oni-kun

If they enter HTML than it'll parse as HTML on client side? Use htmlentities

What's with the double post?

This is right. OP, You've simply not added an if(isset($_GET['status'])) { do this; } // else { die('Status not set'); }

Some forums don't automatically copy them into sent, it's annoying. But yeah, anything I can help you with I'll try, just don't know if I know the specifics of what you want.

Look up the bug with this. Oh, I think here's the thread: http://www.phpfreaks.com/forums/index.php/topic,232156.0.html

$query = mysql_query('SELECT Name FROM Table WHERE ID = (SELECT count(*) FROM Table)'); That should work to get last ID, you can echo the name of it.

It gets the environmental variable of the Apache server, rather than going through PHP. $_SERVER is a Superglobal, and it'd be aliased to $_SERVER['HTTP_USER_AGENT']; For example. getenv Yeah! It's so neat creating your own scripts and hand coding everything to perfection, What made me love doing PHP.

Die does as you'd expect it, It kills the output buffer and prevents any further code being run, Displaying only the message. preg_match has two parameters, pattern and match, so it's just matching if the phrase 'MSIE' exists in '$agent'. And yeah, You can add as many browsers as you want (you can do an array if you're willing to instead of if's, just an example code), and the /i means insensitive, so it can be 'SaFarI' and match "Safari" or "safari".. I use this on a script of mine, just pulled out a bit of it.

It's the user agent of the browser (Note it is sent by the client, and remains as an environment variable on the server http://php.net/manual/en/function.getenv.php ) for the site to be able to know the browser's type (I.E./Firefox/Safari etc.) and would come out as something such as: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 Note most bots do not , or do not care to define a user agent, And most e-mail harvesting bots are named. You may want to match it against all the common browsers to further sanitize your pages.. $agent = getenv("HTTP_USER_AGENT"); if (preg_match("/MSIE/i", $agent)) { } elseif(preg_match("/FIREFOX/i", $agent)) { } elseif(preg_match("/MOZILLA/i", $agent)) { } else { die('Uh oh, Bot?') } Bleh, messy example but easy to do, preg_match isn't as hard as it looks, you may want to add Chrome and a few others as well if you wish to use this method, Or you can simply just check if it's empty, an easier way.

You may want to use $password = mysql_real_escape_string($_POST['password']); To sanitize the input against SQL injections (if you were to have a database, per say.) The next step I guess that you'd want to learn is sessions, which allow a logged in person to persist logged in, sessions are pretty simple.

Oh, and checking the user agent via getenv("HTTP_USER_AGENT") can aid you in removing bots, and if there is no user agent, than it is either a bot or untrusted. I forgot to think of this.. This should help you much more than IP filtering, it's vague. May be a fun tool to put in your database as well as the others, since you can compare IPs and what browser they're using, much easier to sift them out and add them to a 'blacklist' (with preg_replace or whatnot) if you need.

$query=mysql_query("SELECT * FROM ip_table ORDER BY ID DESC"); $row=mysql_fetch_array($query); echo($row[1]); Maybe try this.. Resource ID#3 is an internal pointer that MySQL uses in the result. mysql_fetch_* should not return that.. Hmm.

Maybe try an association array? $result = mysql_query("SELECT * FROM ip_table ORDER BY ID DESC"); while ($row = mysql_fetch_assoc($result)) { echo $row[0]; echo $row[1]; echo $row[2]; } EDIT: While loop.

Hmm.. Maybe the supplied table is wrong, your code appears to be correct, Try: $result= mysql_query("SELECT * FROM greg1233 WHERE `id` = '1'"); while ($row = mysql_fetch_array($result)); { echo $row['text']. " - " .$row['Date']." - </br>"; ) And Request field, contains all GET/POST/Cookie/Session variables. EDIT: date is a function, Also you may want to look at http://www.php.net/manual/en/reserved.variables.request.php

My post was verbatim and more relavent, Oh whatever.

Roughly: $id = $_GET['ID']; $id = explode(':', $id); echo $id[0]; // echos 2, id[1] = lorem-ipsum Not sure it's 100% correct, I'm tired. explode

I doubt any IDE can really do that, atleast not with something like PHP. Anyway, Doesn't PHPBB allow you to only let certain groups view a forum? It's an admin configuration, I doubt it even needs you to touch the code, if I understand what you're asking.

$IP = $_SERVER['REMOTE_ADDR']; //Or whatever refined IP $Requests = mysql_real_escape_string(print_r($_REQUEST,true)); //Grab server request vars $Date = date('Y-m-d'); //The date, you can use other info.. mysql_query("INSERT INTO ip_table (IP, requests, date) VALUES('".$IP."','".$Requests."', '".$Date."' ) ") or die(mysql_error()); An example. It'll automatically add a new row, depending that your ID field is auto_increment. Yes, you should create a passworded page that echos the contents of the table 'ip_table' via the while loop i'm sure the tutorials taught you, you can easily just store any info you want. You may want to use php_myadmin to maintain or switch any tables without redoing it all..

You can use strip_tags and define as the second parameter allowed tags, easily such as: '<p><h1>....'etc. But note this will not remove attributes on allowed tags such as 'onClick' etc. <?php $text = '<script>alert(\'Omg popup!\');</script><p>Test paragraph.</p><!-- Comment --> <a href="#fragment">Other text</a>'; echo strip_tags($text); echo "\n"; // Allow <p> and <a> echo strip_tags($text, '<p><a>'); ?> Result: Test paragraph. Other text <p>Test paragraph.</p> <a href="#fragment">Other text</a>

$_SERVER['REMOTE_ADDR'] will return the primary connection to the server, minus any server variables that may be set (for valid reasons). X_FORWARDED_FOR is a very basic setting set by proxies, But virtually no web proxies actually use them, This is sort of deprecated (and old) for detecting a proxy. Your code: elseif (isset($_SERVER['REMOTE_ADDR'])) { $ip = $_SERVER['REMOTE_ADDR']; Will always equate to TRUE, as remote_addr is required by the client to be sent, so there's not much of a chance it'll go to the 'ELSE' statement you have at the bottom. .. A MySQL database would be simple to create, you can read tutorials on this site, etc. EDIT: Request variables are anything under SERVER_VARS, $_SERVER, $_GET, $_POST etc..

Thanks, This helps quite a few future problems out.

I'm trying to output some HTML based on if some post/get variables are set.. but I don't want to echo it. Can I do something such as.. <?php if (isset($_POST['whatever'])) { ?> <form>... <b> I'm HTML </b> </form>... <?php } else { ?> <b> I only appear in the else </b> <?php } ?> ? Will the html between the else statement only appear if it is else, and not appear since it's simply not in the PHP tags? I THINK I've seen some things like this before, but I just don't know, and don't want to copy all the html into the php and echo it..

You may be experiencing the bug here..: http://bugs.mysql.com/bug.php?id=19817 And here: http://bugs.php.net/bug.php?id=40291 You may need to rebuild your installation..

And you need to state this, Why? Wait for the OP to tell us or mark it as resolved. Simple 'nough.

Assign a class to a span, and use margins to center it. Check if $matches[] has more than one array element, so you can display "<br/>Here is another one: $matches[$i]". But this is really HTML/Design. It does not belong in this forum section.