objnoob

maybe base64 is something you could use to store the images as text along with the other form data until the form process is completed. however the other form data is cleared if the process is aborted, the image encoding would clear too.

return json_decode(json_encode(simplexml_load_string($body)),TRUE); I have a question. Why are you encoding just to decode? Also, like Ch0cu3r said, if the USPS API is returning valid XML, you shouldn't need to do any replacing on it.... Just use simple XML to turn it into an object for parsing.

$objToday = new DateTime(date('Y-m-d')); # create datetime object for today $objStart = new DateTime($goalDate); # create datetime object for goal date $objDuration = $objStart->diff($objToday, true); # create a DateInterval object using the diff method of our $objStart datetime object passing in $objToday. echo 'Days since start date: ' . $objDuration->format('d'); # call the format method of our DateInterval object to say we just want the number of FULL (whole) DAYS since the start

$goalDate is the string.. $start is the DateTime object So $interval = date_diff($start,$end);

This approach makes sense for everything! Couple this gatekeeping pattern with the MVC pattern and use a router that decides which controller to load and you eliminate the switch statement. The idea here is every page request is handled by the same gatekeeper/bootstrapper. You'll never forget to include what's needed on every page. The bootstrapper can setup and use shared templates sections. Your scripts are not accessible from HTTP, if you barf something up the most php source code you'll ever serve up is <?php require './private/main.php'; No other remote scripts will ever be able to call your scripts directly.

Yerp. And, you do it here: while (($data = fgetcsv($handle, 10000, $delimiter)) !== FALSE) { if( count($data) !== 10 ) continue; # if the column count is not 10, continue to the next row; change 10 to whatever foreach($data as $i => $content) { $data[$i] = $csoport_kod->real_escape_string($content); } } If a row doesn't have the same number of columns..... the CSV is not properly formatted. You should get CSV fixed... fix the problem at the source, if you can.

Also, a set a children should not have more than 1 father. So you don't need to call getFather for each child...... Unless, you descend into a child's children set..... but at this point you ALREADY know the father if you handle it properly =)

A child can have more than one father? If you need get the grandfathers too.... I'd set up something like this function getFather($child, array &$fathers, $withAncestors = false){ // $child is the child we will get the father for and if $withAncestors is true we will also get the grandfathers and their grandfathers // $fathers is an array that we pass in by referece. we will add the father(s) here as we get them! // $withAncestors this WILL initiate the recursiveness if( ! $child ) return false; // no child, no father /* select the father from the database and plop it into $father, if no father in the database return false */ $sqlChild = "SELECT * FROM formulaTree WHERE formulaTreeId={$child}"; $rslt = mysql_query("$sqlChild"); while($father = mysql_fetch_assoc($rslt)){ $fathers[] = $father; if($withAncestors) getFather($father['id'], $fathers, true); // recursive get the father of the father } return false; } $child = 10; // the child id for the father we want to get $fathers = array(); // the list of fathers. empty right now getFather($child, $fathers, true); // gets the father, and father's father, and father's father's father. var_dump($fathers); // dumps all of the fathers in the family tree.

Yes, cURL is the way to go since you want to obscure the location of the third party script! You're most welcome! cURL is a great tool to add to your toolbox.

No one said using .htpasswd to password protect them. Most of all of your .php scripts except an index should be non-accessible through HTTP. The only script that should be accessible is your index.php page. When it is called, you use PHP to include other non-accessible scripts for execution at your discretion. If you don't have access to httpd.conf, one way to protect them is create a directory ./private and throw an .htaccess in there to deny all. This will prevent someone from pointing to mysite.com/private with a 403 forbidding them. In your private directory, you keep all of your application scripts. In your public directory you keep index.php and any assets such as javascript and stylesheets, and images. Since index.php is publicly accessible, I also advise you create a php script that handles the main bootstrapping in your private directory. ./public/index.php keep the code out of index.php since it's publicly accessible <?php require '../private/main.php'; ./private/main.php the site's bootstrapper that laces everything together this is where you should check if a user is logged in and and has authorization to access a page before including it. <?php /* here is our main application script (bootstrapper) it will do the necessary prepping. It will handle connecting to the database, setting up your sessions it will see which pages we need to include based of parameters sent with the request */ $page = $_GET['page']; switch($page){ case 'contact': $script = 'contact.php'; break; # script that handles contact form and processing of the form case 'auth': $script = 'auth.php'; break; # for script that handles logging in and out case 'admin': // WOAH lets make sure they are allowed!! if not include the denied.php script that shows they are denied. if( ! $session->authUser->isAdmin() ){ $script = 'denied.php'; }else{ $script = 'admin.php'; } break; default: header('HTTP/1.0 404 Not Found'); exit; } require '../private/' . $script; # require the script to the appropriate page There's nothing complex about this.

