mikesta707

try removing the single quotes around $finalprice, IE mysql_query("INSERT INTO cart (`Item`, `Item ID`, `Box Amount`, `Cost`) VALUES ('{$row['Item']}', '{$_GET['id']}', '{$_GET['amount']}',$finalprice)"); what I suspect is happening is you are passing a string value into an integer column, and strings that are coerced to integer values become 0. at least thats how PHP handles it, but I think MySQL does that same

if you just want to get rid of html how is striptags not good enough?

can i see that code that enters them into the database?-

ahh wow AlexWD's solution is way better way way better. you would just echo the returned value. completely forgot about asort haha

Meh, the security risk you are talking about isn't that drastic at all.. especially since the reset password system is pretty much standard with most websites out there. Hell, if it was that big of a deal, would giants like google, yahoo, microsoft, etc. use it? They use it with emails (which would cause much more harm is hacked into than some random website) So you'll be fine. Besides, in order to make use of this "vulnerability" you would most likely have to hack into their email account, and if some hacker has gone that far, than i think its safe to say that all is lost. And if a hacker has gotten into your email address, unless your site is one that takes bank information and stuff like that, I wouldn't worry about it. What is someone gonna do with your account? make you look bad? Security question + secret answer + reset button is pretty safe in my opinion. not to mention that there isn't anything that is 100% safe, and if there is, thats only because hackers haven't taken the time to expose a weakness yet

oh testfile was a misspelling (always mix up my s's and x's) it should be textfile in your case. but you declare $row and $column in the foreach loop. they are loop variables. I suggest you read a tutorial on foreach loops (there is one in my sig that goes over it briefly, as well as other array stuff)

function getAverage($array){ //get lowest values, and counter $counter = 0; $lowest = 9999;//arbitrarily high values $secondLowest = 1000; foreach($array as $arr){ $counter += $arr; if ($arr < $secondLowest){ $secondLowest = $arr; if ($secondLowest < $lowest){ $lowest = secondLowest; } } }//end foreach $counter -= ($lowest + $secondLowest);//drop 2 lowest return $counter / (count($array) - 2);//return average }//end func untested, so logic might be slightly off, but i think thats about right

did you completely ignore what i wrote? you didn't change anything at all... you just copied your first post and pasted it into a new one

oh, well you are doing that completely wrong. assuming that the password is already md5'ed in the database if ($email == $row['email'] && md5($password) == $row['password']) what you did there didn't really even make any sense. you were trying to md5 the string 'password' followed by a square bracket, and use that md5'ed string as the key in the $row array.

hard coding it in a .cfg file and hard coding it in a .php are not much different. but if you must look into file_get_contents(), fread(), feof() and many other of the php file handling functions

well of course the page is blank... you never echo anything. perhaps you meant echo $row['Cost'];

foreach goes through the first array (an array of arrays) each element (in that case $row) is also an array, so you go through each of those arrays to get the value. then you write the value to the page. can i see your code?

oh my bad. your parenthesis are all wrong if ($email == $row['email'] && $password == $row['md5password']) { continue as normal

what is the date? is it todays date? or date of submission? if so you should get the date yourself, and not worry about the user putting a date. also dates are best submit with drop down menus, and if you really want to enforce that they enter a date, you could just make an if statement that does that, and don't submit to the database if the date is empty

are you echoing something? need to see more code. didn't know you could have spaces in table names... but thats all wrong anyways. the table name goes after the FROM keyword, not the WHERE keyword. Column names go after the WHERE keyword. are you sure you didn't create a column named Item ID?

if you want to check equality use the comparison operator (==) or identical operator (===) not the assignment operator(=) what that is doing is setting $email to $row['email'] if ($email == $row['email']) && ($password == $row['md5password']) { continue as normal also surround associative array keys with single quotes

if its 1-d foreach($array as $val){ fwrite($testfile, $val); } if 2-d foreach($array as $row){ foreach($row as $column){ fwrite(testfile, $column); } } you get the idea

what do you mean make it so php knows there is a space in that row? where is this space coming from?

Maybe, maybe not, depends on how the script was constructed (if it used absolute vs. relative paths, stuff like that)

variables are not interpolated within single quotes. Basically the code $name = "john"; echo 'hi $john'; would result in hi $john. surround the string with double quotes to parse (or interpolate) the variable

there are tons of file upload tutorials on the internet. try doing a google search for one. BTW I would suggest doing something like if(!is_dir("whatever")){ mkdir("watever"); } I believe the function will return false if the dir already exists. This may not be terrible, but just so you know

you have to set the subdomain up if it hasn't been setup already edit: please don't post the entire source, post the relevant PHP (IE the stuff that includes or goes to the subdomain) Submitting your entire source (CSS, Javascript, HTML et al) is a sure fire way to not get answered also (though its a bit better than not posting any code at all)

I would start here as w3 schools explains it very well, but basically, with ajax, you create an object (either xmlhttpobject for non ie browsers, or activex object for ie) and you set a request to a page (written in a server side language, like php, asp, etc.) This page then returns something back.

static variables are shared between subclasses. http://www.php.net/manual/en/language.oop5.static.php#89650 the example on the page <?php class MyParent { protected static $variable; } class Child1 extends MyParent { function set() { self::$variable = 2; } } class Child2 extends MyParent { function show() { echo(self::$variable); } } $c1 = new Child1(); $c1->set(); $c2 = new Child2(); $c2->show(); // prints 2 ?>

I was a huge fan of MW 1, but haven't had a chance to play it yet. Anyone have it for the PC? There are no dedicated servers for the PC version, and I was wondering if this impacted multiplay at all? The most important question tho, is there a golden desert eagle?