wildteen88

Save as .php instead. PHP files can contain everything a .html file can have. Accept a .php file allows you to include PHP code within it. Just make sure all PHP code is within the PHP code blocks (<?php ?>). YOu can go in and out of the PHP code blocks as many times as you like there is no limitation. You cannot use PHP like you can with Javascript. They are completely different.

You do not need to recompile PHP in order use OpenSSL. You should of read the bit after it says to recompile PHP. Which is this bit:

Look in to mod_rewrite. This is what people use to make clean user friendly URL's. Check out [url=http://www.yourhtmlsource.com/sitemanagement/urlrewriting.html]this site[/url]  for getting started with mod_rewrite.

Apache does that for me automatically. You shouldn't have to modify the configuration to make it do that. Make sure the mod_dir module is loaded - this should be enabled my default in the httpd.conf

If you add the following to an .htaccess file: Options -Indexes Then it should come up with 404 Forbidden message. When you browse to a directory that doesn't have a index file it in it. Or add this: ServerSignature Off to an .htaccess file and the server signature should not show - which is this bit: Apache/2.2.3 (Win32) DAV/2 mod_ssl/2.2.3 OpenSSL/0.9.8d mod_autoindex_color PHP/5.2.0

mysql_real_escape_string escapes more characters than magic quotes.

If you don't want directory browsing then add the following to a .htaccess file: Options -Indexes Note: When creating .htaccess files in Windows open up notepad type ".htaccess" (including the quotes) into the Filename: box. Click save button and a .htaccess file is created.

the mysql_real_escape_string function escapes any characters within a string to prevent SQL injection attacks. Its is recommended to use this function when dealing with any data that is being inserted into a database. Do not use raw variables in SQL queries example this is very bad: $sql = "SELECT * FROM users WHERE username='$_POST['username']' AND password='$_POST['password']'"; As that query will allow for SQL Injection attacks. For example a malicous attacker may insert special SQL code in to the username field like the following: ' OR 1=1 -- What that will do is change the query to this: SELECT * FROM users WHERE username='' OR 1=1 -- ' AND password='' That now totally changes the query sent to MySQL. It will tell MYSQL to select the row from the users table where the username is blank OR if 1=1. No 1 always equals to 1 so MySQL will fetch the first row in the users table. This row will more than likely be the one that contains the administrators username and password . So now the malicious attacker is now logged into your web site as the administrator! However if you did this: $user = mysql_real_escape_string($_POST['username']); $pass = mysql_real_escape_string($_POST['password']); $sql = "SELECT * FROM users WHERE username='$user' AND password='$pass'"; And you entered ' OR 1=1 -- into the username field. The query now becomes: SELECT * FROM users WHERE username='\' OR 1=1 --' AND password='' Which tells MySQL to select the row from the users that where the username matchs ' OR 1=1 -- and the password is blank. That is now much more safer. To learn more about SQL Injection do a google search and you will get lots of articles/tutorials that explain what it means and how to prevent it.

When loading PHP as an Apache Module make sure you use php5apache2_2.dll when using Apache2.2.x with PHP5. php5apache2.dll is for use with Apache2.0.x only. Just adding the following few lines to the httpd.conf should be sufficient to bind PHP and Apache together: LoadModule php5_module "C:/PHP/php5apache2_2.dll" PHPInirDir "C:/WINDOWS" AddType application/x-httpd-php .php Note make sure you use .dll and not .so for loading PHP as a module. Also make sure you save your PHP with a .php file extension and not a .txt extension. Or any other extension. It must be .php unless Apache is configured to parse other file types with PHP. - This controlled by this line in the httpd.conf: AddType application/x-httpd-php .php

Yes please read the Sticky titled Call to undefined function mysql_connect() in the PHP Help forum or the PHP Installation forum. Also it is recommended to set error_reporting to E_ALL in the php.ini whilst you are learning/developing your scripts. Before you change it make sure that display_errors is set to On in the php.ini too. That way if any errors crop up it will show you errors as to why rather than getting an unhelpful blank page. Also any changes you make to the php.ini make sure you save it and restart Apache.

You most probably have a setting called magic_quotes_gpc enabled which is why you get \'Tom\' before applying mysql_real_escape_string. You're best of checking the status of magic_quotes before using anyescape functions. SO create a function like this: function makeSQLSafe($str) { // check the status of magic_quotes_gpc, if it this returns true // we remove the escaped characters. Allowing for the real escaping // to be done via mysql_real_escape_string if(get_magic_quotes_gpc()) { // remove the slashes. $str = stripslashes($str); } $str = mysql_real_escape_string($str); return $str; } // example usage: $username = makeSQLSafe($_POST['username']);

The following syntax is using regular expressions (or regex for short). You can find information on what the characters in the syntax means by reading this page. Regex are very powerful and can be hard to understand when you first start. It took me a while to understand the basic syntax. I made mistake with my regex I provided you -which you spotted the mistake. It is supposed to be this: #([0-9]+){3}\-([0-9]+){3}# I will break it down for you and explain the regex as best as I can. # - This is the starting delimiter. A regex pattern must start and end with a delimiter. The delimiter can be any non-alphanumeric character (any character other than 0-9 and a-z). The ending delimiter must be the same as the starting delimiter. If you use the same character as the delimiters you must escape that character in your pattern, eg: \# ([0-9]+) - This part starts a subpattern (subpatterns delimited with round brackets - ()). This subpattern defines a character class. A character class is defined with square brackets ([]). They allow you to search a range of characters in a string. For this we only want integers ranging from 0 to 9. The + sign means 1 or more. If we didn't have the plus sign it will only matchs 1 number and not the numbers after it. {3} - Allows you to define the min/max range the subpattern matches. In this case we only want 3 subsequent numbers. \- - This basically means match a hyphen (-). Hyphens have a special meaning in regex so we escape it with a forward slash. The last part ([0-9]+){3} is the same as before. The last # is the ending delimiter.

