chocopi

ok i am stumped, i have been messing with this code all day, and when i finally get it working, the copy stops I have even tried using move_uploaded_file() instead of copy() but to no luck, so if someone can check my code to see if there are any mistakes that i have missed. i know it runs the copy as i have put echos before and after it. Thanks, ~ Chocopi

Shouldnt using the mysql_select_db work anyway, I just suggested the mysql_list_dbs() as its the only other one i know ~ Chocopi

you could use mysql_list_dbs() and do a check and see if its in the list ~ Chocopi

Cheers thats sorted that but now it isnt uploading the picture ~ Chocopi

kool thanks Orio, I knew there would be something to make it simple I have this if($var['error'] == 4) but what is the $var actually meant to be out of all my other variables ? ~ Chocopi

I have an avatar upload field in my form and I am trying to see if it is empty and if so then skip the validation. Here is my code <form name="edit_profile" method="post" action="<?php $_SERVER['PHP_SELF'] ?>" enctype="multipart/form-data"> <input type="file" name="avatar" id="avatar" value="" /> <input type="submit" name="submit" id="submit" value="Submit" /> <?php if($_POST) { // validation for avatar // set avatar directory $directory = 'avatars/'; // set max file size $max_file_size = '10000'; // set allowed extensions (for more, just add a comma then 'image/whatever' $allowed_files = array('image/gif'); // get avatar information // get avatar name $file_name = $_FILES['avatar']['name']; // get avatar size $file_size = $_FILES['avatar']['size']; // get avatar type image/whatever $file_type = $_FILES['avatar']['type']; // get file extension of $file_type this is only if there are more than 1 extension allowed list($blank,$file_extension) = explode('image/',$file_type); // check if there is a selection by checking if either the name, type or size is empty if(empty($file_size) or empty($file_name) or empty($file_type)) { echo ""; } else { // check file size is not bigger than max if($file_size > $max_file_size) { // if avatar is too big, give error echo "Your file is larger than 10kb.<br />"; $errors++; } // check the avatar has the correct extension if(!in_array($file_type, $allowed_files)) { // if wrong extension, give error echo "You are not allowed to upload that file type.<br />You are only allowed: .gif<br />"; $errors++; } if($errors == 0) { // get old image $old_file = $directory.''.$page_id.'.gif'; // check if old avatar exists if(file_exists($old_file)) { // if avatar exists delete it unlink($old_file); } // copy avatar to directory copy($_FILES['avatar']['tmp_name'], "".$directory."".$_FILES['avatar']['name']) or die("Your avatar could not be copied correctly"); // rename the file to the user id so it can be pulled in other files easily rename("".$directory."".$_FILES['avatar']['name'], "".$directory."".$page_id.".".$file_extension); } } } ?> I think that is all of the code. The problem is I only want for the validation, and updating to be done if something is in the field. I currently am not using: $_POST['avatar']; and then using validation on it because I was originally but it was not working So I am now trying to check the if either the $file_name, $file_size or $file_type are empty with this line: if(empty($file_size) or empty($file_name) or empty($file_type)) And I know from testing that if the field is left blank then the name and size will be blank and size will be 0 and these are all covered by empty(). But even if I put something into this field it will skip it Any help would be greatly appreciated If you need any more information, just ask, PS sorry for all the tabbing in the code ~ Chocopi

no if you have it saved as .php then it is right instead try <?php $date = date("m/d/y : h:i:A", timestamp) echo $date; ?> That should be fine Just out of intrest what does timestamp after it so ? ~ Chocopi

Well I would suggest you read through the tutorial on php.net => LINKY Then maybe look at some of the posts on this forum, as that is how I am learning and you will soon pick things up. Then do some google searches to find php tutorials, which should give you the basis. Lastly, try to learn some of the basic functions of php. so to use strip tags in your code as other users have mentioned and the mysql_real_escape_string() do this: on register.php replace $username = $_REQUEST['username']; with $username = $_REQUEST['username']; $username = strip_tags($username); $username = mysql_real_escape_string($username); And then use md5() on your passwords before your insert them into your database So before $insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')"); if(!$insert){ die("Hay un problema: ".mysql_error()); } Add $password = md5($password); I would also suggest adding some validation on you email So after //chequeamos que los passwords sean iguales if($password != $pass_conf){ die("Los password digitados son diferentes!"); } Add if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[_a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", $email)) { echo ("Error"); } This will ensure that the user has entered something like: [email protected] Thats all I will give you for know, so I suggest you try to learn some basics Hope it helps ~ Chocopi

I would say no. 1) In your login page and register page you allow for the users to enter whatever they want so they could inject some code into your database. So I would recommend mysql_real_escape_string() 2) You are using $_REQUEST which I have heard can be quite dangerous, but I would need someone else to clarify. 3) Your session_destroy() will only work if someone loads logout.php, so you could think about using a timer with timestamps, but thats only my opinion. Hope it helps ~ Chocopi

Can you echo before and after the increment so: $get_val= $fetch['user_id']; echo $get_val; $get_val++; echo $get_val; ~ Chocopi

what i would do is store all the ranks in a table and then in your user table store their rank ids (or something similar). Then on the page check if the user is logged in, if not then they are level 1, if they are level 2 and if they are admins then level 3. Then just use if statements <?php $username = 'Chocopi'; $query = mysql_query("SELECT field FROM table WHERE username='$username'") or die(mysql_error()); $row = mysql_fetch_assoc($query) or die(mysql_error()); $user_level = $row['field']; if($user_level >= 1) { // show news } else if($user_level >= 2) { // show comment link } else if($user_level == 3) { // show edit link } ?> Something like that should work ~ Chocopi

use md5() Hope it helps ~ Chocopi

Well i used to and on occasion use notepad as it is simple, but i have recently upgraded to notepad++, as it justs helps pick up small mistakes that i have missed. I personally am not a fan of WYSIWYG as I find they mess up code bad and i like mine neat, but thats my opinion.

