PFMaBiSmAd

Define: was able to add their own link? That could mean a half-dozen different things depending on what your code is and what exactly got changed. Details?

A) How are you calling the function? Are you sure you are providing it with data that would cause it to take an execution path that executes the query?, and B) Are you developing and debugging your php code on a system with error_reporting set to E_ALL and display_errors set to ON so that all the errors php detects will be reported and displayed?

Ummm. That's exactly how almost all of the major applications that have a login in system and/or user groups/permissions/levels/access control does it. For example, in most forum software, if anyone were to be banned (added to the banned group) or to be promoted/demoted, it would take effect immediately because on each page request the group membership of the visitor is checked in the database. If you are going to have a user system that has mods/admins... you need a more sophisticated system than just setting a session variable and checking it on each page request.

^^^ the posted code will experience problems on the last day(s) of the month because it uses the current date/time and it will skip and produce duplicates when the current day number does not exist in the months you are looping over. Using mktime() would be better because you can easily specify the first day of the month (or any day that exists in every month) and in fact since strtotime() uses mktime internally, mktime would be slightly faster. <?php $month = date('n'); // current month for ($x = 0; $x < 12; $x++) { echo date('F Y', mktime(0,0,0,$month + $x,1)) . '<br />'; } ?>

SELECT * FROM table WHERE DATE(date) = CURDATE() - INTERVAL 1 day

And the answer is the URL and specifically just the vid= number. You would simply put the values into an array, iterate over the array using a foreach() loop and either just put the body of the code inside of the loop, or you could put the body of the code into a user function definition and call the function inside of the loop. You should put the code that gets your database details and makes the mysqli connection before the loop and either put the mysqli_close() after the end of the loop or just let php close the connection when the script ends.

Perhaps if you would be so kind to state or point out what exactly is different?

Only if you don't have an understanding of php's list of blunders. That code would be affected by php's short open tag setting.

The only ways that someone could set a session variable to a specific value is if your code allows it or register_globals are on. Do you have a specific problem you are trying to solve?

It's most likely that the actual code was using a short open tag and was not being seen as php code.

The variable named $result is the same variable throughout the scope of that code. If each reference to the same variable name was not to the same variable, it would be impossible to write most code (loops or no loops.)

Storing a date using a standard mysql DATE data type, will - A) Allow you to directly sort dates because ORDER BY your_date_column will work, B) Allow you to directly compare dates. Any greater-then/less-than comparison between standard DATE values will work, C) Allow you to use the couple dozen datetime functions directly in your query, such as DATE_FORMAT() to get a standard DATE value or any part of it into any format you want, D) Will reduce the storage requirement of your data, E) Will make your queries simpler, faster, and eliminate a lot of the slow php code you need to manipulate your existing data.

Are the incorrect results in your form processing code or did you actually look at the 'view source' of the form in your browser? As to the code question, you would assign a specific index value using the $i variable - echo "<input type='hidden' name='LDESC[$i]' value='blah'>";

http://php.net/manual/en/function.strtolower.php

You should use HTML arrays - http://www.php.net/manual/en/faq.html.php#faq.html.arrays Using a series of numbered variables will make your form processing code more complicated and slower.

The 'localhost' keyword works in php 5.3.x just fine. Php 5.3 does not use "libmysql.dll" as the client library by default. It contains a built in native driver.

Did you determine that through testing, because AFAIK local function variables (unless declared as static) are destroyed when the function returns. ^^^ That concerns me because constantly opening and closing the database connection probably adds %5 to the processing time of each loop through your script. ^^^ That implies $result is not a resource, but it would take seeing the actual error and code to tell anything further. Php actually does have built in resource cleanup - To fix your memory problem (it could be a php bug you are seeing) would require you to determine where the memory leak is at first. Just randomly trying things in your code won't help if the problem is due to an actual bug. Have you logged the memory_get_usage() values to determine where and how much memory is being used and then how much is being freed up or not being freed up?

If you are referring to a UNIX Timestamp, they are the worst choice to store data as when dealing with dates that you are trying to manipulate in human terms, such as events ordered by month...

Except that he has the month names stored, not the ordinal month value.

Your first step to solving this would be to store your dates in a single DATE data type (YYYY-MM-DD) column. Storing separate year, month, and day values takes more code to accomplish any particular task.

^^^ That should be method="post" As it says in my signature, you need to check WHAT your code is receiving as the first debugging step. You would have found that it was receiving $_GET data.

It's a waste of time. None of that would prevent sql injection through a numeric value. As long as you escape string data and validate/cast numeric data, you don't need to do anything else to prevent sql injection.

Cannot really help you without seeing your current code AND have you done a 'view source' of the form in your browser so that you know it is being correctly produced? Edit: And posting your while code for your form would help in case it contains other problems.

mysql_real_escape_string() is enough to prevent sql injection in string data (i.e. data that is put between single-quotes in a query), because escaping the data will prevent a hacker from breaking out of the single-quotes. However, this does nothing for numerical data that would normally be put into a query without any single quotes around it (putting single quotes around it is an option, but at least mysql converts this data to floating point which has its own issues.) You need to either validate numerical data or cast it as a numerical data type in order to prevent sql injection. The reason for this is because it is possible to use hex encoded data (which is automatically treated as a string) that contains no quotes (mysql_real_escape_string() has no affect on it) to inject sql. htmlspecialchars() has nothing to do with sql injection because it only operates on HTML special characters, which don't have anything to do with sql or sql injection. HTML special characters in your data does however have significance in javascript and html being injected into content that you display on your web page. You would typically use htmlentities() (not just htmlspecialchars()) on any content that you output on a web page that originated as input from a visitor.

Unfortunately, your development system has output_buffering turned on in the master php.ini, so code you develop won't necessarily work on your live server. I recommend turning output_buffering off so that code you develop will work on the widest range of servers.