chocopi

what do you mean by different page do you mean, something like bebo,myspace etc where all the information is just filled in on the same template or do you want a separate file for each first method uses $_GET http://www.somesite.com/login.php?user=john or http://www.somesite.com/users/john.php ~ Chocopi

I've never really used functions but now I find myself needing to. I understand the basics but I can't seem to get the variable from within the function to echo outside of it. <?php function topic($topic,$cat) { if(empty($_GET['topic'])) { header ("Location: index.php"); } else { $topic = $_GET['topic']; if(!ereg("^([0-9])+$",$topic)) { die("The Topic '{$topic}' You Have Selected Does Not Exist !"); } else { $query = mysql_query("SELECT topic_name FROM fori_topic WHERE topic_id='$topic' AND cat_id='$cat'") or die(mysql_error()); $num_rows = mysql_num_rows($query) or die(mysql_error()); $row = mysql_fetch_assoc($query) or die(mysql_error()); $topic_name = trim(ucwords(strtolower($row['topic_name']))); // This one } if($num_rows == 0) { die("The Topic Does Not Exist Within The Chosen Category !"); } } } ?> so when I call it later on with: <?php require_once("functions/function_topic.php"); topic($topic,$cat); echo $topic_name; ?> I get Undefined variable notice on the line i'm echoing. I know there is a way to do this but I can't figure it out. Many Thanks ~ Chocopi

try something like this: <?php $string = // some rubbish $pattern[0] = "%(http|https|ftp)(://.*?)%"; $pattern[1] = "%((http|https|ftp)(://.*?)(jpg|bmp|gif|jpeg|png))%"; $replacement[0] = "<a href=\"\$1\$2\">\$1\$2</a>"; $replacement[1] = "<img src=\"\$1\" />"; for($i = 0; $i <= 1; $i++) { $string = preg_replace($pattern[$i],$replacement[$i],$string); } ?> ~ Chocopi

4 Months would probably get you a working version probably with many bugs, especially when you add in the complexness of flash integration. So in the 4 months you could get a good beta version. ~ Chocopi

You shouldn't need to much coding level You will need PHP,SQL, HTML, CSS and possibly javascript Most of the basic functions using functions storing/extracting data from database efficiently for, foreach, while loops Thats all i can think of for now ~ Chocopi

Im guessing this is because you have no id field, and as it says you and not allowed duplicate entries. So all you need to do is add a id column at the beggining of your table and make sure it is primary and unique. That should solve it ~ Chocopi

No his method was just storing the query to a variable so it was not being executed, wheres mine stores what needs to be done in a variable and then executes that variable by using mysql_query ~ Chocopi

Your not actually running the query Replace: $sql = mysql_query("UPDATE painlessdesigns_users SET username='$nusername',password='$npassword' WHERE id='$id'") or die(mysql_error()); with $sql = "UPDATE painlessdesigns_users SET username='$nusername',password='$npassword' WHERE id='$id'" mysql_query($sql) or die(mysql_error()); Hope that helps ~ Chocopi

I don't intend on sounding mean but should this be in 3rd Party Scripts ~ Chocopi

Well you just need to put a LIMIT on your query which gets the results <?php $page = 1; $max_results = 10; $start_result = $page*$max_results; $query = mysql_query("SELECT * FROM tablename WHERE something=something LIMIT $start_results, $max_results DESC") or die(mysql_errror()); ?> Now that should put you in the right direction, but you might need ASC instead or DESC. ~ Chocopi

to get a info from the url you use $_GET http://www.somesite.com/index.php?art=hello <?php $art = $_GET['art']; $sql = "SELECT * FROM items WHERE id=$art"; ?> ~ Chocopi

No problem Does it work how you want it to ??? 1. Anyways, it is very simple, its a basic for loop which i) Sets $i to 0, ii) then checks that $i is less than or equal to $n, if not then the loop ends iii) lastly after each loop is will increment $i by 1 until $i is greater than $n 2. It then gets the $i value of the array and then takes it from the variable and puts it within the <option> tag Hope that helps ~ Chocopi

I think you mean something like <select name="select"> <?php for($i = 0; $i <= $n; $i++) { echo "<option name=\"{$dob_dates[$i]}\">{$dob_dates[$i]}</option>"; } ?> </select> That should work ~ Chocopi

yea you should always validate anything before you put it through a query

You should not use ' around your variables in you if's EG Change if (($_SESSION['category_name'] != '$category_name')&&($_SESSION['parent'] != '$parent')){ To if (($_SESSION['category_name'] != $category_name)&&($_SESSION['parent'] != $parent)){ And do the same to the others, EDIT: If you keep the variables within the ' then it will be taken as a literal string meaning it will check is matches $parent instead of the value of $parent. ~ Chocopi