no problem, its quite lucky as i have recently been creating a mini forum so i had the code on hand for you

what you need to do it pull the highest value from the table and then increment it using ++ and it should work as i use something similar <?php $query = mysql_query("SELECT MAX(field1) AS `field1` FROM `table` WHERE field2='$var'") or die(mysql_error()); $fetch= mysql_fetch_assoc($query) or die(mysql_error()); $post_num = $fetch['field1']; $post_num++; ?> Hope it helps ~ Chocopi

Cheers Thanks Thorpe

kool thanks, but how would I only allow for numbers ? or would it be formatted so that it is treated all as a interger ? ~ Chocopi

well I would use something like this: <?php $text = "I like balls with poop and a bit of bugger"; $lines = file("naughty_words.txt"); foreach($lines as $line) { list($find, $replace) = explode("=", $line); $text = str_replace($find, $replace, $text); } ?> then in naughty_words.txt just store the info like balls=b***s poop=p**p bugger=b****r this should then give: I like b***s with p**p and a bit of b****r Hope that helps ~ Chocopi

I know that using $_GET can be dangerous if you are not careful, I was wondering if it would be safe just to use is_numeric() ? As I only want for numerical values to be passed through $_GET would it be safe to use is_numeric() or should I take other procautions ? Thanks ~ Chocopi

just use str_replace ~ Chocopi

I have had a look at them before, but i didnt really like them So i took a stab at it and it works (well i havent come across any problems yet) here is the code i wrote, thanks for your help aswell ! <?php // start session session_start(); require_once('page_header.php'); // get board id $board = $_GET['board']; if(empty($board)) { // set board id $board = '1'; } else if(!empty($board)) { // set board to session $_SESSION['board'] = $board; } // get page number $page_num = $_GET['page']; if(empty($page_num)) { //set page num $page_num = '1'; } // get max post_num $query = mysql_query("SELECT MAX(post_num) AS `post_num_max` FROM `zBoard_messages` WHERE board_id='$board'") or die(mysql_error()); $fetch= mysql_fetch_assoc($query) or die(mysql_error()); $post_num_max = $fetch['post_num_max']; for ($pn = 1; $pn <= $post_num_max; $pn++) { // pagination $ppp = 10; //posts per page $page = ceil($pn/$ppp); // get max page $max_page = ceil($post_num_max/$ppp); // if the page equals the page number then print results if($page == $page_num) { // display stuff here } } //get prev button if($page_num == 1) { echo "Prev "; } else if($page_num >=2) { $prev_page = $page_num - 1; echo "<a href=\"view.php?page=".$prev_page."\">Prev</a> "; } // get page numbers for ($page_number = 1; $page_number <= $max_page; $page_number++) { if($page_number == $page_num) { echo $page_number; } else if($page_number != $page_num) { echo "<a href=\"view.php?page=".$page_number."\">".$page_number."</a>"; } if($page_number != $max_page) { echo ", "; } else if($page_number == $max_page) { echo" "; } } // get next button if($page_num == $max_page) { echo " Next"; } else if($page_num < $max_page) { $next_page = $page_num + 1; echo " <a href=\"view.php?page=".$next_page."\">Next</a>"; } require('page_footer.php'); ?> Tell me what you think ~ Chocopi

Cheers, but then how do I then make it so that the links are created on the page like: <prev 1, 2, 3, next> ~ Chocopi

Can someone help me with my pagination ? I have used it fine before but i do not know how to impliment it on my current page. I have a page that loops throught my database results and I want a new page to be created every 10 results. The page number is pulled from the url using $_GET so I was wondering if anyone could possible help. Here is the code <?php // start session session_start(); require_once('page_header.php'); // get board id $board = $_GET['board']; if(empty($board)) { // set board id $board = '1'; } else if(!empty($board)) { // set board to session $_SESSION['board'] = $board; } // get page number $page_num = $_GET['page']; // get max post_num $query = mysql_query("SELECT MAX(post_num) AS `post_num_max` FROM `zBoard_messages` WHERE board_id='$board'") or die(mysql_error()); $fetch= mysql_fetch_assoc($query) or die(mysql_error()); $post_num_max = $fetch['post_num_max']; for ($pn = 1; $pn <= $post_num_max; $pn++) { // some loopy stuf } ?> So I need something like $pn divide by 10 then round up to nearest interger which would then decide where the info goes. Many thanks ~ Chocopi

i think you could do $v = $_GET['v']; echo $v; ~ Chocopi

well its personal chocie really, of what i know x.y.z x = major releases/changes y = minor releases/changes z = very minor releases if you take a site like phpbb they use this It uses the X,Y,Z versioning system. X = Complete re-done codebase.. (IE: 1.4.X to 2.0.X), Y = Major coding changes but, none to the core codes. (In this case, 2.0.X to 2.1.X but, odd numbers are strictly DEV and even numbers are releases), Z = patches, bug fixes, security fixes and such. Hope that helps, ~ Chocopi