RussellReal

You don't need a php guru, what you're asking for is accomplished with my above query, you need to change some values to accomplish this, to relate this query to your database structure.. And if you really did need a php guru, You're probably talking to one, I just don't have the tag under my name, but that doesn't change the fact that I've been developing for 7 years.. Try the query again

maybe in internet explorer (with VBScript) but for the most part.. JavaScript is very limited in what it can do with the hosting computer..

DELETE FROM table_A, table_B USING table_A JOIN table_B WHERE table_A.level < 10 AND table_A.id = table_B.user_id; ?

Try this instead $_FILES['uploadedfile']['name']

DELETE FROM table_A, table_B USING table_A JOIN table_B WHERE table_B.value_2 = 1 AND table_A.value = table_B.value_2; dunno if I'm understanding you right, but you should be able to work with the above

I know that Thorpe, you're moving the sub domain, over to as a directory then with the next rewriterule, it takes the directory and passes it to blog.php lol

Well, you don't need to "automatically install" any software, one copy of the code should suffice basically what you're gonna want is a "catch all" subdomain set up once you have a catch all sub domain set up, then you will want to write up some htaccess to point non 'www' and any other sub domains you want to reserve E.G. 'developer', and point those to yoursite.com/<thesubdomain> and then under that you'll want to point yoursite.com/<thesubdomain> to a url like: blog.php?user=<thesubdomain> then blog.php?user=<thesubdomain> will have to connect to the users table, change it to an id, then load all the posts and stuff from that specific user, and portray it in blog.php you could also expect things like so: RewriteCond %{HTTP_HOST} !^www.* [NC] RewriteCond %{HTTP_HOST} ^([^\.]+)\.yoursite\.com RewriteRule ^(.*) /%1/$1 RewriteRule ^(.*)/(.*)/?$ blog.php?user=$1&page=$2 [L] I think the above would work fine for a catch all sub domain the issue here is, the blog.php file :3

simple answer, most likely not. You could probably monitor "completions" by maybe using another language that is more actively involved with the client. I was gonna suggest forcing a bandwidth cap, and at the end of echoing all the loops (in lets say 40 or 50 seconds) if the php script is still running, obviously it will reach the mysql insert and put it into the database that it was complete.. but, that causes certain issues, for example: max execution time problems (which could be fixed) possibly making your code less portable because some server configurations limit execution time aswell.. (I mean apache's max exec time, not php's php can be managed at runtime see:set_time_limit). false positives.. If someone's internet connection is slower than 500kb/s, therefore your script will finish echoing the file before the user receives all the information, therefore if the user clicks cancel AFTER the file finishes outputting, but before he RECEIVES the whole file.. False positive

also, 2 redirects is frustrating to users who use their back buttons lol <- back.. oh damn redirected.. Lets try that again <- back!!!!.. damnit redirected like pikachu said, you should process the query information WITH the same file it redirects to, upon COMPLETION it should redirect to a complete page or the destination page for the form.. to use information the way you're doing it this way, you'd need to throw the errors into a php session $_SESSION['errors'][] = 'Could Not Do Dat Stuff'; then on the page you redirect to, initialize the session again session_start(); and loop through $_SESSION['errors'] and display the information

You can possibly contact the support for your web hosting, as you're a shared hosting I'm more than sure you don't have access to modify apache config files, etc.. I don't think your web hosting will lift this limitation, as on shared hosting you're not the only 1 using that 1 installation of apache, However, its still a good idea to talk to them, as it could be something else (dunno what else, but its always possible)..

$array[$i] = str_replace('<li>','<li class="1and2">',$array[$i]);

the first code sample is essentially looping 1,000,000 times.. You're in essence outputting 10^6*strlen('fixed bug'); which obviously will be ALOT of data, its a little over 8mb, which could be timing out for you.. the php code is obviously good.. Also, your server may be preventing you from sending files bigger than a certain amount (many servers do have this limitation.. especially shared hosting, mostly to prevent file sharing and media streaming) but if it is NOT that problem, than, I hope you can find a solution here at PHPFreaks

underneith $markGrade = 0; insert $markGradeSum = 0; $totalLoops = 0; underneith $markGrade = round($markTotal / $weightSession * 100); insert $markGradeSum += $markGrade; $totalLoops++; now output echo $markGradeSum / $totalLoops; if this is not EXACTLY what it is you need, I'm sure this gives you a very good understanding of what you need done..

can you show me an example of an sql injection attempt that would bypass mysql_real_escape_string... how do you inject bad SQL into an SQL query if quotes are being escaped? How do you break out of the value isolation.. I guess sure you should always be worried about sql injection, but don't worry about it to the extent that nothing gets done, and if you're on mysql, do with what you're given.. and to expand on what I said originally.. "bad stuff" like 'update', 'select' etc, could be part of what the user wants to submit, a non-malicious user.. thats why you shouldn't remove update and select, etc.. You simply need to worry about the apostrophes.. until one of these guys supply a MySQL query that will bypass mysql_real_escape_string, you should assume its atleast plausibly safe.. @NightSlayr, why not to use global? Deprecation? I don't see that as such a big reason to say 'never ever NEVER EVER OIJSA:LKJAS:LKAJSA: EVER EVER" lol as far as I'm concerned.. both of those major attacks on my reply, doesn't make all that much sense. I'd understand the deprecation worries, to make sure your code doesn't break, but thats coder preference.. as far as the assumption that mysql_real_escape_string is that insecure to cause so much worry, on the other hand, makes me wonder where you're getting this information from..

