Leaderboard

A meta-refresh will do what you want <?php echo "Your pizza is ready<br>"; echo "<meta http-equiv=\"refresh\" content=\"5; url='url-to-go-to'\" />" ?>

a. the echoed time values should have been correct. are you sure about the posted code and the output that you got? b. browsers and web servers don't interact in real-time. even if you try to flush() the output, you are not very likely to get the result you want (see the php.net documentation for the flush() statement to see all the problems with trying to do it this way.) c. people don't like to wait on web pages to display things for x amount out time (it's either too long of a value or too short of one to suit the current visitor) or to redirect around on your site. the only redirect you have upon successful completion of post method form processing code should be to the exact same url of the current page to cause a get request for that page. if you want to display a one-time success message, store it in a session variable, then test/display/clear that session variable at the appropriate place in the html document. any navigation to other pages should be handled using navigation links where the visitor can choose where they want to go to next.

If you have a SQL injection vulnerability, separate tables will not necessarily help you. Depending on the kind of vulnerability / setup you have the attacker may be able to run queries against arbitrary tables, or just drop the entire database. Aside from that, separate tables will become a maintenance nightmare when next year you need to add a few extra fields to the schema for all 10,000+ tables or whatever. Or you decide you want to be able to aggregate the data for a report and have to query every table and combine the results. Multiple tables with the same schema is the wrong solution 99.999% of the time, and you're not in that small 0.001%. Your wrong. Databases are designed to process data. They are designed to deal with tables that have many rows quickly and efficiently so long as you set them up properly. As an example, I have a table that records every login attempt to a website. It currently has about 2.2 million rows in it. I just queried it to find all my login attempts. It came back with 2976 rows. Guess how long it took the database to find those records out of the 2.2 million total records? 0.271 seconds. Yes, less than a second. If they can inject a DROP TABLE command, they can probably inject a SHOW TABLES command to get a list of all your tables then loop that list and drop each one. Your approach buys you nothing. You need to make sure you're not vulnerable to an injection attack in the first place, and then have solid backups to restore from just in case something does happen.