requinix

Wrote short and long answers to a couple questions, figured I'd expand on the others too. Short answer: It's fine. Long answer: It depends what parts of the server can be accessed by whom. Put them in the least-accessible place you can (within reason). Short answer: False. Long answer: If the two websites are on the same server and same domain (and different subdomains), have access to the same files, and have the session cookie set to be shared across both sites, then it's possible/likely that it'll be shared. If that's the case then set up different session save paths for both sites. Short answer: Yes. Long answer: Assuming a user cannot edit files (or wherever the session data is stored) on the server then yes. Short answer: Kinda and nah. Long answer: Someone will be along shortly to mention PHPass. Salt the passwords then hash them with sha256 or greater or another strong and slow algorithm (eg, bcrypt). If you're paranoid then HMAC is an additional option (basically it uses two salts), though it's easy enough to just do it so try and get in the habit now. The user information probably doesn't need to be encrypted but it depends on the sensitivity of the information.

get_included_files and debug_backtrace are close.

How about an explanation of what's going wrong? So we don't have to keep guessing. -> is colloquially known as the "arrow operator" or officially the "object operator". On the left is an object and on the right is a property (variable) or method (function). Take a look at the manual for an overview. There's also :: "double colon" or "paamayim nekudotayim" for static properties and methods: instead of an object on the left it's the name of a class (or a keyword like self, parent, or static).

You have to actually set the values of $productName and $price. Presumably from the $row_3 array. And if the error is not about those two variables being undefined, what is it? Also, try to switch to the mysqli or PDO extensions. They're better than the old mysql you're using now.

You really think I was alluding to price gouging? Please. Considering how this website is quite clearly intended to draw visitors to the country I would expect them to take more time and effort and money to make sure the site reflects the image they want. They want a pretty site? Will cost more. They want to research what draws people's interest? Will cost more. They want to showcase a little bit of everything that you can find around the country? Will cost more. I've written for WebForms. I hated it. It encourages the developer to write less HTML and rely on the framework more. While I do see aspects of that in the HTML, I don't see as much as I would expect for a "typical" implementation. They didn't take the lazy way out and I respect that. Apparently I'm the only one but I like it. It's a little small and they could use more of the screen but it seems like the clumped boxes are mostly for the navigational pages. It's not like it's a business or community site where people will regularly visit. I think it's clear that they wanted something more attractive than functional, what with the background photos and heavy use of images, and that's what they got.

What about the php.ini? Neither move_uploaded_file() nor the 0777 permissions have to do with it.

"Still", after you changed to using move_uploaded_file()? Did you do anything else?

Well, it's right there in the main array so $match[2]

For what seems to be an ASP.NET WebForms site, it looks really well done. Considering how the website is supposed to be for a whole country and not just some corporation $3.3M seems reasonable. [edit] As for usability, it's a bit slow but I'm fine with the design.

The city cannot be both "City1" and "City2" at the same time. JOIN the table against itself. SELECT l1.companyid FROM location l1 JOIN location l2 ON l1.companyid = l2.companyid WHERE l1.city = "City1" AND l2.city = "City2"

<?php $content = <<<TEXT QUEUE USAGE TOTAL book1 book2 ------------------------------------------------------------------ 0001 18% 822 481 98 0002 16% 345 765 88 0003 10% 400 300 166 0004 15% 994 322 177 0005 17% 348 297 131 ---------------------------------------------------------- TEXT; preg_match_all('/^(\d+)\s+(\d+)%/m', $content, $match, PREG_PATTERN_ORDER); print_r($match); Array ( [0] => Array ( [0] => 0001 18% [1] => 0002 16% [2] => 0003 10% [3] => 0004 15% [4] => 0005 17% ) [1] => Array ( [0] => 0001 [1] => 0002 [2] => 0003 [3] => 0004 [4] => 0005 ) [2] => Array ( [0] => 18 [1] => 16 [2] => 10 [3] => 15 [4] => 17 ) )

What string occurrences? What histogram? What about these characters? Included where? HTML output of what?

Try feeding /^(\d+)\s+(\d+)%/m to preg_match_all().