put the $badstuff array inside the function, php isn't like javascript, in that everything in the global scope is accessible within other scopes. if it is necessary to leave $badstuff on the outside of the function's scope.. use global $badstuff; in the function like this: function strip($string){ global $badstuff; return str_ireplace($badstuff,"",$string); } but!!! Just to put this out there.. for mostly everything, you don't need to remove 'update' 'drop' etc from the inputs to sanitize them.. thats bad.. mysql_real_escape_string will ofcourse catch all unescaped quotation marks, and that is the only way they can inject stuff into your sql query.. if they break one of your quotes, and THEN do some UPDATE/DROP etc.. and furthermore, they'd also need to know your table names, field names, etc, sql injection is a big problem, yes.. but, don't worry too much about it, aslong as you sanitize with mysql_real_escape_strings, and typecast your expected numerical inputs E.G. $id = (int) $_POST['id']; you should be pretty much fine

trudat, I didn't read the whole thing, just throwing some more regex out there, the look aheads are pretty cool, but I don't understand why there is a .* after the starting anchor, I don't believe you need that. if you put both of those look aheads at the very start of the regex, they'd both crawl the string in question, without moving the regex pointer, which means, by the time it gets to the second lookahead, it is back @ the zeroth position, and if either or fail, the regex will fail to match, wordpress kinda makes no sense to me in that password function but whatever works

only letters and numbers? (atleast 5?) /^[a-z0-9]{5,}$/i (without that restriction - atleast one- if you don't want that, change the + to a *) /^[a-z0-9]+$/i

I did, ask the question... I jsut wanted to know if it was possible to specify a variable or psuedo variable from the backend of wordpress and have that variable accessible through a function or global variable in the themes page.. But I haxed it up already, so I don't need the answer, but I did ask, pretty much twice, thats the third time^^ Minus the question mark, still pretty obvious what I wanted to accomplish lol.

Hey thorpe man, where you been? "Here man! Where you been?!" Workin' hard "Thats too bad man" IKR anyway, I had our catching up conversation for us (lol) okay, basically, I wanted to pass a variable through with maybe a wordpress function, but instead of that I got slick and parsed the '[abc=123]' pair with php, since I'm amazing with php, I just never work with frameworks.. I'm almost always tasked to create new applications. Thanks!

sorry for replying so late, been really busy lately.. I'd like to point out, that JSI on a password field, does yield the correct information, not asterisks, unless I read you wrong. Again sorry late reply lol. *feels like a post necromancer*

I'd like to start with, I suck with wordpress (lol - I usually code things from scratch) Well, okay.. Lets start here: (screenshots) http://vvcap.net/db/2_THqnLwq-GdRdxGLs1A.htp I hit edit right? http://vvcap.net/db/ArXO-WXzoIuCid_FfEwL.htp ^^ I'm there now - from here on out I can explain what I want to achieve without screenshots In this interface, I have seen something like this done before, I just know nothing about Wordpress' data handling and I tried googling it, but not knowing what its called kinda doesn't help. They did something like: [abc=1] I don't know if it shows up as $abc in the page, or do I need to use a specific function to access this information.. is that even what I think it is? Any help would be greatly appreciated!

make sure you back up your code, I am not absolutely sure what it is that you want change: $updateSQL = sprintf("UPDATE userTbl SET Name=%s, Email=%s, Password=sha(%s) WHERE id=%s", GetSQLValueString($_POST['Name'], "text"), GetSQLValueString($_POST['Email'], "text"), GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['userId'], "int")); to: $updateSQL = sprintf("UPDATE userTbl SET Password=sha(%s) WHERE id=%s", GetSQLValueString($_POST['Password'], "text"), GetSQLValueString($_POST['userId'], "int"));

Welcome to the forum, congrats on the first post, but I hate to be a jerk.. Please use code tags or php tags, trying to read that code without punctuation or anything really hurts my eyes (I got bad eyes <3) Thanks, I'll check back when you got code tags or php tags in there!

shared memory blocks should be pretty sufficient, I've used them a while back they were pretty nifty, but they're pretty hard to work with.. and could be simplified by simply piping php files together.. (popen) but for what YOU want, you'd probably want shared memory blocks, but honestly you're going to have to establish a lock to access data in the shared memory blocks, and also you're blocking data away from the rest of your server, for things you could simply use a text file for.. Your best bet in any event (take it from us, here at phpfreaks) a text file is one of the better options for simple text storage, databases for indexed text storage, I mean, there isobviously a good reason these were created.. and you only sacrifice a fraction of a second to establish any resources associated with file handling, database handling is similarly costless, but text files are very fast.

try echo "Random number is: ".genRandomString(); instead.. What you include doesn't "pre-fill" any variables, it just includes the code you specify in the included file, into the main page (with some restrictions, ofcourse) if you want $variable in the other page, you will need to do something like this echo.php <?php include('variable.php'); echo $variable; ?> variable.php <?php function abc() { return 'xyz'; } $variable = abc(); ?>