raku

Your query is failing. $wdid and $rid weren't set.

You can try querying to get the total number of rows. Then use LIMIT and OFFSET to choose the last 17.

echo "<td><a href="http://pantheongaming.net/member.php?u='.$row['userid'].'">'.$row['username'].'</a></td>"; change to echo '<td><a href="http://pantheongaming.net/member.php?u='.$row['userid'].'">'.$row['username'].'</a></td>';

You haven't imported the mootools javascript. <script type="text/javascript" src="/path/to/mootools.js"></script>

Hey, I'm using an Ajax request to logout the user then reload the page with window.location.href = unescape(window.location.href). Unfortunately, this does not work in Safari. It says "cancelled opening the page." The page reloads successfully in firefox. Why is it not working in Safari? Thanks!

Hi, As I described in a previous thread, users coming to one of my forms can have fields automatically filled out if their URL has the right variables in it. For example: http://example.com/form.php?text=awesometest will fill out the text field with: awesometext Sometimes though those URL variables are encoded, and if the text contains a quote ("), it is encoded to " so the URL looks like http://example.com/form.php?text=%26quot%3Bawesometext%26quot%3B This displays in the input text field as "awesometext" and in the page source as "awesometext" It only displayed correctly after I applied html_entity_decode on top of urldecode on the variable from the URL. I then apply htmlentities before outputting it. Once the user submits this form, another script adds the text in to the database. The field in the database shows exactly: "awesometext" I was expecting it to show: "awesometext" Although it is doing what I wanted, I was expecting to have to apply html_entity_decode again in the script that adds the text to the database. Is something decoding it along the way automatically? Should I apply html_entity_decode just to be safe? Thanks so much!

Thanks again. Without using urldecode(), the URL appears correctly in the input box. http%3A%2F%2Fwww%2Esample%2Ecom%2Fblogs%2F appears as http://www.sample.com/blogs/ I'm guessing I don't need urldecode? I don't allow any HTML in any of these fields, it's just URL and a comment. I'm using strip_tags to get rid of any formatting they might try and use, and htmlentities to try and prevent any other kind of malicious stuff.

Thanks for your help guys. I think the solution is to require users to enter an encoded url, otherwise the input boxes won't be filled out properly. It seems to work when the url is entered like: http://example.com/testing?url=http%3A%2F%2Fwww%2Esample%2Ecom%2Fblogs%2F For security would I need to use anything more than strip_tags and escaping on the URL string?

Awesome, thanks so much! Could you please comment on htmlentities and strip_tags? If I'm accepting content through the URL like that, should I use both functions in addition to mysql_real_escape_string when I enter it in to my database? I also output it to users at times, and would like it to look appropriate while being safe. Thanks again! Edit: That script doesn't work in a some situations: If the URL is http://test.com/test%20test, it modifies it, but I think it's fine the way it is. They are entering URLs from websites that exist, and lots of times they put the title in the html name like.. http://example.com/blog/php%20is%20awesome.html Also, it doesn't work on variables on the end of the string or if there are multiple slashes.

Thanks! Could you please reply to my urlencode question? Should I trim off the "http://" before using the function? Also, users can add descriptions or comments for the URLs. Is it okay to only apply strip_tags to them, or do I need to use htmlentities as well? I'm guessing that I should use htmlentities if they are carried in the link as a variable.

That converts "http://" as well. Should I trim it off before using urlencode, then add it back on? Also, if I'm adding this into a database and displaying it to other users, do I need to do anything more than htmlentities, strip_tags, and mysql_real_escape_string? There are some other text field inputs as well that I'm using those functions for. Thanks.

Any ideas?

If you simply want to print all of the records in your table, do a while loop through the table and output what you want to see. For example: $query = "SELECT * FROM salons"; $result = mysql_query($query); while($row = mysql_fetch_array($result)) { echo $row['companyname'] . "," . $row['tradingname'] . "<br/>"; } This will output the company name and trading name for every company in your table. You can change up the way the output looks and use whatever fields you want. Regarding deleting a row: $companytodelete = "name of company to delete"; $query = "DELETE FROM salons WHERE companyname='$companytodelete'"; mysql_query($query); You can interchange the variables if you'd like to delete a company based off of another field. If you are going to take the companytodelete name from the user, you may want to escape it using mysql_real_escape_string. Hope this helps!

I'm not sure I understand what you're asking entirely, but you could try something like this: $files = "files/"; $total = total_size($files); Hope this helps.

Sure thing. $url = $_GET['url']; $url = strip_tags($url); $url = htmlentities($url); ... <input name="url" type="text" value="<? echo $url; ?>"></input>

Hey, I am trying to allow users to enter links into an input box from the URL, for example: http://example.com/?url=http://google.com But, when these URLs have spaces in them, they are shown in the input box as "http://test.com/test test" instead of "http://test.com/test%20test". I have used htmlentities and strip_tags to make sure their inputs are safe, but how can I keep the special characters from being converted (like %20 to space)? Thanks!

Thanks for the help guys! I had to do something like this: SELECT * FROM table ORDER BY number_comments DESC, view_count DESC It didn't seem to work without the DESC in there.

Hey, Is there a way to order by a second variable if the first variable is equal for two rows? For example, if I'm trying to output a list of posts in the order of most comments, but two of the posts have the same number of comments, I'd like the post with the higher view count to be listed first. Thanks.

Hi, Does anyone know what an "&" sign before a variable does? &$variable Thanks!

Quick question: what does the "&" sign do in "&$piece"? Thanks.

Awesome, thanks so much!

Orio: For that string, I don't want anything to happen to it.

Effigy: Yeah that's exactly it.

Sure. <?php $subs = array( '/\b_(.+)_\b/iU' => ' <em>$1</em> ' ); $text = "http://www.google.com/_testing/blah_.html"; $formatted_text = preg_replace(array_keys($subs), array_values($subs), $text); ?> Thanks.

Thanks, it works for that example. But, for the url http://www.google.com/_testing/blah_.html it converts the underscores into spaces and makes testing/blah italic.