Andy-H

<?php include 'opendb.php'; $currIndex = mysql_real_escape_string($_GET['index']); $query = "SELECT * FROM reviews where m_index = '$currIndex'"; $result = mysql_query($query)or die(mysql_error()); while($row = mysql_fetch_array($result, "MYSQL_ASSOC")){ $Pic = $row['m_Link']; $Title = $row['m_Title']; $Review = $row['m_Review']; echo $Title . "<p>" . $Review . " <br /><img src=\"" . $Pic . "\" /></p>"; } mysql_close($con); ?> </body> </html> Does that work?

Code example??? Also I assume you mean JavaScript; rather than a script, coded in Java (which is what it sounded like to me).

I was told not to use the backticks :S

This is one of my old login/register scripts, could easily be edited... Register.php <?php require("connections/db.php"); function createRandomPassword() { $chars = "abcdefghijkmnopqrstuvwxyz023456789"; srand((double)microtime()*1000000); $i = 0; $pass = '' ; while ($i <= 7){ $num = rand() % 33; $tmp = substr($chars, $num, 1); $pass = $pass . $tmp; $i++; } return $pass; } $ip = $_SERVER['REMOTE_ADDR']; $sub = htmlspecialchars($_POST['submit']); $login = $_POST['loginname']; $user = mysql_real_escape_string($_POST['username']); $email = mysql_real_escape_string($_POST['email']); $rep = mysql_real_escape_string($_POST['email_rep']); $gender = mysql_real_escape_string($_POST['gender']); if ($sub){ if ( empty($login) ){ $errormsg = "Please enter your desired login-name in the \"Login-name\" field"; }else{ if ( empty($user) ){ $errormsg = "Please enter your desired username in the \"Username\" field."; }else{ if ( empty($email) ){ $errormsg = "Please enter your email address in the \"Email\" field."; }else{ if ( empty($rep) ){ $errormsg = "Please repeat your email in the \"Repeat email\" field."; }else{ if ( !ctype_alnum($login) ){ $errormsg = "Login-name's can only contain alpha-numeric characters."; }else{ if ( !ctype_alnum($user) ){ $errormsg = "Username's can only contain alpha-numeric characters."; }else{ if ( strlen($login) < 3 || strlen($login) > 20 ){ $errormsg = "Login-name's have a character limit of 3-20 characters."; }else{ if ( strlen($user) < 3 || strlen($user) > 20 ){ $errormsg = "Username's have a character limit of 3-20 characters."; }else{ if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ $errormsg = "The email you have entered is not a valid email format."; }else{ if ( $email != $rep ){ $errormsg = "The email addresses you have entered do not match."; }else{ if ( ($gender != "Unknown") && ($gender != "Male") && ($gender != "Female") ){ $errormsg = "Tampering with post-data...?"; }else{ $loginname = md5($login); $query_string = "SELECT id FROM accounts WHERE loginname = '$loginname' LIMIT 1"; $query = mysql_query($query_string)or die(mysql_error()); $numrows = mysql_numrows($query); if ( $numrows != 0 ){ $errormsg = "The login-name you have chosen is already in use."; }else{ $query_string1 = "SELECT id FROM accounts WHERE username = '$user' LIMIT 1"; $query1 = mysql_query($query_string1)or die(mysql_error()); $numrows1 = mysql_numrows($query1); if ( $numrows1 != 0 ){ $errormsg = "The username you have chosen is already in use."; }else{ $query_string2 = "SELECT id FROM accounts WHERE email = '$email' AND status = 'Alive' ORDER BY id DESC"; $query2 = mysql_query($query_string2)or die(mysql_error()); $numrows2 = mysql_numrows($query2); if ( $numrows2 != 0 ){ $errormsg = "That email is in use by a living account."; }else{ $pass = createRandomPassword(); $password = md5($pass); $insert_string = "INSERT INTO accounts ( id , loginname , username , password , email , ip , activity , status , gender ) VALUES ( '' , '$loginname' , '$user' , '$password' , '$email' , '$ip' , '' , 'Alive' , '$gender' )"; mysql_query($insert_string)or die(mysql_error()); $to = "".$user." <".$email.">"; $subject = "Subject"; $message = "Thank you for registering at SiteName, your login details are as follows: <br /> <br /> Login-name: ".$login." <br /> Password: ".$pass." <br /> <br /> You can now login at: <a href=\"http://url.com\">SiteName</a> <br /> <br /> [email protected] <br />"; $headers = "From: [email protected]\r\n" . 'X-Mailer: PHP/' . phpversion() . "\r\n" . "MIME-Version: 1.0\r\n" . "Content-Type: text/html; charset=utf-8\r\n" . "Content-Transfer-Encoding: &#173; 8bit\r\n\r\n"; mail ($to, $subject, $message, $headers); $successmsg = "You have successfully registered to SiteName - your login details have been emailed to you. Please remember to check your junk/spam folder."; }}}}}}}}}}}}}}} mysql_close(); ?> Login.php <?php session_start(); require("connections/db.php"); if ( !empty($_SESSION['username']) ){ Header("Location: ???.php"); } $sub = htmlspecialchars($_POST['submit']); $user = $_POST['loginname']; $pass = $_POST['password']; if ($sub){ if ( empty($user) ){ $errormsg = "Please enter your login name in the \"Login-name\" field."; }else{ if ( empty($pass) ){ $errormsg = "Please enter your password in the \"Password\" field."; }else{ if ( strlen($user) < 3 || strlen($user) > 20 ){ $errormsg = "Login name's have a character limit of 3-20 characters."; }else{ if ( strlen($pass) < 5 || strlen($pass) > 20 ){ $errormsg = "Password's have a character limit of 5-20 characters."; }else{ if ( !ctype_alnum($user) ){ $errormsg = "Login name's can only contain alpha-numeric characters."; }else{ $user = md5($user); $pass = md5($pass); $query_string = "SELECT username , password FROM accounts WHERE loginname = '$user' LIMIT 1"; $query = mysql_query($query_string)or die(mysql_error()); $numrows = mysql_numrows($query); if ( $numrows == 0 ){ $errormsg = "There is no record of a user with that login-name."; }else{ $db_info = mysql_fetch_row($query); $username = $db_info[0]; $password = $db_info[1]; if ( strtolower($pass) != strtolower($password) ){ $errormsg = "The password you inputted is in-correct."; }else{ $_SESSION["username"] = $username; $ip = $_SERVER["REMOTE_ADDR"]; $now = time() + 300; $update_string = "UPDATE accounts SET ip = '$ip' , activity = '$now' WHERE username = '$username' LIMIT 1"; mysql_query($update_string)or die(mysql_error()); Header("Location: ???.php"); }}}}}}}} mysql_close(); ?> obviously output the error message like if ( !(empty($errormsg) ){ echo $errormsg; } Or however you wish it to be displayed. Hope it's use full to you....

