Perplexity 🤖

@lemmin Yes, I know, but with {,} just looks more 'clear'. (-; -- jelly.

<?php if ($info['OkToSpam']=="on"); ?> Should be: <?php if ($info['OkToSpam']=="on") //without ; { // if on -> do something } else { //do something else } ?> -- jelly.

<?php function transform2link($row) { $row = ereg_replace("([0-9a-zA-Z]([-_.\w]*[0-9a-zA-Z_])*@(([0-9a-zA-Z])+([-\w]*[0-9a-zA-Z])*\.)+[a-zA-Z]{2,9})", "<a href=\"mailto:\\0\">\\0</a>", $row); $row = ereg_replace("[a-zA-Z]+://([.]?[a-zA-Z0-9_/-])*", "<a href=\"\\0\">\\0</a>", $row); $row = ereg_replace("(^| )(www([.]?[a-zA-Z0-9_/-])*)", "\\1<a href=\"http://\\2\">\\2</a>", $row); return $row; } $sql_query = "SELECT * FROM `table`"; $sql = mysql_query($sql_query) OR die(mysql_error()); while($r = mysql_fetch_array($sql)) { echo transform2link($r['your_row']); } ?> -- jelly

http://uk3.php.net/manual/en/book.regex.php http://www.regular-expressions.info/php.html -- jelly

You should add 'filtering' to your $userId and $password variables. <?php $userId = mysql_real_escape_string($_POST['txtUserId']); $password = mysql_real_escape_string($_POST['txtPassword']); ?> Try type as user name: ' or 1=1-- ;-) -- jelly

<?php // $username = mysql_real_escape_string($_POST['username']); if($connect_mysql) { echo 'connection established to MYSQL'; } else { die ('Connection could not be established with MYSQL'); } $mysql_db = mysql_select_db('artsonlinermmo'); if($mysql_db) { echo 'database mounted'; } else { die('could not mount AORMMO database'); } $query = ("SELECT `customer_name`, `customer_password` FROM `customer` WHERE `customer_name` = '$username'"); $results = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($results)) { if($username == $row['customer_name']) { $loggedin = true; echo 'great your a user!'; } else { $loggedin = false; echo 'sorry not a user'; exit(); } } ?>

<?php mysql_connect('host','user','pass'); mysql_select_db('database'); // Database: LOGS -> log_id | IP | url | hits $ip = mysql_real_escape_string($_SERVER['REMOTE_ADDR']); $url = mysql_real_escape_string($_SERVER['PHP_SELF']); $sql = "SELECT * FROM `LOGS` WHERE IP = '$ip' AND url = '$url'"; $sql_query = mysql_query($sql) OR die(mysql_error()); $count = mysql_num_rows($sql_query); if ($count == 0) { $insert = "INSERT INTO `LOGS` (`IP`, `url`, `hits`) VALUES ('$ip','$url','1')"; mysql_query($insert) OR die(mysql_error()); } else { $update = "UPDATE `LOGS` SET (hits = hits + 1) WHERE IP = '$ip' AND url = '$url'"; mysql_query($update) OR die(mysql_error()); } ?> Does that help you? -- jelly

<?php $number = $_POST['num']; $back_link = $_SERVER['HTTP_REFERER']; if (empty($number) || (int)$number == 0) { echo ('Please go back and select a number. '); echo ('<a href="'.$back_link.'">Go back</a>'); } else { // your code } ?>

<?php $sql = "SELECT FROM `table` WHERE `field` ORDER BY `field`"; mysql_query($sql) or die(mysql_error()); echo '<pre>'; print_r($sql); echo '</pre>'; ?> -- jelly

Connecting to MySQL: <?php $host="localhost"; $username="your_username"; $password="your_password"; $db_name="database_name"; mysql_connect("$host", "$username", "$password") or die ("cannot connect"); mysql_select_db("$db_name") or die ("cannot select database"); ?>

This is a good example of MySQL Injection This should be more like: <?php $delete_id = mysql_real_escape_string($_POST['delete']); mysql_query('DELETE FROM `mytable` where `id` = \''.$delete_id.'\' LIMIT 1'); ?> -- jelly

<?php include('./top.html'); // header switch(strtolower($_GET['id'])) // 'content' { case "58fhckjhdifehskdjh": include("homepage/news.php"); break; case "ud89fhes9ch02hfdek": include("othersites/CC/index.html"); break; case "49fjdkfodijfldkji": include("contact.html"); break; case "dfjke920doid9vj3d": include("smartboardsolution.html"); break; default: include("page.php"); break; } include('./bottom.html'); // footer ?>

<?php if ($thegameid = (int)$_GET['gameid']) { mysql_query("UPDATE players SET players = players + 1 WHERE id= $thegameid"); } else { echo ('error'); } ?> If the value isn't int that will return 0. If $_GET['game'] = '123abc' that will return $thegameid = 123. -- jelly.

<?php $thegameid = (int)$_GET['gameid']; // id MUST be an integer value ?> :-)