micmania1

$badwords = array('word1', 'word2', 'word3')'; if (array_value_exists($_POST['username'], $badwords)) { die ("BAD WORD"); } else { die ("FINE"); }

As well a max record you also need to tell the database where you want to start getting your data. $min = $total_num_of_records * ($page - 1); /* $total_num_records is gained from mysql_num_rows() on your first query */ $data_p = mysql_query("SELECT * FROM clienti ORDER BY numefirpf ASC LIMIT $min, $max") or die(mysql_error()); Hope it helps...

If you have acess to the URL, you could take it to another page first. http://domain.com/clicked_ad.php?url={URL} From that, i'm guessing you will be able to determind user details from their session or cookie, and save it into the db. +-------------+-------------+ | User ID | URL | +-------------+-------------+ | 1 | http://.... | +-------------+-------------+

<select> <option value="'.$genre_id.'">'.$genre.'</option> </select>

People text in, your script replies with a keycode which is then active fo use on your website. This isn't anything to do with php. This will help...

I reccomend creating somewhere purposly built for testing the script, and post it in the BETA section asking people to find vulnrabilities.

<?php function topmenu() { global $topmenu; // Fetc variable form outside of the funciton do { echo $row_topmenu['link']; } while ($row_topmenu = mysql_fetch_assoc($topmenu)); } ?> About Globals...

<a href="mypage.php?varable=value&another=anotherValue">LINK</a>

The problem is, you are not checking whether the form variables are set. The reason the error is showing for you is because of your error reporting level. Try putting this at the beginning of your script: error_reporting(E_ERROR | E_WARNING | E_PARSE); This will only show errors which affect your script, ignoring notices.

You may have an error in your query. Try if ($result) { $array = mysql_fetch_array($result); } else { echo mysql_error(); exit(); }

<a href="mypage.php?variable=value">Link</a> To access the variable, use GET. echo $_GET['variable'];

rand(uniqid(), true);

You can never be too safe. mysql_real_escape_string() htmlspecialchars() addslashes() Example: function escape_data($data) { // Make it suitable for insertion to mysql and parse html return mysql_real_escape_string(htmlspecialchars($data)); } Using it: $data = '\'<b>I\'m going to destroy this page with my own html.</b>'; $data = escape_data($data);

He's asking us to create his website for him... http://www.phpfreaks.com/forums/index.php/topic,196347.0.html This is a help section, not a slave section.

The reason you are getting the second warning is because no text can be sent to the browser before headers are set. The text that has been sent, is that from the first warning message, so you really only have 1 error, and that is apparantly on line 65. Please post the script and we may be able to help.

I think the error is in your form. When the button is pressed, you are simply using it as a link, instead of using an actual form. echo '<form action="save.php" method="GET"> <textarea name="mynotes"></textarea> <input type="hidden" name="pid" value="'.$row['pid'].'" /> </form>'; I don't think the GET method is suitable for submitting a textarea because I the URL has a character limit meaning some of the submitted data may not be passed to the next page. Try post. echo '<form action="save.php?pid='.$row['pid'].'" method="post"> <textarea name="mynotes"></textarea> </form>';

If your going to give simple descriptions, your going to get simple answers. Use PHP & MySQL.

So there is no reason why, at this moment in time, I need to work out what all the nasty looking preg_replace patterns mean?

I have a forum which at the moment, has no bbcode. All messages are stored using htmlspecialchars(). The only formatting it does is, parses each message, and replaces '\n' with '<br />' Now I am looking into creating bbcode functions and the tutorials on creating bbcode functions use preg replace. Is there a reason preg_replace is better than str_replace? Can somebody give me examples of when each should be used over the other? Any info is appreciated.

I've looked about on google and it seems the error is caused by MySQL strict mode being turned on. http://lists.mysql.com/mysqldoc/106 Here's info on turning it off. http://forum.mambo-foundation.org/showthread.php?t=5254

You don't need two queries. $query17 = "UPDATE car_checkbox SET `2006`='$val1', `2007`='$val2' WHERE FileSerial='$id'"); $result17 = mysql_query($query17); if (!$result17) { echo 'You have an error<br />'.mysql_error().'<br />'.$query17; } else { echo mysql_affected_rows().' rows successfully updated.'; } I think BlueSkyIS was right about changing your field names. I remember trying to name a fieldname numerically and there was an error. Try `year_2006` or whatever suits you. That will probably be the error.

Why use PHP classes instead of functions?

Look at the end of line 12. You have missed the semi-colon off the end thus giving an error on line 13. Your script should work fine once you've changed that.

I dont know if this will work but you don't get anywhere in life if you don't try... Change... <?php while($row = mysql_fetch_array($result)) ?> to... <?php while($row = mysql_fetch_array($result, MYSQL_ASSOC)) ?>

<?php $query = "SELECT * FROM dates GROUP BY date"; // This will return each date once only $result = mysql_query($query); $num = mysql_num_rows($result); if ($num > 0) { // if there is at least 1 record while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { if ($row['date'] == $yourdate) { $query1 = "SELECT * FROM dates WHERE date='{$row['date']}'"; // Select each record for each each single date $result1 mysql_query($query1); $num1 = mysql_num_rows($result1); if ($num1 > 0) { // There is at least 1 record on that day while ($row1 = mysql_fetch_array($result1, MYSQL_ASSOC)) { echo '<tr><td>'.$row['event_name'].'</td><td>'.$row['date'].'</td></tr>'; // echo each record } } } // else the event is not on your specified day } } else { // could not find any records echo 'There are no records.'; } ?> Obviously i've made up the table and column names but if you rewrite what i've just done and implementit into your script it should get records for each day and if there is more than 1 record on that day, it will display them all. I think that is what your after anyway. The if statement "if ($row['date'] == $yourdate) {" was added after submitting my form and readin what Xaero had wrote. I'm not fully sure which you are trying to do but hopefully you can gain something from this post.