code you use to handle those smiles?

Okay, that sounds more or less like what I was envisioning. Thanks!

It returns an array because find_by_sql returns an array. As an aside, are you sure that you're getting objects back from your instantiate method? 'Static' is a PHP keyword. I doubt it can be used as the name of a class (i.e., '$object = new static;').

I'm in the same boat as the OP, so could you expand on this a bit? Where would advertiser money be saved? How would subscriptions work - so many clicks per bulk payment (as in, "$100 for 10,000 clicks" (numbers pulled from my ass))? Modify the ads how?

Yes. Again, run all your input through strip slashes, then mysql_real_escape_string. The slashes added by magic quotes don't escape all possible dangerous characters. Make a generalized data cleaning function like: function clean($value) { if (is_array($value)) { foreach($value as $k => $v) { $value[$k] = clean($v); } } else { if(get_magic_quotes_gpc() == 1) //if magic quotes is turned on { $value = stripslashes($value); // strip the automatically-given slashes } $value = trim(htmlentities($value, ENT_QUOTES, "utf-8")); //convert input into friendly characters to stop XSS $value = mysql_real_escape_string($value); // escape the data properly } return $value; } Then you can use it like so: // regex validation to ensure input is of the right form goes here $username = clean($_POST['username']);

See my edit above.

mysql_real_escape_string adds slashes to text in order to escape characters that would be harmful to use in a database query. EDIT: if you're still seeing slashes after retrieving your data from the db, it means you have magic quotes turned on. You'll need to run all of the data you want to save to the db through stripslashes before running it through mysql_real_escape_string. The escape function's slashes essentially disappear after the data is inserted.

It throws an undefined error with the human becaue private members ARE NOT passed to child classes. The species field doesn't exist in human. It is, by definition, undefined. The fatal errors are a result of attempting to access something that DOES exist, but which you don't have permission to interact with.

Tables should only be used to display tabular data. Use CSS for layout. To help mitigate cross-browser issues, use a CSS reset (google it). Similarly, research how to serve your pages property on mobile devices with CSS (again, google it). For the PSP in particular, it uses Sony's horrible browser. I'm not sure if there's a way to get anything to look right with it, to say nothing of its JavaScript issues.

I'm eating at noon. Is early evening acceptable, sir?

I'm offended, sir, offended! Pistols, at dawn.

I don't know if this will help your troubleshooting, but I just logged in as demo, and I can delete the post written by the admin account by clicking the little pencil icon, then (presumably, as I didn't actually do it) clicking on the checkbox that appears, but not the one written by your name, as there's no pencil icon there. Your user permissions are screwed up. EDIT: could also be something to do with non-OP messages, as the pencil icon appears on the admin post in the test thread, which is the second post of the thread, but not in the tew thread, as it's the OP.

Well, first, if you define your constructor to take arguments, you must actually pass arguments to it when you invoke it, unless you define those arguments as default arguments. In other words, the following will throw an error: class MYSQL { var $host = "localhost"; var $user = "root"; var $pass = "password"; var $db = "userlist"; function __construct($host, $user, $pass, $db) { $this->host = $host; $this->user = $user; $this->pass = $pass; $this->db = $db; } } $db = new MYSQL(); Whereas the following will not: class MYSQL { var $host = "localhost"; var $user = "root"; var $pass = "password"; var $db = "userlist"; function __construct($host = '', $user = '', $pass = '', $db = '') { $this->host = $host; $this->user = $user; $this->pass = $pass; $this->db = $db; } } $db = new MYSQL(); Note, however, that the constructor in this second example is pretty useless as written, as it will merely set all your data members to empty strings. You should also use access modifiers for your data members. The 'var' keyword works, but is essentially deprecated (it's a remnant of PHP 4), and makes those data members publicly accessible, which is pretty useless. Data members should be protected or private, with appropriate getter and setter methods.

1. Where is $username set? 2. Are register globals turned on?

'Putting code in code tags' means pressing the button with the '#' symbol, and putting your code between the two BBCode tags that appear. Regarding base class functionality vs. derived class functionality, is your search() method the exact same in all your derived classes, or are there differences between them?

Some thoughts/observations/suggestions/questions: 1. Are you sure that $element is, itself, an object? 2. In your class, you have parseElements($type), yet you never do anything with $type. 3. Since your object already contains $rootelem, you don't need to pass it into the argument list for elementsToArray. So, do something like: function parseElements($type) { // do something with $type return $this->elementsToArray(); } function elementsToArray() { // if $this->rootelem exists, run the function, else, error }

Well, no matter what, server side validation should be done. Always code defensively, which in this case means prepare for the worst case scenario. Client side scripting is incredibly easy for someone with bad intent to avoid. All they need to do is turn off their JavaScript, or view your source code and create their own form with similar inputs to submit to your form handler.

Most likely your ftp credentials have been compromised.

If you're only returning one row of data from your query, just remove the while-loop outright. After all, the loop is there to allow you to iterate over several rows of data, not merely one. $query = "SELECT * FROM inventory WHERE id = $product"; $result = mysql_query($query); $row = mysql_fetch_array($result); $name = $row['name']; $id = $row['id']; $price = $row['price'];

Hey, let's not kick the kid while he's down.

Also, while you may feel proud about how many visits your site has garnered, your users most likely won't care, and they certainly won't want to see a bright blue box displaying that info at the top of every page.