You can keep it simple and avoid using cURL. Just do this.... $postVars = array( 'first_name' => stripslashes($_REQUEST['first_name']) , 'last_name' => stripslashes($_REQUEST['last_name']) #### make sure you add them all #### ); $strQuery = http_build_query($postVars); header('Location: https://www.testdomain.com/servlet/servlet.WebToWeb?encoding=UTF-8&' . $strQuery); If you want to get fancy and keep your user at your site and don't redirect them to testdomain.com, you'll need to use cURL... In this case the user/browser doesn't need to go the URL. The server already went to the URL using cURL and get's a response. You must use CURLOPT_RETURNTRANSFER in order for the curl_exec to return the response. You must use CURLOPT_POST option, and you must provide the CURLOPT_POSTFIELDS Once you call curl_exec, you echo the response from the cURL request to the user's browser all while keeping their browser pointing to your site's URL. $response = curl_exec($ch); echo $response; Second, you need to make sure your post fields array is proper..... You need to identify the variable name the requested URL is expecting when providing values. $postVars = array( 'first_name' => stripslashes($_REQUEST['first_name']) 'last_name' => stripslashes($_REQUEST['last_name']) );

Your code is over complicated. $carCounts = array_count_vaules($cars); $carIdx = 0; foreach ($carCounts as $car=>$cnt){ # the car name (BWM, Volvo, etc) is available in $car $objWorksheet->setCellValue('A'.($cnt+5) , 'Comments:'); $carIdx++; # if you need the index of the car }

Maybe you should also be using http://us3.php.net/manual/en/function.array-count-values.php I don't see where you're getting the number of BWMs in the $cars array. Also, each() returns an array with 4 items. Your list() is only accounting for 2 of those 4. http://us3.php.net/manual/en/function.each.php

Can you create an HTML table that looks like the spreadsheet result you desire? Thanks

how are you scraping?

Yes, there's trade offs. Adding an additional date column in addition to datetime column is a option in that scenario. But, whatever you do... you don't want to have perform functions on the data to make it usable. It should be usable out of the box, especially if your using it in a WHERE This is where you want to be strict. Storage is cheap. CPU power is not.

lol. then: 1. You don't have to comment anything out, and you can show who the user is and that they are logged in all with the same lines of code. 2. You're not adding extra load on your webserver by doing unnecessary redirects. 3. You don't have to do an is logged in and isAdmin() check in your admin.php file 4. You don't have to do an is logged in and not isAdmin() check in your normaluser.php file. 5. You won't have to change those checks allllllllll over the frickin' place if you decide to change how you handle authorizing and validating permissions. 6. NO ONE CAN JUST POINT THEIR BROWSER TO http://mydomain.com/login/admin/admin.php NOR http://mydomaind.com/normaluserwelcomepage.php when you configure your http server properly. Are you convinced?

That's dumb. Be smart; try this: if(isset($session) && get_class($session) === 'yourSessionClass' && $session->isAuth()){ require ($session->isAdmin()) ? '../login/admin/admin.php' : '../normaluserwelcomepage.php'; } you don't want admin.php and normaluserwelcomepage.php to be in your webserver's document root or you want to make sure you protect them with htaccess and require all denied on everything (.*)\.php except your index.php page.

You're most welcome. I'm glad you were able to fix it up, And, yes, always always always validate and escape user input before using it in an SQL statement. An alternative and more secure way of handling database exchanges that use any data that was supplied by the user is to parameterize with prepared statements. You won't be able to use prepared statements with mysql_* but you shouldn't be using mysql_* anyways. Switch to mysqli_* and reap the benefits! Bye

If you pay me, I'll google "php simple registration script" for you and send you results. otherwise, you'll have to go google it yourself, or go create a post in http://forums.phpfreaks.com/forum/20-php-freelancing/ and waste your money.

mysql_error is a function........ die(mysql_error); is nonsense because mysql_error in this context is nothing but dumb dumb that php implicitly converts to string (unless you've defined a constant named mysql_error) Try die(mysql_error()) Bingo.

$sqlcourse = "INSERT INTO $typ VALUES ('','$_POST[type]','$_POST[time]','$_POST[desc]','$_POST[fileend]')"; //This is somehow erroring with mysql error when querying it. let's start by.... $varSQLSafeType = do_Escape_This_Shit($_POST['type']); $varSQLSafeTime = do_Escape_This_Shit($_POST['time']); $varSQLSafeDesc = do_Escape_This_Shit($_POST['desc']); $varSQLSafeFileEnd = do_Escape_This_Shit($_POST['fileend']); $sql = "INSERT INTO {$TABLENAME_BETTER_NOT_BE_USER_INPUT_WO_VALIDATING} (which_column, what_column, that_column, oops_i_missed_one) VALUES ('{$varSQLSafeType}', '{$varSQLSafeTime}','{$varSQLSafeDesc}','{$varSQLSafeFileEnd }')"; let's finish by.... if you find yourself doing INSERT INTO tblTable (column1) VALUES (''); allow column 1 to accept null values. INSERT INTO tblTable (column1) VALUES (NULL);

And, if you're doing a lot of wheres by date without time, consider separating your datetime into separate date and time columns

CSV / delimited file tip: enclose your strings that may contain new lines and delimiters in double quotes. "jones, jimmy",2,player "flying purple eater, one eye",3,coach ooo... and don't explode. array str_getcsv ( string $input [, string $delimiter = ',' [, string $enclosure = '"' [, string $escape = '\\' ]]] )