requinix

It's the quoting you have on those HTML strings, not the HTML itself. PHP allows you to embed variables in strings because it can use the "$" to recognize there's a variable. JavaScript has no such feature. To put a value into a string you have to stop the string, add the value, and begin the string again. "</pre> <table bgcolor=" + formInputs[" farg>"</ There are a couple other things I should point out now (there are a couple things that aren't as important to mention yet): - Don't use the language attribute on script tags. Using the type is enough. - document.write() will do weird things. If you want to create the table inside the div#table (because it shouldn't go inside the p#tableID) then actually put it in there; the cheap way to do that is using .innerHTML: var table = "</pre> <table bgcolor=" + formInputs[" farg>...</table>";<br>document.getElementById("table").innerHTML = - bgcolor is deprecated. Use CSS's background(-color) instead.

That's JSON. decode it then loop through the stats array doing whatever you want.

Put the name and whatever else you may want into the session, then redirect to the certificate page. That page then uses the name and whatever else you put into the session to display the certificate. Have you used sessions before?

If you want to call an object's function you have to use $this-> (for instance methods). $this->deposit($dep);

What you said in your first post made it sound like you didn't want to use any event handlers at all, not that you simply didn't want them on the . What's the structure of your HTML and where can you make changes?

So... you want to detect keypresses without using anything that will let you detect keypresses?

- stripslashes() at the beginning but only if magic_quotes is enabled. - mysql_real_escape_string() for string values just before you stick them into the query. Use typecasting or numeric functions (eg, intval() and is_numeric()) for non-string values. Or you can validate the input to ensure it couldn't possibly contain any SQL injection. - htmlentities() or htmlspecialchars() right when you output stuff into HTML. - json_encode() right when you output stuff into JavaScript (or as JSON). Note how addslashes() did not make that list.

From inside your network you should use your internal address. Or even better, the hostname of the computer. Set up port forwarding on your router: have it forward port 80 to your computer. Note that you may need to give your computer a static address lest DHCP change it up and break the forwarding, but whether you need to do so depends on your router and what it lets you do.

The easiest solution would be to simply whitelist the address the emails are coming from. Beyond that, email filtering is a complicated beast. Switching to code that constructs emails properly (for example, PHPMailer) will probably make the emails look legitimate enough to get through.

Then I would bet there actually are errors. Did you also make sure that display_errors is on?

The line with formInputs is fine, but the stuff after it isn't. 1. formInputs is a variable. It is not located inside document so document.formInputs won't work. Just call it by its name. 2. formInputs is already the elements collection. You don't need another .elements[] on it.

'$path' Variables don't work inside single-quoted strings. Not that you need them at all... include('SimpleImage.php'); $image = new SimpleImage(); $image->load($path); $image->resize(60,60); $image->save($path);

Or the more direct round($number, 2)

And there's yet another method. Since URLs look kinda like file paths, basename(trim($url, "/")) (Of course this doesn't validate the rest of the URL. Only grabs the last component of the path.)

Just a question about the SQL, or is there a problem with the HTML form(s) too? Exactly what you do depends how you handle blank answers. If you store them then just use a normal JOIN since the data does necessarily exist. SELECT q.question_text, a.answer_text FROM question q JOIN answer a ON q.id = a.question_id... If you don't store the answer at all then you'd need a LEFT JOIN because the data might not exist and you still want to know the question. SELECT q.question_text, a.answer_text FROM question q LEFT JOIN answer a ON q.id = a.question_id... (Note how they're identical except for the added "LEFT")

Look in scripts.js:246-259: $("input,textarea").each(function(){ placeholder = $(this).attr("placeholder"); if(placeholder=="undefined"||placeholder==false||$.browser.msie=="undefined"||!$.browser.msie) return; $(this).val($(this).attr("placeholder")); $(this).focus(function(){ if($(this).val()==$(this).attr("placeholder")) $(this).val(""); }); $(this).blur(function(){ if($(this).val()=="") $(this).val($(this).attr("placeholder")); }); }); Debug that "placeholder" variable...

Ownership controls what you can do to something while permissions control what you can do with it. When the PHP script uploads the file, make it chmod($filename, 0644); the file. That should take care of not being able to download future files; for the existing files you can write a very quick script that does that chmod() on everything. It would look like foreach (glob("/path/to/uploads/*.*") as $file) chmod($file, 0644); // and that's all there is to it, really Otherwise if you have a PHP script that can shrink one file, modify it so that it can shrink a series of files. Or easier, make a new script which sets up a couple variables as needed and then include()s the shrinking script. But ultimately this problem should be solved in the CMS: when images are uploaded they should be resized if above a certain size (be that pixel dimensions or file size or whatever). Yes, that's required. Odds are this is one of two situations: either the files are world-not-readable (like 0600 or 0640) or the directory has world-not-executable (like 0700 or 0750). Or both. What's unusual is that this is quite rare to have set up by default. Normally files are naturally 0644 and directories 0755 and then something manually changes those permissions to be more restrictive.

That would catch the most common coding style, but couldn't work on the second-most common: define("DB_HOST", "public server"); define("DB_USERNAME", "something embarrassing"); define("DB_PASSWORD", "something equally embarrassing"); mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD); Or basically any other mechanism where the actual information isn't directly inline with the function call.

Use a redirect. header("Location: /path/to/wherever#c1000"); exit; I prefer that to the JavaScript equivalent (which I'm not even sure how you do).

getmxrr() takes the MX record list and weights by reference. If you give it variables for those two then it will populate them with the values it finds. The true/false is so you can, like, stick it in a condition.

What does the documentation say? And once you've learned how to use getmxrr(), realize that even if there isn't a record it just means that you should assume the website server also acts as a mail server. (That is, a lack of an MX record simply means there isn't a dedicated MX record.)

Okay... Still not sure what that redirect is supposed to do... Are you trying to use it to redirect the original page? Can't do it that way. You'd have to send data that says "you need to redirect and here is where you need to go". Like maybe echo json_encode(array("action" => "redirect", "location" => "/system_lords/dominion.php")); success: function(data) { if (data && data.action == "redirect") { document.location = data.location; } else { // ??? } }

What's the point of the redirection?

Only root can change the ownership of a file. You shouldn't need to change file permissions. Why do you want to change the ownership?

Which isn't necessary because the new URL doesn't match the expression.