Make sure your upload/ folder has world-writable permissions: 0777. [edit] Problem is that you can't trust the type - it's sent from the browser so it can be forged by a malicious user. Plus IE tends to use unusual values so you'd have to account for those. Short of something like getimagesize (a good idea), checking the extension is the next best thing.

XML is like HTML but you have a lot more freedom about what the tags are and how things are structured. Unless you have specific directions on the format, output valid and sensible XML and you're good. If you're not sure about sensible, look around at what some people use for their XML and get a feel for how it works. If you're still not sure, come up with something and ask us for feedback.

But you said you didn't want to do AJAX... I don't know what your question is. What about the ID needs AJAX?

You can throw in references to get a shorter variable temporarily. for($i=1; $i<12; $i++) { $batter =& $battingPlayer[$battingLineUp[$i]]; $bowler =& $bowlingPlayer[$bowlingLineUp[$i]]; $batter['energy'] += mt_rand(10, floor($batter['fitness']/10+10)); #If energy is low then player gets a bit of it back $bowler['energy'] += mt_rand(10, floor($bowler['fitness']/10+10)); #If energy is low then player gets a bit of it back if($batter['energy'] > $batter['fitness']) $batter['energy'] = $batter['fitness']; #Energy cannot be more than fitness if($bowler['energy'] > $bowler['fitness']) $bowler['energy'] = $bowler['fitness']; #Energy cannot be more than fitness } unset($batter, $bowler); Note the unset(): references can be tricky and might bite you if you're not careful. Can also throw in a couple calls to min(). for($i=1; $i<12; $i++) { $batter =& $battingPlayer[$battingLineUp[$i]]; $bowler =& $bowlingPlayer[$bowlingLineUp[$i]]; $batter['energy'] += mt_rand(10, floor($batter['fitness']/10+10)); #If energy is low then player gets a bit of it back $bowler['energy'] += mt_rand(10, floor($bowler['fitness']/10+10)); #If energy is low then player gets a bit of it back $batter['energy'] = min($batter['energy'], $batter['fitness']); #Energy cannot be more than fitness $bowler['energy'] = min($bowler['energy'], $bowler['fitness']); #Energy cannot be more than fitness } unset($batter, $bowler); Can even combine the two pairs of $player['energy']= together, though the line gets pretty long.

No, but there is an operator. if ($variable === null) ...if it's exactly null. If you want to check if a variable is "empty" then if (empty($variable)) empty() also returns true for "0" but that's not a valid URL so it's okay in this case.

#1. glob $files = glob("/path/to/images/117_*_*.jpg"); #2. basename and explode // $filename = "/path/to/images/117_1_1.jpg"; list($intersection, $section, $image) = explode("_", basename($filename, ".jpg"));

With a decent server SSL for everyone shouldn't create any noticeable overhead. Since Apache has no concept of a logged-in user, make your PHP code deal with the redirection. Assuming you have $_SERVER["HTTPS"] if ($_SERVER["REQUEST_METHOD"] == "GET" && $_SERVER["HTTPS"] == "on" && /* not logged in */) { header("Location: http //{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"); exit; } else if ($_SERVER["REQUEST_METHOD"] == "GET" && $_SERVER["HTTPS"] == "off" && /* logged in */) { header("Location: https //{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}"); exit; } [edit] Add the colons back in [edit 2] Screwy highlighting

You don't have to do anything to start using it. It works automatically. But if you already have it installed then the file caching alone isn't enough. What does your code look like? You can probably store some information in APC to spare the database some queries.

Without you having to do anything at all (besides install APC) your PHP code will be cached. That means PHP doesn't have to read from the hard drive every time it tries to execute a file. Hard drives are slow. Turn on APC and see if that improves performance enough. If not then you can revisit the issue of caching.

Why not just force HTTPS for everyone? Aren't the anonymous users worth protecting too?

Maybe. What are the tables for? How about some kind of description about what you're dealing with?

It's a normal form submission. You might want to brush up on how to do that before continuing. The form is on the left and it has the text box and the submit button. It posts back to itself. Besides showing the form the script will also check if the form was submitted: if so then it puts HTML on the right, otherwise it does not.