Atli

Since you're using MySQLi, you shouldn't be manually escaping things like that anyway. That technique is dying with the old MySQL API extension. (Thankfully!) In MySQLi and PDO what you do is use prepared statements. For the proceedural version of MySQLi, that would look something like this. $sql = "SELECT …

Being somewhat overly cautious about performance, I see a potential issue with the method you provided, diafol. That is, it requires the entire result set to be placed in PHP memory before it can be added to the CSV output stream. For large data sets that may become an issue. …

Doesn't really sound like a very secure captcha check though. If the text is just floating around in a DIV on the page, not as a part of an image or some other form hard to extract the string from, then it's more or less pointless. No bot would be …

The biggest problem with that code is that - unless it's done in the code you hid between the first two queries - you seem to be executing the queries regardless of what happened with the previous query. If the first query fails, you still execute the second query, and …

Are you sure it's not a binary, rather than a shell script? Have you looked at what files are actually in there? ls -l /opt/sqldeveloper/ I'd have also thought that a deb installer would make a symbolic link to it into one of the system binary locations, like `/usr/bin`. Have …

You may want to start by [validating the HTML](http://validator.w3.org/). Just glancing over the code I see you don't have a [doctype declaration](http://www.w3.org/QA/2002/04/valid-dtd-list.html), which is a requirement for all valid HTML pages; you are closing the `<body>` tag right after you open it, before you add the form; and you've got …

Banderson, What major security flaws? That's something I've never heard about. It's no longer being maintained, but I don't remember ever hearing there were any major security issues with that version. I'm also not getting why deploying an app on an outdated server would be hard? If the host is …

I'd personally want to split those into functions, or better yet, class methods. class RegistrationManager() { private $mysqli; public function __construct(mysqli $dbLink) { $this->mysqli = $dbLink; } public function execute($username, $password, $email, $time, $date, $title, $content, $show, $from, $message) { $mysqli->begin_transaction(); if ($this->createUser($username, $password, $email) && $this->createNotification($username, $date, $time, $title, …

> I can't use header('Location: a-place.php'); because headers have already been called and with lots of them you end up with redirect errors and endless loops. Honestly, that strongly indicates poor programming practices are being used. The very first thing you should be doing on any page is making sure …

In the query you issue there, you will get a "setting" and "value" pair for each row. So what you should be doing, to set the object attribute with the setting name to the value, would be this: foreach ($q as $row) { $this->{$row["setting"]} = $row["value"]; } It may be …

In CodeIgniter you really shouldn't be doing `if (isset($_POST["comment_id"]))`. Instead you should just be doing $id = $this->input->post("comment_id"); if ($id) { // Do stuff if the id was sent. } else { // Do stuff if the id wasn't sent. } The CodeIgniter input class handles the request arrays for …

A quick Google search reveales that the WC_Cart class for WooCommerce didn't include the `get_fees` function in version 1.6, but it does show up in version 2.0. The header in your file mentioens version 1.6.4. Are you perhaps trying to use parts of code from a later version of WooCommerce …

Hey. The main problem is just like the notice sais: the `ereg()` function is deprecated and shouldn't be used. These days people use the [PCRE](http://www.php.net/pcre) extension for regular exrpessions. However, this notice is not actually an *error* so your code will **still** work with it. But being deprecated, the `ereg()` …

EvolutionFallen, that's the worst way possible to accomplish this. You are fetching all the data from the user row just to count how many rows there are, never actually needing any of the data. It's a waste of resources. Shikha_1 had it right the first time; you are better of …

Hey. You can add a `LIMIT` clause to your SQL query to specify how many you want. SELECT stuff FROM the_table ORDER BY id DESC LIMIT 4 Assuming `id` is an AUTO_INCREMENT field, this query would give you only the latest four records. The `ORDER BY` is returning the results …

This kind of problem is always kind of interesting. You can either use a dynamic tree structure, which involves recursive queries, which can be a performance issue; or you can do like Stuugie suggests and make a more rigid structure where each level is in itself a table, linked via …

It's not really complicated to build a simple program that runs in the background, pinging your server for updates, and then pops up a notification when something happens. On Windows, the .NET framework has fairly simple objects you can use to do that. On other systems, there are also ways …

Perhaps something more along the lines of adding credits to a pay-as-you-go mobile plan? Not sure how much help we can be with such a thing though. I mean, you'd have to use some sort of 3rd party API to do the actual recharging, which we don't know about.

The really simple solution to something like this would be to just create a wrapper function around whatever method you are using to send the emails, and use that to redirect the email. For example: function mail_wrapper($to, $subject, $message, $additional_headers, $additional_params) { // If the application is in debug mode, …

You need to organize the data in your PHP code after you fetch it, before you try to echo it. Get it into a format that makes sense first and then try to use it. For example, if you do this: $data = []; while ($row = mysql_fetch_assoc($result)) { // …

The main problem with that would probably be that you are dumping the entire `$cart_display` string unescaped into a HTML value attribute. That won't work; the HTML in the `$cart_display` will corrupt the HTML page it's being dumped into. To make this work, you'd have to pass it through a …

Hey. You don't have to do this in two queries. The SQL language is very powerful when it comes to filtering and organizing the result sets. In your case, you could use the `ORDER BY` clause to have MySQL organize the result set so that the highest IDs are listed …

Passwords generally aren't *encrypted*, but rather *hashed*. The difference is that encrypted data can be decrypted, whereas hashed data can not be decrypted. How exactly are your passwords "encrypted" before they are put into the database? If they are in fact *encrypted* rather than *hashed*, you really should consider switching …

Hey. What you are describing is pretty much the core of how all Web 2.0 applications work; the pages are populated from a data source based on the user's choice of content. Basically, what you want to do is make the links pass the ID of the categories to PHP …