The best way I found when I didn't know much was to use as many as possible, but obviously this can be very pointless to keep doing this. You should be fine with mysql_real_escape_string though Just keep testing and find your own "best practice" that way you can improve whenever needed. Well thats my input anyways, Good Luck, ~ Chocopi

It could be: $enquiry = tep_db_prepare_input($HTTP_POST_VARS['enquiry']); but i don't think it is, so look for this file require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CONTACT_US); so basically look for the contact us file within the language folder ~ Chocopi

well just to improve on $username's code <?php $desc = // your rss stuff $desc = ereg_replace("[^ A-Za-z0-9.;:@?!\"£$%^&*()-_=+'<>/\\[\]\{\}]","",$desc); echo $desc; ?> I think thats all the basic keys on the standard english keyboard. ~ Chocopi

its probably in another file and then is being accessed using a variable or something, or you're just not lookinh hard enough ~ Chocopi

I guess you could take each word within the description and use some regex on it and then only return the word if its normal EDIT: You could then check each letter of the dodgy word and remove it if its bad, this would be sloppy but could work ~ Chocopi

the best thing i find is just to md5($username) but if you really want them to be different you could add a timestamp on the end aswell ~ Chocopi

no it can but the characters are escaped so in the case of ' it will become \' So im guessing you know that with the backslash being there that the ' will be seen as a literal character and not a special one. Also, can backticks actually be used for sql injection ??? And wouldn't it be better to use this: function get_REQUEST($name) { $sret = ""; if (isset($_REQUEST[$name])) { $sret = $_REQUEST[$name]; $sret = str_replace("`","\`", $sret); $sret = mysql_real_escape_string($sret); // check for injection attacks } return $sret; } That way you are escaping the backtick without changing its value ~ Chocopi

They shouldnt be able to on the likes of radio boxes unless you were to use get in which case they could just changed the url eg: You want: http://www.yoursite.com/page.php?radio=hello they could do: http://www.yoursite.com/page.php?radio=somesqlinjection ~ Chocopi

You really shouldn't bump your topic 10 minutes after a post Im not sure on this but either $_POST['action'] has no value or you should use $_POST['action'] instead of $_POST["action"] and the second part is kinda self-explanatory ~ Chocopi

This is something I have done before, but i never bothered to finish the project. <?php $i = 1; while($i <= 20) { // get teams stats $query = mysql_query("SELECT * FROM `football_teams` ORDER BY `points` DESC, `gd` DESC, `scored` DESC LIMIT $i,$i") or die(mysql_error()); $row = mysql_fetch_assoc($query) or die(mysql_error()); // get results from table $team = $row['name']; $won = $row['won']; $lost = $row['lost']; $drawn = $row['drawn']; $scored = $row['scored']; $against = $row['against']; $points = $row['points']; $gd = $row['gd']; $played = $row['played']; // trim to make sure there is no unwanted spaces trim($team); // replace ' ' with '_' and set to link $link = str_replace(' ','_',$team); // make first letter of word capital $team = ucwords($team); // echo results echo "<tr>"; echo "<td width=\"5%\" align=\"center\">"; echo "{$i}."; echo "</td>"; echo "<td width=\"15%\" align=\"center\">"; echo "<a href=\"teams.php?team={$link}\">{$team}</a>"; echo "</td>"; echo "<td width=\"5%\" align=\"center\">"; echo "{$played}"; echo "</td>"; echo "<td width=\"5%\" align=\"center\">"; echo "{$won}"; echo "</td>"; echo "<td width=\"5%\" align=\"center\">"; echo "{$lost}"; echo "</td>"; echo "<td width=\"5%\" align=\"center\">"; echo "{$drawn}"; echo "</td>"; echo "<td width=\"5%\" align=\"center\">"; echo "{$scored}"; echo "</td>"; echo "<td width=\"5%\" align=\"center\">"; echo "{$against}"; echo "</td>"; echo "<td width=\"5%\" align=\"center\">"; if($gd > 0) { echo "+"; } echo "{$gd}"; echo "</td>"; echo "<td width=\"5%\" align=\"center\">"; echo "{$points}"; echo "</td>"; echo "<td width=\"40%\" align=\"center\">"; echo ""; echo "</td>"; echo "</tr>"; if($i ==4 or $i == 6 or $i == 17) { echo "<tr>"; echo "<td width=\"100%\" colspan=\"11\" align=\"left\">"; echo "<hr width=\"60%\" color=\"#ff0000\" align=\"left\">"; echo "</td>"; echo "</tr>"; } // increment number $i++; } ?> There is quite a bit of junky html in there and you could use a for loop instead of while, but thats the general idea. ~ Chocopi