JonnoTheDev

I would do a system restore from a point prior to when you had an issue. You could have malware, a virus, or some kind of trojan. My laptop got infected recently with some crap that posed as windows security center, basically screwing up all web browsers on the machine. This happened even with anti-virus, internet security in place. I am not an IE user, however I will say that 9 is a massive improvement over the last bunch. If I had to use it I don't think I would be begrudged. The IE argument is old & lame now!

My god 'goto' is back. I can print my name infinately on the screen again with 2 lines of code. They must have brought it back for when you are working on this new baby: http://www.crunchgear.com/2011/04/05/modernized-commodore-64-pc-will-confuse-co-workers/

<?php $user_info = array('id' => 1, 'username' => 2); /* convert to a string */ $user_info = implode('&', $user_info); echo 'String: '.$user_info.'<br />'; /* convert from a string to an array */ $user_info = explode('&', $user_info); echo 'Array:<br /><pre>'; print_r($user_info); echo '</pre>'; ?>

This is not a bug. This is supposed to happen. By using $GLOBALS you reference any variables you create a key for in the global scope! You should use caution with global variables as you are experiencing the issues now. I avoid like the plague or use very scarcely such as a database connection handle that is required in a function i.e function foobar() { global $db; } Read the PHP manual http://php.net/manual/en/reserved.variables.globals.php Global variables are dangerous!

Never heard of that one. To be honest I would steer clear of flash unless you use it for advertising. Javascript/AJAX, Captcha, email validation is enough to stop (well make it difficult for) a bot unless it is a desktop application, and since yours is a niche site and not a script that will be installed on thousands of domains I'm guessing nobody will build an app to crack yours. However as you have it now, I could construct a bot in 5 minutes to start posting all kinds of links on your site. An example of what to expect: http://www.smash-up.com

I think you mean when the website is live, not the server. If you are on a shared host it is usually not possible to modify the php.ini file. If you have various websites on your shared host you can control error reporting and the output of errors/warnings to logs and or the screen via a .htaccess file for each individual site. For a live site you should have the display_errors flag to off. A development site on the same server you should have it set to on. On a dedicated server I would set the main php.ini file to not output errors or warnings and as with the shared host control the error output via .htaccess for each website on the server.

not allowed!

A simple bot could perform that task, however it may deter. A site like yours will have to be heavily moderated. If you look at similar sites using the likes of Pligg, PHP Dug, Scuttle they get spammed to death. The sites that use the likes of ReCaptcha don't so much, however there are some tools, desktop apps that can get through. Do what you can & see how it goes.

You are going about this in the correct fashion. A couple of points. 1. A session can be lost when a user closes their web browser, re-opens and then goes back to the same page meaning they will have to re-login. One way to combat this is to set a cookie aswell as session data when a user logs in. If the session is lost after a browser close, the cookie isn't and this can be used to regenerate the session data. 2. When using sessions or cookies it is nice to add some security such as a hashed encryption string in with the session/cookie data. You have just used the customers ID. If you were to store that in a cookie then it could easily be stolen, so, when a user logs in an you test their username/password, if it is correct make a hash of something and store it in the users database table. When they log out destroy it from the database, after a period of inactivity destroy it also. Then on every page where a cookie or session is needed you can test the hash value against the customers ID and the hash stored in the database i.e. /* login successful */ $_SESSION['customer_id'] = $customer_id; $_SESSION['customer_hash'] = md5($_SESSION['customer_name'].time()); /* store the hash */ mysql_query("UPDATE customers SET customer_hash='".$_SESSION['customer_hash']."' WHERE customer_id='".$customer_id."'"); /* redirect */ header('location:/my_videos.php'); exit(); On pages where you need to check the session is valid if(isset($_SESSION['customer_id']) && strlen($_SESSION['customer_hash'])) { $result = mysql_query("SELECT customers_id FROM customers WHERE customer_hash='".$_SESSION['customer_hash']."' AND customer_id='".$_SESSION['customer_id']."'"); if(mysql_num_rows($result)) { header('location:/my_videos.php'); exit(); } /* session data is not valid */ header('location:/login.php'); exit(); } 3. Always use the exit() function after any header redirect as in the above examples.

Actually, that would be the first thing that you should do, including setting up any databases on your webhost. Any problems that you have after you have got your site uploaded and changed your database connection settings (if you have any) you can tackle at that stage with help here. There is no guide as such as there are many different server environments, server configurations, php configurations, etc. For example, a dedicated server differs greatly from a shared hosting server. If you are a competent coder then you should be creating scripts/websites that can be deployed in any or most php environments. Server paths & filename shouldn't really be hard coded into scripts, and if they are should all be placed in a single configuration php file that you can ammend if you migrate your website. There are php variables and functions that can be used to set & get path & file values dynamically i.e /* abs path to the website document root */ $_SERVER['document_root']; /* abs path to the directory where this file resides */ dirname(__FILE__); /* the name of the current file */ basename(__FILE__); Look these up in the PHP manual.

