redixx

Fixing WebStyles code: $string = ''; foreach ($_POST as $key => $value) { $string .= "`" . $key . "` = '".mysql_real_escape_string($value)."', "; // use mysqli_real_escape_string or mysqli::real_escape_string if you are using MySQLi } $string = rtrim($string, ', ');

$now = time(); $diff = $now - $timestamp; if ($diff => 600) { // 10 minutes has passed }

Try something like this: if (is_int($param)) { $type = 'i'; } else if (is_float($param)) { $type = 'd'; } else { $type = 's'; } call_user_func_array(array($this->stmt,'bind_param'),array_merge(array($type),$param));

You can do this with the mail() function. There are many tutorials and snippets floating around the web to show you how.

Yup, find a different host. Alternatively there are a few options regarding email delivery companies (can't think of a better way to word that). You basically pay a small rate and they make sure your emails are delivered.

http://flowplayer.org/

Yup. See the manual for more information

$pagetitle = rtrim(basename($_SERVER['SCRIPT_NAME']), '.php');

Even if you use salts, md5 is not a safe option. At the very very least, use sha1 instead (which has exactly the same usage as md5, so there's no excuses).

http://www.socialengine.net/

MD5 is hashing not encrypting. And you should avoid it like the plague. See this topic: http://www.phpfreaks.com/forums/index.php?topic=336473.0

Ah, I see. The easiest way would be just define a page_title variable and stick it in both the <title></title> and the query. The hardest way would be to use file_get_contents and scrape the HTML till you get the <title></title> text.

Using Firefox 4, this seemed to work: .go-btn { position:relative; top:1px; } EDIT: By the way, you have a lot of unnecessary lines of code. You can put a lot of your styling into one statement. For example instead of all the border-left, border-right etc, you can just do: border:1px solid #F06; border-left:0px;

Yes, store a failed_attempts field in your table. Update it each time they have a bad login, and then have a limit defined somewhere. If failed_attempts > the limit, they can't log in. But, make it so that if they haven't received a bad login for X minutes, it clears the failedAttempts.

Is "page_title" supposed to be a variable? If so, you need to do it this way: $sql = "SELECT COUNT(*) FROM (SELECT * FROM `People` WHERE Name='" . $page_title . "') subq";

md5 is easily broken, and sha1 is not much better. Don't use them for anything regarding security. They are useful for quick hashes for things like verifying files, but that's it. As said, you don't want to encrypt passwords. You want to hash them. Hashes are one-way encryption and can not be reversed. Your best bet is to use hash_hmac with SHA-512, a unique salt and a long key. If you want something secure, though, find an implementation that has already been vigorously tested. This kind of thing is very easy to get wrong.

In the interest of readable code, I would suggest to you that you add spaces around concatenation to help you see where variables separate from the string. Whitespace won't be parsed so it won't cause any errors. // instead of echo 'blahblah'.$variable.'blahblahblah'.$variable2; // do echo 'blahblah' . $variable . 'blahblahblah' . $variable2;

Sure, but it will only give you what you expect if all the title names are sure to be unique. Your example is the way to do it.

It would be best to do it dynamically so that you don't have a ton of pages with the same code, as that makes changing things a pain in the ass.

The easiest way is to make a "more page" identifier and then split the page where that is. For example: Page 1 {page} Page 2 {page} Page 3 // $text contains your article $text = explode('{page}', $text); // $text is now an array containing each of the pages // so do something like this: $page = (isset($_GET['page'])) ? $_GET['page'] : 1; // if $_GET['page'] isnt set we assign $page to 1 echo $text[$page - 1]; // we minus one because array indexes start at 0 and not 1

It doesn't matter what the ID is, the LIMIT function works the same either way.

You can scrape the page with file_get_contents or cURL. It will most likely take some complicated regex to get only the content you want, though.

Yes, that's right. However, you are using mysqli and so you should take advantage of that fact and use prepared statements. In doing so you, you don't have to escape data and you don't have to worry about SQL injection.

You can either assign a variable to it and then put the variable in the mysql_query() function, or just put the query in the mysql_query() function.

What does "not working" mean? Are you getting an error?