cyberRobot

Are you talking about removing cookies set by other website (Google, Yahoo, etc.) or just the ones set by your own?

Will not stop the massive SPAM I don't think that will stop any spam, that code is meant to help prevent SQL injections.

FYI, this isn't an SQL injection attack. This sounds like plain old comment spam. There are several techniques you can use to limit the amount of spam you get. For more information on some of the techniques, check out: http://webaim.org/blog/spam_free_accessible_forms/

Are you hosting the website with a company? If so, do they have an admin panel? They may have an option to create a sub-domain there.

I'm not sure what the above echo statement is doing, but it seems like all you should need to do is a somewhat simple date comparison. You could try to do something like this: //ARRAY OF DATES USED TO TEST DATE COMPARISON $dateArray = array('2010-05-14', '2000-11-02', '2010-04-15', '2010-06-15', '2010-05-10', '2010-05-01', '2010-04-30', '2010-04-29'); //GET CURRENT DATE INFORMATION $currentYear = date('Y'); $currentMonth = date('m'); $currentDay = date('d'); //GET DATE USED TO DETERMINE IF AN ENTRY SHOULD BE STYLED $oldDate = mktime(0, 0, 0, $currentMonth, $currentDay-14, $currentYear); //subtract 14 days from the current date $oldDate = date('Y-m-d', $oldDate); //LOOP THROUGH THE ARRAY OF DATES foreach($dateArray as $dateToTest) { if($dateToTest < $oldDate) { echo "<p>$dateToTest needs to be styled; it's more than 14 days old.</p>"; } else { echo "<p>$dateToTest doesn't need to be styled.</p>"; } } Note that all of your dates will need to be formated as YYYY-MM-DD for this to work.

Those variables are likely to have come from a tutorial on connecting to a MySQL database. I've seen a lot of scripts which declare their variables first: $hostname = "test.net"; $username = "test"; $password = "test"; Then, use the variables to connect to the database: $con = mysql_connect($hostname, $username, $password); This is my preferred method also since it makes the code a little cleaner. Therefore easier to maintain.

Everything appears to be working great. I have however found that the solution doesn't work if the method attribute is set to 'get'.

Yep, just click the button that has the # on it or . Both will place the selected code into a box that looks different from the rest of the message.

Yep, the action attribute is required to be valid XHTML.

Awesome, thanks andrewgauger and Mchl! That makes the process so much simplier...now I don't need add variables everywhere.

@liamloveslearning Are you familiar with JavaScript? If so, you should be able to do something like this: <form name="myForm"> <label for="intraartapproval">Art Appr. Date</label> <input type="text" name="intraartapproval" id="intraartapproval" size="32" onchange="myForm.intraestimatedinstall.value = Number(this.value) + 14;" /><br /> <label for="intraestimatedinstall">Est. Install</label> <input type="text" name="intraestimatedinstall" id="intraestimatedinstall" size="32" /> </form> Note that the above code only works with integers. You'll need to modify the code to work with dates. It looks like it may be a little bit of work, but you should be able to use some of the JavaScript functions found here: http://www.elated.com/articles/working-with-dates/

I'm not sure what you mean? Are you asking why I'm using single quotes around the action attribute value (action='$redirect') instead of double quotes (action="$redirect")? If so, I'm using single quotes because I'm already using double quotes around the entire <form> tag: echo "<form method='post' name='form' action='$redirect'>"; I could use double quotes again, but I would need to escape them: echo "<form method='post' name='form' action=\"$redirect\">";

Is there anything I need to be careful of with using REQUEST_URI? I'm updating a login script so that it works with URLs that contain variables. What I want to do is create a variable: $redirect = $_SERVER['REQUEST_URI']; Then for the part which displays the login form as needed, I'll add the following code: if($redirect != '') { echo "<form method='post' name='form' action='$redirect'>"; } else { echo "<form method='post' name='form' action='$_SERVER[php_SELF]'>"; } //...display the rest of the form Basically the $redirect variable will only be created for pages that require someone to be logged in before they can view the page content. Also, the GET variables will be sanitized as needed after they log in.

Is there a reason why you need to redirect to the thank you page? I usually prefer to have the thank you message in the same script. . . . if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } //SEND E-MAIL MESSAGE TO USER AND WEBMASTER /* add code to send message here */ //DISPLAY THANK YOU MESSAGE echo "<p>Thanks, your information has been added to the database.</p>"; mysql_close($con) ?> </body> </html>

The header function needs to be called before anything is printed to the screen.

I have the same problem with one of my scripts. I haven't gotten around to coding any kind of solution, but here is what I plan to do. Run a quick test against the database for exact duplicates (first name, last name, username, etc.) If a record is found, do nothing Else, add the new record

A simple solution to at least highlight the code would be: <form> <textarea name="code" onfocus="this.select();"> <?php echo '<html>'; echo '<body>'; echo '<p>Hello World</p>'; echo '<body>'; echo '</html>'; ?> </textarea> </form> Of course this solution doesn't do the copy part. I would need to brush up on my JavaScript to figure that out.