if(!preg_match('/^[a-zA-Z0-9]+$/i', $myusername)) Why not just use if(!ctype_alnum($myusername))

http://www.phpfreaks.com/forums/index.php/topic,115581.0.html I just read through it once and edited it to make this: http://mafia-world.net/hooligan/AJAX/ I know its simple but I can now intergrate it into my site as I develop it...

Duno but you should close your image and br tags with />

<?php if ($_POST['radio']){ $c = 0; $a = array(); foreach(intval($_POST['radio']) as $value) { if ($c < { if (!in_array($value, $a)){ $a[] = $value; $c++; }}}} ?> Duno if that will work but I thaught I'd have a crack

We can't view that as were not logged in...

Lol I am assuming you mean "by" when you say "but", I only just found out about phpfreaks but it's taught me alot already lol

Thanks lol, I dont know about this stuff - I'm self taught. ???

It would also be useful to use mysql_real_escape_string(); on data being used in queries. Maybe also session_register('mpID'); if (!session_is_registered('mpID')){ Header("Location: dashboard.php"); } And in the site if (session_is_registered('mpID')){ Header("Location: index.php"); }

$getmpID = mysql_query("select mpID from table where username='$uname' and password='$pword')"); $_SESSION['mpID'] = $getmpID; ////////////////// $q = mysql_query("SELECT mpID FROM table WHERE username='$uname' AND password='$pword'")or die(mysql_error()); $g = mysql_fetch_row($q); $getmpID = $g[0]; $_SESSION['mpID'] = $getmpID;

You could block proxies however, when you block proxies people using AOL also get blocked from your site. I don't have a solution; just thatught I'd say lol

And you may want to do this with the output textbox... <textarea name="txtOut" cols="30" rows="5" style="overflow:hidden" readonly="true"></textarea>

Figured it out for you mate. <html> <head> <script type="text/javascript"> <!-- function addText(){ window.document.myForm.txtOut.value=window.document.myForm.txtIn.value; } //--> </script> </head> <body> <form method="post" name="myForm"> <center> Enter text in this box:<br /><br /> <textarea name="txtIn" cols="30" rows="5" onKeyUp="addText()"></textarea> <br /><br /><br /> And it will appear in this one:<br /><br /> <textarea name="txtOut" cols="30" rows="5"></textarea> </form> </body> </html> Definately works, I already tested it...

For that to work you would have to post the form...

DarkWater taught me most of that lol Ty xD

I use empty() on everything but the $_POST['submit'] never seems to work for some reason. Also if data is going into a database use mysql_real_escape_string() or md5() for password encryption. If it's going to be displayed use htmlspecialchars().

oops lol

It would involve AJAX - that much I know...

No idea but I saw your making an MMOrpg, add me. [email protected] lol

Just add a condition like: public function result($sql){ if(!($res = mysql_query($sql, $this->link))) trigger_error("Error: Invalid query -> ".$sql." MySQL said: ".mysql_error()." "); else $numrows = mysql_numrows($res); if ($numrows == 0){ trigger_error("Error: Query -> ".$sql." returned 0 results."); }else{ if(($return = mysql_result($res,0))) return $return; else return false; }}

Check your messages please.

<?php if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ echo "The email you have entered is not a valid email format."; }else{ code; ?> $query_string = "SELECT id FROM tableName WHERE email = '$email' LIMIT 1"; $query = mysql_query($query_string)or die(mysql_error()); $num = mysql_numrows($query); if ($num != 0){ echo "That email is in use by another account."; }else{ code; } ?>