cyberRobot

Using POST vs GET isn't going to matter much in terms of data tampering. GET variables may be easier to mess with since they're in the URL. But POST variables, while hidden during the transfer, can still be tampered with fairly easy. One way would be to just download your form's source code, modify it as needed, and hit the submit button.

@MrAdam - Ah, yes that does look much easier. Of course, they'll still need to use something like explode() to break apart the date contained in $mydate.

Actually, now that I think about the original question why have the visitor enter today's date at all? Couldn't you just add the date after the form is submitted? You could use the date() function (http://php.net/manual/en/function.date.php) in the script that processes the form: $todaysDate = date("Y-m-d");

If all you need is today's date, you could create a JavaScript function to get the date: function getTodaysDate() { //GET TODAY'S DATE var currentTime = new Date(); var month = currentTime.getMonth() + 1 var day = currentTime.getDate() var year = currentTime.getFullYear() var todaysDate = (year + '-' + month + '-' + day); //POPULATE THE FORM FIELD document.form.date.value = todaysDate; } Then just call the function using an anchor tag near the form field: <form name="form" action="#"> <input type="text" name="date" id="date" size = "25"/></label> <script type="text/javascript">document.write('<a href="#dateField" name="dateField" onclick="getTodaysDate();">Use Today\'s Date</a>');</script> </form> Note that if you wanted to use a solution like this, you'll need to look into padding the dates. http://www.electrictoolbox.com/pad-number-zeroes-javascript/

You could break apart the date with explode(): list($datePart_day, $datePart_month, $datePart_year) = explode('/', $mydate); Then just use the new variables in the query: $sql = "SELECT * FROM detail WHERE dob LIKE '%$datePart_month-$datePart_day'"; Of course you may need to do some checking to make sure month and day are valid. And make sure they are padded with zeros if needed.

Yep, good point. I was paying too much attension to the OP.

You should look into adding a unique ID column to your users table. Then instead of linking the two tables by the username, you would link them with the ID. This way if the username changes, you won't need to update multiple tables. Also, if you want to display the users in ascending order you might want to add a datetime column to your users database. I would also recommend that you look into encrypting or hashing the passwords.

If you don't use the quotes, the attribute value is considered everything up to the first space character

I would imagine the line of code would need to be: $page_id = isset($_POST['exclude']) ? $_POST['exclude'] : ''; ...or if you don't like the short-hand ifs if(isset($_POST['exclude'])) { $page_id = $_POST['exclude']; } else { $page_id = ''; } Note that I don't have an answer for the best-practices part, but I am curious what others have to say.

I know that the following lines of code can be used to prevent errors from being displayed: <?php error_reporting(0); ini_set('display_errors', 0); ?> Is there a reason to use one over the other? Is it better to use both?

Yep, I've used the $pageID method in the past. It worked well in the beginning, but as my websites evolved it became more of a maintenance issue.

Nope, $_SERVER['PHP_SELF'] would contain a different value. So your test would be: <li><a href="/" <?php if ($_SERVER['PHP_SELF'] == '/index.php') { echo 'class="active"'; } ?>>Home</a></li> <li><a href="/directory/" <?php if ($_SERVER['PHP_SELF'] == '/directory/index.php') { echo 'class="active"'; } ?>>Directory</a></li>

You could modify your original code using $_SERVER['PHP_SELF']: <li><a href="/" <?php if ($_SERVER['PHP_SELF'] == '/index.php') { echo 'class="active"'; } ?>>Home</a></li>

Yep, that whole article talks about the dangers of using $_SERVER['PHP_SELF'] in the action attribute of a form tag. It doesn't say anything about using PHP_SELF elsewhere. Using it to get the folder and filename for testing purposes should be just fine.

It can be when used with things like forms.

You could use $_SERVER['PHP_SELF']: http://www.php.net/manual/en/reserved.variables.server.php It gives you the folders and filename.

The redirect 301 needs to be formatted like: redirect 301 /old/old.php http://www.new.com/new.php So changing your redirect to the following should work: redirect 301 / http://www.website.com/ As long as your server supports .htaccess files and it's uploaded to the proper folder.

You could use substr() to to get the desired length of the string, then just add the "...more" link afterwards. http://php.net/manual/en/function.substr.php

Let's say that miiiiike wants to use WordPress, well signing up at WordPress.com might be enough. But if he/she wants to show off the code without having to worry about WordPress interfering, he/she could host with an organization that allows you to install WordPress. Then WordPress could be used as the main website and he/she still has the capabilities to create another website to show off the examples.

Note that I haven't spent too much time looking through the original code. And to be honest, I don't have a lot of time to look now. With that said, you shouldn't need to add the group permissions to the Session. You only need enough information in the session to connect to the database where the permissions are stored.

Since "provincias" is coming from a form set to method="post", you would use $_POST.

You could also consider hosting a website with someone like Dreamhost. They allow you to maintain a "regular" website and a WordPress, Drupal, etc. website under the same account.

You're missing the end quote in the echo statement: <?php if ($permission == 'admin') { echo "<a href=\"/admin.php\">Admin</a>"; } ?> Note that you could clean up the code by using single quotes...as long as you don't need variables inside the string: <?php if ($permission == 'admin') { echo '<a href="/admin.php">Admin</a>'; } ?>

When testing the basic code, it seems to work for me. What happens when you echo out $laprov in the second form; was the value passed? ... <?php include ("localidades.php"); $laprov=$_POST['provincias']; echo $laprov; ?> ...

You're right; I could have sworn it was required. Personally, I find leaving out the AS keyword a little confusing. But then again, I'm not a fan of table aliases.