Anti-Moronic

Oh, and what does this function call look like? Do you have the piece of code which calls this function padded with 10 or so lines either way.

Ahh I didn't say it was bad practice. It's just not good practice and far from best practice. This function update_gameplay()..why would that even be in a global functions file? It has no place. It should be localized to a 'game' object or class. I have to say, this is very strange behavior. Have you noticed it refresh? Do you have ajax which is maybe loading further content which includes this function? What you might want to do now is replace the query with an echo. Something like: echo (isset($_GET['test'])) ? "QUERY WAS HERE" : '' Then if the site is live and you have no dev environment you can put this in address bar to echo: mysite.com/gamepage/?test=true ..oh and although the update_gamplay function is only being called once, have you determined if this query is only being used once? Maybe it is being used somewhere else away from the function?

What class is this for?

Well using func_get_args() is just not good practice; it's lazy programming. You seen yourself the way you then have to refer to these parameters, AND you are allowing any number of parameters to be used. It isn't a 'huge' problem but it would be much better if the parameters were declared in the function. The fact that there is a 'functions.class' file tells me the app is not very well structured. Lots of people do this who don't know how to separate application logic. They include the file everywhere and that is how they access this global set of 'misc' functions. Sometimes the whole of the logic will be in this file. Again, not good practice. But aside from that, you have an immediate problem: the inconsistent incrementing. There is little we can do from the code you have offered here. This function as MMDE pointed out could have been called somewhere else. Only way to find that out is to look over the entire app. If you have timesplayed = timesplayed+1 there is absolutely no way that field will then be incremented more than once every time the query is run. This means if it IS then the query is being run more than once.

And you've already marked this as 'solved'? But there are so many other pointers. First, yeh, don't use variable variables, that's sloppy. Use an array: foreach($_POST as $key => $val){ $requestPost[$key] = mysql_real_escape_string($val); } ..and yes you will want to validate the $key name. You can even use another array to exclude certain keys from being included. Now with your request variables in an array you can far better manage them. Imagine you had to send them over to a function? As an array you can send them anywhere you like as a single entity and also manage the individual elements of the array. You might also find it useful to move your validation controls over to a class of some sort. That way you can run $myValidationClass::isValidUsername($requestPost['username']); You can now very easily include this class any where in any other project to call upon these validation functions and all you have to do is change the preg_match once. Currently if you had to change the preg_match you will have to hunt down *every* place you have validated the input and change that. Include in another project you now have to go copy and paste code from within files instead of simply including your validation class. Your error handling is good enough but again can definitely benefit from being converted into a class. Using br to produce a list is sloppy html. Use a ul for that, that's what it's for. Including all these files as a way of controlling the flow of the application can get very messy. You should rethink the structure. Use redirects. Currently you are allowing yourself to depend too much on other files for this script to function at all. use a different email validation match. ..and instead of having longwided if statements you can instead do this: if(!isset($_POST['btnSubmit'])){ // now redirect or include your files } If you do things this way your code will be more readable and maintainable (albeit a very small amount more). I don't think I could pick anything else apart from the script Oh..don't use php4! Hope that helps.

This isn't OOP. You're using static classes is all.

"SQL injection isnt a problem this is not going live with real money" Don't ever brush off security because of the value of the data. It is not just the data which is being threatened, it is your database. And if you approach other parts of your app with this attitude towards security then it's not just your app which is being threatened, but your server. Security is first priority.

MMDE is right. Even if my above tip works for you, you might want to reconsider the structure of this function (and perhaps this portion of the app in general). Esentially, you only need to run a single query and provide a single parameter. Should note however that if you do this you WILL have to ensure something expected is thrown into the sql query. You don't want the update query to run on every row because your WHERE clause was corrupt.

Not sure if this reflects the original source but you should definitely indent your code

Have you tried to modify sql to this: update games set timesplayed = timesplayed+1

The form can't be in php anyway. It needs to be HTML. If the page is blank, make sure you have error reporting turned on. Output whatever you can. "I heard that we can't use php in a static HTML? is that right?" No, that's completely wrong. There is absolutely no other way to get a result from your database inserted into the 'value' of a form field without php (in this instance). This is probably the most common use for inline php.