There are tools like [Zend Guard](http://www.zend.com/en/products/guard/) and [ionCube Encoder](http://www.ioncube.com/) that can encrypt/obfuscate the code in such a way that it takes some doing to reverse engineer them. But it's not fool proof, and can be overcome. PHP is a scripting language, after all, so the script needs to be read …

Hey. No, the user's IP address is a very untrustworthy way to identify users. There are two main reasons for that: First, because in many cases a single public IP address will cover a lot of users. For example, schools and other organizations will usually only have a single public …

Are you asking how you can echo the object property from PHP into the <link> in your markup? You can put PHP code into the markup at any point, anywhere, by just opening up a `<?php` tag. So if you want to print something into the middle of a string, …

If you need to show HTML source code on a HTML page, run the HTML source through the [htmlentities()](http://php.net/htmlentities) function. That will convert it so the browse will show it as text rather than render it as HTML.

There is nothing that says you have to connect and execute queries in the same try block. In fact, I would argue that doing so is in fact the wrong approach. You'll want to catch exceptions where you can deal with them, rather than just using a "catch-all" try clause …

Hey. This question suggests a fairly poor database design; a sort of *Excel*-like thinking when constructing the tables. (Relational databases are NOT spreedsheet applications, and should not be used as such!) I like to say that data should go *into* tables, not *become* tables. What I mean by that is …

Consider the logic of your loop. Loop through each file: Assign file name to $only_file Print $only_file Each iteration of the loop *assigns* the name of the current file to the variable, overwriting whatever value was assigned to it before. So, at the end of it all, only the last …

> but it could not execute How so? What error messages did you receive? What did the exec function return? The server you are trying to execute this one, is it a local server or an a host somewhere? Are you sure it's a Windows based server?

Hey. If you can execute your JAR file via a command line, you could use the [url=http://php.net/manual/en/function.exec.php]exec[/url] function to execute it and capture the output. For example: [code=php] <?php exec('java -jar /pat/to/file.jar', $output); print_r($output); ?> [/code] Which would print every line of output generated by the JAR file.

Can I just point out that your use of classes in that post is a bit odd. Or, at least, not in line with how traditional OOP goes. Generally you want to try to have each single item represented by a single object instance. In your case, you have books, …

Not in the standard, built-in functions no. But there are no doubt scripts like that available. Just Google around a bit.

To quote your error message: **'String could not be parsed as XML'** It appears that your `books.xml` file in invalid; that is has syntax errors in one of it's `<catalog>` tags. P.S. You shouldn't use the same variable name on both sides of the `as` clause of the `foreach` loop. …

If you open the `getpicture.php` file directly, passing a valid ID, what is shown in the browser? If it just shows a broken image symbol, or nothing at all, try removing the `header("Content-Type: image/jpeg");` line and look at it again. Are the any errors visible? Or anything out of the …

You can also override the set collation on a field for each comparison. So, for example, if you have a field using the case-sensitive `latin1_general_cs` collation, but want to compare the fields in a case-insensitive manner, you could do: SELECT stuff FROM theTable WHERE textField COLLATE latin1_general_ci = 'John' Note …

Your server log files should have detailed info on where hits are coming from. If you are using Apache, it keeps such logs in a "access.log" file, often in paths like "/var/log/apache2/access.log". (Though the exact location depends on the system and setup method.)

Could you post your code? Of the top of my head, I would guess that the headers for the email attachment are somehow incorrect. For instance, if you pass an invalid Content-Length header, or don't pass it at all, it is entirely possible that some email clients won't download the …

Hey. You would just define a different [i]action[/i] to process the form. A controller typically has a method for every action that you can take. For example, if you were to call the URL [icode]localhost/form/show[/icode], a controller for [i]"form"[/i] would be created, and the action [i]"show"[/i] would be called. - …

That error is shown when you assume that a `mysql_query()` call is successful, when in fact it fails. Functions like `mysql_num_rows()` expect a valid MySQL Resources, which the `mysql_query()` function only returns if the query is successful. Otherwise it returns FALSE. You should always test for that and trigger an …

Why do you want to do that? Generally speaking, this is a bad plan. You are far better of creating an array containing all your names and using them like `$array["name1"]`. Also, you can use [file_get_contents](http://www.php.net/file_get_contents) instead of the whole *fopen/fread/fclose* routine. $filename = "raw_data.txt"; $filedata = file_get_contents($filename); $raw_array = …

What exactly is it you want your PHP code to do? Generate the form? Process the form after submission? And please use the "Code" button in the editor when you want to post code.

What you are doing there has an inherent flaw. The `connection()` function will alwasy return a *new* PDO object. Unless you're somehow calling the function once and then passing that connection along into all the code that uses the database, you're likely opening one PDO connection per SQL query. That'll …

In MySQL queries, you only use one `=` char to compare values, not two. SELECT ... WHERE type = 'T' Also, you should always check database results before trying to use them. That way, errors like the one above will be much easier to debug. For example: $sql = "SELECT …

I tried the above code over here. It seems to work fine in all the major browsers. The CSS of the loaded HTML is also loaded and applied just as expected. Are you getting any errors in your browser's Javascript dev tools? (Usually brought up with the F12 key or …

A better approach would be to use the SQL `COUNT()` function to have the SQL server return the number of rows, rather than return the rows and count them in PHP. It's less wasteful. $sql = "SELECT COUNT(*) FROM `users` WHERE fname = %s"; $sql = sprintf($sql, mysql_real_escape_string($_POST["email"])); $count_result = …

First of all, you should not depend on file extensions for validation. Both the file extensions and the mime-type supplied by the browser are easily forged, and very unreliable as points for validation. If you want this to be secure, you need to verify the actual file data on the …