Best of using regex a simple example for checking the document number is in the correct format: $docNum = '026-500'; if(preg_match("#([0-9]+){3}\-([0-9]+)#i", $docNum)) { echo 'Doc number is valid format'; } else { echo ' not valid!'; } You can also do something similar for the description.

That code will not work, specifically this: $user = $_POST['user']; $name = $_POST['name']; if ((!isset($user)) || (!isset($name)){ That if statement will always return false, meaning it will allways execute the else part of the if statement, as you have created the $name and $user variables in your code. It should be like this: if ((!isset($_POST['user'])) || (!isset($_POST['name'])){ This code is better: if(isset($_POST['submit'])) { if ((!isset($_POST['user'])) || (!isset($_POST['name'])) { echo "PLease encsure all form fields are filled in"; } else { echo "All form fields have been filled in!"; $user = $_POST['user']; $name = $_POST['name']; } }

What version of Apache2 are you using 2.0.x or 2.2.x? If its 2.2.x then the module you will want to use is php5apche2_2.dll - this module only comes with PHP5.2.x or later. Apache2 is not compatible with PHP5.1.x or earlier. Also these lines: AddType application/x-httpd-php .php AddType application/x-httpd-php .htm Can be just one line: AddType application/x-httpd-php .php .htm

No where in your code (that you have provided) you have an SQL query that inserts user submitted data in to your database and you don't have a WHERE clause in your query. Just a basic select all from table query.

Make sure the file extension for the file is .php and not .php.txt or .php.html Also your PHP code will error out. You cannot start session after output has been made to the browser. I am referring to this section of code: <html> <head> <?php session_start(); ?> ... Place session_start(); before any output, usually at the tp of the script, example: <?php // start the session before any output. // Anything that is being echo'd or placed out side //of the PHP tags is classed as output. session_start(); ?> <html> <head> <title>hello</title> </head> <body> <?php echo ("test"); ?> </body> </html>

Your are using a rather outdated version of Apache. Also installing phptriad is quite old. It is best to install Apache, PHP and MySQL manually which I always recommend rather than using an all in one package. If you want to install AMP manually on windows then search my posts I have posted lots of posts on how to setup Apache and PHP on windows - the majority is in the Apache forum and PHP installation forum. However if you don't want to install manually go for a more up to date package like WAMP.

Yes you use just normal HTML tags when creating a tutorial. All styling to the HTML tags is done by CSS and a bit of processing in the backend of the site.

You will have to use eval in order for the PHP code that is entered in the textarea to be parsed when submitted. I'd change your eval to eval("?>$code"); Your comeout of the PHP block if the code in the textarea has PHP tags in it other wise PHP will get confused and may display an error message like so: Parse error: syntax error, unexpected '<' in scriptname.php in eval'd code on line x Also note that using eval in your script will allow someone to run their own code on your site to malicious activities such as delete files from your site or delete a database etc. You should imply a security features in your script to disable certain functions.

Cant have html and framesets mixed together. When you are setting up frames all you do is this: <frameset> <frame name="top" [width and hight here etc] src="top.html" /> <frame name="bottom" [width and hight here etc] src= "bottom.html/> </frameset> Your do not include any other html code. in the page. Expcet for the use set of tags html, head, title and body However there is another type of frame you can use and that's called the inline frame (<iframe></iframe>) which what you use to include an extra web page/website in side your page without setting up a frameset.

Rather than using mysql_result it better to do this: $num = mysql_num_rows($result); mysql_close(); echo "<center>Database Output <i>($num result(s) returned)</i></center><br />\n\n"; while ($row = mysql_fetch_assoc($result)) { $first = $row['first']; $last = $row['last']; $phone = $row['phone']; $mobile = $row['mobile']; $fax = $row['fax']; $email = $row['email']; $web = $row['web']; echo "Name: $first $last<br /> Phone: $phone<br /> Mobile: $mobile<br /> Fax: $fax<br /> E-mail: $email<br /> Web: $web<br />"; } mysql_fetch_assoc returns an array of each row in the result set. Much faster, cleaner an easier to understand.

you can also use substr $filename = 'somefile.mp3'; // check if file has an .mp3 file extension if(substr($filename, -4, 4) == '.mp3') { echo 'Mp3s are not allowed!'; } else { echo 'File is ok!'; } Umm Orio beat me to it

3 days ago PHP 4.4.6 was released (Minor changes were made with 4.4.5) Orio. Umm didn't know PHP4.4.6 was released.

At the end of your script you have your else in wrong place for displaying the message 'Sorry, you have provided an invalid security code'' The bottom of your code should be like this: }else{ $ERROR = "Username Already Present."; } } } } else { echo ('Sorry, you have provided an invalid security code'); } }else{