Floydian

Re: strang ' marks appearing There's an error somewhere... Yes, the response is vague... In fact it's just as vague as your question. Vague question gets a vague answer. lol Post your code...

Re: [FAQ] Securing Input Variables I'd love to be a teacher. The problem is getting paid for it when you have no "paper" credentials... lol

Re: [FAQ] Securing Input Variables I see a bit of a dichotomy here. There's a whole range of functions that do a lot of things, and then there's The Ace that doesn't seem to understand why some or all of it is being used. There's nothing wrong with that The Ace. The point though is that I see you trying to wrap your head around an entire sweet of functions when what you really need, is an understanding of each individual element. To restate Nyna's original post in generic terms without any coding or functions being talked about, I'd say it like this: Securing Input Variables amounts to "constraining" input from users to "parameters" that are exactly specified by you. If that sentence doesn't make sense, then nothing about Nyna's post will make sense. I suspect that may be part of the problem here. You said Nyna made it seem so easy. Yes she does. And rightfully so because she understands the operation of every bit of that code and why it is in there.   function postStr( $key, $default = "" ) { return isset($_POST[$key]) && is_string($_POST[$key]) ? trim($_POST[$key]) : $default; }   Let's take just one small part of that code. postStr() What's that do? The first thing I'd say, is do you know what a TERNARY OPERATOR is? test condition ? true : false It's like an if statement. if (test condition) { true } else { false } isset($_POST[$key]) && is_string($_POST[$key]) isset() <<<<<< is the variable set? $_POST[$key] By definition, the $key is set because it's an argument in the function, but is $_POST[$KEY] in existence? is_string() <<<<< is the variable a string? if it's an array, an object, a boolean, or something other than a string, then no, it's not a string So, check if the variable exists, and if it is a string. We've "constrained" our "input" to a string at this point. If the test is false, $defualt is used, which is "" an empty string. otherwise, we get a trim() trim() <<<<<< removes empty spaces before, and after a string. now we know that our string is just a string with no spaces before or after it.   now that we've done all that, we return our "string" that one function does a heck of a lot. but without understanding every little bit of it, you wouldn't be securing a damn thing because how would you know if you used it right? anyways, The Ace, take your time, and study, study, study.

Re: Another Question... Good deal :D

Re: Another Question... And the link to her site is on her profile ;)   Have you found the error or made any progress on this?

Re: Books That's phat. Just remember it's a QuickPro guide, which means the material in it may be more challenging than one starting out in php and mysql might want. However, Larry is excellent with helping people out, and helping them when they have a problem. The big thing to remember though is always always always post your php version, mysql version, webserver version, and operating version whether you think it matters for the question you ask or not. :)

Re: Books I second the reccomendation for the Larry Ullman books. They're top notch and very easy to follow. The author has a website here: http://www.dmcinsights.com/ You'll find a forum there where the author is active in. You don't have to buy the book to access the forum either. Naturally I don't suggest going to that forum over this one. Since that forum is specifically geared towards supporting his books, and this site is geared towards PHP Gaming in general. It'd be a good place to check the author and his books out though.

Re: Another Question... lol yeah, that's true. A slightly more sophisticated solution is to use a custom mysql_query function which automatically handles a mysql error. for instance, without this, a query might look like:   mysql_query('select blah from foo where bar = 1');   and with a custom query function:   function query($query) { $query = mysql_query($query); if (!$query) { echo $query . '<hr>'; die(mysql_error()); } return $query; } query('select blah from foo where bar = 1');   What's the difference you ask? Each time you run a query using the query function, you automatically get a mysql_error echoed out to you, and the script execution stops, IF you get an error. This can be helpful when you're debugging because since the script execution stops, you may be able to see just where the script execution ended. In addition to this, you also get to see the entire query you executed so that you know exactly which one was in error. But in the case of the TC, I assumed a "lesser" approach would be easier and simpler and doable by someone without coding experience.

Re: Another Question... Oh man, there's a ton of queries in there. My suggestion: Figure out which query is in error first. To do so, you'll need some basic debugging work done.   Add this into your script before the second query: echo "<h1>We made it this far.</h1>";   And if you see that come up on the screen before the error message, then move that line of code to just before the next query.   Once the message appears AFTER the ERROR MESSAGE, then the query just before that message is the one in error. When you've figured out which query is in error, post back here and let us know which one it is. Then we can help you out. I'd never look through a ton of lines of code for a small error when this debug step will help locate the error, saving us time, which will then help ensure that you get a better answer for your problem :)

Re: Coding Tutorials Whilst I agree with Spudinski that books are a fantastic resource, I taught myself a fair amount of PHP using online tutorials at first. Then I began referring to manuals more, and later on, after I had about 3 months of experience and a decent handle on the language, I then picked up a book. Some people have a hard time with books (I love em though) and some don't. But with that said, let's list out in order the best teaching methods: 1 Private tutor 2 Public Schooling 3 Book Study 4 Online Study   So, the choice is yours as to how you want to go. Of course, moving up that list gets progressively more expensive.

Re: McCode Help http://criminalexistence.com/ceforums/http://makewebgames.io/phpBB3/viewforum.php?f=5.0 That's a link to the mccodes support forum. This is another one of those deals. How do you expect someone to fix your code when you don't paste your code up here? And the second part of this being "one of those deals" is there's info in more than one place on this forum about the crime success equation. In fact a search of the forum for crime formula turned up seven threads, four of which appear to have something to do with the crime forumla on mccodes. Good luck bro.

Re: Viewuser problem I wouldn't mind going in and finding "the" error, or "the two" errors. After that, it becomes a question of time being spent. I'm sure you'll get er knocked out though. Good luck!

