Adam

You asked how it's done. Unfortunately there's no well-known or documented solution for something like this- it's completely abstract and designed to get you thinking. Anyone here would need to sit down for at least a short period of time and have a think how to do it, which is what you should be doing. By all means if you get stuck with a coding issue or are close to finishing but can't work out a particular part, come back. I'm not trying to be a dick either, it's in your own interest to try and figure it out yourself.

Not entriely sure what you're asking (I'm guessing English isn't your first language?) but you should look into mkdir.

Is this homework?

"Bound queries" are called prepared statements. You were right though, the example you gave is not a prepared statement. With MySQLi you need to use the prepare() method to create a statement object, that you can then bind variables to and execute. Generally the API uses methods like prepare() and execute() as opposed to query() which makes it easy to identify prepared statements. That's not always the case though, and sometimes libraries will wrap normal queries within a prepared statement automatically.

Made a few mistakes in the HTML: <h1>Example Form</h1> <form method="post" action=""> <!-- input1 --> <div> <?php if (isset($errors['input1'])): ?> <div class="error"><?php echo $errors['input1']; ?></div> <?php endif; ?> Input1: <input type="text" name="input1" value="<?php if (isset($_POST['input1'])) echo htmlspecialchars($_POST['input1']); ?>" /> </div> <!-- input2 --> <div> <?php if (isset($errors['input2'])): ?> <div class="error"><?php echo $errors['input2']; ?></div> <?php endif; ?> Input2: <input type="text" name="input2" value="<?php if (isset($_POST['input2'])) echo htmlspecialchars($_POST['input2']); ?>" /> </div> <input type="submit" value="Submit" /> </form>

Okay here's a basic example to work from: <?php // Define an array to hold errors (done here so we don't have to check the $errors variable exists later) $errors = array(); // Check if we have post data if (!empty($_POST)) { // Validate input1 if (empty($_POST['input1'])) { $errors['input1'] = 'Please enter a value for input1'; } // Validate input2 if (empty($_POST['input2'])) { $errors['input2'] = 'Please enter a value for input2'; } // Make sure there was no errors if (empty($errors)) { // Do something with data.. // Redirect to another page.. } } ?> <h1>Example Form</h1> <form method="post" action=""> <!-- input1 --> <?php if (isset($errors['input1'])): ?> <div class="error"><?php echo $errors['input1']; ?></div> <?php endif; ?> Input1: <input type="text" name="input1" value="<?php if (isset($_POST['input1'])) echo htmlspecialchars($_POST['input1']); ?>" /> <!-- input2 --> <?php if (isset($errors['input2'])): ?> <div class="error"><?php echo $errors['input2']; ?></div> <?php endif; ?> Input1: <input type="text" name="input1" value="<?php if (isset($_POST['input2'])) echo htmlspecialchars($_POST['input2']); ?>" /> </form> The form will be shown if either there is no POST data, or the POST data is there but contains errors. When successful the user will be redirected so they will never see the form. Errors will also be shown in line with the input, and the values they entered originally will be pre-filled in the inputs (but with some protection to prevent XSS attacks). Most importantly though, no redirects are needed to re-display the form. We should only redirect somewhere else when we actually mean to go somewhere else (or to prevent a POST refresh).

You call 6 of the following statements, which is having to retrieve the "Tyler" data from the local database and split it on every call. You could just get the data once and split that. tyler[0] = localStorage.getItem('Tyler').split(',')[0]; tyler[1] = localStorage.getItem('Tyler').split(',')[1]; // etc. You would get the same result using *only* this: var tyler = localStorage.getItem('Tyler').split(','); ------ Once you have that array defined though, you then ignore it at the end of the mark-up and set the element values with yet another 6 calls to the local database. var val1 = localStorage.getItem('Tyler').split(',')[0]; document.getElementById('gsave').value = val1; var val2 = localStorage.getItem('Tyler').split(',')[1]; document.getElementById('in').value = val2; // etc. All you need to do is refer to the existing tyler array variable here to get the values: document.getElementById('gsave').value = tyler[0]; document.getElementById('in').value = tyler[1]; // etc. You also make the same repetitive calls for the score data. In total you're making 15 calls to the database when you only need 2. Fixing those should speed things up (though to be honest I'm not entirely sure how much caching is done by the browser for local storage), but the main problem with you're code you'll see soon is that implementation is very static / single-purpose. You need to make it more dynamic / re-usable so that you can return a collection of users from the local database, as opposed to just a single one.

