JonnoTheDev

You need the mbstring extension compiled into php for this to work. Are you on a shared server or is this your own? Windows or Linux?

You cannot pass & through the url as a string as it is a parameter separator. You should encode the string with urlencode() and then decode with urldecode(). <a href="xyz.php?name=".urlencode($name).""> // receiving page print urldecode($_GET['name']);

How is the bot connecting? If its via fsockopen() then you can specify the timeout as a parameter. You may also need to look at stream_set_timeout(). It's possible that your router could be dropping the connection or possibly firewall.

Try this on the variable that contains the text $report = mb_convert_encoding($report, "ISO-8859-1", "auto"); echo $report; I bet its characters that are copied and pasted from microsoft word.

With a loop while ($row = mysql_fetch_assoc($query)) { }

Do you have any php knowledge? Remember even if you do manage to switch your CAPTCHA you will still have bogus accounts in your database. Your gonna have to get rid of them yourself. I would redirect the register page until you have it sorted.

No no no. OpenSSL is an application for doing things like generating key files and CSR files. This has absolutely nothing to do with php. If you want to use funtions such as openssl_get_publickey() then you must compile php with the correct modules. You will see what modules are loaded by creating a phpinfo() file. Here: http://uk.php.net/manual/en/openssl.installation.php

No, your issue is different. Im guessing your just after if the query returns 0 rows. Here's how: if(!mysql_num_rows($query)) { echo ("no data on your query"); } else { while($row = mysql_fetch_assoc($query)) { } }

Use an anchor link i.e. http://www.xyz.com/page.php#bottom At the bottom of the page <a name="bottom"></a>

I'm guessing that your CAPTCHA has been cracked from other sites using the same. This is probably what bots are grabbing to determine the code: <input type="hidden" name="confirm_id" value="84e282bd402018086a2c26c0575e3621" /> Switch to another captcha and I bet it stops. I wouldn't use any CAPTCHA that comes with PHPBB as the code is open source. http://recaptcha.net/

Your php version must be compiled without it. Recompile with --with-openssl[=DIR]

What is your URL?

Then use the method I have shown you above. This is easy enough.

Yes using one loop not 3. You must make sure that all arrays are of the same size for($x = 0; $x < count($_POST['fname']); $x++) { mysql_query("INSERT INTO table SET fname='".mysql_real_escape_string($_POST['fname'][$x])."', lname='".mysql_real_escape_string($_POST['lname'][$x])."', position='".mysql_real_escape_string($_POST['position'][$x])."'"); }

http://www.phpfreaks.com/forums/index.php/topic,242542.msg1132236.html#msg1132236

http://www.phpunit.de/manual/current/en/installation.html This may help http://jsdoodnauth.wordpress.com/2008/11/05/installing-wamp-and-phpunit-on-windows/

The manual tells you how. You need PEAR.

You could store the results of 1 query into an array and then use the in_array function. Heres an example. $query1 = mysql_query("SELECT * FROM table1 WHERE field1='xyz'"); $temp = array(); while($row = mysql_fetch_assoc($query1)) { $temp[] = $row['title']; } $query2 = mysql_query("SELECT * FROM table2 WHERE field1='abc'"); while($row = mysql_fetch_assoc($query2)) { if(!in_array($row['title'], $temp)) { print $row['title']."<br />\n"; } } Ideally I would only use 1 query and rewrite it so I only return the results I require. However in your case I do not know your database design so this is a dirty method.

Why are you mixing the way you are writing queries? This is bad code embedding functions that can return incorrect values $row2 =mysql_fetch_array(mysql_query("SELECT * FROM `permissions` WHERE userID = '$user_id'")); Better $query = mysql_query("SELECT * FROM permissions WHERE userID = '".mysql_real_escape_string($user_id)."'"); $row2 = mysql_fetch_array($query); Here also you have decided to use sprintf, why? $query = sprintf("SELECT name FROM folders WHERE id='%s'", mysql_real_escape_string($folderID)); Again stick to a standard: $query = mysql_query("SELECT name FROM folders WHERE id='".mysql_real_escape_string($row2['folderID'])."'"); while ($row = mysql_fetch_assoc($query)) { } I'm guessing you are copying and pasting code from a variety of sources

Doesn't! Which loop, you have a few. Can't see an include within a loop.

The fact that you have used AJAX meaning all pages are on the same URL means that your site has 0 change of being indexed by a search engine. Also there is no way for a user to bookmark an individual page.

This is not a case for OOP. However you could create a validation object. You would have to assign the input and the test you wish to run. i.e. class validate { private $data; public $errors; public function __construct($data) { $this->data = $data; $this->errors = array(); $this->processData(); } private function processData() { // loop through data and run each test } private function testNumeric() { } private function testEmpty() { } } $data = array(array($_POST['firstname'],'empty'), array($_POST['age'],'numeric')); $validation = new validate($data); if(count($validation->errors)) { // display errors }

yes you will. the following works (from php.net) <?php if( !function_exists('memory_get_usage') ) { function memory_get_usage() { if ( substr(PHP_OS,0,3) == 'WIN') { if ( substr( PHP_OS, 0, 3 ) == 'WIN' ) { $output = array(); exec( 'tasklist /FI "PID eq ' . getmypid() . '" /FO LIST', $output ); return preg_replace( '/[\D]/', '', $output[5] ) * 1024; } } else { $pid = getmypid(); exec("ps -eo%mem,rss,pid | grep $pid", $output); $output = explode(" ", $output[0]); //rss is given in 1024 byte units return $output[1] * 1024; } } } ?>

Dont pass individual array elements through the url with a delimiter. Too easy to break or inject into. Store the array within a session variable or use POST. If you really have to then use a comma ,

I have had hosts who have requested I remove sites because of the amount of traffic. Also had one site that some bastard launched a DDOS attack on. Took down the whole server and the hosting company got a bit upset as they did not have the hardware to deal with it. Utter crap!