Monkuar

Because I have forums where I only want a special link to show if the forum id number matches what's in a global value. so if forum id is like 26, and my global value is 2,5,27,21,26 and if it matches then I want it to show a special link for that specific forum (If it's a trading forum to be exact, I need to show a "Request a Mediator Link") so people can get help if they're trading or need to trade or need someone for help so I think it's easier if I just use the in_array function to check global id's and if the forum id is in there, then it will show the link, i think that's the fastest way? i might be wrong though let me check scoot's code and see what i can do Okay, this one works the best for me $input = '1,2,3,4,5'; if (!preg_match('/^\d+(,{1}\d)*$/', $input)) { echo 'invalid input'; } Thank you scootsa, I will jsut error out to the user if they indeed are trying to be nawty. Should I escape this too or it's fine? Im trying to learn not just steal code, so.. on this one $input = preg_replace('/([^\d,])+/', '', $input); Where does this show so it only accept's integers? I looked on how to find to match integers only.. http://stackoverflow.com/questions/9043551/regex-match-integer-only Looks like this does it ^\d+$ In your code u have the ^\d part, why is there a +$ sign? for what reason, makes it confusing. I dont want this topic to be moved to the regex forum, I just was wondering that. I looked at google and regex tutorials, where is a good place to start? https://www.google.com/search?sourceid=chrome&ie=UTF-8&q=regex+tutorial+detect+integer+only I tried this but cant find anything that would make it so I can detect integers only and strip them, like what you did. Thank you Im just trying not to just copy code from you guys like I used to, I want to actually learn this crap so I can ask less questions which I have been doing.. I think alot of people take advantage of this forum and dont realize the help they receive.. And I know I can be to quick to post sometimes, but it's just because I am really excited about what I am coding, or have no idea what im talking about

But how do I check input to make sure that the input has to be seperated by commas and has to be a integer like "1,2,3,4,5" is correct if a user puts "1,:25,,l2@" or something funky, I can error out Thanks also is there a php function that does this already? and is this way safe? im trying to store comma seperated id's

$db->query('SELECT id,username,star,color,actions from users WHERE actions >= 1 ORDER BY SUBSTRING_INDEX(\'actions\', \'|\', 2) DESC') WOW TOPIC SOLVED!!! Didn't know you could do this, wow I can store alot of information in explodes now and call them. AwesomE!

I dont understand the syntax mysql> SELECT SUBSTRING_INDEX('www.mysql.com', '.', 2); -> 'www.mysql' is www.mysql.com supposed to represent the field name or? so something like this: SELECT SUBSTRING_INDEX('actions', '|', 2); ?

Here is my query SELECT id,username,star,color,actions from users WHERE actions >= 1 ORDER BY actions DESC actions field value is "213|1336456267" how can I use mysql to explode so it only reads the first literation of the exploded values, like 213? Is this why people always say you shouldn't store exploded variables? Theres gotta be a way tho right? in other words; is there a mysql function that exploded that actions variable in the query with a | to read only the "213" ?

if (empty($_POST['selected_messages'])) message($lang_pms['Must select']); $idlist = array_values($_POST['selected_messages']); $idlist = array_map('intval', $idlist); $idlist = implode(',', array_values($idlist)); // If you're not the owner of the message, you can't delete it. $result = $db->query('SELECT DISTINCT sender_id FROM '.$db->prefix.'messages WHERE id IN ('.$idlist.') AND folder="sent" ') or error('Unable to delete the message', __FILE__, __LINE__, $db->error()); Okay, as you can see it makes intval for all the $_POST['selected_messages'] , but the problem is, when I use tamper data and just add a form field "selected_messages" it brings up a mysql error and the $idlist is blank.. so is there a way to make sure that the $_POST['selected_messages'] has to equal 'selected_messages[]' OR show error? people can just tamper data and use selected_messages without the [] and it brings up a mysql error, that's not good, I don't want users seeing my code edit: WOW if (empty($idlist)){ message("No Permission"); } fixed it sorry

ok from my snake.swf game i decompiled it and made it $post the variables are: echo '&success=1'; $score = $_POST['score']; $game = $_POST['game']; $db->query('UPDATE users set notes="'.$score.'|'.$game.'" where id = 2 ') or error('Unable to update user', __FILE__, __LINE__, $db->error()); the score is what is coming from the .swf everything is working.. but this is way to unsafe.. somone could just pass w/e they want.. lol does encrpytion function work with actionscript also ? wouldn't somone just beable to encrypt there own score and do it? lol this shit is so hackable

I was looking at this snake like game for jquery http://jquery-snakey.googlecode.com/svn/trunk/index.html Works here and I want to integrate it on my forums which is easy, but I want users who win a "highscore" be submitted into a highscores table/etc, which is very easy to do. Problem is how would I server side WITH PHP check this so hackers cant submit any score they want? +they can view source code of the js game.. are games like this just not possible to 100% secure them over? hackers will always beable to hack em huh?