Could you provide a browser (and any add-ons) where the alert is displayed more than once? I'm unable to reproduce the problem.

It's perfectly possible. What exactly do you need from us?

Don't use JavaScript alerts/redirects to display errors. It's not a user-friendly experience! Instead why not just redirect to the registration page using PHP and pass in a flag to display the error? Better yet, why not avoid redirects at all and just display the registration form again with the inputs pre-filled?

The down-side to prepared statements is that they only exist while the connection is alive - so in a stateless language like PHP it's per-request unless you have persistent connections. Also prepared statements do generally require a little more typing, and a better understanding of database queries in general, which is why people don't use them 100% of the time (especially beginners).

You need quotes around "http://example.com" and "Add Me".

Perhaps remove the error suppressing "@" before the file_get_contents() call?

Ah sorry- I read the title again and you're on about the difference between bound and unbound queries (prepared statements). Prepared statements, besides being SOL-injection safe, are cached on the database server to make repeat queries faster. By cached I don't mean the results though; when you query a database it creates an execution plan, a plan of how it will perform the query, what resources it will need, etc. Normal queries have to recreate the same execution plan every time they're executed. Prepared statements cache this plan so that on the next query, it knows exactly how to do it.

Between PDO and MySQLi? There's no difference in the end really, it's just the API that's different. Personally out of the two I prefer PDO; more features, better API, better support for statements, etc. You're better off just experimenting with both of them and seeing which you're more suited to.

Typo in the merge() method - should be "concat(..".

You're using them the wrong way round; you should have an array of user objects, not an object of user arrays. I'm assuming the array index is the user ID? If so you should be able to use the concact() method of the array object (everything is an object in JavaScript, even arrays) to merge the two. Edit As for sorting, you could wrap the array within a 'collection' type object, that provides methods for sorting based on an item's property within the collection. As a base to start from: function UserCollection(users) { this.collection = users; this.merge = function(more_users) { this.collection.conact(more_users); } this.sortBy = function(property) { // Sort the users by property provided } } You would then instantiate a UserCollection object like so: var collection = new UserCollection(users); // 'users' being your JSON data // Merge more users collection.merge(more_users); // 'more_users' being the additional JSON data It's only a basic example, but might help you structure the code better.

I had a similar experience at college about 3/4 years ago. The tutor had no idea beyond the basics covered on w3schools, just teaching people bad habits and the wrong way to do things. Problem is the tutors are probably brilliant with MS Office software and such, but just get lumped covering those kind of classes too. I continually corrected him which I don't think made me his favourite student. In the end though, it's a piece of piss so just ignore the voices screaming "standards" in the back of your head and give them what they want for the easy A.

glob will return you a sorted list of files matching a simple pattern. For example: $images = glob('*.jpg'); If you want to make the pattern a little more flexible you can use the "GLOB_BRACE" flag: $images = glob('{*.jpg, *.jpeg}', GLOB_BRACE);

You've already been given a few solutions of how to prevent direct access to the files..

You can't prevent a user from closing full-screen view. The browser just won't allow you to take that much control. If you start resizing it periodically after they've changed it, they will just leave. At least I would...

That's kind of true, but md5 or sha1 for example are not encryption/encoding schemes, they are one-way hashing algorithms. They are designed for different purposes and based on different logic. One possibility is that the string is just a unique identifier, like an auto incrementing number but with alphanumerical characters. Consider that in 4 numeric digits you obviously have 10,000 unique possibilities. In 4 alphanumeric characters (using *only* lower-case) you have 1,679,616 unique possibilities. It's hard to say what they mean without seeing the code behind mediafire. @qwasyx In response to your last post, just use file_get_contents. That will return the HTML source of a web page.

The error means that $_POST['valf'] is undefined - the 'valf' index that is. It doesn't exist and you're trying to use it. Although if that's the case it should mean that the query following it is failing? The solution is to check it exists, and in this situation it would make sense to also ensure it has a value, so use empty to check this before using it: if (!empty($_POST['valf'])) { $mivar = $_POST['valf']; } else { // Handle error here or define a default value.. $mivar = 'default value here'; } empty() also performs an internal isset check, to first ensure the variable or array index exists.

What about it is encoded?