Jeff.S

So a few of us have Google Wave now, what does everyone think of it? For me I don't think it fully meets the expectations set out in there video but on the whole very good considering its not at "finished" standard and a few things do make it stand out. Part of the problem is you need at least a few people to send a wave to give it a good test and not everyone has it yet ... PM me if you want someone to wave to or a invite (1 or 2 left).

Its for communication, "the new email" the Waves are the like messages but you can use them as docs as well

Got mine well over a month ago now and when i sent my invites out it took 4 days for them to arrive, don't know if its still the same now but just so you know if it doesn't get here soon keep waiting ;)

Useful post there a_bertrand

Try using: include_once "globals.php"; Instead of: include "globals.php" Sounds like you got it including globals.php more than once, include_once() ; will not include the file if it has already been included.

We've all done that at some point ;)

I disagree. sprintf(); formats strings. Formatting strings can be important part of security (its important understand what is does and therefore how it can aid security). Say you formatted a value as an integer, it is then safe to say the value is an integer and therefore you could output that value to a page knowing it could not contain html or JavaScript that could make up and xss attack. In the same way you could be sure an integer was being entered into a database. In these cases sprintf is being used to improve security - you do not have to use sprintf, there are many functions and tricks that could do the same, but this is example. Now in another case say we have a variable input by the user as a string that we want to pass to the database. In this case formatting the variable to a string would not add any security because a string can contain everything you need to make an sql injection. Therefore we should pass this variable though mysql_real_escape_string();. sprintf formats a string and the values within the string. Formatting values can be part of security. Formatting values does not always lead to security. sprintf itself (as a single function) is not security When used correctly and as intended it can add/be part of security. I say this in the same was as you can argue mysql_real_escape_string(); is not security, but it does add to security when used as its designed to be used and in the right situations (e.g. it will not help stop an xss attack but could help prevent a mysql injection). There is no one method or function to security. At the end of the day, a function only does what its designed/programmed to do, so understand what it does and use it for that.

Going from what Floydain & Dave said the img tag issue would seem to be the problem. Now when you posted the code for the crimes page, which you had removed the images from, you still got the problem & you also said this was affecting both the mining page and crimes page. As its effecthing both I think theres a chance your faulty img tag maybe in your header or footer (you will not see it in the script because it will be added when including globals.php). So you may want to check your header & footer for a faulty (blank) img tag - it may not be the problem but theres also a chance it is, so worth checking that.

Go into the database created for your Mccodes game (you can do this by going to CPanel, then PhpMyAdmin) Then find the 'users' table from the list on the left. Then find the user you want to make staff and change 'user_level' to: 2 Now next time you log in as that user they should have staff access.

Hi Nicholas, Not going to bother reading the whole script as there allot there but you are getting the error because the $db variable has not been set as the database class (e.g. $db = new database;). This is all done for you in globals.php (if this is V2 and if i remember Mccodes file settings) or global_func.php in V1 (i think) If i am right with that then you need to add something like: require_once("globals.php"); directly after the <?php Note: There may be some other stuff to go with this but i have not used Mccodes in a long time, so check your other files and find the top part thats the same on every file and add that to the top of the page. Note 2: I have not read the full code but if this is a cron and you add what i said above, it will not work, so let me know if it is and i will change my advice. Note 3: Im half a sleep when writing this and IE8 is realy, realy bad. Hope this helps :thumbsup:

Sorry, re worded that as it wasn't clear. What i meant for you to try is: $db->query($query1,$c);   If it is set up as i've used an seen some Mccode owner have there database class, then it will except the $c as the second pram but you should be fine without it. Not many people will be connecting to multiple databases within a single script as far as Mccodes goes.

... however im sure you will agree that formating is a key part of secuirty danny696 (at least when used correctly / with other methods)

Some useful tips there mdshare

Should be ok to remove the $c (depends on the database class for Mccodes which i havn't used in a while) If its not the why not use $db->query($query1); like you said by add in the $c at the end: $db->query($query1,$c); ?

That could be done by SQL injecting which doesn't have to be a specific mod section - i can be any un-secure query! Make sure you check all user data (including the $IP variable for Mccodes). So make sure that mysql_real_escape_string() is atleast used (if nothing else) and is used correctly.   There is no single answer to security.