waynew

What bad practises/mistakes/misconceptions do you see time and time again - in regards to PHP? inb4 or die(mysql_error())

NOSHOW.jpg is the file that they'll be shown instead.

Why not store the references in MySQL?

Use can set a time limit for your scripts: http://php.net/manual/en/function.set-time-limit.php

You can stop hotlinking by putting this into a .htaccess file and uploading it to the main document root of your website:

You're going track each variable back to its original source. If you do that, I promise you'll find the problem. You're very liberal with how you copy your variables.

I love it. However a little bit more space could be used between the items in the right column.

Where are you getting $print_pur_po_total from?

1 MILL GET

Quotes.....?

No. Never.

Postgresql allows prepared statements http://www.postgresql.org/docs/8.1/interactive/sql-prepare.html Other than that, you can whitelist items. If you have a checkbox, make sure that what the user has submitted is actually in those checkboxes. Numbers? Parse them as integers.

Firstly, you're not cleaning those incoming POST variables with mysql_real_escape_string(). Secondly, have you thought about hashing your passwords so that they don't get stored as plaintext (md5, sha1 etc)? Thirdly, have you made sure that two accounts can't have the same login combination? That can be done by not allowing email addresses that are already registered or by requiring the user to verify his/her email address before loggin in. Two or more accounts having the same login on your system would cause all of those accounts to get "locked out". Fourthly, you should be checking for errors in your queries by doing this: $obtainlogin=mysql_query("SELECT * FROM networks WHERE username='$user' && password='$pass'") or trigger_error(mysql_error());

CV.......... ???????

Sorry man. I get put off when somebody bashes something, only to prop it up a few posts later.

O RLY?

Oh and I have a session class too.

Open source is for communists.

I have this problem ALOT. Even on "established" hosting services. 755 usually doesn't work for me.

If you become very familiar with the PHP AND MySQL date functions, you'll have no problem. Focus on those.

He said HTML arrays.

You need to read http://dev.mysql.com/tech-resources/articles/hierarchical-data.html

Obviously this "scraping" of pricing data is being carried out by a cron job, or something along those lines. Simply implement the scraper script before the results are taken out of your database.

Oh wow thanks OP. It's not at all obvious that you're marketing something.