PHP - Highlight_string Adds A 1 To The End Of Everything

I am very confused....
In my database I have lots of comments, but when displayed on the page, a few catch my eye...

Here is one, it displays wrong
Quote

1. addslashes() is not sufficient enough to prevent SQL injection. Use mysql_real_escape_string().

2. You are not enclosing your values in quotes, this just means they need to have a space in their submission to inject SQL.

3. You should not ever echo out mysql_error() to an end user. Log it for your own purposes, but show the user a generic error message.

Your query would be better off like this:

<?php   
   $sql = mysql_query("SELECT * FROM users_table
   WHERE username='".mysql_real_escape_string($_POST['username'])."' AND
   password='".mysql_real_escape_string($_POST['password'])."' LIMIT 1")or die('Sorry, there has been a database error. The webmaster has been notified of the error. Please try again later.');
?>


but this one displays correctly:
Quote

(That was me, the latest Anonymous poster)

One *last* thing. You're saving the passwords as plain text. BAD idea, especially with the SQL injection problems you have. Someone with the right knowledge can easily steal all your user's passwords.

I'd recommend using md5() to has the passwords (at very least md5, though sha1 would be nicer).

Try this:
<?php
$sql = mysql_query("SELECT * FROM users_table
WHERE username='".mysql_real_escape_string($_POST['username'])."' AND
password=md5('".mysql_real_escape_string($_POST['password'])."') LIMIT 1")or die('Sorry, there has been a database error. The webmaster has been notified of the error. Please try again later.');
?>


And make sure you md5() the passwords when you insert them into the database initially.


Do you see where the php tags are? when my script see it, it formats the php but some format not only the php, but the text as well, and I am not sure why.
if you take a look at this page http://beta.phpsnips.com/snippet.php?id=4 and scroll down to the date: 08/20/2008

The first comment displays nice
The second displays okay, "Would be better off as: " is formated as php and shouldn't be
The third one formats the entire post as php

Here is my php to check each comment (it is in a while loop):
$comment = preg_split("/^(<\?php.*?[^\'\"]\?>[^\'\"])/ms", $cow['comment'], -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
foreach($comment as $line){
preg_match('/<\?php.*?\?>/s', $line, $matches);
if($matches[0]){
echo '<div class="phpComment">';
highlight_string($line);
echo '</div>';
}else{
echo nl2br(htmlentities(str_replace('<br />','',$line)));
}
}

Anyone see what is wrong, and why it is formating funky?

I'm trying to automatically change a math equation so that the solution is an even number:

It is at first complicated but I'm progressing.

This is my first attempt at accomplishing what I'm trying to accomplish.

 if (($sol != round($sol)) && ($x1 < $x2)) {

 
/***********************************************************/
function round_up ($sol, $x1, $op, $x2) {

for ($x1 = $x1; $sol < round($sol); $x1++) {

switch ($op) {

case '+' : $sol = $x1 + $x2; break;

case '-' : $sol = $x1 - $x2; break;

case '*' : $sol = $x1 * $x2; break;

case '/' : $sol = $x1 / $x2; break;

}

}

return (array ($sol, $x1, $op, $x2));

}
/**********************************************************/

$round_array = round_up($sol, $x1, $op, $x2);

echo "after for loop: $round_array[1] $round_array[2] $round_array[3] = and sol: $round_array[0] <br /><br />";

 }


If the solution of the equation is not a round number, and if the first number is smaller than the other, than increase the first number until the solution is a round number.

It is a very primitive solution, but I'm learning as I go and I'll try to make it more intelligent. But to my problem, the above script outputs following values:

Code: [Select]
first calc: 3 / 5 = ?

first sol: 0.6

after for loop: 6 / 5 = and sol: 1

The script will increase the first number about 1 digit more, and that is exactly my problem, since that way the equation makes no sense.

The condition of the for loop is, increase $x1 till $sol is SHORTLY before the next rounded number, when it is has reached the next rounded number STOP.

Thus $x1 should be 5 in the above example, because 5/5 = 1.

IT seems that after $sol has reached the next round number, the for loop will go one more time over the variables, and THEN it will stop.

How can I solve this problem?

Hey Guys,

I've got a small script that displays latest news.

It is supposed to show just the title of the news item in a list, however it shows the content at the bottom of the code...
This is my page
<ul>
<?php
        $args= array(
        'news_items' => 500,
        'title' => TRUE,
        'content' => FALSE,
        'before_title' => '<li>',
        'after_title' => '</li>'
   );

jep_latest_news_loop($args);
echo '</ul>';
?> <br>TEST<br>

But this is the output
Quote

    * February 2011 Newsletter
    * January 2011 Newsletter
    * December 2010 Newsletter
    * November 2010 Newsletter
    * October 2010 Newsletter
    * New Website Launched


TEST
February 2011 Newsletter January 2011 Newsletter December 2010 Newsletter November 2010 Newsletter October 2010 Newsletter XXX XXXXX are pleased to announce the launch their new website today. We hope you find it easy to use and informative. Please feel free to contact us with any queries.



