requinix

Really shouldn't be putting actual links to potentially bad things in your post. Especially when the links go back to your own site. So I've edited out the linking-ness for you. First one is an attempt at SQL injection, hoping that you did something like "SELECT * FROM table WHERE ID = {$_GET['ID']}"thus resulting in "SELECT * FROM table WHERE ID = 999999.9 /*!30000union all select (hex stuff)"which uses a sort of conditional commenting feature in MySQL that will parse the comment itself for versions of MySQL >= 3.00.00 and become "SELECT * FROM table WHERE ID = 999999.9 union all select (hex stuff)"The second one... could be normal, I don't know your application. If you don't recognize that then it's probably probing for a vulnerability in whatever that JCE thing is I don't know I'm too lazy to Google for what it is at 2am.

As long as you're separating the logic (controller) from the HTML (view, or at least most of the view), you're following the principles of MVC. Beyond that is debatable. Realistically, one file for all the views would be hectic and a hassle to manage. Want to change the "about me" page? You'll be ignoring a lot of stuff in the file because it corresponds to different pages. Go with one file per view/method.

Can you post the code? And maybe a sample image you're processing?

Not the best method. How old is this book? It should be teaching you about PDO and mysqli, which offer (among other things) prepared statements, which completely sidestep the whole SQL injection issue. The stripslashes() shouldn't be there at all, though. Make sure you're running PHP 5.4+. It does not matter in the slightest. So what? The old value that had slashes is gone because it was overwritten with one that doesn't have any.

Your formatBBcode() uses the /s flag in its regular expression but you don't use it again when checking for text. Without it the .*? won't match the newlines.

Keeping in mind that this is more suited to situations where there is no particular urgency to the request (besides "as soon as possible" of course), or where the user isn't on the edge of their seat waiting for it to complete, The best way to manage this is to have a script running in the background (like, really running on the server) which looks to the database for tasks that it should run. For example, if you needed something that would save a copy of a webpage, in the database you would have a table that lists out the URLs to hit as well as whether the job has been run yet. The script grabs a URL, marks the task as in progress, does the work, and finally marks the task as complete. Giving it more work to do is a matter of inserting another URL into the database. There's a bit more technical information that is important but that's the brief description. To let the user know, somewhere, such as the session, you hold on to the "task" you created for them, and every once in a while you check to see the progress of the task. How often "every once in a while" is depends on the nature of the task of course; every 30-60s for the thing about admins' work sounds reasonable. (I'd leave the 5-10s stuff where it is - no need to background something that only takes a few seconds.) - You wouldn't happen to have control over these other sites, would you? - Caching is a common solution if you're potentially grabbing the same content repeatedly - Background the work if it takes too long and/or isn't time-sensitive

Toxic? No. Unorthodox, sure, but not necessarily bad. No. Apache doesn't care what it's executing. That is the problem. If you get one hit per second triggering that behavior then after five minutes, when the very first connection is finally closing (and another is starting) there will be 300 open connections. You could up your connection limit as a short-term fix but you need to deal with the "upwards of 5 minutes" problem. What is the nature of this scraping? Is it something you can do separate of user interaction, like on the server in the background? Can you cache anything to spare you from scraping so much?

You bet there is. Many, in fact. What have you tried yourself?

That'd be example #5, right? Regardless, isn't it the user logons you want anyways?

It'd be easier to just get all the matches in the entire string (ie, preg_match_all()) and only use the last one found But altering the regex to make sure it only matches the kind of data you want would be best. What about making sure it doesn't match a name ending with a $?

I don't see how that's possible since you define it in the statement immediately before that line. Did you post your exact code? What is the exact error message?

Take a look at the code in your post. See all that green? Green stuff is supposed to be a string but it's clearly showing some stuff as strings when it shouldn't (and vice versa). Find the place where it starts coloring incorrectly and you'll find where the problem is. Oh, and get yourself an IDE. Like Netbeans or PhpStorm. They can tell you exactly where and what problems are in your code, and offer many other features beyond that.

It is possible to execute code safely, but it's difficult and I wouldn't even trust myself to get it right. However all you need is a syntax check, right? PHP can do that from the command line. "php -l " . escapeshellarg($_FILES["whatever"]["tmp_name"])I believe it uses exit codes for success and failure so you can use exec() or proc functions to check that. Any file is a valid PHP file so that's difficult. But with your specific use case there would have to be some amount of PHP code, right? So yes you can check for <?php.

Because, as its name may imply, it returns more than one node. A node list, as it were. You could grab the [0] if that's all you want. There's another way to get those though: get the form and do, like, ["points[]"].

The settings are to get you any error information that PHP may be generating but not reporting directly to you (like on the page). IIS's error logs, assuming there are any set up, would be the best place to look for those without having to change any configuration. ...which is? I'm going to go out on a limb and suggest that those might, just, possibly, be relevant. Exception is a built-in class. I don't know what you're trying to say.

It's a file. If you don't have one then make it - it goes in the folder that contains that XML file. Inside it, use an Order to limit access to everything, # deny by default Order allow,denythen a with an Allow that grants access instead. <Files "Myxmlfilename.xml"> Allow from all </Files>

getElementsByName

What is the number in $_FILES["userfile"]["error"]? Look it up here (if it's not 0). Then find your php.ini, set error_reporting = -1 display_errors = onrestart IIS, and try again while looking for error messages outputted by PHP.

Use your favorite mechanism for restricting access (like an Order), and then use a to override that specifically for Myxmlfilename.xml.

By default . does not match newlines. Use the /s flag to make that happen.

Mind the undefined variable warnings, though.

It's definitely valid, though there is a bug with it. What error are you getting?

Tons of them: don't use smart quotes. $(function() { $("[name='pet_type']").change(function() { $("[name='breed']").removeAttr("disabled"); $("[name='breed']").children("data-pet-type[name!='" + $(this).val() + "']").hide(); $("[name='breed']").children("data-pet-type[name='" + $(this).val() + "']").show(); }); });

The intro line won't always be in that format - different email clients and especially different (native) language clients may do it differently. Fortunately the > prefix is pretty standard so I would go about it as finding a line that doesn't start with a > then maybe blank lines then lines starting with >. Couple expressions to try, which one works depends on the way the regex is being executed: ^[^>].*\s+>.*\s+> [\r\n]+[^>][^\r\n]+[\r\n]+>[^\r\n]+[\r\n]+>If neither work then it'd help to get specifics about what software you're using and ideally some documentation about what it supports for regular expressions.

You can do a lookup with xpath: foreach ($xml->xpath("//itemPlace[@id=123]") as $eq) // look for itemPlace with id=123As for the "parameters", you're already doing it with $eq->wholeSale.