Im editing a fla and it's a snake game.. i want my users on my forum to beable to play it and submit the score how would I pass a encoded variable from SWF to my php to catch it so it's "hard to hack" because I know users will just tamper data and edit the score to w/e they want.. how do I encode it/etc? is it even possible through .swf?

let's say I have 100,000 users on my forum i want to cache there PROFILE INFO (About me) in .php files which is easy/etc but would that be more space than 100k rows in a db table, or 100k .php files? just wondering, prob a stupid question but atm I cache some lottery info and some other stuff, but that's only 1 .php it would be dumb to cache info and have 100k .php's for each user ID right? or maybe story it all in 1 .php? would be a HUGE Filesize? rather just keep the data in MYSQL right?

lol and the winner is... PFMaBiSmAd Topic SOLVED!11111111111

what php function would I need to use to let's say I have a string I went to the Store And I want to pass that string, or any string through some type of function that would output: I Went To The Store How in the world could I do this? am I overthinking this or is this extremely difficult?

please use mysql_real_escape_String nn hackers

$newrating = round($imageinfo['rating'],2); this outputs: 4.49 in my db rating is 4.4884 all i need is the 4.... would i use some type of preg_replace or something just to grab the first 1 before the decimal? (all i need is the first number before the decimal)

dam so easy to prevent sql injection lol ty

use the in_array to check a loop ? like $os = array("Mac", "NT", "Irix", "Linux"); if (in_array("Irix", $os)) { echo "Got Irix"; } if (in_array("mac", $os)) { echo "Got mac"; } Now what if $os becomes for ($i = 1; $i <= 10; $i++) { $os .= $i } now if I use: if (in_array($FORMPOST[couldbeanything], $os)) { echo "Correct entry"; exit; } if (!in_array($FORMPOST[couldbeanything], $os)) { echo " bad entry "; exit; } would it work only through 1-10 numbers? :shrug: :shrug: and echo out "bady" entry if it's NOT 1-10 ?

well it does, but im only trying to show that class at the bottom of the last stickied topic, in that tr class, because it shows a "border-bottom" properties so it differentiates between stickied topics and the normal posts, but i just cant figure out how to do it dynamic the if ($pin == 4) works, but cant do it dynamic because if it's a loop then the $pin will be 4 44 444 4444 or w/e i just need to find out how to get my $pin == 4 in the loop dynamically thats all

$color = ' class="pin"'; $pin++; echo $pin; long story short, let's just say, this is inside a while loop echoing out my forum Topics. $pin echo's out 1 2 3, because they're 3 stickied Topics. I only want class="pin" to display on the very last <tr> tag. (which would be number 3, how?) <tr<?php echo $color ?>> OK i do if ($pin == 4){ $color = ' class="pin"'; } works if I have 4 Topics, stickied, but how would i change 4 to be dynamic? what if only 2 topics stickied? I tried if ($pin == $pin){ $color = ' class="pin"'; } not work.. wouldn't $pin = 4? bcz $pin++ ? my help topics seem so noob, but i just cant comprehend lol

I need to use preg_match, to check if "mywebsite.com" exists inside a string. how would do I go about that? Im not looking to validate urls, im just looking to see if the string has mywebsite.com in it, if true, i can use w/e, or return false. Thanks hmm would strpos or strmatch work ? Something like this if (preg_match("/http://mysite.com/i", "GOBBLYBLUETEXTHEREBLABLAH")) { echo "A match was found."; } else { echo "A match was not found."; } actually would that work?, lmk ima be testing

Here I edited your code bro, should be fine like this <?php $id = intval($_GET['id']); if ($id < 1){echo "No....";exit;} if ($id != (int)$id) { echo "Invalid ID"; }else { $sql = 'UPDATE content SET views=views+1 WHERE id='.mysql_real_escape_string($id).''; mysql_query($sql) or die (mysql_error()); } $sql = 'SELECT * FROM content WHERE id LIKE '.mysql_real_escape_string($id).' LIMIT 1'; $result=mysql_query($sql); while($rows=mysql_fetch_array($result)){ ?>

you need to cast your integer's properly do intval($id)

http://php.net/manual/en/function.rawurlencode.php Lifesaver, Thanks bro Solved !

This doesn't work: <style type="text/css" media="all">@import url(style/'.$skin.'.css);</style> $skin is = "Sky Blue"; If $skin is = "Sky Blue"; this works: <link rel="stylesheet" type="text/css" href="style/Sky Blue.css"> It's because @IMPORTURL, Is there a php function that wraps a &20 for a space so it works on my $skin?

$code = array("03","09"); if (!in_array($_POST['CODE'], $code)){ message("Sorry, not today"); } Ty aykay topic solved

$code = array("03","09"); if (!in_array($_POST['CODE'], $code)); message("Sorry, not today"); my $_POST['CODE'] is <input type=hidden name=CODE value='03'> still not being validated.. hmm