PHP - Moved: Is Pre-population Insecure?

Hello,
          I'm trying to create a Content Management System (CMS) however, I always feel that my code is insecure and unprofessional. For example, here is some context from my core file:
         
          Code: [Select]
public function getSiteData() {
  $q = "SELECT * FROM siteSettings ORDER BY id DESC LIMIT 1";
  $r = mysql_query($q);
 
  while ( $a = mysql_fetch_assoc($r) ) {
  global $siteName, $siteMotto, $siteIco;
  $siteName = $a['site_name'];
  $siteMotto = $a['site_motto'];
  $siteIco = $a['site_ico'];
        }
  }

 public function adminGet() {
    $q = "SELECT * FROM testDB ORDER BY created DESC LIMIT 4";
    $r = mysql_query($q);

    if ( $r !== false && mysql_num_rows($r) > 0 ) {
      while ( $a = mysql_fetch_assoc($r) ) {
        $title = stripslashes($a['title']);
        $bodytext = stripslashes(substr($a['bodytext'],0,100));
I seem to feel that the solutions that I approach towards my content management system are insecure, and could lead to easy hacks and injections. Now, when I compare my code to other content management systems, I seem to  see a huge difference in there professional layout, and the way they go about their coding.  I'm only 14, and have been studying PHP for around a year and a half now, I'm wanting to become a little more advanced in PHP, but I can't feel like I can due to my insecure coding. Would anybody be able to point me in the right direction, or tell me where I'm going wrong please?

I have MSN and Yahoo, if you'd prefer to contact me that way. MSN: jarrod@tichiegaming.com : Yahoo: Ptsface12.

Many thanks,
Jarrod

Hi Folks,

I am learning php and mysql so please bear with me and again if this is not in the right place please let me know.

Anyways, I have a form setup that will be used to add events for a local sports team. I have 3 tables.

Table1(Level) is working fine and populating the drop down form as I need it to.

Table 2 is the Events. This is used to track all the event names that are used through the organization.

Table 3 is the Schedule. This show all the events that are scheduled.

What I need the form to do is allow the client to choose the event type and the level type for the registration process.

Can I do this with mutliple dropdown lists with mysql/php? Here is what I have that is working.

Code: [Select]
mysql_select_db($db_database)
or die("Unable to select database: " . mysql_error());
$sql = "SELECT\n"
    . "levels.LevelID,\n"
    . "levels.LevelName\n"
    . "FROM\n"
    . "levels\n";

$result = mysql_query($sql) or die(mysql_error());

$options="";

while($row = mysql_fetch_array($result)){

 $LevelID=$row["LevelID"];
 $LevelName=$row["LevelName"];
 $options.="<OPTION VALUE=\"$LevelID\">".$LevelName.'</option>';


}

?>



<style type="text/css">
<!--
body p {
color: #F00;
}
-->
</style>



<table width="500" border="1" align="center" cellpadding="0" cellspacing="1" >
<tr>
<td>
<form name="form1" method="post" action="scheduleinsert_ac.php">
<table width="100%" border="1" cellspacing="1" cellpadding="3">
<tr>
<td colspan="3"><div align="center">
  <p><strong>Myers Schedule Form</strong></p>
</div></td>
</tr>
<tr>
<td>Event  Name</td>
<td><div align="center">:</div></td>
<td></td>
</tr>

<tr>
  <td>Level</td>
  <td><div align="center">:</div></td>
  <td><select name="LevelID">
    <OPTION VALUE="0">Choose
      <?php echo $options;?>
      </select></td>
</tr>

I have a table created containing the following.

name url members date

I want to populate a table like so:

Dates name1 name2 name3
date   membersforname1 membersforname2 membersforname3
anotherdate   membersforname1 membersforname2 membersforname3

So I need the dates to form each of the rows, but also, have the members in the correct places for the names.

Not sure if any of that made sense, if you want me to go in to more detail just ask.

Hi all, I prety often populate a database just to test stuff.
So i thought i make a little script which magically populates the database with multiple rows at ones instead of pressing F5 all the time . I am not sure if this is the best way so I would love some advice of an expert. If someone can use it feel free to use it. Changing $rows is all that is needed to blast your database to the moon.


<?php
include('connector.php');//connection file

//make query
$query = "INSERT INTO comments (title, comment)VALUES";
//$data = mysqli_query("SELECT * FROM comments") or die(mysql_error());
$rows =24;//set to 1 million to get free cookies ::) and an angry email from your host
$comment =  "Lorem Ipsum is simply dummy";
for ($i=0;$i<$rows;$i++){
    if ($i<($rows-1)){$comma=',';}else{$comma='';}//preventing a comma on last loop which will prolly break query
    $title = chr(rand(97,122)).'this is a title with a bogus prefix';
    $go .= "('$title', '$comment')$comma"; //hoping to get them in this manner ('var1', 'var2')
}
//populate this monkey
mysqli_query($dbc,$query.$go)
    or die('Connect Error: ' . mysqli_error($dbc).'number'.mysqli_errno($dbc));
?>

I am working on a form with php generated values. What I have right now is as follows:

<tr>
<td><p>ENTRY TERM: <select name="entry_term" >
<option value="">Choose One:</option>
<?php 
$year=date("Y");
for ($y=0;$y<5;$y++) {
	echo '<option value="Fall '.($year+$y).'">Fall '.($year+$y).'</option>';
	echo '<option value="Spring '.($year+$y+1).'">Spring '.($year+$y+1).'</option>';
}
?>
</select>
</p></td>

This currently generates a list of :   Fall 2014 Spring 2015 Fall 2015 Spring 2016 Fall 2016 ...etc for next 5 years   What I need to do is have this time sensitive to exclude once a specific month has passed. For example once August 2014 has started "Fall 2014" should be excluded... or when Jan 2015 has started "Spring 2015" should be excluded.   Can someone help me solve this as I am unsure of how to move forward with this.   Thanks,