Because $_GET['id'] does not exist. You should check for it such as <?php mysql_connect("localhost", "root", "") or die ("connot conect to server"); mysql_select_db("test_take_two") or die("connot select to database"); //get value of id that sent from address bar if(!isset($_GET['id'])) { echo "ERROR: no id"; exit(); } $id=$_GET['id']; //Delete data in myssql from row that has this id $sql = "DELETE FROM test_mysql WHERE id='$id'"; $result=mysql_query($sql); // If successfully deleted if($result){ echo "Deleted Successfully"; echo "<br>"; echo "<a href='delete.php'>Back to main page</a>"; } else{ echo "ERROR"; } // CLOSE CONNECTION mysql_close(); ?> Becase of the level of error reporting set in your PHP configuration, you will get that error whenever a variable hasn't been defined prior to it's use i.e /* sample1.php the following will produce a warning error */ echo "My name is: ".$name; /* sample2.php the following will NOT produce a warning error */ $name = "Neil"; echo "My name is: ".$name;

The answer to your original post cannot be put any better than Nightslyr's response As you have stated yourself, JS is a client side language i.e it is executed by your web browser. PHP isn't, therefore 90% of the examples on the following page cannot be done with PHP: http://www.noupe.com/jquery/50-amazing-jquery-examples-part1.html

At least a captcha (you have a link to one in your footer). I would probably use ReCaptcha. A Javascript salt value, maybe http://plugins.jquery.com/project/sha1.

That's a bit long winded code. I would have done this with select lists. Here's my version: index.php <?php function time_counter($max, $step = 1) { for($x = 0; $x <= $max; $x++) { if(!($x%$step)) { $array[] = (strlen($x) == 1) ? str_pad($x,2,'0',STR_PAD_LEFT) : $x; } } return $array; } $hours = time_counter(23); $mins_and_secs = time_counter(59); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Test</title> <style type="text/css"> body, select { font-family: verdana; font-size: 12px; } </style> <script type="text/javascript" src="http://code.jquery.com/jquery-latest.js"></script> <script type="text/javascript"> $(document).ready(function() { $('select').change(function() { timediff(); }); function timediff() { var required = 6; var selected = 0 $('select option:selected').each(function() { if($(this).text()) { selected++; } }); if(selected == required) { start = $('#starthr option:selected').text()+':'+$('#startmin option:selected').text()+':'+$('#startsec option:selected').text(); end = $('#endhr option:selected').text()+':'+$('#endmin option:selected').text()+':'+$('#endsec option:selected').text(); /* call the php function */ ajax_url = 'test.php?action=calculate&start='+start+'&end='+end; $('div#output').load(ajax_url); } } }); </script> </head> <body> <div id="options"> <p>start time: <select name="starthr" id="starthr"> <option value=""></option> <?php foreach($hours as $hour) { ?><option value="<?php print $hour; ?>"><?php print $hour; ?></option><?php } ?> </select> : <select name="startmin" id="startmin"> <option value=""></option> <?php foreach($mins_and_secs as $min) { ?><option value="<?php print $min; ?>"><?php print $min; ?></option><?php } ?> </select> : <select name="startsec" id="startsec"> <option value=""></option> <?php foreach($mins_and_secs as $sec) { ?><option value="<?php print $sec; ?>"><?php print $sec; ?></option><?php } ?> </select> end time: <select name="endhr" id="endhr"> <option value=""></option> <?php foreach($hours as $hour) { ?><option value="<?php print $hour; ?>"><?php print $hour; ?></option><?php } ?> </select> : <select name="endmin" id="endmin"> <option value=""></option> <?php foreach($mins_and_secs as $min) { ?><option value="<?php print $min; ?>"><?php print $min; ?></option><?php } ?> </select> : <select name="endsec" id="endsec"> <option value=""></option> <?php foreach($mins_and_secs as $sec) { ?><option value="<?php print $sec; ?>"><?php print $sec; ?></option><?php } ?> </select> </p> </div> <div id="output"></div> </body> </html> test.php <?php function time_diff($start, $end) { $start = strtotime($start); $end = strtotime($end); $diff = $end - $start; return $diff; } if(isset($_GET['action']) && $_GET['action'] == 'calculate') { print 'The difference in seconds between the two times is: '.time_diff($_GET['start'], $_GET['end']); } ?>

My god. I would definately get some security in on your register, login & post link forms. This will be a goldmine for backlink spammers.

Ewww... goto! and 'gosub', what about that one

yes, good boy! there is no echof() is there! Get your vote on then at the top of the page.

That means you have not set a root password. You better get that done quick.

ok, I thought I would be the only 'print'er i'm from the generation where 10 print "This gets printed on the screen" 20 print "echo, echo, echo" 30 goto 20

you are correct. you must test every parameter and its value is valid. you can mod-rewrite your urls to hide the parameter names i.e foobar.php?pid=1&eid=2&name=neil could be rewritten as /foobar/1/2/neil

OK thats fair, never thought of that. However, for clarity, I would write that statement with either print or echo as: print 'some text ' . (isset($var) ? 'set' : 'not set') . ' more text'; Come on.. lol

Out of interest I would like to know what the members of this board prefer to use in their php. I do not want posts on the differences between print & echo because I already know all that. I use 'print' because it does what it says on the tin. It prints something to the screen. Echo is something that happens when you shout in a cave! I think I can predict that 'echo' will come out on top, but it's interesting to find out why.

No! TOR can act as a client or a server on the machine you install it on. Since you are using it for scripts on your webserver why would it be installed on your desktop machine? Just because the machine is a web server does not mean that it is not just a pc. Server is just a term. No, they are bits of software that you must install on your linux machine along with TOR. They are required for what you are trying to do. I don't think you fully understand what the bits of software do from my explanation. Why not do some Googling or read Wikipedia. Here is an in-depth explanation regarding TOR. It also includes details of Polipo & Privoxy. http://en.wikipedia.org/wiki/Tor_(anonymity_network) If the cost outweighs the benefit then I am a bit unsure why you would do this work? Would you not factor the cost into the job? I'm guessing you are getting paid for this work. I would not say that proxy IP address are expensive. Have you spent the time to find good deals? If you are doing this work for your own development or for free then use free proxies. Just Google & you will find thousands!

Absolutely. That is garbage.

An error! Find out from your webhost how to display php errors. Usually a .htaccess will do the trick with php_flag display_errors on