Tyche

You new method does produce random colors but there is still a bias in color selection . There are some possible colors which will never be produced and the bias is towards colors with higher red components and lower blue . This is because you are dropping leading 0's in your RGB color settings then concatenating them together. So for instance the 3 different colours rgb(0F,FF,0F) rgb(0F,0F,FF) & rgb(FF,0F,0F) get returned as FFFF which is interpreted as rgb(FF,FF,00) . If you want your random colors to be uniformly distributed across all possible colors then just use the fix I gave you earlier.

Its not random because you are using 4 zero filled spaces for the Green component in the sprintf format , effectively fixing it as 00. Change random_hex_color function to this function random_hex_color() { return sprintf("%02X%02X%02X", mt_rand(0, 255), mt_rand(0, 255), mt_rand(0, 255)); }

In most XSS attacks the attacker sends the victim a XSS modified URL to a site the Victim trusts (e.g. slaterino's site) . It's the Victim's output which is changed .They see the site but the Attacker can then potentially gain access to the Victims user credentials and/or cookie info for that site - In this example I just showed an injection of a visible image the Injection could be a javascript program. The wikipedia page on XSS is well worth reading http://en.wikipedia.org/wiki/Cross-site_scripting

If you are using $_SERVER['PHP_SELF'] you really must sanitise the input, as it can be modifed by the user just like any other user input. If you don't you will leave yourself open to XSS attacks. Taking the bare bones of your modified code as an example <html> <body> <?php $self=$_SERVER['PHP_SELF']; $prev = " <a href=\"" . $self . "?page=1\">[Prev]</a> "; echo $prev; ?> </body> </html> On the surface it looks OK but if for instance the user adds the following string To the URL directly after the filename they can load this forums logo into your page . /%22%3E%3Cimg%20src=http://www.phpfreaks.com/media/images/forums/logo.png%3E%3C Ok course that is a non-malicious example of XSS. If you want to use $_SERVER['PHP_SELF'] ensure that its clean (or at least neutralised) by running it through htmlspecialchars()

You don't need the single quotes round the field names - just the values

You are also calling mysql_query twice and also trying to fetch records from the UPDATE query Try this $update =mysql_query("UPDATE tourney SET '$nround' = '$winner' AND '$roundh' = '$hscore' AND '$rounda' = '$ascore' WHERE tid = '$tid'"); if (!$update) { die(mysql_error() . $update); }

mysql_num_rows only returns the number of rows for queries whihc return a record set UPDATE queries don't return a record set - You probably want to use mysql_affected_rows instead.

You can't use # in MySQL table names # is a reserved character which means from here to the end of the current line is a comment and should be ignored - SO effectively your command becomes CREATE TABLE EMPLOYEE ( E EFNAME VARCHAR(20), ELNAME VARCHAR(20) ); which is why the first field is named EEFNAME as the white space is removed

Strictly speaking the INSERT command does not recognise LIMIT and a INSERT ... SET col=... LIMIT 1 will fail as will INSERT ... VALUES (...),(...) LIMIT 2 command You can use LIMIT on an INSERT .... SELECT ... Command but there the LIMIT is an optional part of the SELECT command component, its use here should improve performance in many cases

You refer to the table CLASSES_ares in the 2nd SELECT statement , This should be CLASSES_areas

Only MyISAM supports transactions and foreign keys. Locking is a part of any and every database engine. This is wrong - MyISAM tables do not support Transactions - You need to use the InnoDB engine if you require Transactions, the same goes for Foreign Keys (They can be defined for MyISAM tables but there is no referential integrity support) .

If I understand you correctly you want to know the number of digits in an integer The following code will give the number of digits in $n $number_of_digits= 1 + floor(log10(abs($n)));

You can take advantage of the "WHERE 1" statement equating to true Use something like this ... $where_nick="1"; $where_datetime="1"; $where_channel="1"; $where_link="1"; if (!empty($filter_nick))$where_nick = " nick = '$filter_nick' "; if (!empty($filter_datetime))$where_datetime = " datetime = '$filter_datetime' "; if (!empty($filter_channel))$where_channel = " channel = '$filter_channel' "; if (!empty($filter_link))$where_link = " link = '$filter_link' "; $query = mysql_query("SELECT * FROM urls WHERE $where_nick AND $where_datetime AND $where_channel AND $where_link");

Why not try UPDATE users SET images=images-1 WHERE userid=x AND images > 0;

That does work if the "FROM 4" is changed to ",5" (and then is better than my suggestion ) As below : SELECT *, IF ( LEFT( vch_title, 4)='The ', SUBSTRING(vch_title,5), vch_title ) AS title_sort FROM tbl_links WHERE int_category = '$i' ORDER BY title_sort;