premiso

Dunno, I am not staff. I was just asking

Why are you duplicating posts?

Actually it does. Read the syntax and read the page. MySQL does not support "SELECT INTO" sybase syntax, instead it is INSERT INTO table_name (col1, col2) SELECT somecol1, somecol2 FROM table_name WHERE .... If you are going to ask for help, actually look at the answers given before dismissing them. So your statement, which was missing an ending quote should be from this: mysql_query("SELECT User_ID,User_Longitude,User_Latitude INTO user_location FROM quotes) or die (mysql_error)); To: mysql_query("INSERT INTO user_location (id, longit, lat) SELECT User_ID,User_Longitude,User_Latitude FROM quotes") or die (mysql_error())); You will need to change "id, longit, lat" to be what column names that data needs to go into.

The actual name of the function is "mysql_real_escape_string()". So yes, it does only make sense in the case for a string. You can escape other data, but it is better to validate that data with what it should be vs doing a "catch all". Or even better yet, to just use Prepared statements and not have to worry about escaping.

Why are you using htmlentities on a numerical value? That makes no sense at all. If the ID is numerical and a integer, just static cast it to an INT and you are good. $id = (int)$_GET['id']; $sql = .... If the value is string then you may want to use entities, but it all depends on where the data is going and how it is going to be handled. mysql_real_escape_string is enough to prevent an inject without much else needed. The htmlentities would be to prevent XSS attacks. That is plenty to prevent injection of an integer, nothing else needed.

Or skip all the \n nonsense and use heredoc: <?php $server = $_POST["server"]; $username = $_POST["username"]; $password = $_POST["password"]; $data = <<<DATA <?php \$server = '$server'; \$username = '$username'; \$password = '$password'; DATA; file_put_contents("/test/databasedata.php", $data);

@vincej, I think that is just fine for what you are doing, however, you can format the dates prior to it hitting php, so you do not have to worry about formatting them later: SELECT `location` , GROUP_CONCAT( DATE_FORMAT(pd.dates, '%M %d'), ORDER BY pd.dates ) AS TheDates FROM locations AS lo LEFT JOIN pudates AS pd ON lo.locationid = pd.locationid GROUP BY lo.location LIMIT 0 , 30 And then you don't have to worry about formatting it with php at all. http://dev.mysql.com/doc/refman/5.1/en/date-and-time-functions.html#function_date-format For the items you can use in place of %M and %d

$display = '<table>'; foreach ($arr as $item) { $theDates = explode(',' $item['TheDates']); $display .= '<tr><td>' . $item['location'] . '</td><td>' . $theDates[0] . '</td><td>' . $theDates[1] . '</td><td>' . $theDates[2] . '</td></tr>'; } $display .= '</table>'; echo $display; Should do what you want.

Create your own thread? Stop necroing like an asshat. You cannot delete accounts because then information, used to help other people may be lost. If you do not want that information public and always around...you should have read the rules and not created an account / posted. Simple as that. You agreed the rules by signing up, so yea.

echo "<input name='id_zamjena' type='hidden' value='$id_zamjena'>"; Most likely your value is getting screwed up due to lack of quotes, give that a shot.

++; I used it a few times, this is one of the best programs out there. As far as filenames / folders, recuva has the option for folder structure and names, I am not sure how it works, but it did work for me, it is not 100% (nothing will be) but as long as you didn't overwrite the files etc, it should do just fine.

I am not exactly sure where you are going with this, so this may not be correct at all but here you go: Oh this assumes that "message" is actually a function that does something as well. function regex_check_image($url="", &$counter = 1) { while($counter<6){ $counter++; if (!$url) return; $url = trim($url); $default = "[img=http://".$url."]"; $default = "[img=http://".str_replace( '[', '&# 091;', $url )."]"; if ($counter > 10) { message('You have posted to many Images'); break; } if (preg_match( "/[?&;\<\[]/", $url)) { message('No Dynamic Images'); break; } if (preg_match( "/javascript(\:|\s)/i", $url )) { message('No Dynamic Images'); break; } if (!preg_match( "/^(http|https|ftp):\/\//i", $url )) { message('No Dynamic Images'); break; } $url = str_replace( " ", "%20", $url ); } return "<img src='$url' border='0' />"; } // usage : $counter will contain how many times it was looped. $imgHtml = regex_check_image($url, $counter); echo "Checked $counter images!";

This thread is pretty funny. The exit's, as original stated, kill the script. You want to use break; which will break out of the loop. So yea, no more exit's, use break instead. Again exit KILLs the script. Nothing gets done after that point. Break will just break the loop and continue with the rest of the code.

