tyler

Re: SQL Injection A simple but effective function: function make_safe($var,$type) { // Type 1 is for numbers, 2 is for general text. if($type == 1) { $return= abs((int) $var); } else { $return=mysql_real_escape_string($var); } return $return; }   As I said simple but effective.

Re: blocking You could also have did:   function dd_buy() { global $ir,$c,$userid,$h; if($ir['donatordays']) // this means they have them could have been if(!$ir['donatorydays'])... this would mean they dont have any or it = 0. { print "You need to be a <font color=red>[b]NON[/b]</font> - Donator to buy on this market.; [url='cmmarket.php'] Back[/url]"; $h->endpage(); exit; }