This is the code generator page

<?php
add_action('init', 'jep_latest_news_init');
function jep_latest_news_init() 
{
  // Create new Latest-News custom post type
    $labels = array(
    'name' => _x('Latest News', 'post type general name'),
    'singular_name' => _x('Latest News', 'post type singular name'),
    'add_new' => _x('Add New', 'Latest News'),
    'add_new_item' => __('Add New Latest News'),
    'edit_item' => __('Edit Latest News'),
    'new_item' => __('New Latest News'),
    'view_item' => __('View Latest News'),
    'search_items' => __('Search Latest News'),
    'not_found' =>  __('No Latest News found'),
    'not_found_in_trash' => __('No Latest News found in Trash'), 
    '_builtin' =>  false, 
    'parent_item_colon' => ''
  );
  $args = array(
    'labels' => $labels,
    'public' => true,
    'publicly_queryable' => true,
    'exclude_from_search' => false,
    'show_ui' => true, 
    'query_var' => true,
    'rewrite' => true,
    'capability_type' => 'post',
    'hierarchical' => false,
    'menu_position' => 20,
    'supports' => array('title','editor','author','thumbnail','excerpt','comments'),
    'taxonomies' => array('category', 'post_tag')
  ); 
  register_post_type('latest-news',$args);  
}

/*

Template function to output the latest news stories
*/
function jep_latest_news_loop($args = null)

{

$defaults = array(

'news_items' => 500, 

'title' => TRUE,

'content' => FALSE, 

'before_title' => '<li class="h3">',

'after_title' => '</li>', 

);

global $paged;

$r = wp_parse_args( $args, $defaults );
  

$qargs=array(

   

'post_type'=>'latest-news',

   

//'posts_per_page' => $r[news_items],

//'paged' => $paged

);

query_posts($qargs);
 

while ( have_posts() ) : the_post(); 

?>
<?php echo($r[before_title]);?>
<a href="<?php the_permalink(); ?>"><?php the_title(); ?></a>
<?php echo($r[after_title]);?>

<?php endwhile;
 }
?>


Any ideas what is dumping the extra code?

Can anyone tell me what's making  this code put an extra entry in the database?Whatever the number of looped students being added, it adds another row with nothing but the registrationid entered.

Code: [Select]
<?php
// connect to database 
include("databaseconn.php"); 

// store all posted intemnos and descriptions in local arrays 
$fname = $_POST['fname']; 
$lname = $_POST['lname']; 
$phone = $_POST['phone']; 
$email = $_POST['email']; 
$bdate = $_POST['bdate'];
$bdate2 = $_POST['bdate2'];
$bdate3 = $_POST['bdate3'];
$wid = $_POST['wid']; 
$rid = $_POST['reg_id'];
$reg_alone = $_POST['reg_alone'];

$_SESSION['workshops']=$wid;
?>


<?

if(sizeof($_POST['fname'])) {
// loop through array
$number = count($fname);
for ($i=0; $i<=$number; $i++)
{
    // store a single item number and description in local variables
    $fnames = $fname[$i];
    $lnames = $lname[$i];
    $phones = $phone[$i];
    $emails = $email[$i];
    $bdates = $bdate[$i];
    $bdates2 = $bdate2[$i];
    $bdates3 = $bdate3[$i];
    $wids = $wid[$i];
    $rids = $rid[$i];
echo "echod ".$bdates2."and<br>";
print_r($bdates2);
$query_insertItemWorkshop = "INSERT INTO tbl_attendees (attendee_fname, attendee_lname, attendee_registrationid, workshop_id, attendee_email, attendee_telephone, attendee_bday, attendee_bmonth, attendee_byear) VALUES ('$fnames', '$lnames', '$reg_alone', '$wids', '$emails', '$phones', '$bdates', '$bdates2', '$bdates3')";

echo "query: ".$query_insertItemWorkshop;
$dberror = "";
$ret = mysql_query($query_insertItemWorkshop);




}
}
    ?>

Hi Guys, i got the PHP and MYSQL for dummies (4th addition) and i am typing up the code examples myself just to gain the experience. Im at the end of the book nearly where it is talking about log in applications that add info to the url but for some reason the code doesn't work. Im using Xampp as a localhost server.

Attached are the two scripts for the program, and below is the include file. I open up the login_url form first:

form_log.inc:

<?php
/*  Program name: form_log.inc
 * Description: Displays a login form
 */

if( isset ( $message ) )
        {
            echo $message;
        }
echo "<form action='$_SERVER[PHP_SELF]' method='POST' style='margin: .5in'>\n
    <p><label for='username' style='font-weight: bold; padding-bottom: 1em'>User ID: </label>
        <input type='text' name='user_name' id='user_name' value='$user_name' />\n</p>
    <p><label for='password' style='font-weight: bold'>Password: </label>
        <input type='password' name='password' id='password' value='$password' />\n</p>
    <p><input type='submit' value='Log In'>\n</p>
        <input type='hidden' name='sent' value='yes' />
    </form>\n";
?>




Here are the errors i get:

Warning: include(dbstuff.inc) [function.include]: failed to open stream: No such file or directory in /Applications/XAMPP/xamppfiles/htdocs/test_php/login_url.php on line 31

Warning: include() [function.include]: Failed opening 'dbstuff.inc' for inclusion (include_path='.:/Applications/XAMPP/xamppfiles/lib/php:/Applications/XAMPP/xamppfiles/lib/php/pear') in /Applications/XAMPP/xamppfiles/htdocs/test_php/login_url.php on line 31
Couldn't execute query.


Any help would be appreciated thankyou

Enlighten