requinix

Those letters don't have Unicode characters so you have to build it yourself with a U+0304 COMBINING MACRON. "c& #x304;" (remove the space)

It's a bit more complicated than that because you have to deal with XML namespaces: the bit before the colon in the tag name and the URL associated with it. $xml->children("diffgr", true)->diffgram->children("")->NewDataSet->StdData->MAKE

And what's your code now?

More secure. It's not because the stuff came from an AJAX call but how it gets added to the document.

In a query string the "only" thing you need to worry about is directly revealing information. Passwords, private keys, and session IDs* do not belong in there. ID numbers are generally okay because a user doesn't know what "447" corresponds to - they'd have to visit some page so that's where you handle authorization. For example, I have a PM #69384 on this site. You can go into your PM area and stick that number in the URLs you get but you won't be able to see anything. So what you have is fine. Stop worrying about it. All you have to do in the code for the page is to search for a PM that the user sent or received and that matches the ID number given. If you find it then great, and if you don't find it then tell the user they don't have that PM. Don't tell them they can't access the PM: they shouldn't know anything about it, including the fact that it exists. (Same way login forms shouldn't reveal whether a username exists - only that the username+password pair is invalid.) (* IMO they really shouldn't, but if you take proper precautions then it's okay.)

I don't see anything obvious. Are there any JavaScript errors? Have you checked whether the AJAX call works? Put in some alert() or console.log() statements?

The place to "catch the request" is DNS. Without it they can't even reach the server, let alone find out they have to be redirected somewhere.

requestObj() doesn't return anything.

Use an ORDER BY. When you loop through and print out the results you can group them together.

If you're quoting your strings correctly (which it doesn't look like you're doing - regular quotes, not smart quotes) then you don't have to do anything.

Like what?

require_once() the relevant files.

1. In PHP variables are case-sensitive. $_POST is not the same as $_Post. 2. Don't use multiple rows with all the same values. Add a column that counts how many there are, then set it to 1 (if the values don't exist yet) or increment it (if the values do exist).

Your \S is too inclusive. How about making it stop when it hits one of a set of certain characters? Like [^\s"].

There are two lines there. TWO LINES. How can you not proofread them?

This topic has been moved to mod_rewrite because that's where it belongs. Even though it has a really, really ridiculously easy answer. http://www.phpfreaks.com/forums/index.php?topic=359931.0

Putting aside the fact that it's stupid, it's not even possible. You cannot log someone into a site that isn't yours. The closest you can get is basically proxying the site but that's a very bad idea, and quite possibly against the ToS.

You're outputting a whole bunch of HTML before you even get to the image resizing part. That's not good. Move it to the very beginning - before the HTML, before the header, before any code that would output something.

Uh no. It should be $getspdi. However the $getspd = mysql_fetch_array($getspdi); line is a problem. It'll make the loop skip the first row in the resultset. Get rid of it.

The only time the address bar will change URL is if in a RewriteRule you (a) use the [R] flag or (b) give a full destination URL including http:// and whatnot. So if you don't do either of those then the URL as shown to the user will not change.

I don't understand why you have to change the input name. Can't you just figure that out in the script? It's not like the form submission can be trusted anyways.

1. Add a wildcard DNS entry for *.domain.com that points to www.domain.com. 2. In your .htaccess, do URL rewriting with the added stipulation that the hostname (%{HTTP_HOST}) must match the "www.([a-z0-9]+).domain.com" pattern. You can pass the name to your PHP script with %1, or have it determine the hostname itself. 3. ??? 4. Profit!

$_SESSION['session key'] = $variable; Am I missing the question?

Use file_exists when building the list. Or track in the table whether the file should or should not exist (and if they should always then there's something wrong).