Are you sure that's all the code? I'm not sure it has pasted well. Instead of form action="<?php echo $_SERVER['PHP_SELF']; ?>" You can just do: form action=""

Another way would be this: $html = ' <li><img src="yes/0.bmp" alt="0" /></li> <li><img src="yes/7.bmp" alt="7" /></li> <li><img src="yes/0.bmp" alt="0" /></li> <li><img src="yes/4.bmp" alt="4" /></li> <li><img src="yes/0.bmp" alt="0" /></li> <li><img src="yes/0.bmp" alt="0" /></li> <li><img src="yes/0.bmp" alt="0" /></li> '; preg_match_all("/alt=\"(.*?)\"/", $html, $matches); var_dump($matches); ..which outputs... array 0 => array 0 => string 'alt="0"' (length=7) 1 => string 'alt="7"' (length=7) 2 => string 'alt="0"' (length=7) 3 => string 'alt="4"' (length=7) 4 => string 'alt="0"' (length=7) 5 => string 'alt="0"' (length=7) 6 => string 'alt="0"' (length=7) 1 => array 0 => string '0' (length=1) 1 => string '7' (length=1) 2 => string '0' (length=1) 3 => string '4' (length=1) 4 => string '0' (length=1) 5 => string '0' (length=1) 6 => string '0' (length=1)

I would create a wordlist of common trash words you don't need. Count the words, extract most common, filter out the trash words using our list. That should be easy enough. Even removing 1000 common 'trash' words would greatly reduce any text to 'key words'. I'd be interested to see if anyone has a better way. You might also consider looking at some 'key word' extraction apps in php. Search about, not sure if they exist and only one way to find out

You need to host this on github or something. Constantly pasting the updated code will not work. You can also setup a notification list for sending quick updates. Not sure if github do this, but if not setup your own discussion board where people can discuss the framework, test, submit ideas and bugs etc

/mostupsetfacepalmever Thanks. Don't worry, done it many times. Just take a close look at the print_r result (or var_dump() which is better) and you will see the two arrays with specified indexes. This was simple but I'm sure you'll come up against a hugely ridiculous and complex array some other time. In those instances, analyzing the actual structure is key.

It's because actual location is here: $results[0]['aim'];

..and for flexibility you might want to do it this way: $characters = array( array('name'=>'Peter', 'age'=>32), array('name'=>'Quagmire', 'age'=>30), array('name'=>'Joe', 'age'=>34) ); $who = $characters[rand(0, count($characters)-1)]; echo $who['name'] . ' is ' . $who['age'] . ' years old'; That way you can easily add new information to each character without conflicting with the key=>index structure of the array.

..and you could also use the excellent browser capabilities library: http://browsers.garykeith.com/downloads.asp EDIT: should note, benefit in this is that the browser specs are updated automatically for you and so you don't have to worry about maintaining the class.

I think the person above is reading far too deep into this simple copy and paste Lots of people post on multiple forums, nothing to do with trust - more to do with increases your responses. You might also try stackoverflow.com!

I vote ken.

Either way, this is just a badly constructed sql query. Why are you using single quotes within single quotes in this instance? What do you want the output to be? These should really be escaped: 'xx''xx''xx' VALUES('$EMAIL','xx\'\'xx\'\'xx','$DOB_FULL')

Ahh that's it! hmm..I think it's good enough. Of course, this all assumes js is enabled. You're always going to need to degrade gracefully should js be disabled. I can't wait for the new web. Ajax is really taking over, ey?

OMG Portal 2! Have you played the mods for portal? Some excellent stuff out there. In fact, now with any new games I get first thing I do is check out what mods are on offer On portal, couple of the mods which come to mind on moddb.com are Blue Portals and Portal Pro. There's at least 4 or 5 VERY high quality mods which are better than the vanilla portal. Portal 2 coop! woohoo ..and now I'll put the white stuff down.

Performance has been my only issue with Zend. To the point where we can't even use it at work (IIS Servers - i'm not sure if that is part of the problem) anymore and haven't for 12 months. We ended up having to completely rewrite an application built on top of Zend because it simply couldn't perform well enough. Now my boss is pretty skeptical of frameworks in general. Interesting. I didn't realize the issues were that bad. I admit, I haven't been at the forefront of a major app built on ZF so probably haven't had to deal with the more delicate performance issues. I use caching and some custom speed enhancements and it seems OK. Of course, as an 'enterprise framework' it should hold strong in enterprise situations, which in the performance department it evidently isn't.