In a few hours? Wtf is wrong with these people. It should take a few months. I will get on to fixing this "extreme efficiency" issue we are having. Thanks for pointing it out!

Well maybe we should resurrect a dead html entity for that and add the <blink> to the word, make them bold and in size 18 font? Maybe that would get peoples attention? Or even a marquee. Oh well

preg_replace You need the regex to find, the items to replace and the string where the replace occurs. Not really rocket science.

I know Josh likes zombies and all, but people who necro dead threads (>1-2 years old) bug me. I can understand that there may be an instance where the OP comes in with a solution to it, or maybe someone else has a solution, but where it bugs me is the OP, or someone else asking for help on this dead topic instead of creating a new one. Suggestion would be a couple different ones: [*]A warning to the effect of "This topic is over x years old, please consider creating a new one" with maybe a captcha required. The idea would be to make it more annoying to continually post in this dead thread vs making a new one. [*]Locking the threads after X time. The locking would prevent the updates, which is why I put the captcha / warning suggestion first. [*]Keep the system as it is, ignore me and go on your merry way. Anyhow, just figured it would help out, namely what brought this to mind was: http://www.phpfreaks.com/forums/index.php?topic=267188.msg1674175#msg1674175 The OP posts in a thread that is nearly 3 years old, marked as solved, trying to get more help. So yea, just something I found annoying.

I would alias the column coming from mysql, but since you used fetch_array, just call it by the index: <input type="text" name="text" id="text" value="<?php echo $row[0];?>" /> Should give you the right value.

Don't necro old threads. Create a new one please. Let the dead rest peacefully! If the information here is relevant, link to this thread in the new one.

Is a cronjob (linux) or schedule task (windows) an option? If it is a linux server, and you can setup a cronjob, you can have the cron call the link using curl or wget, and just use their silent triggers to disregard the data. If that is not an option, you can setup a cron or scheduled task on your box to run and call the page every x minutes. That seems to be what you are after at any rate.

Since you are on a shared host, your options are limited, and there is probably a known exploit with godaddy and the version they run. You can try a service like cloudflare.com which is a dns proxy that attempts to block out known exploits etc to your wordpress deal, if you want to try it. Other than that we really are not the best suited to help you. GoDaddy or Wordpress forums would be a better resource to turn to.

Ok, so if you already know how code can be injected, what are you debating here? Re-create the image with GD, use a hash for the name, for whatever reason and you are secure. I am not sure why you are asking as we already confirmed all you wanted to know, and it seems like you knew it all already and were going about it right. So stop debating us about it, and go ahead and do it / try it! Want to see if comments are left after you recreate a gif? Try re-creating a gif with comments in it! Want to see if the gif can be executed in anyway shape or form on your server, try it! You have your answer, now go and code!

That is not a negative integer, that is a float / double. I would not recommend converting that to an integer value anyways and you should have other checks in place for that type of logic. Generally, when someone has a question in this regard with converting a value to integer it is for an ID field type or similar, where the only harm that will be done from a negative value is it returns 0 rows. But that is why you code for your application and code in the checks needed as well as escape / filter your data. EDIT: Just saw that it was not -24.25 and it was -2425 My mistake there, either or you should have logic in place to verify that is not a negative number if it should not be negative and could adversely affect your application if it is negative.

I would agree, systems like this scare me, all it takes is one missed sql injection spot and everyone has your user's credit cards, unencrypted and you are responsible for all the damage done. You are asking for a lot of trouble with something like this.

Are you planning on executing an image? The only way I know for an image to be damaging is if someone potentially uploads an image from a website that is a script, but even then, you would have to execute that image in some way for it to be damaging. I could be wrong, but I don't think so. Even if someone put a whole php script in image code, the only way for that to be ran is A: You set the wrong header when serving the image; B: you include the image in a script. or C: you actively execute it by renaming it to .php and opening it in a browser. As far as it stripping, I have no clue what GD does / does not do, this is the part where I would tell you to read the manual to find out that information. The only benefit to having one format would be lack of having to remember the extension later on, but .png and .gif can be animated images, converting them to .jpg would remove any animation they may have and will just take the first frame. If you really don't want animated images, converting them to .jpg would alleviate that as a bonus I guess.