kicken

My main PC I use a RAID1 for a little extra security. I have a sync between my laptop and PC periodically so that the important stuff at least exists on both of them. All my work stuff also exists on my VPS so it's safe offsite. Haven't lost anything important since I started doing this, though if I did experience a fire or something that took out both my laptop and desktop I'd loose a few things (work stuff would all be safe though) I do have a fire safe with a few important papers in it. Probably wouldn't be too hard to get a small external drive or thumb drive, toss the really important stuff on there and put it inside as well. Just haven't done it, mainly because I don't have either an external drive or thumb drive.

There is no way with PING or any other network tool to distinguish between an IP with a device that is off, or an IP that has no device attached. You just need to keep your own list of IPs somewhere and what they are attached too. When you need to find an un-allocated ip you consult the list. This list (your database) is your authoritativesource as to whether or not an IP is available. Based on your screen shot I am guessing you have a record in your DB for every IP, whether it is assigned something or not. So what you do to find a vacant ip is just query the database for any IP address without an assigned device. Make sure your list is accurate, and don't assign duplicate IP's. Or install a DHCP server and let it manage your IP space for you automatically.

Yes. You use it any time you output the string to your web page. There's no reason to specifically say it outputs HTML Source code. That fact is implied by what the function does as well as it's name. As we mentioned in one of your other threads, htmlentities is a function you use to protect against XSS by making it so that people cannot enter their own HTML code on your site. This function is specifically for manipulating HTML source code. If for instance you were putting the info into some other place (eg, the database or a PDF file) you would not use this function because your target output is not html. What htmlentities returns is a new string, with certain characters replaced with character entity codes. These codes are only understood when you view that resulting string through a browser which renders the HTML. If you just view it as plain text (such as if you view-source or output to a console) then of course what you will see is the code, not the character it represents, as there would be nothing to do that translation.

You should always rtfm. If you don't understand something then you ask. http://linode.aoeex.com/dd.php - Threw that together to show you how htmlentities works. Enter something in the text box, submit and you can see the results of calling the function. Are you seeing the < and > codes on your page, rather than < or >?

That is pretty much what it is for. In order to render <b> as literally '<b>' rather than it being seen as a bold tag, you have to use < and > in place of the < and > signs. That is what htmlentities is for, it will convert those characters to their entity values. It will convert more than just < and >, but in all cases it should be like a WYSIWYG conversion because the browser will render the entity as whatever the original character was. If for some reason your seeing '<' and '>' on your page, your likely applying htmlentities to your value twice.

Your register form should re-populate the fields with the values when there is a validation error. Having to re-fill the form is annoying and will deter people from registering. Your age calculation seems to be a tiny bit off. I was able to register successfully with a birthday that would make me 12 years old, not 13 like your error says you require. When registration is successful, you should not show the registration form, and your message saying it was successful could be a bit bigger. Also: Why? If they have to wait for an email confirmation, say that, don't just say wait one minute. If there is some other reason for the wait, it sounds like something you need to fix, not just ask people to wait. When posting comments, you seem to have some issues with slashes. I posted the comment: And what got posted was: (or as the html) You are still vulnerable to XSS attacks in your comment area, see the comment here, from batest. Click the link asdf If I try and use the password recovery page, it tells me the birthday is invalid, even though I am entering the one i used on the registration page.

The zone file has an origin (base domain name) to it, in this case it is CLEEP.US. When you don't end an entry with a period, that entry is pre-fixed to the origin and that is used as the full domain. So: www 3600 IN CNAME blah.com will be interpreted by the dns server as www.CLEEP.US. and bleh.blah 3600 IN A 1.2.3.4 would be bleh.blah.CLEEP.US. If you end an entry in a period then it is considered a fully qualified domain and not prefixed, so you have to include everything. My understanding is, however, that the domain specified as the CNAME should have a period after it, as in: www 3600 IN CNAME stats.weblyize.com.

