requinix

There is one case when you should use htmlspecialchars(): in XML. htmlentities() will create strings that are invalid for XML without you jumping through hoops. Meanwhile htmlspecialchars() will escape exactly the right characters that should be escaped.

And?

In your database track (1) the last time they did something (eg, browsed a page, sent a chat message) and (2) whether they have specifically logged in or logged out. To see who is still logged in do a search based on those two fields. Decide how long it takes before a user is automatically "logged out"; for example, if a user is logged out after 15 minutes of inactivity then query for: ...WHERE last activity field -- if you named the fields "last_activity" and "is_logged_in" then maybe ...WHERE last_activity Usual disclaimer: there are many ways to do this and the above is just one of them (though most of the others are very similar to it).

You can't really. AJAX and a normal browser visit are more or less indistinguishable from each other. The most you can hope for is to make it harder but before you head down that path you really need to think about whether this is actually a problem you need to fix or not. What if someone sees the page without AJAX? It's not like they're seeing something they otherwise couldn't.

There's probably a " somewhere in the markup. That'll get mixed in with the HTML and break stuff. General rule of thumb: htmlentities stuff if there's a risk of it conflicting with your HTML. value="" But why do you need it in the HTML? You're pulling it from the database anyways. Just put the ID number in the form, pass that to the next script, and have it look up the expression itself. Also means people won't be able to modify the form and insert arbitrary content.

Both. What you put in the session is some information about the user: 1. In contact2 you session_start() then see that there isn't anything in there indicating the user is logged in, then you redirect 2. to update, which session_starts() too and logs them in, then back to 3. contact2 where you session_start() (it's the same one as before) and see that this time there is something in the session.

The first argument to strtotime() is what you want to do to the time given as the second argument (which defaults to right now if you don't give one). So strtotime("-3 days") to give you three days ago. But since $item_reg is a DATETIME string you have to turn the Unix timestamp that strtotime() returned into a string. That's where date() comes in. date("Y-m-d H:i:s", strtotime("-3 days"))

LOL U NED TO REINSTAL WINDOWS HAHA SUX 2 B U Tried rebooting yet? Checked if there are any problems with the adapter (like with Device Manager, its configuration dialog, or maybe even ipconfig)? If you leave the IPv6 item checked can you get to its properties?

What does the actual HTML source of the page look like?

I can't be bothered to write something clever here. This topic has been moved to Miscellaneous. http://forums.phpfreaks.com/index.php?topic=364251.0

Looks Googleable. Although I'd just keep the UUID and leave out the full path name. Google Oh hey: Could not read chrome manifest file... Could not read chrome manifest file Firefox Extension Error (chrome.manifest) And the bug report: Bug 586610 - Could not read extensions chrome manifest file (972ce4c6-7e08-4474-a285-3208198ce6fd = default theme) So what version of Firefox do you have? Tried updating or reinstalling?

After finding a browscap.ini and trying it on a machine myself, I found that get_browser() would return "win32" and "win64" bools.

It only works with actual Exception objects (and objects descended from Exception). PHP errors and warnings are just that: errors and warnings.

Use something else.

I don't see anything in there with a class of "cal". If you meant an ID of "cal" then you need to use $("#cal")

A POSTed form has semantics that a regular link does not. Regardless of the underlying action, anything GETed (including links) represents a read-only request while anything POSTed (forms with method=post) can represent something with a lasting effect. Think about a web spider: it will crawl links while it will not submit forms. So technically #1: you really should be using a form for a "delete"-type action. If you want the button to look like a link, that's a different problem. As for why it doesn't work, there's something somewhere that indicates the form submission is a DELETE. I'm thinking two possibilities: 1. A hidden form field. This is one way MVC.NET does it. 2. The framework accepts a POST action in place of a DELETE, but not a GET.

PUT and DELETE are only useful for REST requests - they don't really work with normal HTML-based traffic.

Your function returns a boolean, not an integer. var_dump(checkEmail($email1));

Treat it like a login action: they cannot use the rest of the site until they "log in" (by viewing that file). If they try to get around it then they're re-presented with the "log in" prompt until they give up.

Can you elaborate on that very scary statement?

That's not something that can be solved. Looks like search functionality - is the input coming from the user? Best be very careful about what you allow or else I'll enter the quick brown fox jumps over the lazy dog That's 362,880 combinations, and at 45B per string that's 16MB for an absolute minimum amount of memory (which you'll be nowhere near). And I'm not even trying. And that's not even considering the database portion.

If you're not getting a 404 then presumably the framework sent something back. What did it send?

Qualify the * with the table name, like `tbl_auction_lot`.*. But you should try to include only the fields you actually need.

You mean Objective-C? Quite different, they are.

Do you have the universe repository enabled? That's where it lives. You can also install a "normal" MTA like Postfix or exim: IIRC they'll provide you a sendmail application too.