nafetski

Just because they can be disabled doesn't mean that they're not useful! If I'm writing an open source PHP library, you bet your ass I don't use short tags (tho it's pretty likely in that case I'm not escaping HTML either)

Well, the fact that his link points to an asp page isn't a horrible issue...as far as the .asp script is concerned a GET variable is a GET variable (tho it's a bit strange that he's going from PHP => ASP, it's not unheard of) POST is in no way more secure than GET...you can see the POST data in an http request clear as day, the only difference is it doesn't show up in the address bar.

It's weird, I hate php short tags by themselves - but I love using them in views and such. <?= $var ?> seems a lot prettier to me than <?php echo $var ?> (while in the context of a view) What drives me most insane tho, is when people echo out long strings of html inside php. Seems to be the most error prone way of doing things!

Well, one thing I learned early on is if something is working in some browsers (and not others) the issue is never your PHP code. You can drive yourself THINKING that it is, but it's not...the issue you're having is how the browsers are handling malformed HTML, and that's solved easiest by validating your html! At first glace, the thing that sticks out is <input name=\"checkbox[]\" type=\"checkbox\" id=\"checkbox[]\" value=\"$ID\"> If that is how they are being sent to the browser, it's going to choke . I would do it like this <?php foreach ($data as $row): ?> <input name="checkbox[]" type="checkbox" value="<?= $row['ID'] ?>"> <?php endforeach; ?> Make sure you don't have escaped quotes \" being sent to the browser, and ID's with html have to be UNIQUE. id="checkbox[]" means nothing to the browser, it's just going to start choking

Totally agree, it just seems to be the term that beginners use to describe what they want when hashing..hence the quotes.

Redirects are pretty simple in PHP - it should work no matter what kind of project it is. However, you haven't supplied us with enough information. I have no idea what is contained inside of redirect.php

Well, you can't really...it's the foundation of how the web works. You can't *hide* parts of your URL and still expect it to work when it hits the server...everything that is sent is out in the open (when it comes to URL's). Some common ways people get around this is by #1 - Sending a hash (md5, sha1, something). This is a one way "encryption" so you have to also store the hash as a relation somewhere in your database (so you can do a lookup) #2 - base64encode. Converts the string into base64, then you use base64decode when it hits the server. This doesn't mean the user can't run base64decode themselves (they can), so its' not secure. It's just a way to make things a bit more difficult. #3 - Pass a user ID, or some other data that wouldn't make sense to the general public. (but there is a relation in your DB)

A couple things... First, I really like using PHP's glob() function. Great tutorial on how it works can be found at http://net.tutsplus.com/tutorials/php/quick-tip-loop-through-folders-with-phps-glob/ It looks like you are counting prematurely. change while($file = readdir($handler)){ if($file != "." && $file != ".."){ $this->get_images_in_dir[] = $file; $count_images = count($this->get_images_in_dir); for($i = 0; $i<$count_images; $i++){ if(substr(strrchr($this->get_images_in_dir[$i],'.'),1)=="jpg"){ //echo "<img src='".get_template_directory_uri().'/images/headerimages/'.$this->get_images_in_dir[$i]."' width='100' height='100' />"; return $this->return_images_got = $this->get_images_in_dir[$i]; } } } } To while($file = readdir($handler)) { if($file != "." && $file != "..") { $this->get_images_in_dir[] = $file; } } $count_images = count($this->get_images_in_dir); for($i = 0; $i<$count_images; $i++) { if(substr(strrchr($this->get_images_in_dir[$i],'.'),1)=="jpg") { //echo "<img src='".get_template_directory_uri().'/images/headerimages/'.$this->get_images_in_dir[$i]."' width='100' height='100' />"; return $this->return_images_got = $this->get_images_in_dir[$i]; } }

You will do a curl request to their API (you'll need an API key) and they return a JSON response with all sorts of data in it. Including the filepath of the image. At that point you can just json_encode the response, and respond with something like <img src="<?= $theimagepaththeygaveyou?>"/>

You will want to look at the following settings in php.ini upload_max_filesize post_max_size max_execution_time You definitely shouldn't have to read the entire file into PHP before serving it. Just setting the appropiate headers should do the job, then let apache handle delivering the file.