Your account type field seems a bit pointless having only one value. Your password field limitation (letters or numbers only, no spaces no symbols) is also rather silly. There is no good reason to limit a person's password options. All it does is drive your users nuts when they have to craft a new password to fit your rules. The page you get after registering should use the same template as the home page, and provide some links to get back to the home page or to a login screen. You have 'Freinds' in multiple places. The proper spelling is 'Friends' Your site relies on JS more than it really needs too, such as your redirect after editing info: <script type="text/javascript"> <!-- window.location = "info.php?id=18" //--> </script> There's no need to use JS for that. A header() redirect or meta tag would work better. Your wall posts seem to be filtered for xss only after they are posted. Click the wall link on the side to reload the page (or view the page as a visitor) and there is no filtering and xss is possible. http://facepalmz.comli.com/profile.php?id=18 click the Click me! link. Your search should show something indicating no results when nothing is found, not just a blank page. Blank page usually makes people think it's broken. Also, put it in the same template. Trying to pull up a profile for a non-existent member should show some kind of an error page, not a profile page with missing info: /info.php?id=393747 /profile.php?id=393747 /photos.php?id=393747 - Results in PHP error messages, disclosing information about your server.

PHP makes no guarantee what order elements end up in if there values are the same: If for some reason you need them to remain in a particular order, you'll have to sort them some other way. I don't see how it should make any bit of difference though.

You'd probably have to setup the configuration in the main httpd.conf file. That or prevent the user from deleting the .htaccess file somehow, such as changing it's owner/permissions.

If the original source of the data is untrusted (ie, was typed in by a user) then before outputting it in your HTML yes, you need to escape it using htmlentities or htmlspecialchars (either will work fine).

If you post some sample images your working with we could help you better by having something to test with.

The date/time values you store in your database should all be based on the same timezone, UTC works well. Then you just format them for the user's proper timezone when you display them.

I think it's less about being "not a fan" and more about it being a waste of development effort. Previews are really only useful in places such as these forums where you have several formatting codes that actually make your message appear differently than in the box your typing it into. Most article or blog comment systems do not allow these types of formatting so it's a what you type is what you get thing. People can just stop and re-read what they put in before clicking submit without having to have a "preview" feature. Even with a feature, people tend not to use them in my experience. Even I personally do not preview here unless I end up using a lot of markup codes in my post. For example this post only has a quote so I probably wont bother with the preview at all. As for simple spelling and grammar checks, I just re-read my message before hitting submit, rather than preview. It's easier and faster.

You'd make your PHP file that does whatever you need it to do, then you enter in for the command something to run the PHP file. Usually you will be able to run the file via the php-cli program, so you'd have a command like: /usr/bin/php /path/to/your/file.php You'll need to find out from your host the specifics though, such as where the php program is located, or if you have to use something else like wget or lynx

Is there any particular reason you need it in object form vs array? Or just preference? In any event: PDO::fetchAll() PDO::fetch()

Just move the call to where you want it and save the result to a new variable, then put the variable in the link where the original call was. $myTitle = stripslashes($row['myTitle']); $myTitleDashed = str_replace(" ", "-", $myTitle); <li><a href="http://www.mywebsite.com/Promotional.Products-Promotional.Items/Promotional-Products/<?php echo $product_id ?>-<?php echo $myTitleDashed; ?>-<?php echo $full_state ?>-Promotional-Products.html" title="<?php echo $myTitle?> <?php echo "$full_state"; ?>"><?php echo $myTitle?></a></li>

Not sure it really makes a difference speed wise. However if you read it in a row at a time in a while loop you don't have to load the entire result set into memory, it can be streamed from the server. To do a foreach you have to read it all into an array then loop that. You could use fetchAll() to get the array, eg: foreach ($result->fetchAll() as $row){ } I prefer to stick with a simple while loop myself.

The cron file defines a pattern of time to run the file. It's 6 fields separated by spaces/tab: minute hour dayOfMonth month dayOfWeek command to run The minute field defines upon which minute each hour it will run. So if you set it to say 15, it will run only when the current time has a minute equal to 15. The hour field defines the hour it will run. This is based on a 24-hour clock so 0 is midnight, 23 is 11pm. if you set it to say 14 it would only run when it's 2pm. Day of month is the day of each month. say you set it to 1, it will only run if it's the first of the month month defines which months it will run. Say you set it to 7, it would only run in july. dayOfWeek is the weekday (sun through sat) that it runs. Sunday=0 Saturday=6. finally command is that you want it to do. What you do is create a combination of those fields that specifies what schedule you want. You can use range values, or * to mean all possible values. You'll need to read the documentation to find out all the details. Some examples (excluding command): * * * * * Would run once every minute, 24/7/365. 5 17 * * * Would run at 5:05pm every day. 0,30 * * * * would run every hour on the hour and at the half hour (eg 1:00, 1:30, 2:00, 2:30, ...) 15 5 1 * * would run on the first of each month at 5:15 am. If you have shell access through SSH, try running the command crontab -e. If you do not have shell access, you may be able to edit it through your hosting provider's control panel. If you have to use their control panel to edit it, they may provide a simplified interface to make it easier to define the schedule.

Untested, but something like this probably would work. if ($count_school_update_likes > 0) //side note: don't quote numbers. { $likers = array; if ($count_school_update_liked == 1) { $likers[] = 'You'; } if ($count_school_update_likes > 1) { $arr = $get_school_update_likes->result_array(); $len=min(3, count($arr)); for ($i=0; $i<$len; $i++) { $liker=$res[$i]; $likers[] = '<a id="' . $liker['user_id'] . '" href="' . $liker['user_id'] . '">' . $liker['user_name'] . '</a>'; } $extra = count($arr)-$len; if ($extra > 0) { $likers[] = '<a id="stream-updates-item-likes-view" href="#">' . $count_school_update_likes . ' others</a> '; } } $len=count($likers); if ($len == 1){ $likers = $likers[0].' like this'; } else if ($len > 1 ){ $last=$len-1; $list = implode(', ', array_slice($likers, 0, $last)); $likers = $list.', and '.end($likers).' like this'; } }

I haven't really looked into it in a while but I remember that there used to be problems with browser compatibility if you started messing around with native prototypes too much. More so with things like DOM prototypes instead of JS Natives like Array or String. Now that it seems like browsers have more consistent prototype setups it may not be as big of a problem. */me is still stuck in the old days sometimes*

You would have to be extend that element's prototype but that is generally a bad idea and you should avoid it. If your goal is to get the `this' value to be the element inside the function then you could do it with something like: myFunc.call(element, 'arg'); but that's not better than just doing myFunc(element, 'arg');

Try something like this: $src = imagecreatefrompng($target); $width=imagesx($src); $height=imagesy($src); $newwidth=54; // new width of image $newheight=54; $tmp=imagecreatetruecolor($newwidth,$newheight); imagealphablending($tmp, false); imagesavealpha($tmp, true); imagefill($tmp, 0, 0, imagecolorallocatealpha($tmp, 0, 0, 0, 127)); imagecopyresampled($tmp,$src,0,0,0,0,$newwidth,$newheight,$width,$height); $image1 = imagecreatefrompng('Surround.png'); imagealphablending($image1, false); imagesavealpha($image1, true); imagecopymerge($image1, $tmp, 5, 5, 0, 0, 54, 54, 100);

As a quick and dirty example: <?php if (isset($_POST['submit'])){ //save comment do the database } ?> <html> <head></head> <body> <form method="post" action=""> <?php if (isset($_POST['preview'])): ?> <p>Here is a preview of your comment:</p> <div class="comment"> <?php echo nl2br(htmlentities($_POST['comment'])); ?> </div> <?php endif; ?> <h2>Comment</h2> <textarea name="comment"><?php if (isset($_POST['comment'])) echo htmlentities($_POST['comment']); ?></textarea> <input type="submit" name="submit" value="Submit Comment"> <input type="submit" name="preview" value="Preview Comment"> </form> </body> </html> When they click the submit button, the browser will fill $_POST with two values: $_POST['submit'] = "Submit Comment" and $_POST['comment'] = "Whatever they typed". If they the preview button, the browser will instead send you: $_POST['preview'] = "Preview Comment" and $_POST['comment'] = "Whatever they typed". So what you do is just test which button they clicked by testing for the existence of that buttons key name. When you know which is clicked you handle it appropriately. For the case of a preview, you just re-create the page with the form to submit the comment, but include an extra area which shows what the comment will look like. There is no need to store the data anywhere for this, you just use it directly from the $_POST variable. When you re-create the textbox for them to type in, you just make sure you pre-fill it with the value they submitted. When they are happy with the result and click the submit button, you then save the data to your database and send them on their way.

No you don't. If you use a prepared statement (properly) you don't have to do any kind of escaping what so ever. When you do a prepared statement the data is sent separate from the query so there's no chance it will get mixed together and cause problems.