xylex

You need to specify a handler (preferably PHP) for files with a .php extension in your httpd.conf file. Make sure you restart apache after you do that.

Why don't you just an existing templage engine like Smarty? It already does everything that you're looking to write. Google it, there are tons of tutorials to get you going.

Chances are a missing ";" in the previous line.

.

Your script probably is storing line breaks, but a web browser doesn't display line breaks. Try <?php $search = array("\r\n", "\n", "\r"); $replace = "\n<br />" str_replace($search, $replace, $_POST['textarea']); ?> If you want it to also break in the same soft breaks where the text wrapped to a new line in the text area, add wrap="hard" in the textarea tag.

If you build out your functions to include HTML formatting and the variables, you're just going to be making a lot more work for yourself in the long run. In your example show_row() function, what if you wanted to display that outside of a table, or in a table that had something other than two columns? You'd have to create a new function for every variation you used, making your code a lot less reusable, harder to read, and longer to write and update. If you want to make your own templating class, make the functions either insert HTML around variables, or get and clean the variables for display, not both.

For starters, stop bumping every 5 minutes. Put "error_reporting(E_ALL);" in the start of your code if you're having issues, and it will probably give you an idea of where it's missing out. Is there some reason why are you pulling the entire table into an array and searching that instead just pulling the one record with your query? You did // Get all entries from 'members' table $sql = 'SELECT * FROM `members`'; $sqlresult = mysql_query($sql); When // Get matching entry from 'members' table $sql = 'SELECT * FROM `members` WHERE username='.$user.' AND password='.sha1($pass); $sqlresult = mysql_query($sql); Also, mysql_real_escape_string() your $_POST['user'] and $_POST['pass'].

" <td rowspan=\"2\" align="center"><img name=\"header.jpg\" src=\"themes/GameTech/images/header.jpg\" width=\"761\" height=\"160\" align=\"center\" border=\"0\" alt=\"\"></td>" or " <td rowspan=\"2\" style="text-align: center"><img name=\"header.jpg\" src=\"themes/GameTech/images/header.jpg\" width=\"761\" height=\"160\" align=\"center\" border=\"0\" alt=\"\"></td>"

You're vulnerable to SQL injection all over your website, including the login, so brute forcing isn't even necessary. I would recommend patching that part up ASAP.

Start by adding error_reporting(E_ALL); to the beginning of your code, and debug from there.

Register globals is off (which is a good thing), so you need to refer to the variables as $_POST['MC_Name'] or $_REQUEST['MC_Name'] instead of just $MC_Name.

You need to use some character to denote the start and end of a regular expression within your string. "|" and "/" are common characters to use, but you can use almost any character. The first charcter in the string your original code has is "<" so the error message you posted is from not being able to find the matched closing charcter.

1. Watermarking. Depending on what your application does, server load, and many other variables, either resize and add the watermark when the file is uploaded prior to saving it in the upload directory in the web root, or save it outside of the web root, and add an image retrieval function/class to display the images. For video manipulation, try FFMPEG. 2. Classes Classes and OOP typically make code maintainablity, team development, and reusabilty much easier than procedural coding. Yes, you can build any project without using classes and have it function the same way as if you had used classes, and depending on the project and what you're familiar with, do it much faster without classes. However, as you need to add functionality or have other developers working on the script, it is a lot easier to keep track of what's going on if things are divided up into objects. 3. Thumbnailing FFMPEG again 4. Security This is another aspect where classes and OOP comes into play. If you make a data sanitization class, you only have one place to look at for common security holes as far as SQL injections or XSS comes into play. There are a few programs and services that will check for these issues, but if all of your data is being cleaned by a single class, this wouldn't be too much of a concern. The much larger potential security issues with an app like you described are going to be in your file upload and handling, and there isn't really any automated tests to do that. A good article about some common issues are at http://www.scanit.be/uploads/php-file-upload.pdf. Good luck with it, and remember when you're architecting larger projects like this, designing the code to be easy to update and modify is just as important getting it to work.

Now I'm not trying to say your work is pointless, but it can easily be switched back to code that is much easier to read. Your script may stop the casaul hacker from making a quick edit, but I would question the protection that it would offer on any expensive or wide distro project. A basic decode script- Note that this errors out if there are escaped quotes in the encoded script, but that could be easily fixed as well. <?php if (get_magic_quotes_gpc) $value = stripslashes($_REQUEST['code']); else $value = $_REQUEST['code']; $search = array ('"','$','?>','<?', ';'); $replace = array ('\"', '\$', '?&gt', '&lt?', ";\n"); $value = str_replace($search, $replace, $value); eval ('echo "<pre>'.$value.'</pre>";'); ?> <h3>Enter Code</h3> <form method="post"> <textarea name="code"></textarea> <input type="submit">

Your error message says that there's something being outputted to the browser at line 6 of your config.php. A blank line after your closing "?>" ? Post your config.php if you can't figure it out.