JonnoTheDev

No the zip codes are placed in the zip table. You dont want duplicate records! zips -------- zip_id zip So: 1 | 123456 2 | 456543 The companies are stored in their own table: companies ---------- company_id name So: 1 | Company 1 2 | Company 2 The zip codes that belong to a company are stored in zip_to_company: zip_to_company --------------- id (auto-incremental) company_id zip_id So: 1 | 1 | 1 2 | 1 | 2 In the above example Company 1 can be found from 2 zip codes (zip_id 1 and zip_id 2) Is this what you are after?

This isnt done with PHP code. It is achieved through a database query. The zip code used in the query may come from a form submission if users want to find companies from zip codes. Im guessing you are a database novice. Think about it. If you were to store all zip codes in the company table in a string i.e. comapny1 | zip1,zip2,zip3 company2 | zip3,zip75 Then you are going to have to select every record from the companies table, explode all the zip codes and then find matching records. If the zips are stored in their own table then you are only searching for 1 record and it relates to the zip_to_company table that relates to the companies table giving you all the companies under 1 zip code. You may need to do some research on relational database design.

But that is a private IP. Which means that if you access this externally you must be connected via a VPN hence on the same IP range. What is wrong with localhost? It is just a DNS name for the loopback address 127.0.0.1 meaning mysql is on the same machine as the webserver. Surely it works. The normal method would be to add a public IP address to the server and point a domain name at it. http://www.yourdomain.com/phpmyadmin Place a .htaccess file in the document root for the phpmyadmin application to secure it

This will not find uppercase characters. You can either convert the string to lowercase or adjust the regex: ([A-Za-z ]+) You may also need to include extra characters as names may appear like John O'Reilly

You should add another table for zips to companies zip_codes ---------- zip_id zip companies ----------- company_id name zip_to_company --------------- id zip_id company_id This allows 1 company to have many zip codes (1 to many relationship)

I though you wanted it to remain as an IP address rather than domain name $cfg['PmaAbsoluteUri'] = 'http://192.168.1.130/phpmyadmin';

A bit like sniffing packets from POST, GET requests, OK. I suppose it depends on what an attacker could actually get at then to determine if I wanted to use an SSL cert. Logging in to a site that allows you to upload photos to a gallery probably wouldnt be worth it but logging in to a site to get access to payment info, invoices, etc probably would. Is session hijacking a common practice or is it just larger systems that people go after or dependent on what a hacker can get at?

Ive done some research on session hijacking as customers who I am working for are asking more and more about the security of their sites. The standard security measures are always implemented i.e. prevent bad input data from requests, url manipulation, sql injection, etc, but this topic seems to be a bit of a grey area as I am not sure how this is actually tested for. Lets say we have a login to a protected area of a website. Once the user logs in successfully, a session is set that may contain a user object. The object variables contain user data say firstname, lastname, etc making it easy to extract this data on each of the protected pages. Most times I will use a database session handler for user tracking purposes. My question is, how exactly does someone hijack active sessions and is this something to be concerned about?

Depends on the target country of the website. In the UK we use dd-mm-yyyy. You could have dynamic date formatting dependent on the users location.

Do you mean the directory is protected with .htaccess? If so try: CURLOPT_USERPWD format: "[username]:[password]"

Dont understand what you mean. That is part of the phpmyadmin package.

The default permissions for mkdir() are 0777 but this is not always (usually) the case. Its a wierd one but chmod() should allow you to change the permissions. You could also create directories using exec() exec("mkdir /path/folder"); exec("chmod -R 777 /path/folder");

Check out the chmod() function

You need to use 0777 instead of 777 in your mkdir() function

You can use any method as long as a flag is set to identify the mode you are in. Personally I would forget about using a session an use URL parameters ie: form.php?action=create form.php?action=edit&userId=5 You can use the action value and userId value within hidden fields in the form to retain the mode you are in an the user record you are editing

These lines should follow the 301: curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); Is this webpage using a proper 301 redirect or just displaying a link to click?

Whilst running this use the 'top' command on your server to check the CPU usage. If it is maxed then the server is struggling to do anything else. You may need to increase the memory allowance.

There should be a line to modify: $cfg['PmaAbsoluteUri'] = 'http://www.mydomain.com/phpmyadmin/';

This is incorrect you need a joining table between your tags and blogs for normalisation so: blogs ------- blog_id title body tags ------- tag_id tag blogs_to_tags -------------- id tag_id blog_id So in the blogs_to_tags table you would have records like: 1 5 7 2 1 7 3 9 7 blog_id 7 contains the tags 5,1, and 9

$cfg['Servers'][$i]['host'] = 'localhost';

you need to select a count from you database table something like: SELECT COUNT(t.tagId) AS tagCount, c.categoryName FROM tags t, categories c WHERE t.tagId=c.tagId GROUP BY c.categoryId ORDER BY c.categoryName ASC Would give you i.e.: categoryName (3) in my fictitious database

I think your after permutations rather than combinations. Take a look at: http://www.php.happycodings.com/Algorithms/code21.html

Set the address in the config.inc.php file in phpmyadmin

using CURL

You are adding the seconds in as 00 yourself: