scootstah

There's no reliable way to do what you want with PHP. The best you can do is measure the time it takes for the script to execute.

Semantics.

What does $this->member['avatar_size'] contain?

Your VPS host should provide you with DNS servers to point the domain to.

// put at the top of the script $start_time = array_sum(explode(' ',microtime())); // put at the bottom of the script $end_time = array_sum(explode(' ',microtime())); $exec_time = $end_time - $start_time;

Assuming that your date column is called "date" and is of type DATETIME SELECT DATE_FORMAT(date, %D %M %Y, %l:%i %p) AS date ... Then you can reference it like while($row = mysql_fetch_assoc($result)) { echo $row['date']; }

Except scootstah in Reply #4 said to create additional fields which is making my code complicated to say the least... Scootsah, how did you plan on my script know where to look for the valid Hash between two fields?! Debbie It's really not complicated, and it is by far a better approach. The "valid hash" doesn't change until the user changes it themselves. Don't just change the password as soon as someone hits forgot password. That would irritate me to no end if all of a sudden my password didn't work because someone locked me out.

What format is the data in?

What do you mean "in the background"? I don't know how you are going about scraping a page, but it really shouldn't take more than a second or two at most. You can use a cron job to run the script at specific intervals.

Seriously, I can't even use these keyboards because the delete/home/end keys are wrong, I'd go insane if the dollar sign moved to the other side of the board. Man, I hate those keyboards. I use the home/end buttons quite extensively while writing code. It kills me when I have to jump on a machine that doesn't have the same keyboard layout as mine.

I am doing that in essence, except I make them paste in the temporary password. Why? I don't believe this adds any security but it is definitely more frustrating from a users point of view. It adds no security at all. Someone can brute force POST just as easily as GET.

You don't need the mysql_result in there. Just do while($row = mysql_fetch_array( $result )) { echo '<td>' . $row['stuffandthings'] . '</td>'; }

It should be $rows['AVG(overall)'] You can make this a little prettier by changing AVG(overall) in your query to AVG(overall) AS overall And then you can just do $rows['overall']

I third this. If she wants to use real representation of her dishes, she really ought to have them professionally done. It shouldn't cost that much for a few hours of a local freelance photographer.

If you are new to PHP (or frameworks) I would suggest starting with CodeIgniter. It is extremely easy to pick up and get started with, plus the documentation is second to none. I find I learn things faster by just jumping right in, making a huge mess, and then figuring out how to clean it up. I can't pick up new languages by reading 500 page books first, it's just too boring. I would much rather pick a project and start going at it and learn how to do specific things as I go. So therefore, as long as it won't be used in production until it is cleaned up, I encourage you to get your hands dirty! Don't rely too much on the framework though, try to understand what it's actually doing. Otherwise you'll only know how to use a framework but not really know how to use PHP. Frameworks teach good practices though, such as code separation and DRY (Don't-Repeat-Yourself) techniques.

Instead of $check1="checked"; Do $check1='checked="checked"'; In some browsers, simply having the "checked" attribute (even with no value) will still check it. As for the rounding, either use floor() or ceil().

Based on the benchmark I just ran, == null was like .4 microseconds faster than is_null(). I'm assuming the reason is because is_null() is an extra function call. Either way, it's a negligible difference.

Add two additional columns in your users table, something like "reset_pass_code" and "reset_pass_date". Make "reset_pass_date" a DATETIME (or you can use UNIX timestamps if you prefer). The general idea is that when a password reset is requested, you generate a string, store it in the database and send it to their email. You also fill the reset_pass_date with the current date. Then when they visit say, reset_password.php?userid=1&code=blurgablurg, then you can lookup that userid and code to make sure it matches. You can also make sure the reset was requested within the last X amount of time, like 24 hours or something. You shouldn't change their actual password until they visit the reset page and do it themselves. The reason is because anyone could say the password is lost, and if you change it then it would no longer work. With the method above, if someone else filed a reset password request it would simply email them and they can ignore it if they want. As far as the actual code goes, really any method of randomly generating a string will work fine. But in this case longer may be better, so if you use MD5 make it the full 32 characters.

Why do you think PHP is not the right choice?

In what way are you "querying external websites?" Are you scraping them? Accessing external databases? Accessing an API or RSS feed? In any case, PHP should work fine. You can use set_time_limit() to increase the script execution time.

Instead of trying to take in the entire script at once, break it down line by line. Do you understand what all of the code in the script does? You should be able to decide on your own which tutorials are crap. Sounds like you are trying to walk before you crawl.

Sure. Wordpress for example is procedural. Maybe not such a good example, because Wordpress is mad spaghetti code.

No, it doesn't. The first is "is there one row". The second is "is the amount of rows not equal to one". In other words, the amount of rows may be 0, or 274... as long is there isn't exactly one row, it will be true. If you want to know if NO rows are returned, you should do if(!mysqli_stmt_num_rows($stmt2)) or if(mysqli_stmt_num_rows($stmt2) == 0)

Sounds like file permission problems. Try running a "if (file_exists($strPathFileName))" and see if it returns true.

I'm not sure you understand what SQL injection is. You say this: And then you say this: If you are using prepared statements, then "a';DROP TABLE users;" is going to do absolutely nothing. It can in no way harm your database. Prepared statements process the query internally and make it completely safe for interaction with the database. No form of SQL injection will every do anything, because it is sanitized automatically. Aside from that, fighting SQL injection with regex is a bad idea. It is terribly inefficient and there are better ways to handle it (such as mysql_real_escape_string or prepared statements).