<form> <textarea name="code"> <?php echo '<html>'; echo '<body>'; echo '<p>Hello World</p>'; echo '<body>'; echo '</html>'; ?> </textarea> </form>

Awesome, using an array is so much cleaner than the if version! Thanks

Is there an alternative form of the if statement that I can use for validation? What I want to do is to shorten code that looks like this: if($memType!='Regular' && $memType!='Student' && $memType!='Retired') { //invalid membership type, display error } Is there any way to rewrite the if statement so that I don't need to repeat $memType? In the past, I've used a switch statement: switch($memType) { case 'Regular': case 'Student': case 'Retired': //do nothing default: //invalid membership type, display error } ...but I feel a little weird using switch for this scenario. I would also like to avoid using regular expressions since that seems like overkill.

Another quick question. Did you post the entire script? If not, it would be helpful to see all the code.

This might seem like a silly question, but is the e-mail that is sent to admin@nexus.com being forwarded to you twice? For example, my web host allows me to create "Forward-Only" e-mail addresses. Any e-mail sent to that address can then be forwarded to any number of addresses. Maybe the address you're forwarding to is listed twice.

It looks like you forgot to pass the data of birth field to the preg_match() function. If you change this: // check to see if the date of birth is in the correct format if (!preg_match('/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/', 'Date_of_Birth')) { $error['DOB_Invalid'] = 'Your date of birth is invalid. Please enter a valid date of birth.'; } To this: if(!preg_match('/^[0-9]{4}-(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])$/', $_POST['Date_of_Birth'])) { $error['DOB_Invalid'] = 'Your date of birth is invalid. Please enter a valid date of birth.'; } It should work. The same thing goes for the code that tests the phone number. Also, you should update your error text to match what you're asking for: // check to see if the user supplied a date of birth if (empty($_POST['Date_of_Birth'])) { $error['Date_of_Birth'] = 'Please enter your date of birth in the format of mm/dd/yyyy.'; } The "mm/dd/yyyy" should be changed to "yyyy-mm-dd".

Then you're probably going to want to store the list of friends in a variable and display it later. Try this: //INITIALIZE VARIABLE TO STORE LIST OF FRIENDS $listOfFriends = ''; //GET THE LIST OF FRIENDS $query = "SELECT * FROM friends WHERE username='$session->username'"; $result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result)) { //FIGURE OUT IF THE CURRENT FRIEND IS ONLINE $query2 = "SELECT * FROM available_users WHERE username='$row[friendname]'"; $result2 = mysql_query($query2) or die(mysql_error()); //IF THE CURRENT FRIEND IS ONLINE, SHOW CHAT LINK if($row2 = mysql_fetch_array($result2)) { //MAKE SURE THE AVATAR VARIABLE IS BLANK $avatar = ''; //GET CURRENT FRIEND'S AVATAR $query3 = "SELECT avatar FROM users WHERE username='$row[friendname]'"; $result3 = mysql_query($query3) or die(mysql_error()); if($row3 = mysql_fetch_array($result3)) { $avatar = $row3['avatar']; } //SHOW CHAT LINK $listOfFriends .= "<a href=\"javascript:void(0)\" onClick=\"javascript:chatWith('$row2[username]')\">"; if($avatar != '') { $listOfFriends .= "<img src='$avatar'>"; } else { $listOfFriends .= "<img src='no_image.png'>"; } $listOfFriends .= "Chat With $row2[username]</a><br></br>"; } } //DISPLAY THE LIST OF FRIENDS if($listOfFriends != '') { echo "You have " . mysql_num_rows($result2) . " friend/s online<br>"; echo $listOfFriends; }

The code below has been modified to address the issue of a blank avatar. //GET THE LIST OF FRIENDS $query = "SELECT * FROM friends WHERE username='$session->username'"; $result = mysql_query($query) or die(mysql_error()); while($row = mysql_fetch_array($result)) { //FIGURE OUT IF THE CURRENT FRIEND IS ONLINE $query2 = "SELECT * FROM available_users WHERE username='$row[friendname]'"; $result2 = mysql_query($query2) or die(mysql_error()); //IF THE CURRENT FRIEND IS ONLINE, SHOW CHAT LINK if($row2 = mysql_fetch_array($result2)) { //MAKE SURE THE AVATAR VARIABLE IS BLANK $avatar = ''; //GET CURRENT FRIEND'S AVATAR $query3 = "SELECT avatar FROM users WHERE username='$row[friendname]'"; $result3 = mysql_query($query3) or die(mysql_error()); if($row3 = mysql_fetch_array($result3)) { $avatar = $row3['avatar']; } //SHOW CHAT LINK echo "<a href=\"javascript:void(0)\" onClick=\"javascript:chatWith('$row2[username]')\">"; if($avatar != '') { echo "<img src='$avatar'>"; } else { echo "<img src='no_image.png'>"; } echo "Chat With $row2[username]</a><br></br>"; } }