Re: Viewuser problem   <table width=100% cellspacing=1 class='table'><tr style='background:gray'><th>General Info</th><th>Personal Info</th> <th>Display Pic</th></tr> <table> <tr> <tr><td rowspan='1'>";   I could be wrong, but having to <tr>'s right next to each other. That's a no no.   print " <table cellspacing='1' border='0' cellpadding='3' <tr background='tablegrad.png'><th></table>";   Here you have a <table><tr><th></table> and that's another big no no. Clearly you've got more than just a simple missing ' or >. Now the detective work ensues: Who edited/created this file? If you made it, don't read this next line lol If you someone made it for you, their html skillz are pretty off point and you should fire them. But if you did make this file, clearly you need to study up on your html a bit. I suggest looking at the view source, and to do so with firefox since it has a quasi html highlighter. Opera does as well. IE simply uses notepad, hence IE's view source sucks bad. If someone coded this for you, you should get them to fix it, or get a refund. If not, You'll likely want to hire someone to look over that code. I don't want to do it though, as you might think I'm just trying to sell you on something. Seriously, as fugged up as that html is, there's no tellin how bad the rest of it is fugged up....

Re: A simple, fast database class for PHP 4+ and MySQL The great shame of it all, is that you didn't realize I was there...

Re: A simple, fast database class for PHP 4+ and MySQL While you're at it, instead of having one query for energy, and one for nerve, and one for health, put em all in one query. UPDATE users SET energy = LEAST(energy + 1, maxenergy), health=least(health+maxhealth*.1, maxhealth); and while you're at it, you could add in if's for donators lol UPDATE users SET energy = if(donator, LEAST(energy + 2, maxenergy), LEAST(energy + 1, maxenergy)), health = if(donator, least(health+maxhealth*.15, maxhealth), least(health+maxhealth*.1, maxhealth));

Re: lookin for a coding tutor Is this a paid position?

Re: Viewuser problem without posting any code, I don't see how anyone is going to be able to help you. if you can't/won't post your code, then you should seek some private paid help from a freelance coder.

Re: [FAQ] How to populate HTML elements with PHP If there is no difference, then one can look to other factors such as the readability of the code which in my opinion can be pretty unreadable with lots of php tags in the html   <input type="text" name="blah<?php echo $some_id_here; ?>" id="do_js_script('<?php echo $some_function_name; ?>', '<?php echo $some_random_variable; ?>', '<?php echo $another_rand_variable; ?>')" value="<?php echo $and_another_variable; ?>">   or   <?php echo <<<EOT <input type="text" name="blah{$some_id_here}" id="do_js_script('$some_function_name', '$some_random_variable', '$another_rand_variable')" value="$and_another_variable"> EOT; ?>   Take your pick for which is more readable.... And something like this is way to small to have any substantial impact on performance either way you go, so I should think the "other" factors should be the determining factor here. One should also take note of the need for five echos in the first code snippet, and only one echo in the second one....

Re: No Crons Thanks Nyna ;) Time stamps work fantastic for things like hospital time. Set the timestamp once, to a future date. Done deal.

Re: [FAQ] How to populate HTML elements with PHP I agree with Spudinski on this one. Using opening and closing tags is definitely less efficient, especially if you have a lot of them. And indeed, a clean and simple looking script has benefits that far outweigh the nonexistant bonus that starting and ending php tags would give you if they did give you a bonus.

Re: No Crons To be technical there isn't a lot of difference between that php schedualler and a cron. I think Alabama is wanting to eliminate the need for schedualling ANYTHING. I could be wrong, but that was my impression. Certain, that php schedualler is NOT going to be as efficient as using crons, so why would one migrate? Looking at their documentation, php schedualler is designed to be a solution for folks that don't have access to cron jobs. And for that purpose, it seems like a fantastic solution to that particular situation. But using it to replace cron jobs, is not a good idea IMHO.

Re: New Forums Exploit Alert! I can't help with securing the mccodes forum, but there are third party forums that are far more secure than that forum is. If you are going to go in and fix it, make sure all in put is type casted. If the input is supposed to be a number, make sure it's type casted that way. If the input is a string, then make sure it has a mysql_real_escape_string() applied to it, along with any other checks that may apply. For instance, if the string should only be "some option" or "another option" then check to make sure it matches one of those options.

Re: Users Online You're welcome Ace ;) Spudinski, you explained it much better than I would have. lol I'm glad you did that ;)

Re: Conecting?????   For that one, your password is wrong, or your user name is wrong. Check your cpanel for the correct info. and   Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/a1100261/public_html/mysql.php on line 3   Fix the thing that's causing the first error, and this one won't be a problem. Incidentatlly, I doubt your user name is the same as the database name, so that may be incorrect. It is possible though that they are the same. It's not best to do it that way though, hence why I suspect that may be part of your problem. Double check your info ;)

Re: Users Online   <?php include "globals.php"; print "<h3>Users Online</h3> <table width=30% cellspacing='1' class='table'><tr align='center'><th>No.</th><th>User</th><th>Time Since Last Click</th></tr>"; $cn=0; $q=$db->query("SELECT * FROM users WHERE laston>unix_timestamp()-15*60 ORDER BY laston DESC"); while($r=$db->fetch_row($q)) { $la=time()-$r['laston']; $unit="secs"; if($la >= 60) { $la=(int) ($la/60); $unit="mins"; } if($la >= 60) { $la=(int) ($la/60); $unit="hours"; if($la >= 24) { $la=(int) ($la/24); $unit="days"; } } $cn++; print "<tr align='center'><td>$cn.</td> <td>[url='viewuser.php?u={$r[']{$r['username']}[/url]</td> <td>($la $unit)</td></tr>"; } print "</table>"; $h->endpage(); ?>