Irate

You would have to use <form> elements to handle user input if you do not want to use JavaScript.

You could also set up a 403 Forbidden Error with your .htaccess or httpd.conf if you have access to those.

Basically, if you use the assignment operator =, the left-hand argument and the right-hand argument are evaluated, right is assigned to left and the boolean true is returned. So, checking if( $a = 5 ) { ... } is the same as checking if( true ) { ... } which is always run by PHP. The two equality operators (== and ===) compare the arguments for, well, equality and return true or false, based on the comparison. You should use the strict equality operator === over the normal equality operator ==, because the normal equality operator will attempt type conversion. Checking if( "" == false ) { ... } would have the statement become true, so the code will be run, whereas checking if( "" === false ) { ... } will not have the code being run, as no type conversion is performed. Hope this helped a bit.

To make sure, you are going to run this on your own server and do not plan to do XSS, right? Yeah, you better. Check JavaScript to write some code for that, otherwise just don't include them in your document.

Regular expressions are particularly useful for matching patterns, where a normal string function would utterly fail, whereas simple tests for words you already know you want to search for, strpos is the way to go.

You want to clear the textarea value only? Use the .value property to get the value from the textarea, save it into a variable and then empty the .value property, then do with the variable whatever you need (sending it to a PHP script or whatever else you need).

First of all, JavaScript is case-sensitive. .GetElementById is not the same as .getElementById, and there is no DOM method named .hide, either. You can change CSS styles with the .style property, for example, this hides the first textarea in the document: document.getElementsByTagName("textarea")[0].style.display = "none";

Just that validate() returns undefined if a match was not found. Have it return true to continue form submission.

You can add ?beta=1 to the URL to change to the new design, too.

Also, it is a bad habit to break variable scope by declaring "xmlhttp" without using the var keyword in JavaScript. And, to make things even easier, I recommend that everyone has jQuery on their server when using Ajax requests. It's easier. A lot easier.

htmlspecialchars does what the name suggests, it converts HTML control characters (<, >, ', ") into their HTML4 entities... which are generally universally supported if you display them. But, as requinix hinted above, why would you escape HTML control characters if you actually want to use HTML? Oh, by the way, <font> is deprecated. Don't use it.

I can only agree to Psycho there as JavaScript (the mainly web-based programming language, though they are quite many uses for it outside of the web which also are very nice to work with) was the language I learned the first and ever since, I've been, well, kept captivated by it. It's the language I know most about and in which I enjoy programming in. Or scripting, but that aside. PHP is quite a step from JavaScript, but you can quite fairly learn that in little time. Their syntax is pretty much equal besides from variable declaration and from classes and objects, as well as accessing properties or methods of objects.

Query strings are far from awesome as some serious abuse can happen through them if they're not properly handled, e.g. if register_globals is not disabled (in older PHP versions, this is the case), but there can be some even more serious abuse through other exploits.

parse_url(__FILE__) should do the job.

kicken, I mentioned Comet above, in response to the last point you quoted That does quite reduce the unnecessary Ajax requests to a minimum. All it requires is an open connection on the client side.

For the chat thingy, there's also something called Comet. It's basically reverse Ajax.

Right, sorry for not being able to help you there, then. My mobile phone's very limited when it comes to active developing.

file_get_contents does the job, too.

You can always run microtime() to get the starting time of your script and ending time of the script.

Only if you get an error in your try block. Use a finally { exit; } block.

Your script is vulnerable to SQL injections, always escape user data.

<?php $xml = simplexml_load_file("path/to/file/file.xml"); $res = $xml::xpath("//SONGTITLE"); echo "<pre>"; print_r($res); echo "</pre>"; ?> Try that.

Nicely countered.

Lovely, seeing old threads like this getting necrobumped out of nowhere.

You can try to use ActionScript for Flash videos, but that's a different topic.