Maq

Something similar with an extensive library is the simpleXML extension.

No worries. Your best bet is to actually create the script, implement what you think are proper security precautions, and post it in the Beta Test Your Stuff! section. People will give you insight on leaks, holes, and other issues you have in your script. Good luck.

Sure, you're going to have to use a JOIN. Can you post your table structure?

Correct. A clear question will receive a clear response. I apologize for the misunderstanding, I think my attitude was adequate for my initial understanding of your question/concern. Now that we know you're having a troubling concern with the security aspect, we can give clearcut help. Have you read the article I provided in my previous post? There are a few strong security precautions you can take. I would primarily focus on 2, 3, and 4. 2) Restriction: Check the mime-type and file extension and only allow certain types to be uploaded. (In your case you are going to have to accept .php, and whatever else you need, so options 3 & 4 will be necessary) 3) Renaming: Rename files to prevent malicious code from executing on your server, 4) Permissions: Certain files should be chmod'd and chown'd properly. Hope this helps, good luck.

Here are a couple good ideas for some security precautions: http://php.about.com/od/advancedphp/qt/upload_security.htm

Really? That's a little hard to believe... phpfreaks: http://www.phpfreaks.com/forums/index.php/topic,262872.0.html http://www.phpfreaks.com/forums/index.php/topic,259593.0.html http://www.phpfreaks.com/forums/index.php/topic,262800.0.html net: http://php.about.com/od/advancedphp/ss/php_file_upload.htm http://www.tizag.com/phpT/fileupload.php http://www.hotscripts.com/category/php/scripts-programs/file-manipulation/upload-systems/ (3rd party)

Yes. Please read the manual - Passing by Reference. Why don't you test it out?

Let me repeat myself. What exactly is the problem? "Doesn't work" is meaningless. Are there errors? Blank screen? What happens? What do you expect to happen?

1) Please use tags. 2) What is the issue you're encountering?

My hero, thanks so much :D :D NP. Be sure to mark as solved.

You need backticks around key, it's a reserved word.

You need single quotes around the keys in your associative arrays.

Yes you can. You should have registered_globals off for multiple reasons primarily because of security reasons and the fact that it has been deprecated in PHP6.0.

To elaborate and clarify on ldougherty, the print_r() display would look like: Array ( [0] => 1 [1] => 2 [2] => 3 ) (You also need to prefix the array with '$')

A bit off-topic but, take a look at GWT and the canvas element for HTML5. These are both going to be pretty big in the future. All heavily based on JS.

Sorry, I forgot the closing curly brace. id={$rs0['uid']}";

Gotcha. If you post in the wrong forum you can click on "Report to a Moderator" and it should be moved in a couple of moments.

That's kind of funny but not a good idea for a couple reasons. - For some people, English isn't their native language. - Who has control over this button? Wouldn't some asshat just go around clicking on every thread? - I agree with Daniel's post, it's their loss, ignore them and don't respond, their loss.

Please don't double post. It wastes peoples' time.

Can you post the entire error?

Define advanced. Maybe dynamic?

What is this world coming to...

I'll bet you. That song makes me want to throw my laptop at small children.

You were missing a terminating double quote for the query on line 267 (starts with 'rs0'). But here is your code reformatted and modified (read the comments): if(mysql_affected_rows() > 0) { $id=mysql_insert_id(); } // This - $freetplrow_con=mysql_fetch_array(mysql_query("select * from freetplclassified_config")); - // can be broken down into the 3 lines below. $sql = "SELECT * FROM freetplclassified_config"; $result = mysql_query($sql) or die(mysql_error()); //take out or die clause afterwards $freetplrow_con = mysql_fetch_array($result); $null_char[0]=$freetplrow_con['null_char']; $site_root[0]=$freetplrow_con['site_root']; $freetplreturn_arg=($freetplreturn)?"&id=$id":''; // This - $rs0=mysql_fetch_array(mysql_query("select * from freetplclassified_products where id=$id")); - // can be broken down into the 3 lines below. $sql = "SELECT * FROM freetplclassified_products WHERE id=$id"; $result = mysql_query($sql) or die(mysql_error()); //take out or die clause afterwards $rs0 = mysql_fetch_array($result); $product_url="{$site_root[0]}/product_desc.php?id={$rs0['id']}"; $product_url="$product_url"; $login_url="{$site_root[0]}/signinform.php"; $login_url="$login_url"; // This - $rs1=mysql_fetch_array(mysql_query("select * from freetplclassified_members where id={$rs0['uid']})); - // can be broken down into the 3 lines below. $sql = "SELECT * FROM freetplclassified_members WHERE id={$rs0['uid']"; $result = mysql_query($sql) or die(mysql_error()); //take out or die clause afterwards $rs1 = mysql_fetch_array($result);

You should really separate your query line into a block. This increases readability, easier to debug, it's cleaner, and many other reasons. As far as line 268 try this: - Curly braces escape and separate the arrays. - As long as your primary string is in double quotes your variables will interpolate, assuming correct syntax. - Associative arrays should use single quotes. $product_url="{$site_root[0]}/product_desc.php?id={$rs0['id']}"; (Note: Please use tags around code.)