JonnoTheDev

Apache wont do this. The file path is at the top 'Index of /' You could write a file browser in php that will do this. Checkout the open_dir() function on php.net http://uk.php.net/manual/en/function.opendir.php

LINUX From your server command line as root: yum install php-mbstring Then restart: service httpd restart

Set max_execution_time in php.ini

Place this at the top of the script. set_time_limit(5); The script will run for 5 seconds and then terminate with your defined error.

Im not sure about FTP, how would you select a file from the local computer for PHP FTP to your webserver? Ive used FTP functions before but for sending files to a second webserver directly from the host webserver. Can you not override the timeout directive in a .htaccess file. Shared hosting is pants!

If the date record in your database is stored as a timestamp then you need to convert the user entered date into a timestamp. What is the format users will enter a date? d-m-Y or Y-m-d? Example if(isset($_GET["Date"])) { $date = strtotime($_GET["Date"]); $query.=" and time='" .$date.""; } If users are entering a date to search the database then the field type should be a date and not a unix timestamp. Not used sqllite does it have a FROM_UNIXTIME function that you could use?

convert the user date entry to a unix timestamp strtotime("2008-20-11");

Check your field names. <input type="text" name="Date"> if(isset($_GET["time"])) { $query.=" and time='" .$_GET["Time"].""; }

Nothing. Use headers in the target location: header('Last-Modified: ' . date('r')); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', FALSE); header('Pragma: no-cache');

You want to use in_array() really and split your items into array elements. The strstr() function will also find substrings so it would find Jazz in both 'Jazz' & 'Jazzy' that may cause a problem. Neither of these will tax a server, you are talking microseconds!

$lookingFor = "Jazz"; if(strstr($genres, $lookingFor)) { echo "Found: ".$lookingFor; } I would prefer to explode each item into an array as such (get rid of the quotes an leave the commas): $items = explode(",",$genres); $lookingFor = "Jazz"; if(in_array($lookingFor, $items)) { echo "Found: ".$lookingFor; }

Dont start with Object Orientated design like MVC if you are a newbie unless you are coming from another language like C++ or Java

Learn sessions.

Once you have a decent knowledge of PHP's functions I would recommend browsing through some of the free apps from somewhere like http://www.hotscripts.com/ Most apps will have features that you will use in your own projects such as user authentication, shopping carts, image manipulation, etc Download & start tearing the code apart to see how parts work and you will get a better understanding of how to implement in your own projects. You will always find nice functions and bits that you can re-use. I personally think that this is the best way to learn (after reading the books). Years ago I got a ton of help by ripping osCommerce to pieces http://www.oscommerce.com

Bigger flaw. The tag is still viewable in the html. A bot using CURL can easily read the html, extract the form fields and post straight back. Doesnt matter about javascript. Use a proper captcha image to stop bots. Not javascript or CSS, etc Get one from http://www.phpclasses.org

Use a CAPTCHA image on all contact forms. This should stop non human posts.

Not sure how this would really help. Just huge headings. Doesn't display what the methods, variables do, return etc. Access levels of methods, member variables are easily read with the public, protected, private syntax. Class commenting should look as follows: /** * Available frontends * * @var array $availableFrontends array of frontend name (string) */ public static $availableFrontends = array('Core', 'Output', 'Class', 'File', 'Function', 'Page'); /** * Factory * * @param string $frontend frontend name * @param string $backend backend name * @param array $frontendOptions associative array of options for the corresponding frontend constructor * @param array $backendOptions associative array of options for the corresponding backend constructor */ public static function factory($frontend, $backend, $frontendOptions = array(), $backendOptions = array()) {

$field is not an array

So you didn't write this application?

Are you not sending the user to another page to do the image upload? If not you should be. article-insert.php ============= $sql= "INSERT INTO $table (date, title, article) VALUES ('$a', '$b', '$c')"; mysql_query($sql,$con); // redirect user header("Location:upload.php?id=".mysql_insert_id()); exit(); upload.php ========== $databaseId = $_GET['id'];

Remove your error suppressing @'s on your functions i.e. fputs() fgets(). Add conditionals to error if the functions fail: if(!fputs()) { } Can you connect to your server through port 6667? Does your server name resolve correctly from the target chatterup.webhop.net? Is there a firewall in the way, etc. Some simple debugging, easy enough. Dont post as URGENT it wont do you any favors! As GingerRobot stated, you can pay people to investigate.

Get the id with mysql_insert_id() after the article is inserted. You can then use this in a URL param on your upload page. Store in a hidden form field and then use to update your article database record.

Strange way of doing it. When creating an article you should add the upload to the article creation form, that way you insert the article along with the image filename at the same time. To do it your way you either need to obtain the article id from a URL param, i.e. add image to article Or, if your upload comes directly after the article is inserted the id can be obtained using mysql_insert_id()

By reading the mail headers when opening the email. Im guessing you are using the fsockopen(), fputs(), fgets() functions to connect to your mail server and issue commands.

The number you use in the substr function needs to be dynamic. You could create a module in your CMS system to write to a file or save to a db table. This value would need to be read in and used in the string function.