scootstah

I can find 100 Web Designers that disagree... Debbie Then you've found 100 people that don't know what they're talking about. For someone who is usually pretty well based, that is obnoxious. I know Web Designers that could do circles around anyone on this board, so to say they they don't know anything is crazy. But they can't send an HTML email? Boy, they sure seem qualified. I don't see how that is relevant at all. The ability to send an HTML email, like I said, is trivial. Whether it looks good or not is an entirely different matter.

Because you're still telling it to send as plaintext. Try this: $headers = "From: [email protected] <[email protected]\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; mail('[email protected]', 'Re: Website Error (' . date('Y-m-d g:i:sa', time()) . ')', $body, $headers);

I can find 100 Web Designers that disagree... Debbie Then you've found 100 people that don't know what they're talking about.

You can't use the mysql extension in conjunction with the mysqli extension. You need to do mysqli_insert_id($dbc);

Well, when you put it like that... I encourage people to add me on Skype or MSN or whatever. I think it's good to have friends and people to talk to in the industry. The ability to talk randomly about anything 1 to 1 is great, and may help spawn ideas or creative discussion.

I've always heard that creating HTML-generated e-mails is a nightmare and also a security risk. Then you've heard wrong. It's no harder than a regular email, you just have to specify the mime-type as HTML. Done.

You still need a mail server.

You could use HTML to make it prettier.

$_SERVER['REMOTE_ADDR'] is the IP of the client, not the server.

So what is it giving you?

Sure, but you'll probably be stuck reading documentation and other people's examples to learn. CodeIgniter's foundation is still based on old legacy code. It doesn't really take advantage of modern OOP practices. However, knowing the basics of OOP will still help make sense of what you're doing.

Why do quotes matter? As long as you escape it before interacting with the database you're fine.

If you need HTML, you need HTML. The only option is to either use a WYSIWYG or to possibly shorten syntax with something like BBCode, Wiki markup, or markdown.

Yes, that's correct. Although the syntax is not. For a dropdown box you'll have to check each individual option. Also, it should be 'selected="selected"' or 'checked="checked"'. Here's an example: <select name="dropdown"> <option value="1" <?php if($_POST['dropdown'] == 1) { echo 'selected="selected"'; } ?>>One</option> <option value="2" <?php if($_POST['dropdown'] == 2) { echo 'selected="selected"'; } ?>>Two</option> <option value="3" <?php if($_POST['dropdown'] == 3) { echo 'selected="selected"'; } ?>>Three</option> </select> <input type="checkbox" name="chk" <?php if(isset($_POST['chk'])) { echo 'checked="checked"'; } ?> /> You can use the ternary operator to make it a little cleaner. <select name="dropdown"> <option value="1" <?php echo $_POST['dropdown'] == 1 ? 'selected="selected" : ''; ?>>One</option> <option value="2" <?php echo $_POST['dropdown'] == 2 ? 'selected="selected" : ''; ?>>Two</option> <option value="3" <?php echo $_POST['dropdown'] == 3 ? 'selected="selected" : ''; ?>>Three</option> </select> <input type="checkbox" name="chk" <?php echo isset($_POST['chk']) ? 'checked="checked"' : ''; ?> /> Since AJAX doesn't refresh the page, you don't have to worry about it.

Please post the output of the query SHOW CREATE TABLE tbl_grades; You can run this in any MySQL client (such as the mysql CLI tool, phpMyAdmin, Workbench, etc). Also, I'm a little confused with your HTML markup. You have 5 checkboxes with different names yet you are using the array syntax in the name. What exactly are you trying to do?

How could that possibly be a security risk? You are returning exactly what they typed.

I've read that sentence 6 times and I still have no idea what you just said.

The reason strpos doesn't work is because your spiders are too generic. You have "Googlebot" but if the bot is actually "Googlebot/2.1" it's not going to match. The other way around, though, would match. So you're either going to need to put all of the actual bot names in your array, or using something like similar_text or levenshtein

I didn't watch the video but that sounds pretty far-fetched and ridiculous.

Try this if (in_array(strtolower($country), $my_countries)) { if (!in_array($agent_name, $allowed_spiders)) { header('Location: www.REDIRECT URL.com'); } exit; }

You need to have a mail server configured to send mail.

Hmm. For news I would go with an RSS feed. For the version, maybe just use cURL to ping a script with the version installed and then return the current version.

I'm not sure which point you are responding to, but it doesn't apply to either. Using SQL Injection commands I am able to make your database throw an error, although I wasn't able to actually force a log in. And I successfully exploited a CSRF vulnerability with the settings page in your admin panel, though it should apply everywhere as there is no CSRF protection. It doesn't matter if the user is not logged in, because that's not how CSRF works.

You don't need the quotes. Just do $con = mysql_connect($server,$username,$password);

This is why you break out the text editor, type some stuff in, and figure out on your own if it works or not. That's how you learn. All you are doing is comparing two dates. Why would that not work?